Re: bug in acl_defaults_from_inbox option

2015-09-08 Thread Marco Giunta 

On 2015-09-07 23:10, Timo Sirainen wrote:

This happens to all boolean settings inside plugin {}. Not ideal, but
also not something that will get fixed without some larger settings code
changes.


ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is 
better to add it on a general page about configuration, to save future 
sysadmin headaches ;-)


--
 ---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265   |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503   |
|Fax: +39-040-3787-244  |
|e-mail: giu...@sissa.it|
 ---

Re: Different behavior of ACLs in MUA and doveadm

2015-09-08 Thread Thomas Leuxner 
* Thomas Leuxner  2014.12.31 22:10:

namespace {
  list = yes
  location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}

$ cat /var/vmail/conf.d/leuxner.net/global-acl
INBOX owner lrwstiekxap
Public/* group=PublicMailboxAdmins lrwsipk
Public/* anyone lr
Public/* authenticated lrws

$ doveadm mailbox create -u t...@leuxner.net 
Public/Archive/Mailing-Lists/Dovecot/2015
doveadm(t...@leuxner.net): Error: Can't create mailbox 
Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied

$ doveadm acl get -u t...@leuxner.net Public/Archive/Mailing-Lists/Dovecot
doveadm(t...@leuxner.net): Error: Can't open mailbox 
Public/Archive/Mailing-Lists/Dovecot: Mailbox doesn't exist: 
Public/Archive/Mailing-Lists/Dovecot
ID Global Rights

I retested this issue after all the HG commits. Doveadm still treats the 
namespace/ACL differently compared to a MUA. While doveadm refuses to create 
the mailbox, the MUA succeeds. However I'd like to do all this scripted using 
doveadm ideally... 

$ openssl s_client -connect host.domain.tld:143 -starttls imap

. OK Pre-login capabilities listed, post-login capabilities have more.
1 login t...@leuxner.net 
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND 
URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED 
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH 
LIST-STATUS BINARY MOVE NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk
1 OK Logged in
2 list "Public/Archive" *
[...]
* LIST (\Noselect \HasChildren) "/" Public/Archive/Mailing-Lists/Dovecot
* LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2014
* LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2013
* LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2012
[...]
2 OK List completed (0.016 secs).
3 create "Public/Archive/Mailing-Lists/Dovecot/2015"
3 OK Create completed (0.006 secs).
4 list "Public/Archive" *
[...]
* LIST (\HasNoChildren) "/" Public/Archive/Mailing-Lists/Dovecot/2015


signature.asc
Description: Digital signature

My dovecot works fine against Active Directory 2003, but not against AD2008

2015-09-08 Thread Fran 
Hello,

my dovecot installation has been working fine against AD till we upgrade
from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP
said, now I'm not able to connect AD through 389 port. The port 3268
works fine though.

(...)
Sep  7 19:02:05  dovecot: imap-login: Error:
master(imap): Auth request timed out (received 0/12 bytes)
Sep  7 19:02:05  dovecot: imap-login: Internal login
failure (pid=4846 id=1) (internal failure, 1 successful auths):
user=<>, method=PLAIN, rip=,
lip=, TLS, session=
(...)
Sep  7 19:02:06  dovecot: auth: Error:
ldap(,,): Connection appears
to be hanging, reconnecting
Sep  7 19:02:06  dovecot: auth: Error:
ldap(,,): LDAP search returned
multiple entries
(...)

Is there a technical reason for this problem? Does it exist any workaround?

The use of Global Catalog (port 3268) is not a solution for me, since it
misses many attributes. (ex. I use the field "initials" to set the quota
and this field is not available through port 3268).

I also noticed that, now, it uses any DC available in the domain, it
doesn't care what I configured in "hosts = " parameter.

This is using "hosts = dc03.domain:389":
---

[root@ ~]# netstat -anp | grep dovecot | grep auth
tcp   22  0 :55217 
:389  ESTABLISHED 4872/dovecot/auth
tcp   22  0 :57645 
:389ESTABLISHED 4872/dovecot/auth
tcp0  0 :55216 
:389  ESTABLISHED 4872/dovecot/auth

It looks like it does a look up for other domains controller (I don't
know how nor why) and it connect aleatory to any DC in my domain (in
this case dc06.domain, but it changes any time), additionally to the
configured one (dc03.domain).

This is using "hosts = dc03.domain:3268":

[root@ ~]# netstat -anp | grep dovecot | grep auth
tcp0  0 :58485 
:3268 ESTABLISHED 4982/dovecot/auth

In this case, only the configured server in host parameter is used (I
think this is the right behaviour)


Aditional info:
---
CentOS Linux release 7.0.1406 (Core)

dovecot 2.2.10

Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192
Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail
SQL driver plugins: mysql postgresql sqlite
Passdb: checkpassword ldap pam passwd passwd-file shadow sql
Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql


My /etc/dovecot/dovecot-ldap.conf.ext
--
#hosts = dc03.domain:3268
hosts = dc03.domain:389
#uris = ldap://dc03.domain
base = DC=domain
#tls = yes
tls = no
ldap_version = 3
auth_bind = yes
auth_bind_userdn = %u@domain
#auth_bind_userdn = DOMAIN\%u
dn = cn=,cn=Users,dc=domain
dnpass = 

#scope   = subtree
#deref   = never

user_filter =
(&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@)))
pass_filter =
(&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@)))
pass_attrs  = userPassword=password
user_attrs  = Initials=quota_rule=*:storage=%$MB
---


--
Log trace using PORT 389:
--
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x10, ret=1: before/accept initialization []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 read client hello A []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 write server hello A []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 write certificate A []
Sep  7 19:00:35  dovecot: auth: Debug: Loading modules
from directory: /usr/lib64/dovecot/auth
Sep  7 19:00:35  dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Sep  7 19:00:35  dovecot: auth: Debug: Loading modules
from directory: /usr/lib64/dovecot/auth
Sep  7 19:00:35  dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Sep  7 19:00:35  dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 write key exchange A []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 write server done A []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3 flush data []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3 read client certificate A []
Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3 read client

File permissions: system groups for do not work for group/shared mailboxes

2015-09-08 Thread Jens Kirchner 

Hello!
 
