[Dovecot] Dsync: Mailbox changes caused a desync.

[Aleksey Tsvetkov]

Hi!

Here such synchronization error:

dovecot: dsync-local(a...@aaa.com): Warning: Mailbox changes caused a desync. 
You may want to run dsync again.
dovecot: dsync-remote(a...@aaa.com): Warning: 
/var/mail/virtual/aaa.com/alex/.INBOX.System/dovecot-uidlist: Duplicate file 
entry at line 2298: 1380157263.M585262P25253.mail1.aaa.com,S=2476,W=2553 (uid 
3645 - 3662)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3650, 
file=1380157264.M261919P17392.mail2.aaa.com,S=2476,W=2553)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3651, 
file=1380157263.M586977P17315.mail2.aaa.com,S=3119,W=3175)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3652, 
file=1380157264.M261920P17392.mail2.aaa.com,S=2476,W=2553)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3653, 
file=1380157264.M261921P17392.mail2.aaa.com,S=3119,W=3175)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3654, 
file=1380157263.M819006P25260.mail2.aaa.com,S=2476,W=2553:2,)
dovecot: dsync-remote(a...@aaa.com): Warning: Maildir 
/var/mail/virtual/aaa.com/alex/.INBOX.System: Expunged message reappeared, 
giving a new UID (old uid=3655, 
file=1380157264.M261922P17392.mail2.aaa.com,S=3119,W=3175:2,)

As a result, synchronization was, but there were duplicate emails. After this 
synchronization is working fine, no more errors.

dovecot --version
2.2.5

dovecot --build-options
Build options: ioloop=kqueue notify=kqueue ipv6 openssl io_block_size=8192
Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail
SQL drivers: mysql
Passdb: checkpassword pam passwd passwd-file sql
Userdb: checkpassword nss passwd prefetch passwd-file sql

Thanks!

--
Best regards,
Aleksey Tsvetkov
System Administrator
Company Grand Vision
tel. +7(495)933-39-79, ext. 184

[Dovecot] Conditional jump or move depends on uninitialised value(s)

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Hi Timo,

Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on make check with the
following errors.
make install is finishing just fine and Dovecot itself works
flawlessly so far.

- - 8 -
http header invalid [0]: parse failure ... :
ok: Expected ':' after header field name 'Server', but found ' '
http header invalid [0] .. : ok
http header invalid [1]: parse failure ... :
ok: Expected ':' after header field name 'X', but found ' '
http header invalid [1] .. : ok
http header invalid [2]: parse failure ... :
ok: Expected LF after CR at end of header, but found 'A'
http header invalid [2] .. : ok
http header invalid [3]: parse failure ... :
ok: Expected line end after header field 'Accept', but found 0x7f
http header invalid [3] .. : ok
http header invalid [4]: parse failure ... :
ok: Expected ':' after header field name 'Suhosin-Patch', but found ' '
http header invalid [4] .. : ok
http header invalid [5]: parse failure ... :
ok: Excessive header size
http header invalid [5] .. : ok
http header invalid [6]: parse failure ... :
ok: Excessive header field size
http header invalid [6] .. : ok
http header invalid [7]: parse failure ... :
ok: Excessive number of header fields
http header invalid [7] .. : ok
0 / 66 tests failed
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F987: http_header_parse_next_field
(http-header-parser.c:294)
==15579==by 0x804F361: test_http_header_parse_valid
(test-http-header-parser.c:181)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F98D: http_header_parse_next_field
(http-header-parser.c:294)
==15579==by 0x804F361: test_http_header_parse_valid
(test-http-header-parser.c:181)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F9B0: http_header_parse_next_field
(http-header-parser.c:296)
==15579==by 0x804F361: test_http_header_parse_valid
(test-http-header-parser.c:181)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804FC92: http_header_parse_next_field
(http-header-parser.c:320)
==15579==by 0x804F361: test_http_header_parse_valid
(test-http-header-parser.c:181)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F9B2: http_header_parse_next_field
(http-header-parser.c:296)
==15579==by 0x804F361: test_http_header_parse_valid
(test-http-header-parser.c:181)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F987: http_header_parse_next_field
(http-header-parser.c:294)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F98D: http_header_parse_next_field
(http-header-parser.c:294)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F9B0: 

[Dovecot] Grant access for Unix-User _and_ virtual Users

[marco]

Hi group,

I have installed a postfix as an MTA and configured two main domains 
as well as two virtual mailbox domains. Normal unix users have their 
maildir in their homes (/home/%u) and the virtual mailboxes are located 
in /var/mail/vhosts. It works well, I only have a problem configuring 
dovecot.
I wondered if it's possible to configure it in a way that both, unix 
users and virtual users, can access their mailboxes. I found some 
tutorials but they either give access to the normal unix users or to 
virtual users who are defined in a text file.


Here some system infos:
- Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23)
- Dovecot Version: 2.0.19

Hope you understand my problem.

Cheers, Marco

PS: It's the very first time I use a mailing list, so I hope you can 
forgive me possible beginner's mistakes.

[Dovecot] Lot of connections IMAP

[Davide]

Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of 
connections IMAP for single user liker the example below


x.yyy...@mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655 
19138 20661 20471) (192.168.x.xxx)


Why so many IMAP?

--
*Davide Marchi*
*T*eorema *F*errara *Srl*
Via Spronello, 7 - Ferrara - 44121
Tel. *0532783161* Fax. *0532783368*
E-m@il: *davide.mar...@mail.cgilfe.it*
Skype: *davide.marchi73*
Web: *http://www.cgilfe.it*

*CONFIDENZIALITA'*
*Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute 
in questo messaggio sono riservate ed a uso esclusivo del 
destinatario/dei destinatari. Qualora il messaggio in parola Le fosse 
pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non 
inoltrarlo a terzi, dandocene gentilmente comunicazione.*


*Per favore, pensa all'ambiente. Stampa questa email solo se necessario.*

Re: [Dovecot] Lot of connections IMAP

[voytek]

On Thu, September 26, 2013 5:41 pm, Davide wrote:
 Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of
 connections IMAP for single user liker the example below

 x.yyy...@mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655
 19138 20661 20471) (192.168.x.xxx)


 Why so many IMAP?

I think(?), it's that IMAP mail clients keep connections to each IMAP
folder they access...

