Re: maildirlock fails

On 12.4.2019 1.08, Martynas Bendorius via dovecot wrote: > Hello, > > Maildirlock seems to panic on locking: > [root@centos7 home]# /usr/libexec/dovecot/maildirlock > "/home/user/imap/domain.com/email/Maildir" 10 > Panic: BUG: No IOs or timeouts set. Not waiting for infinity. > Error: Raw

Emails redownloading

Hi, recently, we had a problem on one of our mail servers and, after reboot, HDD with emails wasn't mounted into system. Until we fixed it, LOTS of users logged in (Dovecot allowed login and recreated directory structure of mailboxes) and saw empty mailboxes. Now they are redownloading

Re: High availability of Dovecot

It seems that we got 2 solutions. 1. use DNS MX record and dsync plugin of dovecot. No shared storage. 2. use VIP and shared storage. I'll try both of them, thank you guys. On Thu, Apr 11, 2019 at 8:45 PM Gerald Galster via dovecot < dovecot@dovecot.org> wrote: > > > > Am 11.04.2019 um 13:45

Re: failed: read(/var/run/dovecot/dns-client)

On 11/04/2019 22:09, Laura Smith via dovecot wrote: > ‐‐‐ Original Message ‐‐‐ > On Thursday, April 11, 2019 9:01 PM, John Fawcett via dovecot > wrote: > >> On 11/04/2019 10:02, Laura Smith via dovecot wrote: >> >>> ‐‐‐ Original Message ‐‐‐ >>> On Thursday, April 11, 2019 12:55

Re: pigeonhole tests crashing in deleteheader.svtest

On 29/03/2019 10:23, Michal Hlavinka via dovecot wrote: On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote: On 28 March 2019 19:40 Michal Hlavinka via dovecot wrote:   Hi, when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in Which version of pigeonhole are you using?

Re: Mail account brute force / harassment

On Thu, 11 Apr 2019, Marc Roos wrote: Say for instance you have some one trying to constantly access an account Has any of you made something creative like this: * configure that account to allow to login with any password * link that account to something like /dev/zero that generates

Secure Client-Initiated Renegotiation

Hello. I've just tested my system that runs dovecot 2.3.4.1 on debian buster with testssl.sh (https://testssl.sh/) and is says: Secure Renegotiation (CVE-2009-3555)not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Is this a

maildirlock fails

Hello, Maildirlock seems to panic on locking: [root@centos7 home]# /usr/libexec/dovecot/maildirlock "/home/user/imap/domain.com/email/Maildir" 10 Panic: BUG: No IOs or timeouts set. Not waiting for infinity. Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xd90ee) [0x7f5bf02f10ee] ->

Re: decrypt.rb

Aki, I just used the "EC key" instructions from the Dovecot MailCrypt wiki: https://wiki.dovecot.org/Plugins/MailCrypt " In order to generate an EC key, you must first choose a curve from the output of this command: > openssl ecparam -list_curves If you choose the curve prime256v1,

Re: failed: read(/var/run/dovecot/dns-client)

‐‐‐ Original Message ‐‐‐ On Thursday, April 11, 2019 9:01 PM, John Fawcett via dovecot wrote: > On 11/04/2019 10:02, Laura Smith via dovecot wrote: > > > ‐‐‐ Original Message ‐‐‐ > > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot > > dovecot@dovecot.org wrote:

Re: failed: read(/var/run/dovecot/dns-client)

On 11/04/2019 10:02, Laura Smith via dovecot wrote: > ‐‐‐ Original Message ‐‐‐ > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot > wrote: > >> On 11/04/2019 00:51, Laura Smith via dovecot wrote: >> >>> ‐‐‐ Original Message ‐‐‐ >>> On Wednesday, April 10, 2019 11:48

Re: auth-worker unknown user

On Thursday, April 11, 2019 5:49 PM, Aki Tuomi wrote: > > On 11 April 2019 17:56 Laura Smith via dovecot dovecot@dovecot.org wrote: > > On Thursday, April 11, 2019 3:07 PM, Aki Tuomi aki.tu...@open-xchange.com > > wrote: > > > > > > On 11 April 2019 16:45 Laura Smith via dovecot <

RE: Mail account brute force / harassment

> >> B. With 500GB dump >> - the owner of the attacking server (probably hacked) will notice it >> will be forced to take action. > >Unlikely. What is very likely is that your ISP shuts you don for network abuse. If you not block the request, but allow it, and redirect to a /dev/zero

