Hi,
When using proxy=y, ssl=yes (Dovecot 2.3.13) I consistently get this
logged when trying to validate the remote server cert.
"Disconnected by server: Connection closed: Received invalid SSL
certificate: unable to get local issuer certificate: /C=BE/O=GlobalSign
nv-sa/CN=AlphaSSL CA - SHA256 -
Hi,
Lately I've seen a few examples of users hitting the vsz_limit (usually
trying to "delete" mails i Spam/Junk by moving them to Trash with a
large dovecot.index.cache - which resulted in mails left/leaked in the
tmp directory of Trash.
Sometimes it seems the client gets into a state were it
On 9/4/19 2:12 PM, Peter Mogensen wrote:
>
> So... I've done some testing.
>
> One method which seemed to work - at least for primitive cases - was to:
>
> * Mount the ALT storage on the destination.
> * Run "doveadm force-resync \*" on the destination.
&g
So... I've done some testing.
One method which seemed to work - at least for primitive cases - was to:
* Mount the ALT storage on the destination.
* Run "doveadm force-resync \*" on the destination.
(putting all the mails in ALT storage into the dovecot.map.index)
* Run dsync from source to
On 9/3/19 2:38 PM, Sami Ketola wrote:
>
>
>> On 3 Sep 2019, at 15.34, Peter Mogensen via dovecot
>> wrote:
>>
>>
>>
>> On 9/2/19 3:03 PM, Sami Ketola wrote:
>>>> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot
>>>> wrot
On 9/2/19 3:03 PM, Sami Ketola wrote:
>> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot
>> wrote:
...
>> Is there anyway for dsync to avoid moving Gigabytes of data for could
>> just be "moved" by moving the mount?
>
>
> Not te
Hi,
I was wondering...
If one had mdbox ALT path set to a shared storage mount (say, on NFS)
and one wanted to move a mailbox to a different host... I guess it in
principle wouldn't be necessary to copy all the ALT storage through
dsync, when the volume could just be mounted on the new host.
Is
Hi,
Looking at the source, it doesn't seem like fts-solr checks for settings
changes using fts_index_have_compatible_settings() like fts-lucene does.
Is there any special reason for why fts-solr shouldn't also rebuild
indexes if settings has changed?
/Peter
sorry... I got distracted half way and forgot to put a meaningfull
subject so the archive could figure out the thread. - resending.
On 4/14/19 4:04 PM, dovecot-requ...@dovecot.org wrote:
>> Solr ships with autoCommit set to 15 seconds and openSearcher set to
>> false on the autoCommit.? The
On 4/14/19 4:04 PM, dovecot-requ...@dovecot.org wrote:
>> Solr ships with autoCommit set to 15 seconds and openSearcher set to
>> false on the autoCommit.? The autoSoftCommit setting is not enabled by
>> default, but depending on how the index was created, Solr might try to
>> set
lr can handle that, although it does process
documents and it does reasonably fast clear pending documents after
Dovecot closes the connection.
On the surface it looks like Dovecot is too impatient.
/Peter
On 4/10/19 6:25 PM, Peter Mogensen wrote:
>
>
> On 4/4/19 6:57 PM, Peter
On 4/4/19 6:57 PM, Peter Mogensen wrote:
>
>
> On 4/4/19 6:47 PM, dovecot-requ...@dovecot.org wrote:
>> For a typical Solr index, 60 seconds is an eternity. Most people aim
>> for query times of 100 milliseconds or less, and they often achieve
>> that goal.
On 4/4/19 6:47 PM, dovecot-requ...@dovecot.org wrote:
> For a typical Solr index, 60 seconds is an eternity. Most people aim
> for query times of 100 milliseconds or less, and they often achieve
> that goal.
I'm pretty sure I get these while indexing, not querying.
Apr 04 16:44:50 host
Hi,
What's the recommended way to handling timeouts on large mailboxes given
the hardwired request timeout of 60s in solr-connection.c:
http_set.request_timeout_msecs = 60*1000;
/Peter
Hi,
I was wondering if there was anyway to remove FTS indexes in other to
have them rebuild on the next BODY search?
All the doveadm commands I can find seem to result in fully build
indexes. (which is nice if that's what you want).
/Peter
Hi,
I was wondering about the status on being able to create a dedicated
listener in Dovecot with - say - extra features enabled.
As an example... If I wanted to have Dovecot listening on port 144 with
a slightly different set of auth mechanisms enabled.
/Peter
On 09/15/2018 10:41 AM, Aki Tuomi wrote:
> Point of sending the success ones is to maintain whitelist as well as
> blacklist so you know which ones you should not tarpit anymore. We
> know it does scale as we have very large deployments using the whole
> three request per login model.
