Re: Dovecot 2.2.25 fails on SSL

[Aki Tuomi]

> On September 30, 2016 at 3:26 AM "Andreas M. Kirchwitz"  
> wrote:
> 
> 
> Joseph Tam  wrote:
> 
> >>> OK, the origin of your problem becomes clearer.  You can hardcode these
> >>> paths into the executables by doing something like
> >>>
> >>>   env CFLAGS='-I/my'ssl/include' \
> >>>   LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \
> >>>   configure ...
> >>
> >> Based on your mail I've tried CFLAGS/LDFLAGS again, and
> >> now Dovecot didn't even compile any longer.
> >
> > I don't use the same OS as you, but what errors dis you get?
> 
> To be exact here, it's not the compiler but the linker failing
> (of course, the whole problem is about the linking process).
> 
> With "--as-needed", the crypto/ssl libraries are not linked at all with
> the object files. I don't quite understand why it doesn't fall back to
> the system crypto/ssl libraries because they are in the default pathes
> with all other libraries. (That's basically what most other software
> packages do if my custom pathes for "-L" "-Wl,-R" somehow get ignored
> in the building process.)
> 
> IMHO, the unusual option "--as-needed" should be removed. There seems
> to be no benefit but it basically keeps Dovecot to be linked against
> any custom-specified library.
> 
> Maybe it's just a problem with RHEL/CentOS 6 and the GCC that ships
> with it. I'm compiling a lot of software myself and link it against
> my custom OpenSSL. Never had this problem before, otherwise I would
> have known to specify "-Wl,--no-as-needed" to reverse ld's behavior
> to the default.
> 
> Well, at least I've learned something new. :-)
> 
>   Regards, Andreas

Hi, 

The as-needed issue has been hopefully fixed in 
https://github.com/dovecot/core/commit/f49f1c5fa6a9a55a194e5ada042df134907278f4

Aki

Re: Dovecot 2.2.25 fails on SSL

[Andreas M. Kirchwitz]

Joseph Tam  wrote:

>>> OK, the origin of your problem becomes clearer.  You can hardcode these
>>> paths into the executables by doing something like
>>>
>>> env CFLAGS='-I/my'ssl/include' \
>>> LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib' \
>>> configure ...
>>
>> Based on your mail I've tried CFLAGS/LDFLAGS again, and
>> now Dovecot didn't even compile any longer.
>
> I don't use the same OS as you, but what errors dis you get?

To be exact here, it's not the compiler but the linker failing
(of course, the whole problem is about the linking process).

With "--as-needed", the crypto/ssl libraries are not linked at all with
the object files. I don't quite understand why it doesn't fall back to
the system crypto/ssl libraries because they are in the default pathes
with all other libraries. (That's basically what most other software
packages do if my custom pathes for "-L" "-Wl,-R" somehow get ignored
in the building process.)

IMHO, the unusual option "--as-needed" should be removed. There seems
to be no benefit but it basically keeps Dovecot to be linked against
any custom-specified library.

Maybe it's just a problem with RHEL/CentOS 6 and the GCC that ships
with it. I'm compiling a lot of software myself and link it against
my custom OpenSSL. Never had this problem before, otherwise I would
have known to specify "-Wl,--no-as-needed" to reverse ld's behavior
to the default.

Well, at least I've learned something new. :-)

Regards, Andreas

Re: Softlinks

[Chris]

Steffen Kaiser wrote:
> On Wed, 28 Sep 2016, Chris wrote:
>> I'm using Maildir. Is it possible to move all (or only some) maildirs
>> with
>> softlinks to another partition?
>
> I did this, but be prepared that you have left-overs when the user deletes
> the mailbox (mail folder).

Ok, thank you. I would just link top-level folders, e.g.

/var/vmail/users/userA -> /data/vmail2/users/userA

for some extra big mailboxes.

- Chris

doveadm backup fails (compromised single attachment storage)

[Webert de Souza Lima]

Hi,

A couple of months ago I had a problem with Single Attachment Storage after
infrastructure migration;

All mailboxes were rsynced to another filesystem, and that may have broken
Single Attachment Storage. Many, many (if not all) mailboxes show the below
logs on dovecot:

imap(f...@bar.com): Error: read(attachments-connector(zlib(/dovecotdir/mail/
bar.com/foo/mailboxes/INBOX/dbox-Mails/u.26426))) failed:
read(/dovecotdir/attach/
bar.com/de/86/de8673894d6fb3f4460e3c26436eefa9a73517fa0f000452f553822367220761502e1d0ce220eee5aa9acf232df0adebf40cce90b57d2e60e1eb9c9ef21671fa-b0d3411772c1495753619331bd36-43cea6154b3275573b089331bd36-26426[base64:19
b/l]) failed: open(/dovecotdir/attach/
bar.com/de/86/de8673894d6fb3f4460e3c26436eefa9a73517fa0f000452f553822367220761502e1d0ce220eee5aa9acf232df0adebf40cce90b57d2e60e1eb9c9ef21671fa-b0d3411772c1495753619331bd36-43cea6154b3275573b089331bd36-26426)
failed: No such file or directory


When that happens, the MUA keeps syncing forever.