I am struggling to set up a group mailbox for users of a certain system group. 
I want to grant access to the mailbox on a filesystem mode by using the system 
groups.
The problem, the set up works fine and when I use setfacl and grant permissions 
too each user manually, it works fine. However, I want to use a system user's 
group membership in order to grant access to these mailboxes insted of manually 
granting for each user.
 
dovecot version: 2.2.9
 
This is the config part:
namespace {
  location = maildir:/data/mail/public:LAYOUT=fs
  prefix = GROUP-MAILBOXES/
  separator = /
  subscriptions = no
  type = public
}
 
...
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
...
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
 
filesystem permissions (getfacl):
# file: GroupboxA/
# owner: root
# group: root
user::rwx
user:user1:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:user1:rwx
default:group::rwx
default:mask::rwx
default:other::---
 
# file: GroupboxB/
# owner: root
# group: root
user::rwx
group::rwx
group:group1:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:group1:rwx
default:mask::rwx
default:other::---
 
user1 is in roup1
 
When setting username-based permissions  (GroupboxA), the mailbox is usable and 
subsribable; when setting groupname-based permissions (GroupboxB) it is not 
subscribable/usable.
 
Thanks for your help in advance and best regards,
Jens

Re: charset-iconv.c panic

2015-09-08 Thread Timo Sirainen 

> On 08 Sep 2015, at 00:36, Timo Sirainen  wrote:
> 
> On 07/29/2015 04:02 PM, mihaiush wrote:
>> Hi,
>> 
>> I have a mailbox where indexing fails with the following error:
>> 
>> # /opt/dovecot2/bin/doveadm -c /tmp/dovecot.conf -o
>> mail_location=/tmp/skesselring index '*'
>> doveadm(root): Panic: file charset-iconv.c: line 132 (charset_to_utf8):
>> assertion failed: (*src_size - pos <= CHARSET_MAX_PENDING_BUF_SIZE)
> 
> Is it possible for you to send the broken mail to me? Otherwise it would
> be pretty difficult to figure out how to fix this.
> 
> Also applying this patch would make it a bit clearer where the problem
> is: http://hg.dovecot.org/dovecot-2.2/rev/9fdbb3b220ec
> 
>>ctx = {mail = 0x23639b0, update_ctx = 0x2355980, content_type =
>> 0x2371540 "text/*", content_disposition = 0x2371fa0 "attachment;
>> filename=\"PTT-20141109-WA0001.amr\"", body_parser = 0x23832a0, word_buf =
> 
> So the problem is with indexing an attachment called "PTT-20141109
> WA0001.amr".

Fixed: http://hg.dovecot.org/dovecot-2.2/rev/cb4fcdc716e2

It doesn't seem to happen with newer glibc versions though, at least not in my 
Debian unstable.

Re: Different behavior of ACLs in MUA and doveadm

2015-09-08 Thread Thomas Leuxner 
* Timo Sirainen  2015.09.08 14:28:

> > Both debug levels raised, it doesn't log about the problem when using 
> > doveadm. I guess the patch is not enough:
> 
> With doveadm you need to give -D parameter for it to log debug output.

Comparing this to the previous imap log it does seem to ignore the global ACL 
pattern:

$ doveadm -D mailbox create -u t...@leuxner.net 
Public/Archive/Mailing-Lists/Dovecot/2015
Debug: Loading modules from directory: /usr/lib/dovecot/modules
Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so
Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
Debug: Module loaded: /usr/lib/dovecot/modules/lib20_virtual_plugin.so
Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so
Debug: Module loaded: /usr/lib/dovecot/modules/lib90_stats_plugin.so
Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm
Debug: Module loaded: 
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: 
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore this 
message)
Debug: Module loaded: 
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so
Debug: Module loaded: 
/usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: 
/usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined 
symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore 
this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: 
/usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: 
fts_backend_rescan (this is usually intentional, so just ignore this message)
doveadm(t...@leuxner.net): Debug: auth input: t...@leuxner.net 
quota_rule=*:storage=5G acl_groups=PublicMailboxAdmins uid=5000 gid=5000 
home=/var/vmail/domains/leuxner.net/tlx
doveadm(t...@leuxner.net): Debug: Added userdb setting: 
plugin/acl_groups=PublicMailboxAdmins
doveadm(t...@leuxner.net): Debug: Added userdb setting: 
plugin/quota_rule=*:storage=5G
doveadm(t...@leuxner.net): Debug: Effective uid=5000, gid=5000, 
home=/var/vmail/domains/leuxner.net/tlx
doveadm(t...@leuxner.net): Debug: acl: No acl_shared_dict setting - shared 
mailbox listing is disabled
doveadm(t...@leuxner.net): Debug: Quota root: name=user backend=dict 
args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota
doveadm(t...@leuxner.net): Debug: Quota rule: root=user mailbox=* 
bytes=5368709120 messages=0
doveadm(t...@leuxner.net): Debug: Quota rule: root=user mailbox=Trash 
bytes=+536870912 (10%) messages=0
doveadm(t...@leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%)
doveadm(t...@leuxner.net): Debug: dict quota: user=t...@leuxner.net, 
uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0
doveadm(t...@leuxner.net): Debug: Namespace inbox: type=private, prefix=, 
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox
doveadm(t...@leuxner.net): Debug: fs: 
root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, 
inbox=, alt=
doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: 
vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300
doveadm(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net
doveadm(t...@leuxner.net): Debug: acl: owner = 1
doveadm(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins
doveadm(t...@leuxner.net): Debug: acl vfile: Global ACL file: 
/var/vmail/conf.d/leuxner.net/global-acl
doveadm(t...@leuxner.net): Debug: Namespace : type=public, prefix=Public/, 
sep=/, inbox=no, hidden=no, list=yes, subscriptions=no 
location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public
doveadm(t...@leuxner.net): Debug: fs: root=/var/vmail/public, index=, 
indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt=
doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: 
vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300
doveadm(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net
doveadm(t...@leuxner.net): Debug: acl: owner = 0
doveadm(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins
doveadm(t...@leuxner.net): Debug: acl vfile: Global ACL file: 
/var/vmail/conf.d/leuxner.net/global-acl
doveadm(t...@leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, 
sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes 
location=virtual:~/mdbox/virtual
doveadm(t...@leuxner.net): Debug: fs: 
root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, 
control=, inbox=, alt=
doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: 
vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300
doveadm(t...@leuxner.net): Debug: acl: acl username =

Re: segfault when using zlib module with glibc 2.22

2015-09-08 Thread Florian Pritz 
Hi,

On Mon, 24 Aug 2015 19:18:41 +0300 Timo Sirainen  wrote:
> If it only happens with Arch Linux with an updated glibc version, I doubt the 
> problem is with Dovecot's code.