Re: Mail account brute force / harassment

On 11 Apr 2019, at 04:43, Marc Roos via dovecot wrote: > B. With 500GB dump > - the owner of the attacking server (probably hacked) will notice it > will be forced to take action. Unlikely. What is very likely is that your ISP shuts you don for network abuse. > If abuse clouds are smart (most

Re: decrypt.rb

> On 11 April 2019 17:44 David Salisbury via dovecot > wrote: > > > On 4/11/2019 1:50 AM, Aki Tuomi wrote: > > > >> ... > >> So, not being an expert at encryption, what are the ramifications of > >> those digests being read as different values in the two different > >> places??   I do

Re: auth-worker unknown user

> On 11 April 2019 17:56 Laura Smith via dovecot wrote: > > > On Thursday, April 11, 2019 3:07 PM, Aki Tuomi > wrote: > > > > On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> > > > wrote: > > > > > > On Thursday, April 11, 2019 2:02 PM, Aki Tuomi < > > >

Re: auth-worker unknown user

On Thursday, April 11, 2019 3:07 PM, Aki Tuomi wrote: > > On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> wrote: > > > > On Thursday, April 11, 2019 2:02 PM, Aki Tuomi < > > aki.tu...@open-xchange.com> wrote: > > > > > PAM is trying to lookup user@domain while you

Re: decrypt.rb

On 4/11/2019 1:50 AM, Aki Tuomi wrote: ... So, not being an expert at encryption, what are the ramifications of those digests being read as different values in the two different places??   I do notice that the get_pubid_priv() function is internal to the decrypt.rb script and calls several

LMTP, PAM session and home directory autocreation

Hi, mail is delivered by Dovecot's LMTP locally and I need user's home directory to be created if it doesn't exist yet. There is a setting in Dovecot's configuration, "session=yes", in /etc/Dovecot/conf.d/auth-system.conf.ext, which should do that. passdb { driver = pam args = session=yes

Re: auth-worker unknown user

‐‐‐ Original Message ‐‐‐ On Thursday, April 11, 2019 3:07 PM, Aki Tuomi wrote: > > On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> wrote: > > > > On Thursday, April 11, 2019 2:02 PM, Aki Tuomi < > > aki.tu...@open-xchange.com> wrote: > > > > > PAM is trying to

Re: auth-worker unknown user

On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> wrote: On Thursday, April 11, 2019 2:02 PM, Aki Tuomi < aki.tu...@open-xchange.com> wrote: PAM is trying to lookup

Re: auth-worker unknown user

On Thursday, April 11, 2019 2:02 PM, Aki Tuomi wrote: > PAM is trying to lookup user@domain while you probably only have user. PAM > driver does not yet support username_format.  > > Aki But /etc/dovecot/users file isn't pam ?   I don't need pam if if I'm using /etc/dovecot/users ?  Or am I

Re: Mail account brute force / harassment

On 11.04.2019 13:25, James via dovecot wrote: On 11/04/2019 11:43, Marc Roos via dovecot wrote: A. With the fail2ban solution    - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address.  I currently have

Re: Mail account brute force / harassment

On 11/04/2019 12:49, Marc Roos via dovecot wrote: Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How do you have one setup for dovecot connections? Two answers: 1. I wrote my own very simple implementation but it does not share other people's data. Sharing the key to

Re: auth-worker unknown user

PAM is trying to lookup user@domain while you probably only have user. PAM driver does not yet support username_format.  Aki On 11 April 2019 15:36 Laura Smith via dovecot < dovecot@dovecot.org> wrote: pam(

Re: High availability of Dovecot

> Am 11.04.2019 um 13:45 schrieb Patrick Westenberg via dovecot > : > > Gerald Galster via dovecot schrieb: > >> mail1.yourdomain.com IN A 192.168.10.1 >> mail2.yourdomain.com IN A 192.168.20.1 >> >> mail.yourdomain.com

auth-worker unknown user

pam(foo...@example.com,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user (SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d) The password is correct, i.e. 'echo -n 'passed' | openssl dgst -sha1' matches. The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was

