Re: huge increase in storage activity afther dovecot upgrade

[Adi Pircalabu]

Are you connecting to the same mailbox over NFS from multiple IMAP 
servers? If not and, at any given time, any mailbox will be accessed 
from a single NFS client, try to "dupe" Dovecot into thinking it's not 
using NFS. We're running quite successfully such setup with NFSv3 over 
TCP, which turned out to be the fastest and most reliable throughout the 
years. Here are the mount options:

rw,noatime,nodiratime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nordirplus,proto=tcp,timeo=600,retrans=2,sec=sys,mountvers=3,mountport=1892,mountproto=tcp,local_lock=none
On the Dovecot side we're running with:
lock_method = dotlock
mail_fsync = never
mail_nfs_index = no
mail_nfs_storage = no
maildir_very_dirty_syncs = yes
mmap_disable = yes
protocol lda {
  mail_fsync = optimized
}
protocol lmtp {
  mail_fsync = optimized
}

Note: we're using Maildir and the usual "works for me(c), may not work 
for everyone" applies.


--
Adi Pircalabu

On 2018-11-14 21:47, Adrian M wrote:

Thanks, they are as in example, except for "mailbox_list_index = yes"
witch is from https://wiki.dovecot.org/PerformanceTuning

On Wed, Nov 14, 2018 at 12:18 PM Aki Tuomi
 wrote:


You should review https://wiki2.dovecot.org/NFS to see that the
settings make sense.

Aki
On 14.11.2018 12.00, Adrian M wrote:

Thank you !
I was little concerned that the following settings are not in line
with the new version:

mail_nfs_index = yes
mail_nfs_storage = yes
mail_fsync = always
mailbox_list_index = yes
maildir_stat_dirs = yes
mmap_disable = yes

On Wed, Nov 14, 2018 at 10:19 AM Aki Tuomi
 wrote:

It should eventually wind down once all the problems are fixed. Of
course if it does not happen, you can always run force-resync for
the problem users.

Aki
On 14.11.2018 10.08, Adrian M wrote:

Hi,
we upgraded our servers from version 2.2.13 to 2.2.27. After the
upgrade we notice a 10x increase in traffic with the nfs storage an
errors like this in the logfile:

Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index
cache file /.../dovecot.index.cache: invalid record size
Nov 12 09:48:16 mail dovecot: imap(...): Error:
unlink(/.../dovecot.index.cache) failed: No such file or directory
(in mail-cache.c:29)
Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index
cache file /.../dovecot.index.cache: invalid record size
Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
/.../dovecot-uidlist line 8: Invalid data:

Is this normal ?

Will the activity wind down ?
Can we do something, like deleting the old dovecot.index* or
dovecot-uidlist files from maildirs, or doing an doveadm
force-refresh for all inboxes ?

Thank you !

Here's my configuration:

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
auth_failure_delay = 15 secs
auth_mechanisms = plain login
auth_verbose = yes
auth_worker_max_count = 256
default_client_limit = 4
default_process_limit = 512
dict {
lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
}
disable_plaintext_auth = no
first_valid_uid = 100
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p
%c
mail_fsync = always
mail_location = maildir:_/home/virtual/_%d/%u
mail_max_userip_connections = 16
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = zlib quota mail_log notify
mail_privileged_group = mail
mailbox_list_index = yes
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox virtual/All {
special_use = \All
}
prefix =
}
passdb {
args = /etc/dovecot/mysql/dovecot-sql.conf
driver = sql
}
plugin {
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:user::proxy::quotadict
quota_rule2 = Trash:ignore
quota_rule3 = Spam:ignore
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 The email account that you
tried to reach is over quota
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_before = /etc/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
stats_refresh = 30 secs
stats_track_cmds = yes
trash = /etc/dovecot/dovecot-trash.conf
zlib_save = gz
zlib_save_level = 6
}
protocols = 

Re: Dovecot proxy: per user/domain 'namespace/inbox/prefix' from MySQL

[Adi Pircalabu]

Forgot to add "doveconf -n" for the proxy server:

# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 4.14.81-6.el7xen.x86_64 x86_64 CentOS Linux release 7.5.1804 
(Core)

# Hostname: proxy1.0aditest.local
auth_cache_negative_ttl = 5 mins
auth_cache_size = 16 M
auth_cache_ttl = 18 hours
auth_debug = yes
auth_verbose = yes
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext imapflags notify

mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_extensions = +notify +imapflags
}
protocols = imap pop3 lmtp sieve
service imap-login {
  inet_listener imap {
port = 1143
  }
  inet_listener imaps {
port = 1993
ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  service_count = 0
  vsz_limit = 128 M
}
service managesieve {
  process_limit = 1024
}
service pop3-login {
  inet_listener pop3 {
port = 110
  }
  inet_listener pop3s {
port = 995
ssl = yes
  }
}
ssl = required
ssl_cert = 
As a way to try and avoid using "prefix = INBOX." ad infinitum for the
inbox namespace, I'm looking for ways to move on to "prefix =" for new
mail accounts, and grandfather the existing ones. Previously running
Courier-IMAP, now Dovecot, I looked at
https://wiki.dovecot.org/Namespaces#Backwards_Compatibility:_Courier_IMAP
and decided it's too risky to go down that path and use namespace
compat, with so many IMAP clients out there the scope of testing is
huge and the outcome is uncertain and not worth it.
After reading
https://wiki.dovecot.org/Namespaces#Per-user_Namespace_Location_From_SQL
I thought I might be able to overwrite the server configuration per
user returning 'namespace/inbox/prefix' value from SQL. Here's the
setup I attempted, briefly:

1. Client connects to the Dovecot proxy, which authenticates the user
and proxies to the backend using a query like this in
/etc/dovecot/conf.d/dovecot-sql.conf.ext:
driver = mysql
connect = 
password_query = SELECT NULL AS password, 'Y' as nopassword, host,
'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = '%u'
AND disabled_smtpauth=0
Works a treat.

