Re: First steps in Dovecot; IMAP not working

[Joseph Tam]

(Sorry I read this list in digest form so frequently I'm half a step
behind.)


For sake of ?security?, I chose to not allow plaintext communication
(being new to this, I think being strict is a good choice).  I?ve tried
with the openssl option and it successfully logged in.


Yes, you've included some more log entries, which makes the problem clearer,
as it usually does.


Oct 13 05:56:28 imap(webuser): Error: open(/var/mail/webuser) failed:
Permission denied (euid=1001(webuser) egid=1000(ftpusers) missing +w perm:
/var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
...
I checked, using ls -l /var, and I get this:
drwxrwsr-x  2 root mail  4096 Apr 27 11:27 mail
so the group looks to be correctly set to 'mail', despite what the log says,
right?


No, it's quite explicit.  User "webuser" has uid/gid =
1001(webuser)/1000(ftpusers).  Your mail spool has permission  uid/gid
= root(0)/mail(8), neither of which allows webuser to write to this
mail spool to creates its own mail folder.

Aki Tuomi  replies with several solutions:


In your configuration, dovecot uses whatever user/group returned by
PAM.  Since the webuser has never logged in, it has no directory under
/var/mail.  If you want, you can

a) override mail_uid and mail_gid in userdb/passdb
b) pre-create /var/mail/webuser and chown it to webuser:ftpusers
c) you can let ftpusers write to /var/mail.


Or if you dynamically/frequently onboard mail accounts, and users cannot
arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and
let dovecot auto-create it (might also want to set "lda_mailbox_autocreate
= yes".

Joseph Tam 

Re: First steps in Dovecot; IMAP not working

[Marnaud]

Le 14 oct. 2016 à 15:54, Aki Tuomi  a écrit:

> In your configuration, dovecot uses whatever user/group returned by PAM.

Excuse my ignorance, but what is PAM?

> Since the web user has never logged in, it has no directory under /var/mail.

Hmm… So it can’t log in because it has no directory and it has no directory as 
long as he does not log in, correct?

> If you want, you can 
> 
> a) override mail_uid and mail_gid in userdb/passdb
> b) pre-create /var/mail/webuser and chown it to webuser:ftpusers
> c) you can let ftpusers write to /var/mail.

Step b and c are ok for me, I believe.
I should override mail_uid and mail_gid to what?

Re: First steps in Dovecot; IMAP not working

[Marnaud]

Le 14 oct. 2016 à 16:06, mick crane  a écrit:

> On 2016-10-14 13:43, Moi wrote:
>> Hello,
>> First of all, I'm sorry if you received this mail twice; I haven't received
>> it the first time so I think it was lost. Second attempt.
>> I've made some more tests and I still can't receive mails.
>> Outlook doesn't complain about anything, no error message; the mails that
>> are supposed to be received just won't appear.
>> In the mail logs, I find this line (other lines are irrelevant):
>> dovecot: imap-login: Aborted login (no auth attempts in 2 secs): user=<>
>> [...]
>> Is this a problem that looks familiar?
>> It's a bit clueless without an error message.
>> Any idea welcome.
> 
> http://wiki.dovecot.org/TestInstallation

Thank you. I’m at the “Check that it finds INBOX” section and am getting:
* 0 EXISTS
* 0 RECENT

(the remaining text being the same as the example). So it looks like the 
mailbox doesn’t exist…

Re: First steps in Dovecot; IMAP not working

[Marnaud]

Le 14 oct. 2016 à 21:22, Joseph Tam  a écrit:

> Did you post doveconf -n (I didn't catch the head of this thread)? That
> would be step 0.

Yes (actually, twice). If you want to see it again, no problem, just ask.

> I assume you allow plaintext communication, but if not, substitute telnet with
> "openssl sclient -connect your-server:993":
> 
>   C: # telnet your-server 143
>   S: * OK [CAPABILITY ...
>   C: x1 login testuser theirpassword
> 
> If you get an OK response to this, it may be a client issue (check settings on
> client).  If you get an error or failure, look inward: check logs and config.

For sake of “security”, I chose to not allow plaintext communication (being new 
to this, I think being strict is a good choice).
I’ve tried with the openssl option and it successfully logged in.

Thank you.

Re: First steps in Dovecot; IMAP not working

[Joseph Tam]

Moi  wrote:


I've made some more tests and I still can't receive mails; sending them
still works. I don't receive any error message, just the mails that are
supposed to be received won't come.
In the mail logs, I find only this relevant line:
dovecot: imap-login: Aborted login (no auth attempts in 2 secs): user=<>


Did you post doveconf -n (I didn't catch the head of this thread)? That
would be step 0.