Re: High availability of Dovecot

On Thu, 11 Apr 2019 16:44:40 +0800 luckydog xf via dovecot wrote: > Hi, list, > [...] >Thanks for any suggestions and ideas. > Hm, it seems most of the people answering have no real experience in production with suchs setups. Basically do this: - setup keepalived as a cluster director on

Re: High availability of Dovecot

On Thu, 11 Apr 2019 16:44:40 +0800 luckydog xf via dovecot wrote: > Hi, list, > [...] >Thanks for any suggestions and ideas. > Hm, it seems most of the people answering have no real experience in production with suchs setups. Basically do this: - setup keepalived as a cluster director on

Re: Mail account brute force / harassment

All your approaches are not well thought out. The best solutions are always the simplest ones. KISS principle dictates so. On Thu, 11 Apr 2019 at 15:01, Marc Roos wrote: > > How long have we been using the current strategy? Do we have less or > more abuse clouds operating? > > "Let the others

RE: Mail account brute force / harassment

How long have we been using the current strategy? Do we have less or more abuse clouds operating? "Let the others bother with their own problems." is a bit narrow minded view. If every one on this mailing list would have this attitude, there would be no single answer to your question.

Re: failed: read(/var/run/dovecot/dns-client)

On 11.4.2019 11.11, Laura Smith via dovecot wrote: > ‐‐‐ Original Message ‐‐‐ > On Thursday, April 11, 2019 9:05 AM, Aki Tuomi > wrote: > >>> On 11 April 2019 11:02 Laura Smith via dovecot dovecot@dovecot.org wrote: >>> ‐‐‐ Original Message ‐‐‐ >>> On Thursday, April 11, 2019

RE: Mail account brute force / harassment

Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How do you have one setup for dovecot connections? -Original Message- From: James via dovecot [mailto:dovecot@dovecot.org] Sent: donderdag 11 april 2019 13:25 To: dovecot@dovecot.org Subject: Re: Mail account brute

Re: High availability of Dovecot

Gerald Galster via dovecot schrieb: > mail1.yourdomain.com IN A 192.168.10.1 > mail2.yourdomain.com  IN A 192.168.20.1 > > mail.yourdomain.com  IN A 192.168.10.1 > mail.yourdomain.com

Re: Mail account brute force / harassment

On 11/04/2019 11:43, Marc Roos via dovecot wrote: A. With the fail2ban solution - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot

RE: Mail account brute force / harassment

If I am not mistaken dovecot has already limited concurrent accounts/ips. Furthermore I thought it would be obvious of course to utilize for this only unused resources and don't jeopardize a production environment. Furthermore it is logical to assume that one abuse host is not dedicated to

Re: Mail account brute force / harassment

> Am 11.04.2019 um 12:43 schrieb Marc Roos via dovecot : > > Please do not assume anything other than what is written, it is a > hypothetical situation > > > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you > - it will continue bothering other

Re: Mail account brute force / harassment

Marc, There is a strategy loosely referred to as "choose your battles well" :-) Let the others bother with their own problems. If you can, hack the server and dump the 500GB - you'll be using resources transferring the 500GB as the other server receives it. Two servers wasting resources because

Re: Lua Push Notification Plugin

Hi, doveadm mailbox metadata get -u victim INBOX /private/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/http-notify or doveadm mailbox metadata set if you are not using appsuite as your mail frontend then you need to set the metadata manually or make sure that your mail frontend

Passord change problem. (INTERNAL)

Hi, We have a strange problem with login after password change. We need to kill the auth_worker processes to activate the new password. It doesn't work with SIGHUP on pid, it doesn't help to run "doveadm auth cache flush". It runs flush xx but the new password still doesn't work. Are there any

RE: Mail account brute force / harassment

Please do not assume anything other than what is written, it is a hypothetical situation A. With the fail2ban solution - you 'solve' that the current ip is not able to access you - it will continue bothering other servers and admins - you get the next abuse host to give a try. B.