Re: [Dovecot] Grant access for Unix-User _and_ virtual Users

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 26 Sep 2013, marco wrote:

I have installed a postfix as an MTA and configured two main domains as 
well as two virtual mailbox domains. Normal unix users have their maildir in 
their homes (/home/%u) and the virtual mailboxes are located in 
/var/mail/vhosts. It works well, I only have a problem configuring dovecot.
I wondered if it's possible to configure it in a way that both, unix users 
and virtual users, can access their mailboxes. I found some tutorials but 
they either give access to the normal unix users or to virtual users who 
are defined in a text file.


Here some system infos:
- Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23)
- Dovecot Version: 2.0.19


In Dovecot you configure one or more password databases and one or more 
user databases.


s. http://wiki2.dovecot.org/Authentication/MultipleDatabases

that covers system user + virtual users.

The order of the database definition is important, because the first 
database an user is defined in wins. And there is no connection between 
passdb and userdb, that means if an user authentificated agains the passwd 
password database successfully, his/her user data are not necessarily read 
from the passwd user database, if there is another userdb before, which 
contains the data of that user.


Be sure to return a proper home directory for the virtual users. You can 
do so in various ways, eg by returning the directory individually per user 
and by defaults, see http://wiki2.dovecot.org/UserDatabase
Or you can use the static userdb for virtual users and passwd userdb 
for system users, but place userdb passwd { } before userdb static { }.


Actually, Dovecot allows many ways to achieve your goal, so I would take 
an example for system users and add the virtual users to it. Later, when 
you know more about Dovecot, you can make the config more efficient.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUkPxhF3r2wJMiz2NAQLkLQgAjZr00JXzbmoCx/RXyTB7r/UG92DV4ucV
OnI/SSvBwlbFeIGayvt/9hrmNN8j5aep46CfKQxNZoXPrp1Y7SHgczZ6IFoAV8wN
pIy8KkDG0+OhqG78hUbR7qEZO6SG32XCyP4F4KNa7+L13y1kP/MIaNI6AziHQgYE
7ML5VcvTA/0dDBjskOJQhxJf9385vT1hT7d9yMk/vbF76zMLh3FuGdrIxMrRlmTr
r2/xLr3A9hDNUx3seq9EevAbxz933KyVbdeFuLH6SLN+AkEGCyhv0WlfxoSQaHe8
grL6M/tPFkYAe6yIRFW3ixLUDshflgFfZhoQLxk4D6L+sjO4A6EPRw==
=AtBE
-END PGP SIGNATURE-

Re: [Dovecot] Dovecot extremely slow!

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 25 Sep 2013, Patricio Rojo wrote:

I can click on an email and wait for a minute or more before receiving a 
connection dropped or no error at all.  I use many clients (thunderbird, 
windows 8 mail, maildroid for android, squirrelmail) and they all have 
similar behavior.  It happens both in the inbox and on imap subfolders. 
Sometimes it helps changing subfolders back and forth.


I have many imap folders organized in up to 3 levels of subfolders and use 
postfix for delivery.


What about I/O load on the server? Something in kernel log? Do you use 
FTS? Do you get many messages at once?


Then, as Lukreme and Bob already said, provide doveconf -n and check out 
Dovecot logs, for Error and Warning.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUkP1Ol3r2wJMiz2NAQJ+ewf/ZcGWyYnAx50iZZ8/jkO9c9BU5WmRmMA3
AaBx8fM8IrSXnWtCUY+WcaIvn2wl9MnCFQn2Onigqv52wwdUXppuBKBqKlPKRl0b
MF8MkqUh1hrM8gIqBNHNiMWhGJXKcMRF5+fk2JtgFtDzew5x2bvsd+g1WlAf5cPo
8W5gsEP8wfpYxNgsnMW4yzokJdoXUa9laqUKgOqArtXVsbRE/sJ5Kh8c71tj+YY3
J4G5aenCxunjjs6caJbKN4YuvLptI2vSw2WhAc2c5WnVtXvRsTARsAlsQAJo+kLU
+aDTbaW1ChldCHzUkRSBEEH5cU8ij3yD2p0TRaYMdakeNxaf8MdYfw==
=zrAV
-END PGP SIGNATURE-

Re: [Dovecot] Grant access for Unix-User _and_ virtual Users

[marco]

Hi,


In Dovecot you configure one or more password databases and one or
more user databases.

s. http://wiki2.dovecot.org/Authentication/MultipleDatabases

that covers system user + virtual users.


Thank you very much. That is exactly that I searched for.


Or you can use the static userdb for virtual users and passwd
userdb for system users, but place userdb passwd { } before userdb
static { }.


I think the static version is comfortable for me. Thanks again for your 
advice.



Later, when you know more about Dovecot, you can make the config more
efficient.


I hope so. This whole mailserver issue is very interesting but also 
difficult for beginners.


Cheers, Marco

Re: [Dovecot] Dovecot extremely slow!

[Stan Hoeppner]

On 9/25/2013 5:05 PM, Patricio Rojo wrote:
 Please help,
 
 Dovecot is running extremely slow for the last couple of weeks and it
 seems to be getting worse (or my patience running short).

Progressive degradation of mail server performance, whether an IMAP
mailbox server, or an MTA, is almost always caused by the storage
subsystem, usually due to filesystem free space fragmentation.

If you have a parity RAID array, have lost a disk and are running in
degraded mode, this can also cause large IO latency, slowing Dovecot.

Another common cause is heavy swap usage.  If you have a runaway process
or one with a memory leak, this will eat up physical RAM, causing heavy
swap usage.  If swap resides on the same spindles as your mailboxes,
this will degrade Dovecot performance.

If your box is hosted at a colo facility, or is in fact a VPS, it's
always possible a network problem or a clogged shared segment at the
provider is causing packet loss, which can also cause the client delay
behavior you have described.  If this server resides behind consumer
ADSL there could be a problem with your DSL provider's network.

In other words, if you didn't change the Dovecot configuration on the
day the performance first dropped, or very shortly before, then the
performance problem has nothing to do with Dovecot.  And this is almost
always the case with performance degradation.  The source of the problem
lie outside Dovecot, again, usually in the storage stack.  Start your
troubleshooting there.

-- 
Stan

Re: [Dovecot] Lot of connections IMAP

[Arnaud Abélard]

On 09/26/2013 09:47 AM, voy...@sbt.net.au wrote:

On Thu, September 26, 2013 5:41 pm, Davide wrote:

Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of
connections IMAP for single user liker the example below

x.yyy...@mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655
19138 20661 20471) (192.168.x.xxx)


Why so many IMAP?