A good first step is to test whether you have basic authentication
working (to separate out if you have a server or client issue).  I assume
you allow plaintext communication, but if not, substitute telnet with
"openssl sclient -connect your-server:993":

C: # telnet your-server 143
S: * OK [CAPABILITY ...
C: x1 login testuser theirpassword

If you get an OK response to this, it may be a client issue (check settings on
client).  If you get an error or failure, look inward: check logs and config.

Joseph Tam 

Re: Maildir Expunged GUID mismatch for UID

[Aki Tuomi]

> On September 30, 2016 at 4:39 PM Steven Xu  wrote:
> 
> 
>  
> 
> Dovecot version:2.2.25
> 
> Since we used to keep our email files on widows server, I made the following
> changes   in  maildir-storage.h
> 
> #define MAILDIR_EXTRA_SEP ','
> 
> #define MAILDIR_INFO_SEP_S ":" to "+".
> 
>  
> 
> Everything seems working except EXPUNG,  The dovecot log is flooded by
> messages like following:
> 
> imap(x): Error: Mailbox INBOX: Expunged GUID mismatch for UID 7039
> 
>  
> 
>  
> 
> Then I read the source code, and found the following lines in
> maildir-sync-index.c
> 
>  
> 
> T_BEGIN {
> 
>guid = maildir_uidlist_lookup_ext(ctx->mbox->uidlist, uid,
> 
> MAILDIR_UIDLIST_REC_EXT_GUID);
> 
>if (guid == NULL)
> 
>  guid = t_strcut(filename, ':');
> 
>mail_generate_guid_128_hash(guid, guid_128);
> 
>   } T_END;
> 
>  
> 
> I have to change the code to guid = t_strcut(filename, '+');
> 
>  
> 
>  
> 
> So,  should MAILDIR_EXTRA_SEP be used here instead of  ':'?   
> 
>  
> 
> Thanks,
> 
>  
> 
> Steven
> 
>

Hi!

Can you try out the attached patch?

Akidiff --git a/src/lib-storage/index/maildir/maildir-sync-index.c b/src/lib-storage/index/maildir/maildir-sync-index.c
index 6ad8bac..e821f24 100644
--- a/src/lib-storage/index/maildir/maildir-sync-index.c
+++ b/src/lib-storage/index/maildir/maildir-sync-index.c
@@ -64,7 +64,7 @@ maildir_expunge_is_valid_guid(struct maildir_index_sync_context *ctx,
 		guid = maildir_uidlist_lookup_ext(ctx->mbox->uidlist, uid,
 		  MAILDIR_UIDLIST_REC_EXT_GUID);
 		if (guid == NULL)
-			guid = t_strcut(filename, ':');
+			guid = t_strcut(filename, *MAILDIR_INFO_SEP_S);
 		mail_generate_guid_128_hash(guid, guid_128);
 	} T_END;
 
diff --git a/src/lib-storage/index/maildir/maildir-uidlist.c b/src/lib-storage/index/maildir/maildir-uidlist.c
index 99db5c7..df13222 100644
--- a/src/lib-storage/index/maildir/maildir-uidlist.c
+++ b/src/lib-storage/index/maildir/maildir-uidlist.c
@@ -1301,7 +1301,7 @@ static int maildir_uidlist_write_fd(struct maildir_uidlist *uidlist, int fd,
 			}
 		}
 		str_append(str, " :");
-		strp = strchr(rec->filename, ':');
+		strp = strchr(rec->filename, *MAILDIR_INFO_SEP_S);
 		if (strp == NULL)
 			str_append(str, rec->filename);
 		else

Re: First steps in Dovecot; IMAP not working

[mick crane]

On 2016-10-14 13:43, Moi wrote:

Hello,

First of all, I'm sorry if you received this mail twice; I haven't 
received

it the first time so I think it was lost. Second attempt.

I've made some more tests and I still can't receive mails.
Outlook doesn't complain about anything, no error message; the mails 
that

are supposed to be received just won't appear.
In the mail logs, I find this line (other lines are irrelevant):
dovecot: imap-login: Aborted login (no auth attempts in 2 secs): 
user=<>

[...]

Is this a problem that looks familiar?

