Re: Maintaining table quota2

2019-02-12 Thread Aki Tuomi via dovecot

On 13.2.2019 2.02, Robert Moskowitz via dovecot wrote:
>
>
> On 2/12/19 1:57 PM, Aki Tuomi wrote:
>>
>>> On 12 February 2019 at 20:52 Robert Moskowitz via dovecot <
>>> dovecot@dovecot.org > wrote:
>>>
>>>
>>>
>>>
>>> On 2/12/19 1:03 PM, Aki Tuomi via dovecot wrote:
>>> Dovecot keeps the quota current, although dict quota has been known
>>> to be bit bad at this.
 We nowadays recommend using count quota instead and use quota_clone
 to copy the quota state to database. It is more accurate.
>>> And how is this recommendation implemented?
>>>
>>> All I have are my old notes and what google is finding for me...
>>>
>>> Please give me some pointers.
>>>
>>> thanks
>>
>> https://wiki.dovecot.org/Quota/Count
>> https://wiki.dovecot.org/Plugins/QuotaClone
>>
>> and the recommendation is under
>>
>> https://wiki.dovecot.org/Quota
>
> I have been spending effort today reading up on this and searching on
> a couple questions.
>
> For my additions to 20-imap.conf I have:
>
> imap_client_workarounds = delay-newmail
> protocol imap {
>     mail_plugins = quota imap_quota trash
> }
>
> I see that the mail_plugin quota is moved to 10-mail.conf.  No biggie
> there.  But what about trash?
>
> And I tried to find documentation on imap_client_workarounds and all I
> have found is in:
>
> https://wiki.dovecot.org/QuickConfiguration#Client_Workarounds
>
> "Check imap_client_workarounds and pop3_client_workarounds and see if
> you want to enable more of them than the defaults. ?
>
> With no link about where to learn more.
>
> Where does quota count go?  Just dovecot.conf or one of the numbered
> conf addtions?
>
> https://wiki.dovecot.org/Quota/Count
>
> Also is there a way to compute the count for all users?  I am
> migrating the maildir and rebuilding the sql database.  I see:
>
> doveadm mailbox status -u user@domain vsize '*'
>
> But do I do that for each user in each domain or is that '*' there to
> run it on all users?
>
> I think this will get me started.
>
>
>

You probably should configure quota plugin globally, if you want
LMTP/LDA deliveries to update quota.

The quota count can be recalculated with doveadm quota recalc

Aki



Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Matthias Fechner via dovecot




Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz :


On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:

I have trying to find how to set the dovecot-sql.conf for using
SHA256/512.  I am going to start clean with the stronger format, not
migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I which is
currently recommended for new developments and deployments.


Recommended by whom?

Can you provide a link?


Sure, please see here:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet




And if I was adventurous about hashes, I would be looking more at Keccak.


Check out my Internet Draft:


draft-moskowitz-small-crypto-00.txt


Thanks for the tip, will have a look for into it.

Gruß
Matthias





Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Robert Moskowitz via dovecot




On 2/12/19 7:16 PM, Michael Slusarz via dovecot wrote:

On February 12, 2019 at 4:33 PM Robert Moskowitz via dovecot 
 wrote:

On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:

I have trying to find how to set the dovecot-sql.conf for using
SHA256/512.  I am going to start clean with the stronger format, not
migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I which is
currently recommended for new developments and deployments.

Recommended by whom?

Can you provide a link?

https://password-hashing.net/


Thank you very interesting.  I will read draft-irtf-cfrg-argon2-04.txt

And see the comments on the cfrg list.  Russ Housley had concerns about 
the 03 draft; I will have to see if they are addressed in the 04 draft.


I really don't like SHA512, a bit of a hack that was rushed out before SHA3.




Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Michael Slusarz via dovecot
> On February 12, 2019 at 4:33 PM Robert Moskowitz via dovecot 
>  wrote:
> 
> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
> > Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
> >> I have trying to find how to set the dovecot-sql.conf for using
> >> SHA256/512.  I am going to start clean with the stronger format, not
> >> migrate from the old MD5.  It seems all I need is:
> > you maybe would like to have a look to the hashing algo ARGON2I which is
> > currently recommended for new developments and deployments.
> 
> Recommended by whom?
> 
> Can you provide a link?

https://password-hashing.net/

michael


Re: Maintaining table quota2

2019-02-12 Thread Robert Moskowitz via dovecot



On 2/12/19 1:57 PM, Aki Tuomi wrote:


On 12 February 2019 at 20:52 Robert Moskowitz via dovecot < 
dovecot@dovecot.org > wrote:





On 2/12/19 1:03 PM, Aki Tuomi via dovecot wrote:
Dovecot keeps the quota current, although dict quota has been known 
to be bit bad at this.
We nowadays recommend using count quota instead and use quota_clone 
to copy the quota state to database. It is more accurate.

And how is this recommendation implemented?

All I have are my old notes and what google is finding for me...

Please give me some pointers.

thanks


https://wiki.dovecot.org/Quota/Count
https://wiki.dovecot.org/Plugins/QuotaClone

and the recommendation is under

https://wiki.dovecot.org/Quota


I have been spending effort today reading up on this and searching on a 
couple questions.


For my additions to 20-imap.conf I have:

imap_client_workarounds = delay-newmail
protocol imap {
    mail_plugins = quota imap_quota trash
}

I see that the mail_plugin quota is moved to 10-mail.conf.  No biggie 
there.  But what about trash?


And I tried to find documentation on imap_client_workarounds and all I 
have found is in:


https://wiki.dovecot.org/QuickConfiguration#Client_Workarounds

"Check imap_client_workarounds and pop3_client_workarounds and see if 
you want to enable more of them than the defaults. ?


With no link about where to learn more.

Where does quota count go?  Just dovecot.conf or one of the numbered 
conf addtions?


https://wiki.dovecot.org/Quota/Count

Also is there a way to compute the count for all users?  I am migrating 
the maildir and rebuilding the sql database.  I see:


doveadm mailbox status -u user@domain vsize '*'

But do I do that for each user in each domain or is that '*' there to 
run it on all users?


I think this will get me started.






Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Robert Moskowitz via dovecot




On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:

I have trying to find how to set the dovecot-sql.conf for using
SHA256/512.  I am going to start clean with the stronger format, not
migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I which is
currently recommended for new developments and deployments.


Recommended by whom?

Can you provide a link?

And if I was adventurous about hashes, I would be looking more at Keccak.

Check out my Internet Draft:

draft-moskowitz-small-crypto-00.txt




Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Matthias Fechner via dovecot
Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
> I have trying to find how to set the dovecot-sql.conf for using
> SHA256/512.  I am going to start clean with the stronger format, not
> migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I which is
currently recommended for new developments and deployments.

Gruß
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook



Re: smtp_address_cmp does not ignore case of localpart

2019-02-12 Thread John Fawcett via dovecot
On 12/02/2019 21:41, Andreas Jobs via dovecot wrote:
> On Tue, Feb 12, 2019 at 08:12:43AM +0100, John Fawcett via dovecot wrote:
>> On 11/02/2019 22:43, Andreas Jobs via dovecot wrote:
>> In practice if you convert the username part to lower case in the MTA
>> then you will accept mail with mixed case but only have to deal with
>> lowercase in Dovecot.
>
> Yes, but the vacation action (also) compares :addresses against the
> header to|cc|sender... And changing the headers is a bad idea.
>
> Maybe my subject line was a bad choice :-)
>
>
> --Andreas
>
You're right, ignore my suggestion. Only the domain is treated case
insensitive and localpart is compared case sensitive.

The change in itself looks trivial, but it would affect more than
vacation (smtp_address_equals is used in a few places in dovecot and
pigeonhole)

John




Re: smtp_address_cmp does not ignore case of localpart

2019-02-12 Thread Andreas Jobs via dovecot

On Tue, Feb 12, 2019 at 08:12:43AM +0100, John Fawcett via dovecot wrote:

On 11/02/2019 22:43, Andreas Jobs via dovecot wrote:
In practice if you convert the username part to lower case in the MTA
then you will accept mail with mixed case but only have to deal with
lowercase in Dovecot.


Yes, but the vacation action (also) compares :addresses against the 
header to|cc|sender... And changing the headers is a bad idea.