Re: Mail account brute force / harassment

> Am 11.04.2019 um 12:28 schrieb Odhiambo Washington via dovecot > : > > > > On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot > wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something

Re: High availability of Dovecot

> Am 11.04.2019 um 11:48 schrieb luckydog xf : > > As your statement, nothing speical is needed to do except setting up DNS MX > records, right? MX records are for incoming MAIL: yourdomain.com IN MX 100 mail1.yourdomain.com

Re: Mail account brute force / harassment

On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something creative like this: > > * configure that account to allow to login with any password > * link that account to something

Mail account brute force / harassment

Say for instance you have some one trying to constantly access an account Has any of you made something creative like this: * configure that account to allow to login with any password * link that account to something like /dev/zero that generates infinite amount of messages (maybe send

Re: High availability of Dovecot

While possible it probably overkill. A simple failover proxy is enough unless he requires a active-active setup. On 11.04.19 11:54, Aki Tuomi via dovecot wrote: > > On 11.4.2019 11.44, luckydog xf via dovecot wrote: >> Hi, list, >> >>      I'm going to deploy postfix + dovecot + CephFS( as Mail

Re: High availability of Dovecot

On 11.4.2019 11.44, luckydog xf via dovecot wrote: > Hi, list, > >      I'm going to deploy postfix + dovecot + CephFS( as Mail Storage). > Basically I want to use two servers for them, which  is kind of HA. >   >     My idea is that using keepalived or Pacemaker to host a VIP, which > could

Re: High availability of Dovecot

> I'm going to deploy postfix + dovecot + CephFS( as Mail Storage). > Basically I want to use two servers for them, which is kind of HA. you may consider dovecot's builtin dsync replication which works great with two servers (while there still is one little bug that may duplicate mails

Re: High availability of Dovecot

> Le 11 avr. 2019 à 10:44, luckydog xf via dovecot a > écrit : > > Hi, list, > > I'm going to deploy postfix + dovecot + CephFS( as Mail Storage). > Basically I want to use two servers for them, which is kind of HA. > > My idea is that using keepalived or Pacemaker to host a

High availability of Dovecot

Hi, list, I'm going to deploy postfix + dovecot + CephFS( as Mail Storage). Basically I want to use two servers for them, which is kind of HA. My idea is that using keepalived or Pacemaker to host a VIP, which could fail over the other server once one is down. And I'll use Haproxy or

Re: Lua Push Notification Plugin

> On 11 Apr 2019, at 11.00, Pabsky via dovecot wrote: > > Thanks AKI! I'm a step closer to achieving my goals. > > However, I'm getting a new error as indicated from below: > > Apr 11 01:45:34 lmtp(u...@mydomain.com > )<20801>: Debug: > push-notification-ox:

Re: failed: read(/var/run/dovecot/dns-client)

‐‐‐ Original Message ‐‐‐ On Thursday, April 11, 2019 9:05 AM, Aki Tuomi wrote: > > On 11 April 2019 11:02 Laura Smith via dovecot dovecot@dovecot.org wrote: > > ‐‐‐ Original Message ‐‐‐ > > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot > > dovecot@dovecot.org

Re: Lua Push Notification Plugin

It is supposed to be set by OX AppSuite when user logs in. That's why the IMAP METADATA extension needs to be enabled. Aki > On 11 April 2019 11:00 Pabsky via dovecot wrote: > > > Thanks AKI! I'm a step closer to achieving my goals. > > However, I'm getting a new error as indicated from

Re: failed: read(/var/run/dovecot/dns-client)

> On 11 April 2019 11:02 Laura Smith via dovecot wrote: > > > ‐‐‐ Original Message ‐‐‐ > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot > wrote: > > > On 11/04/2019 00:51, Laura Smith via dovecot wrote: > > > > > ‐‐‐ Original Message ‐‐‐ > > > On Wednesday,

Re: Lua Push Notification Plugin

Thanks AKI! I'm a step closer to achieving my goals. However, I'm getting a new error as indicated from below: Apr 11 01:45:34 lmtp(u...@mydomain.com)<20801>:*Debug: push-notification-ox: Skipped because not active (/private/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/http-notify

Re: failed: read(/var/run/dovecot/dns-client)

‐‐‐ Original Message ‐‐‐ On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot wrote: > On 11/04/2019 00:51, Laura Smith via dovecot wrote: > > > ‐‐‐ Original Message ‐‐‐ > > On Wednesday, April 10, 2019 11:48 PM, John Fawcett via dovecot > > dovecot@dovecot.org

Re: decrypt.rb

> On 11 April 2019 00:49 David Salisbury via dovecot > wrote: > > > >>> > >> Yes. I gave it a try here, and it seems to work. Does it give any extra > >> information if you include -i flag? > >> > >> Aki > >> > > > > Yes, I had tried that, and it doesn't give much extra information, at > >