I think(?), it's that IMAP mail clients keep connections to each IMAP
folder they access...





Exactly and even 9 imap processes for one user isn't that bad. If most 
of our users use around 5 processess it's not exceptionnel to have have 
20 processes for one user. We have users who check their mail on their 
smartphones and on their desktop, some of those have around 80 imap 
process just for them...


Arnaud



--
Arnaud Abélard (jabber: arnaud.abel...@univ-nantes.fr)
Administrateur Système - Responsable Services Web
Direction des Systèmes d'Informations
Université de Nantes
-
ne pas utiliser: trapem...@univ-nantes.fr

Re: [Dovecot] Lot of connections IMAP

[Davide]

Many thanks for explanation; do you have implemented high security mode 
or high performance mode with loginprocess



Il 26/09/2013 11:33, Arnaud Abélard ha scritto:

On 09/26/2013 09:47 AM, voy...@sbt.net.au wrote:

On Thu, September 26, 2013 5:41 pm, Davide wrote:

Hi to all, i have dovecot 2.2.5 when i digit doveadm who i see a lot of
connections IMAP for single user liker the example below

x.yyy...@mail.cgilfe.it 9 imap (20572 20614 19120 20653 19136 20655
19138 20661 20471) (192.168.x.xxx)


Why so many IMAP?


I think(?), it's that IMAP mail clients keep connections to each IMAP
folder they access...





Exactly and even 9 imap processes for one user isn't that bad. If most 
of our users use around 5 processess it's not exceptionnel to have 
have 20 processes for one user. We have users who check their mail on 
their smartphones and on their desktop, some of those have around 80 
imap process just for them...


Arnaud

Re: [Dovecot] v2.2.6 released

[Odhiambo Washington]

While compiling on FreeBSD 9.1-STABLE and 8.4-STABLE I saw the below though
compile was successful and dovecot is running!


(15:25:20 ~/Tools/Dovecot/2.2/dovecot-2.2.6) 0 $ ../build-2.2.sh
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
/usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing: Unknown
`--is-lightweight' option
Try `/usr/home/wash/Tools/Dovecot/2.2/dovecot-2.2.6/missing --help' for
more information
configure: WARNING: 'missing' script is too old or missing




On 25 September 2013 10:10, Timo Sirainen t...@iki.fi wrote:

 http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz
 http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig

 I didn't have time to look into the latest reported dsync replication
 bugs, but this release should have been done a long time ago already and
 I'm busy for next few days, so no more waiting. Things seem to be working
 quite well in general though.

 * acl: If public/shared namespace has a shared subscriptions file
 for
   all users, don't list subscription entries that are not visible
 to
   the user accessing it.

 + doveadm: Added auth lookup command for doing passdb lookup.
 + login_log_format_elements: Added %{orig_user}, %{orig_username}
   and %{orig_domain} expanding to the username exactly as sent by
   the client (before any changes auth process made).
 + Added ssl_prefer_server_ciphers setting.
 + auth_verbose_passwords: Log the password also for unknown users.
 + Linux: Added optional support for SO_REUSEPORT with
   inet_listener { reuse_port=yes }
 - director: v2.2.5 changes caused SYNC lost errors
 - dsync: Many fixes and error handling improvements
 - doveadm -A: Don't waste CPU by doing a separate config lookup
   for each user
 - Long-running ssl-params process no longer prevents Dovecot
 restart
 - mbox: Fixed mailbox_list_index=yes to work correctly




-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
I can't hear you -- I'm using the scrambler.

Re: [Dovecot] login_log_format_elements does not appear to be changing log format 2.2.5

[Chris Lasater]

On 09/21/2013 08:48 PM, Timo Sirainen wrote:

On 4.9.2013, at 21.29, Chris vorg...@gmail.com wrote:


login_log_format_elements does not seem to change the login logs.  I have it set to the 
below setting and the word home does not even appear.  Is there something I 
have to do to for this?  Also I use ldap for authentication.

%h isn't a valid variable in there. It expands to empty, so it's not added to 
the log. There's no way to log the home directory in there, because auth 
process doesn't send it to the login process (and actually it hasn't even 
gotten around to looking it up at that point).



ahh, ok. I just now saw your response.  I assume any word associated 
with the variable (like the home=) is not shown when its blank, that 
is what made me think it was not working.  Thanks for the info

Re: [Dovecot] Doveadm with a 2nd Instance

[/dev/rob0]

On Thu, Sep 26, 2013 at 12:45:01AM -0400, Chris Lasater wrote:
 I am trying to use 2 instances of Dovecot on the same server so I 
 can have a Director managing my connections, everything appears to 
 be working, but I can not use doveadm to control my 2nd instance, 
 but doveconf seems to work fine.

I have noticed the same thing. It seems that doveadm ignores -i. 
dovecot works with -c /path/to/other/dovecot.conf, but it too 
ignores -i.

We got the idea to try -i instance_name from 
http://wiki2.dovecot.org/Tools/Doveadm/Instance , but doveadm help 
itself does not show a -i.

 I have stopped and started both my instances so the config running 
 is what is in the config file, but when I use -i Director with 
 doveadm it uses the other instances config.

And this is a big problem for trying to use doveadm director
commands when the director instance uses the nonstandard paths. I 
haven't found a way to do that yet! -c /path/to/other/dovecot.conf 
didn't work.

http://wiki2.dovecot.org/Tools/Doveadm/Director

Currently on 2.2.5, about to switch to 2.2.6 EE. It seemed like it 
worked back in 2.0.9 before upgrading.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

[Dovecot] service anvil and ssl-params not starts with dovecot started

[Dewey Du]

Hi

My dovecot started with the error below. What's the most possible reason
for the error?

“2013-08-28 11:41:40 ”master: Info: Dovecot v2.2.5 starting up (core dumps
disabled)
“2013-08-28 11:42:00 ”anvil: Fatal: Error reading configuration: Timeout
reading config from /var/run/dovecot/config
“2013-08-28 11:42:00 ”master: Error: service(anvil): command startup
failed, throttling for 2 secs
“2013-08-28 11:42:00 ”ssl-params: Fatal: Error reading configuration:
Timeout reading config from /var/run/dovecot/config
“2013-08-28 11:42:00 ”master: Error: service(ssl-params): command startup
failed, throttling for 2 secs


Actually, After dovecot starts, I can telnet 110, but it takes 30seconds or
so to get through the authentication. I suspect whether the error above
cause the issue or not.