2. Next, I'm trying to add the prefix lookup in the picture. In the
same file I've added:
user_query = SELECT ns_inbox_prefix AS 'namespace/inbox/prefix' FROM
mailbox WHERE email = '%u' AND disabled_smtpauth=0

3. The mailbox table schema reads:
CREATE TABLE `mailbox` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL DEFAULT '',
  `password` varchar(255) NOT NULL DEFAULT '',
  `clear_password` varchar(255) NOT NULL DEFAULT '',
  `name` varchar(255) NOT NULL DEFAULT '',
  `host` varchar(32) DEFAULT NULL,
  `port` varchar(32) DEFAULT NULL,
  `ns_inbox_prefix` varchar(255) NOT NULL DEFAULT '',
  `lastlog_remote_ips` bigint(20) unsigned NOT NULL DEFAULT 0,
  `curlog_remote_ips` bigint(20) unsigned NOT NULL DEFAULT 0,
  `disabled_smtpauth` tinyint(1) NOT NULL DEFAULT 0,
  `last_modified` timestamp NOT NULL DEFAULT current_timestamp() ON
UPDATE current_timestamp(),
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
The 2 queries above return:
MariaDB [postfix]> SELECT NULL AS password, 'Y' as nopassword, host,
'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email =
'adi2@0aditest.local' AND disabled_smtpauth=0;
+--+++--+---+
| password | nopassword | host   | starttls | proxy |
+--+++--+---+
| NULL | Y  | 192.168.123.24 | any-cert | Y |
+--+++--+---+
1 row in set (0.00 sec)
MariaDB [postfix]> SELECT ns_inbox_prefix AS 'namespace/inbox/prefix'
FROM mailbox WHERE email = 'adi2@0aditest.local' AND
disabled_smtpauth=0;
++
| namespace/inbox/prefix |
++
||
++
1 row in set (0.00 sec)

After reloading dovecot service with auth_debug = yes are the maillog
for an IMAP session:
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Nov 15 12:43:48 proxy1 

Re: different TLS protocols on different ports

[Joseph Tam]

Michael A. Peters  wrote:


> Couldn't you run two different instances (with 2 separate run-time
> directories), each listening on a different port with their own SSL
> configuration??? Or would it clash somewhere?
> 
> If only a single running instance of dovecot is required, I guess you

> can run dovecot on the localhost interface, and use 2 stunnel proxies.

Honestly that violates the concept of KISS.


(Just to be clear, I'm not the OP.)

I agree -- if the OP can convince the user change mail readers, that would
be better all around.  However, some users will only let go of their
mail reader when you pry it from their dead, cold fingers, and you'll
be applying KISS in the social context.  Doing a technical workaround
is sometimes simpler than picking a fight with them.  This has to be
balanced with the security requirements.

Noel  writes:


Strongly agree with this.?? If you have enough users that you have
use both hands to count them, running different protocols on
different ports is a sure-fire way to annoy your users and create
problems for support staff (eg. you).?? Either allow the antique
protocol everywhere, or give notice and cut it off.??


I'm not sure why users would be annoyed -- this is more or less transparent
to them.  If, however, you remove a TLS flavour and thereby break
a previously working mail reader, you'll get the the definition of
"annoyed" demonstrated when you explain to the user why you won't allow
their beloved FoobyBletch5000 mail reader to work.

Joseph Tam 

Dovecot proxy: per user/domain 'namespace/inbox/prefix' from MySQL

[Adi Pircalabu]

As a way to try and avoid using "prefix = INBOX." ad infinitum for the 
inbox namespace, I'm looking for ways to move on to "prefix =" for new 
mail accounts, and grandfather the existing ones. Previously running 
Courier-IMAP, now Dovecot, I looked at 
https://wiki.dovecot.org/Namespaces#Backwards_Compatibility:_Courier_IMAP 
and decided it's too risky to go down that path and use namespace 
compat, with so many IMAP clients out there the scope of testing is huge 
and the outcome is uncertain and not worth it.
After reading 
https://wiki.dovecot.org/Namespaces#Per-user_Namespace_Location_From_SQL 
I thought I might be able to overwrite the server configuration per user 
returning 'namespace/inbox/prefix' value from SQL. Here's the setup I 
attempted, briefly:


1. Client connects to the Dovecot proxy, which authenticates the user 
and proxies to the backend using a query like this in 
/etc/dovecot/conf.d/dovecot-sql.conf.ext:

driver = mysql
connect = 
password_query = SELECT NULL AS password, 'Y' as nopassword, host, 
'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = '%u' 
AND disabled_smtpauth=0

Works a treat.