>
>
ked wouldn't later also report.
And the ration between success' and failures in the proxy is probably
very high.
regards,
Peter Mogensen
On 12/14/2017 08:30 AM, Peter Mogensen wrote:
> Hi,
>
> I was looking into the new Authentication Policy feature:
> https://wiki2.dovecot.org/A
On 2017-12-14 10:31, Sami Ketola wrote:
>
>> On 14 Dec 2017, at 8.30, Peter Mogensen <a...@one.com> wrote:
>> However... since the proxy use "nopassword", ALL passdb lookups result
>> in "success", so the proxy will never report an authentication f
Hi,
I was looking into the new Authentication Policy feature:
https://wiki2.dovecot.org/Authentication/Policy
I had kinda hoped that I would be able to enfore this in a proxy running
in front of several backends. This proxy does not authenticate. It use
"nopassword".
But I realize that the
Hi,
I've noticed that in recent dovecot versions at least since 2.2.29 and
not in 2.2.12 a dovecot auth-worker will happily issue two
Lshared/passdb... queries on the same dict socket. Not always, but
sometimes.
It used to be that the dict client always closed the socket (AFAIK)
after 1 query.
Hi,
code question...
I've been trying to figure out the implications of the new
"noauthenticate" passdb field.
Internally it causes a passdb to result in PASSDB_RESULT_NEXT.
When a SASL mechanism calls
auth_request_lookup_credentials(...,callback) the passdb result is
passed to the
On 2016-08-22 13:21, Peter Mogensen wrote:
===
protocol lda {
# passdb {
#driver = static
# }
userdb {
args = /etc/dovecot/dovecot-dict-auth.conf.ext
driver = dict
result_success = continue-ok
Sorry... I meant LDA - not LMTP.
More specifically ... the delivery happening during an LMTP session.
I'm trying something like this:
===
protocol !lda {
passdb {
driver = passwd-file
args = /etc/dovecot/accounts
}
Hi,
I can see dovecot is doing a passdb query when handling the LMTP RCPT
command.
That's kinda unexpected for me. I would have thought it only did a
userdb lookup.
I have disabled lmtp_proxy to be sure it didn't do a passdb lookup to
check the proxy field.
Is this expected? Doesn't the
Hi,
For the upcoming 2.3 development, I'd like to re-suggest this:
It seems the use of login_trusted_networks is overloaded.
Example:
* It's used for indicating which hosts you trust to provide XCLIENT
remote IP's. (like a proxy)
* It's used for indicating from which hosts you trust logins
On 2015-03-18 00:47, Timo Sirainen wrote:
- If auth proxying is enabled, perform passdb lookup on non-plaintext
auth on the initial SASL response. Return finished to the auth
client with some mech-proxy=y extra field, so it knows to start
proxying the SASL session to the destination server.
Hi,
I understand from earlier discussions that the reason dovecot doesn't
support proxying of other SASL mechanisms than those which supply the
plaintext password is that in general it would be possible to proxy any
SASL mechanism since it might protect against man-in-the-middle attacks
(which
Hi,
Great to see Thunderbird support SPECIAL-USE now.
I would like to hear the list about the intended use of SPECIAL-USE.
I get the impression from several earlier mails here that the intention
is for the server to globally decide what the folder-name of a specific
SPECIAL-USE folder is for
On 2014-12-29 20:45, Stephan Bosch wrote:
For creating a special use mailbox there is the CREATE-SPECIAL-USE
capability (https://tools.ietf.org/html/rfc6154, Section 3). As you
suggested, the special use attributes can also be changed using the
METADATA capability
Hi,
It would be useful to allow Sieve scripts to fileinto based on
SPECIAL-USE flags.
But all I've been able to find about it is this:
http://www.ietf.org/mail-archive/web/sieve/current/msg05171.html
Has there been any progress since?
/Peter
On 2014-10-11 08:51, Peter Mogensen wrote:
the docs says (or rather said) explicitly:
No changes are ever done to the source location.
...
Is the documentation intentionally changed to not make that promise
anymore?
I also notice that the -o for overriding userdb settings has been
On 2014-10-10 23:52, Timo Sirainen wrote:
It's not doing any changes to mailbox contents, but it's still updating the
index/uidlist files as part of its normal operation.
I doesn't actually seem to change content of the files. Only
permissoins. But given that the docs says (or rather said)
Hi,
It seems we are still able to reproduce this:
http://www.dovecot.org/list/dovecot/2014-May/096367.html
However... there's no longer any error-messages. It just silently
changes permissions on some dovecot files in the source maildir. (most
often dovecot-uidlist)
We're running dsync as
Hi,
It seems the use of login_trusted_networks is overloaded.
