Re: Embeding a path in address extensions

[@lbutlr]

On 08 Sep 2017, at 12:19, @lbutlr  wrote:
> Or, maybe I make the admins use an MUA? If so, I should replace most of these 
> .'s with dashes… 

This seems like the obvious decision, so never mind.


-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Dovecot and Letsencrypt certs

[@lbutlr]

On 08 Sep 2017, at 12:21, Ralph Seichter  wrote:
> On 08.09.2017 19:51, @lbutlr wrote:
>> How I would do it is IF the certificate is expired, the dovecot should
>> check if there is a new cert and if so, load it.

> New cert as in file modification date or checksum changed?

Either one, but checksum is going to be more reliable.

> Might work. Still, from what I seem to remember, Dovecot loads certificate 
> data before dropping privileges, which is why reloading the data might be 
> problematic without some changes.

Can't dovecot reload itself? That could be a problem if not.

> Not worth spending development effort on, IMO, given that Dovecot can easily 
> be restarted by the external processes that update the cert (like Certbot 
> hook, Ansible, etc.).

All I'm saying is that it's a failure event that doesn't need to occur.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Dovecot and Letsencrypt certs

[Ralph Seichter]

On 08.09.2017 19:51, @lbutlr wrote:

> How I would do it is IF the certificate is expired, the dovecot should
> check if there is a new cert and if so, load it.

New cert as in file modification date or checksum changed? Might work.
Still, from what I seem to remember, Dovecot loads certificate data
before dropping privileges, which is why reloading the data might be
problematic without some changes. Not worth spending development effort
on, IMO, given that Dovecot can easily be restarted by the external
processes that update the cert (like Certbot hook, Ansible, etc.).

-Ralph

Embeding a path in address extensions

[@lbutlr]

I generate bcc backups with the pattern

backups+date.user.domain@mybackupdomain.tld

(for example, backups+20170908.kremels.kreme@mybackupdomain.tld)

This puts mail in …/.20170908.kremels.kreme.com/new

What I would like to do is get the expansion to generate the following path

…/.20170908/.kremels.kreme.com/new

Of course the date changes everyday, but it will always be numeric if that 
helps.

dovecot get the mail from postfix:

dovecotunix  -   n   n   -   -   pipe flags=DRhu
user=vpopmail:vchkpw argv=/usr/local/libexec/dovecot/dovecot-lda -f
${sender} -d ${user}@${nexthop} -m ${extension} -a ${original_recipient}

Would it make more sense (or is it even possible) to split the extension in 
postfix or to do something with sieve? Or is there a character I can use in the 
extension that tells dovecot to create a path?

Even though I am using a maildir structure for the backups, this "account" 
never accesses the mail via a MUA, only via the command line when an admin has 
to restore an email, so it would be much easier to deal with this with daily 
subfolders.

Or, maybe I make the admins use an MUA? If so, I should replace most of these 
.'s with dashes… 


-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Dovecot and Letsencrypt certs

[@lbutlr]

On 08 Sep 2017, at 09:28, Вадим Бажов  wrote:
> "I think it’s probably easier to just kick dovecot once a month." -
> that's not good from system administration's point of view. You can
> get into trouble when certificate is renewed but dovecot isn't
> reloaded yet.

That's simply not possible. The cert renews well before it expires.

> "it seems like checking the certs is something that dovecot should be
> doing on its own" if dovecot loads it in memory, it shouldn't reread
> certificates.

Of course it should because certs are DESIGNED to expire and MUST expire, and 
dovecot certainly has the ability to see when the cert expires.

> Why to take servers resources just 'because of something
> may be changed'

Something WILL be changed, absolutely certain of that. All certs expire.

> restarting dovecot with no need ?

restarting/reloading dovecot is trivial and takes far less time than writing a 
script to check the certs and then creating a crontab for that which also gives 
a tertiary point of failure.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: can't get quota working. I use static userdb driver.

[Вадим Бажов]

Got it ! The issue is in the 'type = public' parameter. I removed it
from my namespace definition and quota got counted as expected !
Problem solved.

2017-09-01 21:34 GMT+05:00 Вадим Бажов :
> Hi, people !
> Set up global quota according to docs to 2 Mb.
> Send more than ten Mb on the box.
> Mail still getting put in the box, no bounces, no error messages in
> logs, nothing to prevent mail to be delivered in overflooded mailbox.
>
> quota settings are:
>
> mail_plugins = quota
> lmtp_rcpt_check_quota = yes
> quota_full_tempfail = yes
>
> protocol lmtp {
>   postmaster_address = postmaster # required
>   mail_plugins = $mail_plugins sieve
> }
>
> protocol lda {
>   mail_plugins = $mail_plugins sieve
> }
>
> protocol imap {
>   mail_plugins = $mail_plugins imap_quota
> }
>
> plugin {
>   quota = maildir:"User quota"
>   quota_rule = *:storage=10M
>   quota_rule3 = INBOX.Trash:storage=+10%%
>   quota_exceeded_message = "552 5.2.2 Mailbox is full"
> }
>
>
> doveconf -n is attached.
>
> # doveadm quota get
> Quota name   TypeValue Limit
>
>  %
> "User quota" STORAGE 0 10240
>
>  0
> "User quota" MESSAGE 0 -
>
> # doveadm quota get -u vadim
> Quota name   TypeValue Limit
>
>  %
> "User quota" STORAGE 0 10240
>
>  0
> "User quota" MESSAGE 0 -
>
> # du -sh /var/mail/vadim/
> 23M /var/mail/vadim/
>
> I tried to pass quota_rule as an argument to userdb, quota is being
> parsed, but still doesn't work.
>
> I think problem is that dovecot can't (re)calculate the actual quota
> on disc (cant calculate how disk space mailbox is used), despite the
> fact that quota limit itself is configured correctly, since dovecot
> shows it in log and doveconf -n.
>
> What I am dong wrong ?

Re: can't get quota working. I use static userdb driver.

[Вадим Бажов]

I found what causes quota not being working at all - namespace.
Whenever I declare a basic namespace :

namespace {
  type = public
  prefix = INBOX.
  separator = .
  inbox = yes
}

or even

namespace {
  type = public
  inbox = yes
}

Quota gets broken:

# doveadm quota recalc -u administrator; doveadm quota get -u administrator
Quota name TypeValue  Limit

 %
User quota STORAGE 0 10

 0
User quota MESSAGE 0  -

 0

When I get rid of any namespace declaration, quota gets work:

# doveadm quota recalc -u administrator; doveadm quota get -u administrator
Quota name TypeValue  Limit

 %
User quota STORAGE 19922 10

19
User quota MESSAGE 2  -

 0

Quota settings are simple:

plugin {
  quota = maildir
  quota_rule = *:bytes=10k
}

'count' quota engine works too as well.

