Re: [Dovecot] dovecot with ldap and allow_nets
Charles Marcus schreef: On 11/25/2007, Marc Cuypers ([EMAIL PROTECTED]) wrote: Charles Marcus wrote: On 11/23/2007, Marc Cuypers ([EMAIL PROTECTED]) wrote: # dovecot --version 1.0.rc15 Extremely old... Upgrade... Does your reply mean that allow_nets didn't work with version 1.0. Not necessarily - it means its so old that I (and most likely more than a few others) don't want to hassle with checking to see what possible problems/bugs it had that are fixed in current releases. Unlike myself, Timo could I'm sure answer a lot of question like this off the top of his head, but I'm also sure even he gets irritated by people who come here asking for help when they are running an ancient version. In other words, as with all free software - the more current version, you are running, the easier it will be to get support... You are probably right. I'll try to compile dovecot 1.0.7 on a test machine (debian etch), and test again. -- Marc
Re: [Dovecot] dovecot with ldap and allow_nets
On 11/26/2007, Marc Cuypers ([EMAIL PROTECTED]) wrote: I'll try to compile dovecot 1.0.7 on a test machine (debian etch), and test again. I forgot the best reason - improvements (sometimes major) in performance and behavior... its just 'better'... :) -- Best regards, Charles
[Dovecot] v1.1.beta9 released
http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz.sig Some changes since beta8: - This release should work perfectly with NFS attribute cache enabled. - Fixes to handling what should be written to cache file and when - Some index handling optimizations - IMAP LIST: dbox and cydir can now return children state Beta9 will most likely have a rewritten Squat indexer. More about that the next mail. signature.asc Description: This is a digitally signed message part
[Dovecot] Squat full text search indexer redesign
I was writing this to beta9 announcement, but it grew so huge that I guess a separate mail is better. :) I've spent quite a lot of time this last week redesigning/rewriting Squat indexer. I think the redesign is good enough now that I'll just replace the existing squat with this new one in next release. I don't think many people are using the old squat, and there are also some bugs in it that cause some searches not to find anything (haven't tried to fix it). The old Squat indexes about 3MB/s on my machine while the new one indexes 8MB/s. Or it's actually 10MB/s, but at the end of indexing it does a compression step that merges all fragmented UID lists. That drops the index size something like 5-10%, but it's pretty slow because it has to go through all the fragmented lists. It could probably be optimized to be a lot faster, but I think I'll forget about it for now. Besides being faster there are other improvements in it: - Old squat could answer only 4 character long substring searches. New squat can answer 1..n characters long substring searches, where n can be configurable. The larger the n, the larger the index size. For example 4..10 index sizes are about 35% - 46% - 53% - 59% - 63% - 67% - 70% of the mailbox size (with 32MB of Dovecot mailing list archives). With both old and new squat if the search keyword is longer than n, Dovecot looks up the list of all possible n char long combinations of the word, gets a list of their common UIDs and then reads those mails to verify that the word is really found from them. - New squat can also be configured to index longer words for non-substring searches. This allows it to give a definite list of UIDs where the word is found, so Dovecot doesn't have to open those mails to verify it. However it can't give a definite list of UIDs where the substring isn't found. So it still has to do the n-char-combination lookup described above, and for those returned UIDs which aren't also in the definite-UIDs list Dovecot still has to read them to check if the substring is found or not. This could be skipped for non-standard X-FAST-TEXT and X-FAST-BODY searches which don't try to search substrings. Adding 255 char long non-substring searches to 4 char long substring searches grows the index about 7% (35%-42% for 32MB, 28%-36% for 200MB, 27%-33% for 1,4GB). Unfortunately it also grows memory usage pretty much. For a 200MB mailbox heap usage grows from 34MB to 163MB. For 1,4GB lkml mailbox heap usage grows from 80MB to 700MB. So I'm not sure if this should be enabled by default until something can be done about the memory usage. - The current list of indexed characters are: A-Z, 0-9, @.-+#$%_ and all 8bit chars. When trying to search for non-indexed characters Dovecot has to split the search word. For example a,b would search a and b, combine the results and then open those mails to see where it really exists. The same thing happens with a b. If the search word doesn't contain any indexable characters, Dovecot has to read all mails. This indexable character list could be changed runtime, so if a user keeps searching for some non-indexed character, it could be added to indexed characters and the index be rebuilt. - To be able to give definite replies for BODY searches squat has to keep track of whether a word was found from body or header. This also optimizes HEADER searches because then Dovecot has to search only those mails that have the word in their headers, instead of the mails that have it in either header or body. Unfortunately this makes the indexes somewhat larger again (22%-28% for 200MB), but I think this should be done by default. The header+body is stored by storing UID 1=message 1 header, UID 2=message 1 body, UID 3=message 2 header, etc. I haven't yet tried how well the UID lists could be compressed if could support only-header or only-body ranges. For example now if word is found from all headers but from no bodies, it stores the UID list as 1,3,5,7,etc, while it could be stored as simple only bodies, 1:7. I guess the UID list compression could use all kinds of other algorithms as well. Currently it supports only the whole list being either a bitmask or UID range. A long UID list might compress better as a bitmask +range combination. UID lists take most of the Squat space, so even small improvements can give huge benefits. If you're interested in trying, you can download the current test code and modify uidlist_write_array() for writing and node_uidlist_get_at_offset() for reading. http://dovecot.org/tmp/test.c http://dovecot.org/tmp/test-uidlist.c Place to src/plugins/fts-squat/, run with ./test some-mbox-file Another somewhat different idea to substring indexing (suggested to me by someone else) would be to index the messages' words normally like most indexers do, and then use Squat indexes for those words. So for example when searching for ord it first looks up all words that contain ord substring in them. Then it looks up message UIDs for
Re: [Dovecot] dovecot with ldap and allow_nets
On Fri, 2007-11-23 at 16:12 +0100, Marc Cuypers wrote: Some of the mail users may only login from the LAN, while others can login from the LAN and the internet. I've read about allow_nets but i can't find very much info when dovecot is used with ldap. Can someone give me a direction (url, configuration file, ...). You'll have to store the allow_nets field to LDAP using some name and tell Dovecot to use it in pass_attrs. On LDAP side you probably need some special schema (don't ask me about that) or you need to use some other existing field for that purpose. pass_attrs anyway goes something like: pass_attrs = uid=user,userPassword=password,someField=allow_nets signature.asc Description: This is a digitally signed message part
Re: [Dovecot] overquota message
On Mon, 2007-11-26 at 10:40 +0100, Emiliano Gabrielli (aka AlberT) wrote: is it possible to customize the overquota message ? I'd like very much if it was possible to use the %d in the postmaster mail address Hmm. Sounds like this could be useful. Maybe if postmaster_address ends with @ (like postmaster@) it would take the domain from the destination user's address. Or do MTAs have better idea of what it could be and it could be passed as a parameter? (and overquota message) too v1.1 supports this. With v1.0 you'd have to modify sources. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] migrating from mbox to maildir
