Re: bug in acl_defaults_from_inbox option
On 2015-09-07 23:10, Timo Sirainen wrote: This happens to all boolean settings inside plugin {}. Not ideal, but also not something that will get fixed without some larger settings code changes. ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is better to add it on a general page about configuration, to save future sysadmin headaches ;-) -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giu...@sissa.it| ---
Re: Different behavior of ACLs in MUA and doveadm
* Thomas Leuxner2014.12.31 22:10: namespace { list = yes location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public prefix = Public/ separator = / subscriptions = no type = public } $ cat /var/vmail/conf.d/leuxner.net/global-acl INBOX owner lrwstiekxap Public/* group=PublicMailboxAdmins lrwsipk Public/* anyone lr Public/* authenticated lrws $ doveadm mailbox create -u t...@leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(t...@leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied $ doveadm acl get -u t...@leuxner.net Public/Archive/Mailing-Lists/Dovecot doveadm(t...@leuxner.net): Error: Can't open mailbox Public/Archive/Mailing-Lists/Dovecot: Mailbox doesn't exist: Public/Archive/Mailing-Lists/Dovecot ID Global Rights I retested this issue after all the HG commits. Doveadm still treats the namespace/ACL differently compared to a MUA. While doveadm refuses to create the mailbox, the MUA succeeds. However I'd like to do all this scripted using doveadm ideally... $ openssl s_client -connect host.domain.tld:143 -starttls imap . OK Pre-login capabilities listed, post-login capabilities have more. 1 login t...@leuxner.net * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk 1 OK Logged in 2 list "Public/Archive" * [...] * LIST (\Noselect \HasChildren) "/" Public/Archive/Mailing-Lists/Dovecot * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2014 * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2013 * LIST (\HasNoChildren \UnMarked) "/" Public/Archive/Mailing-Lists/Dovecot/2012 [...] 2 OK List completed (0.016 secs). 3 create "Public/Archive/Mailing-Lists/Dovecot/2015" 3 OK Create completed (0.006 secs). 4 list "Public/Archive" * [...] * LIST (\HasNoChildren) "/" Public/Archive/Mailing-Lists/Dovecot/2015 signature.asc Description: Digital signature
My dovecot works fine against Active Directory 2003, but not against AD2008
Hello, my dovecot installation has been working fine against AD till we upgrade from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to connect AD through 389 port. The port 3268 works fine though. (...) Sep 7 19:02:05 dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) Sep 7 19:02:05 dovecot: imap-login: Internal login failure (pid=4846 id=1) (internal failure, 1 successful auths): user=<>, method=PLAIN, rip=, lip=, TLS, session=(...) Sep 7 19:02:06 dovecot: auth: Error: ldap(,,): Connection appears to be hanging, reconnecting Sep 7 19:02:06 dovecot: auth: Error: ldap(,, ): LDAP search returned multiple entries (...) Is there a technical reason for this problem? Does it exist any workaround? The use of Global Catalog (port 3268) is not a solution for me, since it misses many attributes. (ex. I use the field "initials" to set the quota and this field is not available through port 3268). I also noticed that, now, it uses any DC available in the domain, it doesn't care what I configured in "hosts = " parameter. This is using "hosts = dc03.domain:389": --- [root@ ~]# netstat -anp | grep dovecot | grep auth tcp 22 0 :55217 :389 ESTABLISHED 4872/dovecot/auth tcp 22 0 :57645 :389ESTABLISHED 4872/dovecot/auth tcp0 0 :55216 :389 ESTABLISHED 4872/dovecot/auth It looks like it does a look up for other domains controller (I don't know how nor why) and it connect aleatory to any DC in my domain (in this case dc06.domain, but it changes any time), additionally to the configured one (dc03.domain). This is using "hosts = dc03.domain:3268": [root@ ~]# netstat -anp | grep dovecot | grep auth tcp0 0 :58485 :3268 ESTABLISHED 4982/dovecot/auth In this case, only the configured server in host parameter is used (I think this is the right behaviour) Aditional info: --- CentOS Linux release 7.0.1406 (Core) dovecot 2.2.10 Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql My /etc/dovecot/dovecot-ldap.conf.ext -- #hosts = dc03.domain:3268 hosts = dc03.domain:389 #uris = ldap://dc03.domain base = DC=domain #tls = yes tls = no ldap_version = 3 auth_bind = yes auth_bind_userdn = %u@domain #auth_bind_userdn = DOMAIN\%u dn = cn=,cn=Users,dc=domain dnpass = #scope = subtree #deref = never user_filter = (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) pass_filter = (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) pass_attrs = userPassword=password user_attrs = Initials=quota_rule=*:storage=%$MB --- -- Log trace using PORT 389: -- Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [] Sep 7 19:00:35 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Sep 7 19:00:35 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Sep 7 19:00:35 dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [] Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
File permissions: system groups for do not work for group/shared mailboxes
Hello! I am struggling to set up a group mailbox for users of a certain system group. I want to grant access to the mailbox on a filesystem mode by using the system groups. The problem, the set up works fine and when I use setfacl and grant permissions too each user manually, it works fine. However, I want to use a system user's group membership in order to grant access to these mailboxes insted of manually granting for each user. dovecot version: 2.2.9 This is the config part: namespace { location = maildir:/data/mail/public:LAYOUT=fs prefix = GROUP-MAILBOXES/ separator = / subscriptions = no type = public } ... passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } ... userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } filesystem permissions (getfacl): # file: GroupboxA/ # owner: root # group: root user::rwx user:user1:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:user1:rwx default:group::rwx default:mask::rwx default:other::--- # file: GroupboxB/ # owner: root # group: root user::rwx group::rwx group:group1:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:group1:rwx default:mask::rwx default:other::--- user1 is in roup1 When setting username-based permissions (GroupboxA), the mailbox is usable and subsribable; when setting groupname-based permissions (GroupboxB) it is not subscribable/usable. Thanks for your help in advance and best regards, Jens