But I need to declare and set up my own namespace (Spam and Sent
folders, subscriptions and autoexpunge stuff).
Any suggestions how to set quota within a specific namespace ?

2017-09-06 21:24 GMT+05:00 Вадим Бажов :
> Quotas not being counted with 'passwd-file' driver too. Thunderbird
> still doesn't show quota bar.
> It is mentioned to run passdb with '-d' parameter if quotas aren't
> working. Can you explain how to set it up. How to run passdb with '-d'
> parameter ? Any configuration file snippet ?
>
> 2017-09-06 21:20 GMT+05:00 Вадим Бажов :
>> Just tried 'count', 'fs' and 'dirsize' quota ackends. All the same.
>>
>> # doveadm quota recalc
>> # doveadm quota get -u vadim
>> Quota name TypeValue Limit
>>
>> %
>> User quota STORAGE 0 10240
>>
>> 0
>> User quota MESSAGE 0 -
>>
>> 0
>> # doveadm quota get
>> Quota name TypeValue Limit
>>
>> %
>> User quota STORAGE 0 10240
>>
>> 0
>> User quota MESSAGE 0 -
>>
>> It looks like quota_rule is interpreted but quota backend doesn't work
>> (cant count current quota state).
>>
>> I deleted all the mailboxes, then I divided CONTROL an INDEX dirs
>> apart from mailbox dir itself:
>> maildir:/var/spool/mail/%u:INDEX=/tmp/no-quotas/index/%u:CONTROL=/tmp/no-quotas/control/%u
>> Boxes were created with dovecot files for them under /tmp/no-quotas as
>> well, but no changes. quota value is always zero.
>> May be I should try MDBOX with all these quota backends, but, anyway,
>> I cant migrate to MDBOX yet, so it's not my choice.
>>
>> Any suggestions ? Does anyone has a working maldir quota installation
>> all around ?
>> Dovecot version is 2.2.27 (c0f36b0).
>>
>> Some other questions:
>> 1. Documentation says that quotas can work improperly if static userdb
>> driver is used.  I use static driver. Is it really a problem ? I tried
>> to return user quotas from my bash-script, it passes from bash to
>> dovecot during lmtp and auth processes succesfully. But no difference
>> with calculating quotas. Can I use something different from static
>> driver for userdb if I use external bash script for auth and lmtp ? (I
>> will try to change the driver...)
>> 2. It said that maildir quota backend count quotas using 'maildirsize'
>> files. I dont have such files inside box dirs. What should I tune in
>> order to create them by dovecot ?
>> 3. Found this in docs: "Dovecot can't currently handle not being able
>> to write the control files, so it will cause problems with filesystem
>> quota. To avoid problems with this, you should place control files
>> into a partition where quota isn't checked. You can specify this by
>> adding :CONTROL= to mail_location, for example:" - i tried to
>> put CONTROL and INDEX files in separate dir, but in the same dis
>> partition. Should I really change the disk partition ? What
>> 'filesystem quota' means here ? I dont use any disk quotas in my
>> system (centos 6.9).
>>
>> 2017-09-06 15:55 GMT+05:00 Alex JOST :
>>> Am 06.09.2017 um 12:17 schrieb Вадим Бажов:

 Thank you for your answers.
 I fixed config to:

 plugin {
sieve_default = /mnt/rw_disc/dovecot/sieve/default.sieve
sieve_global = /mnt/rw_disc/dovecot/sieve/

quota = maildir:User
quota_rule = *:storage=10M
 #  quota_rule2 = INBOX.Trash:storage=+10%%
quota_max_mail_size = 3M
quota_exceeded_message = "552 5.2.2 Mailbox is full"
 }
>>>
>>>
>>> Have you tried using a different backend (e.g. dict & flat file)?
>>>
>>>
 The mail_location is actually maildir:/var/spool/mail/%u, mdbox was a
 misspelling (i tried migration from maildir to mdbox before).
>>>
>>>
>>> I'm wondering if this might be caused by using the same directory for home
>>> and mail?
>>>
>>> --
>>> Alex JOST

Re: EOF from net_disconnect(fd)

[Steffan Cline]

Aki,

Thanks for your direction!

It seems that the issue I’m running into is this:
https://www.dovecot.org/list/dovecot-cvs/2014-January/024154.html

I’m told it’s fixed in 2.2.11 but CentOS 7’s repos have 2.2.10-7.el7.

I found a work-around in the plugin at 
https://github.com/st3fan/dovecot-xaps-plugin/pull/15 without having to 
manually build the latest dovecot for the fix but think I’ll have to look into 
moving to ostream/istream. 

Do you know if ostream/istream are affected by that bug listed above? 

My goal is to make an RPM of the plugin and daemon that can be distributed 
eventually without having to alter the default version of doevcot in the repos.

 
Thank you,

Steffan Cline

602-793-0014

 

On 9/7/17, 11:43 PM, "dovecot on behalf of Aki Tuomi" 
 wrote:

Hi!

Nice to hear you are developing this, I'll add it to our wiki if it's
not there.

Please don't use net_transmit, it's going away. You should use ostream
and istream instead.

Aki


On 08.09.2017 09:29, Steffan Cline wrote:
> I’m working on an OS project from github. There are two parts:
>
> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
>
> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>
>  
>
> # dovecot --version
>
> 2.2.10
>
>  
>
> Both parts worked fine on CentOS 6 but I recently rebuilt them both for 
CentOS 7 and have run into some errors.
>
>  
>
> The plugin sends a notification over a socket to the daemon. The daemon 
then processes the request and returns a message to the plugin.
>
>  
>
> The plugin reads the response then closes the socket and at that point, 
I’m running into an issue. 
>
>  
>
> The daemon reports the following: read unix /tmp/xapsd.sock->@: read: 
connection reset by peer
>
>  
>
> In reading the Go language docs, it says that it will throw the first 
error it hits before the EOF from the socket. This led me to think that perhaps 
the plugin was not sending an EOF when closing the socket.
>
>  
>
> I tried to write an EOF to the socket before the close but no change. 
Everything works between the plugin and daemon right up until the socket close.
>
>  
>
> Is there a way to monitor the stream through the socket so I can see if 
the plugin is indeed sending the EOF? Knowing that lets me know if I need to 
chase down the issue in the Go daemon code.
>
>  
>
> I’m no pro with C but I tried. The snippet from the plugin follows:
>
>  
>
> alarm(1);  
>
> {
>
> if (net_transmit(fd, str_data(req), str_len(req)) < 0) {
>
>   i_error("write(%s) failed: %m", socket_path);
>
>   ret = -1;
>
> } else {
>
>   char res[1024];
>
>   ret = net_receive(fd, res, sizeof(res)-1);
>
>   if (ret < 0) {
>
> i_error("read(%s) failed: %m", socket_path);
>
>   } else {
>
> res[ret] = '\0';
>
> if (strncmp(res, "OK ", 3) == 0) {
>
>   ret = 0;
>
> }
>
>   }
>
> }
>
> }
>
> alarm(0);
>
>  
>
> char stx[1];
>
> stx[0]=(char) 4;
>
> //stx[1]='\0';
>
> if ( net_transmit(fd, stx, sizeof(stx) ) < 0 ) {
>
>   i_error("Error writing EOF");
>
> }
>
>  
>
> //string_t *testEOF= t_str_new(2);
>
> //str_append(testEOF, (char*) 4);
>
> //if ( net_transmit(fd, str_data(testEOF), str_len(testEOF) ) < 0 ) {
>
> //  i_error("Error writing EOF");
>
> //}
>
>  
>
> //i_close_fd();
>
> net_disconnect(fd);
>
> fd=-1;
>
>  
>
>  
>
>  
>
> Thank you,
>
> Steffan Cline
>
> 602-793-0014
>
>  