Maybe my subject line was a bad choice :-)


--Andreas

--
! AJ3630-RIPE @ RUB8-RIPENetwork Operation Center !
! Dezernat 5.I   Ruhr-Universitaet Bochum !
! The amount of energy necessary to refute bullshit is!
! an order of magnitude bigger than to produce it.  -- Alberto Brandolini !


Re: Can't sync mailbox XXX: Mailbox isn't selectable

2019-02-12 Thread Joseph Tam via dovecot

On Sat, 9 Feb 2019, Tamas Hegedus wrote:

I have users with file system folders, which contain mbox files and dovecot 
indexes, in the ~/mail directory.


If I run dsync, I have an error message and the sync can not be completed:

Can't sync mailbox FOLDER_NAME: Mailbox isn't selectable

I could not find any solution via google or any hint what to do in this 
situation. Thanks for your help and suggestion,


Just a shot in the dark, but you don't happen to have "NO_NOSELECT" option
in your mail_location setting, do you?  I recall some of our user mailbox
were inaccessible when I enabled this.

Joseph Tam 


Re: Maintaining table quota2

2019-02-12 Thread Aki Tuomi via dovecot


 
 
  
   
  
  
   
On 12 February 2019 at 20:52 Robert Moskowitz via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   

   
   

   
   
On 2/12/19 1:03 PM, Aki Tuomi via dovecot wrote:
   
   
>> On 12 February 2019 at 19:55 Robert Moskowitz via dovecot <
dovecot@dovecot.org> wrote:
   
   
>>
   
   
>>
   
   
>>
   
   
>>
   
   
>> On 2/12/19 12:38 PM, Aki Tuomi via dovecot wrote:
   
   
 On 12 February 2019 at 18:23 Robert Moskowitz via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   
 Does dovecot compute that values for quota2 with each email it updates
   
   
 for the user?  Or only an incremental change?
   
   

   
   
 I ask because I am looking at migrating all the user mail from the old
   
   
 server to the new and building a new sql database.  All I see is:
   
   

   
   
 dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock
   
   
 dbname=postfix user=postfix password=$Postfix_Database_Password map {
   
   
 pattern = priv/quota/storage table = quota2 username_field = username
   
   
 value_field = bytes } map { pattern = priv/quota/messages table = quota2
   
   
 username_field = username value_field = messages }
   
   

   
   

   
   
 what is actually done with this table?
   
   

   
   
 thanks
   
   

   
   

   
   

   
   

   
   

   
   
>>> dict-sql converts the mappings into SQL statements.
   
   
>> But does dovecot check out the current bytes used and # of messages and
   
   
>> resets quota2, or only uses this latest operation (add message, delete
   
   
>> message...) to adjust quota2?
   
   
>>
   
   
>> If the later how to reset quota2 to the current reality?
   
   
>>
   
   
>> thanks
   
   
>>
   
   

 Dovecot keeps the quota current, although dict quota has been known to be bit bad at this.

   
   

 We nowadays recommend using count quota instead and use quota_clone to copy the quota state to database. It is more accurate.

   
   
And how is this recommendation implemented?
   
   

   
   
All I have are my old notes and what google is finding for me...
   
   

   
   
Please give me some pointers.
   
   

   
   
thanks
   
  
  
   
  
  
   https://wiki.dovecot.org/Quota/Count
   
  
  
   https://wiki.dovecot.org/Plugins/QuotaClone
   
  
  
   
  
  
   and the recommendation is under
  
  
   
  
  
   https://wiki.dovecot.org/Quota
   
  
  
   ---
   Aki Tuomi
   
 



Re: Maintaining table quota2

2019-02-12 Thread Robert Moskowitz via dovecot




On 2/12/19 1:03 PM, Aki Tuomi via dovecot wrote:

On 12 February 2019 at 19:55 Robert Moskowitz via dovecot  
wrote:




On 2/12/19 12:38 PM, Aki Tuomi via dovecot wrote:

On 12 February 2019 at 18:23 Robert Moskowitz via dovecot  
wrote:


Does dovecot compute that values for quota2 with each email it updates
for the user?  Or only an incremental change?

