Re: AuthDatabase CheckPassword broken?

2018-02-01 Thread Richard Hector 
On 02/02/18 14:19, Mark Foley wrote:
> Script didn't run:
> 
>   File "/root/tmp/checkpwtest.py", line 8
> o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s:
> ^
> SyntaxError: invalid syntax

Copy/paste error? The beginning of that line doesn't seem to be in the
original.

Richard

Problem with CentOS package for 2.3.0 and old dependency in systemd with clean install

2018-02-01 Thread TG Servers 
Hi,

you definitely have a problem with the packages out of your own repo for
version 2.3.0 and CentOS.
And this is only if you do a clean install, meaning there was no lower
dovecot version ever running on the system.

If you want to 'systemctl start dovecot' it breaks with a dependency
error which comes from dovecot-init.service.

dovecot-init.service :
[Unit]
Description=One-time Dovecot init service
ConditionPathExists=|!/var/lib/dovecot/ssl-parameters.dat
ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem

[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/bin/sh -c '\
if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
then\
  SSLDIR=/etc/pki/dovecot/
OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf
/usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
fi;\
if [ ! -f /var/lib/dovecot/ssl-parameters.dat ]; \
then\
  /usr/libexec/dovecot/ssl-params >/dev/null 2>&1; \
fi'

It wants to call /usr/libexec/dovecot/ssl-params if
/var/lib/dovecot/ssl-parameters.dat (which is deprecated now as I
understood) is not existing.
The problem is in 2.3.0 /usr/libexec/dovecot/ssl-params is not existent
anymore.

This error does not occur if you for instance install 2.2.x from the
base repo, start it once, and then update the version from your repo.
This is because the ssl-parameters.dat was created with the old version
then.

But this should not be the expected behaviour I think. It should be
possible to do a fresh install of 2.3.0 on a fresh system.

Can you please get back to me on that?

Thanks,
Thomas

Re: AuthDatabase CheckPassword broken?

2018-02-01 Thread Mark Foley 
Script didn't run:

  File "/root/tmp/checkpwtest.py", line 8
o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s:
^
SyntaxError: invalid syntax

--Mark

-Original Message-
From: Mark Foley 
Date: Thu, 01 Feb 2018 15:34:15 -0500
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Re: AuthDatabase CheckPassword broken?

On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi  wrote:
>
> On 01.02.2018 08:00, Mark Foley wrote:
> > I had been using the CheckPassword authentication interface with dovecot 
> > 2.2.15, 
> > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
> >
> > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced 
> > wiki page says, 
> >
> > Checkpassword Interface
> >
> > Read  NUL  NUL from fd 3. 
> >
> > I've checked the information read from fd 3 with 2.2.33.2 and I get 
> >  followed by 3
> > nulls. I'm guessing the 2nd null is supposed to be the password.
> >
> > Why is this no longer working? How can I fix it?
> >
> > THX --Mark
> Our CI has test
>
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> import os, sys
>
> DOVECOT_PW_FD = 3
>
> def checkPassword():
>   with os.fdopen(DOVECOT_PW_FD, 'r') as s:
>     data = s.read().split("\0")
>     if data[0] != "testuser" or data[1] != "pass":
>   return False
>     os.environ["USER"] = data[0]
>     os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail"
>   return True
>
> if __name__ == "__main__":
>   if not checkPassword():
>     sys.exit(1)
>   os.execv(sys.argv[1], sys.argv[1:])
>
> And it seems to work.
>
> Aki

Thanks for the script. I'm testing this on a production system, so I'll have to 
wait until
after business hours to test. Meanwhile, not being a python wizard, I have a 
couple of
questions.

I have to run this script as my passdb { args } parameter, right?

On the line where it is checking for "testuser" and password "test", I assume 
that if I want to
use a configured user I can just change these, right?

Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of 
the user?

Is there a way in python to output the values in data[0] and data[1] to a file 
so I can see
what's actually received? If after the 'split' line I added:

f = open("/tmp/checkpassword.log","a")
f.write("Name: " + data[0] + ", PW: " + data[1])
f.close()

Would that work?