It's indeed a glibc issue and it appears upstream already has a fix and
that fix has been merged into Arch Linux' glibc 2.22-3 package.
Thanks for the pointer.

Florian


pgp4YzeaIFKgz.pgp
Description: OpenPGP digital signature

Fetch command response questions

2015-09-08 Thread Vlad Pop 
Hello,



I have the following issue:



When using command 

FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE)

on 2 different emails, we get 2 different response structure.



First response structure contains the BODYSTRUCTURE in a single line, while in 
the second response, the BODYSTRUCTURE is divided into multiple lines with 
"{61}" character at the end of each line.



The difference between those 2 emails is the name of some attachments. The 
attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog "freeing 
a free fragment""



Is this a sort of bug or is it correct to receive the BODYSTRUCTURE on multiple 
lines?



Vlad Pop

Re: Different behavior of ACLs in MUA and doveadm

2015-09-08 Thread Timo Sirainen 


On 09/08/2015 02:26 PM, Thomas Leuxner wrote:
> * Timo Sirainen  2015.09.08 12:20:
> 
>> How does the PublicMailboxAdmins group get set? Looks to me like the problem 
>> is that it's not getting set to doveadm. Here's an easy way to check if 
>> that's the problem or something else: 
>> http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389
>>
>> If that doesn't help: Show your full doveconf -n, set auth_debug=yes and 
>> mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a 
>> difference somewhere in there.
> 
> $ doveadm mailbox create -u t...@leuxner.net 
> Public/Archive/Mailing-Lists/Dovecot/2015
> doveadm(t...@leuxner.net): Error: Can't create mailbox 
> Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied
> 
> Both debug levels raised, it doesn't log about the problem when using 
> doveadm. I guess the patch is not enough:

With doveadm you need to give -D parameter for it to log debug output.

Public folder subscriptions with Outlook

2015-09-08 Thread Paul Tansom 
This is more an Outlook issue than Dovecot, but given that it is connected to
Dovecot I figured there would be a good pool of knowledge here that increases
the likelihood that somebody knows the answer :)

I have a Dovecot server setup with a public folder and keep getting complaints
that Outlook users don't see new folders created by other people. In
Thunderbird it is simply a case of unchecking the box to only show subscribed
folders, but I can't find a way to do this in Outlook. The only thing I can
think of is putting a script on the server to check for new folders and update
each users subcriptions file, but I'm not completely happy with that solution!

Any suggestions welcome.

-- 
 Paul Tansom  |  Aptanet Ltd.  |  https://www.aptanet.com/  |  023 9238 0001
 Vice Chair, FSB Portsmouth & SE Hampshire Branch  |  http://www.fsb.org.uk/
=
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP

Re: [Dovecot] dsync replication errors

2015-09-08 Thread Timo Sirainen 
On 08 Sep 2015, at 11:20, Sergey Schwartz  
wrote:
> 
> I use mdbox and probably have similar issue, but in my case only shared 
> mailboxes were affected.

Yes, shared mailboxes don't work nicely with replication. Replication is 
locking only the original user, so for shared mailboxes multiple dsyncs can be 
running in parallel and messing things up. A bit troublesome to fix this. I've 
had this issue happening for a couple of years now for our mails and I haven't 
bothered fixing it, so it's unlikely I'll do it anytime soon.. Although I 
haven't seen that many duplicates of the mails - just 10 or so.

Re: Public folder subscriptions with Outlook

2015-09-08 Thread Jerry 
On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated:

>This is more an Outlook issue than Dovecot, but given that it is connected to
>Dovecot I figured there would be a good pool of knowledge here that increases
>the likelihood that somebody knows the answer :)
>
>I have a Dovecot server setup with a public folder and keep getting
>complaints that Outlook users don't see new folders created by other people.
>In Thunderbird it is simply a case of unchecking the box to only show
>subscribed folders, but I can't find a way to do this in Outlook. The only
>thing I can think of is putting a script on the server to check for new
>folders and update each users subcriptions file, but I'm not completely
>happy with that solution!
>
>Any suggestions welcome.

What version of Outlook?

-- 
Jerry


pgpUkYX17nsFN.pgp
Description: OpenPGP digital signature

sieve_extprograms - double linebreaks at filtering

2015-09-08 Thread Hajo Locke 

Hello List,

i have a problem when using sieve-plugin sieve_extprograms. I use 
dovecot 2.2.18 and bundled pigeonhole 0.4.6 (Ubuntu 14.04.3 LTS)


i have enabled sieve_extprograms and vnd.dovecot.filter to send mail to 
user-defined script and get changed content back.

My script previously was used with procmail and is working fine.
Using same script with vnd.dovecot.filter leads to odd behavior.
I already found out the problem itself:
By sending Mailcontent to filter-programm it seems that 
sieve/sieve_extprograms is adding additional linebreaks to every line of 
complete mail.

Please see this image to clarify: http://r31i.imgup.net/header8d56.jpg?l=de
Every lineending got additional windows-lineendings, which leads to 
problems with processing scripts.
Piping mails by procmail to same script is working without problems, 
because this mails are recieved "clean" without the "^M".


this is part of dovecot.conf:

plugin {
  sieve = ~/.dovecot.sieve
  sieve_plugins = sieve_extprograms
  sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter 
+vnd.dovecot.execute

  sieve_pipe_bin_dir = /usr/local/bin/
  sieve_filter_bin_dir = /usr/local/bin/
}

this is part of userscript ~/.dovecot.sieve:

require ["fileinto", "vacation", "variables", "envelope", "imap4flags", 
"vnd.dovecot.filter", "subaddress"];

if address "to" "te...@example.com"
{
filter "my-script";
}

my-script currently just recieves and saves raw-data, so i could find 
difference between sieve and procmail mails.
What to do here? Is this a kind of bug of sieve/sieve_extprograms or i 
have to use additional parameters?