Re: Dovecot and Letsencrypt certs

[Ralph Seichter]

On 08.09.2017 16:20, LuKreme wrote:

> That is a great solution, but I think it’s probably easier to just
> kick dovecot once a month.

Certbot hooks are very easy to write, and are only executed when the
certificate is updated. In that light, I can see no advantage in "kick
dovecot once a month". ;-)

> However, it seems like checking the certs is something that dovecot
> should be doing on its own.

What is Dovecot supposed to do? Keep track of the certificate expiry
date? And if that is passed, then what? Automatically shutdown/restart?
What if the certificate has not been updated in between? I think that
handling certificates is better left to the administrator.

-Ralph

Re: disable imap for ldap user

[Ralph Seichter]

On 08.09.2017 17:11, Markus Rosjat wrote:

> I have a LDAP dir with an attribute set to 0 or 1 and in my old setup
> (a courier server) I used this attribute to map it to an authoption
> called disableimap. This prevent users to access the mailbox with imap
> protocol.
>
> So the question is what should I set in dovecot to get the same
> behaviour?

You can configure 'pass_filter' to discount entries with your disable-
flag. Affected users won't be able to authenticate with Dovecot, which
I assume is what you are trying to achieve.

-Ralph

Re: Dovecot and Letsencrypt certs

[Вадим Бажов]

"I think it’s probably easier to just kick dovecot once a month." -
that's not good from system administration's point of view. You can
get into trouble when certificate is renewed but dovecot isn't
reloaded yet. And, doing something via cron just by-guess, once a
month - is a no no logic.
"it seems like checking the certs is something that dovecot should be
doing on its own" if dovecot loads it in memory, it shouldn't reread
certificates. Why to take servers resources just 'because of something
may be changed' restarting dovecot with no need ?
And, never do restart if reload suits your needs. But check it first,
if reload action rereads certificate from file system.

2017-09-08 19:20 GMT+05:00 LuKreme :
> On Sep 8, 2017, at 07:56, Darac Marjal  wrote:
>>  #!/bin/bash
>>
>>set -e
>>set -u
>>set -o pipefail
>>
>>if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then
>>echo " + Hook: Restarting Dovecot..."
>>/usr/sbin/service dovecot restart
>>fi
>>
>> That means that dovecot will be restarted only if the certificate for the 
>> mail server is being deployed. If dehydrated runs, but fails to renew the 
>> certificate, then dovecot won't be restarted. Similarly, if it renews a 
>> different certificate, dovecot won't be restarted.
>
> That is a great solution, but I think it’s probably easier to just kick 
> dovecot once a month.
>
> 4 4 4 * * service dovecot restart
>
> However, it seems like checking the certs is something that dovecot should be 
> doing on its own.
>
> --
> This is my signature. There are many like it, but this one is mine.

disable imap for ldap user

[Markus Rosjat]

hi there,

I have a LDAP dir with an attribute set to 0 or 1  and in my old setup 
(a courier server) I used this attribute to map it to an authoption 
called disableimap. This prevent users to access the mailbox with imap 
protocol.


So the question is what should I set in dovecot to get the same 
behaviour? I looked at the docs but the part with the pass_ilter and 
service doesn't really fit.


Some advice would be appreciated

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: Automatic DB password hash scheme selection

[Kurt Fitzner]

Hi all,

Is there a way to get dovecot to recognize arbitrary password hash
schemes when looking up a password in a database? I originally set up
with #default_pass_scheme = MD5, and I would like to migrate to 
SHA512.


Is this possible currently?
Thanks,

Kurt


Hi!

Prefix with {SCHEME}.


Hi Aki,

Thanks for the tip.  This works, but when implementing it I discovered 
that just setting the password type generically to 'CRYPT' will let 
Dovecott use the built-in OS crypt decoding of the scheme number already 
encoded in the password.  It now automatically detects MD5, SHA256, and 
SHA512.  If my Linux distribution supported blowfish it would support 
that too.

Re: Hide public mailboxes from some users

[Arie Peterson]

> Is a user without the "lookup" ACL right to a given mailbox supposed to be
> able to see the mailbox listed in their email client?

Anything I can try to debug this further? Any hints or suggestions are 
appreciated :-).

Re: Dovecot and Letsencrypt certs

[LuKreme]

On Sep 8, 2017, at 07:56, Darac Marjal  wrote:
>  #!/bin/bash
> 
>set -e
>set -u
>set -o pipefail
>
>if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then
>echo " + Hook: Restarting Dovecot..."
>/usr/sbin/service dovecot restart
>fi
> 
> That means that dovecot will be restarted only if the certificate for the 
> mail server is being deployed. If dehydrated runs, but fails to renew the 
> certificate, then dovecot won't be restarted. Similarly, if it renews a 
> different certificate, dovecot won't be restarted.

That is a great solution, but I think it’s probably easier to just kick dovecot 
once a month.

4 4 4 * * service dovecot restart

However, it seems like checking the certs is something that dovecot should be 
doing on its own.

-- 
This is my signature. There are many like it, but this one is mine.

Re: Dovecot and Letsencrypt certs

[Darac Marjal]

On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutlr wrote:

So this morning at 4am I was awoken to my mail clients getting certificate 
errors for an expired certificate.

I hopped on to the server and checked and… no, the LE certs renewed last month 
and are valid until November.