Re: charset-iconv.c panic
> On 08 Sep 2015, at 00:36, Timo Sirainenwrote: > > On 07/29/2015 04:02 PM, mihaiush wrote: >> Hi, >> >> I have a mailbox where indexing fails with the following error: >> >> # /opt/dovecot2/bin/doveadm -c /tmp/dovecot.conf -o >> mail_location=/tmp/skesselring index '*' >> doveadm(root): Panic: file charset-iconv.c: line 132 (charset_to_utf8): >> assertion failed: (*src_size - pos <= CHARSET_MAX_PENDING_BUF_SIZE) > > Is it possible for you to send the broken mail to me? Otherwise it would > be pretty difficult to figure out how to fix this. > > Also applying this patch would make it a bit clearer where the problem > is: http://hg.dovecot.org/dovecot-2.2/rev/9fdbb3b220ec > >>ctx = {mail = 0x23639b0, update_ctx = 0x2355980, content_type = >> 0x2371540 "text/*", content_disposition = 0x2371fa0 "attachment; >> filename=\"PTT-20141109-WA0001.amr\"", body_parser = 0x23832a0, word_buf = > > So the problem is with indexing an attachment called "PTT-20141109 > WA0001.amr". Fixed: http://hg.dovecot.org/dovecot-2.2/rev/cb4fcdc716e2 It doesn't seem to happen with newer glibc versions though, at least not in my Debian unstable.
Re: Different behavior of ACLs in MUA and doveadm
* Timo Sirainen2015.09.08 14:28: > > Both debug levels raised, it doesn't log about the problem when using > > doveadm. I guess the patch is not enough: > > With doveadm you need to give -D parameter for it to log debug output. Comparing this to the previous imap log it does seem to ignore the global ACL pattern: $ doveadm -D mailbox create -u t...@leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_virtual_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib90_stats_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(t...@leuxner.net): Debug: auth input: t...@leuxner.net quota_rule=*:storage=5G acl_groups=PublicMailboxAdmins uid=5000 gid=5000 home=/var/vmail/domains/leuxner.net/tlx doveadm(t...@leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins doveadm(t...@leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G doveadm(t...@leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx doveadm(t...@leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled doveadm(t...@leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota doveadm(t...@leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 doveadm(t...@leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 doveadm(t...@leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) doveadm(t...@leuxner.net): Debug: dict quota: user=t...@leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 doveadm(t...@leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox doveadm(t...@leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, alt= doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net doveadm(t...@leuxner.net): Debug: acl: owner = 1 doveadm(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(t...@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(t...@leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public doveadm(t...@leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net doveadm(t...@leuxner.net): Debug: acl: owner = 0 doveadm(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(t...@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(t...@leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual doveadm(t...@leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= doveadm(t...@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(t...@leuxner.net): Debug: acl: acl username =
Re: segfault when using zlib module with glibc 2.22
Hi, On Mon, 24 Aug 2015 19:18:41 +0300 Timo Sirainenwrote: > If it only happens with Arch Linux with an updated glibc version, I doubt the > problem is with Dovecot's code. It's indeed a glibc issue and it appears upstream already has a fix and that fix has been merged into Arch Linux' glibc 2.22-3 package. Thanks for the pointer. Florian pgp4YzeaIFKgz.pgp Description: OpenPGP digital signature
Fetch command response questions
Hello, I have the following issue: When using command FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE) on 2 different emails, we get 2 different response structure. First response structure contains the BODYSTRUCTURE in a single line, while in the second response, the BODYSTRUCTURE is divided into multiple lines with "{61}" character at the end of each line. The difference between those 2 emails is the name of some attachments. The attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog "freeing a free fragment"" Is this a sort of bug or is it correct to receive the BODYSTRUCTURE on multiple lines? Vlad Pop
Re: Different behavior of ACLs in MUA and doveadm
On 09/08/2015 02:26 PM, Thomas Leuxner wrote: > * Timo Sirainen2015.09.08 12:20: > >> How does the PublicMailboxAdmins group get set? Looks to me like the problem >> is that it's not getting set to doveadm. Here's an easy way to check if >> that's the problem or something else: >> http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 >> >> If that doesn't help: Show your full doveconf -n, set auth_debug=yes and >> mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a >> difference somewhere in there. > > $ doveadm mailbox create -u t...@leuxner.net > Public/Archive/Mailing-Lists/Dovecot/2015 > doveadm(t...@leuxner.net): Error: Can't create mailbox > Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied > > Both debug levels raised, it doesn't log about the problem when using > doveadm. I guess the patch is not enough: With doveadm you need to give -D parameter for it to log debug output.
