Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

2016-07-03 Thread Aki Tuomi 


On 04.07.2016 07:44, Mark Foley wrote:
> After a over a year and a half struggling to get Dovecot to do either NTLM or 
> GSSAPI
> authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to 
> all those in this
> list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
> especially Aki Tuomi;
> and infinite thanks to Achim Gottinger on the SambaList for his patience in 
> working this
> through with me.  Although my purpose was for Dovecot to authenticate mail 
> clients, the
> configuration settings needed were on the Samba side.  I hope a variation of 
> these instructions
> can eventually make it into:
>
> http://wiki2.dovecot.org/Authentication/Kerberos
>
>

It has been now updated.

I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2.
I have to set up some kind of test environment to find out why it bugs.

Aki

Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]

2016-07-03 Thread Mark Foley 
After a over a year and a half struggling to get Dovecot to do either NTLM or 
GSSAPI
authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all 
those in this
list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey 
especially Aki Tuomi;
and infinite thanks to Achim Gottinger on the SambaList for his patience in 
working this
through with me.  Although my purpose was for Dovecot to authenticate mail 
clients, the
configuration settings needed were on the Samba side.  I hope a variation of 
these instructions
can eventually make it into:

http://wiki2.dovecot.org/Authentication/Kerberos

What is essentially missing from the wiki is how to set up the proper Service 
Principal Names
and the subsequent creation of a dovecot useable kerberos keytab file.  The 
wiki comment on
"k5principals passdb" was not helpful and largely unintelligble to me. 

Perhaps like many of you, I have switched from Microsoft SBS and Exchange to 
Samaba4 and
Dovecot/IMAP. The transition was completely transparent to my users, except 
they needed a
separate password for email authentication in the absence of NTLM or GSSAPI 
working with
Dovecot. A mild inconvenience, but I have been on a "quest" to fill that gap. 
This solution
finally takes care of that last piece.

The following describes how to create the SPNs and krb5 keytab files using 
Samba4 which has
its own built-in (Heimdal) kerberos. The procedures are probably similar for 
other facilities
such as setspn for Windows, but I've not used those so I won't attempt to 
discuss those
mechanism here.

You do need kerberos as the Samba built-in kerberos does not have needed 
commands like `klist`.

My distro (Slackware 14.1) does not come with kerberos (nor, I think, does 
Ubuntu), but is
easily found at:

https://slackbuilds.org/repository/14.1/network/krb5/

Ubuntu/Debian: apt-get install krb5-config libpam-krb5 krb5-user ssh-krb5 
(perhaps more)

After provisioning Samba4, copy the krb5.conf template to /etc/krb5.conf.

(Note: the actual docs advise symlinking:

  ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf

but I prefer making a copy in case I need to modify things).

I've set The /etc/krb5.conf file to world readable.  It's default contents are 
(and these do
not need to be changed):

[libdefaults]
default_realm = HPRS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true

where HPRS.LOCAL is my realm, of course use your own.

Now, we need a samba user in order to create the necessary SPNs (Server 
Principal Names):

$ samba-tool user create dovecot
New Password:
Retype Password:
User 'dovecot' created successfully

Next, add the SPN(s), and create the keytab:

$ samba-tool spn add imap/mail.hprs.local dovecot
$ samba-tool domain exportkeytab --principal imap/mail.hprs.local 
/etc/dovecot/dovecot.keytab

Dovecot does not do my (outgoing) SMTP serving, only (incoming) IMAP, but if it 
did I'd have to
create another SPN for smtp:

$ samba-tool spn add smtp/mail.hprs.local dovecot
$ samba-tool domain exportkeytab --principal smtp/mail.hprs.local 
/etc/dovecot/dovecot.keytab

Dovecot needs to be able to read the keytab file:

$ chgrp dovecot /etc/dovecot/dovecot.keytab
$ chmod g+r /etc/dovecot/dovecot.keytab

my new keytab:

$ klist -Kek /etc/dovecot/dovecot.keytab
Keytab name: FILE:/etc/dovecot/dovecot.keytab
KVNO Principal
 --
   1 imap/mail.hprs.local@HPRS.LOCAL (des-cbc-crc)  (0x232616c2a4fd08f7)
   1 imap/mail.hprs.local@HPRS.LOCAL (des-cbc-md5)  (0x232616c2a4fd08f7)
   1 imap/mail.hprs.local@HPRS.LOCAL (arcfour-hmac)  
(0x9dae89a221dc374a39f560833352f60f)
(and if I also created the spn for smtp I would also have these:) 
   1 smtp/mail.hprs.local@HPRS.LOCAL (des-cbc-crc)  (0x232616c2a4fd08f7)
   1 smtp/mail.hprs.local@HPRS.LOCAL (des-cbc-md5)  (0x232616c2a4fd08f7)
   1 smtp/mail.hprs.local@HPRS.LOCAL (arcfour-hmac)  
(0x9dae89a221dc374a39f560833352f60f)

DOVECOT SETTINGS:

My version: 2.2.15

Of crucial importance is to build dovecot with GSSAPI! That is NOT one of the 
default settings. 
In the dovecot build directory:

./configure --with-gssapi=yes

Other than that serious build gotcha, settings are pretty simple.  Add the 
following 3
settings to 10-auth.conf:

auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi

The auth_gssapi_hostname is supposedly not required according to some of the 
above-listed
commentors, but my 10-auth.conf template implies differently, so it can't hurt. 

gssapi does not require a passdb. Use whatever userdb you want. The dovecot 
wiki doc has some
suggestions, not of which I've tried. I use the 'driver = passwd' for my userdb 
for unrelated
reasons.

I couldn't get any of this working until I rebooted the Samba AD/DC-Dovecot 
server, but that
just may have been me not stopping/starting Samba and Dovecot in the right 
sequence (or,

Re: kqueue crash on FreeBSD with 2.2.25

2016-07-03 Thread Edgar Pettijohn 
On 16-07-03 03:30:36, Timo Sirainen wrote:
> On 02 Jul 2016, at 03:30, Adam Weinberger  wrote:
> > 
> >>> Jul  1 10:07:27 imap dovecot: master: Panic: kevent(EV_ADD, READ, 54) 
> >>> failed: Bad file descriptor
> >>> 
> >>> It's not dumping core, and I get the message even with "protocols ="
> >>> 
> >>> Downgrading back to 2.2.24 fixes it. What info would be helpful for me to 
> >>> provide here?
> >> 
> >> gdb backtrace: http://dovecot.org/bugreport.html#coredumps
> >> 
> > 
> > Fuller logs attached. Thanks for your help, Timo.
> > 
> > #6  0x2815b23a in i_panic (format=0x281ccf7a "kevent(EV_ADD, READ, %d) 
> > failed: %m") at failures.c:275
> > #7  0x28185e10 in io_loop_handle_add (io=0x288843a0) at ioloop-kqueue.c:67
> > #8  0x281815a8 in io_add_file (fd=56, condition=IO_READ, 
> > source_linenum=244, callback=0x2818a7d0 , context=0x0) at 
> > ioloop.c:59
> > #9  0x281813a6 in io_add (fd=56, condition=IO_READ, source_linenum=244, 
> > callback=0x2818a7d0 , context=0x0) at ioloop.c:81
> > #10 0x2818a666 in lib_signals_set_handler (signo=1, flags=3, 
> > handler=0x804e6c0 , context=0x0) at lib-signals.c:243
> > #11 0x0804e129 in main_init (set=0x2881d098) at main.c:518
> > #12 0x0804d562 in main (argc=3, argv=0xae08) at main.c:890
> 
> Weird. I haven't touched anything even close to that. Also kqueue works on my 
> OSX. The only thing that comes to my mind is 
> https://github.com/dovecot/core/commit/fde7b8a03bf91cfa5bb7ca3e84545386243fa0d2
> 
> Does it happen to work if you use the attached patch?
> 

Still trying to learn git, but here is what happened when I tried applying this 
diff.