After some moments of confusion I noticed that dovecot had been running since 
before the renewal, so I did a quick service dovecot restart which fixed 
everything.

Should dovecot check for certs being refreshed? Or is this an artifact of my 
using symbolic links everywhere to point to the newest LE certs (which are 
themselves links the dehydrate script creates to point to the newest 
cert-1502534746.csr etc files?


As you're using dehydrated, I can share what I do. My hook script 
basically calls "run-parts /etc/dehydrated/hooks.d/" so I can just drop 
hook scripts into that directory. Then in the hooks.d directory, I have 
the following:


#!/bin/bash

set -e
set -u
set -o pipefail

if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then
echo " + Hook: Restarting Dovecot..."
/usr/sbin/service dovecot restart
fi

That means that dovecot will be restarted only if the certificate for the 
mail server is being deployed. If dehydrated runs, but fails to renew 
the certificate, then dovecot won't be restarted. Similarly, if it 
renews a different certificate, dovecot won't be restarted.


Hope that helps.




Should I just create a monthly cron to restart dovecot or is there something 
else?

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.


--
For more information, please reread.


signature.asc
Description: PGP signature

Re: Dovecot and Letsencrypt certs

[Eduardo M KALINOWSKI]

On 08-09-2017 09:47, @lbutlr wrote:
> Should dovecot check for certs being refreshed? Or is this an artifact of my 
> using symbolic links everywhere to point to the newest LE certs (which are 
> themselves links the dehydrate script creates to point to the newest 
> cert-1502534746.csr etc files?
>
> Should I just create a monthly cron to restart dovecot or is there something 
> else?
Dovecot needs a restart after the certificate is changed. certbot allows
you to define hooks to be run after a certificate is renewed, so you
could use that feature to restart dovecot after the renewal. Other
clients might have similar features.

-- 
While you recently had your problems on the run, they've regrouped and
are making another attack.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: Dovecot and Letsencrypt certs

[Вадим Бажов]

Dovecot seems to load certificates into memory and don't refresh them
until restart, or may be reload. And this is a correct logic. You
better add restart/reload task to the LE cron job after the successful
renewal of LE certificate.
Check that it really works as it should.
Dovecot shouldn't be restarted/reloaded if certificate wasn't changed.

2017-09-08 17:47 GMT+05:00 @lbutlr :
> So this morning at 4am I was awoken to my mail clients getting certificate 
> errors for an expired certificate.
>
> I hopped on to the server and checked and… no, the LE certs renewed last 
> month and are valid until November.
>
> After some moments of confusion I noticed that dovecot had been running since 
> before the renewal, so I did a quick service dovecot restart which fixed 
> everything.
>
> Should dovecot check for certs being refreshed? Or is this an artifact of my 
> using symbolic links everywhere to point to the newest LE certs (which are 
> themselves links the dehydrate script creates to point to the newest 
> cert-1502534746.csr etc files?
>
> Should I just create a monthly cron to restart dovecot or is there something 
> else?
>
> --
> Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Dovecot and Letsencrypt certs

[@lbutlr]

So this morning at 4am I was awoken to my mail clients getting certificate 
errors for an expired certificate.

I hopped on to the server and checked and… no, the LE certs renewed last month 
and are valid until November.

After some moments of confusion I noticed that dovecot had been running since 
before the renewal, so I did a quick service dovecot restart which fixed 
everything.

Should dovecot check for certs being refreshed? Or is this an artifact of my 
using symbolic links everywhere to point to the newest LE certs (which are 
themselves links the dehydrate script creates to point to the newest 
cert-1502534746.csr etc files?

Should I just create a monthly cron to restart dovecot or is there something 
else?

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: password reset

[@lbutlr]

On Sep 8, 2017, at 3:20 AM, Steffen Kaiser  
wrote:
> 
>> sudo passed 
> 
> After you did so, where does the passwort *not* work? In Dovecot?

I never got as far as checking in dovecot. It did not work from the command 
line.

>> if I try to change the password in the user's account (after su ) t 
>> requires the old password.
> even after sudo passwd?

Right.

>> When I try to change the password with sudo, the timestamp on /etc/passwd 
>> gets updated but there is nothing logged to anything in /var/log/
> 
> Hmm, does the entry in /etc/passwd change, too?

There is no obvious change in the passwd file. I haven't tried to look in 
spwf.db, but its time stamp also changes.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Problems to configure IMAP Quota

[Jacques Belin]

Hello,

We manage a mail server using Dovecot under Debian.
Since a long time, we run nightly a script permitting to display the
storage usage of each user on the webmail, using internal calls. The
usage on each mailbox is stored in a Mysql database.

For several reasons, we would now want to use the IMAP quota feature,
not only to let users have the quota displayed from their Mail clients.

But testing that features, I encounter two problems : 

1) It seems that when we use the sql dict, a map contaning the patern
"priv/quota/limit/messages" is mandatory. Not specifying it  in
dovecot-dict-sql.conf.ext issues an error.  As we are interested only by
the storage size and don't want to process the number of messages, how
to get rid of it ?

2) We store the storage value in kilobytes.
But the plugin seems to only accept storage in bytes, Is there any way
to let know to dovecot that the value stored in the database is in
kilobytes ? (of course, I tried to put "size/1024" in the value_field
field of the map. It works, but generate a lot of error lines in the
dovecot log as it create a syntaxly incorrect MySQL uodate request...)


Jacques.
-- 
The last man connected to the Interet was browsing some old WebSites.
"You have new mail" appeared on the screen...
--- adapted from a short Fredric Brown's story

Re: doveadm expunge returns error code 68

[Florian Lohoff]

Hi Aki,

On Wed, Sep 06, 2017 at 11:26:30AM +0300, Aki Tuomi wrote:
> On 05.09.2017 14:39, Florian Lohoff wrote:
> > Hi,
> > i am running basically this from cron:
> >
> > /usr/bin/doveadm -v expunge -u * mailbox INBOX.Spam SENTBEFORE 90d
> > /usr/bin/doveadm -v expunge -u * mailbox INBOX.Trash SENTBEFORE 90d
> > /usr/bin/doveadm -v expunge -u * mailbox INBOX.Junk SENTBEFORE 90d
> >
> > Now i am experiencing that the first line e.g. expunging INBOX.Spam
> > returns the error code 68. No syslog/Output whatsoever. I tried
> > running with -vvv -D which gives me a lot of output (for all mailboxes)
> > but still i am unable to pinpoint the problem. The later 2 commands
> > return "0" as expected.
> >
> > Where does the error return code come from and what does 68 mean?

> You probably should use -A instead of -u *.

