Re: Outlook 2010 woes

2016-10-13 Thread Joseph Tam 

On Thu, 13 Oct 2016, Bryan Holloway wrote:


Rebuilding caches?  Do you get the same delay when going back to the folder
after the initial delay.


No, but once sitting idle again for 10-15 seconds, the delay occurs again 
regardless of which folder you choose.


Another diagnostic is to strace the server process.

Joseph Tam

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 11:01 AM, Aki Tuomi wrote:



On October 13, 2016 at 6:52 PM Konstantin Khomoutov 
 wrote:


On Thu, 13 Oct 2016 10:35:14 -0500
Bryan Holloway  wrote:


[...]

Is there a way to see the IMAP commands coming from the client?
I've tried looking at PCAPs, but of course they're encrypted so I
can't see the actual dialog going on between the server and
client. I didn't see an obvious way to do this in the docs.


If you have access to the SSL/TLS key (IOW, the private part of the
cert) the server uses to secure IMAP connections you can dump the
IMAP traffic using the `ssldump` utility (which builds on
`tcpdump`).


I do, but the client is using a DH key exchange so I only have the
server-side private key.

Tried that using Wireshark's decoder features and ran into this
problem. I'm assuming I'd run into the same using ssldump, but I'll
give it a shot!


I think DH is not the culprit: just to be able to actually decode SSL
traffic, you must have the server private key when you're decoding the
SSL handshake phase -- to be able to recover the session keys, which
you then use to decode the actual tunneled data.


You can also enable only non DH algorithms in ssl settings if rawlog isn't 
working for you.

Aki



Ah -- interesting tip. I hadn't thought of that. Thank you! I'll report 
my findings to the list.

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 10:42 AM, Urban Loesch wrote:



Am 13.10.2016 um 16:53 schrieb Bryan Holloway:

On 10/13/16 9:07 AM, Aki Tuomi wrote:



On October 13, 2016 at 4:55 PM Jerry  wrote:


On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:


I also extended the "Server Timeout" setting in OT2010 to 10 minutes,
which doesn't seem to help either. (!)


Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.

--
Jerry


I do wonder if the real culprit is some firewall that timeouts the
idle connection.

Aki



I considered that, but again everything worked fine until we moved
them from 2.1 to 2.2. Their same firewall is in use.

Is there a way to see the IMAP commands coming from the client? I've
tried looking at PCAPs, but of course they're encrypted so I can't see
the actual
dialog going on between the server and client. I didn't see an obvious
way to do this in the docs.



There is a "rawlog" feature, which writes down the hole decrypted imap
session in files.

...
service imap {
...
executable = imap postlogin
...
}

...

service postlogin {
  executable = script-login -d rawlog
  unix_listener postlogin {
  }
}
...

This should write *.in an *.out files to
"$mail_location/dovecot.rawlog/" directory for each imap session.
The directory should be writeable by the dovecot user. I tested this
some years ago, so I'm not shure if the configuration
is still valid.

Regards
Urban


Great! I will try this.

Re: Outlook 2010 woes

2016-10-13 Thread Aki Tuomi 

> On October 13, 2016 at 6:52 PM Konstantin Khomoutov 
>  wrote:
> 
> 
> On Thu, 13 Oct 2016 10:35:14 -0500
> Bryan Holloway  wrote:
> 
> > > [...]
> > >> Is there a way to see the IMAP commands coming from the client?
> > >> I've tried looking at PCAPs, but of course they're encrypted so I
> > >> can't see the actual dialog going on between the server and
> > >> client. I didn't see an obvious way to do this in the docs.
> > >
> > > If you have access to the SSL/TLS key (IOW, the private part of the
> > > cert) the server uses to secure IMAP connections you can dump the
> > > IMAP traffic using the `ssldump` utility (which builds on
> > > `tcpdump`).
> > 
> > I do, but the client is using a DH key exchange so I only have the 
> > server-side private key.
> > 
> > Tried that using Wireshark's decoder features and ran into this
> > problem. I'm assuming I'd run into the same using ssldump, but I'll
> > give it a shot!
> 
> I think DH is not the culprit: just to be able to actually decode SSL
> traffic, you must have the server private key when you're decoding the
> SSL handshake phase -- to be able to recover the session keys, which
> you then use to decode the actual tunneled data.