--THX Mark

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Voytek Eymont 


On Fri, February 2, 2018 8:58 am, Reio Remma wrote:

> What would be the preferred directory for storing all virtual mail
> without modification to system files?

on my Centos 7 Dovecit 2.2.32, as well as prior versions, I've always used
/var/vmail/vmail1/dom.tld

don't know about 'preferred', but, that works fine for me


-- 
Voytek

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Kenneth Porter 
--On Thursday, February 01, 2018 11:58 PM +0200 Reio Remma 
 wrote:



What would be the preferred directory for storing all virtual mail
without modification to system files?


I would guess something under /var/lib. If you plan to host multiple 
virtual servers, /srv might be a better place to locate it.

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma 

Thanks for the pointer!

That didn't work though, but what worked was:

[Service]
ReadWriteDirectories=/home/dovecot

What would be the preferred directory for storing all virtual mail 
without modification to system files?


Thanks!
Reio

On 01.02.2018 21:57, Aki Tuomi wrote:

/etc/systemd/system/dovecot.service.d/writable-home.conf

[Service]
ProtectHome=false


maybe this helps?

---
Aki Tuomi
Dovecot oy

 Original message 
From: Reio Remma 
Date: 01/02/2018 21:44 (GMT+02:00)
To: dovecot@dovecot.org
Subject: Dovecot 2.3 on CentOS 7.

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus
the SSL changes) but after upgrading to 2.3 I'm getting the following
errors:

Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Debug:
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with
file
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log:
Read-only file system
Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Error:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: AuthDatabase CheckPassword broken?

2018-02-01 Thread Mark Foley 
On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi  wrote:
>
> On 01.02.2018 08:00, Mark Foley wrote:
> > I had been using the CheckPassword authentication interface with dovecot 
> > 2.2.15, 
> > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
> >
> > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced 
> > wiki page says, 
> >
> > Checkpassword Interface
> >
> > Read  NUL  NUL from fd 3. 
> >
> > I've checked the information read from fd 3 with 2.2.33.2 and I get 
> >  followed by 3
> > nulls. I'm guessing the 2nd null is supposed to be the password.
> >
> > Why is this no longer working? How can I fix it?
> >
> > THX --Mark
> Our CI has test
>
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> import os, sys
>
> DOVECOT_PW_FD = 3
>
> def checkPassword():
>   with os.fdopen(DOVECOT_PW_FD, 'r') as s:
>     data = s.read().split("\0")
>     if data[0] != "testuser" or data[1] != "pass":
>   return False
>     os.environ["USER"] = data[0]
>     os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail"
>   return True
>
> if __name__ == "__main__":
>   if not checkPassword():
>     sys.exit(1)
>   os.execv(sys.argv[1], sys.argv[1:])
>
> And it seems to work.
>
> Aki

Thanks for the script. I'm testing this on a production system, so I'll have to 
wait until
after business hours to test. Meanwhile, not being a python wizard, I have a 
couple of
questions.

I have to run this script as my passdb { args } parameter, right?

On the line where it is checking for "testuser" and password "test", I assume 
that if I want to
use a configured user I can just change these, right?

Likewise with "userdb_uid=vmail userdb_gid=vmail", what are these? UID/GID of 
the user?

Is there a way in python to output the values in data[0] and data[1] to a file 
so I can see
what's actually received? If after the 'split' line I added:

f = open("/tmp/checkpassword.log","a")
f.write("Name: " + data[0] + ", PW: " + data[1])
f.close()

Would that work?

--THX Mark

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Aki Tuomi 
/etc/systemd/system/dovecot.service.d/writable-home.conf
[Service]ProtectHome=false

maybe this helps?
---Aki TuomiDovecot oy
 Original message From: Reio Remma  Date: 
01/02/2018  21:44  (GMT+02:00) To: dovecot@dovecot.org Subject: Dovecot 2.3 on 
CentOS 7. 
Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:

Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist)
 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma 

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:


Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system


So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.


Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Re: Live Import of IMAP

2018-02-01 Thread Sami Ketola 


> On 1 Feb 2018, at 17.10, Sergio Belkin  wrote:
> 
> 
> 2018-02-01 11:59 GMT-03:00 Sami Ketola  >:
> 
> 
>> On 29 Jan 2018, at 21.57, Sergio Belkin > > wrote:
>> 
>> Hi,
>> 
>> I have the mailbox of jon@example.com  just 
>> migrated only with mails after migration, is it ok to run:
>> 
>> doveadm -o mail_fsync=never sync -1 -R -u j...@example.com 
>>  imapc:
>> 
>> wiil that import all mails missing mails to the new server? I don't want 
>> that delete any current mail, is that right the command above?
>> 
>> thanks in advance!
> 
> Yes, if you have imapc settings defined somewhere in your config. If not you 
> need to add them to the command line.
> 
> Sami
> 
> 

Oh yeah, and you might want to add -o mail_prefetch_count=20 or maybe even more 
to speed up the migration.