Other information:
dovecot version v2.2.5
use posfix, dovecot sasl, and mysql

Attached my dovecot.conf:
#auth_debug = yes auth_mechanisms = plain login #debug_log_path =
/var/log/dovecot.debug default_internal_user = postfix default_login_user =
postfix disable_plaintext_auth = no first_valid_uid = 1000 last_valid_uid =
1000 mail_gid = 1000 mail_uid = 1000 log_path = /var/log/dovecot.log
mail_location = maildir:/var/vmail/%d/%u mail_privileged_group = vmail
protocols = imap pop3 listen = * base_dir = /var/run/dovecot/ service auth
{ unix_listener /var/spool/postfix/private/auth { group = postfix mode =
0666 user = postfix } user = root } ssl = no userdb { args =
/etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args =
/etc/dovecot/dovecot-mysql.conf driver = sql } protocol pop3 {
pop3_uidl_format = %08Xu%08Xv }

Re: [Dovecot] Doveadm with a 2nd Instance

[Chris Lasater]

While testing some more I found out something else.  I have an alias set 
for doveadm so it was running with sudo and that ended up being part of 
the issue.  If doveadm is run as a regular user then the problem goes away


[user@server ~]$ doveadm -i Director log find
Debug: /home/user/apps/logs/director/director_debug.log
Info: /home/user/apps/logs/director/director_info.log
Warning: /home/user/apps/logs/director/director.log
Error: /home/user/apps/logs/director/director.log
Fatal: /home/user/apps/logs/director/director.log

[user@server ~]$ sudo doveadm -i Director log find
Debug: /home/user/apps/logs/dovecot_debug.log
Info: /home/user/apps/logs/dovecot_info.log
Warning: /home/user/apps/logs/dovecot.log
Error: /home/user/apps/logs/dovecot.log
Fatal: /home/user/apps/logs/dovecot.log

Also if I run sudo doveadm stop to stop the main instance, I now have 
the ability to use the -i Director using sudo.  Unfortunately this makes 
it difficult to manage two instances.  Does anyone have an idea of 
getting this to work with sudo?

Chris

Re: [Dovecot] Dovecot extremely slow!

[Patricio Rojo]

Thanks all for the quick and knowledgeable replies!

More details on my system:
* Debian 7.1 server hosting many daemons which do not show any slow 
behavior at all (apache, postfix, nfs, autofs, ssh, ...), nor is it slow 
to run any application for test (no resource intensive application is 
run routinely on this machine due to its low  4Gb RAM, in any case)
* /home partition nfs mounted from a remote firewalled QNAP NAS server 
(TS-869U-RP), which also serves other machines (RAID-5 setup with 
currently no bad disks). When logging in as user in any of those 
machines including the dovecot server, I notice no delay (remember that 
dovecot hangs for 60 or more seconds). Also, the inbox hangs as often as 
the imap folders, but the former is found on local disk on /var/mail.
* user authentification using ldap with a daemon hosted on a different 
server than dovecot's (and firewalled from the outside)
* the logs files give no warnings or errors other than the typical 
failed connection attempts from chinese or so hackers.  I do however, 
find the following lines in mail.log every once in a while:


Sep 26 11:02:20 wasabi dovecot: imap(pato): Disconnected: Disconnected in IDLE 
in=8017978 out=490892

Sep 26 11:02:21 wasabi dovecot: imap-login: Login: user=pato, method=PLAIN, 
rip=24.58.62.118, lip=146.83.9.56, mpid=3964, TLS, session\

=lcGR0UnnugAYOj52

Sep 26 11:03:23 wasabi dovecot: imap-login: Disconnected (no auth attempts in 1 
secs): user=, rip=24.58.62.118, lip=146.83.9.56, TLS, \

session=uOJE1UnnxQAYOj52

Sep 26 11:03:26 wasabi dovecot: imap-login: Login: user=pato, method=PLAIN, 
rip=24.58.62.118, lip=146.83.9.56, mpid=3973, TLS, session\

=PCFr1UnnxgAYOj52

Sep 26 11:05:00 wasabi dovecot: imap(pato): Disconnected: Disconnected in IDLE 
in=1205 out=28366


note how it receives a 'user=' from the same ip it received a valid 
user a minute ago (and this is the timescale of my problem).
* When the problem started I did a lot of rather simultaneous changes to 
my system (change the hardware of my dovecot's host, moved the ldap 
daemon from the dovecot machine to a firewalled machine, installed the 
QNAP NAS, updated CA certificate ...), so it is hard to pinpoint the 
cause of this.  Every other daemon is working as good as it was before, 
though.

* 'doveconf -n' output is below.

Thank you very much!!

Patricio

--
PS: Please warn me if any of the information I have given can be used to 
exploit my system. I have tried to be very careful with this



# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.1
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols =  imap
service auth {
  inet_listener {
port = 12345
  }
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
}
ssl_cert = /etc/dovecot/wasabi.imap.crt
ssl_key = /etc/dovecot/private/wasabi.imap.nopwd.key
userdb {
  driver = passwd
}

Re: [Dovecot] recipient_delimiter

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 25 Sep 2013, LuKreme wrote:


Can I enable $recipient_delimiter = ‘+’ for only the virtual sql users?


let it blank in the default config, but return a field 
plugin/recipient_delimiter from SQL.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUkRcP13r2wJMiz2NAQKC+wgAvfelpDQl8iUBMZ4IiyTNGy+3KI4kW82o
Mlmgd9F2akNwr4Ow3OgBWIdBpXiAHhcteVTU7QEbLiCUw21TfX62lud1qBwpaXfL
yPQiEwfuabCsgk6+VNKu0eNxkbVjfNR0ajsXDxY7eEAyiyfOMNvViyo6DBJr+5pH
p1aY5TqhQ3Had2mMz/lgGQWErjjaswlZP+Kd60T6+Klf4q1B9okNpEDX4YDm8KR4
3T8h2CPVEdSHjcaleifPOS7ICE5x7yxswsfwwdyb4PeHSfcwcz3oPFMVu7hMUzR/
ZH6Shfu+qrVhWw/ViLJrl9vJz5RfUAkWwBWlNo1utFJizmYIXDUX8w==
=G8/L
-END PGP SIGNATURE-

Re: [Dovecot] Dovecot extremely slow!