On Sun, 2007-11-25 at 22:56 -0600, Kyle Wheeler wrote: On Saturday, November 24 at 10:13 PM, quoth mouss: If for some reason you are completely stuck with 0.99.x, then yes, changing to Maildir format is pretty easy, and there are plenty of conversion scripts out there in the world. Just ask Google. Keep in mind if the real problem is some bug in Centos that prevents Dovecot from using locks, then the Maildir conversion may not help much, because Maildir (in Dovecot) uses locks as well. why lock? To quote the Dovecot wiki (http://wiki.dovecot.org/MailboxFormat/Maildir): Although maildir was designed to be lockless, Dovecot locks the maildir while doing modifications to it or while looking for new messages in it. This is required because otherwise Dovecot might temporarily see mails incorrectly deleted, which would cause trouble. Basically the problem is that if one process modifies the maildir (eg. a rename() to change a message's flag), another process in the middle of listing files at the same time could skip a file. The skipping happens because readdir() system call doesn't guarantee that all the files are returned if the directory is modified between the calls to it. This problem exists with all the commonly used filesystems. OSX with HFS+ seems to be an exception actually. Also it would be possible to use inotify to avoid skipping files. Also Dovecot uses dotlock files, not fcntl locks, to do the maildir locking. Originally this was both because of NFS and because new dovecot-uidlist was written to the dovecot-uidlist.lock file and rename()d over. This isn't done anymore, so NFS is the only reason why dotlocks are used. I guess v2.0 could use lock_method setting to figure out if it should use fcntl/flock instead. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] recalculation of maildir Quota
On Fri, 2007-11-23 at 18:47 +0100, Ingo Rogalsky wrote: This solves the issue. Thanks. Nevertheless I'm going to disable the quota plugin because of the long recalculation time and imap clients not usable during this. But one more question: Would it be possible to disable the recalculation This would be easy by modifying the quota plugin. and do this with a nightly cronjob, which scans all mail accounts? This would be specific to your installation, but I guess it wouldn't be too difficult to write such a script.. Anyway I won't try it. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] SIGSEGV login process
On Thu, 2007-11-22 at 21:16 +0300, Maxim wrote: #0 0x08051e2d in auth_client_request_continue () (gdb) bt #0 0x08051e2d in auth_client_request_continue () #1 0x0804b8db in client_auth_input () #2 0x080562ec in io_loop_handler_run () #3 0x0805599d in io_loop_run () #4 0x0804d963 in main () (gdb) or what anything info should i provide? Any chance of getting the backtrace with debug symbols enabled? If you compile from sources, they're in the binaries by default. Also it sometimes helps backtraces if optimizations are disabled. You can do this with: CFLAGS=-g ./configure signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Disconnected: Mailbox is in inconsistent state, please relogin
On Fri, 2007-11-23 at 03:24 -0800, Kleyton M. wrote: Nov 23 09:00:43 golf dovecot: IMAP(everli): Maildir /home/everli/Maildir sync: UID next_uid (89 90, file = msg.BAwd:2,) I don't understand your language, but I do understand this error message. You've configured Procmail to deliver mails using MH format. See http://wiki.dovecot.org/MailboxFormat/Maildir#procmail signature.asc Description: This is a digitally signed message part
Re: [Dovecot] passdb ldap static values
On Wed, 2007-11-21 at 15:09 -0600, Harrison Metzger wrote:
Hello,
In the pass_attrs field one can map ldap attributes to dovecot attributes.
I'm wondering if I can map both ldap attribuets and static attributes to a
dovecot value in the same passdb section.
It's possible with v1.1, but not with v1.0.
Also, I can't seem to find what other values (if any) can belong in the:
passdb ldap {
args = /path/filename
}
stanza. Are there any other options I can put in that stanza, I can't seem
to find any on the wiki.
You can't put anything else there.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Sieve regex never matches
Hi Timo, Both scripts compile fine, but their regex never match. Has anyone an idea why? I'm using Dovecot 1.0.0 on Debian Etch stable. So I guess you also use Debian-compiled Sieve plugin? It's possible that it doesn't have regex support compiled in. I'm not sure if it gives any errors or if it just silently ignores it.. No, no errors, so regex support was compiled in. The regex just never matched/always returned false. I've installed version 1.0.5 from the Debian testing branch yesterday evening, and now it works, so the problem has already been fixed. Frank
Re: [Dovecot] File locking problems and duplicate emails with the snarf plugin
On Wed, 2007-11-21 at 20:29 +, Adrian Barker wrote: Two weeks ago we switched all our IMAP users (around 25,000) from the Washington IMAP server to Dovecot, and since then there have been several occasions when reading new email just hangs, and duplicate emails appear. We are using the 'snarf' plugin to copy new email to the inbox, and it looks as though the problems are caused by file locking. How do you deliver mails to the mboxes? If not using Dovecot's deliver, the mbox locking order could be different between them and they'd deadlock. mbox_read/write_locks settings affect this. We have been using the Washington IMAP server for a number of years without any file locking problems, so the underlying file locking mechanism is robust. Did UW-IMAP really use fcntl locks with mboxes? Could it be that it just didn't, and now the problem is with fcntl locking in general? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] SIGSEGV login process
On Mon, 26 Nov 2007 15:04:06 +0200, Timo Sirainen [EMAIL PROTECTED] wrote: On Thu, 2007-11-22 at 21:16 +0300, Maxim wrote: #0 0x08051e2d in auth_client_request_continue () (gdb) bt #0 0x08051e2d in auth_client_request_continue () #1 0x0804b8db in client_auth_input () #2 0x080562ec in io_loop_handler_run () #3 0x0805599d in io_loop_run () #4 0x0804d963 in main () (gdb) or what anything info should i provide? Any chance of getting the backtrace with debug symbols enabled? If you compile from sources, they're in the binaries by default. Also it sometimes helps backtraces if optimizations are disabled. You can do this with: CFLAGS=-g ./configure i found problem. i have installed exim with self delivery (not dovecot LDA) and just install from port mail/dovecot-sieve and have these crashes. e.g. finally case is: 1) install exim with Maildir delivery 2) install dovecot 3) start both of them 4) install mail/dovecot-sieve 5) not touch anything, just wait high load (LA~10..20) 6) login processes begins randomly crashes did you still need debug core+bt?
Re: [Dovecot] Wanting to seperate MTA and Imap
Brent Clark wrote: I read the documentation on NFS, but from other sites i have read. Most say this is NOT the best solution. I use NFS, as do quite a number of people - it may not be the best solution, but there are few others for realising shared storage at all sensibly. Most of the cluster filesystems I've tested have not performed well, and I'm guessing you don't have access to a quality SAN to make this sensible. Have you tested Redhat's GFS? If yes, how it behave with Dovecot imap/lda? Pawel
Re: [Dovecot] libwrap-ing IMAP and POP logins
On Wed, 2007-11-21 at 16:38 +0100, Edgar Fuß wrote: Just to know: is there simply no interest in libwrap-ing dovecot or is there a better way to do it or is my patch considered inadequate? I also wrote libwrap patch a few years ago: http://dovecot.org/patches/1.0/tcp-wrappers.patch The problem is that it doesn't work when login process is chrooted, so I thought there's no point in including support for it. I was thinking about adding support for this in Dovecot v2.0 using some kind of a separate non-chrooted daemon. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] SIGSEGV login process
On Mon, 2007-11-26 at 16:13 +0300, Maxim Lougovsky wrote: i have installed exim with self delivery (not dovecot LDA) and just install from port mail/dovecot-sieve and have these crashes. e.g. finally case is: 1) install exim with Maildir delivery 2) install dovecot 3) start both of them 4) install mail/dovecot-sieve 5) not touch anything, just wait high load (LA~10..20) So the high load is the point I guess. 6) login processes begins randomly crashes did you still need debug core+bt? It would help a lot. Otherwise it'll probably take me quite a lot of time to reproduce it, if I'm able to do it at all (it could be that some clients do something special that causes it). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot + Cygwin
On Wed, 2007-11-21 at 03:13 +0100, Ronny wrote:
If that worked, try adding exit(0); as the first statement in
src/auth/main.c's main() function to see if it returns 53 before or
after it reaches that far.
I put some information output to the code (i do not have a debbuger
running yet ;-) )
static void auth_process_input(void *context)
{
.