You can also enable only non DH algorithms in ssl settings if rawlog isn't 
working for you. 

Aki

Re: Outlook 2010 woes

2016-10-13 Thread Konstantin Khomoutov 
On Thu, 13 Oct 2016 10:35:14 -0500
Bryan Holloway  wrote:

> > [...]
> >> Is there a way to see the IMAP commands coming from the client?
> >> I've tried looking at PCAPs, but of course they're encrypted so I
> >> can't see the actual dialog going on between the server and
> >> client. I didn't see an obvious way to do this in the docs.
> >
> > If you have access to the SSL/TLS key (IOW, the private part of the
> > cert) the server uses to secure IMAP connections you can dump the
> > IMAP traffic using the `ssldump` utility (which builds on
> > `tcpdump`).
> 
> I do, but the client is using a DH key exchange so I only have the 
> server-side private key.
> 
> Tried that using Wireshark's decoder features and ran into this
> problem. I'm assuming I'd run into the same using ssldump, but I'll
> give it a shot!

I think DH is not the culprit: just to be able to actually decode SSL
traffic, you must have the server private key when you're decoding the
SSL handshake phase -- to be able to recover the session keys, which
you then use to decode the actual tunneled data.

Re: Outlook 2010 woes

2016-10-13 Thread Urban Loesch 



Am 13.10.2016 um 16:53 schrieb Bryan Holloway:

On 10/13/16 9:07 AM, Aki Tuomi wrote:



On October 13, 2016 at 4:55 PM Jerry  wrote:


On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:


I also extended the "Server Timeout" setting in OT2010 to 10 minutes,
which doesn't seem to help either. (!)


Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.

--
Jerry


I do wonder if the real culprit is some firewall that timeouts the idle 
connection.

Aki



I considered that, but again everything worked fine until we moved them from 
2.1 to 2.2. Their same firewall is in use.

Is there a way to see the IMAP commands coming from the client? I've tried 
looking at PCAPs, but of course they're encrypted so I can't see the actual
dialog going on between the server and client. I didn't see an obvious way to 
do this in the docs.



There is a "rawlog" feature, which writes down the hole decrypted imap session 
in files.

...
service imap {
...
executable = imap postlogin
...
}

...

service postlogin {
  executable = script-login -d rawlog
  unix_listener postlogin {
  }
}
...

This should write *.in an *.out files to "$mail_location/dovecot.rawlog/" 
directory for each imap session.
The directory should be writeable by the dovecot user. I tested this some years 
ago, so I'm not shure if the configuration
is still valid.

Regards
Urban

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 10:23 AM, Konstantin Khomoutov wrote:

On Thu, 13 Oct 2016 09:53:19 -0500
Bryan Holloway  wrote:

[...]

Is there a way to see the IMAP commands coming from the client? I've
tried looking at PCAPs, but of course they're encrypted so I can't
see the actual dialog going on between the server and client. I
didn't see an obvious way to do this in the docs.


If you have access to the SSL/TLS key (IOW, the private part of the
cert) the server uses to secure IMAP connections you can dump the IMAP
traffic using the `ssldump` utility (which builds on `tcpdump`).



I do, but the client is using a DH key exchange so I only have the 
server-side private key.


Tried that using Wireshark's decoder features and ran into this problem. 
I'm assuming I'd run into the same using ssldump, but I'll give it a shot!


Stupid privacy. :)

Re: Outlook 2010 woes

2016-10-13 Thread Konstantin Khomoutov 
On Thu, 13 Oct 2016 09:53:19 -0500
Bryan Holloway  wrote:

[...]
> Is there a way to see the IMAP commands coming from the client? I've 
> tried looking at PCAPs, but of course they're encrypted so I can't
> see the actual dialog going on between the server and client. I
> didn't see an obvious way to do this in the docs.

If you have access to the SSL/TLS key (IOW, the private part of the
cert) the server uses to secure IMAP connections you can dump the IMAP
traffic using the `ssldump` utility (which builds on `tcpdump`).

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 9:07 AM, Aki Tuomi wrote:



On October 13, 2016 at 4:55 PM Jerry  wrote:


On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:


I also extended the "Server Timeout" setting in OT2010 to 10 minutes,
which doesn't seem to help either. (!)


Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.

--
Jerry


I do wonder if the real culprit is some firewall that timeouts the idle 
connection.