Public folder subscriptions with Outlook
This is more an Outlook issue than Dovecot, but given that it is connected to Dovecot I figured there would be a good pool of knowledge here that increases the likelihood that somebody knows the answer :) I have a Dovecot server setup with a public folder and keep getting complaints that Outlook users don't see new folders created by other people. In Thunderbird it is simply a case of unchecking the box to only show subscribed folders, but I can't find a way to do this in Outlook. The only thing I can think of is putting a script on the server to check for new folders and update each users subcriptions file, but I'm not completely happy with that solution! Any suggestions welcome. -- Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 Vice Chair, FSB Portsmouth & SE Hampshire Branch | http://www.fsb.org.uk/ = Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
Re: [Dovecot] dsync replication errors
On 08 Sep 2015, at 11:20, Sergey Schwartzwrote: > > I use mdbox and probably have similar issue, but in my case only shared > mailboxes were affected. Yes, shared mailboxes don't work nicely with replication. Replication is locking only the original user, so for shared mailboxes multiple dsyncs can be running in parallel and messing things up. A bit troublesome to fix this. I've had this issue happening for a couple of years now for our mails and I haven't bothered fixing it, so it's unlikely I'll do it anytime soon.. Although I haven't seen that many duplicates of the mails - just 10 or so.
Re: Public folder subscriptions with Outlook
On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated: >This is more an Outlook issue than Dovecot, but given that it is connected to >Dovecot I figured there would be a good pool of knowledge here that increases >the likelihood that somebody knows the answer :) > >I have a Dovecot server setup with a public folder and keep getting >complaints that Outlook users don't see new folders created by other people. >In Thunderbird it is simply a case of unchecking the box to only show >subscribed folders, but I can't find a way to do this in Outlook. The only >thing I can think of is putting a script on the server to check for new >folders and update each users subcriptions file, but I'm not completely >happy with that solution! > >Any suggestions welcome. What version of Outlook? -- Jerry pgpUkYX17nsFN.pgp Description: OpenPGP digital signature
sieve_extprograms - double linebreaks at filtering
Hello List, i have a problem when using sieve-plugin sieve_extprograms. I use dovecot 2.2.18 and bundled pigeonhole 0.4.6 (Ubuntu 14.04.3 LTS) i have enabled sieve_extprograms and vnd.dovecot.filter to send mail to user-defined script and get changed content back. My script previously was used with procmail and is working fine. Using same script with vnd.dovecot.filter leads to odd behavior. I already found out the problem itself: By sending Mailcontent to filter-programm it seems that sieve/sieve_extprograms is adding additional linebreaks to every line of complete mail. Please see this image to clarify: http://r31i.imgup.net/header8d56.jpg?l=de Every lineending got additional windows-lineendings, which leads to problems with processing scripts. Piping mails by procmail to same script is working without problems, because this mails are recieved "clean" without the "^M". this is part of dovecot.conf: plugin { sieve = ~/.dovecot.sieve sieve_plugins = sieve_extprograms sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir = /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ } this is part of userscript ~/.dovecot.sieve: require ["fileinto", "vacation", "variables", "envelope", "imap4flags", "vnd.dovecot.filter", "subaddress"]; if address "to" "te...@example.com" { filter "my-script"; } my-script currently just recieves and saves raw-data, so i could find difference between sieve and procmail mails. What to do here? Is this a kind of bug of sieve/sieve_extprograms or i have to use additional parameters? Thanks, Hajo
Re: Dovecot and IPA
> On 08 Sep 2015, at 06:16, Kanwar Ranbir Sandhu> wrote: > > On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote: >> change password before debug logs >> >> then run debug >> >> change password >> >> paste it >> >> is safe > > Here's the in rawlog: > > 1441680001.046492 B1 AUTHENTICATE GSSAPI So it is using AUTHENTICATE GSSAPI. > 1441680001.096713 B1 NO [UNAVAILABLE] Temporary authentication > failure. [mailman02.theinside.rnr:2015-09-08 02:40:01] > 1441680001.096726 * OK Waiting for authentication process to respond.. I guess it's now crashing with this: auth: Panic: file auth-request.c: line 733 (auth_request_is_disabled_master_user): assertion failed: (request->requested_login_user != NULL) That's a bug in the Dovecot version you're using. Upgrade.
Re: Different behavior of ACLs in MUA and doveadm
On 31 Dec 2014, at 23:10, Thomas Leuxnerwrote: > > I have noticed a difference in the behavior of ACLs. When used in a MUA the > following global ACL works fine and has the desired effect - new mailboxes > can be created by a user being part of the 'PublicMailboxAdmins' group: How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there.