I ask because I am looking at migrating all the user mail from the old
server to the new and building a new sql database.  All I see is:

dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock
dbname=postfix user=postfix password=$Postfix_Database_Password map {
pattern = priv/quota/storage table = quota2 username_field = username
value_field = bytes } map { pattern = priv/quota/messages table = quota2
username_field = username value_field = messages }


what is actually done with this table?

thanks






dict-sql converts the mappings into SQL statements.

But does dovecot check out the current bytes used and # of messages and
resets quota2, or only uses this latest operation (add message, delete
message...) to adjust quota2?

If the later how to reset quota2 to the current reality?

thanks


Dovecot keeps the quota current, although dict quota has been known to be bit 
bad at this.

We nowadays recommend using count quota instead and use quota_clone to copy the 
quota state to database. It is more accurate.


And how is this recommendation implemented?

All I have are my old notes and what google is finding for me...

Please give me some pointers.

thanks



Re: doveadm import with subfolder oddity

2019-02-12 Thread Mark Moseley via dovecot
On Mon, Feb 4, 2019 at 1:59 PM Mark Moseley  wrote:

> This has got to be something weird in my config. And the standard
> disclaimer of '"happy to post doveconf -n, but wanted to see if this is
> normal first" :)
>
> Background: Ubuntu Xenial, running 2.2.36. Mailbox type is mdbox and I've
> got a period separator in my inbox namespace:
>
> namespace {
>   hidden = no
>   inbox = yes
>   list = yes
>   location =
>   mailbox Spam {
> auto = no
> autoexpunge = 1 weeks
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = no
> special_use = \Trash
>   }
>   prefix = INBOX.
>   separator = .
>   subscriptions = yes
>   type = private
> }
>
> If I do a import for a regular folder under INBOX, it works just fine:
>
> doveadm import -u testbox2@testing.local -U testbox1@testing.local
> mdbox:~/mdbox INBOX all mailbox Sent
>
> ... returns happily, message count gets incremented
>
> If I try to do the same with a subfolder (and a subfolder that most
> definitely exists on both source and destination side), I get an error:
>
> doveadm import -u testbox2@testing.local -U testbox1@testing.local
> mdbox:~/mdbox INBOX all mailbox Sub.Sub1
> doveadm(testbox2@testing.local): Error: remote(10.1.17.98:4000): Mailbox
> Sub.Sub1: Mailbox sync failed: Mailbox doesn't exist: Sub.Sub1
>
> If I use / instead of . in my query, it works:
>
> doveadm import -u testbox2@testing.local -U testbox1@testing.local
> mdbox:~/mdbox INBOX all mailbox Sub/Sub1
>
> ... returns happily and message count gets incremented.
>
> Since we're using '.' as our separator, that was a bit unexpected :)
>
> Ironically, if I'm doing a IMAPc 'import', it works just fine with a query
> of 'all mailbox Sub.Sub1'. It's only when importing from a local src and
> local dest (i.e. source_location == mdbox:~/mdbox) that it fails. With
> source_location set to 'imapc:', it works. I imagine that's due to using
> straight IMAP on the source side.
>
> Likely a misconfig on my part? Expected behavior?
>
> I can see in the strace that the error is triggered when doveadm is
> looking at the source mailbox. It looks
> for mdbox/mailboxes/Sub.Sub1/dbox-Mails first, then falls back
> to mdbox/mailboxes/Sub/Sub1/dbox-Mails (which it finds). Then a little bit
> later in the strace, it again looks for mdbox/mailboxes/Sub.Sub1/dbox-Mails
> (which it doesn't find) but doesn't try mdbox/mailboxes/Sub/Sub1/dbox-Mails
> this time, and then spits out 'Mailbox Sub.Sub1: Mailbox sync failed:
> Mailbox doesn't exist: Sub.Sub1'. With a query of 'all mailbox Sub/Sub1',
> the stat() is for mdbox/mailboxes/Sub/Sub1/dbox-Mails which it finds and
> uses happily.
>
> Having to substitute the '.'s for '/'s in the 'mailbox' part of the query
> isn't an awful workaround, but it very much feels like I'm doing something
> wrong. This is a production setup, so everything else is otherwise working
> fine. But I've only just begun working with 'doveadm import', so I might be
> turning up some issues with my config.
>
> Thanks! Sorry I'm so verbose :)
>

Has anyone else seen similar behavior? It's hardly a tough kludge to regex
's/\./\//g' (even if it makes for an ugly regex), but it seems like
something's not quite right.