[Bob Miller]

hi,

 Sep 26 11:03:23 wasabi dovecot: imap-login: Disconnected (no auth attempts in 
 1 secs): user=, rip=24.58.62.118, lip=146.83.9.56, TLS, \
 
 session=uOJE1UnnxQAYOj52
 
 Sep 26 11:03:26 wasabi dovecot: imap-login: Login: user=pato, method=PLAIN, 
 rip=24.58.62.118, lip=146.83.9.56, mpid=3973, TLS, session\
 
 =PCFr1UnnxgAYOj52

try enabling the debug settings in your dovecot.conf, maybe you can get
more info:

#auth_debug = yes
#auth_debug_passwords = yes
#mail_debug = yes

You also mention that your auth server is on a separate machine, and 60
seconds seems a lot like a timeout threshold, maybe you are having
intermittent problems there.  Maybe if you could tail the dovecot and
the ldap logs simultaneously then repeat your test, you would see a
discrepancy on the auth server when the dovecot logs show user=  

 ssl_cert = /etc/dovecot/wasabi.imap.crt
 ssl_key = /etc/dovecot/private/wasabi.imap.nopwd.key

Hmm... a low-level guess: maybe you need to speicify your CA here?  I
don't *think* that would explain your slowness, but I suppose there
could be a timeout looking for it...


 userdb {
driver = passwd
 }
 

Re: [Dovecot] recipient_delimiter

[LuKreme]

On 26 Sep 2013, at 10:09 , Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Wed, 25 Sep 2013, LuKreme wrote:
 
 Can I enable $recipient_delimiter = ‘+’ for only the virtual sql users?
 
 let it blank in the default config, but return a field 
 plugin/recipient_delimiter from SQL.

Something like this:

userdb {
 args = /etc/dovecot/dovecot-sql.conf.ext
 default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u 
mail=maildir:/usr/local/virtual/%u recipient_delimiter='+'
 driver = sql
}

??

-- 
The Earth is like a tiny grain of sand, only much, much heavier.

[Dovecot] Using MailDir but local messages still save in mbox format

[Mike Edwards]

I am using MailDir format for all my virtual users and it is working 
well.  However, if email comes in to a unix system user, it delivers in 
Mbox format.This is mostly cron jobs that do this.Mail addressed 
to my virtual users goes to the MailDir locations just fine.  None of 
these mailboxes have ever been created, they are just incorrect assumed 
addresses.   There should NEVER be any email to usern...@my.host.name 
because everything is virtual.


Does anyone know how to fix this?

Here is my config.

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_debug = yes
auth_mechanisms = plain login cram-md5 ntlm
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date

mbox_write_locks = fcntl
passdb {
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  autocreate = Trash
  autocreate2 = Spam
  autocreate3 = Drafts
  autocreate4 = Sent
  autocreate5 = Archives
  autosubscribe = Trash
  autosubscribe2 = Spam
  autosubscribe3 = Drafts
  autosubscribe4 = Sent
  autosubscrube5 = Archives
  sieve = ~/.dovecot.sieve
  sieve_before = /home/vmail/movespam.sieve
  sieve_dir = ~/sieve
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-master {
mode = 0600
user = vmail
  }
}
ssl_ca = /etc/pki/dovecot/ca/dovecot.pem
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
userdb {
  args = uid=vmail gid=vmail home=/home/vmail/%d/%n
  driver = static
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /home/vmail/dovecot-deliver.log
  mail_plugins =  sieve sieve
  postmaster_address = postmas...@zeus.deltatechnicalservices.com
}
protocol lmtp {
  mail_plugins =  sieve
}
protocol imap {
  mail_plugins = autocreate
}
protocol sieve {
  managesieve_implementation_string = Dovecot Pigeonhole
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

[Dovecot] Released Pigeonhole v0.4.2 for Dovecot v2.2.6 and Pigeonhole v0.3.6 for Dovecot v2.1.17.

[Stephan Bosch]

Hello Dovecot users,

Now that Dovecot v2.2.6 is released, I can release a new Pigeonhole. Due
to the SO_REUSEPORT changes in Dovecot, this Pigeonhole release will not
compile cleanly against older Dovecot releases.

This release is mainly about bugfixes. I also made a new release for
Dovecot v2.1.17 that includes most of these fixes and some older ones.

A word of warning for people using doveadm sync in combination with
sieve: make sure you update both sides of the replication to avoid
problems after upgrade. The attribute sub-tree under which Sieve scripts
are replicated has moved to a different root. Since we expect that very
few people are affected, there is no facility for backwards
compatibility. This is no problem as long as both sides are upgraded.

There is one new feature for the Sieve vacation extension. Normally
vacation replies are sent with  sender to prevent mail loops. A
setting is provided to override this behavior
(doc/extensions/vacation.txt), as requested on the mailing list. This is
not a violation of the specification, but use this with care.

Changelog v0.4.2:

* Incompatible change in Sieve doveadm plugin: the root attribute for
  Sieve scripts is changed. Make sure that you update both sides of a
  dsync setup simultaneously when Sieve is involved, otherwise
  synchronization will likely fail.
+ Added support for sending Sieve vacation replies with an actual
  sender, rather than the default  sender. Check the updated
  doc/extensions/vacation.txt for more information.
- Fixed a binary code read problem in the `set' command of the Sieve
  variables extension. Using the set command with a modifier and an
  empty string value would cause code corruption problems while running
  the script.
- Various fixes for doveadm-sieve plugin, mostly crashes. These include
  a fix for the `Invalid value for default sieve attribute' problem.
- Various fixes for compiler and static analyzer warnings, e.g. as
  reported by CLang and on 32 bit systems.
- Fixed the implementation of the new :options flag for the Sieve
  include extension.
- Fixed potential segfault bug at deinitialization of the lda-sieve
  plugin.
- Fixed messed up hex output for sieve-dump tool.

Changelog v0.3.6:

- Fixed a binary code read problem in the `set' command of the Sieve
  variables extension. Using the set command with a modifier and an
  empty string value would cause code corruption problems while running
  the script.
- Various fixes for compiler and static analyzer warnings, as reported
  by CLang.
- ManageSieve: Fixed '[' ']' stupidity for response codes (only happened
  before login).
- Fixed setting name in example-config/conf.d/20-managesieve.conf.
- Fixed messed up hex output for sieve-dump tool.

The releases are available as follows:

http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz
http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz.sig

http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.6.tar.gz
http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.6.tar.gz.sig


Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this new release and don't hesitate
to notify me when there are any problems.