It's a bit clueless without an error message.
Any idea welcome.


http://wiki.dovecot.org/TestInstallation

--
key ID: 0x4BFEBB31

RE: First steps in Dovecot; IMAP not working

[Aki Tuomi]

> On October 14, 2016 at 4:16 PM Moi  wrote:
> 

In your configuration, dovecot uses whatever user/group returned by PAM. Since 
the webuser has never logged in, it has no directory under /var/mail. If you 
want, you can 

a) override mail_uid and mail_gid in userdb/passdb
b) pre-create /var/mail/webuser and chown it to webuser:ftpusers
c) you can let ftpusers write to /var/mail.

Aki

RE: First steps in Dovecot; IMAP not working

[Moi]

doveconf -n:
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab116.1 x86_64 Debian 8.6
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
}
service imap-login {
  inet_listener imaps {
port = 993
ssl = yes
  }
}
ssl = required
ssl_cert = mailto:dovecot-boun...@dovecot.org] De la part de Aki Tuomi
Envoyé : 14 October 2016 14:58
À : dovecot@dovecot.org
Objet : Re: First steps in Dovecot; IMAP not working


Please post

doveconf -n

doveadm log errors

Aki Tuomi

Re: First steps in Dovecot; IMAP not working

[Aki Tuomi]

On 14.10.2016 15:43, Moi wrote:

Hello,

First of all, I'm sorry if you received this mail twice; I haven't received
it the first time so I think it was lost. Second attempt.

I've made some more tests and I still can't receive mails.
Outlook doesn't complain about anything, no error message; the mails that
are supposed to be received just won't appear.
In the mail logs, I find this line (other lines are irrelevant):
dovecot: imap-login: Aborted login (no auth attempts in 2 secs): user=<>
[...]

Is this a problem that looks familiar?

It's a bit clueless without an error message.
Any idea welcome.


Please post

doveconf -n

doveadm log errors

Aki Tuomi

RE: First steps in Dovecot; IMAP not working

[Moi]

Hello,

First of all, I'm sorry if you received this mail twice; I haven't received
it the first time so I think it was lost. Second attempt.

I've made some more tests and I still can't receive mails.
Outlook doesn't complain about anything, no error message; the mails that
are supposed to be received just won't appear.
In the mail logs, I find this line (other lines are irrelevant):
dovecot: imap-login: Aborted login (no auth attempts in 2 secs): user=<>
[...]

Is this a problem that looks familiar?

It's a bit clueless without an error message.
Any idea welcome.

Re: Dovecot does not close connections

[Benedikt Carda]

The state of the processes according to ps is "S" which means
"interruptible sleep" as far as I know?

What is also interesting is, that the processes, that seem to have this
problem are not shown with the owner name but with the user ID.

Normal imap process in ps aux:
username10841  0.1  0.1   9148  3472 ?S13:18   0:04
dovecot/imap

Imap Processes that seem to be quite old already:
1405 11099  0.0  0.1   8072  2644 ?S13:23   0:00
dovecot/imap

But I am not sure if this is really linked to the problem.

Benedikt.



Am 14.10.2016 um 14:08 schrieb Steffen Kaiser:
> On Fri, 14 Oct 2016, Benedikt Carda wrote:
>
> > I am running into this error:
> > /Maximum number of connections from user+IP exceeded
> > (mail_max_userip_connections=10)/
>
> > The suggested solution in hundreds of support requests on this mailing
> > list and throughout the internet is to increase the number of maximum
> > userip connections. But this is not curing the problem, it is just
> > postponing it to the moment when the new limit is reached.
>
> > When i type:
> > /doveadm who//
> > /
>
> > I can see that some accounts have several pids running:
> > /someaccount   10 imap  (25396 25391 25386 25381 25374 7822 7817
> > 5559 5543 5531) (xxx.xxx.xxx.xxx)/
>
> > Now when I check these pids with
> > /ps aux/
>
> > I find out that the oldest pid (5531) has a lifetime of already over 12
> > hours. Anyway I know that the clients that initiated the connections are
> > not connected anymore, so there is no way that there is a valid reason
> > why this connection should still be open.
>
> What's the state of the connection ?
>
>
> -- Steffen Kaiser




signature.asc
Description: OpenPGP digital signature

Re: Dovecot does not close connections

[Webert de Souza Lima]

This happens to me too. On my case, connections are ESTABILISHED.