Re: Different behavior of ACLs in MUA and doveadm
* Timo Sirainen2015.09.08 12:20: > How does the PublicMailboxAdmins group get set? Looks to me like the problem > is that it's not getting set to doveadm. Here's an easy way to check if > that's the problem or something else: > http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 > > If that doesn't help: Show your full doveconf -n, set auth_debug=yes and > mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a > difference somewhere in there. $ doveadm mailbox create -u t...@leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(t...@leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: Sep 8 13:19:07 nihlus dovecot: auth: Debug: master in: USER#0111#011...@leuxner.net#011service=doveadm Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(t...@leuxner.net): userdb cache miss Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file /var/vmail/auth.d/leuxner.net/passwd: Read 1 users in 0 secs Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(t...@leuxner.net): lookup: user=t...@leuxner.net file=/var/vmail/auth.d/leuxner.net/passwd Sep 8 13:19:07 nihlus dovecot: auth: Debug: userdb out: USER#0111#011...@leuxner.net#011uid=5000#011gid=5000#011home=/var/vmail/domains/leuxner.net/tlx#011quota_rule=*:storage=5G#011acl_groups=PublicMailboxAdmins With IMAP it is more talkative: 3 create "Public/Archive/Mailing-Lists/Dovecot/2015" Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: dict quota: user=t...@leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox /public Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: acl username = t...@leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: owner = 0 Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual Sep 8 13:06:29 nihlus dovecot: imap(t...@leuxner.net): Debug: fs:
Re: Fetch command response questions
On 09/08/2015 02:58 PM, Vlad Pop wrote: > Hello, > > > > I have the following issue: > > > > When using command > > FETCH 2 (BODY.PEEK[HEADER] UID INTERNALDATE FLAGS BODYSTRUCTURE) > > on 2 different emails, we get 2 different response structure. > > > > First response structure contains the BODYSTRUCTURE in a single line, while > in the second response, the BODYSTRUCTURE is divided into multiple lines with > "{61}" character at the end of each line. > > > > The difference between those 2 emails is the name of some attachments. The > attachment is an .eml file named "Re: [SR-Users] Keep-Alive in dialog > "freeing a free fragment"" > > > > Is this a sort of bug or is it correct to receive the BODYSTRUCTURE on > multiple lines? IMAP server can decide whether it returns a "string" or {123}\r\nliteral. Dovecot decides this in such a way that it sends the minimum number of bytes to the IMAP client. So there is no bug in Dovecot.
Re: My dovecot works fine against Active Directory 2003, but not against AD2008
I've logged a session using the option debug_level = -1. The log is attached. I still don't understand what is happening and why all my domain controllers are being used even when I just use one of them in "host" parameter in my /etc/dovecot/dovecot-ldap.conf.ext. Thanks in advance, Regards El 08/09/2015 a las 11:00, Fran escribió: > Hello, > > my dovecot installation has been working fine against AD till we upgrade > from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP > said, now I'm not able to connect AD through 389 port. The port 3268 > works fine though. > > (...) > Sep 7 19:02:05 dovecot: imap-login: Error: > master(imap): Auth request timed out (received 0/12 bytes) > Sep 7 19:02:05 dovecot: imap-login: Internal login > failure (pid=4846 id=1) (internal failure, 1 successful auths): > user=<>, method=PLAIN, rip=, > lip=, TLS, session=> (...) > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,,): Connection appears > to be hanging, reconnecting > Sep 7 19:02:06 dovecot: auth: Error: > ldap(,, ): LDAP search returned > multiple entries > (...) > > Is there a technical reason for this problem? Does it exist any workaround? > > The use of Global Catalog (port 3268) is not a solution for me, since it > misses many attributes. (ex. I use the field "initials" to set the quota > and this field is not available through port 3268). > > I also noticed that, now, it uses any DC available in the domain, it > doesn't care what I configured in "hosts = " parameter. > > This is using "hosts = dc03.domain:389": > --- > > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp 22 0 :55217 > :389 ESTABLISHED 4872/dovecot/auth > tcp 22 0 :57645 > :389ESTABLISHED 4872/dovecot/auth > tcp0 0 :55216 > :389 ESTABLISHED 4872/dovecot/auth > > It looks like it does a look up for other domains controller (I don't > know how nor why) and it connect aleatory to any DC in my domain (in > this case dc06.domain, but it changes any time), additionally to the > configured one (dc03.domain). > > This is using "hosts = dc03.domain:3268": > > [root@ ~]# netstat -anp | grep dovecot | grep auth > tcp0 0 :58485 > :3268 ESTABLISHED 4982/dovecot/auth > > In this case, only the configured server in host parameter is used (I > think this is the right behaviour) > > > Aditional info: > --- > CentOS Linux release 7.0.1406 (Core) > > dovecot 2.2.10 > > Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 > Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail > SQL driver plugins: mysql postgresql sqlite > Passdb: checkpassword ldap pam passwd passwd-file shadow sql > Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql > > > My /etc/dovecot/dovecot-ldap.conf.ext > -- > #hosts = dc03.domain:3268 > hosts = dc03.domain:389 > #uris = ldap://dc03.domain > base = DC=domain > #tls = yes > tls = no > ldap_version = 3 > auth_bind = yes > auth_bind_userdn = %u@domain > #auth_bind_userdn = DOMAIN\%u > dn = cn=,cn=Users,dc=domain > dnpass = > > #scope = subtree > #deref = never > > user_filter = > (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_filter = > (&(userPrincipalName=%u@domain)(objectClass=person)(|(mail=%u@)(othermailbox=%u@))) > pass_attrs = userPassword=password > user_attrs = Initials=quota_rule=*:storage=%$MB > --- > > > -- > Log trace using PORT 389: > -- > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x10, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [] > Sep 7 19:00:35 dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [] > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Sep 7 19:00:35 dovecot: auth: Debug: Loading modules > from directory: /usr/lib64/dovecot/auth > Sep 7 19:00:35 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Sep 7 19:00:35 dovecot: auth:
Problem with SHA2/Geotrust and dovecot 2.0.9
Hi I have renew my geotrust certificate using sha2, and I have problem with Dovecot 2.0.9 and redhat 6.7. The same certificate is working in Apache. The error is dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. and the configuration file is ssl_cert=
can't get modseq in logfile
Hello, I've found this in the logfile: Sep 7 23:16:55 s-imap3 dovecot: dsync-local(timss.iea-dpc.de): Error: /vmail/iea-dpc.de/timss/Maildir/.Countries.USA/dovecot.index.log: Transaction log changed unexpectedly, can't get modseq Can anyone tell me what is worng? Regards Andreas -- IEA Data Processing and Research Center Andreas Fineske Information and Communication Technology Services Mexikoring 37 22297 Hamburg Tel.: 040/48 500 550 Fax: 040/48 500 501 E-Mail: andreas.fine...@iea-dpc.de Web: www.iea-dpc.de --
Re: Public folder subscriptions with Outlook
** Jerry[2015-09-08 11:30]: > On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated: > >This is more an Outlook issue than Dovecot, but given that it is connected to > >Dovecot I figured there would be a good pool of knowledge here that increases > >the likelihood that somebody knows the answer :) > > > >I have a Dovecot server setup with a public folder and keep getting > >complaints that Outlook users don't see new folders created by other people. > >In Thunderbird it is simply a case of unchecking the box to only show > >subscribed folders, but I can't find a way to do this in Outlook. The only > >thing I can think of is putting a script on the server to check for new > >folders and update each users subcriptions file, but I'm not completely > >happy with that solution! > > > >Any suggestions welcome. > > What version of Outlook? ** end quote [Jerry] Mainly 2010, but I think there may be a 2003 too. At the moment I'm looking into using 'subscriptions = yes' in the namespace to use a shared subscriptions file for the public folder - posting to this list has started me thinking of things I can do on the server rather than the client. -- Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 Vice Chair, FSB Portsmouth & SE Hampshire Branch | http://www.fsb.org.uk/ = Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
Re: Problems setting up SIS (duplicate files with same hash)
Can anyone help with SIS? On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubienwrote: > Hi everyone, > > I am currently trying to setup our next dovecot server (2.2.18) with SIS > enabled, but I have enconutered 1 problem and 1 question: > > > *1) Same attachment, different filenames* > > I have a feeling a misconfigured something (or forgot to do something) > because SIS almost works, but not quite since 3 identical attachment take > 3x the space (see end of email for my SIS config). > > For 3 the emails I sent with the same attachment, I got 3 seperate files > with the same hash name but a different string following the dash: > > -rw--- 1 info info 2.6M Sep 5 11:14 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb550948045c9bf4 > -rw--- 1 info info 2.6M Sep 5 11:16 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb550948045c9bf4 > -rw--- 2 info info 2.6M Sep 5 11:18 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb550948045c9bf4 > drwx-- 2 info info 4.0K Sep 5 11:18 hashes > > For the record, the "hashes" subfolder has only 1 hash > (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the > first part of the 3 filenames. > > > > *2) Saving attachments under a generic name or more flexible permissions?* > > It seems that dovecot saves the attachment with the username and group of > the user who has received the email. > > Is it possible to have dovecot save the attachments as a generic user > (like dovecot or dovenull) so that all my different users can share the > same pool of attachments? > > Alternatively, is it possible to have dovecot save the attachment under > more flexible permissions so that they can be shared between users? > > This would allow us to save alot of disk space. > > > *Here is the SIS config I am using:* > > mail_attachment_dir = /data/emails/attachments > #mail_attachment_min_size = 128k > #mail_attachment_fs = sis posix > #mail_attachment_hash = %{sha1} > > > > Any help would be very much appreciated. > > Thank you, > > Joe B >
Re: How to "Windows Authenticate"