Sun Jul 03 10:12:32 ~/dovecot/core $ git reset --hard 
3fea4d5988de365503df44a9b067e3b181cac65c 
HEAD is now at 3fea4d5 master: Stopping didn't close dead-pipes early enough.
Sun Jul 03 10:12:37 ~/dovecot/core $ git apply diff.patch   
   
error: patch failed: src/master/service-monitor.c:522
error: src/master/service-monitor.c: patch does not apply
error: patch failed: src/master/service-monitor.c:452
error: src/master/service-monitor.c: patch does not apply
error: patch failed: src/master/service-process.c:133
error: src/master/service-process.c: patch does not apply
error: patch failed: src/master/service.c:283
error: src/master/service.c: patch does not apply
error: patch failed: src/master/service.h:85
error: src/master/service.h: patch does not apply

Same thing happened before the reset --hard.

-- 
Edgar Pettijohn

Dovecot 2.2.25 fails on SSL

2016-07-03 Thread Andreas M. Kirchwitz 
Dear Dovecot developers!

This problem already existed some years ago, has been fixed,
and now it's there again in Dovecot 2.2.25 (2.2.24 was fine).

I'm running CentOS 6 with a custom OpenSSL installation in /usr/local/ssl
Therefore, Dovecot is configured like this:

env SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib 
-Wl,-R/usr/local/ssl/lib -lcrypto -lssl" ./configure 
--prefix=/usr/local/Dovecot-2.2.25 --with-ssl=openssl 
--with-ssldir=/usr/local/Dovecot-2.2.25/etc/dovecot/certs

With "pkg-config", the same options for SSL are provided.

"make" and "make install" run just fine, and the daemon starts
without any errors. However, if a user connects on port 993 (IMAPS),
Dovecot logs this failure message to syslog:

Jul  4 01:08:43 myhost dovecot: ssl-params: Fatal: Couldn't load required 
plugin /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so: 
dlopen() failed: libcrypto.so.1.0.0: cannot open shared object file: No such 
file or directory
Jul  4 01:08:43 myhost dovecot: ssl-params: Error: child process failed with 
status 22784

ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libssl_iostream_openssl.so
linux-gate.so.1 =>  (0x00e8c000)
libcrypto.so.1.0.0 => not found
libssl.so.1.0.0 => not found
librt.so.1 => /lib/librt.so.1 (0x00be4000)
libc.so.6 => /lib/libc.so.6 (0x001a6000)
libpthread.so.0 => /lib/libpthread.so.0 (0x003e4000)
/lib/ld-linux.so.2 (0x007e7000)

ldd /usr/local/Dovecot-2.2.25/lib/dovecot/libdcrypt_openssl.so
linux-gate.so.1 =>  (0x00dca000)
libcrypto.so.1.0.0 => not found
libssl.so.1.0.0 => not found
librt.so.1 => /lib/librt.so.1 (0x00a7a000)
libc.so.6 => /lib/libc.so.6 (0x0016)
libpthread.so.0 => /lib/libpthread.so.0 (0x0072f000)
/lib/ld-linux.so.2 (0x0056)

When comparing to Dovecot 2.2.24:

ldd /usr/local/Dovecot-2.2.24/lib/dovecot/libssl_iostream_openssl.so
linux-gate.so.1 =>  (0x0073d000)
libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00b04000)
libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x0044a000)
librt.so.1 => /lib/librt.so.1 (0x00a6)
libc.so.6 => /lib/libc.so.6 (0x001e5000)
libdl.so.2 => /lib/libdl.so.2 (0x003a9000)
libpthread.so.0 => /lib/libpthread.so.0 (0x009d)
/lib/ld-linux.so.2 (0x00d77000)

There's no libdcrypt_openssl.so in Dovecot 2.2.24, so I guess
with the newly introduced dcrypt stuff something with SSL went wrong.

Would be great if that could be fixed so that SSL works again.

Thanks a lot in advance ... Andreas

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Here is the `doveconf -n` output:


root@mail:~# doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14.32--grs-ipv6-64 x86_64  
auth_debug = yes
auth_default_realm = domain.com
auth_mechanisms = plain login
auth_verbose = yes
imapc_host = imap-mail.outlook.com
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_plugins = acl
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location = maildir:/home/vmail/Public:INDEXPVT=~/Maildir/Public
  prefix = Public/
  separator = /
  subscriptions = yes
  type = public
}
namespace {
  list = children
  location = 
maildir:/home/vmail/domain.com/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/home/vmail/domain.com/shared-mailboxes2
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@domain.com
protocols = " imap lmtp sieve"
service auth {
  unix_listener auth-client {
group = Debian-exim
mode = 0660
user = Debian-exim
  }
}
service imap-login {
  inet_listener imap {
port = 0
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
mode = 0666
  }
}
ssl = required
ssl_cert =  On 3 Jul 2016, at 16:58, Marti Markov  wrote:
> 
> Tried it but now luck in either OX App Suite or Thunderbird.
> 
> The thing is that it isn’t even listed as a subscribeable folder. For example 
> I have a Public namespace at that lists all the public mailboxes but Shared 
> doesn’t list anything.
> 
> I installed an addon in Thunderbird for ACL and that lists correct 
> permissions on the INBOX folders. (Users having lookup & read permissions).
> 
> I can post the doveconf output if you want?
> 
> 
>> On 3 Jul 2016, at 16:52, aki.tu...@dovecot.fi wrote:
>> 
>> 
>>> On July 3, 2016 at 6:46 PM Marti Markov  wrote:
>>> 
>>> 
>>> Aki, you were right. 
>>> It was at /usr/lib/dovecot
>>> 
>>> Here is the output:
>>> 
>>> * LIST (\Noselect \HasChildren) "/" Shared
>>> * LIST (\Noselect \HasChildren) "/" Shared/d.marteva
>>> * LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
>> 
>> Can you try 
>> 
>> doveadm mailbox subscribe -u yourusername Shared/d.marteva/INBOX
>> 
>> Aki
>

Re: Postfix/dovecot: user unrecognized, file permissions being misread

2016-07-03 Thread Edgar Pettijohn 
On 16-07-03 18:17:48, C. Andrews Lavarre wrote:
> On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn wrote:
> > doveconf -n would be helpful
> Thank you:
> lavarre:/var/mail/vhosts/privustech.com # doveconf -n
> # 2.2.18: /etc/dovecot/dovecot.conf
> 
> # Pigeonhole version 0.4.8 (0c4ae064f307+)
> 
> # OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4
> 
> auth_mechanisms = plain login
> 
> auth_verbose = yes
> 
> listen = *
> 
> log_path = /var/log/dovecot.log
> 
> mail_debug = yes
> 
> mail_location = maildir:/var/mail/vhosts/%d/%n
> 
> maildir_very_dirty_syncs = yes
> 
> managesieve_notify_capability = mailto
> 
> managesieve_sieve_capability = fileinto reject envelope encoded
> -character vacation subaddress comparator-i;ascii-numeric r
> elational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate
> 
> namespace inbox {
> 
>   inbox = yes
> 
>   location =  
>   mailbox Drafts {
> 
> special_use = \Drafts
> 
>   }
> 
>   mailbox Junk {
> 
> special_use = \Junk
> 
>   }
> 
>   mailbox Sent {
> 
> special_use = \Sent
> 
>   }
> 
>   mailbox "Sent Messages" {
> 
> special_use = \Sent
> 
>   }
> 
>   mailbox Trash {
> 
> special_use = \Trash
> 
>   }
> 
>   prefix =  
> }
> 
> passdb {
> 
>   driver = pam
> 
> }
> 
> passdb {
> 
>   args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
> 
>   driver = passwd-file
> 
> }

Double check me, but I think you only want (1) passdb {} block.