...
switch (i_stream_read(process-input)) {
...
case -1:
/* disconnected */
i_info(DIE 2);
auth_process_destroy(process);
return;
This only means that it sees that auth process died, so master process
shuts down. Put something similar to src/auth/main.c instead to see if
it gets executed.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Ldap Proxy
On Tue, 2007-11-20 at 21:08 -0600, Harrison Metzger wrote: Hello I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a passwd-file, but not ldap directory. Here is part my args file on the passdb ldap stanza: auth_bind = yes I'm not sure if this affects it. It shouldn't, but you could try if it works without. pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host This looks ok. I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed. What do the logs show with auth_debug=yes? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] SIGSEGV login process
On Mon, 26 Nov 2007 15:22:29 +0200, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-11-26 at 16:13 +0300, Maxim Lougovsky wrote: i have installed exim with self delivery (not dovecot LDA) and just install from port mail/dovecot-sieve and have these crashes. e.g. finally case is: 1) install exim with Maildir delivery 2) install dovecot 3) start both of them 4) install mail/dovecot-sieve 5) not touch anything, just wait high load (LA~10..20) So the high load is the point I guess. 6) login processes begins randomly crashes did you still need debug core+bt? It would help a lot. Otherwise it'll probably take me quite a lot of time to reproduce it, if I'm able to do it at all (it could be that some clients do something special that causes it). ok, i soon send to list backtrace. Thank you
Re: [Dovecot] Small typo
On Mon, 2007-11-12 at 11:49 +0530, Abhijit Hoskeri wrote: On Sat, Nov 10, 2007 at 07:56:43PM +0200, Timo Sirainen wrote: i_fatal() exits the process. You probably want to use i_error() instead. Thanks a lot. I have fixed this. I have two more questions: * How do I know whether the userdb/passdb is running with blocking=yes or not? There's a global bool worker variable. If it's TRUE, you're running in auth worker process (blocking=yes is set), otherwise not. But not all passdbs support blocking=yes at all. * What are your plans on putting something like this in the Dovecot trunk/HEAD, along with your dont-proxy-on-ips-i-listen-on patch you had posted some time back? I don't much like the idea of maintaining my own version of Dovecot! The dont-proxy-my-own-ips patch is already committed, but it only fixes the infinite looping and not letting user log in normally (I think?). These aren't very high on my TODO list right now, so I don't really have plans.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Ldap Proxy
I turned auth_bind off by commenting it out. Here is what my logs show: Nov 26 07:40:56 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): pass search: base=dc=beloit,dc=edu scope=subtree filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): No password in reply Nov 26 07:40:57 holiday dovecot: auth(default): client out: FAIL 1 user=applesejtemphost=144.89.40.1 Nov 26 07:40:59 holiday dovecot: pop3-login: Aborted login: user=applesej, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured When auth_bind = yes, it simply allows the user to login and reads from their local mailbox. Harrison Metzger On Nov 26, 2007 7:33 AM, Timo Sirainen [EMAIL PROTECTED] wrote: On Tue, 2007-11-20 at 21:08 -0600, Harrison Metzger wrote: Hello I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a passwd-file, but not ldap directory. Here is part my args file on the passdb ldap stanza: auth_bind = yes I'm not sure if this affects it. It shouldn't, but you could try if it works without. pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host This looks ok. I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed. What do the logs show with auth_debug=yes?
[Dovecot] Using global und per-user sieve scripts at the same time
Hi list,
I'm trying to get a global sieve mailfilter with per-user sieve scripts
to work.
At the lda-section in the dovecot.conf file I have:
global_script_path = /usr/local/etc/sieve/spam
/usr/local/etc/sieve/spam:
require fileinto;
if header :contains [Subject] [***Spam***] {
fileinto Spam;
stop;
}
which will work fine delivering Spam Mails in a Spam dir for every user.
If a user creates his own .dovecot.sieve file the global script will not
work anymore.
How can I enable global and local per-user sieve scripts at once? Is
this possible? Do you know any workaround so all users will have the
same (Spam-)sieve filters beside there own (global templates or so)?
Matthias
Re: [Dovecot] Using global und per-user sieve scripts at the same time
On 26.11.2007 16:50, Matthias Kellermann wrote:
Hi list,
I'm trying to get a global sieve mailfilter with per-user sieve scripts
to work.
At the lda-section in the dovecot.conf file I have:
global_script_path = /usr/local/etc/sieve/spam
/usr/local/etc/sieve/spam:
require fileinto;
if header :contains [Subject] [***Spam***] {
fileinto Spam;
stop;
}
which will work fine delivering Spam Mails in a Spam dir for every user.
If a user creates his own .dovecot.sieve file the global script will not
work anymore.
How can I enable global and local per-user sieve scripts at once? Is
this possible? Do you know any workaround so all users will have the
same (Spam-)sieve filters beside there own (global templates or so)?
Matthias
You forgot to insert this one, where users sieve files stored.
plugin {
sieve = /var/mail/store/%u/sieve
}
Re: [Dovecot] SIGSEGV login process
On Mon, 26 Nov 2007 16:35:46 +0300, Maxim Lougovsky [EMAIL PROTECTED] wrote: On Mon, 26 Nov 2007 15:22:29 +0200, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-11-26 at 16:13 +0300, Maxim Lougovsky wrote: i have installed exim with self delivery (not dovecot LDA) and just install from port mail/dovecot-sieve and have these crashes. e.g. finally case is: 1) install exim with Maildir delivery 2) install dovecot 3) start both of them 4) install mail/dovecot-sieve 5) not touch anything, just wait high load (LA~10..20) So the high load is the point I guess. 6) login processes begins randomly crashes did you still need debug core+bt? It would help a lot. Otherwise it'll probably take me quite a lot of time to reproduce it, if I'm able to do it at all (it could be that some clients do something special that causes it). ok, i soon send to list backtrace. Thank you Hmm, really strange. now bt shown other function rather previous: mail# gdb ./work/dovecot-1.0.7/src/imap-login/imap-login /tmp/imap-login.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-marcel-freebsd... warning: exec file is newer than core file. Core was generated by `imap-login'. Program terminated with signal 11, Segmentation fault. #0 0x08051e2d in imap_parser_read_arg (parser=0x0) at imap-parser.c:518 518 data = i_stream_get_data(parser-input, data_size); (gdb) bt #0 0x08051e2d in imap_parser_read_arg (parser=0x0) at imap-parser.c:518 #1 0x0804b8db in client_unref (client=0x806ea00) at client.c:536 #2 0x080562ec in fd_debug_verify_leaks (first_fd=134705600, last_fd=134598854) at fd-close-on-exec.c:56 #3 0x0805599d in i_error (format=0x80771c0 ) at failures.c:210 #4 0x0804d963 in login_proxy_free (proxy=0x1) at login-proxy.c:207 #5 0x0804a6a6 in _start () #6 0x0001 in ?? () (gdb)
[Dovecot] Some dovecot conf parameters
Hello all! First of all - sorry for my english. :-) Im working now on migration from cyrus to dovecot(v1.07). Everything work`s fine for now, but some parameters at dovecot conf a mystical for me. :-) dovecot-ldap.conf: user_attrs = mail #,homeDirectory user_filter = ((objectClass=qmailUser)(mail=%u)) pass_attrs = mail,userPassword=password pass_filter = ((objectClass=qmailUser)(mail=%u)) What does this parameters mean? Im understand what mean a *_filter, but im do not understand a *_attrs. Yes, im read a http://wiki.dovecot.org/AuthDatabase/LDAP and http://wiki.dovecot.org/PasswordDatabase/ExtraFields But don`t understand it. :-( Ask you for help, or just say what im read this wiki again and again. --- Best regards, Proskurin Kirill
Re: [Dovecot] Enhanced Kerberos support