Regards,

-- 
Stephan Bosch
step...@rename-it.nl

Re: [Dovecot] recipient_delimiter

[voytek]

 $recipient_delimiter = ‘+’

ahem, dumb question coming:

//I often read various threads here, and, look at my own setup, with a
view of optimizing or understanding things I should...//

I have working dovecot 2.1.1 with postfix, only have virtual domains, all
users in mysql;

'+' delimiter is enabled in postfix, and, works OK

postfix]# grep _delimiter main.cf
# The recipient_delimiter parameter specifies the separator between

recipient_delimiter = +

BUT, I seem to have nothing in dovecot.conf:

postfix]# cd /etc/dovecot
dovecot]# grep delimiter *

dovecot]# cd conf.d
conf.d]# grep delimiter *
15-lda.conf:#recipient_delimiter = +
20-lmtp.conf:# the mail to the detail mailbox. See also
recipient_delimiter and
20-lmtp.c_org:# the mail to the detail mailbox. See also
recipient_delimiter and

should I also enter $recipient_delimiter = ‘+’  in my
/etc/dovecot/dovecot.conf ?

what will it add to this working setup, what am I missing?

thanks for all pointers

Re: [Dovecot] Courier migration and vpopmail with dovecot-lda

[Charles Sprickman]

On Sep 19, 2013, at 4:59 AM, Anton Lundin wrote:

 On 18 September, 2013 - Charles Sprickman wrote:
 
 I've been using Dovecot in some fresh installs lately and have found
 it fairly easy to configure.  However I'm starting on a migration
 that involves moving from some very old software (ancient vpopmail,
 qmail and Courier).
 
 On the Courier front, I've reviewed the migration page in the wiki,
 and it looks like the main concerns are just matching the namespace
 and then using the migration script to create new subscription and
 uidlist files.  Given that my Courier IMAP setup is so old (4.0.6),
 is there anything to be aware of that's not covered in the wiki due
 to the age of Courier here?
 
 Are there any other general issues to be aware of as far as
 interactions with MUAs are concerned?  For example, if Courier has
 been presenting the user's MUA with a given set of IMAP capabilities
 and then the MUA sees a bunch of extra capabilities on a subsequent
 login, will that trigger any strange behavior?
 
 And lastly on this subject, I will obviously be doing some testing
 before cutting over to the other server.  Is it valid in something
 like Thunderbird to have it pointed to imap.domain.com and then
 change the imap server to point to something like
 testimap.domain.com for testing whether subscriptions and the
 uidlists are working as expected or should I fully replicate the
 move as an end user would see it by making the change in my local
 hosts file?
 
 Now, assuming that portion of the move goes alright, I'm incredibly
 confused about getting Dovecot and Vpopmail working together.  I
 assume that initially I can stick with the Maildir++ mailbox format
 and let vpopmail's vdelivermail continue working as my LDA -
 vdelivermail understands how to find the user's Maildir, it can
 check quotas, and it can update the maildirsize file (which I'm
 assuming dovecot can also read and then report quota/usage to an
 IMAP client).  However it does look like the Dovecot-only mailbox
 format(s) will offer much better performance than Maildir as the two
 dbox formats are the only supported mailbox formats with separate
 index files, correct?  Is there any guidance on how to use dovecot's
 LDA with a virtual mail system such as vpopmail?  From what I've
 read so far, I probably don't want to use the vpopmail extension
 supplied with dovecot, but query the mysql vpopmail db directly.
 I'm finding a ton of info while searching for this, but most deals
 with older versions of dovecot, and there are also many this works
 but I don't know why tutorials on combining dovecot and vpopmail
 and dovecot's own LDA.  I'm not even able to guess how one handles
 the per-user .qmail files in vpopmail if not using vdelivermail
 (this is where we enable/disable spam filtering by piping the
 message through spamc).
 
 Any input on the overall migration process is appreciated.  It's a
 bit overwhelming as I have to deal with a big jump in the vpopmail
 version, rebuilding qmail with a ridiculous number of patches, and
 then on top of that a migration to new imap/pop server software.
 eek.
 
 Hi Charles!
 
 I can share some of my war-stories about qmail/vpopmail.
 
 Along time ago i ran quite a few qmail/vpopmail/courier/ezmlm/qmailadmin
 clusters and back then i thought it was the only rely good way of
 running it. Then the years passed and when i needed to add patches to
 qmail consisting of more code than qmail started out with it got quite
 frustrated.
 Due to speed and scalability we didn't run with a db-backend for
 vpopmail, we used vpasswd/cdb(?) hash-files and that ran quite well.
 
 So when it was time to migrate i came up with the following solution:
 
 I ran postfix as smtp-server, querying vpopmail via a tcp:-maps to a daemon
 written in perl, that ran diffrent vpopmail-commands.
 That old daemon is now available at:
 https://github.com/glance-/postfixvpopmail/

Thanks for that, I'm doing this in steps, and initially qmail will
remain exposed to the interwebs.  Down the line it's going to be
hidden behind Postfix.  That little daemon might be helpful.  I
wasn't sure how hard it would be to query the vpopmail db directly
for users and aliases (I don't think we have any ezmlm, which is I
think the one thing not tracked in the db).

 For some reason that i can't really remember vdelivermail was just
 incapable of being used in this case to deliver mail, i think it had
 something to do with .qmail-files and might have bin something with
 ezmlm, so i used qmail as a lda, and had postfix pipe mail to
 qmail-inject.
 This way we kept qmailadmin/ezmlm running as they did before and just
 replaced the world-facing components.
 
 On top of that i ran Dovecot with the vpopmail plugin. This was a realy
 old dovecot, probaby like 1.0.x or something, but everything worked
 smoothly. I just followed the notes on the wiki about uidl-format and
 no users noticed.

Since this is the Dovecot list, I'll try to focus on this part.

Re: [Dovecot] Doveadm with a 2nd Instance

[Daniel Parthey]

Hi,

this bug should have been fixed by Timo in some 2.1.x release. The issue should 
be in the list archives too. Which version are you using?

BTW: I'm still using
doveadm -c /etc/dovecot-director/dovecot- director.conf director status
to address the director instance.