Example:
* It's used for indicating which hosts you trust to provide XCLIENT
remote IP's.
* It's used for indicating from which hosts you trust logins enough to
disable auth penalty. (like in a webmail)
However... trustwise, this
Hi,
We have dsync failing once in a while when running in backup mode.
What's strange is that the result is that the file permissions on the
*source* machine ends up with the wrong permissions (set to uid 0).
Even though the dsync manual clearly says:
Backup mails from default mail location
Oh ... sorry... I forgot the last log-line. (see below)
btw... tested with versions:
Between 2.2.12 in both ends, and
between dst=2.2.12, src=2.2.13
On 2014-05-27 15:03, Peter Mogensen wrote:
The error message from dsync when failing is:
dsync-remote(root): Error: Cached message size larger
Hi,
As many others I'm looking forward to the submission server.
But I have a question:
A use-case with authenticated SMTP is to have the server restrict
From/Sender headers based on the authenticated user. (and adding the
actual authenticated user to the headers)
Postfix supports this
On 2014-02-17 21:06, Stephan Bosch wrote:
One piece of the puzzle is
important though: a method to convey the authenticated username to the
backend.
yeah... I figured that would be the crucial part.
Does the dovecot proxy send the authentication name, or the SASL
authorization name?
/Peter
On 2014-02-14 05:49, Timo Sirainen wrote:
Sounds like you don't want the master user to be special in any way now or in
future. In that case setting master_user=%u would do exactly that now and
always. (There might be some other features besides ACLs that could work
differently for master
On 2014-02-13 04:40, Timo Sirainen wrote:
On 9.2.2014, at 17.36, Peter Mogensen a...@one.com wrote:
But why is the master_user authn-id used in the ACLs and not the authz-id
(requested-login-user) ?
Isn't the whole point of SASL authz-id semantics to have authorization resolved
based
Hi,
Quick question...I read in the docs that:
Master user is still subject to ACLs just like any other user, which
means that by default the master user has no access to any mailboxes of
the user.
... and that the standard workaround is to return master_user=%u from
the userdb.
But why is
Timo Sirainen wrote:
And Dovecot roadmap is slowly shrinking .. there aren’t all that many
big features left anymore. Soon it’s mainly going to be improvements
to reliability and performance. So I need to find some new things to
do in any case. :)
True ...
If I try to make a wish list for
*Christian Felsing wrote:
*
Please consider to add server side private/public key encryption for
incoming mails.
If client logs on, the password is used to unlock users server side
private key.
If mail arrives from MTA or any other source, mail is encrypted with
users public key.
Key pair
we have no problem, just i want to learn how can i do that. i think
it's clear .
Well... I'm pretty sure most others don't.
But anyway. As in ALL Internet protocols (IMAP being no exception),
letting the client read data on the server requires it to download the data.
Preventing download
Hi Timo,
We are sitting here wondering if this difference in behaviour between
dovecot 2.0.17 and 2.1.3 is intended.
When you create a folder, subscribe to it and rename it (without
changing the subscription) these are the behaviours:
For 2.0.17:
. list (SUBSCRIBED) * RETURN (STATUS
Hi,
I noticed a difference between courier and dovecot, and I'm not sure
which of them is wrong wrt. RFC3501 - if any.
I have a Maildir which has been accessed by an Apple Mail client, so it
got folders like:
INBOX
INBOX.Trash
INBOX.INBOX.folder
INBOX.INBOX.folder.a
INBOX.INBOX.folder.b
On 2012-03-05 15:45, Timo Sirainen wrote:
* LIST (\Noselect \HasChildren) . INBOX.INBOX
I'm surprised Courier would return this.
But dovecot does not list that folder using *.
But it returns all of the mailboxes under INBOX.INBOX, right?
Yes. And they exists on disk and are subscribed
On 2012-03-05 16:36, Timo Sirainen wrote:
Still curious about if Courier is doing something wrong which the scripts just
happened to take advantage of.
Neither behavior is wrong, just different. :)
Ok... I were in doubt if I had missed something from the RFC.
However... for testing, I tried
Hi,
Considering the scenario, where you have some old account with a
different POP3 UIDL format and you migrate them to dovecot.
So these old UIDLs would be saved to dovecot-uidlist.
At some later time you want to introduce a virtual POP3 INBOX like
described on:
On 2011-12-02 22:22, dovecot-requ...@dovecot.org wrote:
It's implemented now in dovecot-2.1 hg. It also deprecates autocreate
plugin (but it still works the old way). The idea is that you can now
do e.g.:
mailbox Trash {
auto = no
special_use = \Trash
}
...