> 
> plugin {
> 
>   sieve = ~/.dovecot.sieve
> 
>   sieve_after = /var/mail/vmail/sieve-after
> 
>   sieve_before = /var/mail/vmail/sieve-before
> 
>   sieve_dir = ~/sieve
> 
> }
> 
> protocols = imap pop3 sieve
> 
> service auth {
> 
>   unix_listener /var/spool/postfix/private/auth {
> 
> group = postfix
> 
> mode = 0666
> 
> user = postfix
> 
>   }
> 
> }
> 
> service imap-login {
> 
>   inet_listener imaps {
> 
> port = 993
> 
> ssl = yes
> 
>   }
> 
> }
> 
> service lmtp {
> 
>   unix_listener /var/spool/postfix/private/lmtp {
> 
> group = postfix
> 
> mode = 0600
> 
> user = postfix
> 
>   }
> 
> }
> 
> service pop3-login {
> 
>   inet_listener pop3s {
> 
> port = 995
> 
> ssl = yes
> 
>   }
> 
> }
> 
> ssl = required
> 
> ssl_ca =  
> ssl_cert =  
> ssl_dh_parameters_length = 2048
> 
> ssl_key =  
> ssl_options = no_compression
> 
> ssl_prefer_server_ciphers = yes
> 
> userdb {
> 
>   driver = passwd
> 
> }
> 
> userdb {
> 
>   args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
> 
>   driver = static
> 
> }

Same here and make sure driver = "passdb driver".

> 
> verbose_ssl = yes
> 
> protocol lda {
> 
>   deliver_log_format = msgid=%m: %$
> 
>   mail_plugins = sieve
> 
>   postmaster_address = postmas...@privustech.com
> 
>   quota_full_tempfail = yes
> 
>   rejection_reason = Your message to <%t> was automatically
> rejected:%n%r
> 
> }
> 
> protocol imap {
> 
>   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> 
>   mail_max_userip_connections = 10
> 
> }
I also noticed your certificate chain is broken.

http://wiki2.dovecot.org/TestInstallation

-- 
Edgar Pettijohn

Re: Postfix/dovecot: user unrecognized, file permissions being misread

2016-07-03 Thread C. Andrews Lavarre 
Edgar hello. Thanks again.
Not sure of the protocol. Perhaps better to keep the entire thread
complete, so here again is doveconf -n with the precendents:
lavarre:/var/mail/vhosts/privustech.com # doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.8 (0c4ae064f307+)

# OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4

auth_mechanisms = plain login

auth_verbose = yes

listen = *

log_path = /var/log/dovecot.log

mail_debug = yes

mail_location = maildir:/var/mail/vhosts/%d/%n

maildir_very_dirty_syncs = yes

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded
-character vacation subaddress comparator-i;ascii-numeric r
elational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate

namespace inbox {

  inbox = yes

  location =  
  mailbox Drafts {

special_use = \Drafts

  }

  mailbox Junk {

special_use = \Junk

  }

  mailbox Sent {

special_use = \Sent

  }

  mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

special_use = \Trash

  }

  prefix =  
}

passdb {

  driver = pam

}

passdb {

  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

  driver = passwd-file

}

plugin {

  sieve = ~/.dovecot.sieve

  sieve_after = /var/mail/vmail/sieve-after

  sieve_before = /var/mail/vmail/sieve-before

  sieve_dir = ~/sieve

}

protocols = imap pop3 sieve

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

  }

}

service imap-login {

  inet_listener imaps {

port = 993

ssl = yes

  }

}

service lmtp {

  unix_listener /var/spool/postfix/private/lmtp {

group = postfix

mode = 0600

user = postfix

  }

}

service pop3-login {

  inet_listener pop3s {

port = 995

ssl = yes

  }

}

ssl = required

ssl_ca =  was automatically
rejected:%n%r

}

protocol imap {

  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep

  mail_max_userip_connections = 10

}


On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn wrote:
> On 16-07-03 16:44:42, C. Andrews Lavarre wrote:
> > Hello all. Have spent several days following the excellent
> > tutorial:
> > 
> > http://www.binarytides.com/install-postfix-dovecot-debian/
> > 
> > but still fail to have the user recognized and am getting log
> > entries
> > that the mail directories are 0755 when I can clearly see that they
> > are
> > 0774.
> > 
> > Very puzzling, any help would be deeply appreciated.
> > 
> > Best regards, Andy
> > === Details ===
> > ??? I can add directories under IMAP, so my IMAP login and
> > permissions
> > must be correct.
> > 
> > ??? I can create an outgoing message under IMAP, but clicking SEND
> > just
> > hangs. Logs do not indicate problem.
> > 
> > ??? I clearly can send it a message with smtp. The message is
> > delivered
> > to postfix, but then dovecot fails to deliver it to a mailbox.
> > > >  Log Entries --
> > ---
> > ---
> > > > # tail /var/log/mail 
> > > > > > postfix/qmgr[16390]: 9D6E8C1A77: from=<
> > alava...@gmail.com>,
> > size=2794, nrcpt=1 (queue active)
> > > > > > > > Message has been received 
> > 
> > > > > > postfix/lmtp[16770]: C218DC197D: to=<
> > alava...@privustech.com>,
> > relay=mail.privustech.com[private/lmtp], delay=2560,
> > delays=2260/0.01/300/0, dsn=4.4.2, status=deferred (conversation
> > with
> > mail.privustech.com[private/lmtp] timed out while receiving the
> > initial
> > server greeting)
> > > > > > lmtp is not working
> > > > 
> > > > 
> >  > >> > # tail /var/log/dovecot.log 
> > 
> > > > > > auth-worker(16612): Info:
> > pam(alava...@privustech.com,98.179.190.111): unknown user 
> 
> This could be a problem. 
> 
> > 
> > > > > > imap-login: Info: Login: user=
> > ,
> > method=PLAIN, rip=98.179.190.111, lip=70.186.159.22, mpid=16615,
> > TLS,
> > session= 
> > 
> > > > > > imap(alava...@privustech.com): Error:
> > mkdir(/var/mail/vhosts/privustech.com/alavarre/cur) failed:
> > Permission
> > denied (euid=5000(vmail) egid=5000(vmail) missing +w perm:
> > /var/mail/vhosts/privustech.com/alavarre, dir owned by 0:0
> > mode=0755) 
> > However, the mail directory
> > /var/mail/vhosts/privustech.com/alavarre is
> > > >  -rwxrwxr-- vmail:vmail and I have restarted both postfix and
> > dovecot.
> > 
>   
> I'm guessing vmail can't +w somewhere along the path of
> /var/mail/vhosts/etc...
> 
> > =
> > System is openSUSE Leap 42.1 (64). postfix and dovecot with SASL
> > authentication, connecting through a Unix socket:
> > > > /etc/postfix/main.cf:
> > > > > > virtual_transport = lmtp:unix:private/lmtp
> > > > 
> > > >

Re: Postfix/dovecot: user unrecognized, file permissions being misread

2016-07-03 Thread C. Andrews Lavarre 
On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn wrote:
> doveconf -n would be helpful
Thank you:
lavarre:/var/mail/vhosts/privustech.com # doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.8 (0c4ae064f307+)

# OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4

auth_mechanisms = plain login

auth_verbose = yes

listen = *

log_path = /var/log/dovecot.log

mail_debug = yes

mail_location = maildir:/var/mail/vhosts/%d/%n

maildir_very_dirty_syncs = yes

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded
-character vacation subaddress comparator-i;ascii-numeric r
elational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate

namespace inbox {

  inbox = yes

  location =  
  mailbox Drafts {

special_use = \Drafts

  }

  mailbox Junk {

special_use = \Junk

  }

  mailbox Sent {

special_use = \Sent

  }

  mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

special_use = \Trash

  }

  prefix =  
}

passdb {

  driver = pam

}

passdb {

  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

  driver = passwd-file

}

plugin {

  sieve = ~/.dovecot.sieve

  sieve_after = /var/mail/vmail/sieve-after

  sieve_before = /var/mail/vmail/sieve-before

  sieve_dir = ~/sieve

}

protocols = imap pop3 sieve

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

  }

}

service imap-login {

  inet_listener imaps {

port = 993

ssl = yes

  }

}

service lmtp {

  unix_listener /var/spool/postfix/private/lmtp {

group = postfix

mode = 0600

user = postfix

  }

}

service pop3-login {

  inet_listener pop3s {

port = 995

ssl = yes

  }

}

ssl = required

ssl_ca =  was automatically
rejected:%n%r

}

protocol imap {

  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep

  mail_max_userip_connections = 10

}

Re: Postfix/dovecot: user unrecognized, file permissions being misread

2016-07-03 Thread Edgar Pettijohn 
On 16-07-03 16:44:42, C. Andrews Lavarre wrote:
> Hello all. Have spent several days following the excellent tutorial:
> 
> http://www.binarytides.com/install-postfix-dovecot-debian/
> 
> but still fail to have the user recognized and am getting log entries
> that the mail directories are 0755 when I can clearly see that they are
> 0774.
> 
> Very puzzling, any help would be deeply appreciated.
> 
> Best regards, Andy
> === Details ===
> ??? I can add directories under IMAP, so my IMAP login and permissions
> must be correct.
> 
> ??? I can create an outgoing message under IMAP, but clicking SEND just
> hangs. Logs do not indicate problem.
> 
> ??? I clearly can send it a message with smtp. The message is delivered
> to postfix, but then dovecot fails to deliver it to a mailbox.
>    Log Entries -
> ---
>   # tail /var/log/mail 
>   postfix/qmgr[16390]: 9D6E8C1A77: from=,
> size=2794, nrcpt=1 (queue active)
>   Message has been received 
> 
>   postfix/lmtp[16770]: C218DC197D: to=,
> relay=mail.privustech.com[private/lmtp], delay=2560,
> delays=2260/0.01/300/0, dsn=4.4.2, status=deferred (conversation with
> mail.privustech.com[private/lmtp] timed out while receiving the initial
> server greeting)
>   lmtp is not working
>   
>   
>   # tail /var/log/dovecot.log 
> 
>   auth-worker(16612): Info:
> pam(alava...@privustech.com,98.179.190.111): unknown user 

This could be a problem. 

> 
>   imap-login: Info: Login: user=,
> method=PLAIN, rip=98.179.190.111, lip=70.186.159.22, mpid=16615, TLS,
> session= 
> 
>   imap(alava...@privustech.com): Error:
> mkdir(/var/mail/vhosts/privustech.com/alavarre/cur) failed: Permission
> denied (euid=5000(vmail) egid=5000(vmail) missing +w perm:
> /var/mail/vhosts/privustech.com/alavarre, dir owned by 0:0 mode=0755) 
> However, the mail directory /var/mail/vhosts/privustech.com/alavarre is
>-rwxrwxr-- vmail:vmail and I have restarted both postfix and dovecot.
>
  
I'm guessing vmail can't +w somewhere along the path of /var/mail/vhosts/etc...

> =
> System is openSUSE Leap 42.1 (64). postfix and dovecot with SASL 
> authentication, connecting through a Unix socket:
>   /etc/postfix/main.cf:
>   virtual_transport = lmtp:unix:private/lmtp
>   
>   /etc/dovecot/conf.d/10-master.cf:   service lmtp {
> unix_listener /var/spool/postfix/private/lmtp {
>   mode = 0600
>   user = postfix
>   group = postfix
> 
> }
> The lmtp socket is owned by postfix, while the mail system is owned by vmail, 
> per the tutorial.
> 
> --
> 
> I am using virtual users (not system users) defined in 
> /etc/dovecot/dovecot-users:
>   alava...@privustech.com:{plain}ksaj;flkasjd;ds;f
>   
> Thanks in advance, Andy

doveconf -n would be helpful
-- 
Edgar Pettijohn

Re: kqueue crash on FreeBSD with 2.2.25

2016-07-03 Thread Edgar Pettijohn 
On 16-07-03 03:30:36, Timo Sirainen wrote:
> On 02 Jul 2016, at 03:30, Adam Weinberger  wrote:
> > 
> >>> Jul  1 10:07:27 imap dovecot: master: Panic: kevent(EV_ADD, READ, 54) 
> >>> failed: Bad file descriptor
> >>> 
> >>> It's not dumping core, and I get the message even with "protocols ="
> >>> 
> >>> Downgrading back to 2.2.24 fixes it. What info would be helpful for me to 
> >>> provide here?
> >> 
> >> gdb backtrace: http://dovecot.org/bugreport.html#coredumps
> >> 
> > 
> > Fuller logs attached. Thanks for your help, Timo.
> > 
> > #6  0x2815b23a in i_panic (format=0x281ccf7a "kevent(EV_ADD, READ, %d) 
> > failed: %m") at failures.c:275
> > #7  0x28185e10 in io_loop_handle_add (io=0x288843a0) at ioloop-kqueue.c:67
> > #8  0x281815a8 in io_add_file (fd=56, condition=IO_READ, 
> > source_linenum=244, callback=0x2818a7d0 , context=0x0) at 
> > ioloop.c:59
> > #9  0x281813a6 in io_add (fd=56, condition=IO_READ, source_linenum=244, 
> > callback=0x2818a7d0 , context=0x0) at ioloop.c:81
> > #10 0x2818a666 in lib_signals_set_handler (signo=1, flags=3, 
> > handler=0x804e6c0 , context=0x0) at lib-signals.c:243
> > #11 0x0804e129 in main_init (set=0x2881d098) at main.c:518
> > #12 0x0804d562 in main (argc=3, argv=0xae08) at main.c:890
> 
> Weird. I haven't touched anything even close to that. Also kqueue works on my 
> OSX. The only thing that comes to my mind is 
> https://github.com/dovecot/core/commit/fde7b8a03bf91cfa5bb7ca3e84545386243fa0d2
> 
> Does it happen to work if you use the attached patch?
> 
The patch doesn't apply cleanly for me on OpenBSD -current.

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--
|commit 3fea4d5988de365503df44a9b067e3b181cac65c
|Author: Timo Sirainen 
|Date:   Thu Jun 30 14:08:24 2016 +0300
|
|master: Stopping didn't close dead-pipes early enough.
|
|This caused stopping to be too slow. Broken by 0153cf542.
|
|diff --git a/src/master/service-monitor.c b/src/master/service-monitor.c
|index 19655c2..44cdb26 100644
|--- a/src/master/service-monitor.c
|+++ b/src/master/service-monitor.c
--
Patching file service-monitor.c using Plan A...
Hunk #1 succeeded at 513 (offset 8 lines).
Hunk #2 failed at 538.
Hunk #3 succeeded at 595 with fuzz 2 (offset 8 lines).
1 out of 3 hunks failed--saving rejects to service-monitor.c.rej
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--
|commit fde7b8a03bf91cfa5bb7ca3e84545386243fa0d2
|Author: Timo Sirainen 
|Date:   Tue Jun 28 23:38:11 2016 +0300
|
|master: Added support for stopping specific services.
|
|We need to have a per-service fd for detecting a dead master.
|
|diff --git a/src/master/service-monitor.c b/src/master/service-monitor.c
|index bf4e931..fb4f64f 100644
|--- a/src/master/service-monitor.c
|+++ b/src/master/service-monitor.c
--
Patching file service-monitor.c using Plan A...
Reversed (or previously applied) patch detected!  Assume -R? [y]

If I select [y] and continue to build I get lots of build errors.


-- 
Edgar Pettijohn

Postfix/dovecot: user unrecognized, file permissions being misread

2016-07-03 Thread C. Andrews Lavarre 
Hello all. Have spent several days following the excellent tutorial:

http://www.binarytides.com/install-postfix-dovecot-debian/

but still fail to have the user recognized and am getting log entries
that the mail directories are 0755 when I can clearly see that they are
0774.