Aki



I considered that, but again everything worked fine until we moved them 
from 2.1 to 2.2. Their same firewall is in use.


Is there a way to see the IMAP commands coming from the client? I've 
tried looking at PCAPs, but of course they're encrypted so I can't see 
the actual dialog going on between the server and client. I didn't see 
an obvious way to do this in the docs.

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 9:06 AM, Bryan Holloway wrote:

On 10/13/16 8:55 AM, Jerry wrote:

On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:


I also extended the "Server Timeout" setting in OT2010 to 10 minutes,
which doesn't seem to help either. (!)


Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.



Yeah -- totally not disagreeing with that statement ... the problem is
that the customer is putting their foot down since everything worked
fine with Dovecot 2.1.

But yes, I have mentioned that to them ...


I guess I should add that it would be one thing if there were a specific 
IMAP feature that a newer Dovecot version (2.2) supported and the client 
didn't, but I haven't been able to pinpoint it.


Obviously the behavior is different than what it was, but it would be a 
lot easier to convince the customer to upgrade if I could point a finger 
right at the "feature" in question.


In the meantime, I have to try and figure out what's changed ...

Re: Outlook 2010 woes

2016-10-13 Thread Aki Tuomi 

> On October 13, 2016 at 4:55 PM Jerry  wrote:
> 
> 
> On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:
> 
> >I also extended the "Server Timeout" setting in OT2010 to 10 minutes, 
> >which doesn't seem to help either. (!)
> 
> Outlook 2010 is a very old version. Why not update to the 2016 version.
> I am running it without any problems. If you do update, remember to
> remove the old version completely first.
> 
> -- 
> Jerry

I do wonder if the real culprit is some firewall that timeouts the idle 
connection. 

Aki

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/13/16 8:55 AM, Jerry wrote:

On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:


I also extended the "Server Timeout" setting in OT2010 to 10 minutes,
which doesn't seem to help either. (!)


Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.



Yeah -- totally not disagreeing with that statement ... the problem is 
that the customer is putting their foot down since everything worked 
fine with Dovecot 2.1.


But yes, I have mentioned that to them ...

Re: Outlook 2010 woes

2016-10-13 Thread Jerry 
On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated:

>I also extended the "Server Timeout" setting in OT2010 to 10 minutes, 
>which doesn't seem to help either. (!)

Outlook 2010 is a very old version. Why not update to the 2016 version.
I am running it without any problems. If you do update, remember to
remove the old version completely first.

-- 
Jerry

Too many references: cannot splice

2016-10-13 Thread Luis Ugalde 
Hi,


A while ago I sent an email regarding these "*ETOOMANYREFS* Too many
references: cannot splice." that we've seen since Debian updated the Jessie
kernel to

3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64

while older kernels, like  3.16.0-4-amd64 #1 SMP Debian
3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 showed no errors at all.

I was wondering if no one else is getting these errors, or if you know any
workarounds that might probe useful, apart from downgrading the kernel.


I would say that the infrastructure we're running is quite standard, with
directors balancing users to NFS backed dovecot servers.


Best regards,

Luis Ugalde.

Re: Outlook 2010 woes

2016-10-13 Thread Bryan Holloway 

On 10/12/16 4:11 PM, Joseph Tam wrote:



Old server:
* Ubuntu 10.04.4 LTS
* Dovecot 2.1.13
* Maildir++
* Local auth via passwd/shadow files

New server:
* Debian GNU/Linux 8.6
* Dovecot 2.2.13
* Maildir++
* Quotas enabled
* LDAP

Basically what's happening is that users are seeing large delays when
navigating between different IMAP folders. So, for example, user "X" is
sitting idle in their INBOX.


Rebuilding caches?  Do you get the same delay when going back to the folder
after the initial delay.

Joseph Tam 


No, but once sitting idle again for 10-15 seconds, the delay occurs 
again regardless of which folder you choose.


Am I understanding your question correctly? It really seems to me like 
Outlook is prematurely ending IMAP sessions.


I also extended the "Server Timeout" setting in OT2010 to 10 minutes, 
which doesn't seem to help either. (!)


I was considering enabling the auth_cache feature to see if that helps.

I'll let the list know what happens -- planning on doing that today.