My problem is not that it does not process all users. The problem is
that i dont get ANY error message except the exit code. No logging
at all. I tried to find any define in the source-code with 68 and failed
to find one. So i am completely clueless where the problem is.

And -A returns the very same exit code - on Jessie and Stretch.

Flo
-- 
Florian Lohoff f...@zz.de
 UTF-8 Test: The  ran after a , but the  ran away


signature.asc
Description: Digital signature

Re: Is it possible to disable pipelining in imapc?

[Nagy, Attila]

On 09/08/2017 01:53 PM, Aki Tuomi wrote:


On 08.09.2017 14:50, Nagy, Attila wrote:

Hi,

I've a broken IMAP server, which doesn't support pipelining and fails
on dovecot's attempt to do this ([C] is dovecot's imapc, [S] is the
IMAP server):

[C] 24 LOGIN "user" "pass"
[S] 23 OK
[C] 25 SELECT "INBOX"
[C] 23 UID FETCH 2 (INTERNALDATE)
[S] 25 OK
[S] 23 BAD No mailbox selected

Sadly, fixing the server would be a hard task, turning off pipelining
in dovecot's imapc (which already supports many workarounds for
different servers) could be easy...

... except I can see no place to do this in imapc (only in pop3c and
imap proxy, which I guess doesn't apply here).

If I'm right, may I ask for a knob for such dumb servers?

Thanks,

For proxy, use proxy_nopipelining

Are you sure it works with imapc? I've tried it, and dovecot still does 
the above.

Re: pop3-login core dump when using TLSSTART on version dovecot-2.2.32 (OPEN)

[Aki Tuomi]

I assume you mean STARTTLS. Can you provide gdb /path/to/bin
/path/to/core and provide output of bt full?

Aki


On 08.09.2017 15:01, arvid.ei...@telenor.com wrote:
> Hi,
>
> Pop3-login are CORE-dumping when I log on with TLSSTART, I believe the same 
> will happen with imap-logon to, but I have not tested it yet.
> The TLS session is coming up and it works fine until I log off, then it's 
> core dump.  Open sslvesrion is   openssl-1.0.2k.
> We ran dovecot-2.2.27 before we upgraded to dovecote-2.2.32, and that seems 
> to work fine. (not core dumping)
>
>
> Arvid
>
>
> LOG
> Sep 05 14:27:34 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
> for ECDH and ECDHE key exchanges
> Sep 05 14:30:30 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
> for ECDH and ECDHE key exchanges
> Sep 05 14:30:30 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
> for ECDH and ECDHE key exchanges
> Sep 05 14:30:42 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
> for ECDH and ECDHE key exchanges
> Sep 05 14:30:42 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
> for ECDH and ECDHE key exchanges
> Sep 05 14:30:50 pop3-login: Info: Login: user=, method=PLAIN, 
> rip=127.0.0.1, lip=127.0.0.1, mpid=18361, secured, session=<65m8ZXBYtpN/AAAB>
> Sep 05 14:30:50 pop3-login: Error: ENGINE_finish, bad functional reference 
> count
> Sep 05 14:30:50 pop3-login: Fatal: master: service(pop3-login): child 18359 
> killed with signal 6 (core dumped)
>
>
>
>
>
>
> From  ./crypto/engine/eng_init.c
>
> .
> int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
> {
> int to_return = 1;
>
> /*
>  * Reduce the functional reference count here so if it's the terminating
>  * case, we can release the lock safely and call the finish() handler
>  * without risk of a race. We get a race if we leave the count until
>  * after and something else is calling "finish" at the same time -
>  * there's a chance that both threads will together take the count from 2
>  * to 0 without either calling finish().
>  */
> e->funct_ref--;
> engine_ref_debug(e, 1, -1);
> if ((e->funct_ref == 0) && e->finish) {
> if (unlock_for_handlers)
> CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
> to_return = e->finish(e);
> if (unlock_for_handlers)
> CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
> if (!to_return)
> return 0;
> }
> #ifdef REF_CHECK
> if (e->funct_ref < 0) {
> fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
> abort();
>
> .
>
> /* The API (locked) version of "finish" */
> int ENGINE_finish(ENGINE *e)
> {
> int to_return = 1;
>
> if (e == NULL) {
> ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
> return 0;
> }
> CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
> to_return = engine_unlocked_finish(e, 1);
> CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
> if (!to_return) {
> ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
> return 0;
> }
> return to_return;
> }

pop3-login core dump when using TLSSTART on version dovecot-2.2.32 (OPEN)

[Arvid.Eikas]

Hi,

Pop3-login are CORE-dumping when I log on with TLSSTART, I believe the same 
will happen with imap-logon to, but I have not tested it yet.
The TLS session is coming up and it works fine until I log off, then it's core 
dump.  Open sslvesrion is   openssl-1.0.2k.
We ran dovecot-2.2.27 before we upgraded to dovecote-2.2.32, and that seems to 
work fine. (not core dumping)


Arvid


LOG
Sep 05 14:27:34 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 05 14:30:30 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 05 14:30:30 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 05 14:30:42 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 05 14:30:42 pop3-login: Debug: SSL: elliptic curve secp384r1 will be used 
for ECDH and ECDHE key exchanges
Sep 05 14:30:50 pop3-login: Info: Login: user=, method=PLAIN, 
rip=127.0.0.1, lip=127.0.0.1, mpid=18361, secured, session=<65m8ZXBYtpN/AAAB>
Sep 05 14:30:50 pop3-login: Error: ENGINE_finish, bad functional reference count
Sep 05 14:30:50 pop3-login: Fatal: master: service(pop3-login): child 18359 
killed with signal 6 (core dumped)






>From  ./crypto/engine/eng_init.c

.
int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
{
int to_return = 1;

/*
 * Reduce the functional reference count here so if it's the terminating
 * case, we can release the lock safely and call the finish() handler
 * without risk of a race. We get a race if we leave the count until
 * after and something else is calling "finish" at the same time -
 * there's a chance that both threads will together take the count from 2
 * to 0 without either calling finish().
 */
e->funct_ref--;
engine_ref_debug(e, 1, -1);
if ((e->funct_ref == 0) && e->finish) {
if (unlock_for_handlers)
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
to_return = e->finish(e);
if (unlock_for_handlers)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (!to_return)
return 0;
}
#ifdef REF_CHECK
if (e->funct_ref < 0) {
fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
abort();

.

/* The API (locked) version of "finish" */
int ENGINE_finish(ENGINE *e)
{
int to_return = 1;

if (e == NULL) {
ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
to_return = engine_unlocked_finish(e, 1);
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
if (!to_return) {
ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
return 0;
}
return to_return;
}

Re: Is it possible to disable pipelining in imapc?