Re: Doveadm service as non-root user

2019-02-12 Thread Mark Moseley via dovecot
On Mon, Feb 4, 2019 at 12:04 PM Mark Moseley  wrote:

>
> On Fri, Feb 1, 2019 at 11:37 PM Aki Tuomi 
> wrote:
>
>>
>> On 01 February 2019 at 23:16 Mark Moseley < moseleym...@gmail.com>
>> wrote:
>>
>>
>> Running: Ubuntu xenial, dovecot 2.2.36
>>
>> I've been working on moving our user base from maildir to mdbox and
>> trying
>> to come up with solutions for things like moving emails around. In the
>> past, with maildir, our support guys could just mv the files around and
>> done. For mdbox, I've been working on getting things set up to use
>> doveadm.
>>
>> One weirdness I've seen is that in imports (i.e. doveadm import), mail
>> gets
>> copied correctly but the resulting files are left with root ownership (I
>> don't have 'service doveadm' 'user' set, so I guess it defaults to root).
>> It's typically new m.* files as well as the dovecot.list.index
>> and dovecot.list.index.log files.
>>
>> Looking at strace, no chown is done on them, nor was there setuid. The
>> import had no trouble finding the correct user in the db, so I know that
>> it
>> knows the correct UID (I can see it just fine in debug logs too). And it
>> will happily import to existing m.* files with no permissions issues (but
>> considering it's running as root, I wouldn't expect it to).
>>
>> I've seen this using 'import' via IMAPc as well as with both src and dest
>> on the same server. I can see this behavior in both scenarios. We have a
>> single shared UID for mail, so especially in that "src/dest on same
>> server"
>> case, it's not a matter of UID-mismatch.
>>
>> It's a director setup, so all doveadm commands are coming through the
>> director. If I run the import directly on the backend (which obviously
>> would be a bad idea in real life), the ownership of new m.* files seems
>> to
>> be correct (I can see it setuid'ing to the correct UID from userdb in
>> strace). If I run the import on the director, I can get a new root-owned
>> file every time it rolls over to the next m.* file.
>>
>> Two questions:
>>
>> * Is that a bug? Is this expected behavior? Seems like the expected thing
>> would be to use the UID from userdb and either do a setuid (just like
>> running 'doveadm import' locally did) or chown'ing any new files to the
>> correct UID. I always always assume misconfiguration (vs bug, since it's
>> almost never a bug) but I'm baffled on this one.
>>
>> * I see that it's possible to set a user for service doveadm and the wiki
>> even suggests that it's a good idea in a single UID setup. If there are
>> no
>> mailboxes with any other UIDs, *will setting 'service doveadm' to the
>> same
>> UID possibly break anything*? I can't think of why it would, but I want
>> to
>> be duly diligent. Plus I'm a little leery about closing the door to ever
>> having additional UIDs for mailboxes.
>>
>> Happy to provide 'doveconf -n' but wanted to check first, before spending
>> 15 minutes gently obfuscating it :)
>>
>>
>> Can you try
>>
>> doveadm import -U victim -u victim ... ?
>> ---
>> Aki Tuomi
>>
>
>
> Is that to test a generic 'import from sourceUser to dest user' (i.e.
> victim isn't literally the same in both -u and -U) or are you looking for a
> test where 'sourceUser' is the same email account as the destination?
>
> I just want to make sure I'm understanding right. The original tests (that
> result in the root-owned files) were all -U userA -u userB (i.e. different
> email accounts for src and dest), if you're asking about the former.
>
> If you're asking about the latter, I ran that and got the same result, a
> root-owned dovecot.list.index.log and dovecot.list.index and freshly
> created m.* files. The message count in the destination mailbox increases
> by the right number (no surprise since it's running as root), so the import
> itself is working.
>
> I should add that in both cases (different src/dest email account and same
> src/dest), the import works ok -- or at least increments the count in the
> index. It just leaves the email account in a broken state. Re-chown'ing it
> to the current permissions makes it happy again and the newly imported
> messages show up.
>


Any chance Aki's hit-the-nail-on-the-head answer got lost in the ether due
to the DMARC snafu? :)

I'm going forward for now with running doveadm as the unix user that owns
all the mailbox, so no urgency, but it's still a bit perplexing (and if
it's a bug, good to stomp out).