More experimentation ... I tried removing userdb and passdb from the dovecot NTLM config. That didn't work. I then tried adding a static userdb as follows: userdb { driver = static # allow_all_users = yes args = gid=100 home=/home/HPRS/%n } (Interestingly, when I uncommented "allow_all_users" I got an "unsupported setting" [or something like that], even though that was in there from the beginning and is shown in the example wiki http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm) Anyway, in both tests my error messages were the same: Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 08 18:38:16 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Sep 08 18:38:16 auth: Debug: auth client connected (pid=8758) Sep 08 18:38:16 auth: Debug: client in: AUTH1 NTLMservice=imap session=vPWqBUQfeADAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=56184 Sep 08 18:38:16 auth: Debug: client passdb out: CONT1 Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,): user not authenticated: NT_STATUS_LOGON_FAILURE Sep 08 18:38:18 auth: Debug: client passdb out: FAIL1 Notice that my userid (mark or mark@ohprs) is nowhere to be found. Whereas when I specified the userdb passwd at least it had a user id in the error log. From my previous test with userdb passwd amd passdb shadow: Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark@hprs original_user=mark@HPRS Sep 05 16:45:19 auth-worker(5498): Debug: shadow(mark@hprs,192.168.0.58): lookup Sep 05 16:45:19 auth-worker(5498): Info: shadow(mark@hprs,192.168.0.58): unknown user Sep 05 16:45:19 auth: Debug: master userdb out: NOTFOUND 998899713 The "Info: ntml" log entry has ntlm(?,192.168.0.58,), whereas the previous test "Info shadow" log entry has Info: shadow(mark@hprs,192.168.0.58). Of course I have no passdb specified which is right for NTML ... or is it? I feel like this should be obvious to someone familiar with Dovecot. Once again, it's difficult for me to believe no on on planet Earth (who also happens to subscribe to this list) had ever done Dovecot/ntlm from Outlook before. Help!!! If I can't get this last bit sorted out I'll be forced back to Server 2012 and Exchange. Thanks, --Mark -Original Message- From: Mark FoleyDate: Mon, 07 Sep 2015 21:28:23 -0400 Organization: Ohio Highway Patrol Retirement System To: dovecot@dovecot.org Subject: Re: How to "Windows Authenticate" Comments interspersed with yours ... --Mark -Original Message- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero > To: dovecot@dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'm...@hprs.com'. Whatever your full domain > name is. Full user@domain would be mark@hprs.local > It also won't look up /etc/shadow - Samba is doing the AD->Unix UID > mapping. Your AD users shouldn't be in there when all is said and done. I was thinking this too. I don't know why NTLM would need a userdb at all. It should just use something like ntlm_auth (which is configured in auth_winbind_helper). What if I simply removed the userdb? What would you recommend for userdb, passdb? > Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 > member, and there were no AD users in the local unix passwd files. > > What does wbinfo -u provide? It should list all your users - especially > because it's an DC. Whatever wbinfo -u shows, you may need to adjust > another config file to match waht Dovecot is receiving. $ wbinfo -u Administrator Guest krbtgt dns-mail mark sogo **arr **ress **mith **nee **ris **atterson **armaine **tkeson **mmitoh These are all the AD users (most obfuscated for a bit of security). I am testing with user mark. > > I assume /etc/nsswitch.conf has been modified to use Samba? > Unless the Samba provision did something to nnswitch, I've done nothing; nor have I seen anything in the Samba or dovecot wikis suggesting changes. Remember also that the Samba4 AD/DC works perfectly with redirected folders and users logging on to any Windows workstations, and works perfectly with things wanting "Windows Authentication" like SQLserver, so the "Windows Authentication" does work at some level. My /etc/nsswitch.conf is: passwd: compat group: compat hosts: files dns networks: files services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files bootparams: files automount: files aliases:files > Sorry I haven't done this, but it doesn't seem like anyone else has either > - so I'm just shooting in the dark here trying to get you steered in the > right direction... > > Rick Yeah, I can't seem to find a soul on the planet who has actually done this. If I
Re: Multiple vacation
2015-09-08 17:34 GMT+02:00 Stephan Bosch: > > > Op 8-9-2015 om 17:15 schreef Michele Locati: > > I'm using Dovecot 2.2.9 and I'm having problems configuring multiple >> vacation actions. >> The problem is that I'd like to have two different senders and two >> different messages, selecting the correct case by the recipient email >> address. >> I mean, if someone writes me to my email address "to-addre...@example.com >> " >> I'd like to answer from "from-addre...@example.com" with the message >> "TEST >> 1". >> If someone writes me to my email address "to-addre...@example.com" I'd >> like >> to answer from "from-addre...@example.com" with the message "TEST 2". >> >> Here's my script: >> >> require ["fileinto","vacation"]; >> >> vacation :addresses ["to-addre...@example.com"] :from " >> from-addre...@example.com" text: >> TEST 1 >> . >> ; >> } >> >> vacation :addresses ["to-addre...@example.com"] :from " >> from-addre...@example.com" text: >> TEST 2 >> . >> ; >> >> >> But the vacation filter doesn't work, and I see this message in the log >> file: >> >> main script: line X: error: duplicate vacation action not allowed >> (previously triggered one was here: main script: line Y). >> >> Is there a way to allow multiple vacation actions? >> > > The script you posted will not even compile. There is a stray '}'. > > Anyway, you need to selectively trigger vacation responses. Your script > tries to send both at all times, which is not allowed by the Sieve > specification. > > You could do something like this: > > require ["fileinto","vacation", "envelope"]; > > if envelope "to" "to-addre...