Re: dovecot 2.2.25 BUG: local_name is not matching correctly

2016-10-13 Thread Aki Tuomi 


On 13.10.2016 16:09, Arkadiusz Miśkiewicz wrote:
> Bug report:
>
> When using dovecot 2.2.25 SNI capability it doesn't always match proper vhost 
> config. For example if we have such config:
>
> local_name imap.example.com {
> ssl_cert =  ssl_key =  }
>
> but imap client sends mixedcase SNI hostname like "IMAP.example.com" then 
> dovecot won't match above local_name imap.example.coml config section.
>
> IMO dovecot should do case insensitive comparison. Case sensitive matching 
> for 
> DNS names makes little sense.
>

Hi!

Thank you for reporting this, we'll look into it.

Aki Tuomi
Dovecot oy

dovecot 2.2.25 BUG: local_name is not matching correctly

2016-10-13 Thread Arkadiusz Miśkiewicz 

Bug report:

When using dovecot 2.2.25 SNI capability it doesn't always match proper vhost 
config. For example if we have such config:

local_name imap.example.com {
ssl_cert =

Re: fix SIS attachment errors

2016-10-13 Thread Webert de Souza Lima 
To whom it may interest;

With the help of Aki Tuomi I've found a way to remove such errors and move
forward, in a way that could be automated.
As this might be a problem to others and there seems to be no discussion
about it, i'll share it with you.

What I did, essentially, was to write a shell script that do the following,
per user:

- read all the mailboxes with `doveadm fetch -u $username text all` and
redirect errors to a file
- identify all missing attachments' paths from the file created previously
and try to create a hardlink to it. Any file with the same hash (before
`-`) is good.
- identify all mailboxes and uids from messages there are still broken (the
same error file created before should have this information) and fetch
them, and save them elsewhere.
- after fetching and saving, expunge such messages.
- use doveadm save to put the messages back. They'll be without the
attachments but also without any errors.

There are some gotchas to do the above, and to automate that, so I'll be
happy to help if anyone needs.

Thank you.

On Wed, Oct 5, 2016 at 3:59 PM Webert de Souza Lima 
wrote:

Hi, I've sent some e-mails about this before but since there was no answers
I'll write it differently, with different information.

I'm using SIS (Single Instance Attachment Storage).
For any reason that is not relevant now, many attachments are missing and
the messages can't be fetched:

Error:
read(attachments-connector(zlib(/dovecot/mdbox/bar.example/foo/storage/m.1)))
failed:
read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19
b/l]) failed:
open(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36)
failed: No such file or directory

in this specific case, the /dovecot/attach/bar.example/23/ae/ director
doesn't exist.
In other cases, just one file is missing so I would assume the hardlink
could be recreated and it would work.

If I create the missing file (with touch or whatever), I get the following
errors:
Error:
read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19
b/l]) failed: Stream is smaller than expected (0 < 483065)
Error:
read(attachments-connector(zlib(/dovecot/mdbox/bar.example/foo/storage/m.1)))
failed:
read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19
b/l]) failed: Stream is smaller than expected (0 < 483065)
Error: fetch(body) failed for box=INBOX uid=15: BUG: Unknown internal error

If I try to fill the file with the amount of bytes it complains about with
the following command:

$ dd if=/dev/zero
of=/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36
bs=1 count=483065

then I get the following error:

Error:
read(/dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19
b/l]) failed: Stream is larger than expected (483928 > 483065, eof=0)
Error:
read(attachments-connector(zlib(/srv/dovecot/mdbox/bar.example/foo/storage/m.1)))
failed:
read(//dovecot/attach/bar.example/23/ae/23aed008c1f32f048afd38d9aae68c5aeae2d17a9170e28c60c75a02ec199ef4e7079cd92988ad857bd6e12cd24cdd7619bd29f26edeec842a6911bb14a86944-fb0b6a214dfa63573c1f9331bd36[base64:19
b/l]) failed: Stream is larger than expected (483928 > 483065, eof=0)
Error: fetch(body) failed for box=INBOX uid=15: BUG: Unknown internal error

Based on this I have a few questions:
1. Is there a way, or a tool to scan all mailboxes to get all the messages
that have compromised attachments?

2. is there a way to "fix" the missing files (even if creating fake files
or removing the attachments information from the messages)

3. What I need is to migrate these boxes using doveadm backup/sync, which
fails when these errors occur. Is is possible to ignore them or is there
another tool that would do it?

