2.3.7 + stats
Is there any additional documentation/information around the new stats
module.
Have added some metrics just to see what they produce
##
## Metrics
###
metric imap {
event_name = imap_command_finished
#source_location = example.c:123
#categories =
fields = name args running_usecs bytes_in bytes_out
#filter {
# field_key = wildcard
#}
}
metric sql {
event_name = sql_query_finished
}
metric auth {
event_name = auth_request_finished
fields = user transport error successful
}
and get the following
[root@stargate dovecot]# doveadm stats dump
metric_name field count sum min max avg median
stddev %95
imap duration 370 2007904499 130 62955249 5426768.92
2068 16436817.37 60026465
imap name 370 0 0 0 0.00 0 0.00 0
imap args 0 0 0 0 0.00 0 0.00 0
imap running_usecs 370 2007865330 81 62955127
5426663.05 1991 16436816.76 60026329
imap bytes_in 370 5366 2 173 14.50 8 19.04 35
imap bytes_out 370 2119971 0 941517 5729.65 41
53760.89 2082
sql duration 18 28991 991 2305 1610.61 1660
377.36 2305
auth duration 12 26046980 8146 7079879 2170581.67
847730 2457811.23 7079879
auth user 12 0 0 0 0.00 0 0.00 0
auth transport 12 0 0 0 0.00 0 0.00 0
auth error 0 0 0 0 0.00 0 0.00 0
auth successful 0 0 0 0 0.00 0 0.00 0
the main wiki page on stats/events doesnt really hold much detail whats
stores for each event the above fields dont make much sense
and top no longer works out of the box
[root@stargate dovecot]# doveadm stats top
usage: doveadm [-Dv] [-f ] stats []
dump [-s ] [-r] [-f ]
has is been removed ? do you need to specify something additional now ???
rgds
Matt
Re: doveadm / vsize
On 12/08/2019 05:23, Aki Tuomi via dovecot wrote:
On 11/08/2019 22:39 Paul Macdonald via dovecot
wrote:
Hi,
i want to keep track of user mailbox size,
I'm using
doveadm mailbox status -u vsize INBOX
for a given mailbox this is under reporting ( by a lot)
is this recursive? what shoud i be using to get an accurate disk usage metric?
thanks
Paul.
something like this maybe?
###
mail_plugins = $mail_plugins quota
plugin {
quota = count
quota_vsizes = yes
}
###
doveadm quota get -u victim
---
Aki Tuomi
perfect, thanks
Paul
--
-
Paul Macdonald
IFDNRG Ltd
Web and video hosting
-
t: 0131 5548070
m: 07970339546
e: p...@ifdnrg.com
w: http://www.ifdnrg.com
-
IFDNRG
40 Maritime Street
Edinburgh
EH6 6SA
Virtual Servers from £50.00pm
High specification Dedicated Servers from £150.00pm
Re: SASL: encoded packet size too big
I see nothing suspicious in FreeIPA slapd logs because connection drops before SASL negotiation completion. Network analysis shows client sending RST after receiving `bindResponse(7) saslBindInProgress`. On 8/15/19 3:07 PM, Aki Tuomi via dovecot wrote: > I suspect the problem is that dovecot tries to report LDAP error over GSSAPI. > So the best fix is to make sure your LDAP server does not return error. =) > > Aki > > On 15.8.2019 14.56, Eugene Bright wrote: >> That's right. >> GSS-API is not used anywhere else. >> Do you like to inspect my full configuration? >> I can dump connection session and send pcap file here. >> >> On August 15, 2019 7:27:20 AM GMT+03:00, Aki Tuomi >> wrote: >> >> On 15/08/2019 00:34 Eugene via dovecot wrote: >> The next combination of parameters makes 100% LDAP connections unsuccessful >> (the log snippet form the previous mail). sasl_bind = yes sasl_mech = gssapi >> tls = yes Looks like this combination is utterly incorrect and should be >> prohibited (tls must not be used when mech is gssapi). >> https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIBWYVZIEVYXO3KYAI/ >> With `tls = no` errors `encoded packet size too big` becomes sporadic, but >> still heart auth orepations performance. May be there are two different >> problems. >> >> >> Does the "encoded packet size too big" coincide with LDAP server >> connection failure? >> >> Aki >> >> Has someone encountered this problem before? How can I help to >> facilitate the issue debugging? [I] net-mail/dovecot Installed versions: >> 2.3.7.1(01:58:12 08/14/19)(bzip2 caps ipv6 kerberos ldap libressl lua lz4 >> lzma pam postgres sieve sqlite tcpd zlib -argon2 -doc -lucene -managesieve >> -mysql -selinux -solr -static-libs -suid -textcat -vpopmail) On 8/15/19 >> 12:01 AM, Eugene wrote: >> >> Hello! Dovecot uses it's