Thanks,
Hajo

Re: Dovecot and IPA

2015-09-08 Thread Timo Sirainen 

> On 08 Sep 2015, at 06:16, Kanwar Ranbir Sandhu  
> wrote:
> 
> On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote:
>> change password before debug logs
>> 
>> then run debug
>> 
>> change password
>> 
>> paste it
>> 
>> is safe
> 
> Here's the in rawlog:
> 
> 1441680001.046492 B1 AUTHENTICATE GSSAPI

So it is using AUTHENTICATE GSSAPI.

> 1441680001.096713 B1 NO [UNAVAILABLE] Temporary authentication
> failure. [mailman02.theinside.rnr:2015-09-08 02:40:01]
> 1441680001.096726 * OK Waiting for authentication process to respond..

I guess it's now crashing with this:

auth: Panic: file auth-request.c: line 733 
(auth_request_is_disabled_master_user): assertion failed: 
(request->requested_login_user != NULL)

That's a bug in the Dovecot version you're using. Upgrade.

Re: Different behavior of ACLs in MUA and doveadm

2015-09-08 Thread Timo Sirainen 
On 31 Dec 2014, at 23:10, Thomas Leuxner  wrote:
> 
> I have noticed a difference in the behavior of ACLs. When used in a MUA the 
> following global ACL works fine and has the desired effect - new mailboxes 
> can be created by a user being part of the 'PublicMailboxAdmins' group: 

How does the PublicMailboxAdmins group get set? Looks to me like the problem is 
that it's not getting set to doveadm. Here's an easy way to check if that's the 
problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389

If that doesn't help: Show your full doveconf -n, set auth_debug=yes and 
mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a 
difference somewhere in there.

Re: Different behavior of ACLs in MUA and doveadm

2015-09-08 Thread Thomas Leuxner 
* Timo Sirainen  2015.09.08 12:20:

> How does the PublicMailboxAdmins group get set? Looks to me like the problem 
> is that it's not getting set to doveadm. Here's an easy way to check if 
> that's the problem or something else: 
> http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389
> 
> If that doesn't help: Show your full doveconf -n, set auth_debug=yes and 
> mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a 
> difference somewhere in there.

$ doveadm mailbox create -u t...@leuxner.net 
Public/Archive/Mailing-Lists/Dovecot/2015
doveadm(t...@leuxner.net): Error: Can't create mailbox 
Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied

Both debug levels raised, it doesn't log about the problem when using doveadm. 
I guess the patch is not enough:

Sep  8 13:19:07 nihlus dovecot: auth: Debug: master in: 
USER#0111#011...@leuxner.net#011service=doveadm
Sep  8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(t...@leuxner.net): 
userdb cache miss
Sep  8 13:19:07 nihlus dovecot: auth: Debug: passwd-file 
/var/vmail/auth.d/leuxner.net/passwd: Read 1 users in 0 secs
Sep  8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(t...@leuxner.net): 
lookup: user=t...@leuxner.net file=/var/vmail/auth.d/leuxner.net/passwd
Sep  8 13:19:07 nihlus dovecot: auth: Debug: userdb out: 
USER#0111#011...@leuxner.net#011uid=5000#011gid=5000#011home=/var/vmail/domains/leuxner.net/tlx#011quota_rule=*:storage=5G#011acl_groups=PublicMailboxAdmins

With IMAP it is more talkative:

3 create "Public/Archive/Mailing-Lists/Dovecot/2015"

Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Added userdb 
setting: plugin/acl_groups=PublicMailboxAdmins
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Added userdb 
setting: plugin/quota_rule=*:storage=5G
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Effective 
uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: No 
acl_shared_dict setting - shared mailbox listing is disabled
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota root: 
name=user backend=dict 
args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota rule: 
root=user mailbox=* bytes=5368709120 messages=0
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota rule: 
root=user mailbox=Trash bytes=+536870912 (10%) messages=0
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota grace: 
root=user bytes=536870912 (10%)
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: dict quota: 
user=t...@leuxner.net, 
uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace inbox: 
type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=mdbox:~/mdbox
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs: 
root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, 
inbox=, alt=
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: 
initializing backend with data: 
vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: acl 
username = t...@leuxner.net
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: owner = 1
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: group 
added: PublicMailboxAdmins
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl vfile: 
Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace : 
type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, 
subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox
/public
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs: 
root=/var/vmail/public, index=, 
indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt=
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: 
initializing backend with data: 
vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: acl 
username = t...@leuxner.net
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: owner = 0
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: group 
added: PublicMailboxAdmins
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl vfile: 
Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace : 
type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, 
subscriptions=yes location=virtual:~/mdbox/virtual
Sep  8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs:

Re: Fetch command response questions

2015-09-08 Thread Timo Sirainen 
On 09/08/2015 02:58 PM, Vlad Pop wrote:
> Hello,
> 
> 
> 
> I have the following issue:
> 
> 
> 
> When using command 
> 
> FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE)
> 
> on 2 different emails, we get 2 different response structure.
> 
> 
> 
> First response structure contains the BODYSTRUCTURE in a single line, while 
> in the second response, the BODYSTRUCTURE is divided into multiple lines with 
> "{61}" character at the end of each line.
> 
> 
> 
> The difference between those 2 emails is the name of some attachments. The 
> attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog 
> "freeing a free fragment""
> 
> 
> 
> Is this a sort of bug or is it correct to receive the BODYSTRUCTURE on 
> multiple lines?

IMAP server can decide whether it returns a "string" or
{123}\r\nliteral. Dovecot decides this in such a way that it sends the
minimum number of bytes to the IMAP client. So there is no bug in Dovecot.

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

2015-09-08 Thread Fran 
I've logged a session using the option debug_level = -1.

The log is attached.

I still don't understand what is happening and why all my domain
controllers are being used even when I just use one of them in "host"
parameter in my /etc/dovecot/dovecot-ldap.conf.ext.