Thank you.

Webert Lima
Belo Horizonte, Brasil

RE: First steps in Dovecot; IMAP not working

2016-10-13 Thread Moi 
I think I found the culprit. I had backed files up using cp (e.g.
10-ssl.conf to 10-ssl.default.conf) so if I made mistakes, I could revert
easily. It looks like all files in the conf.d folder are included, therefore
my backup files overwrote the standard ones.

Now, when I try to send mails, outlook tells me it can't save the message in
the "sent" folder (the mail server denies saving there (I'm translating from
French, sorry)). The error code is 0x80040119. At least, I don't get the
same set of errors.

Thanks, aki, for your previous answer.

Re: First steps in Dovecot; IMAP not working

2016-10-13 Thread Aki Tuomi 


On 13.10.2016 12:42, Marnaud wrote:
>
> "Aki Tuomi"  wrote:
>
>> doveconf -n shows what's there. if you have ssl=no somewhere else in the
>> config after you set it to required, it gets overwritten.
>>
>> Aki
>
> Thanks, Aki.
> It means I have to open each conf file (e.g. using nano) and search
> for ssl=no; I'm right or there's a specific file to check?

I see you replied to me only, please keep your replies on-list.

Try grep -r ssl.*no /etc/dovecot

Aki

Re: First steps in Dovecot; IMAP not working

2016-10-13 Thread Aki Tuomi 
doveconf -n shows what's there. if you have ssl=no somewhere else in the
config after you set it to required, it gets overwritten.

Aki


On 13.10.2016 12:18, Marnaud wrote:
> Hello,
>
>
>
> I'm new in Dovecot and am having troubles making it working. I'm
> trying using Outlook and Apple's Mail as the mail clients. Outlook
> says it can't establish a secured connection to the server (for the
> IMAP protocol). I'm guessing sending e-mails works but I can't check.
>
>
>
> This is my current configuration (using dovecot -n):
>
>
>
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-042stab116.1 x86_64 Debian 8.6
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   driver = pam
> }
> passdb {
>   driver = pam
> }
> protocols = " imap"
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
>   }
> }
> service imap-login {
>   inet_listener imaps {
> port = 993
> ssl = yes
>   }
> }
> ssl = no
> ssl_cert =  ssl_key =  userdb {
>   driver = passwd
> }
> userdb {
>   driver = passwd
> }
>
>
>
> I find abnormal I'm seeing "ssl = no" in this configuration despite
> the fact that I have "ssl = required" in the
> /etc/dovecot/conf.d/10-ssl.conf file, but I'm new to this...
>
> I have looked around the web; finally, I'm asking here, hoping it's
> the correct place to ask.
>
>
>
> Arnaud

First steps in Dovecot; IMAP not working

2016-10-13 Thread Marnaud 

Hello,



I'm new in Dovecot and am having troubles making it working. I'm trying using 
Outlook and Apple's Mail as the mail clients. Outlook says it can't establish a 
secured connection to the server (for the IMAP protocol). I'm guessing sending 
e-mails works but I can't check.



This is my current configuration (using dovecot -n):



# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab116.1 x86_64 Debian 8.6
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
passdb {
  driver = pam
}
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
ssl = no
ssl_cert =

Re: SSL error

2016-10-13 Thread arnaud gaboury 
On Thu, Oct 13, 2016 at 10:30 AM Christian Kivalo 
wrote:

>
>
>
>
> On 2016-10-13 10:12, arnaud gaboury wrote:
>
> > On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalo 
>
> > wrote:
>
> >
>
> >>
>
> >>
>
> >>
>
> >>
>
> >> Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury <
>
> >> arnaud.gabo...@gmail.com>:
>
> >>
>
> >> >I run dovecot + postfix as my email server. Everything is working as
>
> >>
>
> >> >expected, but I see an error in the dovecot logs:
>
> >>
>
> >> >
>
> >>
>
> >> >lmtp(7331): Error: SSL context initialization failed, disabling SSL:
>
> >>
>
> >> >ENGINE_init(dynamic) failed
>
> >>
>
> >> >
>
> >>
>
> >> >Dovecot is running and emails are OK. I wonder why this error and how I
>
> >>
>
> >> >can
>
> >>
>
> >> >fix it? I see it is a SSL issue but no idea in which direction to look.
>
> >>
>
> >> >Thank you for help
>
> >>
>
> >> Please post the complete log lines and the output of dovecot -n
>
> >>
>
> >>
>
> > $ journalctl --unit=dovecot
>
> > Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot
>
> > IMAP/POP3
>
> > email server.
>
> > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error:
>
> > SSL
>
> > context initialization failed, disabling SSL: ENGINE_init(dynamic)
>
> > failed
>
> > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error:
>
> > SSL
>
> > context initialization failed, disabling SSL: ENGINE_init(dynamic)
>
> > failed
>
> > Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error:
>
> > SSL
>
> > context initialization failed, disabling SSL: ENGINE_init(dynamic)
>
> > failed
>
> > 
>
> >
>
> >
>
> > $ dovecot -n
>
> > # 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
>
> > # OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty
>
> > Four)
>
> > auth_cache_size = 10 M
>
> > auth_debug = yes
>
> > auth_debug_passwords = yes
>
> > auth_mechanisms = plain login
>
> > auth_verbose = yes
>
> > auth_verbose_passwords = plain
>
> > doveadm_socket_path = /run/dovecot/doveadm-server
>
> > imap_id_log = *
>
> > info_log_path = /storage/log/dovecot/dovecot-info.log
>
> > mail_debug = yes
>
> > mail_gid = 5000
>
> > mail_location = maildir:~:LAYOUT=fs
>
> > mail_server_admin = mailto:ad...@thetradinghall.com
>
> > mail_uid = 5000
>
> > mailbox_list_index = yes
>
> > maildir_very_dirty_syncs = yes
>
> > namespace inbox {
>
> >   inbox = yes
>
> >   location =
>
> >   mailbox Archive {
>
> > auto = create
>
> > special_use = \Archive
>
> >   }
>
> >   mailbox Drafts {
>
> > auto = create
>
> > special_use = \Drafts
>
> >   }
>
> >   mailbox Junk {
>
> > auto = create
>
> > special_use = \Junk
>
> >   }
>
> >   mailbox Sent {
>
> > auto = create
>
> > special_use = \Sent
>
> >   }
>
> >   prefix =
>
> >   separator = /
>
> >   type = private
>
> > }
>
> > passdb {
>
> >   args = /etc/dovecot/dovecot-sql.conf.ext
>
> >   driver = sql
>
> > }
>
> > protocols = imap lmtp
>
> > service auth-worker {
>
> >   user = vmail
>
> > }
>
> > service auth {
>
> >   unix_listener /var/spool/postfix/private/auth {
>
> > group = postfix
>
> > mode = 0666
>
> > user = postfix
>
> >   }
>
> >   unix_listener auth-userdb {
>
> > group = postfix
>
> > mode = 0600
>
> > user = postfix
>
> >   }
>
> >   user = root
>
> > }
>
> > service imap-login {
>
> >   inet_listener imaps {
>
> > port = 993
>
> > ssl = yes
>
> >   }
>
> > }
>
> > service lmtp {
>
> >   process_min_avail = 10
>
> >   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>
> > group = postfix
>
> > mode = 0600
>
> > user = postfix
>
> >   }
>
> > }
>
> > ssl = required
>
> > ssl_cert = 
> > ssl_crypto_device = dynamic
>
>   ^^ does it work when you comment/remove this setting?
>
>
>
> from my 10-ssl.conf
>
> # SSL crypto device to use, for valid values run "openssl engine"
>
> #ssl_crypto_device =
>
>
>
> by default ssl_crypto_device is not set.
>

the line was uncommented, so I commented it. Now .-)


 ● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor
preset: disabled)
   Active: active (running) since Thu 2016-10-13 10:46:27 CEST; 6s ago
 Docs: man:dovecot(1)
   http://wiki2.dovecot.org/
  Process: 9793 ExecStop=/usr/bin/doveadm stop (code=exited,
status=0/SUCCESS)
  Process: 9806 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
  Process: 9804 ExecStartPre=/usr/libexec/dovecot/prestartscript
(code=exited, status=0/SUCCESS)
 Main PID: 9807 (dovecot)
   CGroup: /machine.slice/systemd-nspawn@poppy.service
/system.slice/dovecot.service
   ├─9807 /usr/sbin/dovecot
   ├─9808 dovecot/lmtp
   ├─9809 dovecot/anvil
   ├─9810 dovecot/log
   ├─9811 dovecot/ssl-params
   ├─9812 dovecot/lmtp
   ├─9813 dovecot/lmtp
   ├─9814 dovecot/lmtp