This is great Timo.
But
On 2011-11-04 22:26, Timo Sirainen wrote:
Nov 4 15:10:42 mail dovecot: imap (t...@aaaone.net): Error: Corrupted
transaction log file /mail/3340444/.TestMails/dovecot.index.log seq 2:
indexid changed 1320419300 - 1320419441 (sync_offset=0)
Session A had TestMails open and created with index
On 2011-11-04 22:26, Timo Sirainen wrote:
Nov 4 15:10:42 mail dovecot: imap (t...@aaaone.net): Error: Corrupted
transaction log file /mail/3340444/.TestMails/dovecot.index.log seq 2:
indexid changed 1320419300 - 1320419441 (sync_offset=0)
Session A had TestMails open and created with index
On 2011-08-14 22:56, Timo Sirainen wrote:
On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote:
I'm writing an passdb/userdb plugin to authenticate against an external
daemon listening on a UNIX socket.
The connection to the daemon is 1 request at a time and thus blocking
(unlike passdb
Hi,
I'm writing an passdb/userdb plugin to authenticate against an external
daemon listening on a UNIX socket.
The connection to the daemon is 1 request at a time and thus blocking
(unlike passdb-ldap), but the daemon is preforking, so it can handle
more connections at a time.
I read from
Hi,
I've writing an passdb/userdb plugin (see my previous question about a
plugin authenticating via a UNIX socket protocol).
Now... the protocol spoken over this socket is JSON-based and I'm using
a SAX-like event based parser which maintains a parse context between
callbacks.
Now... I'm
On 2011-08-04 22:11, Peter Mogensen wrote:
Is there a better way?
Maybe I can answer my own question...
It dawns upon me that auth_request comes with it's own pool, which of
probably should be used for allocations temporary to one passbd/userdb
lookup.
/Peter
Hi,
I've been running some performance tests - especially delivery (LDA and
LMTP) and it seems there's room for improvement.
At least it would be nice to get rid of the fork() and pipe to deliver
LDA and the fork of the checkpasswd script for userdb lookup.
I've tried LMTP to not fork
On 2011-06-28 01:58, Timo Sirainen wrote:
On Mon, 2011-06-27 at 14:55 +0200, Peter Mogensen wrote:
How do I get the LMTP-server to know which mailbox's are locally hosted
and return SMTP code 450 if delivery is attempted to a non local user?
You can't, at least that way. Why are you trying
Hi,
How do I get the LMTP-server to know which mailbox's are locally hosted
and return SMTP code 450 if delivery is attempted to a non local user?
I can see that a lookup in the userdb is done, but now matter what I
return (1/111) from my checkpassword script I just get:
451 4.3.0
Hi,
I notice that the Apple patched branch of Dovecot 2.0 with URLAUTH fails
to compile on Linux.
The file src/plugins/urlauth/urlauth-keys.c uses open(2) with O_EXLOCK,
which to my knowledge is BSD specific.
Is that a known problem?
/Peter
Hi,
I stumbled over this define in lazy-expunge-plugin.h:
#ifndef LAZY_EXPUNGE_PLUGIN_H
#define TLAZY_EXPUNGE_PLUGIN_H
Isn't there a T too much?
http://hg.dovecot.org/dovecot-2.0/file/036260ae0261/src/plugins/lazy-expunge/lazy-expunge-plugin.h
/Peter
Hi,
Isn't the stuff in the wiki about UIDPLUS being disabled because of
maildir outdated?
http://wiki.dovecot.org/FeatUIDPLUS
http://wiki2.dovecot.org/FeatUIDPLUS
/Peter
Hi,
I'm trying to do a setup where IMAP and POP users see different INBOX'
Like described on the virtual folder wiki page:
http://wiki.dovecot.org/Plugins/Virtual
However, for now, I'm stuck with the checkpassword passdb and prefetch
userdb
So I can't parameterize the result on %s like the
On 2011-01-27 14:04, Peter Mogensen wrote:
So I thought of having to different checkpassword scripts:
passdb checkpassword {
args = /usr/bin/checkpassword-%s
}
Arh.. .sorry.
I missed the SERVICE env variable.
/Peter
Hi,
I was trying out Kerberos authentication with som sample users for
Dovecot and stumbled into this problem:
The user names are of the form local-part@domain, so the Kerberos
principal becomes local-part\@domain@REALM.
But it seems Dovecot (1.2.9) doesn't understand that syntax.
Looking
66 matches
Mail list logo