Sami

How to grant user access to his .dovecot.sieve.log?

2018-02-01 Thread Sergey Ivanov 

Hi,
What are the recommended ways to give access to their .dovecot.sieve.log 
messages to the users?
I am thinking about placing this file into users Maildir/new, or piping 
to dovecot-lda.


--
  Regards,
  Sergey Ivanov


signature.asc
Description: OpenPGP digital signature

Re: Live Import of IMAP

2018-02-01 Thread Sergio Belkin 
2018-02-01 11:59 GMT-03:00 Sami Ketola :

>
>
> On 29 Jan 2018, at 21.57, Sergio Belkin  wrote:
>
> Hi,
>
> I have the mailbox of jon@example.com just migrated only with mails
> after migration, is it ok to run:
>
> doveadm -o mail_fsync=never sync -1 -R -u j...@example.com imapc:
>
>
> wiil that import all mails missing mails to the new server? I don't want
> that delete any current mail, is that right the command above?
>
> thanks in advance!
>
>
> Yes, if you have imapc settings defined somewhere in your config. If not
> you need to add them to the command line.
>
> Sami
>
>
>

Thanks Sami!

-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

Re: Live Import of IMAP

2018-02-01 Thread Sami Ketola 


> On 29 Jan 2018, at 21.57, Sergio Belkin  wrote:
> 
> Hi,
> 
> I have the mailbox of jon@example.com  just 
> migrated only with mails after migration, is it ok to run:
> 
> doveadm -o mail_fsync=never sync -1 -R -u j...@example.com 
>  imapc:
> 
> wiil that import all mails missing mails to the new server? I don't want that 
> delete any current mail, is that right the command above?
> 
> thanks in advance!

Yes, if you have imapc settings defined somewhere in your config. If not you 
need to add them to the command line.

Sami

Re: lda: Warning: Failed to parse return-path header: Invalid character in localpart

2018-02-01 Thread Stephan Bosch 



Op 31-1-2018 om 23:16 schreef Stephan Bosch:

Op 1/31/2018 om 10:44 PM schreef Christian Authmann:

Hello,
On 31.01.2018 22:35, Stephan Bosch wrote:

Op 1/31/2018 om 6:17 PM schreef Christian Authmann:

Hello,

Sometimes, when delivering mails, this warning appears in my syslog:


lda(...): Warning: Failed to parse return-path header: Invalid

character in localpart

dovecot-lda still exits with 0 and the mail is inserted into my inbox.


Looking at the mails in question, I determined that the error is
caused by a multiline Return-Path header. Here's a testcase:

--- snip ---
Return-Path:
    
From: "Nowhere" 
To: redac...@example.com
Subject: Testcase for lda warnings
Date: Wed, 31 Jan 2018 12:00:00 +

This is a message body.
--- snap ---

Copy into a file, with \r\n line endings, then run something like this:

cat testcase.txt | /usr/lib/dovecot/dovecot-lda -e -d ''

with a username recognized by your running dovecot installation.

The header is 'Return-Path:', \r\n, two spaces, '<...>', \r\n

According to rfc2822 folding rules, that should be valid - the
Return-Path header allows CFWS at that location.


The error message originates in lib-lda/mail-deliver.c in
mail_deliver_get_return_address(), while the invalid character message
seems to originate from one of several places in lib-lda/mail-deliver.c

This is Dovecot v2.3.0 right?

Regards,

Stephan.

yes, 2.3.0 (c8b89eb), archlinux, x64. Sorry for not mentioning it
earlier.

Whoops, yes, problem is obvious.


Fixed: 
https://github.com/dovecot/core/commit/9d606eb5019bc237cf4add562d54e2345b756f50


Regards,

Stephan.

Re: Error in virtual mailbox dovecot 2.3-devel maybe in mailcount

2018-02-01 Thread Jakobus Schürz 

Hi!


I didn't hear anything about this issue... the problem still persists 
(last build was 27.1.2018 from git ressources)


Do you need more informations?

jakob


Am 12.01.2018 um 11:04 schrieb Jakobus Schürz:

Hi there!