[Aki Tuomi]

On 08.09.2017 14:50, Nagy, Attila wrote:
> Hi,
>
> I've a broken IMAP server, which doesn't support pipelining and fails
> on dovecot's attempt to do this ([C] is dovecot's imapc, [S] is the
> IMAP server):
>
> [C] 24 LOGIN "user" "pass"
> [S] 23 OK
> [C] 25 SELECT "INBOX"
> [C] 23 UID FETCH 2 (INTERNALDATE)
> [S] 25 OK
> [S] 23 BAD No mailbox selected
>
> Sadly, fixing the server would be a hard task, turning off pipelining
> in dovecot's imapc (which already supports many workarounds for
> different servers) could be easy...
>
> ... except I can see no place to do this in imapc (only in pop3c and
> imap proxy, which I guess doesn't apply here).
>
> If I'm right, may I ask for a knob for such dumb servers?
>
> Thanks,

For proxy, use proxy_nopipelining

Aki

Is it possible to disable pipelining in imapc?

[Nagy, Attila]

Hi,

I've a broken IMAP server, which doesn't support pipelining and fails on 
dovecot's attempt to do this ([C] is dovecot's imapc, [S] is the IMAP 
server):


[C] 24 LOGIN "user" "pass"
[S] 23 OK
[C] 25 SELECT "INBOX"
[C] 23 UID FETCH 2 (INTERNALDATE)
[S] 25 OK
[S] 23 BAD No mailbox selected

Sadly, fixing the server would be a hard task, turning off pipelining in 
dovecot's imapc (which already supports many workarounds for different 
servers) could be easy...


... except I can see no place to do this in imapc (only in pop3c and 
imap proxy, which I guess doesn't apply here).


If I'm right, may I ask for a knob for such dumb servers?

Thanks,

Re: password reset

[Olaf Hopp]

On 09/08/2017 11:20 AM, Steffen Kaiser wrote:




When I try to change the password with sudo, the timestamp on /etc/passwd gets 
updated but there is nothing logged to anything in /var/log/


/etc/shadow should get updated but not /etc/passwd !
make a copy of /etc/passwd before the change and look at the diff

Olaf



--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik

Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -

Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: olaf.h...@kit.edu
atis.informatik.kit.edu

www.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.




smime.p7s
Description: S/MIME Cryptographic Signature

Re: password reset

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 7 Sep 2017, @lbutlr wrote:


I have a local user who cannot login because of a forgotten password, so I went 
to reset her password with



sudo passed 


After you did so, where does the passwort *not* work? In Dovecot?
doveadm auth cache flush 


if I try to change the password in the user's account (after su ) t 
requires the old password.

even after sudo passwd?



When I try to change the password with sudo, the timestamp on /etc/passwd gets 
updated but there is nothing logged to anything in /var/log/


Hmm, does the entry in /etc/passwd change, too?

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWbJgwnz1H7kL/d9rAQKQIggAoqHCuDd/xtVu3fxJ37YAb/H6CsYQFOB+
FGgDM/V55YuvL03uRKd9f61W+rVK8g73iUt+0RpO+v2OExpFHNPAxrY2Wi5VxNXi
tHyaPAfBV7HaBQxeNxjJHDj6ObFyIPROJEUs1FZbqr3YfpvzfXAp27iYZHREu0Jt
crKzJSGKnTPcGY3OBG21U81xsvDRk3CctVZrzwpvHFkpqm6HuKEoMSIoQS6rNtJ/
RdQAWCpylB4XvTcZsNAq5S4o0g+/5OiM/nw+uEcFnOL54fhcSxl4GHCK/CdSmD6g
PjR/8EayZ5fZZeTtVJcfudsSmYwtJvgrjsEaZrgWHzGkFGl7N/O4IA==
=xZFe
-END PGP SIGNATURE-

Re: EOF from net_disconnect(fd)

[Aki Tuomi]

If you are using unix socket, you could use socat to see what's going on
there. It might require little setting up though.

Aki


On 08.09.2017 10:16, Steffan Cline wrote:
> I'm not the originator. I'm just trying to do some maintenance on the code to 
> make it work for CentOS 7. 
>
> I'll check out those two. 
>
> Any ideas on how to check exactly what's sent via the socket? If the EOF is 
> sent, I know to dig further into the daemon code. 
>
>
> Thanks,
> Steffan Cline
> stef...@hldns.com
> 602-793-0014
>
>> On Sep 7, 2017, at 11:43 PM, Aki Tuomi  wrote:
>>
>> Hi!
>>
>> Nice to hear you are developing this, I'll add it to our wiki if it's
>> not there.
>>
>> Please don't use net_transmit, it's going away. You should use ostream
>> and istream instead.
>>
>> Aki
>>
>>
>>> On 08.09.2017 09:29, Steffan Cline wrote:
>>> I’m working on an OS project from github. There are two parts:
>>>
>>> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
>>>
>>> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>>>
>>>
>>>
>>> # dovecot --version
>>>
>>> 2.2.10
>>>
>>>
>>>
>>> Both parts worked fine on CentOS 6 but I recently rebuilt them both for 
>>> CentOS 7 and have run into some errors.
>>>
>>>
>>>
>>> The plugin sends a notification over a socket to the daemon. The daemon 
>>> then processes the request and returns a message to the plugin.
>>>
>>>
>>>
>>> The plugin reads the response then closes the socket and at that point, I’m 
>>> running into an issue. 
>>>
>>>
>>>
>>> The daemon reports the following: read unix /tmp/xapsd.sock->@: read: 
>>> connection reset by peer
>>>
>>>
>>>
>>> In reading the Go language docs, it says that it will throw the first error 
>>> it hits before the EOF from the socket. This led me to think that perhaps 
>>> the plugin was not sending an EOF when closing the socket.
>>>
>>>
>>>
>>> I tried to write an EOF to the socket before the close but no change. 
>>> Everything works between the plugin and daemon right up until the socket 
>>> close.
>>>
>>>
>>>
>>> Is there a way to monitor the stream through the socket so I can see if the 
>>> plugin is indeed sending the EOF? Knowing that lets me know if I need to 
>>> chase down the issue in the Go daemon code.
>>>
>>>
>>>
>>> I’m no pro with C but I tried. The snippet from the plugin follows:
>>>
>>>
>>>
>>> alarm(1);  
>>>
>>> {
>>>
>>> if (net_transmit(fd, str_data(req), str_len(req)) < 0) {
>>>
>>>  i_error("write(%s) failed: %m", socket_path);
>>>
>>>  ret = -1;
>>>
>>> } else {
>>>
>>>  char res[1024];
>>>
>>>  ret = net_receive(fd, res, sizeof(res)-1);
>>>
>>>  if (ret < 0) {
>>>
>>>i_error("read(%s) failed: %m", socket_path);
>>>
>>>  } else {
>>>
>>>res[ret] = '\0';
>>>
>>>if (strncmp(res, "OK ", 3) == 0) {
>>>
>>>  ret = 0;
>>>
>>>}
>>>
>>>  }
>>>
>>> }
>>>
>>> }
>>>
>>> alarm(0);
>>>
>>>
>>>
>>> char stx[1];
>>>
>>> stx[0]=(char) 4;
>>>
>>> //stx[1]='\0';
>>>
>>> if ( net_transmit(fd, stx, sizeof(stx) ) < 0 ) {
>>>
>>>  i_error("Error writing EOF");
>>>
>>> }
>>>
>>>
>>>
>>> //string_t *testEOF= t_str_new(2);
>>>
>>> //str_append(testEOF, (char*) 4);
>>>
>>> //if ( net_transmit(fd, str_data(testEOF), str_len(testEOF) ) < 0 ) {
>>>
>>> //  i_error("Error writing EOF");
>>>
>>> //}
>>>
>>>
>>>
>>> //i_close_fd();
>>>
>>> net_disconnect(fd);
>>>
>>> fd=-1;
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you,
>>>
>>> Steffan Cline
>>>
>>> 602-793-0014
>>>
>>>