own SASL implementation, doesn't it? >> Aug 14 23:45:23 example.com auth[10428]: GSSAPI client step 1 Aug 14 >> 23:45:23 example.com auth[10428]: encoded packet size too big (813804546 > >> 65536) Aug 14 23:45:23 example.com dovecot[10085]: auth-worker(10428): >> Error: LDAP: Can't connect to server: ldap://ipa2.example.com Aug 14 >> 23:45:23 example.com dovecot[10085]: auth: Error: auth worker: Aborted USER >> request for eugene: Lookup timed out Aug 14 23:45:23 example.com >> dovecot[10085]: imap: Error: auth-master: login: request [3847225345]: Login >> auth request failed: Internal auth failure (auth connected 6 msecs ago, >> request took 6 msecs, client-pid=10362 client-id=1) Looks like >> cyrus-sasl encountered same problem earlier. >> https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003001.html I >> never have such an issue with ldapsearch. So, I assume there is a similar >> problem in Dovecot SASL implementation. >> >> -- Eugene Bright IT engineer Tel: + 79257289622 >> >> -- >> Eugene Bright >> IT-engineer >> Tel.: +7 925 728 96 22 > -- Eugene Bright IT engineer Tel: + 79257289622 signature.asc Description: OpenPGP digital signature
Re: SASL: encoded packet size too big
I suspect the problem is that dovecot tries to report LDAP error over GSSAPI. So the best fix is to make sure your LDAP server does not return error. =) Aki On 15.8.2019 14.56, Eugene Bright wrote: > That's right. > GSS-API is not used anywhere else. > Do you like to inspect my full configuration? > I can dump connection session and send pcap file here. > > On August 15, 2019 7:27:20 AM GMT+03:00, Aki Tuomi > wrote: > > On 15/08/2019 00:34 Eugene via dovecot > wrote: The next combination of parameters makes 100% LDAP > connections unsuccessful (the log snippet form the previous > mail). sasl_bind = yes sasl_mech = gssapi tls = yes Looks like > this combination is utterly incorrect and should be prohibited > (tls must not be used when mech is gssapi). > > https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIBWYVZIEVYXO3KYAI/ > With `tls = no` errors `encoded packet size too big` becomes > sporadic, but still heart auth orepations performance. May be > there are two different problems. > > > Does the "encoded packet size too big" coincide with LDAP server > connection failure? > > Aki > > Has someone encountered this problem before? How can I help to > facilitate the issue debugging? [I] net-mail/dovecot Installed > versions: 2.3.7.1(01:58:12 08/14/19)(bzip2 caps ipv6 kerberos > ldap libressl lua lz4 lzma pam postgres sieve sqlite tcpd zlib > -argon2 -doc -lucene -managesieve -mysql -selinux -solr > -static-libs -suid -textcat -vpopmail) On 8/15/19 12:01 AM, > Eugene wrote: > > Hello! Dovecot uses it's own SASL implementation, doesn't > it? Aug 14 23:45:23 example.com auth[10428]: GSSAPI client > step 1 Aug 14 23:45:23 example.com auth[10428]: encoded > packet size too big (813804546 > 65536) Aug 14 23:45:23 > example.com dovecot[10085]: auth-worker(10428): Error: > LDAP: Can't connect to server: ldap://ipa2.example.com Aug > 14 23:45:23 example.com dovecot[10085]: auth: Error: auth > worker: Aborted USER request for eugene: Lookup timed out > Aug 14 23:45:23 example.com dovecot[10085]: imap: Error: > auth-master: login: request [3847225345]: Login auth > request failed: Internal auth failure (auth connected > 6 msecs ago, request took 6 msecs, > client-pid=10362 client-id=1) Looks like cyrus-sasl > encountered same problem earlier. > > https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003001.html > I never have such an issue with ldapsearch. So, I assume > there is a similar problem in Dovecot SASL implementation. > > -- Eugene Bright IT engineer Tel: + 79257289622 > > > Eugene Bright > IT-engineer > Tel.: +7 925 728 96 22
Re: SASL: encoded packet size too big