I splitted my Mailarchiv to an extra namespace. Because i have some 
Problems with the Archiv.


I can open all Folders from Mailarchiv with dovecot. But i want to 
have a "all archives" Mailbox to search in all messages in only one 
virtual mailbox. Trying to open this virtual folder from thunderbird, 
I get in a big archiv this error in logs from dovecot:


Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: virtual index 
/var/mail/virtual/ARCHIV: Broken mailbox_count header
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Mailinglisten/stvkr-a/dovecot.index: 
Opened in index-storage.c:336
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f391bf02021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f391bf020ed] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f391be74481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f391c2a1942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f391c278ec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f391c1f8c0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) 
[0x7f39174637e0] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f391746397b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f3917466926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f391c1fb05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f391c1fb117] -> dovecot/imap [jakob 92.60.9.18 
select](cmd_select_full+0x171) [0x55759e0911a1] -> dovecot/imap [jakob 
92.60.9.18 select](command_exec+0x64) [0x55759e098ca4] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b0b2) [0x55759e0970b2] -> dovecot/imap 
[jakob 92.60.9.18 select](+0x1b13c) [0x55759e09713c] -> dovecot/imap 
[jakob 92.60.9.18 select](client_handle_input+0x1a5) [0x55759e097565] 
-> dovecot/imap [jakob 92.60.9.18 select](client_input+0x82) 
[0x55759e097be2] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) 
[0x7f391bf19c09] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f391bf1b4a9] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f391bf19d12] -> 
/usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f391bf19f28] -> 
/usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f391be971e3] -> dovecot/imap [jakob 92.60.9.18 select](main+0x328) 
[0x55759e089768] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) 
[0x7f391babd2b1] -> dovecot/imap [jakob 92.60.9.18 
select](_start+0x2a) [0x55759e08994a]
Jän 12 10:54:41 aldebaran dovecot[839]: 
imap(jakob)<11302><9ILYQJFipPlcPAkS>: Fatal: master: service(imap): 
child 11302 killed with signal 6 (core not dumped)


and if i search the virtual mailbox with doveadm i get almost the same 
error. The "Broken mailbox_count_header" is missing there.


The full amount of emails in archiv is about 28000

# ulimit -n 256000
# doveadm search -u jakob mailbox Real/Archiv all
doveadm(jakob): Panic: Leaked view for index 
/var/lib/dovecot/db/indexes/archiv/jakob/Archiv/2016/Diverses/Standard-foren/dovecot.index: 
Opened in index-storage.c:336
doveadm(jakob): Error: Raw backtrace: 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8259fe6021] -> 
/usr/local/lib/dovecot/libdovecot.so.0(+0xc6079) [0x7f8259fe6079] -> 
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8259f58481] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf3942) 
[0x7f825a385942] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_close+0x72) 
[0x7f825a35cec2] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_close+0x1a) 
[0x7f825a2dcc0a] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(+0xa7e0) 
[0x7f82559507e0] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_backend_box_open+0x2b) 
[0x7f825595097b] -> 
/usr/local/lib/dovecot/lib20_virtual_plugin.so(virtual_storage_sync_init+0x1026) 
[0x7f8255953926] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x4d) 
[0x7f825a2df05d] -> 
/usr/local/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x37) 
[0x7f825a2df117] -> doveadm(doveadm_mail_iter_init+0x94) 
[0x56303334be94] -> doveadm(+0x33715) [0x56303334f715] -> 
doveadm(+0x29a88) [0x563033345a88] -> do

Re[2]: Why does dovecot reject password when authorizing by a certificate?

2018-02-01 Thread yuryb 
My configuration already contained these parameters (auth_debug=yes and 
auth_verbose=yes). I enter the same password in case of SSL-authorization and 
in case of authorization by certificate. In first case password has accepted, 
in second case password has rejected. I have no ideas.

--- Исходное сообщение ---
От кого: "Aki Tuomi" 
Дата: 1 февраля 2018, 12:09:05


You probably need to also enable

auth_debug=yes

auth_verbose=yes

also, are you sure you just don't have wrong password?





