dovecot sasl support

2019-03-23 Thread Wojciech Puchar via dovecot 

i've tried to replace saslauthd with dovecot sasl service

stopped saslauthd daemon and added

service auth {
 unix_listener /var/run/saslauthd/mux {
 mode = 0660
 user = root
 group = mail
}
}

so it will listen on the same socket.


the effect with sendmail is as below

Mar 23 21:23:29 <2.3> puchar dovecot: auth: Error: Authentication client 
not compatible with this server (mixed old and new binaries?)



do i need to specify something while compiling sendmail to make it 
compatible?

Re: is it possible - username aliases

2019-03-23 Thread Aki Tuomi via dovecot 


 
 
  
   
  
  
   
On 23 March 2019 20:59 Wojciech Puchar via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   
>>
   
   
>> 
some...@somewhere.pl some-unix-account
   
   
>>
   
   
>> For this few users and have everything like it is now?
   
   
>
   
   

 put this before the passwd passdb...

   
   

 passdb {


 driver = passwd-file


 args = username_format=%Lu /path/to/some/passwd

   
   

 }

   
   

 then put this into the passwd file

   
   

 alias@user:::user=real.username@domain

   
   

   
   
thank you for help. exactly what i needed.
   
   

   
   
one more question.
   
   

   
   
Do i need to restart dovecot everytime i change this passwd-file?
   
  
  
   
  
  
   No need. 
  
  
   ---
Aki Tuomi

Re: is it possible - username aliases

2019-03-23 Thread Wojciech Puchar via dovecot 


some...@somewhere.pl some-unix-account

For this few users and have everything like it is now?


put this before the passwd passdb...

passdb {
 driver = passwd-file
 args = username_format=%Lu /path/to/some/passwd

}

then put this into the passwd file

alias@user:::user=real.username@domain



thank you for help. exactly what i needed.

one more question.

Do i need to restart dovecot everytime i change this passwd-file?

Re: is it possible - username aliases

2019-03-23 Thread Aki Tuomi via dovecot 


> On 23 March 2019 20:40 Wojciech Puchar via dovecot  
> wrote:
> 
>  
> i already have quite large dovecot installation with multiple domains but 
> with users handled via unix passwd.
> 
> Domain name mapping in both directions is done by sendmail, and mail 
> delivery by procmail to Maildir format - one account per user. this 
> accounts are often used for more than mail.
> 
> So for example john smith have email j...@foo.pl and unix username 
> foo-john.
> 
> His imap client and smtp client is configured to use login foo-john and 
> email address j...@foo.pl
> 
> Everything works flawlessly.
> 
> 
> But i will have few new users that insist of being able to login as 
> some...@somewhere.pl
> 
> 
> Can i have something similar to sendmail method in dovecot - an alias 
> table like
> 
> some...@somewhere.pl some-unix-account
> 
> For this few users and have everything like it is now?

put this before the passwd passdb...

passdb {
  driver = passwd-file
  args = username_format=%Lu /path/to/some/passwd
  
}

then put this into the passwd file

alias@user:::user=real.username@domain

See https://wiki.dovecot.org/PasswordDatabase for more details

Aki

is it possible - username aliases

2019-03-23 Thread Wojciech Puchar via dovecot 
i already have quite large dovecot installation with multiple domains but 
with users handled via unix passwd.


Domain name mapping in both directions is done by sendmail, and mail 
delivery by procmail to Maildir format - one account per user. this 
accounts are often used for more than mail.


So for example john smith have email j...@foo.pl and unix username 
foo-john.


His imap client and smtp client is configured to use login foo-john and 
email address j...@foo.pl


Everything works flawlessly.


But i will have few new users that insist of being able to login as 
some...@somewhere.pl



Can i have something similar to sendmail method in dovecot - an alias 
table like


some...@somewhere.pl some-unix-account

For this few users and have everything like it is now?

Re: Is this assumption correct?