On Tue, 2007-11-13 at 14:16 -0800, Richard A Nelson wrote: The recent addition of auth_gssapi_hostname is a welcome addition, but a little more is needed for multi-homed (or multi-domained) sites. I haven't implemented Dovecot's GSSAPI code and my GSSAPI/Kerberos knowledge is pretty limited. I guess some day I should find out more about it. So, Cc'd Jelmer in case he has some comments/ideas. SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If “yes” then the client must authenticate against the host service on the current hostname. If “no” then the client may authenticate against any service key stored in the machine’s default store. This facility is provided to assist with operation on multi homed machines. The default is “yes”. Note that this option applies only to protocol version 2 GSSAPI connections, and setting it to “no” may only work with recent Kerberos GSSAPI libraries. Somehow this doesn't sound a very good idea. I've heard that other daemons support multi-names by instead of using gethostname(), obtain the hostname of the interface that the request came in on. I guess this would mean a PTR DNS lookup for the local IP? I've wanted to avoid DNS lookups in Dovecot so far, but proxying would also want to use them.. I guess blocking DNS lookups for local IPs should be pretty safe and fast. Perhaps a new %D variable modifier, so you could do auth_gssapi_hostname = %Dl. Since these shouldn't be used for remote lookups, Dovecot could also cache them (with upper limit 100 or something). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] NFS lock tester
No errors on Solaris 10 either (Solaris 10 NFS clients and Solaris 10 NFS server with ZFS backing store). - Peter Timo Sirainen wrote: On Thu, 2007-11-15 at 04:32 +0200, Timo Sirainen wrote: Anyone who has NFS, could you test: http://dovecot.org/tmp/locktest.c (did a minor update to that in case someone already got it) What I'd like to know is what OS you use on your NFS clients, what NFS server you use and what errors does it give (errors being those link() succeeded/failed, but .. messages). Linux doesn't seem to give any errors. So I guess it really is a bug and not a general problem. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] SIGSEGV login process
On Mon, 2007-11-26 at 16:51 +0300, Maxim Lougovsky wrote: Hmm, really strange. now bt shown other function rather previous: .. mail# gdb ./work/dovecot-1.0.7/src/imap-login/imap-login /tmp/imap-login.core .. warning: exec file is newer than core file. The core file needs to used against the exact same binary that produced it. Otherwise the backtrace is corrupted. So you'd have to install the imap-login and get a new core file.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Some dovecot conf parameters
On Mon, 2007-11-26 at 16:52 +0300, Proskurin Kirill wrote: Im working now on migration from cyrus to dovecot(v1.07). Would you like to tell why? I'm always interested of why people are switching away from Cyrus. :) user_attrs = mail #,homeDirectory user_filter = ((objectClass=qmailUser)(mail=%u)) pass_attrs = mail,userPassword=password pass_filter = ((objectClass=qmailUser)(mail=%u)) What does this parameters mean? Im understand what mean a *_filter, but im do not understand a *_attrs. Yes, im read a http://wiki.dovecot.org/AuthDatabase/LDAP and http://wiki.dovecot.org/PasswordDatabase/ExtraFields But don`t understand it. :-( Those are fields that Dovecot looks up from LDAP and uses for its internal purposes. If you're using auth_bind=yes, pass_attrs only needs to return user field. In your case you're using mail for that, so you need to tell Dovecot that it's the same as user: pass_attrs = mail=user,userPassword=password It might not be necessary though. But that makes sure that if mail=%u matching is case-insensitive, Dovecot uses the username with the exact same casing as it's in LDAP. user_attrs then.. Well, if you're using virtual users with a single UID and GID you may not need to use userdb ldap at all. Look at http://wiki.dovecot.org/UserDatabase/Static instead. http://wiki.dovecot.org/UserDatabase anyway explains the user_attrs fields. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] SIGSEGV login process
On Mon, 26 Nov 2007 15:59:38 +0200, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-11-26 at 16:51 +0300, Maxim Lougovsky wrote: Hmm, really strange. now bt shown other function rather previous: .. mail# gdb ./work/dovecot-1.0.7/src/imap-login/imap-login /tmp/imap-login.core .. warning: exec file is newer than core file. The core file needs to used against the exact same binary that produced it. Otherwise the backtrace is corrupted. So you'd have to install the imap-login and get a new core file.. ok.
Re: [Dovecot] Ldap Proxy
On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote: pass search: base=dc=beloit,dc=edu scope=subtree filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1 It looks for proxy field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Using global und per-user sieve scripts at the same time
On Mon, 2007-11-26 at 14:50 +0100, Matthias Kellermann wrote: If a user creates his own .dovecot.sieve file the global script will not work anymore. How can I enable global and local per-user sieve scripts at once? Is this possible? Unfortunately not. Sieve plugin v1.1 (requires Dovecot v1.1) supports include extension, so in per-user scripts they could include the global script. It should probably be somewhat easy to do this including automatically. (Actually I'm hoping to offload Sieve development to Stephan Bosch and his completely rewritten Sieve code. I don't know when it's going to be in a usable state though. And I hope the code's existence wasn't a secret.. :) signature.asc Description: This is a digitally signed message part
[Dovecot] upgrade from version 1.0.3 to version 1.0.7
Im working on upgrading to dovecot-1.0.7 from version 1.0.3 which I installed using yum. I backed up my init.d stuff so everything still works. However, when I shutdown my old dovecot version and start the new, I get an empty mailbox when logging into mail. My current config for dovecot.conf on version 1.0.3 has this for my mailbox location:mail_location = mbox:~/:INBOX=/var/mail/%u I went from uw-imap to dovecot some months ago and necessary changes to the .mailboxlist to .subscriptions. Is there a different format for version 1.0.7? -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools rarely do people communicate, they just take turns talking
Re: [Dovecot] v1.1.beta9 released
Timo Sirainen wrote: http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz.sig Some changes since beta8: - This release should work perfectly with NFS attribute cache enabled. - Fixes to handling what should be written to cache file and when - Some index handling optimizations - IMAP LIST: dbox and cydir can now return children state Beta9 will most likely have a rewritten Squat indexer. More about that the next mail. FYI, the above link does not work. It is at the following link: http://dovecot.org/releases/1.1/dovecot-1.1.beta9.tar.gz Jeff
Re: [Dovecot] v1.1.beta9 released
On Mon, 2007-11-26 at 06:20 -0800, Jeff Grossman wrote: Timo Sirainen wrote: http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta9.tar.gz.sig Some changes since beta8: - This release should work perfectly with NFS attribute cache enabled. - Fixes to handling what should be written to cache file and when - Some index handling optimizations - IMAP LIST: dbox and cydir can now return children state Beta9 will most likely have a rewritten Squat indexer. More about that the next mail. FYI, the above link does not work. It is at the following link: http://dovecot.org/releases/1.1/dovecot-1.1.beta9.tar.gz Whops, moved to beta/ now. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] upgrade from version 1.0.3 to version 1.0.7
On Mon, 2007-11-26 at 09:17 -0500, [EMAIL PROTECTED] wrote: Im working on upgrading to dovecot-1.0.7 from version 1.0.3 which I installed using yum. I backed up my init.d stuff so everything still works. However, when I shutdown my old dovecot version and start the new, I get an empty mailbox when logging into mail. My current config for dovecot.conf on version 1.0.3 has this for my mailbox location:mail_location = mbox:~/:INBOX=/var/mail/%u I went from uw-imap to dovecot some months ago and necessary changes to the .mailboxlist to .subscriptions. Is there a different format for version 1.0.7? No. There should be no changes between 1.0.3 and 1.0.7 that could cause this. So I don't think the problem is with the version number change, but something else. Setting mail_debug=yes (and maybe auth_debug=yes) and looking at logs would show what Dovecot is really using as home directory and mail location. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] upgrade from version 1.0.3 to version 1.0.7