Re: Maintaining table quota2

2019-02-12 Thread Aki Tuomi via dovecot


> On 12 February 2019 at 19:55 Robert Moskowitz via dovecot 
>  wrote:
> 
> 
> 
> 
> On 2/12/19 12:38 PM, Aki Tuomi via dovecot wrote:
> >> On 12 February 2019 at 18:23 Robert Moskowitz via dovecot 
> >>  wrote:
> >>
> >>
> >> Does dovecot compute that values for quota2 with each email it updates
> >> for the user?  Or only an incremental change?
> >>
> >> I ask because I am looking at migrating all the user mail from the old
> >> server to the new and building a new sql database.  All I see is:
> >>
> >> dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock
> >> dbname=postfix user=postfix password=$Postfix_Database_Password map {
> >> pattern = priv/quota/storage table = quota2 username_field = username
> >> value_field = bytes } map { pattern = priv/quota/messages table = quota2
> >> username_field = username value_field = messages }
> >>
> >>
> >> what is actually done with this table?
> >>
> >> thanks
> >>
> >>
> >>
> >>
> >>
> > dict-sql converts the mappings into SQL statements.
> 
> But does dovecot check out the current bytes used and # of messages and 
> resets quota2, or only uses this latest operation (add message, delete 
> message...) to adjust quota2?
> 
> If the later how to reset quota2 to the current reality?
> 
> thanks
>

Dovecot keeps the quota current, although dict quota has been known to be bit 
bad at this.

We nowadays recommend using count quota instead and use quota_clone to copy the 
quota state to database. It is more accurate.

Aki


Re: Maintaining table quota2

2019-02-12 Thread Robert Moskowitz via dovecot




On 2/12/19 12:38 PM, Aki Tuomi via dovecot wrote:

On 12 February 2019 at 18:23 Robert Moskowitz via dovecot  
wrote:


Does dovecot compute that values for quota2 with each email it updates
for the user?  Or only an incremental change?

I ask because I am looking at migrating all the user mail from the old
server to the new and building a new sql database.  All I see is:

dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock
dbname=postfix user=postfix password=$Postfix_Database_Password map {
pattern = priv/quota/storage table = quota2 username_field = username
value_field = bytes } map { pattern = priv/quota/messages table = quota2
username_field = username value_field = messages }


what is actually done with this table?

thanks






dict-sql converts the mappings into SQL statements.


But does dovecot check out the current bytes used and # of messages and 
resets quota2, or only uses this latest operation (add message, delete 
message...) to adjust quota2?


If the later how to reset quota2 to the current reality?

thanks



Re: Maintaining table quota2

2019-02-12 Thread Aki Tuomi via dovecot


> On 12 February 2019 at 18:23 Robert Moskowitz via dovecot 
>  wrote:
> 
> 
> Does dovecot compute that values for quota2 with each email it updates 
> for the user?  Or only an incremental change?
> 
> I ask because I am looking at migrating all the user mail from the old 
> server to the new and building a new sql database.  All I see is:
> 
> dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock 
> dbname=postfix user=postfix password=$Postfix_Database_Password map { 
> pattern = priv/quota/storage table = quota2 username_field = username 
> value_field = bytes } map { pattern = priv/quota/messages table = quota2 
> username_field = username value_field = messages }
> 
> 
> what is actually done with this table?
> 
> thanks
> 
> 
> 
> 
>

dict-sql converts the mappings into SQL statements. 