Regards
Daniel

Re: [Dovecot] recipient_delimiter

[Noel Butler]

On Fri, 2013-09-27 at 07:29 +1000, voy...@sbt.net.au wrote:


 
 I have working dovecot 2.1.1 with postfix, only have virtual domains, all
 users in mysql;
 
 '+' delimiter is enabled in postfix, and, works OK
 
 postfix]# grep _delimiter main.cf
 # The recipient_delimiter parameter specifies the separator between
 
 recipient_delimiter = +
 
 BUT, I seem to have nothing in dovecot.conf:
 
 postfix]# cd /etc/dovecot
 dovecot]# grep delimiter *
 
 dovecot]# cd conf.d
 conf.d]# grep delimiter *
 15-lda.conf:#recipient_delimiter = +
 20-lmtp.conf:# the mail to the detail mailbox. See also
 recipient_delimiter and
 20-lmtp.c_org:# the mail to the detail mailbox. See also
 recipient_delimiter and
 
 should I also enter $recipient_delimiter = ‘+’  in my
 /etc/dovecot/dovecot.conf ?
 
 what will it add to this working setup, what am I missing?
 
 thanks for all pointers
 


Not needed, dovecot defaults to that setting, adding it in postfix is
all thats required to work




signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] recipient_delimiter

[LuKreme]

On 26 Sep 2013, at 15:29 , voy...@sbt.net.au wrote:
 should I also enter $recipient_delimiter = ‘+’  in my
 /etc/dovecot/dovecot.conf ?
 
 what will it add to this working setup, what am I missing?

Setting it will, as I understand it, cause dovecot to automatically file 
+extension mail in .extension/ (and auto-create the maildir if needed).

-- 
Varium et mutabile semper Femina.

Re: [Dovecot] recipient_delimiter

[Noel Butler]

On Thu, 2013-09-26 at 17:24 -0600, LuKreme wrote:

 On 26 Sep 2013, at 15:29 , voy...@sbt.net.au wrote:
  should I also enter $recipient_delimiter = ‘+’  in my
  /etc/dovecot/dovecot.conf ?
  
  what will it add to this working setup, what am I missing?
 
 Setting it will, as I understand it, cause dovecot to automatically file 
 +extension mail in .extension/ (and auto-create the maildir if needed).
 


Certainly does not do that by _default_ in a normal
mysql/virtuser/maildir setup using lda 
when mail arrives for foo+dove...@example.com
it gets stored in foo's  cur/
leaving it for the end users mail client to decide what to do with it,
if anything.




signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Doveadm with a 2nd Instance

[Chris]

I upgraded to 2.2.6 yesterday and was one 2.2.5 before.

On 09/26/2013 07:06 PM, Daniel Parthey wrote:

Hi,

this bug should have been fixed by Timo in some 2.1.x release. The 
issue should be in the list archives too. Which version are you using?


BTW: I'm still using
doveadm -c /etc/dovecot-director/dovecot- director.conf director status
to address the director instance.

Regards
Daniel 

[Dovecot] How to authenticate against SQL DB with custom-ciphered passwords?

[Nicolay Vizovitin]

Hello,

I'm about to start developing authentication/password-scheme module for
Dovecot. So I would like to get some advice before actually committing to
doing things in particular way. Hope somebody will be able to help me :)

For the record, I am currently targeting latest stable Dovecot version
2.2.5.

I have an SQL DB with mail users' authentication data. Passwords are stored
either encrypted via system crypt(3) or ciphered with some custom algorithm
(think something symmetrical like AES, so passwords can be decrypted into
plain form). I want to use this DB as both userdb and passdb backend. The
issue, of course, is with ciphered passwords support.

1) Is it feasible to just implement a new password scheme for ciphered
passwords support and still use stock passdb driver in Dovecot for SQL DB
access? So that passwords in this scheme would be treated as PLAIN (in a
sense that both cleartext and shared secret authentication methods would
work).

2) Provided I implement custom password scheme for ciphered passwords, what
is the best way to be capable to perform authentication against both
ciphered and encrypted passwords? Ciphered and encrypted passwords are
stored in different fields of SQL table (one of them is NULL when the other
one is set).
a) Do I define two passdb clauses with their own default_pass_scheme
(equal to my new scheme or CRYPT for encrypted passwords) and use fallback
to effectively check both of them?
b) Do I modify SQL query so that it prefixes existing password with
correct scheme (I'm not sure this will be easy enough to do)?

3) Is it mandatory to provide password generation routine for custom
password scheme? When it will be used?

4) Maybe it's better to just implement a plugin that serves as both userdb
and passdb driver (in other words a kind of generic authentication module)?
What are advantages and disadvantages of each method - custom password
scheme + stock SQL driver VS. custom userdb and passdb driver? Fortunately,
I already have all the required credentials lookup and verification code.
So in any case the question is only in figuring out suitable Dovecot APIs
and integrating the existing code.

5) I have previously implemented similar custom authentication module for
Courier-IMAP (Courier-Authlib to be precise) to use the same SQL DB. And I
will need to support both IMAP servers for some time. So it is only natural
to expect some generic solution to be possible. I'd like to remind that I
need to be able to supply either encrypted password or deciphered plain
password, or just check against them. Is it possible to do so in a common
way? If so, what method should I use? I would expect SASL helping me out
here, but AFAIK, both Dovecot and Courier-IMAP can only serve as SASL
servers (providing authentication services), not clients.

6) I obviously care about providing enhanced security, especially against
stealing mail passwords. So any additional advice or related guidelines are
welcome.

7) Somewhat unrelated question: what is the best way to test IMAP (and
maybe POP3 as well) server performance and compare it to another server?
I'm interested in both login performance (the part I will influence) and
performance with many mails in mailbox. I heard imaptest is suitable for
this task. Are there any recipes or example testing scenarios you might
share? ;)

I would be grateful for any insight in these issues. If I chose a wrong
mailing list to post to, please feel free to correct me.