@example.com" { > vacation :addresses ["to-addre...@example.com"] :from " > from-addre...@example.com" text: > TEST 1 > . > ; > } elsif envelope "to" "to-addre...@example.com" { > vacation :addresses ["to-addre...@example.com"] :from " > from-addre...@example.com" text: > TEST 2 > . > ; > } > > Read these for more information: > > https://tools.ietf.org/html/rfc5228 > https://tools.ietf.org/html/rfc5230 > > > Regards, > > Stephan. > > Thank you Stephan Sorry for the typo: I (badly) extracted part of my script, that is generated by the managesieve plugin of Roundcube. As for the RCF, vacation responses gets triggered only if the :address contains the recipient of the message. Since the two vacation rules contain different recipient address they wouldn't be triggered at the same time. Manually editing that script would break the possibility to edit it via the Roundcube plugin, and I can't absolutely teach every user of my company how to connect via ssh and edit that script. So, it's a big pity that is not possible to have two (or more) concurrent vacation scripts: I'll have to manage every user by hand. Thank you anyway for your explanation -- Michele
Multiple vacation
Hi all I'm using Dovecot 2.2.9 and I'm having problems configuring multiple vacation actions. The problem is that I'd like to have two different senders and two different messages, selecting the correct case by the recipient email address. I mean, if someone writes me to my email address "to-addre...@example.com" I'd like to answer from "from-addre...@example.com" with the message "TEST 1". If someone writes me to my email address "to-addre...@example.com" I'd like to answer from "from-addre...@example.com" with the message "TEST 2". Here's my script: require ["fileinto","vacation"]; vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 1 . ; } vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 2 . ; But the vacation filter doesn't work, and I see this message in the log file: main script: line X: error: duplicate vacation action not allowed (previously triggered one was here: main script: line Y). Is there a way to allow multiple vacation actions? Thank you Michele
Re: Multiple vacation
Am 08. September 2015 17:15:13 MESZ, schrieb Michele Locati: >Hi all > >I'm using Dovecot 2.2.9 and I'm having problems configuring multiple >vacation actions. >The problem is that I'd like to have two different senders and two >different messages, selecting the correct case by the recipient email >address. >I mean, if someone writes me to my email address >"to-addre...@example.com" >I'd like to answer from "from-addre...@example.com" with the message >"TEST >1". >If someone writes me to my email address "to-addre...@example.com" I'd >like >to answer from "from-addre...@example.com" with the message "TEST 2". > >Here's my script: > >require ["fileinto","vacation"]; > >vacation :addresses ["to-addre...@example.com"] :from " >from-addre...@example.com" text: >TEST 1 >. >; >} > >vacation :addresses ["to-addre...@example.com"] :from " >from-addre...@example.com" text: >TEST 2 >. >; > > >But the vacation filter doesn't work, and I see this message in the log >file: > >main script: line X: error: duplicate vacation action not allowed >(previously triggered one was here: main script: line Y). > >Is there a way to allow multiple vacation actions? Should be possible with an if elsif clause. eg If address :is "to" "address 1" { vacation1 } elsif address :is "to" "address 2" { vacation2 } Look at the sieve configuration examples at http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples Also take a look at the sieve vacation RFC, part 4.8, Examples at https://tools.ietf.org/html/rfc5230#section-4.8 >Thank you >Michele Regards - c
Re: Problems setting up SIS (duplicate files with same hash)
I figured out item #1, however, #2 is still problematic. How can I setup dovecot to handle multiple mailboxes with SIS? If I use "sis posix", the folders /var/attachments/[0-9a-f][0-9a-f] get created under the name of the first mailbox. Whenevver the second mailbox tries to read/write to those folders, it fails. Also, it seems that the attachments never get deduplicated, but i'll deal with that later. If I use "sis-queue", then the files get deduplicated, but I cannot fix the multiple mailbox issues. I tried adding %u to the mail_attachment_dir, whcih seems to work at first. But when I try to deduplicate the attachments with "doveadm sis deduplicate" it seems that mail_attachment_fs does not support %u and the path does not resolve properly. Any ideas? Thanks, Joe B I'm trying to run SIS with queueing enabled I tried running SIS with "sis posix", however when the /var/attachments/[0-9a-f][0-9a-f] folders get created under the name of the first mailbox, the second mailbox cannot write/read to them. I then tried adding %u to mail_attachment_dir, but then I had errors when running doveadm sis deduplicate because mail_attachment_fs doesn't seem to support %u in the queue path. How can I support multiple mailboxes with SIS??? On Sat, Sep 5, 2015 at 11:40 AM, Joe Beaubienwrote: > Hi everyone, > > I am currently trying to setup our next dovecot server (2.2.18) with SIS > enabled, but I have enconutered 1 problem and 1 question: > > > *1) Same attachment, different filenames* > > I have a feeling a misconfigured something (or forgot to do something) > because SIS almost works, but not quite since 3 identical attachment take > 3x the space (see end of email for my SIS config). > > For 3 the emails I sent with the same attachment, I got 3 seperate files > with the same hash name but a different string following the dash: > > -rw--- 1 info info 2.6M Sep 5 11:14 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6a22711a7b05eb550948045c9bf4 > -rw--- 1 info info 2.6M Sep 5 11:16 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6c22711a7b05eb550948045c9bf4 > -rw--- 2 info info 2.6M Sep 5 11:18 > e35083e3280a21c6aaabbae8cb23d54493f514a5-6e22711a7b05eb550948045c9bf4 > drwx-- 2 info info 4.0K Sep 5 11:18 hashes > > For the record, the "hashes" subfolder has only 1 hash > (e35083e3280a21c6aaabbae8cb23d54493f514a5) which perfectly matches the > first part of the 3 filenames. > > > > *2) Saving attachments under a generic name or more flexible permissions?