Very puzzling, any help would be deeply appreciated.

Best regards, Andy
=== Details ===
• I can add directories under IMAP, so my IMAP login and permissions
must be correct.

• I can create an outgoing message under IMAP, but clicking SEND just
hangs. Logs do not indicate problem.

• I clearly can send it a message with smtp. The message is delivered
to postfix, but then dovecot fails to deliver it to a mailbox.
 Log Entries -
---
# tail /var/log/mail 
postfix/qmgr[16390]: 9D6E8C1A77: from=,
size=2794, nrcpt=1 (queue active)
Message has been received 

postfix/lmtp[16770]: C218DC197D: to=,
relay=mail.privustech.com[private/lmtp], delay=2560,
delays=2260/0.01/300/0, dsn=4.4.2, status=deferred (conversation with
mail.privustech.com[private/lmtp] timed out while receiving the initial
server greeting)
lmtp is not working


# tail /var/log/dovecot.log 

auth-worker(16612): Info:
pam(alava...@privustech.com,98.179.190.111): unknown user 

imap-login: Info: Login: user=,
method=PLAIN, rip=98.179.190.111, lip=70.186.159.22, mpid=16615, TLS,
session= 

imap(alava...@privustech.com): Error:
mkdir(/var/mail/vhosts/privustech.com/alavarre/cur) failed: Permission
denied (euid=5000(vmail) egid=5000(vmail) missing +w perm:
/var/mail/vhosts/privustech.com/alavarre, dir owned by 0:0 mode=0755) 
However, the mail directory /var/mail/vhosts/privustech.com/alavarre is
 -rwxrwxr-- vmail:vmail and I have restarted both postfix and dovecot.

=
System is openSUSE Leap 42.1 (64). postfix and dovecot with SASL 
authentication, connecting through a Unix socket:
/etc/postfix/main.cf:
virtual_transport = lmtp:unix:private/lmtp

/etc/dovecot/conf.d/10-master.cf:   service lmtp {
  unix_listener /var/spool/postfix/private/lmtp {
mode = 0600
user = postfix
group = postfix

  }
The lmtp socket is owned by postfix, while the mail system is owned by vmail, 
per the tutorial.

--

I am using virtual users (not system users) defined in 
/etc/dovecot/dovecot-users:
alava...@privustech.com:{plain}ksaj;flkasjd;ds;f

Thanks in advance, Andy

RE: quota-status service

2016-07-03 Thread Michael Fox 


> 
> The way I understand it is, this Quota service was built specifically
> for postfix. (I only have postfix, have not used any other MTA)
> The "quota-status" executable is in you libexec directory. ( I compiled
> my dovecot instance, hence is is not in "regular" directory)

Thanks.  I also responded to Aki, but to close the loop:  evidently
quota-status is newer than the version of dovecot on my Ubuntu 12.04
machine.  So I'll need to upgrade.

> The "quota_status_*" are responses to postifx. AFAIK, these are the only
> 3 possible options.
> 
> Please see (
> https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ ) for
> a detailed info on this
> 
> When Postfix MTA is "inline" with the sender, and if you have correctly
> configured the quota service, it will check if the recipient's mailbox
> can accept mails. If the recipient is able to accept mail dovecot
> responds with "DUNNO" (as configured in "quota_status_success" ) to let
> postifx continue with its sender checks. if the recipient's mail box is
> unable to accept mails, the dovecot responds with "552 5.2.2 Mailbox is
> full" (as configured in "quota_status_overquota"), this will prevent
> postfix from accepting mail and will respond with 552 status .  All this
> is documented in that blog.
> 

Thanks.  I saw the link to Hildebrandt's blog on the wiki.  (BTW, his
Postfix book is still great!)  And I understood the example.  But it didn't
cover the answers to my questions. Aki covered most of them.

Thanks again,
Michael

RE: FW: quota-status service

2016-07-03 Thread Michael Fox 
> No. But someone knew what to answer to them, you keep spamming the mailing
> list with repeated '???' instead of waiting, which *is* impolite. Someone
> WILL answer you when they have time to study your question and prepare an
> answer. As I said, if you think you should be entitled to timely
> responses, please consider purchasing a support agreement, so you can have
> an SLA. Support provided over mailing list is pro bono publico and no one
> gets paid doing it for you.

Understood.  And I don't think I'm "entitled" to anything.  The list is free.

But it may be helpful to understand this:  I figured that most people would 
want to use the quota-status service.  Therefore, most people must know 
something about it.  But there was no response at all, not even "I can help but 
it will take a couple of days", even though there was lots of other activity on 
the list.   So I did what is commonplace on some other lists by bumping it up 
to the top again.  No disrespect intended.  Every list has its own 
"personality".  I'll learn.

> 1. Quota status comes with dovecot-core, on my server (debian) it is in
> 
> ~$ ls -lah /usr/lib/dovecot/quota-status
> -rwxr-xr-x 1 root root 84K May 27 12:35 /usr/lib/dovecot/quota-status
> 
> Did you look there?

Yes.  I actually looked everywhere with find / ...
This machine is running Ubuntu 12.04, dovecot --version = 2.0.19

So, I just tried installing on another machine running Ubuntu 14.04, dovecot 
--version = 2.2.9.  It **is** there on that machine.

So, evidently, quota-status is not part of the older version.  I guess I'll 
need to upgrade since I prefer not to compile from source.

 
> You also are going to need ...
> [answers clipped]

Thank you.  All EXCELLENT information.  

quota_status_toolarge wasn't mentioned on the wiki.  I presume that refers to 
the individual message size being too large, correct?

Thanks again, this is what I needed.

Michael

Re: quota-status service

2016-07-03 Thread Vijay Rajah 

Michael,


See my responses inline


On 07/02/2016 06:25 AM, Michael Fox wrote:

???

  


From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org) 
Subject: quota-status service

  


I'm trying to understand the quota-status service, but I can't find complete
documentation.

  


The quota-status service is mentioned here:  http://wiki.dovecot.org/Quota

  


And an example configuration is shown:

  


service quota-status {

 executable = quota-status -p postfix

 inet_listener {

 port = 12340

 # You can choose any port you want

 }

 client_limit = 1

}

  

This is how I have configured it.


But I can't find any information on quota-status.

"man quota-status" returns nothing.

I am unable to find a "quota-status" file on my machine.  Where is the
executable located?

What does the "-p postfix" option do?

Are there any other command line options?

The above wiki page shows three quota_status_* options in use:

 quota_status_success = DUNNO
 quota_status_nouser = DUNNO
 quota_status_overquota = "552 5.2.2 Mailbox is full"


The way I understand it is, this Quota service was built specifically 
for postfix. (I only have postfix, have not used any other MTA)
The "quota-status" executable is in you libexec directory. ( I compiled 
my dovecot instance, hence is is not in "regular" directory)
The "quota_status_*" are responses to postifx. AFAIK, these are the only 
3 possible options.


Please see ( 
https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ ) for 
a detailed info on this


When Postfix MTA is "inline" with the sender, and if you have correctly 
configured the quota service, it will check if the recipient's mailbox 
can accept mails. If the recipient is able to accept mail dovecot 
responds with "DUNNO" (as configured in "quota_status_success" ) to let 
postifx continue with its sender checks. if the recipient's mail box is 
unable to accept mails, the dovecot responds with "552 5.2.2 Mailbox is 
full" (as configured in "quota_status_overquota"), this will prevent 
postfix from accepting mail and will respond with 552 status .  All this 
is documented in that blog.


Please also see: http://www.postfix.org/SMTPD_ACCESS_README.html



Where are their meanings documented?

What are the allowed values?

Are there other quota_status_* options?

  


Thanks in advance.