Re: EOF from net_disconnect(fd)

[Steffan Cline]

I'm not the originator. I'm just trying to do some maintenance on the code to 
make it work for CentOS 7. 

I'll check out those two. 

Any ideas on how to check exactly what's sent via the socket? If the EOF is 
sent, I know to dig further into the daemon code. 


Thanks,
Steffan Cline
stef...@hldns.com
602-793-0014

> On Sep 7, 2017, at 11:43 PM, Aki Tuomi  wrote:
> 
> Hi!
> 
> Nice to hear you are developing this, I'll add it to our wiki if it's
> not there.
> 
> Please don't use net_transmit, it's going away. You should use ostream
> and istream instead.
> 
> Aki
> 
> 
>> On 08.09.2017 09:29, Steffan Cline wrote:
>> I’m working on an OS project from github. There are two parts:
>> 
>> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
>> 
>> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>> 
>> 
>> 
>> # dovecot --version
>> 
>> 2.2.10
>> 
>> 
>> 
>> Both parts worked fine on CentOS 6 but I recently rebuilt them both for 
>> CentOS 7 and have run into some errors.
>> 
>> 
>> 
>> The plugin sends a notification over a socket to the daemon. The daemon then 
>> processes the request and returns a message to the plugin.
>> 
>> 
>> 
>> The plugin reads the response then closes the socket and at that point, I’m 
>> running into an issue. 
>> 
>> 
>> 
>> The daemon reports the following: read unix /tmp/xapsd.sock->@: read: 
>> connection reset by peer
>> 
>> 
>> 
>> In reading the Go language docs, it says that it will throw the first error 
>> it hits before the EOF from the socket. This led me to think that perhaps 
>> the plugin was not sending an EOF when closing the socket.
>> 
>> 
>> 
>> I tried to write an EOF to the socket before the close but no change. 
>> Everything works between the plugin and daemon right up until the socket 
>> close.
>> 
>> 
>> 
>> Is there a way to monitor the stream through the socket so I can see if the 
>> plugin is indeed sending the EOF? Knowing that lets me know if I need to 
>> chase down the issue in the Go daemon code.
>> 
>> 
>> 
>> I’m no pro with C but I tried. The snippet from the plugin follows:
>> 
>> 
>> 
>> alarm(1);  
>> 
>> {
>> 
>> if (net_transmit(fd, str_data(req), str_len(req)) < 0) {
>> 
>>  i_error("write(%s) failed: %m", socket_path);
>> 
>>  ret = -1;
>> 
>> } else {
>> 
>>  char res[1024];
>> 
>>  ret = net_receive(fd, res, sizeof(res)-1);
>> 
>>  if (ret < 0) {
>> 
>>i_error("read(%s) failed: %m", socket_path);
>> 
>>  } else {
>> 
>>res[ret] = '\0';
>> 
>>if (strncmp(res, "OK ", 3) == 0) {
>> 
>>  ret = 0;
>> 
>>}
>> 
>>  }
>> 
>> }
>> 
>> }
>> 
>> alarm(0);
>> 
>> 
>> 
>> char stx[1];
>> 
>> stx[0]=(char) 4;
>> 
>> //stx[1]='\0';
>> 
>> if ( net_transmit(fd, stx, sizeof(stx) ) < 0 ) {
>> 
>>  i_error("Error writing EOF");
>> 
>> }
>> 
>> 
>> 
>> //string_t *testEOF= t_str_new(2);
>> 
>> //str_append(testEOF, (char*) 4);
>> 
>> //if ( net_transmit(fd, str_data(testEOF), str_len(testEOF) ) < 0 ) {
>> 
>> //  i_error("Error writing EOF");
>> 
>> //}
>> 
>> 
>> 
>> //i_close_fd();
>> 
>> net_disconnect(fd);
>> 
>> fd=-1;
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Thank you,
>> 
>> Steffan Cline
>> 
>> 602-793-0014
>> 
>> 
> 

Re: EOF from net_disconnect(fd)

[Steffan Cline]

If you read the entire context you'll see code from a dovecot plugin and I'm 
trying to determine if dovecot is sending an EOF when closing the socket or not 
because the other end of the socket is at fault. From there I can check 
elsewhere. 

Dovecot code, dovecot list, made sense to try here first. 

Got any suggestions on how to check the socket traffic?


Thanks,
Steffan Cline
stef...@hldns.com
602-793-0014

> On Sep 7, 2017, at 11:42 PM, Ruben Safir  wrote:
> 
>> On 09/08/2017 02:29 AM, Steffan Cline wrote:
>> I’m working on an OS project from github. There are two parts:
>> 
>> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
>> 
>> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>> 
> 
> what does this have to do with dovecot?
> 
>> 
> 
> 
> -- 
> So many immigrant groups have swept through our town
> that Brooklyn, like Atlantis, reaches mythological
> proportions in the mind of the world - RI Safir 1998
> http://www.mrbrklyn.com
> 
> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
> http://www.nylxs.com - Leadership Development in Free Software
> http://www2.mrbrklyn.com/resources - Unpublished Archive
> http://www.coinhangout.com - coins!
> http://www.brooklyn-living.com
> 
> Being so tracked is for FARM ANIMALS and and extermination camps,
> but incompatible with living as a free human being. -RI Safir 2013
> 

Re: EOF from net_disconnect(fd)

[Aki Tuomi]

Hi!