Re: SSL error

2016-10-13 Thread Christian Kivalo 



On 2016-10-13 10:12, arnaud gaboury wrote:
On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalo  
wrote:







Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury <
arnaud.gabo...@gmail.com>:

>I run dovecot + postfix as my email server. Everything is working as

>expected, but I see an error in the dovecot logs:

>

>lmtp(7331): Error: SSL context initialization failed, disabling SSL:

>ENGINE_init(dynamic) failed

>

>Dovecot is running and emails are OK. I wonder why this error and how I

>can

>fix it? I see it is a SSL issue but no idea in which direction to look.

>Thank you for help

Please post the complete log lines and the output of dovecot -n



$ journalctl --unit=dovecot
Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot 
IMAP/POP3

email server.
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error: 
SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) 
failed
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error: 
SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) 
failed
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error: 
SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) 
failed




$ dovecot -n
# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty 
Four)

auth_cache_size = 10 M
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
doveadm_socket_path = /run/dovecot/doveadm-server
imap_id_log = *
info_log_path = /storage/log/dovecot/dovecot-info.log
mail_debug = yes
mail_gid = 5000
mail_location = maildir:~:LAYOUT=fs
mail_server_admin = mailto:ad...@thetradinghall.com
mail_uid = 5000
mailbox_list_index = yes
maildir_very_dirty_syncs = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
auto = create
special_use = \Archive
  }
  mailbox Drafts {
auto = create
special_use = \Drafts
  }
  mailbox Junk {
auto = create
special_use = \Junk
  }
  mailbox Sent {
auto = create
special_use = \Sent
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
  user = root
}
service imap-login {
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  process_min_avail = 10
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl = required
ssl_cert = 
 ^^ does it work when you comment/remove this setting?

from my 10-ssl.conf
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =

by default ssl_crypto_device is not set.


ssl_key = 
--
 Christian Kivalo

Re: SSL error

2016-10-13 Thread arnaud gaboury 
On Thu, Oct 13, 2016 at 8:48 AM Christian Kivalo  wrote:

>
>
>
>
> Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury <
> arnaud.gabo...@gmail.com>:
>
> >I run dovecot + postfix as my email server. Everything is working as
>
> >expected, but I see an error in the dovecot logs:
>
> >
>
> >lmtp(7331): Error: SSL context initialization failed, disabling SSL:
>
> >ENGINE_init(dynamic) failed
>
> >
>
> >Dovecot is running and emails are OK. I wonder why this error and how I
>
> >can
>
> >fix it? I see it is a SSL issue but no idea in which direction to look.
>
> >Thank you for help
>
> Please post the complete log lines and the output of dovecot -n
>
>
$ journalctl --unit=dovecot
Oct 13 08:20:20 thetradinghall.com systemd[1]: Started Dovecot IMAP/POP3
email server.
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7331): Error: SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) failed
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7337): Error: SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) failed
Oct 13 08:20:20 thetradinghall.com dovecot[7333]: lmtp(7338): Error: SSL
context initialization failed, disabling SSL: ENGINE_init(dynamic) failed



$ dovecot -n
# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# OS: Linux 4.7.4-1-hortensia_docker x86_64 Fedora release 24 (Twenty Four)
auth_cache_size = 10 M
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
doveadm_socket_path = /run/dovecot/doveadm-server
imap_id_log = *
info_log_path = /storage/log/dovecot/dovecot-info.log
mail_debug = yes
mail_gid = 5000
mail_location = maildir:~:LAYOUT=fs
mail_server_admin = mailto:ad...@thetradinghall.com
mail_uid = 5000
mailbox_list_index = yes
maildir_very_dirty_syncs = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
auto = create
special_use = \Archive
  }
  mailbox Drafts {
auto = create
special_use = \Drafts
  }
  mailbox Junk {
auto = create
special_use = \Junk
  }
  mailbox Sent {
auto = create
special_use = \Sent
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
  }
  user = root
}
service imap-login {
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  process_min_avail = 10
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl = required
ssl_cert = 
>
>  --
>
> Christian Kivalo
>
>

Strange subscriptions added by dsync backup

2016-10-13 Thread Rik Theys 
Hi,

We're in the process of migrating our dovecot 1.x mail server to a
Dovecot 2.2.25 server. During the migration I'm moving from mbox storage
to mdbox.