2. Next, I'm trying to add the prefix lookup in the picture. In the same 
file I've added:
user_query = SELECT ns_inbox_prefix AS 'namespace/inbox/prefix' FROM 
mailbox WHERE email = '%u' AND disabled_smtpauth=0


3. The mailbox table schema reads:
CREATE TABLE `mailbox` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL DEFAULT '',
  `password` varchar(255) NOT NULL DEFAULT '',
  `clear_password` varchar(255) NOT NULL DEFAULT '',
  `name` varchar(255) NOT NULL DEFAULT '',
  `host` varchar(32) DEFAULT NULL,
  `port` varchar(32) DEFAULT NULL,
  `ns_inbox_prefix` varchar(255) NOT NULL DEFAULT '',
  `lastlog_remote_ips` bigint(20) unsigned NOT NULL DEFAULT 0,
  `curlog_remote_ips` bigint(20) unsigned NOT NULL DEFAULT 0,
  `disabled_smtpauth` tinyint(1) NOT NULL DEFAULT 0,
  `last_modified` timestamp NOT NULL DEFAULT current_timestamp() ON 
UPDATE current_timestamp(),

  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
The 2 queries above return:
MariaDB [postfix]> SELECT NULL AS password, 'Y' as nopassword, host, 
'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = 
'adi2@0aditest.local' AND disabled_smtpauth=0;

+--+++--+---+
| password | nopassword | host   | starttls | proxy |
+--+++--+---+
| NULL | Y  | 192.168.123.24 | any-cert | Y |
+--+++--+---+
1 row in set (0.00 sec)
MariaDB [postfix]> SELECT ns_inbox_prefix AS 'namespace/inbox/prefix' 
FROM mailbox WHERE email = 'adi2@0aditest.local' AND 
disabled_smtpauth=0;

++
| namespace/inbox/prefix |
++
||
++
1 row in set (0.00 sec)

After reloading dovecot service with auth_debug = yes are the maillog 
for an IMAP session:
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Loading modules from 
directory: /usr/lib64/dovecot/auth
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_mysql.so
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: Read auth token secret from 
/var/run/dovecot/auth-token-secret.dat
Nov 15 12:43:48 proxy1 dovecot: auth: Debug: auth client connected 
(pid=7527)
Nov 15 12:43:53 proxy1 dovecot: auth: Debug: client in: 
AUTH#0111#011PLAIN#011service=imap#011secured#011session=AorrLqp6drgB#011lip=::1#011rip=::1#011lport=1143#011rport=47222#011resp=
Nov 15 12:43:53 proxy1 dovecot: auth: Debug: 
sql(adi2@0aditest.local,::1,): cache 
miss
Nov 15 12:43:53 proxy1 dovecot: auth-worker(7533): Debug: Loading 
modules from directory: /usr/lib64/dovecot/auth
Nov 15 12:43:53 proxy1 dovecot: auth-worker(7533): Debug: Module loaded: 
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Nov 15 12:43:53 proxy1 dovecot: auth-worker(7533): Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_mysql.so
Nov 15 12:43:53 proxy1 dovecot: auth-worker(7533): Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Nov 15 12:43:53 proxy1 dovecot: auth-worker(7533): Debug: 
sql(adi2@0aditest.local,::1,): query: 
SELECT NULL AS password, 'Y' as nopassword, host, 'any-cert' as 
'starttls', 'Y' AS proxy FROM mailbox WHERE email = 
'adi2@0aditest.local' AND disabled_smtpauth=0
Nov 15 12:43:53 proxy1 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=adi2@0aditest.local#011host=192.168.123.24#011starttls=any-cert#011proxy#011pass=

Nov 15 12:43:53 proxy1 dovecot: imap-login: Invalid 

Re: different TLS protocols on different ports

[Noel]

On 11/14/2018 4:08 PM, Michael A. Peters wrote:
> Honestly that violates the concept of KISS.
>
> Given that TLS 1.2 is now a decade old, do you really need to
> still allow clients not capable of TLS 1.0/1.1 ???
>
> I still do but only allow cipher suites with Forward Secrecy.
>
> I don't run huge mail server, but from quick look at my logs I
> don't even see any clients connecting that aren't TLS 1.2 anymore.
>
> Might be easier to just give a six month notice that clients
> running TLS more than a decade old will no longer be supported.

+1

Strongly agree with this.  If you have enough users that you have
use both hands to count them, running different protocols on
different ports is a sure-fire way to annoy your users and create
problems for support staff (eg. you).  Either allow the antique
protocol everywhere, or give notice and cut it off. 

  -- Noel Jones

Re: different TLS protocols on different ports

[Michael A. Peters]

On 11/14/2018 01:46 PM, Joseph Tam wrote:

On Wed, 14 Nov 2018, Aki Tuomi wrote:


I'm providing IMAP+Starttls on port 143 for users with legacy MUA.  So
I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to
enable TLS1.2 and TLS1.3 only.

Is this possible with dovecot-2.2.36 / how to setup this?


Not possible I'm afraid.


("Not possible" = challenge!)

Couldn't you run two different instances (with 2 separate run-time
directories), each listening on a different port with their own SSL
configuration?  Or would it clash somewhere?

If only a single running instance of dovecot is required, I guess you
can run dovecot on the localhost interface, and use 2 stunnel proxies.

Joseph Tam 


Honestly that violates the concept of KISS.

Given that TLS 1.2 is now a decade old, do you really need to still 
allow clients not capable of TLS 1.0/1.1 ???


I still do but only allow cipher suites with Forward Secrecy.

I don't run huge mail server, but from quick look at my logs I don't 
even see any clients connecting that aren't TLS 1.2 anymore.


Might be easier to just give a six month notice that clients running TLS 
more than a decade old will no longer be supported.

