[Dovecot] expire plugin - setgid failed
Hello all, I'm trying to get the expire plugin working, but still having issues even with 1.1RC5. If I run the expire tool I get the following error: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted Same thing with --test: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool --test Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted gid 100 = users, uid 2005 = helmut The user mail box has the following permissions: [EMAIL PROTECTED]:/home/helmut# ll -n drwx-- 22 2005 100 4.0k May 17 13:14 mail Any help is appreciated. Thanks, Helmut server:~# dovecot -n # 1.1.rc5: /etc/dovecot.conf log_path: /var/log/mail/dovecot.log info_log_path: /var/log/mail/dovecot.log ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_process_size: 16 max_mail_processes: 16 mail_location: maildir:%h/mail umask: 7 mail_plugins: quota imap_quota mail_log expire namespace: type: public separator: / prefix: Public/ location: maildir:/home/public/mail:CONTROL=%h/mail/control/public:INDEX=%h/mail/index/public list: yes subscriptions: yes namespace: type: private separator: / inbox: yes list: yes subscriptions: yes auth default: verbose: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: dovecot group: mail master: path: /var/run/dovecot/auth-master mode: 384 plugin: quota: maildir quota_rule: *:storage=1GB quota_rule2: Trash:storage=10%% expire: Trash 1 expire_dict: proxy::expire dict: expire: db:/var/lib/dovecot/expire.db
Re: [Dovecot] Development news
On Sun, 2008-03-16 at 20:29 +0200, Timo Sirainen wrote: First a list of all the new features and their state: 1. http://hg.dovecot.org/dovecot-threadindexes/ THREAD=REFERENCES indexes. Missing NFS flushes, support for mmap_disable=yes, breaks when more than one session modifies at the same time. Not tested much if the replies are really correct at all. Also started THREAD=X-REFERENCES2 but it doesn't work as expected. I've been fixing this recently. It seems to be finally working, but it could still use some optimizations and it seems the thread tree is rebuilt unnecessarily sometimes. Also stress testing sometimes gives next_iter loops error which I haven't tried to track down yet. THREAD X-REFERENCES2 works now. The code is also now in a state that adding SEARCH INTHREAD support shouldn't be too difficult. 2. http://hg.dovecot.org/dovecot-virtualboxes/ Virtual mailboxes. Nothing changed since http://dovecot.org/list/dovecot/2008-March/029546.html Nothing changed, but I just started thinking that the incremental change tracking probably belongs to lib-storage code. Then it would be quite easy to add support for SEARCH=CONTEXT (http://tools.ietf.org/html/draft-cridland-imap-context-05). Now if I could only get v1.1.0 out I could start merging these different branches to v1.2 tree. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] imap-login processes
On Fri, 2008-05-16 at 14:47 -0400, Bryan Polk wrote: It would help to know what these extra processes are doing. Unfortunately there's no simple way to do that.. Maybe writing a script that trusses the processes for a few seconds and then seeing what it shows? To truss each imap-login I would need to write the script to execute truss imap-login and put that in place of imap-login in the config file? That would probably work too, but I was thinking about getting a few second snapshot using truss -p. So something like (untested): for pid in `ps -ef|grep imap$|awk '{print $2}'`; do truss -o log.$pid -p $pid done sleep 5 killall truss signature.asc Description: This is a digitally signed message part
[Dovecot] problem about mbox with quota
Hi, all. Does mbox format support quota? I got this error in log file: dovecot: May 18 02:10:36 Error: POP3([EMAIL PROTECTED]): Unknown quota backend: storage=10240 How can i solved it? Thanks very much. :) My dovecot configuration: # /etc/dovecot.conf log_path: /var/log/dovecot.log protocols: pop3 pop3s imap imaps ssl_cert_file: /etc/pki/dovecot/certs/dovecotCert.pem ssl_key_file: /etc/pki/dovecot/private/dovecotKey.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: mbox:/%Lh/%Ld/%Ln:INBOX=/%Lh/%Ld/%Ln mbox_write_locks: dotlock fcntl mbox_min_index_size: 10240 mbox_very_dirty_syncs: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login user: vmail passdb: driver: sql args: /etc/dovecot-mysql.conf userdb: driver: sql args: /etc/dovecot-mysql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail # /etc/dovecot-mysql.conf driver = mysql default_pass_scheme = CRYPT connect = host=127.0.0.1 dbname=vmail user=vmail [EMAIL PROTECTED]11769*16758)17720 password_query = SELECT password FROM mailbox WHERE username='%u' AND active='1' user_query = SELECT 2000 AS uid, 2000 AS gid, /home/vmail AS home, maildir, CONCAT('storage=',quota) AS quota FROM mailbox WHERE username='%u' AND active='1' -- Best Regards. Zhang Huangbin - OpenBSD 4.2 -release, i386. - RHEL 5.1 Client
[Dovecot] Security Hole in 1.0.13?
I'm running 1.0.13 If I run dovecot for a while, I see a /var/run/dotvecot folder created with the following: drwxr-xr-x 3 rootroot4096 2008-05-18 13:30 dotvecot drwxr-xr-x 3 root root4096 2008-05-18 13:47 . drwxr-xr-x 18 root root4096 2008-05-18 13:47 .. srw--- 1 root root 0 2008-05-18 13:47 auth-worker.15138 srwxrwxrwx 1 root root 0 2008-05-18 13:47 dict-server drwxr-x--- 2 root dovecot 4096 2008-05-18 13:47 login -rw--- 1 root root 6 2008-05-18 13:47 master.pid It appears to be created by imap-login I've tried removing any dovecot remnants and reinstalling from the 1.0.13 tar.gz from the site. After starting dovecot again after a few minutes the files appear. The processes are running something on 6243 and 6244 (Presumably an exploit / login) I have iptables setup to only allow existing ports in/out so I think thats saved me so far. I've switched to courier-imap in the interim. Anyone want to assist in finding out how they are getting in? Definitely dovecot related. If I don't run dovecot, seems secure. As soon as I run dovecot, after a few minutes - rooted... dovecot.conf cat /etc/dovecot/dovecot.conf base_dir = /var/run/dotvecot protocols = imap imaps listen = * disable_plaintext_auth = no shutdown_clients = yes syslog_facility = local7 #-- Ensure this is set up in syslog conf ssl_disable = no login_max_processes_count = 128 login_max_connections = 256 login_greeting = K-Tex IMAP Server # -- CUSTOMISE FORYOUR SITE login_process_size = 64 login_process_per_connection = yes login_processes_count = 16 ssl_cert_file = /var/qmail/control/servercert.pem # /usr/local/etc/ssl/ italy1-cert.pem ssl_key_file =/var/qmail/control/clientcert.pem # /usr/local/etc/ssl/ italy1.pem first_valid_uid = 89 first_valid_gid = 89 protocol imap { listen = *:143 ssl_listen = *:993 #mail_plugins = quota imap_quota #login_greeting_capability = no mail_plugin_dir = /usr/local/lib/dovecot/imap imap_client_workarounds = outlook-idle } auth_process_size = 512 auth_cache_size = 512 auth_cache_ttl = 3600 auth default { mechanisms = plain # vpopmail authentication passdb vpopmail { #args = } # vpopmail userdb vpopmail { } user = root } dict { #quota = mysql:/etc/dovecot-dict-quota.conf } plugin { quota = maildir } namespace private { prefix = INBOX. inbox = yes }