I use the following method to do a one-way sync from our current mail
server to our new mail server (command executed on the new server):

doveadm -v -o imapc_host=oldserver \
-o imapc_user=$u \
-o imapc_master_user=$masteruser \
-o imapc_password="$masterpass" \
-o imapc_port=993 -o imapc_ssl=imaps \
-o ssl_client_ca_file=/etc/pki/tls/certs/ca-bundle.crt \
-o imapc_ssl_verify=yes \
-o mail_fsync=never \
-o mail_prefetch_count=20 \
backup -R -u $u imapc:


$u is replaced by the username I'm migrating.

The dsync command runs and exits with code 0 (all OK).

However, when I look at the subscriptions file on the new server, there
seem to be additional subscriptions that are not in the subscriptions
file on the old server:

7b0d681945d0fc57115690ca
7c0d681945d0fc57115690ca
7d0d681945d0fc57115690ca
7e0d681945d0fc57115690ca
7f0d681945d0fc57115690ca
800d681945d0fc57115690ca

Where do these come from? Is something wrong with the migration?

It also seems that subscriptions for IMAP folders that only contain
subfolders[1] are no longer present in the new subscriptions file:

# diff -u sub-old.sorted sub-new.sorted
--- sub-old.sorted2016-10-11 13:42:44.175070610 +0200
+++ sub-new.sorted2016-10-11 13:47:53.973888462 +0200
@@ -1,26 +1,26 @@
-Archive/Administration/
+7b0d681945d0fc57115690ca
+7c0d681945d0fc57115690ca
+7d0d681945d0fc57115690ca
+7e0d681945d0fc57115690ca
+7f0d681945d0fc57115690ca
+800d681945d0fc57115690ca
 Archive/Administration/Conferences
 Archive/Announcements
-Archive/Education/
 Archive/Education/E02N3A
 Archive/Education/I0D51A
 Archive/Politics
-Archive/Research/
-Archive/Research/FET/
 Archive/Research/FET/VPH - Virtual Physiological Human
 Archive/Research/Grants/ICON IBBT Call 2011
 Archive/Research/Grants/Marie Curie ITN 2011
 Archive/Research/Grants/Odysseus
 Archive/Research/Grants/SymBioSysII/Funding
 Archive/Research/Grants/SymBioSysII/JobApplications
-Archive/Research/Manuscripts/
 Archive/Research/Manuscripts/ruby-ensembl-api
 Archive/Research/Projects/GUNZ
 Archive/Research/Projects/MIQAS
 Archive/Research/Projects/MODY
 Archive/Research/Projects/ruby-ensembl-api
 Archives
-Archive/Service/
 Archive/Service/EditorORC
 Archive/Service/Reviewing
 Deleted Messages

Is this expected behaviour?

Regards,

Rik

[1] On the old server a folder can only contain either messages or
subfolders, not both at the same time.

-- 
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
+32(0)16/32.11.07

<>

Re: SSL error

2016-10-13 Thread Christian Kivalo 


Am 13. Oktober 2016 08:41:06 MESZ, schrieb arnaud gaboury 
:
>I run dovecot + postfix as my email server. Everything is working as
>expected, but I see an error in the dovecot logs:
>
>lmtp(7331): Error: SSL context initialization failed, disabling SSL:
>ENGINE_init(dynamic) failed
>
>Dovecot is running and emails are OK. I wonder why this error and how I
>can
>fix it? I see it is a SSL issue but no idea in which direction to look.
>Thank you for help
Please post the complete log lines and the output of dovecot -n

 --
Christian Kivalo

SSL error

2016-10-13 Thread arnaud gaboury 
I run dovecot + postfix as my email server. Everything is working as
expected, but I see an error in the dovecot logs:

lmtp(7331): Error: SSL context initialization failed, disabling SSL:
ENGINE_init(dynamic) failed

Dovecot is running and emails are OK. I wonder why this error and how I can
fix it? I see it is a SSL issue but no idea in which direction to look.
Thank you for help