Re: different TLS protocols on different ports

[A. Schulze]

Am 14.11.18 um 22:46 schrieb Joseph Tam:
> Couldn't you run two different instances
that is the idea: Yes, I can run multiple instances...

Thanks!

Re: different TLS protocols on different ports

[Joseph Tam]

On Wed, 14 Nov 2018, Aki Tuomi wrote:


I'm providing IMAP+Starttls on port 143 for users with legacy MUA.  So
I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to
enable TLS1.2 and TLS1.3 only.

Is this possible with dovecot-2.2.36 / how to setup this?


Not possible I'm afraid.


("Not possible" = challenge!)

Couldn't you run two different instances (with 2 separate run-time
directories), each listening on a different port with their own SSL
configuration?  Or would it clash somewhere?

If only a single running instance of dovecot is required, I guess you
can run dovecot on the localhost interface, and use 2 stunnel proxies.

Joseph Tam 

Re: different TLS protocols on different ports

[A. Schulze]

Am 14.11.18 um 21:21 schrieb Michael Slusarz:
> These ports are well-known and well used.
OK, to be clear: they're not in /my/ networks :-)

Re: different TLS protocols on different ports

[Michael Slusarz]

> On November 14, 2018 at 12:46 PM "A. Schulze"  wrote:
<
> I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more 
> modern protocols/ciphers.
> IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many 
> postmaster used to configure IMAP+SUBMISSION and STARTTLS)

"IMAPS" has been used forever.  Every installation I can think of supports 993.

Same with submission.  465/587 has been a standard port for awhile now.

In fact, these are the only ports someone like a Google will allow you to 
connect to.
https://support.google.com/mail/answer/7126229?hl=en


> Switching Clients to complete new ports is a chance to separate and dry out 
> legacy MUA's

There is no switch to do.  These ports are well-known and well used.


> I just tried this but that's no valid syntax tough:
> 
>   service imap-login {
> inet_listener imap {
>   port = 143
> # using default protocols and ciphers...
> }
> inet_listener imaps {
>   port = 993
>   ssl_protocols = TLSv1.2 TLSv1.3
> ssl_cipher_list = ...
> 
> }
>   }
> 
> 
> Postfix let me easily define different TLS protocols on different ports.
> For that it would be cool if dovecot could assist on such migrations, too.
> 
> Andreas
> 
> *) see https://tools.ietf.org/html/rfc8314
>as well as the draft 
> https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate 
> TLSv1.1

Re: different TLS protocols on different ports

[A. Schulze]

Am 14.11.18 um 20:22 schrieb Aki Tuomi:
> Not possible I'm afraid.

Hello Aki,

is it not possible in 2.2.36 or not possible at all?

I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more 
modern protocols/ciphers.
IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster 
used to configure IMAP+SUBMISSION and STARTTLS)
Switching Clients to complete new ports is a chance to separate and dry out 
legacy MUA's

I just tried this but that's no valid syntax tough:

service imap-login {
  inet_listener imap {
port = 143
# using default protocols and ciphers...
  }
  inet_listener imaps {
port = 993
ssl_protocols = TLSv1.2 TLSv1.3
ssl_cipher_list = ...

  }
}


Postfix let me easily define different TLS protocols on different ports.
For that it would be cool if dovecot could assist on such migrations, too.

Andreas

*) see https://tools.ietf.org/html/rfc8314
   as well as the draft 
https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate 
TLSv1.1

Re: different TLS protocols on different ports

[Aki Tuomi]

 
 
  
   
  
  
   
On 14 November 2018 at 21:19 "A. Schulze" <
s...@andreasschulze.de> wrote:
   
   

   
   

   
   
Hello,
   
   

   
   
I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3
   
   
For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only.
   
   

   
   
Is this possible with dovecot-2.2.36 / how to setup this?
   
   

   
   
Thanks for suggestions,
   
   
Andreas
   
  
  
   Not possible I'm afraid.
  
  
   ---
   Aki Tuomi
   
 

different TLS protocols on different ports

[A. Schulze]

Hello,

I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to 
enable TLS1.0 up to TLS1.3
For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only.

Is this possible with dovecot-2.2.36 / how to setup this?

Thanks for suggestions,
Andreas

autoexpunged in IMAP logout format

[Alessio Cecchi]

Hi,

in my imap_logout_format I register %{deleted} %{expunged} %{trashed} 
but now I saw that is available also %{autoexpunged}.


Is necessary to add also %{autoexpunged} in logout format to have the 
count of all deleted email via IMAP?


Thanks

--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice

Re: huge increase in storage activity afther dovecot upgrade

[Adrian M]

Thanks, they are as in example, except for "mailbox_list_index = yes" witch
is from https://wiki.dovecot.org/PerformanceTuning

On Wed, Nov 14, 2018 at 12:18 PM Aki Tuomi 
wrote:

> You should review https://wiki2.dovecot.org/NFS to see that the settings
> make sense.
>
> Aki
> On 14.11.2018 12.00, Adrian M wrote:
>
> Thank you !
> I was little concerned that the following settings are not in line with
> the new version:
>
> mail_nfs_index = yes
> mail_nfs_storage = yes
> mail_fsync = always
> mailbox_list_index = yes
> maildir_stat_dirs = yes
> mmap_disable = yes
>
>
> On Wed, Nov 14, 2018 at 10:19 AM Aki Tuomi 
> wrote:
>
>> It should eventually wind down once all the problems are fixed. Of course
>> if it does not happen, you can always run force-resync for the problem
>> users.
>>
>> Aki
>> On 14.11.2018 10.08, Adrian M wrote:
>>
>> Hi,
>> we upgraded our servers from version 2.2.13 to 2.2.27. After the upgrade
>> we notice a 10x increase in traffic with the nfs storage an errors like
>> this in the logfile:
>>
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache
>> file /.../dovecot.index.cache: invalid record size
>> Nov 12 09:48:16 mail dovecot: imap(...): Error:
>> unlink(/.../dovecot.index.cache) failed: No such file or directory (in
>> mail-cache.c:29)
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache
>> file /.../dovecot.index.cache: invalid record size
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
>> /.../dovecot-uidlist line 8: Invalid data:
>>
>> Is this normal ?
>> Will the activity wind down ?
>> Can we do something, like deleting the old dovecot.index* or
>> dovecot-uidlist files from maildirs, or doing an doveadm force-refresh for
>> all inboxes ?
>>
>> Thank you !
>>
>> Here's my configuration:
>>
>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.16 (fed8554)
>> # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
>> auth_failure_delay = 15 secs
>> auth_mechanisms = plain login
>> auth_verbose = yes
>> auth_worker_max_count = 256
>> default_client_limit = 4
>> default_process_limit = 512
>> dict {
>>   lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
>>   quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
>> }
>> disable_plaintext_auth = no
>> first_valid_uid = 100
>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p %c
>> mail_fsync = always
>> mail_location = maildir:*/home/virtual/*%d/%u
>> mail_max_userip_connections = 16
>> mail_nfs_index = yes
>> mail_nfs_storage = yes
>> mail_plugins = zlib quota mail_log notify
>> mail_privileged_group = mail
>> mailbox_list_index = yes
>> maildir_stat_dirs = yes
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope encoded-character 
>> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
>> copy include variables body enotify environment mailbox date ihave
>> mmap_disable = yes
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Drafts {
>> special_use = \Drafts
>>   }
>>   mailbox Junk {
>> special_use = \Junk
>>   }
>>   mailbox Sent {
>> auto = subscribe
>> special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>> special_use = \Sent
>>   }
>>   mailbox Spam {
>> auto = subscribe
>> special_use = \Junk
>>   }
>>   mailbox Trash {
>> auto = subscribe
>> special_use = \Trash
>>   }
>>   mailbox virtual/All {
>> special_use = \All
>>   }
>>   prefix =
>> }
>> passdb {
>>   args = /etc/dovecot/mysql/dovecot-sql.conf
>>   driver = sql
>> }
>> plugin {
>>   last_login_dict = proxy::lastlogin
>>   last_login_key = last-login/%u
>>   mail_log_events = delete undelete expunge copy mailbox_delete 
>> mailbox_rename
>>   mail_log_fields = uid box msgid size
>>   quota = dict:user::proxy::quotadict
>>   quota_rule2 = Trash:ignore
>>   quota_rule3 = Spam:ignore
>>   quota_status_nouser = DUNNO
>>   quota_status_overquota = 552 5.2.2 The email account that you tried to 
>> reach is over quota
>>   quota_status_success = DUNNO
>>   quota_warning = storage=95%% quota-warning 95 %u
>>   quota_warning2 = storage=80%% quota-warning 80 %u
>>   sieve = ~/.dovecot.sieve
>>   sieve_before = /etc/dovecot/sieve/default.sieve
>>   sieve_dir = ~/sieve
>>   stats_refresh = 30 secs
>>   stats_track_cmds = yes
>>   trash = /etc/dovecot/dovecot-trash.conf
>>   zlib_save = gz
>>   zlib_save_level = 6
>> }
>> protocols = imap sieve pop3 lmtp
>> service anvil {
>>   client_limit = 2
>>   unix_listener anvil-auth-penalty {
>> mode = 00
>>   }
>> }
>> service auth {
>>   client_limit = 2
>>   unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>>   }
>>   unix_listener auth-master {
>> group = mail
>> mode = 0660
>> user = vmail
>>   }
>>   user = root
>>   vsz_limit = 1 G
>> }
>> service dict {
>>   

Re: huge increase in storage activity afther dovecot upgrade

[Aki Tuomi]

You should review https://wiki2.dovecot.org/NFS to see that the settings
make sense.