Thanks in advance,
Regards



El 08/09/2015 a las 11:00, Fran escribió:
> Hello,
>
> my dovecot installation has been working fine against AD till we upgrade
> from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP
> said, now I'm not able to connect AD through 389 port. The port 3268
> works fine though.
>
> (...)
> Sep  7 19:02:05  dovecot: imap-login: Error:
> master(imap): Auth request timed out (received 0/12 bytes)
> Sep  7 19:02:05  dovecot: imap-login: Internal login
> failure (pid=4846 id=1) (internal failure, 1 successful auths):
> user=<>, method=PLAIN, rip=,
> lip=, TLS, session=
> (...)
> Sep  7 19:02:06  dovecot: auth: Error:
> ldap(,,): Connection appears
> to be hanging, reconnecting
> Sep  7 19:02:06  dovecot: auth: Error:
> ldap(,,): LDAP search returned
> multiple entries
> (...)
>
> Is there a technical reason for this problem? Does it exist any workaround?
>
> The use of Global Catalog (port 3268) is not a solution for me, since it
> misses many attributes. (ex. I use the field "initials" to set the quota
> and this field is not available through port 3268).
>
> I also noticed that, now, it uses any DC available in the domain, it
> doesn't care what I configured in "hosts = " parameter.
>
> This is using "hosts = dc03.domain:389":
> ---
>
> [root@ ~]# netstat -anp | grep dovecot | grep auth
> tcp   22  0 :55217 
> :389  ESTABLISHED 4872/dovecot/auth
> tcp   22  0 :57645 
> :389ESTABLISHED 4872/dovecot/auth
> tcp0  0 :55216 
> :389  ESTABLISHED 4872/dovecot/auth
>
> It looks like it does a look up for other domains controller (I don't
> know how nor why) and it connect aleatory to any DC in my domain (in
> this case dc06.domain, but it changes any time), additionally to the
> configured one (dc03.domain).
>
> This is using "hosts = dc03.domain:3268":
> 
> [root@ ~]# netstat -anp | grep dovecot | grep auth
> tcp0  0 :58485 
> :3268 ESTABLISHED 4982/dovecot/auth
>
> In this case, only the configured server in host parameter is used (I
> think this is the right behaviour)
>
>
> Aditional info:
> ---
> CentOS Linux release 7.0.1406 (Core)
>
> dovecot 2.2.10
>
> Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192
> Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail
> SQL driver plugins: mysql postgresql sqlite
> Passdb: checkpassword ldap pam passwd passwd-file shadow sql
> Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql
>
>
> My /etc/dovecot/dovecot-ldap.conf.ext
> --
> #hosts = dc03.domain:3268
> hosts = dc03.domain:389
> #uris = ldap://dc03.domain
> base = DC=domain
> #tls = yes
> tls = no
> ldap_version = 3
> auth_bind = yes
> auth_bind_userdn = %u@domain
> #auth_bind_userdn = DOMAIN\%u
> dn = cn=,cn=Users,dc=domain
> dnpass = 
>
> #scope   = subtree
> #deref   = never
>
> user_filter =
> (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@)))
> pass_filter =
> (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@)))
> pass_attrs  = userPassword=password
> user_attrs  = Initials=quota_rule=*:storage=%$MB
> ---
>
>
> --
> Log trace using PORT 389:
> --
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> where=0x10, ret=1: before/accept initialization []
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> where=0x2001, ret=1: before/accept initialization []
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> where=0x2001, ret=1: SSLv3 read client hello A []
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> where=0x2001, ret=1: SSLv3 write server hello A []
> Sep  7 19:00:35  dovecot: imap-login: Debug: SSL:
> where=0x2001, ret=1: SSLv3 write certificate A []
> Sep  7 19:00:35  dovecot: auth: Debug: Loading modules
> from directory: /usr/lib64/dovecot/auth
> Sep  7 19:00:35  dovecot: auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Sep  7 19:00:35  dovecot: auth: Debug: Loading modules
> from directory: /usr/lib64/dovecot/auth
> Sep  7 19:00:35  dovecot: auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libauthdb_ldap.so
> Sep  7 19:00:35  dovecot: auth:

Problem with SHA2/Geotrust and dovecot 2.0.9

2015-09-08 Thread Il Neofita 
Hi
I have renew my geotrust certificate using sha2, and I have problem with
Dovecot 2.0.9 and redhat 6.7.
The same certificate is working in Apache.

The error is

dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM
certificate.

and the configuration file is

ssl_cert=

can't get modseq in logfile

2015-09-08 Thread Andreas Fineske 
Hello,
I've found this in the logfile:
Sep 7 23:16:55 s-imap3 dovecot: dsync-local(timss.iea-dpc.de): Error:
/vmail/iea-dpc.de/timss/Maildir/.Countries.USA/dovecot.index.log:
Transaction log changed unexpectedly, can't get modseq

Can anyone tell me what is worng?

Regards Andreas
--
IEA Data Processing and Research Center
Andreas Fineske
Information and Communication Technology Services
Mexikoring 37
22297 Hamburg
Tel.: 040/48 500 550
Fax:  040/48 500 501
E-Mail: andreas.fine...@iea-dpc.de
Web:  www.iea-dpc.de
--

Re: Public folder subscriptions with Outlook

2015-09-08 Thread Paul Tansom 
** Jerry  [2015-09-08 11:30]:
> On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated:
> >This is more an Outlook issue than Dovecot, but given that it is connected to
> >Dovecot I figured there would be a good pool of knowledge here that increases
> >the likelihood that somebody knows the answer :)
> >
> >I have a Dovecot server setup with a public folder and keep getting
> >complaints that Outlook users don't see new folders created by other people.
> >In Thunderbird it is simply a case of unchecking the box to only show
> >subscribed folders, but I can't find a way to do this in Outlook. The only
> >thing I can think of is putting a script on the server to check for new
> >folders and update each users subcriptions file, but I'm not completely
> >happy with that solution!
> >
> >Any suggestions welcome.
> 
> What version of Outlook?
** end quote [Jerry]

Mainly 2010, but I think there may be a 2003 too. At the moment I'm looking
into using 'subscriptions = yes' in the namespace to use a shared subscriptions
file for the public folder - posting to this list has started me thinking of
things I can do on the server rather than the client.

-- 
 Paul Tansom  |  Aptanet Ltd.  |  https://www.aptanet.com/  |  023 9238 0001
 Vice Chair, FSB Portsmouth & SE Hampshire Branch  |  http://www.fsb.org.uk/
=
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP

Re: Problems setting up SIS (duplicate files with same hash)

2015-09-08 Thread Joe Beaubien 
Can anyone help with SIS?