Thanks for your time! :)

--
Best regards,
Nick

[Dovecot] sieve gone mad ---help

[Rob]

managesieve has gone mad.
One person went on holiday when he came back his out of office would not switch 
off, then it replicated it's self into two other users (the vacation noticE) 
and started to be sent out for them and those users had never set up an out of 
office or looted into round cube.
even deleting the vacation notice did not stop it, but if we put another 
vacation notice in then the new one is sent out, if we disable the new one then 
the old one is sent out…. 
mad….
how can I refresh the whole thing and start again… ?
I am running this on 10.8.4 mountain lion server and I can't stop sieve…
I have looked in the /Library/Server/Mail/Data/rules/USERFOLDER
and removed all sieve files
I have looked in each users mailbox but no seve files there…
I have restarted and still sieve will not stop sending out emails…. yesterday 
it went crazy sending a mail a second from one mailbox back to it's self….
help…..

osx 10.8 server using latest roundcube with managesieve plugin
bash-3.2# ps -aef|grep dovecot
   0 27481 1   0 12:07am ?? 0:00.36 
/Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -F
 214 27490 27481   0 12:07am ?? 0:00.58 dovecot/anvil [4 connections]
   0 28237 27481   0 12:07am ?? 0:01.69 dovecot/log
   0 28239 27481   0 12:07am ?? 0:00.20 dovecot/config
 227 28309 27481   0 12:08am ?? 0:42.33 dovecot/imap-login [28 
connections (28 TLS)]
 214 28311 27481   0 12:08am ?? 0:08.65 dovecot/auth [0 wait, 0 passdb, 
0 userdb]
 214 40746 27481   0  6:54am ?? 0:06.33 dovecot/imap [3 connections]
 214 40747 27481   0  6:54am ?? 0:01.89 dovecot/imap [reply 
192.168.5.134 IDLE]
 214 45378 27481   0  8:36am ?? 0:01.73 dovecot/imap [3 connections]
 214 46125 27481   0  9:03am ?? 0:00.75 dovecot/imap [2 connections]
 214 46127 27481   0  9:03am ?? 0:01.84 dovecot/imap [3 connections]
 214 47385 27481   0  9:35am ?? 0:01.29 dovecot/imap [3 connections]
 214 56274 27481   0  1:15pm ?? 0:00.25 dovecot/imap [3 connections]
 214 56275 27481   0  1:15pm ?? 0:00.36 dovecot/imap [5 connections]
 214 56276 27481   0  1:15pm ?? 0:00.45 dovecot/imap [4 connections]
 214 56367 27481   0  1:18pm ?? 0:00.10 dovecot/imap [liam 
192.168.5.130 IDLE]
   0 62854  9637   0  4:37pm ttys0000:00.00 grep dovecot
bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/sbin/dovecotd -n
# 2.0.19apple1: /Library/Server/Mail/Config/dovecot/dovecot.conf
# OS: Darwin 12.4.0 x86_64  hfs
aps_topic = com.apple.mail.XServer.68f48c72-274a-48f9-beed-71096afe3fa6
auth_mechanisms = cram-md5 x-plain-submit plain login apop gssapi digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_format = %n
default_internal_user = _dovecot
default_login_user = _dovenull
disable_plaintext_auth = no
first_valid_gid = 6
first_valid_uid = 6
mail_access_groups = mail
mail_location = maildir:/Library/Server/Mail/Data/mail/%u
mail_log_prefix = %s(pid %p user %u): 
mail_plugins = quota zlib fts fts_sk
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 200 M
passdb {
 args = /Library/Server/Mail/Config/dovecot/submit.passdb
 driver = passwd-file
 pass = yes
 submit = yes
}
passdb {
 driver = od
}
plugin {
 fts = sk
 quota = maildir:User quota
 quota_warning = storage=100%% quota-exceeded %u
 sieve = /Library/Server/Mail/Data/rules/%u/roundcube.sieve
 sieve_dir = /Library/Server/Mail/Data/rules/%u
}
postmaster_address = postmas...@server.risk.gg
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
 extra_groups = _keytabusers
 idle_kill = 15 mins
 unix_listener auth-userdb {
   user = _dovecot
 }
}
service dns_client {
 unix_listener dns-client {
   mode = 0600
 }
}
service imap-login {
 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
   ssl = yes
 }
 service_count = 0
}
service imap {
 client_limit = 5
 process_limit = 200
 service_count = 0
}
service lmtp {
 unix_listener lmtp {
   mode = 0600
 }
}
service managesieve-login {
 inet_listener sieve {
   port = 4190
 }
}
service pop3-login {
 inet_listener pop3 {
   port = 110
 }
 inet_listener pop3s {
   port = 995
   ssl = yes
 }
}
service pop3 {
 client_limit = 5
 process_limit = 200
 service_count = 0
}
service quota-exceeded {
 executable = script 
/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh
 unix_listener quota-exceeded {
   group = mail
   mode = 0660
   user = _dovecot
 }
 user = _dovecot
}
service quota-warning {
 executable = script 
/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh
 unix_listener quota-warning {
   group = mail
   mode = 0660
   user = _dovecot
 }
 user = _dovecot
}
ssl = 

Re: [Dovecot] Dovecot extremely slow!

[Robin]

On 9/26/2013 7:47 AM, Patricio Rojo wrote:


* /home partition nfs mounted from a remote firewalled QNAP NAS server
(TS-869U-RP), which also serves other machines (RAID-5 setup with
currently no bad disks).


I assume this NAS properly implements various locking services? 
Dovecot, like most mail MUA + MTAs, makes use of various filesystem 
locking primitives to maintain conherence in a multi-user access 
scenario.  If QNAP's stack doesn't implement proper NFS locking, this is 
probably a cause of these odd lags.


You can probably add a nolock to your /etc/fstab to resolve it, but 
you risk mailbox corruption.


You mentioned it was firewalled... are you allowing the lockd port 
through to the QNAP from the Dovecot machine that's mounting it?  NFS2 + 
3 implement locking via communication with a lock manager that listens 
on port 4045, if I recall.


=R=

Re: [Dovecot] Dovecot extremely slow!

[Stan Hoeppner]

On 9/26/2013 9:47 AM, Patricio Rojo wrote:

You failed to mention every client device you've tested is connecting to
the server from over 5000 miles away, across continents and an ocean,
with your packets traversing multiple national and political boundaries.

 rip=24.58.62.118, lip=146.83.9.56

cpe-24-58-62-118.twcny.res.rr.com   not found: 2(SERVFAIL)
Time Warner Cable, New York Red Universitaria Nacional
Santiago, CL
Observatorio Astronomico
Nacional

Have you performed extensive packet tracing to eliminate the network
paths as the source of the problem?  From here...

~$ telnet 146.83.9.56 993
Trying 146.83.9.56...
^C

~$ telnet 146.83.9.56 143
Trying 146.83.9.56...
^C

~$ telnet 146.83.9.56 25
Trying 146.83.9.56...
^C

~$ telnet 146.83.9.56 587
Trying 146.83.9.56...
^C

Given connections to the Dovecot host are apparently firewalled, either
holes have been punched for 24.58.62.118, or you're going through a VPN
tunnel.  I'd guess your problems are network or firewall related, not
Dovecot related.

-- 
Stan