I went from uw-imap to dovecot some months ago and necessary changes to the .mailboxlist to .subscriptions. Is there a different format for version 1.0.7? No. There should be no changes between 1.0.3 and 1.0.7 that could cause this. So I don't think the problem is with the version number change, but something else. Setting mail_debug=yes (and maybe auth_debug=yes) and looking at logs would show what Dovecot is really using as home directory and mail location. Have done. When initially logging in, Messages show (using horde/imp). After reading first message I get a no messages message. This is in my logfiles for each user: Nov 26 09:28:10 mail dovecot: IMAP(someuser): mbox: data=/home/someuser/:INBOX=/var/mail/someuser Nov 26 09:28:10 mail dovecot: IMAP(someuser): mbox: root=/home/someuser, index=/home/someuser, inbox=/var/mail/someuser Nov 26 09:28:10 mail dovecot: IMAP(someuser): open(/var/mail/.temp.mail.harrisonburg.k12.va.us.23157.22aab3df3f835fed) failed: Permission denied Nov 26 09:28:10 mail dovecot: IMAP(someuser): file_lock_dotlock() failed with mbox file /var/mail/someuser: Permission denied. Now the only difference other than the version I can see is the new version built with ssl. Which I would like to use. thanks, ddh -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools rarely do people communicate, they just take turns talking
Re: [Dovecot] upgrade from version 1.0.3 to version 1.0.7
On Mon, 2007-11-26 at 09:32 -0500, [EMAIL PROTECTED] wrote: Nov 26 09:28:10 mail dovecot: IMAP(someuser): open(/var/mail/.temp.mail.harrisonburg.k12.va.us.23157.22aab3df3f835fed) failed: Permission denied Nov 26 09:28:10 mail dovecot: IMAP(someuser): file_lock_dotlock() failed with mbox file /var/mail/someuser: Permission denied. Typical workaround to this is to set mail_extra_groups = mail. Alternative is to change /var/mail directory to be world writable (and with sticky bit). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Enhanced Kerberos support
Hi Timo, Richard, On Mon, 2007-11-26 at 15:54 +0200, Timo Sirainen wrote: On Tue, 2007-11-13 at 14:16 -0800, Richard A Nelson wrote: SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If “yes” then the client must authenticate against the host service on the current hostname. If “no” then the client may authenticate against any service key stored in the machine’s default store. This facility is provided to assist with operation on multi homed machines. The default is “yes”. Note that this option applies only to protocol version 2 GSSAPI connections, and setting it to “no” may only work with recent Kerberos GSSAPI libraries. Somehow this doesn't sound a very good idea. I'm a bit curious as to why you would want to be strict about this - is this serving multiple realms? I've heard that other daemons support multi-names by instead of using gethostname(), obtain the hostname of the interface that the request came in on. I guess this would mean a PTR DNS lookup for the local IP? I've wanted to avoid DNS lookups in Dovecot so far, but proxying would also want to use them.. Perhaps we can just do this in case the option equivalent to GSSAPIStrictAcceptorCheck is enabled or perhaps some other option to enable gssapi multi-homing? I guess blocking DNS lookups for local IPs should be pretty safe and fast. Perhaps a new %D variable modifier, so you could do auth_gssapi_hostname = %Dl. Since these shouldn't be used for remote lookups, Dovecot could also cache them (with upper limit 100 or something). Yeah, that would make sense I think. Cheers, Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://samba.org/~jelmer/ signature.asc Description: This is a digitally signed message part
Re: [Dovecot] upgrade from version 1.0.3 to version 1.0.7
Quoting Timo Sirainen [EMAIL PROTECTED]: On Mon, 2007-11-26 at 09:32 -0500, [EMAIL PROTECTED] wrote: Nov 26 09:28:10 mail dovecot: IMAP(someuser): open(/var/mail/.temp.mail.harrisonburg.k12.va.us.23157.22aab3df3f835fed) failed: Permission denied Nov 26 09:28:10 mail dovecot: IMAP(someuser): file_lock_dotlock() failed with mbox file /var/mail/someuser: Permission denied. Typical workaround to this is to set mail_extra_groups = mail. Alternative is to change /var/mail directory to be world writable (and with sticky bit). That seems to have done it. I saw this in the wiki I think. Sorry to bother you with a problem that is already documented. Is there any other tweaks or settings that I should know about? ddh -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools rarely do people communicate, they just take turns talking
Re: [Dovecot] Variable krb5 cache location
On Sun, 2007-11-25 at 20:24 +0100, Roland Hopferwieser wrote:
First I want to thank you for this great software.
Second, I think it could be a good idea to give the user the chance to
change the location for the kerberos V cache, so there is no potentially
conflict with other processes. With external refreshment of the krb5
cache, I use the cache also for authentication against the LDAP server
with the gssapi.
Please find attached a little diff file to dovecot 1.0.7.
Looks ok, but I hate to add new settings to dovecot.conf nowadays since
there are already too many. Also then there would be two
Kerberos-related settings that simply set environment variables. I'm
beginning to think that maybe something more generic is needed, such as:
auth default {
..
environment {
krb5_ktname = ..
krb5ccname = ...
who_knows_what_else_in_future = ..
}
}
I think LDAP library also can accept settings from environment.
Anyone on mailing list have better ideas?
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Ldap Proxy
I changed it so that proxy would be populated by an existing ldap attribute. Here are what my logs show now: Nov 26 08:42:01 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): bind search: base=dc=beloit,dc=edu filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej cn(proxy)=John Applesead BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): bind: dn=uid=applesej,ou=People,dc=beloit,dc=edu Nov 26 08:42:01 holiday dovecot: auth(default): client out: OK 1 user=applesej proxy host=144.89.40.1pass=xx Nov 26 08:42:01 holiday dovecot: auth(default): master in: REQUEST 1 212091 Nov 26 08:42:01 holiday dovecot: auth(default): Master request 21209.1 not found Nov 26 08:42:01 holiday dovecot: auth(default): master out: NOTFOUND1 Nov 26 08:42:01 holiday dovecot: pop3-login: Internal login failure: user=applesej, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I know this user can proxy because when I set it up to do it by passwd-file it works. On Nov 26, 2007 8:07 AM, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote: pass search: base=dc=beloit,dc=edu scope=subtree filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1 ): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1 It looks for proxy field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs.
Re: [Dovecot] Ldap Proxy
Ok. I got it to work. I changed this: pass_attrs = uid=user,cn=proxy,BCMailDovecotProxyHost=host,gidNumber=nologin,uidNumber=nodelay By adding nologin and nodelay it seems to work. Also, I have to have each map to a unique ldap field or it won't like that. (If people have less than 4 entries in their ldap entry it may actually be a problem then. haha) The static fields would be really nice, Once redhat decides to put 1.1 in their repository it will wind up on the machine. Until then, this way seems to work. Thanks for your help. Harrison Metzger On Nov 26, 2007 8:50 AM, Harrison Metzger [EMAIL PROTECTED] wrote: I changed it so that proxy would be populated by an existing ldap attribute. Here are what my logs show now: Nov 26 08:42:01 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip= 127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1 ): bind search: base=dc=beloit,dc=edu filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): result: uid(user)=applesej cn(proxy)=John Applesead BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): bind: dn=uid=applesej,ou=People,dc=beloit,dc=edu Nov 26 08:42:01 holiday dovecot: auth(default): client out: OK 1 user=applesej proxy host=144.89.40.1pass=xx Nov 26 08:42:01 holiday dovecot: auth(default): master in: REQUEST 1 212091 Nov 26 08:42:01 holiday dovecot: auth(default): Master request 21209.1 not found Nov 26 08:42:01 holiday dovecot: auth(default): master out: NOTFOUND1 Nov 26 08:42:01 holiday dovecot: pop3-login: Internal login failure: user=applesej, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I know this user can proxy because when I set it up to do it by passwd-file it works. On Nov 26, 2007 8:07 AM, Timo Sirainen [EMAIL PROTECTED] wrote: On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote: pass search: base=dc=beloit,dc=edu scope=subtree filter=((objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)= 144.89.40.1 It looks for proxy field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs.