On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubien 
wrote:

> Hi everyone,
>
> I am currently trying to setup our next dovecot server (2.2.18) with SIS
> enabled, but I have enconutered 1 problem and 1 question:
>
>
> *1) Same attachment, different filenames*
>
> I have a feeling a misconfigured something (or forgot to do something)
> because SIS almost works, but not quite since 3 identical attachment take
> 3x the space (see end of email for my SIS config).
>
> For 3 the emails I sent with the same attachment, I got 3 seperate files
> with the same hash name but a different string following the dash:
>
> -rw--- 1 info info 2.6M Sep  5 11:14
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb550948045c9bf4
> -rw--- 1 info info 2.6M Sep  5 11:16
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb550948045c9bf4
> -rw--- 2 info info 2.6M Sep  5 11:18
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb550948045c9bf4
> drwx-- 2 info info 4.0K Sep  5 11:18 hashes
>
> For the record, the "hashes" subfolder has only 1 hash
> (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the
> first part of the 3 filenames.
>
>
>
> *2) Saving attachments under a generic name or more flexible permissions?*
>
> It seems that dovecot saves the attachment with the username and group of
> the user who has received the email.
>
> Is it possible to have dovecot save the attachments as a generic user
> (like dovecot or dovenull) so that all my different users can share the
> same pool of attachments?
>
> Alternatively, is it possible to have dovecot save the attachment under
> more flexible permissions so that they can be shared between users?
>
> This would allow us to save alot of disk space.
>
>
> *Here is the SIS config I am using:*
>
> mail_attachment_dir = /data/emails/attachments
> #mail_attachment_min_size = 128k
> #mail_attachment_fs = sis posix
> #mail_attachment_hash = %{sha1}
>
>
>
> Any help would be very much appreciated.
>
> Thank you,
>
> Joe B
>

Re: How to "Windows Authenticate"

2015-09-08 Thread Mark Foley 
More experimentation ...

I tried removing userdb and passdb from the dovecot NTLM config. That didn't
work. I then tried adding a static userdb as follows:

userdb {
  driver = static
#  allow_all_users = yes
  args = gid=100 home=/home/HPRS/%n
}

(Interestingly, when I uncommented "allow_all_users" I got an "unsupported
setting" [or something like that], even though that was in there from the
beginning and is shown in the example wiki 
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm)

Anyway, in both tests my error messages were the same:

Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 08 18:38:16 auth: Debug: auth client connected (pid=8758)
Sep 08 18:38:16 auth: Debug: client in: AUTH1   NTLMservice=imap
session=vPWqBUQfeADAqAA6  lip=192.168.0.2  rip=192.168.0.58
lport=143   rport=56184
Sep 08 18:38:16 auth: Debug: client passdb out: CONT1
Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,): user not 
authenticated: NT_STATUS_LOGON_FAILURE
Sep 08 18:38:18 auth: Debug: client passdb out: FAIL1

Notice that my userid (mark or mark@ohprs) is nowhere to be found.  Whereas when
I specified the userdb passwd at least it had a user id in the error log.  From
my previous test with userdb passwd amd passdb shadow:

Sep 05 16:45:19 auth: Debug: client passdb out: OK      1      user=mark@hprs  
original_user=mark@HPRS
Sep 05 16:45:19 auth-worker(5498): Debug: shadow(mark@hprs,192.168.0.58): lookup
Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark@hprs,192.168.0.58): 
unknown user
Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND       998899713

The "Info: ntml" log entry has ntlm(?,192.168.0.58,), whereas
the previous test "Info shadow" log entry has Info: 
shadow(mark@hprs,192.168.0.58).

Of course I have no passdb specified which is right for NTML ... or is it?

I feel like this should be obvious to someone familiar with Dovecot. Once again,
it's difficult for me to believe no on on planet Earth (who also happens to
subscribe to this list) had ever done Dovecot/ntlm from Outlook before.

Help!!! If I can't get this last bit sorted out I'll be forced back to Server
2012 and Exchange.

Thanks, --Mark

-Original Message-
From: Mark Foley 
Date: Mon, 07 Sep 2015 21:28:23 -0400
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Re: How to "Windows Authenticate"

Comments interspersed with yours ...

--Mark

-Original Message-
> Date: Sun, 06 Sep 2015 20:00:11 -0500
> From: Rick Romero 
> To: dovecot@dovecot.org
> Subject: Re: How to "Windows Authenticate"
>
>   Hmm.  I would expect to see 'm...@hprs.com'.  Whatever your full domain
> name is.

Full user@domain would be mark@hprs.local

> It also won't look up /etc/shadow - Samba is doing the AD->Unix UID
> mapping.  Your AD users shouldn't be in there when all is said and done. 

I was thinking this too.  I don't know why NTLM would need a userdb at all.  It
should just use something like ntlm_auth (which is configured in
auth_winbind_helper).

What if I simply removed the userdb?  What would you recommend for userdb, 
passdb?

> Well, at when I did a Samba4 install as a DC it still behaved like a Samba3
> member, and there were no AD users in the local unix passwd files.
>
> What does wbinfo -u provide?  It should list all your users - especially
> because it's an DC.  Whatever wbinfo -u shows, you may need to adjust
> another config file to match waht Dovecot is receiving. 

$ wbinfo -u

Administrator
Guest
krbtgt
dns-mail
mark
sogo
**arr
**ress
**mith
**nee
**ris
**atterson
**armaine
**tkeson
**mmitoh

These are all the AD users (most obfuscated for a bit of security). I am testing
with user mark.

>
> I assume /etc/nsswitch.conf has been modified to use Samba?
>

Unless the Samba provision did something to nnswitch, I've done nothing; nor
have I seen anything in the Samba or dovecot wikis suggesting changes.  Remember
also that the Samba4 AD/DC works perfectly with redirected folders and users
logging on to any Windows workstations, and works perfectly with things wanting
"Windows Authentication" like SQLserver, so the "Windows Authentication" does
work at some level.  My /etc/nsswitch.conf is:

passwd: compat
group:  compat

hosts:  files dns
networks:   files

services:   files
protocols:  files
rpc:files
ethers: files
netmasks:   files
netgroup:   files
bootparams: files

automount:  files
aliases:files

> Sorry I haven't done this, but it doesn't seem like anyone else has either
> - so I'm just shooting in the dark here trying to get you steered in the
> right direction...
>
> Rick

Yeah, I can't seem to find a soul on the planet who has actually done this. If I

Re: Multiple vacation

2015-09-08 Thread Michele Locati 
2015-09-08 17:34 GMT+02:00 Stephan Bosch :