Aki


Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Aki Tuomi via dovecot


> On 12 February 2019 at 19:24 Leonardo Rodrigues via dovecot 
>  wrote:
> 
> 
> 
>      Here i have SSHA256 working with:
> 
> default_pass_scheme = PLAIN
> 
>      and my database scheme just received the hashed password prefixed 
> by the SSHA indicator, just like:
> 
> mysql> select * from emails where endereco = 'solutti@X'\G
> *** 1. row ***
>    endereco: solutti@XX
>    password: 
> {SSHA256.HEX}d90bac4
>   quota: 51200
> 
> 
> 
> 
> Em 12/02/2019 14:05, Robert Moskowitz via dovecot escreveu:
> > I have trying to find how to set the dovecot-sql.conf for using 
> > SHA256/512.  I am going to start clean with the stronger format, not 
> > migrate from the old MD5.  It seems all I need is:
> > driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix 
> > user=postfix password=$Postfix_Database_Password default_pass_scheme = 
> > SHAxxx-CRYPT # following should all be on one line. password_query = 
> > SELECT username as user, password, concat('/home/vmail/', maildir) as 
> > userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 
> > 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' 
> > AND active = '1' # following should all be on one line user_query = 
> > SELECT concat('/home/vmail/', maildir) as home, 
> > concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS 
> > gid, CONCAT('*:messages=3:bytes=', quota) as quota_rule FROM 
> > mailbox WHERE username = '%u' AND active = '1'
> > where xxx is either 256 or 512. All the rest I have been finding in my 
> > searches concern converting the format and are not needed for a clean 
> > start?
> >
> > thanks
> >
> >
> 
> 
> -- 
> 
> 
>   Atenciosamente / Sincerily,
>   Leonardo Rodrigues
>   Solutti Tecnologia
>   http://www.solutti.com.br
> 
>   Minha armadilha de SPAM, NÃO mandem email
>   gertru...@solutti.com.br
>   My SPAMTRAP, do not email it
> 
> 
>

You can use {CRYPT} prefix in the password field, this will cover both SHA256 
and SHA512, unless you want to be explicit about which one it is.

The .HEX thing is not usually needed.

Aki


Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Leonardo Rodrigues via dovecot



    Here i have SSHA256 working with:

default_pass_scheme = PLAIN

    and my database scheme just received the hashed password prefixed 
by the SSHA indicator, just like:


mysql> select * from emails where endereco = 'solutti@X'\G
*** 1. row ***
  endereco: solutti@XX
  password: 
{SSHA256.HEX}d90bac4

 quota: 51200




Em 12/02/2019 14:05, Robert Moskowitz via dovecot escreveu:
I have trying to find how to set the dovecot-sql.conf for using 
SHA256/512.  I am going to start clean with the stronger format, not 
migrate from the old MD5.  It seems all I need is:
driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix 
user=postfix password=$Postfix_Database_Password default_pass_scheme = 
SHAxxx-CRYPT # following should all be on one line. password_query = 
SELECT username as user, password, concat('/home/vmail/', maildir) as 
userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 
101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' 
AND active = '1' # following should all be on one line user_query = 
SELECT concat('/home/vmail/', maildir) as home, 
concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS 
gid, CONCAT('*:messages=3:bytes=', quota) as quota_rule FROM 
mailbox WHERE username = '%u' AND active = '1'
where xxx is either 256 or 512. All the rest I have been finding in my 
searches concern converting the format and are not needed for a clean 
start?


thanks





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Maintaining table quota2

2019-02-12 Thread Robert Moskowitz via dovecot
Does dovecot compute that values for quota2 with each email it updates 
for the user?  Or only an incremental change?


I ask because I am looking at migrating all the user mail from the old 
server to the new and building a new sql database.  All I see is:


dovecot-dict-sql.conf.ext: connect = host=/var/lib/mysql/mysql.sock 
dbname=postfix user=postfix password=$Postfix_Database_Password map { 
pattern = priv/quota/storage table = quota2 username_field = username 
value_field = bytes } map { pattern = priv/quota/messages table = quota2 
username_field = username value_field = messages }



what is actually done with this table?