Aki



On 01.02.2018 12:08, yuryb wrote:

I have added "auth_debug_password=yes" to "10-logging.conf" and restarted 
dovecot. But I do not see any information about the password in the logs. Does 
this mean that the thunderbird does not send the password? Although it asks for 
the password and I enter one.
New log:
dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill)
dovecot: master: Dovecot v2.2.24 (a82c823) starting up for imap, pop3
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: 
user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, 
session=
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso 
Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>, rip=10.1.1.59, 
lip=10.1.1.99, TLS handshaking, session=
dovecot: auth: passwd-file(sysadmin,10.1.1.59,): Password 
mismatch
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 99 secs): 
user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, 
session=


Try adding auth_debug_password=yes

Aki



On 01.02.2018 10:27, yuryb wrote:

We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and 
password database is a text file with plaintext passwords. Clients connect to 
imap-server via TLS protocol and plaintext password. All works fine. But I want 
to configure ability to authorize with a client certificates. I have generated 
a client certificate and imported it to email-client. Also I have configured 
dovecot to verify client certificates. But email-client cannot authorize: 
Password mismatch. Why dovecot reject my password in this case? Please help!

My log: dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso 
Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, 
session=
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso 
Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>, rip=10.1.1.59, 
lip=10.1.1.99, TLS handshaking, session=
dovecot: auth: passwd-file(sysadmin,10.1.1.59,): Password 
mismatch
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): 
user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, 
session=


My configuration:
# 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs
auth_debug = yes
auth_mechanisms = plain login external
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_username_format = %Ln
auth_verbose = yes
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
mail_debug = yes
mail_gid = 999
mail_location = maildir:/mnt/mail/%n
mail_uid = 999
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /usr/local/etc/dovecot/users
  driver = passwd-file
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imaps {
    ssl = yes
  }
}
ssl_ca =

Re: Why does dovecot reject password when authorizing by a certificate?

2018-02-01 Thread Aki Tuomi 
You probably need to also enable

auth_debug=yes

auth_verbose=yes

also, are you sure you just don't have wrong password?


Aki


On 01.02.2018 12:08, yuryb wrote:
> I have added "auth_debug_password=yes" to "10-logging.conf" and
> restarted dovecot. But I do not see any information about the password
> in the logs. Does this mean that the thunderbird does not send the
> password? Although it asks for the password and I enter one.
> New log:
> dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0
> code=kill)
> dovecot: master: Dovecot v2.2.24 (a82c823) starting up for imap, pop3
> dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso
> Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
> session=
> dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso
> Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>,
> rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, session=
> dovecot: auth: passwd-file(sysadmin,10.1.1.59,):
> Password mismatch
> dovecot: imap-login: Disconnected (auth failed, 1 attempts in 99
> secs): user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99,
> TLS, session=
>
> Try adding auth_debug_password=yes
>
> Aki
>
>
> On 01.02.2018 10:27, yuryb wrote:
>> We have FreeBSD-server with dovecot installed on it as
>> IMAP-server. My user and password database is a text file with
>> plaintext passwords. Clients connect to imap-server via TLS
>> protocol and plaintext password. All works fine. But I want to
>> configure ability to authorize with a client certificates. I have
>> generated a client certificate and imported it to email-client.
>> Also I have configured dovecot to verify client certificates. But
>> email-client cannot authorize: Password mismatch. Why dovecot
>> reject my password in this case? Please help!
>>
>> My log:
>> dovecot: imap-login: Valid certificate:
>> /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: user=<>, rip=10.1.1.59,
>> lip=10.1.1.99, TLS handshaking, session=
>> dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso
>> Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua
>> :
>> user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
>> session=
>> dovecot: auth:
>> passwd-file(sysadmin,10.1.1.59,): Password mismatch
>> dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6
>> secs): user=, method=EXTERNAL, rip=10.1.1.59,
>> lip=10.1.1.99, TLS, session=
>>
>> My configuration:
>> # 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf
>> # OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs
>> auth_debug = yes
>> auth_mechanisms = plain login external
>> auth_ssl_require_client_cert = yes
>> auth_ssl_username_from_cert = yes
>> auth_username_format = %Ln
>> auth_verbose = yes
>> disable_plaintext_auth = no
>> lda_mailbox_autocreate = yes
>> mail_debug = yes
>> mail_gid = 999
>> mail_location = maildir:/mnt/mail/%n
>> mail_uid = 999
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Drafts {
>>     special_use = \Drafts
>>   }
>>   mailbox Junk {
>>     special_use = \Junk
>>   }
>>   mailbox Sent {
>>     special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>>     special_use = \Sent
>>   }
>>   mailbox Trash {
>>     special_use = \Trash
>>   }
>>   prefix =
>> }
>> passdb {
>>   args = /usr/local/etc/dovecot/users
>>   driver = passwd-file
>> }
>> protocols = imap pop3
>> service auth {
>>   unix_listener /var/spool/postfix/private/auth {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>>   unix_listener auth-userdb {
>>     group = vmail
>>     mode = 0660
>>     user = vmail
>>   }
>> }
>> service imap-login {
>>   inet_listener imaps {
>>     ssl = yes
>>   }
>> }
>> ssl_ca = > ssl_cert = > ssl_dh_parameters_length = 2048
>> ssl_key = > ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1
>> ssl_require_crl = no
>> ssl_verify_client_cert = yes
>> userdb {
>>   args = /usr/local/etc/dovecot/users
>>   driver = passwd-file
>> }
>> verbose_ssl = yes
>>
>