On Fri, Oct 14, 2016 at 9:09 AM Steffen Kaiser <
skdove...@smail.inf.fh-brs.de> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Fri, 14 Oct 2016, Benedikt Carda wrote:
>
> > I am running into this error:
> > /Maximum number of connections from user+IP exceeded
> > (mail_max_userip_connections=10)/
> >
> > The suggested solution in hundreds of support requests on this mailing
> > list and throughout the internet is to increase the number of maximum
> > userip connections. But this is not curing the problem, it is just
> > postponing it to the moment when the new limit is reached.
> >
> > When i type:
> > /doveadm who//
> > /
> >
> > I can see that some accounts have several pids running:
> > /someaccount   10 imap  (25396 25391 25386 25381 25374 7822 7817
> > 5559 5543 5531) (xxx.xxx.xxx.xxx)/
> >
> > Now when I check these pids with
> > /ps aux/
> >
> > I find out that the oldest pid (5531) has a lifetime of already over 12
> > hours. Anyway I know that the clients that initiated the connections are
> > not connected anymore, so there is no way that there is a valid reason
> > why this connection should still be open.
>
> What's the state of the connection ?
>
>
> - --
> Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEVAwUBWADK13z1H7kL/d9rAQKw6gf/SbLMdf988i3u5arben3YseszjkOfMLqr
> bRzuBa3wopFC7h456qORiSUqs14YWK7IvLkC5Ke81pdz3beDPFaYrjxvIjldn0KJ
> YZzsAp7Nc04OzdcC1JZlZ96zjL85AfiokGVvjhCuqVNV0S1R9dy5wJLyouvdnNym
> gLO2twykuEajJugcnqSfMj0QWhMFO+quYAOEUNeRpf4fDvPPNo11Y89aDtwCrZUp
> OMEbDIMa92CnNRARkiqRINJmqt3v9ou3DEETnoyj8qGglO/zU+uAOE9BeoihPF4l
> GIKMJ4agva1p1Un53RBsnpsXxVCljMcvt++M5g/vs+svYqulRpZeXQ==
> =O6DY
> -END PGP SIGNATURE-
>

Re: Dovecot does not close connections

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 14 Oct 2016, Benedikt Carda wrote:


I am running into this error:
/Maximum number of connections from user+IP exceeded
(mail_max_userip_connections=10)/

The suggested solution in hundreds of support requests on this mailing
list and throughout the internet is to increase the number of maximum
userip connections. But this is not curing the problem, it is just
postponing it to the moment when the new limit is reached.

When i type:
/doveadm who//
/

I can see that some accounts have several pids running:
/someaccount   10 imap  (25396 25391 25386 25381 25374 7822 7817
5559 5543 5531) (xxx.xxx.xxx.xxx)/

Now when I check these pids with
/ps aux/

I find out that the oldest pid (5531) has a lifetime of already over 12
hours. Anyway I know that the clients that initiated the connections are
not connected anymore, so there is no way that there is a valid reason
why this connection should still be open.


What's the state of the connection ?


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWADK13z1H7kL/d9rAQKw6gf/SbLMdf988i3u5arben3YseszjkOfMLqr
bRzuBa3wopFC7h456qORiSUqs14YWK7IvLkC5Ke81pdz3beDPFaYrjxvIjldn0KJ
YZzsAp7Nc04OzdcC1JZlZ96zjL85AfiokGVvjhCuqVNV0S1R9dy5wJLyouvdnNym
gLO2twykuEajJugcnqSfMj0QWhMFO+quYAOEUNeRpf4fDvPPNo11Y89aDtwCrZUp
OMEbDIMa92CnNRARkiqRINJmqt3v9ou3DEETnoyj8qGglO/zU+uAOE9BeoihPF4l
GIKMJ4agva1p1Un53RBsnpsXxVCljMcvt++M5g/vs+svYqulRpZeXQ==
=O6DY
-END PGP SIGNATURE-

Dovecot does not close connections

[Benedikt Carda]

Hello,

I am running into this error:
/Maximum number of connections from user+IP exceeded
(mail_max_userip_connections=10)/

The suggested solution in hundreds of support requests on this mailing
list and throughout the internet is to increase the number of maximum
userip connections. But this is not curing the problem, it is just
postponing it to the moment when the new limit is reached.

When i type:
/doveadm who//
/

I can see that some accounts have several pids running:
/someaccount   10 imap  (25396 25391 25386 25381 25374 7822 7817
5559 5543 5531) (xxx.xxx.xxx.xxx)/

Now when I check these pids with
/ps aux/

I find out that the oldest pid (5531) has a lifetime of already over 12
hours. Anyway I know that the clients that initiated the connections are
not connected anymore, so there is no way that there is a valid reason
why this connection should still be open.
Also I never had this problem before, it appeared some months ago.