2019-03-23 Thread Christian Kivalo via dovecot 



On March 23, 2019 12:39:13 PM GMT+01:00, Tobi via dovecot  
wrote:
>Hello list
>
>we encounter a weird SSL issue with one of our dovecot (2.2.24 on
>Centos6) which we can only explain if our assumtion is correct
>Symptoms are that imaps connections (on port 993) suddenly get vry
>slow. Up to 180s for one connection with openssl s_client The thing we
>do not understand is that in the same time imap connections with
>starttls are just 1s.
>We can see that entropy on the affected system is not so high
>
>cat /proc/sys/kernel/random/entropy_avail
>138
>
>So our current theory is: we're running short of entropy but imaps
>connections are much more affected because they are encrypted from
>first
>bit. Whereas a starttls connection has an unencrypted part which
>generates some entropy it does not use. So I can add entropy to the
>system that other connections can use.
>
>We're open for any other theory but for the moment we believe (tm) that
>this is the reason that starttls is far more less affected than SSL
Test your assumption, install haveged and see if that helps
>Cheers
>
>tobi

-- 
Christian Kivalo

Re: quota-service with Director - A workaround

2019-03-23 Thread Sami Ketola via dovecot 


> On 23 Mar 2019, at 14.28, Tom Sommer via dovecot  wrote:
> 
> On 2019-03-21 10:28, Sami Ketola via dovecot wrote:
>>> On 20 Mar 2019, at 18.17, Tom Sommer via dovecot  
>>> wrote:
>>> On 2019-03-20 16:40, Sami Ketola via dovecot wrote:
> On 20 Mar 2019, at 17.13, Tom Sommer via dovecot  
> wrote:
> I realize quota-service on Director is not supported, which is a shame.
> As a workaround I'm thinking of setting up quota-service on one of my 
> backend nodes, and have all my Postfix services ask this one node for the 
> quota status.
> This sort of defeats the purpose of the Director (having per-user 
> assigned hot nodes), since now this one node running the quota-service 
> will access all mailboxes to check the status of all inbound mail.
> Is this a problem though? In terms of NFS locking etc. etc.?
 Might be. Wouldn't it be just easier to use the overquota-flag available 
 since 2.2.16 and set up overquota flag in LDAP or userdb of choice and 
 configure postfix to check that flag?
>>> I don't really want to involve LDAP in my setup :)
>> So use what ever your shared userdb service is as you must have one if
>> you are using multiple backends and directors.
> 
> Does it work with mysql userdb? Is there an example to look at anywhere?


Quota over flag is explained in wiki 
https://wiki2.dovecot.org/Quota/Configuration 


Basically you just need to return quota_over_flag from userdb and make a script 
that updates the flag in mysql in case the flag is incorrect.
And then also configure postfix to check the same flag.

Sami

Re: quota-service with Director - A workaround

2019-03-23 Thread Tom Sommer via dovecot 

On 2019-03-21 10:28, Sami Ketola via dovecot wrote:
On 20 Mar 2019, at 18.17, Tom Sommer via dovecot  
wrote:



On 2019-03-20 16:40, Sami Ketola via dovecot wrote:

On 20 Mar 2019, at 17.13, Tom Sommer via dovecot 
 wrote:
I realize quota-service on Director is not supported, which is a 
shame.
As a workaround I'm thinking of setting up quota-service on one of 
my backend nodes, and have all my Postfix services ask this one node 
for the quota status.
This sort of defeats the purpose of the Director (having per-user 
assigned hot nodes), since now this one node running the 
quota-service will access all mailboxes to check the status of all 
inbound mail.

Is this a problem though? In terms of NFS locking etc. etc.?
Might be. Wouldn't it be just easier to use the overquota-flag 
available since 2.2.16 and set up overquota flag in LDAP or userdb of 
choice and configure postfix to check that flag?


I don't really want to involve LDAP in my setup :)


So use what ever your shared userdb service is as you must have one if
you are using multiple backends and directors.


Does it work with mysql userdb? Is there an example to look at anywhere?

Re: Send folder disappeared

2019-03-23 Thread Esteban L via dovecot 
Thank you Aki,

That was it. I would never have thought to look there in 100 years, so
asking helps=)

But, now it's all working. For some reason, my MUA had it's setting
changed such that all sent mail from all accounts was sent to the Local
, "On this computer/Sent" folder.

The day getting off to a good start!