Re: [Dovecot] Enhanced Kerberos support
Timo Sirainen [EMAIL PROTECTED] writes: SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If “yes” then the client must authenticate against the host service on the current hostname. If “no” then the client may authenticate against any service key stored in the machine’s default store. This facility is provided to assist with operation on multi homed machines. The default is “yes”. Note that this option applies only to protocol version 2 GSSAPI connections, and setting it to “no” may only work with recent Kerberos GSSAPI libraries. Somehow this doesn't sound a very good idea. This says the host service on the current hostname, and I interpret this as the principal host/[EMAIL PROTECTED], where $hostname is the value returned by gethostname(3)/hostname(1). There is no DNS involved in this at all. The alternative is to accept authentication to any principal either of the form host/[EMAIL PROTECTED], as long as that key is stored in the machine's keytab. None of this involves DNS lookups. I've heard that other daemons support multi-names by instead of using gethostname(), obtain the hostname of the interface that the request came in on. I guess this would mean a PTR DNS lookup for the local IP? I've wanted to avoid DNS lookups in Dovecot so far, but proxying would also want to use them.. Yes, you could do this, allowing authentication to various names, depending on the interface. But I would think it's better to have an option to either a) just allow the name that's configured as hostname, or b) allow any host/ key that's in the keytab. I don't see that it's useful from a security viewpoint to refuse authentication that's done to host/foo when the request is received on an interface that has an IP address that doesn't map to foo. Actually, I'd say that it isn't meaningful, for TCP at least, to talk about the interface on which a request was received, and even for UDP packets can arrive on arbitrary interfaces due to routing changes, and generally these have no security consequences. I guess blocking DNS lookups for local IPs should be pretty safe and fast. Why? If the local DNS responder is hosed, it will be messy. But this is much less scary than lookups on random addresses. What problem are we trying to solve? The problem I can see is that if a server is known by two names, clients may attempt to authenticate to both of those names, and that should work (assuming both names have service keys present in the keytab). Are people trying to run some inside/outside split mailserver that's both inside and outside a firewall?
Re: [Dovecot] Some dovecot conf parameters
Timo Sirainen wrote: Would you like to tell why? I'm always interested of why people are switching away from Cyrus. :) Were is a lot of people do so before me? Funny. :-) At our system cyrus was before me, and im really don`t like it and don`t want to learn it. Im tired of it IO system error then im try to reconstruct they maildir`s. Im tired of it index errors. And im really don`t like what he uses it it own maildir... Im think what most of it error`s can be fixed. Im try to but failed. And all our old mail system is work bad... im make it now from beginning. As im know, the best open and free pop3\imap daemons is a cyrus and dovecot. :-) So im decided to try it, and im really like it. :-) Waiting for 1.1 Those are fields that Dovecot looks up from LDAP and uses for its internal purposes. Thank you for explanation! user_attrs then.. Well, if you're using virtual users with a single UID and GID you may not need to use userdb ldap at all. Look at http://wiki.dovecot.org/UserDatabase/Static instead. Auth, verify and deliver does by Exim. Im will test a dovecot deliver soon any way... We a using LDAP as a one and only DB for all in one(mail auth, address book, jabber auth and so on). :-) So it is really... mhh... comfortable for us. :-) -- Best regards, Proskurin Kirill
Re: [Dovecot] Using global und per-user sieve scripts at the same time
Nikolay Shopik schrieb:
You forgot to insert this one, where users sieve files stored.
plugin {
sieve = /var/mail/store/%u/sieve
}
Thanks for your answer Nikolay. But I think this won't do the trick.
This setting will override the global setting as well. At the moment I'm
using the default location for the sieve scripts in the user's home dir.
Matthias
Re: [Dovecot] Using global und per-user sieve scripts at the same time
On 26.11.2007 18:57, Matthias Kellermann wrote:
Nikolay Shopik schrieb:
You forgot to insert this one, where users sieve files stored.
plugin {
sieve = /var/mail/store/%u/sieve
}
Thanks for your answer Nikolay. But I think this won't do the trick.
This setting will override the global setting as well. At the moment I'm
using the default location for the sieve scripts in the user's home dir.
Matthias
Very strange but in my case global rules still works even if user have
their own sieve rules. So spam still moved to junk folder ;).
Re: [Dovecot] Dovecot + Cygwin
This only means that it sees that auth process died, so master process
shuts down. Put something similar to src/auth/main.c instead to see if
it gets executed.
I put i_info as the first statement in auth/main.c!
This do not appear at the log, so the auth process is not executed!?!?
As far as i see this is for executing the auth process:
void client_process_exec(const char *cmd, const char *title)
{
i_info(LPE6);
execv(executable, (char **)argv);
i_info(LPE7);
}
Log output is only LPE6, so it comes to the point where it should be
executed, but does not do it!
BUT!!!:
i set auth_executable = /home/Administrator/d.sh
d.sh is
#!/bin/sh
echo running /home/Administrator/output
exit 0
even client_process_exec() do not comes to LPE7 the file output is
created! So it seems execv() runs the process but then stops and do not
return!
log:
dovecot: Nov 25 23:36:48 Info: Dovecot v1.0.7 starting up
dovecot: Nov 25 23:36:48 Info: LPE6
dovecot: Nov 25 23:36:50 Info: DIE 2
dovecot: Nov 25 23:36:50 Info: VOR ausgabe des died to early
dovecot: Nov 25 23:36:50 Error: Auth process died too early - shutting down
By the way, to you use gdb/ddd? Does it work for you? Do you use any
special debug level?
cheers
Ronny
Re: [Dovecot] Dovecot + Cygwin
On 26.11.2007, at 18.28, Ronny wrote: even client_process_exec() do not comes to LPE7 the file output is created! So it seems execv() runs the process but then stops and do not return! That's why I thought that the problem could be that running dovecot- auth.exe calls some library's init function which causes it to exit. You could try running directly: ./dovecot-auth.exe echo $? Does it fail with the same error 53? By the way, to you use gdb/ddd? Does it work for you? Do you use any special debug level? Sure I use gdb in Linux, but if you mean in Cygwin I haven't used Cygwin for years. What do you mean by debug level? PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Mailbox is in inconsistent state
On 26.11.2007, at 18.50, Dion Hollenbeck wrote: lip=:::192.168.1.101 Nov 26 10:26:47 parrot dovecot: POP3(hollen): UIDVALIDITY changed (1196019076 - 1196097977) in mbox file /var/mail/hollen I think there's a problem with mailbox autodetection. If /var/mail/ hollen file ever gets deleted, Dovecot fallbacks to using ~/mail/ inbox. Set explicitly: mail_location = mbox:~/mail:INBOX=/var/mail/%u That hopefully fixes this. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] v1.1.beta9 released
On 26.11.2007, at 20.36, [EMAIL PROTECTED] wrote: build errors. solaris 9, sparc, sun studio 9 and 12. source='base64.c' object='base64.o' libtool=no \ DEPDIR=.deps depmode=none /bin/bash ../../depcomp \ cc -DHAVE_CONFIG_H -I. -I. -I../..-I/opt/SUNWconn/crypto/include -xjobs=4 -c base64.c base64.c, line 96: syntax error before or at: ) Right, doesn't compile with non-gcc. This fixes it: http://hg.dovecot.org/dovecot/rev/ff884d70197b PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Dovecot + Cygwin
./dovecot-auth.exe $ dovecot -n # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot.log ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_user: Administrator login_chroot: no login_process_size: 0 mail_location: maildir:~/Maildir mail_process_size: 0 auth default: executable: /home/Administrator/d.sh user: Administrator verbose: yes debug: yes process_size: 0 passdb: driver: passwd-file args: /etc/passwd.dovecot userdb: driver: passwd [EMAIL PROTECTED] ~ $ dovecot-auth.exe dovecot-auth: Fatal: You'll need to add at least one userdb
[Dovecot] Embracing .99
We're stuck on RHEL 4.x, so we're currently working on a plan to live in harmony with .99 for another year or so. With that said, the plan is below. Let me know if you have any other recommendations. [ ]Convert to high-performance mode vice high-security to reduce overall resource usage. [ ]Implement iptables throttling for new connections to prevent denials of service. [ ]Covert from mbox to maildir to help reduce the likelihood of corruption that lead to mailbox outages. As our overall individual mailbox usage is low, maildir seems to be a good option as mbox corruption has severely impacted a few of our high-profile applications. However, does anyone know of a sane method to use maildir on RHEL 4.x without switching over to Postfix? Thanks!