Does anybody know how to solve this?

Thanks in advance,
Benedikt.




signature.asc
Description: OpenPGP digital signature

update dovecot-acl in all subfolders in a public folder

[Lukas Henrich]

Hello everyone,

right now I have problem and can't find a proper solution.

But first: dovecot-version: 2.2.13

Now to my problem:
A client of mine uses a public folder called "groups". In this Folder 
are several subfolders like "Archive", "projects", "sales" und so on.
Unfortunately this client (and his employees) created thousands of 
subfolders within these folders. The folder "groups" is stored in 
/data/vmail/domain.com/.


So, if i type "tree -a -L 1 /data/vmail/domain.com/groups" I get the 
following outpout:


/data/vmail/domain.com/groups/
??? .Archive
??? .Archive.subfolder1
??? .Archive.subfolder2
??? .Archive.subfolder2.subfolder3
??? .Archive.subfolder2.subfolder4
()
??? .projects
??? .projects.subfolder1
??? .projects.subfolder2
??? .projects.subfolder2.subfolder3
??? .projects.subfolder2.subfolder4
(...)


In this groups-folder are at the moment more than 3400 folders!

Now to the permissions:
When the folders "Archive", "projects" and so on had been created every 
folder got a dovecot-acl for the permission for each user, e.g.:

user=user1 kxeilprwts
user=user2 kxeilprwts

This worked finde, as the dovecot-acl got copied from the parent folder 
when the employees created new subfolders.


Now to my problem I'm facing right now:
This client got 2 new employees. So how can I edit all these dovecot-acl 
files in all subfolders where these 2 new employess schould get access to?


Thank you in advance!
Yours sincerely,
Lukas Henrich


Furthermore here is the output of dovecot -n:

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 4.4.6-1-pve x86_64 Debian 8.4
auth_username_format = %Ln
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
mail_home = /data/vmail/domain.com/%Ln
mail_location = maildir:~
mail_plugins = " acl"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  hidden = no
  ignore_on_failure = no
  inbox = no
  list = children
  location = 
maildir:/data/vmail/domain.com/%%n:INDEXPVT=/data/vmail/domain.com/%n/shared/%%n

  prefix = shared/%%n/
  separator = /
  subscriptions = yes
  type = shared
}
namespace {
  hidden = no
  ignore_on_failure = no
  inbox = no
  list = yes
  location = 
maildir:/data/vmail/domain.com/groups:INDEXPVT=/data/vmail/domain.com/%n/groups

  prefix = groups/
  separator = /
  subscriptions = yes
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archiv {
special_use = \Archive
  }
  mailbox Archive {
auto = subscribe
special_use = \Archive
  }
  mailbox Archives {
special_use = \Archive
  }
  mailbox "Deleted Messages" {
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Entwürfe {
special_use = \Drafts
  }
  mailbox "Gelöschte Elemente" {
special_use = \Trash
  }
  mailbox "Gelöschte Objekte" {
special_use = \Trash
  }
  mailbox Gesendet {
special_use = \Sent
  }
  mailbox "Gesendete Elemente" {
special_use = \Sent
  }
  mailbox "Gesendete Objekte" {
special_use = \Sent
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox Papierkorb {
special_use = \Trash
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Spam {
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix = INBOX/
  separator = /
  subscriptions = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = scheme=CRYPT username_format=%Ln /etc/dovecot/users
  driver = passwd-file
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
  sieve = ~/dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = ad...@domain.com
protocols = " imap lmtp sieve sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
  unix_listener auth-userdb {
group = vmail
user = vmail
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
}
service lmtp {
  inet_listener lmtp {
address = 127.0.0.1
port = 24
  }
  unix_listener /var/spool/postfix/private/lmtp-dovecot {
group = postfix
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
ssl_cert = 

RE: First steps in Dovecot; IMAP not working

[Moi]

Hello,

I've made some more tests and I still can't receive mails; sending them
still works. I don't receive any error message, just the mails that are
supposed to be received won't come.
In the mail logs, I find only this relevant line:
dovecot: imap-login: Aborted login (no auth attempts in 2 secs): user=<>

This line (which I shortened to remove IP addresses) seems to indicate
there's no user referenced, although I've set the field in Outlook. Is this
a problem that looks familiar?

I'm sort of clueless without having an error message.