  


Thanks,

Michael

  

Hope this was helpful

-Thanks
Vijay

RE: FW: quota-status service

2016-07-03 Thread aki . tuomi 

> On July 3, 2016 at 6:41 PM Michael Fox  wrote:
> 
> 
> Aki:  Over the last three days, I've watched many other questions being asked 
> and answered.  Were they also impolite to ask?
> 

No. But someone knew what to answer to them, you keep spamming the mailing list 
with repeated '???' instead of waiting, which *is* impolite. Someone WILL 
answer you when they have time to study your question and prepare an answer. As 
I said, if you think you should be entitled to timely responses, please 
consider purchasing a support agreement, so you can have an SLA. Support 
provided over mailing list is pro bono publico and no one gets paid doing it 
for you.

Anyways, here are *some* answers to your questions:

1. Quota status comes with dovecot-core, on my server (debian) it is in

~$ ls -lah /usr/lib/dovecot/quota-status
-rwxr-xr-x 1 root root 84K May 27 12:35 /usr/lib/dovecot/quota-status

Did you look there?

You also are going to need to use 'mail_plugins = $mail_plugins quota'. See 
quota configuration in dovecot wiki. (http://wiki2.dovecot.org/Quota)

2. It has no man page because it is not intended to be ran at command line, but 
-p means protocol. It should match your MTA/MX. Such as postfix, which at the 
moment is the only supported one.

3. Port you can choose freely, it is used by postfix to check the delivery 
possiblity before actually doing it. This is the statement in 
smtpd_recipient_restrictions,

check_policy_service inet:mailstore.example.com:12340

replace mailstore.example.com with localhost or your dovecot hostname. And port 
with what you choose.

4. The various responses are what your MTA/MX expects. Looking at postfix 
manual (http://www.postfix.org/SMTPD_POLICY_README.html#protocol) you can see 
that "The "DUNNO" action causes Postfix to ignore the result."

You can look at the postfix manual for various acceptable answers, but the one 
indicated in the configuration example probably works best.

5. quota_status_*

quota_status_success, default response is OK
quota_status_toolarge
quota_status_overquota

toolarge and overquota default to "554 5.2.2 ".

quota_status_nouser, default response is "REJECT Unknown user"

These are sent verbatim to your MTA/MX; refer to it's documentation for allowed 
responses.

---
Aki Tuomi
Dovecot oy

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Tried it but now luck in either OX App Suite or Thunderbird.

The thing is that it isn’t even listed as a subscribeable folder. For example I 
have a Public namespace at that lists all the public mailboxes but Shared 
doesn’t list anything.

I installed an addon in Thunderbird for ACL and that lists correct permissions 
on the INBOX folders. (Users having lookup & read permissions).

I can post the doveconf output if you want?


> On 3 Jul 2016, at 16:52, aki.tu...@dovecot.fi wrote:
> 
> 
>> On July 3, 2016 at 6:46 PM Marti Markov  wrote:
>> 
>> 
>> Aki, you were right. 
>> It was at /usr/lib/dovecot
>> 
>> Here is the output:
>> 
>> * LIST (\Noselect \HasChildren) "/" Shared
>> * LIST (\Noselect \HasChildren) "/" Shared/d.marteva
>> * LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
> 
> Can you try 
> 
> doveadm mailbox subscribe -u yourusername Shared/d.marteva/INBOX
> 
> Aki

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread aki . tuomi 

> On July 3, 2016 at 6:46 PM Marti Markov  wrote:
> 
> 
> Aki, you were right. 
> It was at /usr/lib/dovecot
> 
> Here is the output:
> 
> * LIST (\Noselect \HasChildren) "/" Shared
> * LIST (\Noselect \HasChildren) "/" Shared/d.marteva
> * LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX

Can you try 

doveadm mailbox subscribe -u yourusername Shared/d.marteva/INBOX

Aki

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Aki, you were right. 
It was at /usr/lib/dovecot

Here is the output:

root@mail:~#  /usr/lib/dovecot/imap  -u m.markov
* PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS 
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE ACL RIGHTS=texk] Logged in 
as m.mar...@domain.com
1 LIST "" "*"
* LIST (\HasNoChildren) "/" confirmed-spam
* LIST (\HasNoChildren \Trash) "/" Trash
* LIST (\HasNoChildren) "/" SpamLikely
* LIST (\HasNoChildren) "/" Spam
* LIST (\HasNoChildren) "/" "Sent Items"
* LIST (\HasNoChildren) "/" Archive
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren) "/" Notes
* LIST (\HasNoChildren) "/" TeamViewer
* LIST (\HasNoChildren \Sent) "/" "Sent Messages"
* LIST (\HasNoChildren) "/" confirmed-ham
* LIST (\Noselect \HasChildren) "/" Public
* LIST (\HasNoChildren) "/" Public/office3
* LIST (\HasNoChildren) "/" Public/office4
* LIST (\HasNoChildren) "/" Public/support
* LIST (\HasNoChildren) "/" Public/root
* LIST (\HasNoChildren) "/" Public/updates
* LIST (\HasNoChildren) "/" Public/postmaster
* LIST (\Noselect \HasChildren) "/" Shared
* LIST (\Noselect \HasChildren) "/" Shared/d.marteva
* LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
* LIST (\HasNoChildren) "/" INBOX
1 OK List completed.
2 LOGOUT


It does list the shared mailbox but it never shows up in either OX App Suite or 
Thunderbird.


> On 3 Jul 2016, at 15:04, aki.tu...@dovecot.fi wrote:
> 
> You should have it. Otherwise imap wouldn't work. It's probably under 
> /usr/lib/dovecot or /usr/lib/x86_64/dovecot
> 
> Aki
> 
>> On July 2, 2016 at 11:11 PM Marti Markov  wrote:
>> 
>> 
>> I don’t seem to have that install on my Debian machine.
>> 
>> But I have done this:
>> 
>> 1 LIST "" %
>> * LIST (\HasNoChildren) "/" confirmed-spam
>> * LIST (\HasChildren) "/" Archive
>> * LIST (\HasNoChildren \Sent) "/" Sent
>> * LIST (\HasChildren \Trash) "/" Trash
>> * LIST (\HasNoChildren) "/" Spam
>> * LIST (\HasChildren) "/" Archives
>> * LIST (\HasNoChildren \Drafts) "/" Drafts
>> * LIST (\HasNoChildren \Junk) "/" Junk
>> * LIST (\HasNoChildren) "/" Unwanted
>> * LIST (\HasNoChildren) "/" confirmed-ham
>> * LIST (\Noselect \HasChildren) "/" Public
>> * LIST (\Noselect \HasNoChildren) "/" Shared
>> * LIST (\HasNoChildren) "/" INBOX
>> 1 OK List completed.
>> 7 LIST * *
>> * LIST (\HasNoChildren) "/" confirmed-spam
>> * LIST (\HasChildren) "/" Archive
>> * LIST (\HasNoChildren) "/" Archive/2015
>> * LIST (\HasNoChildren \Sent) "/" Sent
>> * LIST (\HasChildren \Trash) "/" Trash
>> * LIST (\HasNoChildren) "/" Trash/Junk
>> * LIST (\HasNoChildren) "/" Spam
>> * LIST (\HasChildren) "/" Archives
>> * LIST (\HasNoChildren) "/" Archives/2015
>> * LIST (\HasNoChildren) "/" Archives/2011
>> * LIST (\HasNoChildren \Drafts) "/" Drafts
>> * LIST (\HasNoChildren \Junk) "/" Junk
>> * LIST (\HasNoChildren) "/" Unwanted
>> * LIST (\HasNoChildren) "/" confirmed-ham
>> * LIST (\Noselect \HasChildren) "/" Public
>> * LIST (\HasNoChildren) "/" Public/office3
>> * LIST (\HasNoChildren) "/" Public/office4
>> * LIST (\Noselect \HasNoChildren) "/" Shared
>> * LIST (\HasNoChildren) "/" INBOX
>> 7 OK List completed.
>> 
>> By connecting using `openssl` from a remote machine.
>> 
>>> On 1 Jul 2016, at 09:02, Steffen Kaiser  
>>> wrote:
>>> 
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>> 
>>> On Thu, 30 Jun 2016, Marti Markov wrote:
>>> 
 I think I have configured everything correctly but for some reason I can’t 
 get a list of the shared mailboxes to show up.
 