* > > It seems that dovecot saves the attachment with the username and group of > the user who has received the email. > > Is it possible to have dovecot save the attachments as a generic user > (like dovecot or dovenull) so that all my different users can share the > same pool of attachments? > > Alternatively, is it possible to have dovecot save the attachment under > more flexible permissions so that they can be shared between users? > > This would allow us to save alot of disk space. > > > *Here is the SIS config I am using:* > > mail_attachment_dir = /data/emails/attachments > #mail_attachment_min_size = 128k > #mail_attachment_fs = sis posix > #mail_attachment_hash = %{sha1} > > > > Any help would be very much appreciated. > > Thank you, > > Joe B >
Re: Dovecot and IPA
On 09/08/2015 06:14 PM, Kanwar Ranbir Sandhu wrote: > On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: >> I guess it's now crashing with this: >> >> auth: Panic: file auth-request.c: line 733 >> (auth_request_is_disabled_master_user): assertion failed: (request >> ->requested_login_user != NULL) >> >> That's a bug in the Dovecot version you're using. Upgrade. > > That's just awesome. I saw that in the debug log before I posted to the > list, but I was hoping it was being triggered by a bad configuration on > my part. :/ > > Ima screwed until an update is release by the CentOS team and they'll > be waiting until Red Hat does something about it. > > :: cries :: > > Thanks to everyone for the help! At least now I know it's not my fault. You can probably work around that by configuring something like: passdb { driver = passwd-file args = /etc/dovecot/passwd.master master = yes } The passwd.master file itself can be empty.
Re: Multiple vacation
Op 8-9-2015 om 17:15 schreef Michele Locati: I'm using Dovecot 2.2.9 and I'm having problems configuring multiple vacation actions. The problem is that I'd like to have two different senders and two different messages, selecting the correct case by the recipient email address. I mean, if someone writes me to my email address "to-addre...@example.com" I'd like to answer from "from-addre...@example.com" with the message "TEST 1". If someone writes me to my email address "to-addre...@example.com" I'd like to answer from "from-addre...@example.com" with the message "TEST 2". Here's my script: require ["fileinto","vacation"]; vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 1 . ; } vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 2 . ; But the vacation filter doesn't work, and I see this message in the log file: main script: line X: error: duplicate vacation action not allowed (previously triggered one was here: main script: line Y). Is there a way to allow multiple vacation actions? The script you posted will not even compile. There is a stray '}'. Anyway, you need to selectively trigger vacation responses. Your script tries to send both at all times, which is not allowed by the Sieve specification. You could do something like this: require ["fileinto","vacation", "envelope"]; if envelope "to" "to-addre...@example.com" { vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 1 . ; } elsif envelope "to" "to-addre...@example.com" { vacation :addresses ["to-addre...@example.com"] :from " from-addre...@example.com" text: TEST 2 . ; } Read these for more information: https://tools.ietf.org/html/rfc5228 https://tools.ietf.org/html/rfc5230 Regards, Stephan.
Re: Dovecot and IPA
On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: > I guess it's now crashing with this: > > auth: Panic: file auth-request.c: line 733 > (auth_request_is_disabled_master_user): assertion failed: (request > ->requested_login_user != NULL) > > That's a bug in the Dovecot version you're using. Upgrade. That's just awesome. I saw that in the debug log before I posted to the list, but I was hoping it was being triggered by a bad configuration on my part. :/ Ima screwed until an update is release by the CentOS team and they'll be waiting until Red Hat does something about it. :: cries :: Thanks to everyone for the help! At least now I know it's not my fault. Regards, Ranbir -- Kanwar R.S. Sandhu
Re: Dovecot and IPA
On Tue, 2015-09-08 at 19:27 +0300, Timo Sirainen wrote: > You can probably work around that by configuring something like: > > passdb { > driver = passwd-file > args = /etc/dovecot/passwd.master > master = yes > } > > The passwd.master file itself can be empty. Where do I add this config: in auth-static.conf.ext? I take it a master user isn't absolutely required, but to workaround this bug, one must be configured? Ranbir -- Kanwar R.S. Sandhu
Re: Dovecot and IPA
Kanwar Ranbir Sandhu skrev den 2015-09-08 17:14: Thanks to everyone for the help! At least now I know it's not my fault. only fault if any you maked was to choice a precompiled problem, but try to make a bugreport at redhat on it, possible also on other distros that is precompiled, if you find another os that solves it faster, you have found a possible os to install :=)