Nice to hear you are developing this, I'll add it to our wiki if it's
not there.

Please don't use net_transmit, it's going away. You should use ostream
and istream instead.

Aki


On 08.09.2017 09:29, Steffan Cline wrote:
> I’m working on an OS project from github. There are two parts:
>
> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
>
> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>
>  
>
> # dovecot --version
>
> 2.2.10
>
>  
>
> Both parts worked fine on CentOS 6 but I recently rebuilt them both for 
> CentOS 7 and have run into some errors.
>
>  
>
> The plugin sends a notification over a socket to the daemon. The daemon then 
> processes the request and returns a message to the plugin.
>
>  
>
> The plugin reads the response then closes the socket and at that point, I’m 
> running into an issue. 
>
>  
>
> The daemon reports the following: read unix /tmp/xapsd.sock->@: read: 
> connection reset by peer
>
>  
>
> In reading the Go language docs, it says that it will throw the first error 
> it hits before the EOF from the socket. This led me to think that perhaps the 
> plugin was not sending an EOF when closing the socket.
>
>  
>
> I tried to write an EOF to the socket before the close but no change. 
> Everything works between the plugin and daemon right up until the socket 
> close.
>
>  
>
> Is there a way to monitor the stream through the socket so I can see if the 
> plugin is indeed sending the EOF? Knowing that lets me know if I need to 
> chase down the issue in the Go daemon code.
>
>  
>
> I’m no pro with C but I tried. The snippet from the plugin follows:
>
>  
>
> alarm(1);  
>
> {
>
> if (net_transmit(fd, str_data(req), str_len(req)) < 0) {
>
>   i_error("write(%s) failed: %m", socket_path);
>
>   ret = -1;
>
> } else {
>
>   char res[1024];
>
>   ret = net_receive(fd, res, sizeof(res)-1);
>
>   if (ret < 0) {
>
> i_error("read(%s) failed: %m", socket_path);
>
>   } else {
>
> res[ret] = '\0';
>
> if (strncmp(res, "OK ", 3) == 0) {
>
>   ret = 0;
>
> }
>
>   }
>
> }
>
> }
>
> alarm(0);
>
>  
>
> char stx[1];
>
> stx[0]=(char) 4;
>
> //stx[1]='\0';
>
> if ( net_transmit(fd, stx, sizeof(stx) ) < 0 ) {
>
>   i_error("Error writing EOF");
>
> }
>
>  
>
> //string_t *testEOF= t_str_new(2);
>
> //str_append(testEOF, (char*) 4);
>
> //if ( net_transmit(fd, str_data(testEOF), str_len(testEOF) ) < 0 ) {
>
> //  i_error("Error writing EOF");
>
> //}
>
>  
>
> //i_close_fd();
>
> net_disconnect(fd);
>
> fd=-1;
>
>  
>
>  
>
>  
>
> Thank you,
>
> Steffan Cline
>
> 602-793-0014
>
>  

Re: EOF from net_disconnect(fd)

[Ruben Safir]

On 09/08/2017 02:29 AM, Steffan Cline wrote:
> I’m working on an OS project from github. There are two parts:
> 
> Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin
> 
> Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon
>

what does this have to do with dovecot?

> 


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

Re: Automatic DB password hash scheme selection

[Aki Tuomi]

On 08.09.2017 06:16, Kurt Fitzner wrote:
>  
>
> Hi all, 
>
> Is there a way to get dovecot to recognize arbitrary password hash
> schemes when looking up a password in a database? I originally set up
> with #default_pass_scheme = MD5, and I would like to migrate to SHA512. 
>
> Seeing as the scheme is actually stored in the password column along
> with the password in the format $__$__$__,
> it seems to me that dovecot should be able to look at the scheme number
> and simply do the right thing. If this is possible, then migrating
> passwords over would be much easier, since people will still be able to
> log in with their old MD5-hashed password and the changer can be set up
> to hash with the new method. 
>
> Is this possible currently? 
> Thanks, 
>
>  Kurt 

Hi!

Prefix with {SCHEME}.

Aki

EOF from net_disconnect(fd)

[Steffan Cline]

I’m working on an OS project from github. There are two parts:

Dovecot plugin - https://github.com/st3fan/dovecot-xaps-plugin

Daemon written in Go - https://github.com/st3fan/dovecot-xaps-daemon

 

# dovecot --version

2.2.10

 

Both parts worked fine on CentOS 6 but I recently rebuilt them both for CentOS 
7 and have run into some errors.

 

The plugin sends a notification over a socket to the daemon. The daemon then 
processes the request and returns a message to the plugin.

 

The plugin reads the response then closes the socket and at that point, I’m 
running into an issue. 

 

The daemon reports the following: read unix /tmp/xapsd.sock->@: read: 
connection reset by peer

 

In reading the Go language docs, it says that it will throw the first error it 
hits before the EOF from the socket. This led me to think that perhaps the 
plugin was not sending an EOF when closing the socket.

 

I tried to write an EOF to the socket before the close but no change. 
Everything works between the plugin and daemon right up until the socket close.

 

Is there a way to monitor the stream through the socket so I can see if the 
plugin is indeed sending the EOF? Knowing that lets me know if I need to chase 
down the issue in the Go daemon code.

 

I’m no pro with C but I tried. The snippet from the plugin follows:

 

alarm(1);      

{

if (net_transmit(fd, str_data(req), str_len(req)) < 0) {

  i_error("write(%s) failed: %m", socket_path);

  ret = -1;

} else {

  char res[1024];

  ret = net_receive(fd, res, sizeof(res)-1);

  if (ret < 0) {

    i_error("read(%s) failed: %m", socket_path);

  } else {

    res[ret] = '\0';

    if (strncmp(res, "OK ", 3) == 0) {

      ret = 0;

    }

  }

}

}

alarm(0);

 

char stx[1];

stx[0]=(char) 4;

//stx[1]='\0';

if ( net_transmit(fd, stx, sizeof(stx) ) < 0 ) {

  i_error("Error writing EOF");

}

 

//string_t *testEOF= t_str_new(2);

//str_append(testEOF, (char*) 4);

//if ( net_transmit(fd, str_data(testEOF), str_len(testEOF) ) < 0 ) {

//  i_error("Error writing EOF");

//    }

 

//i_close_fd();

net_disconnect(fd);

fd=-1;

 

 

 

Thank you,

Steffan Cline

602-793-0014