Re[2]: Why does dovecot reject password when authorizing by a certificate?

2018-02-01 Thread yuryb 
I have added "auth_debug_password=yes" to "10-logging.conf" and restarted 
dovecot. But I do not see any information about the password in the logs. Does 
this mean that the thunderbird does not send the password? Although it asks for 
the password and I enter one.
New log:
dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill)
dovecot: master: Dovecot v2.2.24 (a82c823) starting up for imap, pop3
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: 
user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, 
session=
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso 
Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>, rip=10.1.1.59, 
lip=10.1.1.99, TLS handshaking, session=
dovecot: auth: passwd-file(sysadmin,10.1.1.59,): Password 
mismatch
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 99 secs): 
user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, 
session=


Try adding auth_debug_password=yes

Aki



On 01.02.2018 10:27, yuryb wrote:

We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and 
password database is a text file with plaintext passwords. Clients connect to 
imap-server via TLS protocol and plaintext password. All works fine. But I want 
to configure ability to authorize with a client certificates. I have generated 
a client certificate and imported it to email-client. Also I have configured 
dovecot to verify client certificates. But email-client cannot authorize: 
Password mismatch. Why dovecot reject my password in this case? Please help!

My log: dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso 
Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, 
session=
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso 
Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>, rip=10.1.1.59, 
lip=10.1.1.99, TLS handshaking, session=
dovecot: auth: passwd-file(sysadmin,10.1.1.59,): Password 
mismatch
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): 
user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, 
session=


My configuration:
# 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs
auth_debug = yes
auth_mechanisms = plain login external
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_username_format = %Ln
auth_verbose = yes
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
mail_debug = yes
mail_gid = 999
mail_location = maildir:/mnt/mail/%n
mail_uid = 999
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /usr/local/etc/dovecot/users
  driver = passwd-file
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imaps {
    ssl = yes
  }
}
ssl_ca =

Cannot delete IMAP Mail-Folder in Trash

2018-02-01 Thread Gabriel Kaufmann 

Hello,

I've noticed an annoying problem. Trying to delete a folder that has 
been deleted on IMAP and is moved to trash has problems being deleted. 
Thunderbird reports:
"Folder contains children" and stops there. Folder at first disappears. 
But after restarting Thunderbird they are still there and on 
Dovecot-Mailbox folder on the server the folders are also still present.


I'm using Dovecot 2.2.18 + Thunderbird + FS-Layout.

I already tried this workaround-mode:


/protocol imap { //imap_client_workarounds = tb-extra-mailbox-sep //}/


   best regards

   Gabriel Kaufmann
   _

   TYPOWORX ΝΞШ.ΜΞDIΑ
   Gabriel Kaufmann
   Siegfriedstraße 38 | 38106 Braunschweig
   USt.Id Nr. DE-268606152

   *T*elefon:0531-2521800*F*ax:0531-2326411

   + Internetseiten | Web-Entwicklung | PHP | CMS | TYPO3 | Microsites*
   +* Webhosting | Linux-Systemadministration

   www.typoworx.de  Facebook
   
   XING  


   Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
   Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
   E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
   Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren
   sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

   This e-mail may contain confidential and/or privileged information.
   If you are not the intended recipient (or have received this e-mail
   in error) please notify the sender immediately and destroy this
   e-mail. Any unauthorized copying, disclosure or distribution of the
   material in this e-mail is strictly forbidden.

Re: Why does dovecot reject password when authorizing by a certificate?