-Original Message-
From: Aki Tuomi via dovecot 
Reply-to: Aki Tuomi 
To: este...@little-beak.com, Esteban L via dovecot 
Subject: Re: Send folder disappeared
Date: Sat, 23 Mar 2019 10:22:43 +0200 (EET)

> On 23 March 2019 01:59 Esteban L via dovecot 
> wrote:
> 
>  
> Hello, 
> 
> Dovecot 2.2.27
> 
> I have a strange issue, where my "Send" folder was absent in my
> mailbox. It had been there before, fully functioning. Then, it was
> gone.
> 
> I went into:
> vi /etc/dovecot/conf.d/15-mailboxes.conf
> 
> And, noticed that my mailbox for Sent was no longer automatically
> subscribed, so I changed it, and restarted dovecot.
> 
> > # For \Sent mailboxes there are two widely used names. We'll mark
> > both of
> >   # them as \Sent. User typically deletes one of them if duplicates
> > are created.
> >   mailbox Sent {
> > special_use = \Sent
> > auto = subscribe
> >   }
> >   mailbox "Sent Messages" {
> > special_use = \Sent
> >   }
> > }
> 
> Now, Sent shows up again, but email I send, doesn't show up in the
> sent
> file?? The sent file is, and remains, empty.
> 
> 
> > 

Uh. Folders do not disappear itself, also they do not become
unsubscribed on their own. auto=subscribe makes permanent subscription
on create.

Are you sure you have not fumbled with your MUA?

Aki

Is this assumption correct?

2019-03-23 Thread Tobi via dovecot 
Hello list

we encounter a weird SSL issue with one of our dovecot (2.2.24 on
Centos6) which we can only explain if our assumtion is correct
Symptoms are that imaps connections (on port 993) suddenly get vry
slow. Up to 180s for one connection with openssl s_client The thing we
do not understand is that in the same time imap connections with
starttls are just 1s.
We can see that entropy on the affected system is not so high

cat /proc/sys/kernel/random/entropy_avail
138

So our current theory is: we're running short of entropy but imaps
connections are much more affected because they are encrypted from first
bit. Whereas a starttls connection has an unencrypted part which
generates some entropy it does not use. So I can add entropy to the
system that other connections can use.

We're open for any other theory but for the moment we believe (tm) that
this is the reason that starttls is far more less affected than SSL

Cheers

tobi

Is this assumption correct?

2019-03-23 Thread Tobi via dovecot 
Hello list

we encounter a weird SSL issue with one of our dovecot (2.2.24 on
Centos6) which we can only explain if our assumtion is correct :-)
Symptoms are that imaps connections (on port 993) suddenly get vry
slow. Up to 180s for one connection with openssl s_client The thing we
do not understand is that in the same time imap connections with
starttls are just 1s.
We can see that entropy on the affected system is not so high

cat /proc/sys/kernel/random/entropy_avail
138

So our current theory is: we're running short of entropy but imaps
connections are much more affected because they are encrypted from first
bit. Whereas a starttls connection has an unencrypted part which
generates some entropy it does not use. So I can add entropy to the
system that other connections can use.

We're open for any other theory but for the moment we believe (tm) that
this is the reason that starttls is far more less affected than SSL

Cheers

tobi



signature.asc
Description: OpenPGP digital signature

Re: Send folder disappeared

2019-03-23 Thread Aki Tuomi via dovecot 


> On 23 March 2019 01:59 Esteban L via dovecot  wrote:
> 
>  
> Hello, 
> 
> Dovecot 2.2.27
> 
> I have a strange issue, where my "Send" folder was absent in my
> mailbox. It had been there before, fully functioning. Then, it was
> gone.
> 
> I went into:
> vi /etc/dovecot/conf.d/15-mailboxes.conf
> 
> And, noticed that my mailbox for Sent was no longer automatically
> subscribed, so I changed it, and restarted dovecot.
> 
> > # For \Sent mailboxes there are two widely used names. We'll mark
> > both of
> >   # them as \Sent. User typically deletes one of them if duplicates
> > are created.
> >   mailbox Sent {
> > special_use = \Sent
> > auto = subscribe
> >   }
> >   mailbox "Sent Messages" {
> > special_use = \Sent
> >   }
> > }
> 
> Now, Sent shows up again, but email I send, doesn't show up in the sent
> file?? The sent file is, and remains, empty.
> 
> 
> >

Uh. Folders do not disappear itself, also they do not become unsubscribed on 
their own. auto=subscribe makes permanent subscription on create.

Are you sure you have not fumbled with your MUA?

Aki