 When I run:
 
 doveadm acl debug -u m.markov Shared/d.marteva/INBOX
 
 
 doveadm(m.markov): Info: User d.marteva found from ACL shared dict
 doveadm(m.markov): Info: Mailbox Shared/d.marteva/INBOX is visible in LIST
>>> 
>>> did you've tried:
>>> 
>>> http://wiki2.dovecot.org/PreAuth
>>> 
>>> /usr/local/libexec/dovecot/imap -u m.markov
>>> 1 LIST "" "*"
>>> 2 LOGOUT
>>> 
>>> ?
>>> 
>>> Maybe the client does not list them.
>>> 
>>> - -- Steffen Kaiser
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1
>>> 
>>> iQEVAwUBV3Yjqnz1H7kL/d9rAQIoSQgAvKFsSKxMdt82a/1p52bikwkje4YoqGjK
>>> duStP9qG2AtkkRPbbNc8JWki20xixyW7XagIP39dGwd+yNVlkMZAVna0KGIFNUwk
>>> 9eVC1lMPax9lc0kq7Fw+EqwpPtFwuGe41eAsyP3JE51VlEbnA74oPGadJJe/6cM8
>>> /3sMCxXC9PlxgoKhwFoqggnEeH0Dx6wkHqXsLT3lCnSwtQHX8ZaKlRkEaVBvTVvO
>>> ogu/9V/RZH6mhiVdlcYEDXDNoAZ7dh7ZgLqI2nCJm1AoTjpAyjnskhFT+1l5sOC0
>>> +tEb7Rfl7zAp+eJy6X9RaX9nuDzIGSTRfHBeTV9rMVXrz005FYHZpg==
>>> =uU9/
>>> -END PGP SIGNATURE-

RE: FW: quota-status service

2016-07-03 Thread Michael Fox 
Aki:  Over the last three days, I've watched many other questions being asked 
and answered.  Were they also impolite to ask?

Peter:  What exactly was impolite about identifying missing information and 
listing the specific details that I'm looking for?

Aki & Peter:  Do either of you know the answers to at least some of my 
questions?

Michael

> -Original Message-
> From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Peter
> Chiochetti
> Sent: Sunday, July 3, 2016 2:07 AM
> To: dovecot@dovecot.org
> Subject: Re: FW: quota-status service
> 
> Am 2016-07-03 um 10:43 schrieb Aki Tuomi:
> > If you need fast and timely support you can contact OX sales for an
> support agreement . It is somewhat impolite to except such from a public
> mailing list over weekend.
> 
> Nah, expecting such can be unreasonable,
> Impolite though the manner of expression
>

Re: kqueue crash on FreeBSD with 2.2.25 and OpenBSD

2016-07-03 Thread Edgar Pettijohn 
On 16-07-03 03:30:36, Timo Sirainen wrote:
> On 02 Jul 2016, at 03:30, Adam Weinberger  wrote:
> > 
> >>> Jul  1 10:07:27 imap dovecot: master: Panic: kevent(EV_ADD, READ, 54) 
> >>> failed: Bad file descriptor
> >>> 
> >>> It's not dumping core, and I get the message even with "protocols ="
> >>> 
> >>> Downgrading back to 2.2.24 fixes it. What info would be helpful for me to 
> >>> provide here?
> >> 
> >> gdb backtrace: http://dovecot.org/bugreport.html#coredumps
> >> 
> > 
> > Fuller logs attached. Thanks for your help, Timo.
> > 
> > #6  0x2815b23a in i_panic (format=0x281ccf7a "kevent(EV_ADD, READ, %d) 
> > failed: %m") at failures.c:275
> > #7  0x28185e10 in io_loop_handle_add (io=0x288843a0) at ioloop-kqueue.c:67
> > #8  0x281815a8 in io_add_file (fd=56, condition=IO_READ, 
> > source_linenum=244, callback=0x2818a7d0 , context=0x0) at 
> > ioloop.c:59
> > #9  0x281813a6 in io_add (fd=56, condition=IO_READ, source_linenum=244, 
> > callback=0x2818a7d0 , context=0x0) at ioloop.c:81
> > #10 0x2818a666 in lib_signals_set_handler (signo=1, flags=3, 
> > handler=0x804e6c0 , context=0x0) at lib-signals.c:243
> > #11 0x0804e129 in main_init (set=0x2881d098) at main.c:518
> > #12 0x0804d562 in main (argc=3, argv=0xae08) at main.c:890
> 
> Weird. I haven't touched anything even close to that. Also kqueue works on my 
> OSX. The only thing that comes to my mind is 
> https://github.com/dovecot/core/commit/fde7b8a03bf91cfa5bb7ca3e84545386243fa0d2
> 
> Does it happen to work if you use the attached patch?
> 

Looks like its an issue on OpenBSD -current as well.

This GDB was configured as "i386-unknown-openbsd6.0"...
Core was generated by `dovecot'.
Program terminated with signal 6, Aborted.
Loaded symbols for /home/edgar/sbin/dovecot
Reading symbols from /home/edgar/lib/dovecot/libdovecot.so.0.0...done.
Loaded symbols for /home/edgar/lib/dovecot/libdovecot.so.0.0
Reading symbols from /usr/lib/libc.so.88.0...done.
Loaded symbols for /usr/lib/libc.so.88.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x0d8ca24f in thrkill () at :2
2   : No such file or directory.
in 
(gdb) bt
#0  0x0d8ca24f in thrkill () at :2
#1  0x0d8cd691 in *_libc_raise (s=6) at /usr/src/lib/libc/gen/raise.c:37
#2  0x0d8cb8fc in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
#3  0x092d5a2f in default_fatal_finish (type=Variable "type" is not available.
) at failures.c:201
#4  0x092d5ae4 in i_syslog_fatal_handler (ctx=0xcf7dcdcc, 
format=0x2925f1d4 "kevent(EV_ADD, READ, %d) failed: %m", args=0xcf7dcdf4 
"<")
at failures.c:418
#5  0x17bd6f68 in master_fatal_callback (ctx=0xcf7dcdcc, 
format=0x2925f1d4 "kevent(EV_ADD, READ, %d) failed: %m", args=0xcf7dcdf4 
"<")
at main.c:167
#6  0x092d4ea6 in i_panic (format=Could not find the frame base for "i_panic".
) at failures.c:275
#7  0x092de2b9 in io_loop_handle_add (io=Variable "io" is not available.
) at ioloop-kqueue.c:67
#8  0x092df3e2 in io_add_file (fd=60, condition=IO_READ, source_linenum=244, 
callback=0x92efe80 , context=0x0) at ioloop.c:59
#9  0x092df491 in io_add (fd=60, condition=IO_READ, source_linenum=244, 
callback=0x92efe80 , context=0x0) at ioloop.c:81
#10 0x092f0283 in lib_signals_set_handler (signo=1, flags=3, 
handler=0x17bd5d30 , context=0x0) at lib-signals.c:243
#11 0x17bd58fb in main_init (set=0x86b34098) at main.c:518
#12 0x17bd6878 in main (argc=Cannot access memory at address 0x0
) at main.c:890
Current language:  auto; currently asm
(gdb) bt full
#0  0x0d8ca24f in thrkill () at :2
No locals.
#1  0x0d8cd691 in *_libc_raise (s=6) at /usr/src/lib/libc/gen/raise.c:37
No locals.
#2  0x0d8cb8fc in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
mask = 4294967263
sa = {__sigaction_u = {__sa_handler = 0xcf7dcd38, __sa_sigaction = 
0xcf7dcd38}, 
  sa_mask = 690456752, sa_flags = 1}
#3  0x092d5a2f in default_fatal_finish (type=Variable "type" is not available.
) at failures.c:201
backtrace = Variable "backtrace" is not available.
(gdb)