2018-02-01 Thread Aki Tuomi 
Try adding auth_debug_password=yes

Aki


On 01.02.2018 10:27, yuryb wrote:
> We have FreeBSD-server with dovecot installed on it as IMAP-server. My
> user and password database is a text file with plaintext passwords.
> Clients connect to imap-server via TLS protocol and plaintext
> password. All works fine. But I want to configure ability to authorize
> with a client certificates. I have generated a client certificate and
> imported it to email-client. Also I have configured dovecot to verify
> client certificates. But email-client cannot authorize: Password
> mismatch. Why dovecot reject my password in this case? Please help!
>
> My log:
> dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso
> Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
> session=
> dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso
> Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>,
> rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, session=
> dovecot: auth: passwd-file(sysadmin,10.1.1.59,):
> Password mismatch
> dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs):
> user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS,
> session=
>
> My configuration:
> # 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs
> auth_debug = yes
> auth_mechanisms = plain login external
> auth_ssl_require_client_cert = yes
> auth_ssl_username_from_cert = yes
> auth_username_format = %Ln
> auth_verbose = yes
> disable_plaintext_auth = no
> lda_mailbox_autocreate = yes
> mail_debug = yes
> mail_gid = 999
> mail_location = maildir:/mnt/mail/%n
> mail_uid = 999
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = /usr/local/etc/dovecot/users
>   driver = passwd-file
> }
> protocols = imap pop3
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0660
>     user = vmail
>   }
> }
> service imap-login {
>   inet_listener imaps {
>     ssl = yes
>   }
> }
> ssl_ca =  ssl_cert =  ssl_dh_parameters_length = 2048
> ssl_key =  ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3 !TLSv1
> ssl_require_crl = no
> ssl_verify_client_cert = yes
> userdb {
>   args = /usr/local/etc/dovecot/users
>   driver = passwd-file
> }
> verbose_ssl = yes
>

Why does dovecot reject password when authorizing by a certificate?

2018-02-01 Thread yuryb 
We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and 
password database is a text file with plaintext passwords. Clients connect to 
imap-server via TLS protocol and plaintext password. All works fine. But I want 
to configure ability to authorize with a client certificates. I have generated 
a client certificate and imported it to email-client. Also I have configured 
dovecot to verify client certificates. But email-client cannot authorize: 
Password mismatch. Why dovecot reject my password in this case? Please help!

My log:dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso 
Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, 
session=
dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso 
Ltd/OU=IT/CN=sysadmin/emailAddress=sysad...@contoso.ua: user=<>, rip=10.1.1.59, 
lip=10.1.1.99, TLS handshaking, session=
dovecot: auth: passwd-file(sysadmin,10.1.1.59,): Password 
mismatch
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): 
user=, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, 
session=


My configuration:
# 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs
auth_debug = yes
auth_mechanisms = plain login external
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_username_format = %Ln
auth_verbose = yes
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
mail_debug = yes
mail_gid = 999
mail_location = maildir:/mnt/mail/%n
mail_uid = 999
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /usr/local/etc/dovecot/users
  driver = passwd-file
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imaps {
    ssl = yes
  }
}
ssl_ca =

Re: AuthDatabase CheckPassword broken?

2018-02-01 Thread Aki Tuomi 


On 01.02.2018 08:00, Mark Foley wrote:
> I had been using the CheckPassword authentication interface with dovecot 
> 2.2.15, 
> https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
>
> After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced 
> wiki page says, 
>
> Checkpassword Interface
>
> Read  NUL  NUL from fd 3. 
>
> I've checked the information read from fd 3 with 2.2.33.2 and I get 
>  followed by 3
> nulls. I'm guessing the 2nd null is supposed to be the password.
>
> Why is this no longer working? How can I fix it?
>
> THX --Mark
Our CI has test

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os, sys

DOVECOT_PW_FD = 3

def checkPassword():
  with os.fdopen(DOVECOT_PW_FD, 'r') as s:
    data = s.read().split("\0")
    if data[0] != "testuser" or data[1] != "pass":
  return False
    os.environ["USER"] = data[0]
    os.environ["EXTRA"] = "userdb_uid=vmail userdb_gid=vmail"
  return True

if __name__ == "__main__":
  if not checkPassword():
    sys.exit(1)
  os.execv(sys.argv[1], sys.argv[1:])

And it seems to work.

Aki