thanks







Using SHA256/512 for SQL based password

2019-02-12 Thread Robert Moskowitz via dovecot
I have trying to find how to set the dovecot-sql.conf for using 
SHA256/512.  I am going to start clean with the stronger format, not 
migrate from the old MD5.  It seems all I need is:


driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix 
user=postfix password=$Postfix_Database_Password default_pass_scheme = 
SHAxxx-CRYPT # following should all be on one line. password_query = 
SELECT username as user, password, concat('/home/vmail/', maildir) as 
userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 
as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND 
active = '1' # following should all be on one line user_query = SELECT 
concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', 
maildir) as mail, 101 AS uid, 12 AS gid, 
CONCAT('*:messages=3:bytes=', quota) as quota_rule FROM mailbox 
WHERE username = '%u' AND active = '1'


where xxx is either 256 or 512. All the rest I have been finding in my 
searches concern converting the format and are not needed for a clean start?


thanks




Re: [ext] Re: expunge not removing attachments?

2019-02-12 Thread Ralf Hildebrandt via dovecot
* @lbutlr via dovecot :
 
> I had problems with this a few years ago, and resorted to simply using find 
> to remove the files from the file system 
> 
> /usr/bin/find /usr/local/virtual/*/.Junk*/{cur,new} -type f -mtime +7 -name 
> “*=*" -delete 2> /dev/null
> /usr/bin/find /usr/local/virtual/*/.Trash/{cur,new} -type f -mtime +7 -name 
> “*=*" -delete 2> /dev/null

I'm not using Maildir. I suspect the SIS is broken somehow.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de



Re: expunge not removing attachments?

2019-02-12 Thread @lbutlr via dovecot
On 12 Feb 2019, at 03:45, Ralf Hildebrandt via dovecot  
wrote:
> 201629 of 301900 (66.7%) files are modified (mtime) more than 5 days ago, 
> although I just purged everything older than 4 days?

I had problems with this a few years ago, and resorted to simply using find to 
remove the files from the file system 

/usr/bin/find /usr/local/virtual/*/.Junk*/{cur,new} -type f -mtime +7 -name 
“*=*" -delete 2> /dev/null
/usr/bin/find /usr/local/virtual/*/.Trash/{cur,new} -type f -mtime +7 -name 
“*=*" -delete 2> /dev/null




Re: [ext] expunge not removing attachments?

2019-02-12 Thread Ralf Hildebrandt via dovecot
* Ralf Hildebrandt :
> I have a large mail backup folder backup@backup.invalid; I'm cleaning
> up daily like this:
> 
> infimum=`date -d "-4 day" +"%Y-%m-%d"`
> doveadm expunge -u backup@backup.invalid mailbox INBOX SAVEDBEFORE $infimum 
> doveadm purge   -u backup@backup.invalid
> 
> yet I see this:
> 
> # find attachments/ -type f -ctime +5 | wc -l
> 7522
> # find attachments/ -type f | wc -l
> 127579
> 
> # find attachments/ -type f -mtime +5 | wc -l
> 14361
> # find attachments/ -type f | wc -l
> 127793
> 
> About 5.9% of the files in attachments and below are older than 5 days.
> Why? Is that normal?
> 
> using dovecot 2:2.3.1-1 from the official repos.

I retried this today (2:2.3.4.1-1~bionic):

# find attachments/ -type f -ctime +5 | wc -l
193121
# find attachments/ -type f | wc -l
301885

193121 of 301885 (64%) are older (ctime) than 5 days, although I just purged 
everything older than 4 days?


# /home/copymail# find attachments/ -type f -mtime +5 | wc -l
201629
# /home/copymail# find attachments/ -type f | wc -l
301900

201629 of 301900 (66.7%) files are modified (mtime) more than 5 days ago, 
although I just purged everything older than 4 days?

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de



APPEND Error in dovecot.log

2019-02-12 Thread Alessandro Battaglini via dovecot
Hi

dovecot --version => 2.2.22 (fe789d2)

Scenario:
Sometimes imap client send email correctly but there's is any message
stored in sent mail folder
in that scenario I have found an error in my dovecot.log :
2019-02-11 09:04:52 imap(-@): Info: Disconnected in APPEND
(1 msgs, 125 secs, 2818048/4426899 bytes) in=3365352 out=1522206

Question:
what about this?
Is there, in dovecot configuration, a parameter that insist to any kind of
APPEND like value.?  I have not find that.
Have you any idea to solve this?

Thanks