Now, I need to migrate all mailboxes (again) to another dovecot instance
(with no SAS), which works perfectly for new users but when I try to
migrate users from my current dovecot server for this new server, I get
such errors again, and I can't migrate:

2016-09-29T12:20:50.995934059Z Sep 29 12:20:50 dsync-server(f...@bar.com):
Error: dsync(cf7d091311eb):
read(attachments-connector(zlib(/dovecotdir/mdbox/bar.com/foo/storage/m.1)))
failed: read(/dovecotdir/attach/
bar.com/0c/df/0cdf86b1920938fe3a043f87e2ee9e63dda276bd5b9fba687e4a0c63d181c3b6ebdb96a9517f048c963db71404ad5d14e896e2e67b7abb0c9e107aed5c15ecf1-430ea904dff46757ba179331bd36[base64:18
b/l]) failed: open(/dovecotdir/attach/
bar.com/0c/df/0cdf86b1920938fe3a043f87e2ee9e63dda276bd5b9fba687e4a0c63d181c3b6ebdb96a9517f048c963db71404ad5d14e896e2e67b7abb0c9e107aed5c15ecf1-430ea904dff46757ba179331bd36)
failed: No such file or directory (last sent=mail, last recv=mail_request
(EOL))

Is there a way to fix the attachments problem? (I know I can't recover such
files, that's Ok)
Is there a way to migrate (dsync backup) ignoring such problems?

Thanks in advance.

Re: Login just at special timeslots / working hours

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 27 Sep 2016, Aki Tuomi wrote:

On September 27, 2016 at 5:42 PM Götz Reinicke - IT Koordinator 
 wrote:

is there a dovecot feature I did not found yet, which can limit the
access to the server to special timeslots like working hours?

Or is that a serverside / sssd / auth / pam / account feature?

Thanks for hints to some helpfull documentation and sugesstions.


At least this is doable with PAM. See
http://www.linux-pam.org/Linux-PAM-html/sag-pam_time.html


Should be also doable with SQL-based passdb by adding the check to the 
WHERE clause - even by user.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBV+zNiHz1H7kL/d9rAQL0Lwf8Ca4frRhb/99pLgFw90XcSnUqbT/AU2dw
Nr4xb5uQaT3mkO67aME0jA+0yRW8Bz74qV+ULkC/KxzMo1Oh5f1t+4eeSseZWUBe
TZik2z1ypzzAvMOdf8Z/ldkmNibAjiAdE1/WOioefTVL+LYmRwwrc4BBRQGXtLvO
Ef3ZcHWPwPJ6JCji0GsYbfR8is2vNj9YJEdhjROAPokWQ6up5fpULWUAVvk5vTxd
d6YGrmBpUFydgK36uxB11LefVawd0hFJN+ogFtFiP2J+gZEx+AQ0NgKA+CFwYGxL
4ltCEAN1NYbyuPTezZaZWZBBu2uUXwdXT7oxzzKhZqtpBIJXQUl/NA==
=R0HA
-END PGP SIGNATURE-

Re: Softlinks

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 28 Sep 2016, Chris wrote:


I'm using Maildir. Is it possible to move all (or only some) maildirs with
softlinks to another partition?


I did this, but be prepared that you have left-overs when the user deletes 
the mailbox (mail folder).


I have mapped for instance SPAM / HAM reporting and some widely folders 
folders into user's Maildir, this works without any problems. Well, no 
user tried to delete those linked ones so far.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBV+y9Anz1H7kL/d9rAQLkswf+K71RLMNh6DsehPjgd4jb8Rk9MvixcINa
1RYZqowHvfEf/zWGF+uOZxIycSTxf+84K3Qiac6EjHSQXsVbosy7o4v6S1EZOeAi
n9mK9itDjXhDGnY1MlYgpJ1C/pK+UqbYzgelR1WgBH8AiI+zEzEHv4RCEvLaFSxB
RfizZ66Nz2kaw9PnXkwmN5R8wzasdT3+1DKiekGzMRi4U/Rc61PuWEwNBZKllfnc
5jQAopi7PsEX8eO11xWtGbyTtLj2qm/k9odphiWl8fJlZpTICdtuyFxVpbsZf/t/
TRO5meXfIAHs4+BI/LYmHnCNiELUlwaGJAyRBzPNcMO7aDtANqSatw==
=9vGQ
-END PGP SIGNATURE-