>
>
> Op 8-9-2015 om 17:15 schreef Michele Locati:
>
> I'm using Dovecot 2.2.9 and I'm having problems configuring multiple
>> vacation actions.
>> The problem is that I'd like to have two different senders and two
>> different messages, selecting the correct case by the recipient email
>> address.
>> I mean, if someone writes me to my email address "to-addre...@example.com
>> "
>> I'd like to answer from "from-addre...@example.com" with the message
>> "TEST
>> 1".
>> If someone writes me to my email address "to-addre...@example.com" I'd
>> like
>> to answer from "from-addre...@example.com" with the message "TEST 2".
>>
>> Here's my script:
>>
>> require ["fileinto","vacation"];
>>
>> vacation :addresses ["to-addre...@example.com"] :from "
>> from-addre...@example.com" text:
>> TEST 1
>> .
>> ;
>> }
>>
>> vacation :addresses ["to-addre...@example.com"] :from "
>> from-addre...@example.com" text:
>> TEST 2
>> .
>> ;
>>
>>
>> But the vacation filter doesn't work, and I see this message in the log
>> file:
>>
>> main script: line X: error: duplicate vacation action not allowed
>> (previously triggered one was here: main script: line Y).
>>
>> Is there a way to allow multiple vacation actions?
>>
>
> The script you posted will not even compile. There is a stray '}'.
>
> Anyway, you need to selectively trigger vacation responses. Your script
> tries to send both at all times, which is not allowed by the Sieve
> specification.
>
> You could do something like this:
>
> require ["fileinto","vacation", "envelope"];
>
> if envelope "to" "to-addre...@example.com" {
> vacation :addresses ["to-addre...@example.com"] :from "
> from-addre...@example.com" text:
> TEST 1
> .
> ;
> } elsif envelope "to" "to-addre...@example.com" {
> vacation :addresses ["to-addre...@example.com"] :from "
> from-addre...@example.com" text:
> TEST 2
> .
> ;
> }
>
> Read these for more information:
>
> https://tools.ietf.org/html/rfc5228
> https://tools.ietf.org/html/rfc5230
>
>
> Regards,
>
> Stephan.
>
>

Thank you Stephan
Sorry for the typo: I (badly) extracted part of my script, that is
generated by the managesieve plugin of Roundcube.

As for the RCF, vacation responses gets triggered only if the :address
contains the recipient of the message. Since the two vacation rules contain
different recipient address they wouldn't be triggered at the same time.

Manually editing that script would break the possibility to edit it via the
Roundcube plugin, and I can't absolutely teach every user of my company how
to connect via ssh and edit that script.
So, it's a big pity that is not possible to have two (or more) concurrent
vacation scripts: I'll have to manage every user by hand.

Thank you anyway for your explanation
--
Michele

Multiple vacation

2015-09-08 Thread Michele Locati 
Hi all

I'm using Dovecot 2.2.9 and I'm having problems configuring multiple
vacation actions.
The problem is that I'd like to have two different senders and two
different messages, selecting the correct case by the recipient email
address.
I mean, if someone writes me to my email address "to-addre...@example.com"
I'd like to answer from "from-addre...@example.com" with the message "TEST
1".
If someone writes me to my email address "to-addre...@example.com" I'd like
to answer from "from-addre...@example.com" with the message "TEST 2".

Here's my script:

require ["fileinto","vacation"];

vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 1
.
;
}

vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 2
.
;


But the vacation filter doesn't work, and I see this message in the log
file:

main script: line X: error: duplicate vacation action not allowed
(previously triggered one was here: main script: line Y).

Is there a way to allow multiple vacation actions?

Thank you
Michele

Re: Multiple vacation

2015-09-08 Thread Christian Kivalo 


Am 08. September 2015 17:15:13 MESZ, schrieb Michele Locati :
>Hi all
>
>I'm using Dovecot 2.2.9 and I'm having problems configuring multiple
>vacation actions.
>The problem is that I'd like to have two different senders and two
>different messages, selecting the correct case by the recipient email
>address.
>I mean, if someone writes me to my email address
>"to-addre...@example.com"
>I'd like to answer from "from-addre...@example.com" with the message
>"TEST
>1".
>If someone writes me to my email address "to-addre...@example.com" I'd
>like
>to answer from "from-addre...@example.com" with the message "TEST 2".
>
>Here's my script:
>
>require ["fileinto","vacation"];
>
>vacation :addresses ["to-addre...@example.com"] :from "
>from-addre...@example.com" text:
>TEST 1
>.
>;
>}
>
>vacation :addresses ["to-addre...@example.com"] :from "
>from-addre...@example.com" text:
>TEST 2
>.
>;
>
>
>But the vacation filter doesn't work, and I see this message in the log
>file:
>
>main script: line X: error: duplicate vacation action not allowed
>(previously triggered one was here: main script: line Y).
>
>Is there a way to allow multiple vacation actions?

Should be possible with an if elsif clause.

eg 

If address :is "to" "address 1" {
vacation1
} elsif address :is "to" "address 2" {
vacation2
}

Look at the sieve configuration examples at 
http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples 

Also take a look at the sieve vacation RFC, part 4.8, Examples at 
https://tools.ietf.org/html/rfc5230#section-4.8

>Thank you
>Michele

Regards
- c

Re: Problems setting up SIS (duplicate files with same hash)

2015-09-08 Thread Joe Beaubien 
I figured out item #1, however, #2 is still problematic.

How can I setup dovecot to handle multiple mailboxes with SIS?

If I use "sis posix", the folders /var/attachments/[0-9a-f][0-9a-f] get
created under the name of the first mailbox. Whenevver the second mailbox
tries to read/write to those folders, it fails. Also, it seems that the
attachments never get deduplicated, but i'll deal with that later.

If I use "sis-queue", then the files get deduplicated, but I cannot fix the
multiple mailbox issues. I tried adding %u to the mail_attachment_dir,
whcih seems to work at first. But when I try to deduplicate the attachments
with "doveadm sis deduplicate" it seems that mail_attachment_fs does not
support %u and the path does not resolve properly.

Any ideas?

Thanks,

Joe B

I'm trying to run SIS with queueing enabled

I tried running SIS with "sis posix", however when the
/var/attachments/[0-9a-f][0-9a-f] folders get created under the name of the
first mailbox, the second mailbox cannot write/read to them.