Aki

On 14.11.2018 12.00, Adrian M wrote:
> Thank you !
> I was little concerned that the following settings are not in line
> with the new version:
>
> mail_nfs_index = yes
> mail_nfs_storage = yes
> mail_fsync = always
> mailbox_list_index = yes
> maildir_stat_dirs = yes
> mmap_disable = yes
>
>
> On Wed, Nov 14, 2018 at 10:19 AM Aki Tuomi  > wrote:
>
> It should eventually wind down once all the problems are fixed. Of
> course if it does not happen, you can always run force-resync for
> the problem users.
>
> Aki
>
> On 14.11.2018 10.08, Adrian M wrote:
>> Hi,
>> we upgraded our servers from version 2.2.13 to 2.2.27. After the
>> upgrade we notice a 10x increase in traffic with the nfs storage
>> an errors like this in the logfile:
>>
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index
>> cache file /.../dovecot.index.cache: invalid record size
>> Nov 12 09:48:16 mail dovecot: imap(...): Error:
>> unlink(/.../dovecot.index.cache) failed: No such file or
>> directory (in mail-cache.c:29)
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index
>> cache file /.../dovecot.index.cache: invalid record size
>> Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
>> /.../dovecot-uidlist line 8: Invalid data:
>>
>> Is this normal ?
>> Will the activity wind down ?
>> Can we do something, like deleting the old dovecot.index* or
>> dovecot-uidlist files from maildirs, or doing an doveadm
>> force-refresh for all inboxes ?
>>
>> Thank you !
>>
>> Here's my configuration:
>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.16 (fed8554)
>> # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
>> auth_failure_delay = 15 secs
>> auth_mechanisms = plain login
>> auth_verbose = yes
>> auth_worker_max_count = 256
>> default_client_limit = 4
>> default_process_limit = 512
>> dict {
>>   lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
>>   quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
>> }
>> disable_plaintext_auth = no
>> first_valid_uid = 100
>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p %c
>> mail_fsync = always
>> mail_location = maildir://home/virtual//%d/%u
>> mail_max_userip_connections = 16
>> mail_nfs_index = yes
>> mail_nfs_storage = yes
>> mail_plugins = zlib quota mail_log notify
>> mail_privileged_group = mail
>> mailbox_list_index = yes
>> maildir_stat_dirs = yes
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope 
>> encoded-character vacation subaddress comparator-i;ascii-numeric relational 
>> regex imap4flags copy include variables body enotify environment mailbox 
>> date ihave
>> mmap_disable = yes
>> namespace inbox {
>>   inbox = yes
>>   location = 
>>   mailbox Drafts {
>> special_use = \Drafts
>>   }
>>   mailbox Junk {
>> special_use = \Junk
>>   }
>>   mailbox Sent {
>> auto = subscribe
>> special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>> special_use = \Sent
>>   }
>>   mailbox Spam {
>> auto = subscribe
>> special_use = \Junk
>>   }
>>   mailbox Trash {
>> auto = subscribe
>> special_use = \Trash
>>   }
>>   mailbox virtual/All {
>> special_use = \All
>>   }
>>   prefix = 
>> }
>> passdb {
>>   args = /etc/dovecot/mysql/dovecot-sql.conf
>>   driver = sql
>> }
>> plugin {
>>   last_login_dict = proxy::lastlogin
>>   last_login_key = last-login/%u
>>   mail_log_events = delete undelete expunge copy mailbox_delete 
>> mailbox_rename
>>   mail_log_fields = uid box msgid size
>>   quota = dict:user::proxy::quotadict
>>   quota_rule2 = Trash:ignore
>>   quota_rule3 = Spam:ignore
>>   quota_status_nouser = DUNNO
>>   quota_status_overquota = 552 5.2.2 The email account that you tried to 
>> reach is over quota
>>   quota_status_success = DUNNO
>>   quota_warning = storage=95%% quota-warning 95 %u
>>   quota_warning2 = storage=80%% quota-warning 80 %u
>>   sieve = ~/.dovecot.sieve
>>   sieve_before = /etc/dovecot/sieve/default.sieve
>>   sieve_dir = ~/sieve
>>   stats_refresh = 30 secs
>>   stats_track_cmds = yes
>>   trash = /etc/dovecot/dovecot-trash.conf
>>   zlib_save = gz
>>   zlib_save_level = 6
>> }
>> protocols = imap sieve pop3 lmtp
>> service anvil {
>>   client_limit = 2
>>   unix_listener anvil-auth-penalty {
>> mode = 00
>>   }
>> }
>> service auth {
>>

Re: huge increase in storage activity afther dovecot upgrade

[Adrian M]

Thank you !
I was little concerned that the following settings are not in line with the
new version:

mail_nfs_index = yes
mail_nfs_storage = yes
mail_fsync = always
mailbox_list_index = yes
maildir_stat_dirs = yes
mmap_disable = yes


On Wed, Nov 14, 2018 at 10:19 AM Aki Tuomi 
wrote:

> It should eventually wind down once all the problems are fixed. Of course
> if it does not happen, you can always run force-resync for the problem
> users.
>
> Aki
> On 14.11.2018 10.08, Adrian M wrote:
>
> Hi,
> we upgraded our servers from version 2.2.13 to 2.2.27. After the upgrade
> we notice a 10x increase in traffic with the nfs storage an errors like
> this in the logfile:
>
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache file
> /.../dovecot.index.cache: invalid record size
> Nov 12 09:48:16 mail dovecot: imap(...): Error:
> unlink(/.../dovecot.index.cache) failed: No such file or directory (in
> mail-cache.c:29)
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache file
> /.../dovecot.index.cache: invalid record size
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
> /.../dovecot-uidlist line 8: Invalid data:
>
> Is this normal ?
> Will the activity wind down ?
> Can we do something, like deleting the old dovecot.index* or
> dovecot-uidlist files from maildirs, or doing an doveadm force-refresh for
> all inboxes ?
>
> Thank you !
>
> Here's my configuration:
>
> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
> auth_failure_delay = 15 secs
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_worker_max_count = 256
> default_client_limit = 4
> default_process_limit = 512
> dict {
>   lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
>   quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
> }
> disable_plaintext_auth = no
> first_valid_uid = 100
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p %c
> mail_fsync = always
> mail_location = maildir:*/home/virtual/*%d/%u
> mail_max_userip_connections = 16
> mail_nfs_index = yes
> mail_nfs_storage = yes
> mail_plugins = zlib quota mail_log notify
> mail_privileged_group = mail
> mailbox_list_index = yes
> maildir_stat_dirs = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date ihave
> mmap_disable = yes
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Spam {
> auto = subscribe
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = subscribe
> special_use = \Trash
>   }
>   mailbox virtual/All {
> special_use = \All
>   }
>   prefix =
> }
> passdb {
>   args = /etc/dovecot/mysql/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   last_login_dict = proxy::lastlogin
>   last_login_key = last-login/%u
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
>   mail_log_fields = uid box msgid size
>   quota = dict:user::proxy::quotadict
>   quota_rule2 = Trash:ignore
>   quota_rule3 = Spam:ignore
>   quota_status_nouser = DUNNO
>   quota_status_overquota = 552 5.2.2 The email account that you tried to 
> reach is over quota
>   quota_status_success = DUNNO
>   quota_warning = storage=95%% quota-warning 95 %u
>   quota_warning2 = storage=80%% quota-warning 80 %u
>   sieve = ~/.dovecot.sieve
>   sieve_before = /etc/dovecot/sieve/default.sieve
>   sieve_dir = ~/sieve
>   stats_refresh = 30 secs
>   stats_track_cmds = yes
>   trash = /etc/dovecot/dovecot-trash.conf
>   zlib_save = gz
>   zlib_save_level = 6
> }
> protocols = imap sieve pop3 lmtp
> service anvil {
>   client_limit = 2
>   unix_listener anvil-auth-penalty {
> mode = 00
>   }
> }
> service auth {
>   client_limit = 2
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
>   unix_listener auth-master {
> group = mail
> mode = 0660
> user = vmail
>   }
>   user = root
>   vsz_limit = 1 G
> }
> service dict {
>   unix_listener dict {
> mode = 0660
> user = vmail
>   }
> }
> service imap-login {
>   client_limit = 4096
>   executable = /usr/lib/dovecot/imap-login
>   inet_listener imap {
> address = *
> port = 143
>   }
>   inet_listener imaps {
> address = *
> port = 993
>   }
>   process_limit = 4096
>   process_min_avail = 24
>   service_count = 100
> }
> service imap {
>   executable = /usr/lib/dovecot/imap
>   process_limit = 4096
>   process_min_avail = 24
>   

Re: please reply

[Aki Tuomi]

On 14.11.2018 10.41, l...@cndns.com wrote:
>
> Is the dovecot question on this mailing list?
>
This question is on this mailing list.

Aki

please reply

[lty]

Is the dovecot question on this mailing list?

Re: Trying to do antispam with Sieve

[Marcus Rueckert]

I compiled all the needed stuff into a nice repository

https://github.com/darix/dovecot-sieve-antispam-rspamd

-- 
  openSUSE - SUSE Linux is my linux
  openSUSE is good for you
  www.opensuse.org

Re: huge increase in storage activity afther dovecot upgrade

[Aki Tuomi]

It should eventually wind down once all the problems are fixed. Of
course if it does not happen, you can always run force-resync for the
problem users.

Aki

On 14.11.2018 10.08, Adrian M wrote:
> Hi,
> we upgraded our servers from version 2.2.13 to 2.2.27. After the
> upgrade we notice a 10x increase in traffic with the nfs storage an
> errors like this in the logfile:
>
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache
> file /.../dovecot.index.cache: invalid record size
> Nov 12 09:48:16 mail dovecot: imap(...): Error:
> unlink(/.../dovecot.index.cache) failed: No such file or directory (in
> mail-cache.c:29)
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache
> file /.../dovecot.index.cache: invalid record size
> Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
> /.../dovecot-uidlist line 8: Invalid data:
>
> Is this normal ?
> Will the activity wind down ?
> Can we do something, like deleting the old dovecot.index* or
> dovecot-uidlist files from maildirs, or doing an doveadm force-refresh
> for all inboxes ?
>
> Thank you !
>
> Here's my configuration:
> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
> auth_failure_delay = 15 secs
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_worker_max_count = 256
> default_client_limit = 4
> default_process_limit = 512
> dict {
>   lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
>   quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
> }
> disable_plaintext_auth = no
> first_valid_uid = 100
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p %c
> mail_fsync = always
> mail_location = maildir://home/virtual//%d/%u
> mail_max_userip_connections = 16
> mail_nfs_index = yes
> mail_nfs_storage = yes
> mail_plugins = zlib quota mail_log notify
> mail_privileged_group = mail
> mailbox_list_index = yes
> maildir_stat_dirs = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date ihave
> mmap_disable = yes
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Spam {
> auto = subscribe
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = subscribe
> special_use = \Trash
>   }
>   mailbox virtual/All {
> special_use = \All
>   }
>   prefix = 
> }
> passdb {
>   args = /etc/dovecot/mysql/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   last_login_dict = proxy::lastlogin
>   last_login_key = last-login/%u
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
>   mail_log_fields = uid box msgid size
>   quota = dict:user::proxy::quotadict
>   quota_rule2 = Trash:ignore
>   quota_rule3 = Spam:ignore
>   quota_status_nouser = DUNNO
>   quota_status_overquota = 552 5.2.2 The email account that you tried to 
> reach is over quota
>   quota_status_success = DUNNO
>   quota_warning = storage=95%% quota-warning 95 %u
>   quota_warning2 = storage=80%% quota-warning 80 %u
>   sieve = ~/.dovecot.sieve
>   sieve_before = /etc/dovecot/sieve/default.sieve
>   sieve_dir = ~/sieve
>   stats_refresh = 30 secs
>   stats_track_cmds = yes
>   trash = /etc/dovecot/dovecot-trash.conf
>   zlib_save = gz
>   zlib_save_level = 6
> }
> protocols = imap sieve pop3 lmtp
> service anvil {
>   client_limit = 2
>   unix_listener anvil-auth-penalty {
> mode = 00
>   }
> }
> service auth {
>   client_limit = 2
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
>   unix_listener auth-master {
> group = mail
> mode = 0660
> user = vmail
>   }
>   user = root
>   vsz_limit = 1 G
> }
> service dict {
>   unix_listener dict {
> mode = 0660
> user = vmail
>   }
> }
> service imap-login {
>   client_limit = 4096
>   executable = /usr/lib/dovecot/imap-login
>   inet_listener imap {
> address = *
> port = 143
>   }
>   inet_listener imaps {
> address = *
> port = 993
>   }
>   process_limit = 4096
>   process_min_avail = 24
>   service_count = 100
> }
> service imap {
>   executable = /usr/lib/dovecot/imap
>   process_limit = 4096
>   process_min_avail = 24
>   vsz_limit = 1 G
> }
> service lmtp {
>   process_min_avail = 24
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
>   }
>   vsz_limit = 1 G
> }
> service managesieve-login {
>   client_limit = 4096
>   inet_listener sieve {
> port 