I'm happy to test patches, etc.
-- 
Edgar Pettijohn

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread aki . tuomi 
You should have it. Otherwise imap wouldn't work. It's probably under 
/usr/lib/dovecot or /usr/lib/x86_64/dovecot

Aki

> On July 2, 2016 at 11:11 PM Marti Markov  wrote:
> 
> 
> I don’t seem to have that install on my Debian machine.
> 
> But I have done this:
> 
> 1 LIST "" %
> * LIST (\HasNoChildren) "/" confirmed-spam
> * LIST (\HasChildren) "/" Archive
> * LIST (\HasNoChildren \Sent) "/" Sent
> * LIST (\HasChildren \Trash) "/" Trash
> * LIST (\HasNoChildren) "/" Spam
> * LIST (\HasChildren) "/" Archives
> * LIST (\HasNoChildren \Drafts) "/" Drafts
> * LIST (\HasNoChildren \Junk) "/" Junk
> * LIST (\HasNoChildren) "/" Unwanted
> * LIST (\HasNoChildren) "/" confirmed-ham
> * LIST (\Noselect \HasChildren) "/" Public
> * LIST (\Noselect \HasNoChildren) "/" Shared
> * LIST (\HasNoChildren) "/" INBOX
> 1 OK List completed.
> 7 LIST * *
> * LIST (\HasNoChildren) "/" confirmed-spam
> * LIST (\HasChildren) "/" Archive
> * LIST (\HasNoChildren) "/" Archive/2015
> * LIST (\HasNoChildren \Sent) "/" Sent
> * LIST (\HasChildren \Trash) "/" Trash
> * LIST (\HasNoChildren) "/" Trash/Junk
> * LIST (\HasNoChildren) "/" Spam
> * LIST (\HasChildren) "/" Archives
> * LIST (\HasNoChildren) "/" Archives/2015
> * LIST (\HasNoChildren) "/" Archives/2011
> * LIST (\HasNoChildren \Drafts) "/" Drafts
> * LIST (\HasNoChildren \Junk) "/" Junk
> * LIST (\HasNoChildren) "/" Unwanted
> * LIST (\HasNoChildren) "/" confirmed-ham
> * LIST (\Noselect \HasChildren) "/" Public
> * LIST (\HasNoChildren) "/" Public/office3
> * LIST (\HasNoChildren) "/" Public/office4
> * LIST (\Noselect \HasNoChildren) "/" Shared
> * LIST (\HasNoChildren) "/" INBOX
> 7 OK List completed.
> 
> By connecting using `openssl` from a remote machine.
> 
> > On 1 Jul 2016, at 09:02, Steffen Kaiser  
> > wrote:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > On Thu, 30 Jun 2016, Marti Markov wrote:
> > 
> >> I think I have configured everything correctly but for some reason I can’t 
> >> get a list of the shared mailboxes to show up.
> >> 
> >> When I run:
> >> 
> >> doveadm acl debug -u m.markov Shared/d.marteva/INBOX
> >> 
> >> 
> >> doveadm(m.markov): Info: User d.marteva found from ACL shared dict
> >> doveadm(m.markov): Info: Mailbox Shared/d.marteva/INBOX is visible in LIST
> > 
> > did you've tried:
> > 
> > http://wiki2.dovecot.org/PreAuth
> > 
> > /usr/local/libexec/dovecot/imap -u m.markov
> > 1 LIST "" "*"
> > 2 LOGOUT
> > 
> > ?
> > 
> > Maybe the client does not list them.
> > 
> > - -- Steffen Kaiser
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1
> > 
> > iQEVAwUBV3Yjqnz1H7kL/d9rAQIoSQgAvKFsSKxMdt82a/1p52bikwkje4YoqGjK
> > duStP9qG2AtkkRPbbNc8JWki20xixyW7XagIP39dGwd+yNVlkMZAVna0KGIFNUwk
> > 9eVC1lMPax9lc0kq7Fw+EqwpPtFwuGe41eAsyP3JE51VlEbnA74oPGadJJe/6cM8
> > /3sMCxXC9PlxgoKhwFoqggnEeH0Dx6wkHqXsLT3lCnSwtQHX8ZaKlRkEaVBvTVvO
> > ogu/9V/RZH6mhiVdlcYEDXDNoAZ7dh7ZgLqI2nCJm1AoTjpAyjnskhFT+1l5sOC0
> > +tEb7Rfl7zAp+eJy6X9RaX9nuDzIGSTRfHBeTV9rMVXrz005FYHZpg==
> > =uU9/
> > -END PGP SIGNATURE-

Re: FW: quota-status service

2016-07-03 Thread Peter Chiochetti 

Am 2016-07-03 um 10:43 schrieb Aki Tuomi:

If you need fast and timely support you can contact OX sales for an support 
agreement . It is somewhat impolite to except such from a public mailing list 
over weekend.


Nah, expecting such can be unreasonable,
Impolite though the manner of expression



---Aki TuomiDovecot oy
 Original message From: Michael Fox  Date: 03/07/2016 
 09:00  (GMT+02:00) To: Dovecot Mailing List  Subject: FW: 
quota-status service
??? 3rd request

-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
Sent: Friday, July 1, 2016 5:56 PM
To: Dovecot Mailing List 
Subject: RE: quota-status service

???



From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org) 
Subject: quota-status service



--
peter

Re: FW: quota-status service

2016-07-03 Thread Aki Tuomi 
If you need fast and timely support you can contact OX sales for an support 
agreement . It is somewhat impolite to except such from a public mailing list 
over weekend.
---Aki TuomiDovecot oy
 Original message From: Michael Fox  Date: 
03/07/2016  09:00  (GMT+02:00) To: Dovecot Mailing List  
Subject: FW: quota-status service 
??? 3rd request

-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
Sent: Friday, July 1, 2016 5:56 PM
To: Dovecot Mailing List 
Subject: RE: quota-status service

???

 

From: Michael Fox [mailto:n...@mefox.org] 
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org) 
Subject: quota-status service

 

I'm trying to understand the quota-status service, but I can't find complete
documentation.

 

The quota-status service is mentioned here:  http://wiki.dovecot.org/Quota

 

And an example configuration is shown:

 

service quota-status {

    executable = quota-status -p postfix

    inet_listener {

    port = 12340

    # You can choose any port you want

    }

    client_limit = 1

}

 

But I can't find any information on quota-status.

"man quota-status" returns nothing.

I am unable to find a "quota-status" file on my machine.  Where is the
executable located?

What does the "-p postfix" option do?

Are there any other command line options?

The above wiki page shows three quota_status_* options in use:

    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is full"

Where are their meanings documented?

What are the allowed values?

Are there other quota_status_* options?

 

Thanks in advance.

 

Thanks,

Michael

FW: quota-status service

2016-07-03 Thread Michael Fox 
??? 3rd request

-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
Sent: Friday, July 1, 2016 5:56 PM
To: Dovecot Mailing List 
Subject: RE: quota-status service

???

 

From: Michael Fox [mailto:n...@mefox.org] 
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org) 
Subject: quota-status service

 

I'm trying to understand the quota-status service, but I can't find complete
documentation.

 

The quota-status service is mentioned here:  http://wiki.dovecot.org/Quota

 

And an example configuration is shown:

 

service quota-status {

executable = quota-status -p postfix

inet_listener {

port = 12340

# You can choose any port you want

}

client_limit = 1

}

 

But I can't find any information on quota-status.

"man quota-status" returns nothing.

I am unable to find a "quota-status" file on my machine.  Where is the
executable located?

What does the "-p postfix" option do?

Are there any other command line options?

The above wiki page shows three quota_status_* options in use:

quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"

Where are their meanings documented?

What are the allowed values?

Are there other quota_status_* options?

 

Thanks in advance.

 

Thanks,

Michael