I then tried adding %u to mail_attachment_dir, but then I had errors when
running doveadm sis deduplicate because mail_attachment_fs doesn't seem to
support %u in the queue path.

How can I support multiple mailboxes with SIS???

On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubien 
wrote:

> Hi everyone,
>
> I am currently trying to setup our next dovecot server (2.2.18) with SIS
> enabled, but I have enconutered 1 problem and 1 question:
>
>
> *1) Same attachment, different filenames*
>
> I have a feeling a misconfigured something (or forgot to do something)
> because SIS almost works, but not quite since 3 identical attachment take
> 3x the space (see end of email for my SIS config).
>
> For 3 the emails I sent with the same attachment, I got 3 seperate files
> with the same hash name but a different string following the dash:
>
> -rw--- 1 info info 2.6M Sep  5 11:14
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb550948045c9bf4
> -rw--- 1 info info 2.6M Sep  5 11:16
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb550948045c9bf4
> -rw--- 2 info info 2.6M Sep  5 11:18
> e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb550948045c9bf4
> drwx-- 2 info info 4.0K Sep  5 11:18 hashes
>
> For the record, the "hashes" subfolder has only 1 hash
> (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the
> first part of the 3 filenames.
>
>
>
> *2) Saving attachments under a generic name or more flexible permissions?*
>
> It seems that dovecot saves the attachment with the username and group of
> the user who has received the email.
>
> Is it possible to have dovecot save the attachments as a generic user
> (like dovecot or dovenull) so that all my different users can share the
> same pool of attachments?
>
> Alternatively, is it possible to have dovecot save the attachment under
> more flexible permissions so that they can be shared between users?
>
> This would allow us to save alot of disk space.
>
>
> *Here is the SIS config I am using:*
>
> mail_attachment_dir = /data/emails/attachments
> #mail_attachment_min_size = 128k
> #mail_attachment_fs = sis posix
> #mail_attachment_hash = %{sha1}
>
>
>
> Any help would be very much appreciated.
>
> Thank you,
>
> Joe B
>

Re: Dovecot and IPA

2015-09-08 Thread Timo Sirainen 
On 09/08/2015 06:14 PM, Kanwar Ranbir Sandhu wrote:
> On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote:
>> I guess it's now crashing with this:
>>
>> auth: Panic: file auth-request.c: line 733
>> (auth_request_is_disabled_master_user): assertion failed: (request
>> ->requested_login_user != NULL)
>>
>> That's a bug in the Dovecot version you're using. Upgrade.
> 
> That's just awesome. I saw that in the debug log before I posted to the
> list, but I was hoping it was being triggered by a bad configuration on
> my part. :/
> 
> Ima screwed until an update is release by the CentOS team and they'll
> be waiting until Red Hat does something about it.
> 
> :: cries ::
> 
> Thanks to everyone for the help! At least now I know it's not my fault.

You can probably work around that by configuring something like:

passdb {
  driver = passwd-file
  args = /etc/dovecot/passwd.master
  master = yes
}

The passwd.master file itself can be empty.

Re: Multiple vacation

2015-09-08 Thread Stephan Bosch 



Op 8-9-2015 om 17:15 schreef Michele Locati:

I'm using Dovecot 2.2.9 and I'm having problems configuring multiple
vacation actions.
The problem is that I'd like to have two different senders and two
different messages, selecting the correct case by the recipient email
address.
I mean, if someone writes me to my email address "to-addre...@example.com"
I'd like to answer from "from-addre...@example.com" with the message "TEST
1".
If someone writes me to my email address "to-addre...@example.com" I'd like
to answer from "from-addre...@example.com" with the message "TEST 2".

Here's my script:

require ["fileinto","vacation"];

vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 1
.
;
}

vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 2
.
;


But the vacation filter doesn't work, and I see this message in the log
file:

main script: line X: error: duplicate vacation action not allowed
(previously triggered one was here: main script: line Y).

Is there a way to allow multiple vacation actions?


The script you posted will not even compile. There is a stray '}'.

Anyway, you need to selectively trigger vacation responses. Your script 
tries to send both at all times, which is not allowed by the Sieve 
specification.


You could do something like this:

require ["fileinto","vacation", "envelope"];

if envelope "to" "to-addre...@example.com" {
vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 1
.
;
} elsif envelope "to" "to-addre...@example.com" {
vacation :addresses ["to-addre...@example.com"] :from "
from-addre...@example.com" text:
TEST 2
.
;
}

Read these for more information:

https://tools.ietf.org/html/rfc5228
https://tools.ietf.org/html/rfc5230


Regards,

Stephan.

Re: Dovecot and IPA

2015-09-08 Thread Kanwar Ranbir Sandhu 
On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote:
> I guess it's now crashing with this:
> 
> auth: Panic: file auth-request.c: line 733
> (auth_request_is_disabled_master_user): assertion failed: (request
> ->requested_login_user != NULL)
> 
> That's a bug in the Dovecot version you're using. Upgrade.

That's just awesome. I saw that in the debug log before I posted to the
list, but I was hoping it was being triggered by a bad configuration on
my part. :/

Ima screwed until an update is release by the CentOS team and they'll
be waiting until Red Hat does something about it.

:: cries ::

Thanks to everyone for the help! At least now I know it's not my fault.

Regards,

Ranbir

-- 
Kanwar R.S. Sandhu

Re: Dovecot and IPA

2015-09-08 Thread Kanwar Ranbir Sandhu 
On Tue, 2015-09-08 at 19:27 +0300, Timo Sirainen wrote:
> You can probably work around that by configuring something like:
> 
> passdb {
>   driver = passwd-file
>   args = /etc/dovecot/passwd.master
>   master = yes
> }
> 
> The passwd.master file itself can be empty.

Where do I add this config: in auth-static.conf.ext?

I take it a master user isn't absolutely required, but to workaround
this bug, one must be configured?

Ranbir

-- 
Kanwar R.S. Sandhu

Re: Dovecot and IPA

2015-09-08 Thread Benny Pedersen 

Kanwar Ranbir Sandhu skrev den 2015-09-08 17:14:


Thanks to everyone for the help! At least now I know it's not my fault.


only fault if any you maked was to choice a precompiled problem, but try 
to make a bugreport at redhat on it, possible also on other distros that 
is precompiled, if you find another os that solves it faster, you have 
found a possible os to install :=)