Re: [Dovecot] Embracing .99
on 11/26/2007 2:19 PM Joe Allesi -X (joallesi - Coyote Creek Consulting at Cisco) spake the following: We're stuck on RHEL 4.x, so we're currently working on a plan to live in harmony with .99 for another year or so. With that said, the plan is below. Let me know if you have any other recommendations. [ ]Convert to high-performance mode vice high-security to reduce overall resource usage. [ ]Implement iptables throttling for new connections to prevent denials of service. [ ]Covert from mbox to maildir to help reduce the likelihood of corruption that lead to mailbox outages. As our overall individual mailbox usage is low, maildir seems to be a good option as mbox corruption has severely impacted a few of our high-profile applications. However, does anyone know of a sane method to use maildir on RHEL 4.x without switching over to Postfix? Thanks! You are not necessarily stuck with .99. You can upgrade dovecot and you only lose support on Dovecot issues. You can use maildir easily with sendmail also, as procmail in 4x supports it. You just have to create a procmailrc in /etc like below; http://linuxmafia.com/faq/Mail/procmail-maildir.html -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't
Re: [Dovecot] Mailbox is in inconsistent state
At 11:50 AM 11/26/2007, Timo Sirainen wrote: On 26.11.2007, at 18.50, Dion Hollenbeck wrote: lip=:::192.168.1.101 Nov 26 10:26:47 parrot dovecot: POP3(hollen): UIDVALIDITY changed (1196019076 - 1196097977) in mbox file /var/mail/hollen I think there's a problem with mailbox autodetection. If /var/mail/ hollen file ever gets deleted, Dovecot fallbacks to using ~/mail/ inbox. Set explicitly: mail_location = mbox:~/mail:INBOX=/var/mail/%u That hopefully fixes this. That did not fix it. Thanks anyway. dion -- Dion Hollenbeck Email: [EMAIL PROTECTED]Home Page: http://www.woodsprite.com Brewing Page: http://hbd.org/hollen Toys: 98 4Runner, 86 4x4 PU
[Dovecot] dovecot imap hangs
All,
I recently did a fresh install/setup on centos 5 to replace my older
courier-imap and all seemed to go well until today I started to notice
that it simply hangs. I use thunderbird and squirrel mail and after a
while it seems like Im simply rejected. I'm almost guessing that it has
to do with the session timing out and then dovecot is unwilling or
unable to renew the session. I can't login and there is little or no
information in the logs. I've set up a cron job to restart dovecot every
5 minutes to deal with this for now.
I'm new to dovecot, what sort of info should I send to you guys?
I'm using centos 5, qmail-ldap and Maildir for my mail format.
OpenLDAP: slapd 2.3.27
dovecot-1.0-1.2.rc15.el5
my /etc/dovecot.conf
===
mail_location = maildir:%h
namespace private {
prefix = INBOX.
inbox = yes
}
mail_debug = yes
maildir_copy_with_hardlinks = yes
auth default {
mechanisms = plain
passdb ldap {
# Path for LDAP configuration file, see doc/dovecot-ldap.conf for
example
args = /etc/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot-ldap.conf
}
}
===
my dovecot-ldap.conf
===
# This file is opened as root, so it should be owned by root and mode 0600.
#
# NOTE: If you're not using authentication binds, you'll need to give
# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:
# access to attribute=userPassword
#by dn=dovecot's dn read # add this
#by anonymous auth
#by self write
#by * none
# Space separated list of LDAP hosts to use. host:port is allowed too.
hosts =127.0.0.1:389
# LDAP URIs to use. You can use this instead of hosts list. Note that this
# setting isn't supported by all LDAP libraries.
#uris =
# Distinguished Name - the username used to login to the LDAP server
#dn =
dn=cn=Manager,dc=cttechhosting,dc=net
dnpass=secret
# Password for LDAP server
#dnpass =
# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
# and auth_bind=yes don't work together.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech =
# SASL realm to use.
#sasl_realm =
# SASL authorization ID, ie. the dnpass is for this master user, but the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id =
# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
# The pass_filter is used to find the DN for the user. Note that the pass_attrs
# is still used, only the password field is ignored in it. Before doing any
# search, the binding is switched back to the default DN.
auth_bind = yes
# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
# filename is different in userdb's args). That way one connection is used only
# for LDAP binds and another connection is used for user lookups. Otherwise
# the binding is changed to the default DN before each user lookup.
#
# For example:
# auth_bind_userdn = cn=%u,ou=people,o=org
#
auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net
# LDAP protocol version to use. Likely 2 or 3.
#ldap_version = 2
ldap_version=3
# LDAP base. %variables can be used here.
base = ou=accounts,dc=cttechhosting,dc=net
# Dereference: never, searching, finding, always
#deref = never
# Search scope: base, onelevel, subtree
#scope = subtree
# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
# uid - System UID
# gid - System GID
# home - Home directory
# mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs =
mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
# %u - username
# %n - user part in [EMAIL PROTECTED], same as %u if there's no domain
# %d - domain part in [EMAIL PROTECTED], empty if user there's no domain
user_filter = ((objectClass=qmailUser)(uid=%u))
# Password checking attributes:
# user: Virtual user name ([EMAIL PROTECTED]), if you wish to change the
#user-given username to something else
# password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
[Dovecot] telnet virtual users
Hi Guys, I've installed postfix + dovecot + postfixadmin + mysql in my CentOS 4.5 box and I would like to test it using telnet however I can't telnet it using the following syntax: $ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. +OK Dovecot ready. user [EMAIL PROTECTED] pass password -ERR Authentication failed. I've also telnet it using imap to no avail. Is there another way to do this? TIA
Re: [Dovecot] dovecot imap hangs
It just happened again and Squirrelmail reported:
*ERROR: Connection dropped by IMAP server.
*I see no errors in /var/log/maillog and I get the same timeout
happening in squirrelmail as well as thunderbird. Please help!!!
Russ
All,
I recently did a fresh install/setup on centos 5 to replace my older
courier-imap and all seemed to go well until today I started to notice
that it simply hangs. I use thunderbird and squirrel mail and after a
while it seems like Im simply rejected. I'm almost guessing that it
has to do with the session timing out and then dovecot is unwilling or
unable to renew the session. I can't login and there is little or no
information in the logs. I've set up a cron job to restart dovecot
every 5 minutes to deal with this for now.
I'm new to dovecot, what sort of info should I send to you guys?
I'm using centos 5, qmail-ldap and Maildir for my mail format.