huge increase in storage activity afther dovecot upgrade

[Adrian M]

Hi,
we upgraded our servers from version 2.2.13 to 2.2.27. After the upgrade we
notice a 10x increase in traffic with the nfs storage an errors like this
in the logfile:

Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache file
/.../dovecot.index.cache: invalid record size
Nov 12 09:48:16 mail dovecot: imap(...): Error:
unlink(/.../dovecot.index.cache) failed: No such file or directory (in
mail-cache.c:29)
Nov 12 09:48:16 mail dovecot: imap(...): Error: Corrupted index cache file
/.../dovecot.index.cache: invalid record size
Nov 12 09:48:16 mail dovecot: imap(...): Error: Broken file
/.../dovecot-uidlist line 8: Invalid data:

Is this normal ?
Will the activity wind down ?
Can we do something, like deleting the old dovecot.index* or
dovecot-uidlist files from maildirs, or doing an doveadm force-refresh for
all inboxes ?

Thank you !

Here's my configuration:

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 nfs
auth_failure_delay = 15 secs
auth_mechanisms = plain login
auth_verbose = yes
auth_worker_max_count = 256
default_client_limit = 4
default_process_limit = 512
dict {
  lastlogin = mysql:/etc/dovecot/mysql/dovecot-dict-lastlogin.conf
  quotadict = mysql:/etc/dovecot/mysql/dovecot-dict-quota.conf
}
disable_plaintext_auth = no
first_valid_uid = 100
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l pid=%p %c
mail_fsync = always
mail_location = maildir:*/home/virtual/*%d/%u
mail_max_userip_connections = 16
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = zlib quota mail_log notify
mail_privileged_group = mail
mailbox_list_index = yes
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mmap_disable = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Spam {
auto = subscribe
special_use = \Junk
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  mailbox virtual/All {
special_use = \All
  }
  prefix =
}
passdb {
  args = /etc/dovecot/mysql/dovecot-sql.conf
  driver = sql
}
plugin {
  last_login_dict = proxy::lastlogin
  last_login_key = last-login/%u
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  quota = dict:user::proxy::quotadict
  quota_rule2 = Trash:ignore
  quota_rule3 = Spam:ignore
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 The email account that you tried
to reach is over quota
  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/default.sieve
  sieve_dir = ~/sieve
  stats_refresh = 30 secs
  stats_track_cmds = yes
  trash = /etc/dovecot/dovecot-trash.conf
  zlib_save = gz
  zlib_save_level = 6
}
protocols = imap sieve pop3 lmtp
service anvil {
  client_limit = 2
  unix_listener anvil-auth-penalty {
mode = 00
  }
}
service auth {
  client_limit = 2
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-master {
group = mail
mode = 0660
user = vmail
  }
  user = root
  vsz_limit = 1 G
}
service dict {
  unix_listener dict {
mode = 0660
user = vmail
  }
}
service imap-login {
  client_limit = 4096
  executable = /usr/lib/dovecot/imap-login
  inet_listener imap {
address = *
port = 143
  }
  inet_listener imaps {
address = *
port = 993
  }
  process_limit = 4096
  process_min_avail = 24
  service_count = 100
}
service imap {
  executable = /usr/lib/dovecot/imap
  process_limit = 4096
  process_min_avail = 24
  vsz_limit = 1 G
}
service lmtp {
  process_min_avail = 24
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
  vsz_limit = 1 G
}
service managesieve-login {
  client_limit = 4096
  inet_listener sieve {
port = 4190
  }
  process_limit = 4096
  process_min_avail = 24
  service_count = 1
}
service managesieve {
  process_limit = 4096
  vsz_limit = 1 G
}
service pop3-login {
  client_limit = 4096
  executable = /usr/lib/dovecot/pop3-login
  inet_listener pop3 {
address = *
port = 0
  }
  inet_listener pop3s {
address = *
port = 995
  }
  process_limit = 4096
  process_min_avail = 24
  service_count = 100
}
service pop3 {
  executable = /usr/lib/dovecot/pop3
  process_limit = 4096
  process_min_avail = 24
  vsz_limit = 1 G
}