That's right. GSS-API is not used anywhere else. Do you like to inspect my full configuration? I can dump connection session and send pcap file here. On August 15, 2019 7:27:20 AM GMT+03:00, Aki Tuomi wrote: >> On 15/08/2019 00:34 Eugene via dovecot wrote: >> >> >> The next combination of parameters makes 100% LDAP connections >unsuccessful (the log snippet form the previous mail). >> sasl_bind = yes >> sasl_mech = gssapi >> tls = yes >> >> Looks like this combination is utterly incorrect and should be >prohibited (tls must not be used when mech is gssapi). >> >https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/message/G7S2TOFDCM62ZUHIBWYVZIEVYXO3KYAI/ >> >> With `tls = no` errors `encoded packet size too big` becomes >sporadic, but still heart auth orepations performance. >> May be there are two different problems. >> > >Does the "encoded packet size too big" coincide with LDAP server >connection failure? > >Aki > >> Has someone encountered this problem before? >> How can I help to facilitate the issue debugging? >> >> [I] net-mail/dovecot >> Installed versions: 2.3.7.1(01:58:12 08/14/19)(bzip2 caps ipv6 >kerberos ldap libressl lua lz4 lzma pam postgres sieve sqlite tcpd zlib >-argon2 -doc -lucene -managesieve -mysql -selinux -solr -static-libs >-suid -textcat -vpopmail) >> >> On 8/15/19 12:01 AM, Eugene wrote: >> > Hello! >> > >> > Dovecot uses it's own SASL implementation, doesn't it? >> > >> >Aug 14 23:45:23 example.com auth[10428]: GSSAPI client step 1 >> >Aug 14 23:45:23 example.com auth[10428]: encoded packet size too >big (813804546 > 65536) >> >Aug 14 23:45:23 example.com dovecot[10085]: auth-worker(10428): >Error: LDAP: Can't connect to server: ldap://ipa2.example.com >> >Aug 14 23:45:23 example.com dovecot[10085]: auth: Error: auth >worker: Aborted USER request for eugene: Lookup timed out >> >Aug 14 23:45:23 example.com dovecot[10085]: imap: Error: >auth-master: login: request [3847225345]: Login auth request failed: >Internal auth failure (auth connected 6 msecs ago, request took >6 msecs, client-pid=10362 client-id=1) >> > >> > Looks like cyrus-sasl encountered same problem earlier. >> > >https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003001.html >> > >> > I never have such an issue with ldapsearch. So, I assume there is a >similar problem in Dovecot SASL implementation. >> > >> >> -- >> Eugene Bright >> IT engineer >> Tel: + 79257289622 --- Eugene Bright IT-engineer Tel.: +7 925 728 96 22
Re: Dovecot - Microsoft Azure AD
Hi! Dovecot supports Lua userdb, which can be used to implement custom user databases, maybe this might work for you? See https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication for more details. Aki > On 15/08/2019 12:16 Lennart Boettcher > wrote: > > > Hello, > > Thank you for the quick reply. > > > > > > I have expressed myself wrongly. Our idea was to use the Azure-AD as userdb > by doing the user lookup with the help of Microsoft's Graph API. OAuth2 would > then of course only be the authorization procedure to access the user > accounts using the Graph API. > > > > > > One would then implement a graph-userdb and no oauth-userdb. OAuth is, as you > correctly mentioned, only an authorization mechanism. > > > > > > Here is a link to the GraphAPI: > https://docs.microsoft.com/de-de/graph/api/overview?view=graph-rest-1.0 > > > And here is another link to the Graph Explorer, with which you can see how > the GraphAPI works: https://developer.microsoft.com/en-us/graph/graph-explorer > > > > > We already use this procedure for the passdb lookup and it works very well. > > > > > Greetings > > Lennart Boettcher > > > > > -- > > From: Aki Tuomi > Sent: 14 August 2019 14:57 > To: Lennart Boettcher ; Lennart > Boettcher via dovecot > Subject: Re: Dovecot - Microsoft Azure AD > > > > On 14/08/2019 15:36 Lennart Boettcher via dovecot > wrote: > > > > > > > > Hello, > > > > I am currently trying to connect my Dovecot mail server to Microsoft's > Azure-AD and use it as password and user database. I am using version 2.3.7.1. > > > > > > > > > > > > Using the Azure-AD as passdb already works. In this context I noticed that > the scope implementation is not yet merged. > > > > > > > > > > > > Since I haven't found any hints for an OAuth2 userdb implementation yet, I > wanted to ask if there are any plans for an implementation. > > > > > > > > > > Greetings > > > > Lennart Boettcher > > > > > > > > > > Dovecot 2.3 supports oauth2. I don't know how "oauth2 user database" would > work, since oauth2 is an authentication mechanism. I suggest you use LDAP or > static userdb, or set mail_* settings for user settings. > > Aki >