OpenLDAP: slapd 2.3.27
dovecot-1.0-1.2.rc15.el5
my /etc/dovecot.conf
===
mail_location = maildir:%h
namespace private {
prefix = INBOX.
inbox = yes
}
mail_debug = yes
maildir_copy_with_hardlinks = yes
auth default {
mechanisms = plain
passdb ldap {
# Path for LDAP configuration file, see doc/dovecot-ldap.conf for
example
args = /etc/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot-ldap.conf
}
}
===
my dovecot-ldap.conf
===
# This file is opened as root, so it should be owned by root and mode
0600.
#
# NOTE: If you're not using authentication binds, you'll need to give
# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There
should
# already be something like this:
# access to attribute=userPassword
#by dn=dovecot's dn read # add this
#by anonymous auth
#by self write
#by * none
# Space separated list of LDAP hosts to use. host:port is allowed too.
hosts =127.0.0.1:389
# LDAP URIs to use. You can use this instead of hosts list. Note that
this
# setting isn't supported by all LDAP libraries.
#uris =
# Distinguished Name - the username used to login to the LDAP server
#dn = dn=cn=Manager,dc=cttechhosting,dc=net
dnpass=secret
# Password for LDAP server
#dnpass =
# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower. Also note that
SASL binds
# and auth_bind=yes don't work together.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech =
# SASL realm to use.
#sasl_realm =
# SASL authorization ID, ie. the dnpass is for this master user, but
the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id =
# Use authentication binding for verifying password's validity. This
works by
# logging into LDAP server using the username and password given by
client.
# The pass_filter is used to find the DN for the user. Note that the
pass_attrs
# is still used, only the password field is ignored in it. Before
doing any
# search, the binding is switched back to the default DN.
auth_bind = yes
# If authentication binding is used, you can save one LDAP request per
login
# if users' DN can be specified with a common template. The template
can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as long
as the
# filename is different in userdb's args). That way one connection is
used only
# for LDAP binds and another connection is used for user lookups.
Otherwise
# the binding is changed to the default DN before each user lookup.
#
# For example:
# auth_bind_userdn = cn=%u,ou=people,o=org
#
auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net
# LDAP protocol version to use. Likely 2 or 3.
#ldap_version = 2
ldap_version=3
# LDAP base. %variables can be used here.
base = ou=accounts,dc=cttechhosting,dc=net
# Dereference: never, searching, finding, always
#deref = never
# Search scope: base, onelevel, subtree
#scope = subtree
# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
# uid - System UID
# gid - System GID
# home - Home directory
# mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs =
mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
# %u - username
# %n - user part in [EMAIL PROTECTED], same as %u if there's no domain
# %d - domain part in [EMAIL PROTECTED], empty if user there's no domain
user_filter = ((objectClass=qmailUser)(uid=%u))
# Password checking attributes:
# user: Virtual user name ([EMAIL PROTECTED]), if you wish to
Re: [Dovecot] dovecot imap hangs
On 11/26/2007, russ ([EMAIL PROTECTED]) wrote: dovecot-1.0-1.2.rc15.el5 This is very old - please upgrade and see if it fixes it... too many fixes between the current version (1.0.7) and 1.0rc15 to even try to mention... -- Best regards, Charles
Re: [Dovecot] dovecot imap hangs
On Mon, 2007-11-26 at 20:12 -0500, russ wrote: It just happened again and Squirrelmail reported: *ERROR: Connection dropped by IMAP server. *I see no errors in /var/log/maillog and I get the same timeout happening in squirrelmail as well as thunderbird. Please help!!! Are you sure errors are logged to /var/log/maillog? See http://wiki.dovecot.org/Logging signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Mailbox is in inconsistent state
On Mon, 2007-11-26 at 15:54 -0700, Dion Hollenbeck wrote: At 11:50 AM 11/26/2007, Timo Sirainen wrote: On 26.11.2007, at 18.50, Dion Hollenbeck wrote: lip=:::192.168.1.101 Nov 26 10:26:47 parrot dovecot: POP3(hollen): UIDVALIDITY changed (1196019076 - 1196097977) in mbox file /var/mail/hollen I think there's a problem with mailbox autodetection. If /var/mail/ hollen file ever gets deleted, Dovecot fallbacks to using ~/mail/ inbox. Set explicitly: mail_location = mbox:~/mail:INBOX=/var/mail/%u That hopefully fixes this. That did not fix it. Thanks anyway. Oh, now I notice you mentioned you use Pine to access the mailbox directly. That explains the error, since it uses the same headers as Dovecot. But I don't know why Pine would change the UIDVALIDITY, since it should be compatible with how Dovecot uses it.. One solution at least would be to make Pine access the mailbox via IMAP instead of doing it directly. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot imap hangs
Yes. I looked all through the log file and saw nothing, which is what makes this so painfully annoying. I guess I have to find a more up to date RPM. Russ Sent from my Verizon Wireless BlackBerry -Original Message- From: Timo Sirainen [EMAIL PROTECTED] Date: Tue, 27 Nov 2007 04:52:48 To:russ [EMAIL PROTECTED] Cc:dovecot@dovecot.org Subject: Re: [Dovecot] dovecot imap hangs On Mon, 2007-11-26 at 20:12 -0500, russ wrote: It just happened again and Squirrelmail reported: *ERROR: Connection dropped by IMAP server. *I see no errors in /var/log/maillog and I get the same timeout happening in squirrelmail as well as thunderbird. Please help!!! Are you sure errors are logged to /var/log/maillog? See http://wiki.dovecot.org/Logging
Re: [Dovecot] quota rewrite patch
On Mon, 2007-11-12 at 12:04 +0100, Paweł Panek wrote: #0 0xac4d006a in quota_mailbox_transaction_commit (ctx=0x80f3978, flags=0) at quota-storage.c:75 75 if (qt-tmp_mail != NULL) (gdb) bt full I uploaded http://dovecot.org/patches/1.0/quota-rewrite-1.0.8.diff which fixes this. I'm not sure if it applies to 1.0.7, but I'll release Dovecot v1.0.8 soon anyway.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot imap hangs
Charles Marcus wrote: On 11/26/2007, russ ([EMAIL PROTECTED]) wrote: dovecot-1.0-1.2.rc15.el5 This is very old - please upgrade and see if it fixes it... too many fixes between the current version (1.0.7) and 1.0rc15 to even try to mention... I just upgraded to the 1.0.7 rpm from http://atrpms.net/dist/el5/dovecot/ - will see if this helps. Thanks, Russ
Re: [Dovecot] telnet virtual users
jan gestre wrote: -ERR Authentication failed. I've also telnet it using imap to no avail. Is there another way to do this? Well, my first guess would be you haven't enabled plain text passwords on unencrypted links. By default, Dovecot doesn't allow plain text passwords without SSL. Either change the config, or try the s_client command from openssl. -- Curtis Maloney [EMAIL PROTECTED]
Re: [Dovecot] Using global und per-user sieve scripts at the same time
Nikolay Shopik schrieb:
On 26.11.2007 18:57, Matthias Kellermann wrote:
Nikolay Shopik schrieb:
You forgot to insert this one, where users sieve files stored.
plugin {
sieve = /var/mail/store/%u/sieve
}
Thanks for your answer Nikolay. But I think this won't do the trick.
This setting will override the global setting as well. At the moment I'm
using the default location for the sieve scripts in the user's home dir.
Matthias
Very strange but in my case global rules still works even if user have
their own sieve rules. So spam still moved to junk folder ;).
Hmm, so you have an entry like this in your LDA section:
global_script_path = /usr/local/etc/sieve/spam
Where spam is the file with the global sieve rules. Then you have the
following entry in the plugin section:
sieve = /var/mail/store/%u/sieve
Where sieve ist the per-user sieve file, right? Is /var/mail/store the
same location where you save the user's email?
Matthias
