Re: Ms Exchange vs dovecot
The U.S. government is lawless and the Cloud Act is meaningless, like U.S. Constitution. The laws are written to placate the masses, to delude U.S. citizens into thinking they're still free. There is no privacy in the United States and all major corporations, the courts, and the alphabet agencies are in bed together. Assume the worst about them. Microsoft and Bill Gates are like inoperable tumors. Eric On 5/8/2020 4:49 PM, Peter wrote: Am 08.05.20 um 23:52 schrieb Bernd Petrovitsch: I assume you are aware of https://en.wikipedia.org/wiki/CLOUD_Act so using software from (heavily) US-based companies implies that all data (controlled by said companies) will - sooner or later - end up in the databases of US-3-letter-organizations. So forget about GDPR compliance with such software providers. Curiously, the linked wiki page says to the contrary, quote: The CLOUD Act […] provides mechanisms for the companies or the courts to reject or challenge these [warrants by US-3-letter-organizations] if they believe the request violates the privacy rights of the foreign country the data is stored in.
Re: What's a Reasonable Inbox Size?
On Fri, 8 May 2020, Joseph Tam wrote: It depends on what you consider reasonable. Whoops. Editing error. What I wanted to send. On Fri, 8 May 2020, a...@globalchangemusic.org wrote: So, generally speaking, you don't want to have inboxes that just sync all day long, due to massive amounts of small files in the inbox. I don't know enough about what is involved when your client tries to sync to comment on your particular situation. If the exchange of information involves only delta changes (e.g. list datum that have been added/removed since the last sync), and if this information is readily available in Dovecot's caches, then this operation might be optimized to take minimal time. If however, it involves exchanging entire lists of many messages IDs, or worse, involves Dovecot accessing each message, it will result in large amounts of time spent in I/O (network, disk or both). With Maildir (many small message in a folder), this causes seeking all over the disk. Some filesystems (XFS?) may be better at this than others. The description of your problem seems to suggest the latter, so breaking up gigantic mailboxes into manageable volumes will help. If you really want to see what's going on when a client syncs, you can network trace, process trace, or use Dovecot's rawlog feature https://wiki.dovecot.org/Debugging/Rawlog to directly observe the iteraction between a server and client. This may be OK in the case of a rarely accessed archive folder, but not good for regularly accessed inboxes, etc.? This is not really so much technical advice as a rule of thumb: there's not a lot of payoff to optimizing rare operations. Joseph Tam
Re: What's a Reasonable Inbox Size?
On Fri, 8 May 2020, a...@globalchangemusic.org wrote: It depends on what you consider reasonable. The processing time of file operation that iterates through a mailbox will generally go up proportinately with size. If you do a text search without some indexing system like Solr, it will take a very long time. If the mailbox is just some archive that you pile up and forget about it except for once in a blue moon retrieval, then it might be reasonable. If it's an active mailbox, it will be a pain to navigate, in the same way a single folder with 100K files or a file cabinet with huge stacks of envelopes. I would guess some partioning of the large mailboxes into smaller mailboxes would help with active mailboxes. Most people spend most of their time on new/recent messages, so making time or size or subject based volmes wouldn't be a bad idea. If the bulk of the size are redundant copies of attachments, then Dovecot's *dbox support de-duping which would aso help. So, generally speaking, you don't want to have inboxes that just sync all day long, due to massive amounts of small files in the inbox. This may be OK in the case of a rarely accessed archive folder, but not good for regularly accessed inboxes, etc.? Joseph Tam
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
> On 09/05/2020 01:10 Steve Egbert wrote: > > > I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has > first-order before AES. > > https://github.com/openssl/openssl/issues/7562 Hi! TLSv1.3 has cipher suites, which is different from cipher list. This problem is known to us and we are looking to solve this, but I cannot promise any particular date for it. Aki
Re: Ms Exchange vs dovecot
Am 08.05.20 um 23:52 schrieb Bernd Petrovitsch: I assume you are aware of https://en.wikipedia.org/wiki/CLOUD_Act so using software from (heavily) US-based companies implies that all data (controlled by said companies) will - sooner or later - end up in the databases of US-3-letter-organizations. So forget about GDPR compliance with such software providers. Curiously, the linked wiki page says to the contrary, quote: The CLOUD Act […] provides mechanisms for the companies or the courts to reject or challenge these [warrants by US-3-letter-organizations] if they believe the request violates the privacy rights of the foreign country the data is stored in. -- peter
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has first-order before AES. https://github.com/openssl/openssl/issues/7562
Re: Ms Exchange vs dovecot
On Fri, 2020-05-08 at 22:17 +0200, Marc Roos wrote: > I have recently been working/testing with exchange 2016 and started > thinking if I should even migrate to this platform. I assume more people [...] I assume you are aware of https://en.wikipedia.org/wiki/CLOUD_Act so using software from (heavily) US-based companies implies that all data (controlled by said companies) will - sooner or later - end up in the databases of US-3-letter-organizations. So forget about GDPR compliance with such software providers. MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at There is no cloud, just other people computers. - FSFE LUGA : http://www.luga.at
Ms Exchange vs dovecot
I have recently been working/testing with exchange 2016 and started thinking if I should even migrate to this platform. I assume more people here have experience with exchange and this idea. I was wondering if this is possible with a dovecot setup 1. public folder can be implemented with a public mailbox? 2. authorize users via groups access to mailboxes/folders of the public folder/mailbox. I think I saw ACL's with dovecot, does this compare to 'folder permissions' 3. is it possible with sieve to apply a rule on any mailbox/folder? Thus if I 'drag' a message to a folder, the sieve rule is activated?
Re: Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow): https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2 On 5/8/20 11:50 AM, Steve Egbert wrote: I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher` settings introduced into Dovecot for better granularity. ALong with support for fallback to TLSv1.2 as outlined in https://bugzilla.mozilla.org/show_bug.cgi?id=1250568 I'm still being hammered with the following error with Thunderbird 76.0b3, Dovecot 2.3.4.1-5+deb10u1, Debian 11: May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol May 8 11:15:47 ns1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session= May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version.fallback-limit is given in http://kb.mozillazine.org/Security.tls.version.* ) Steve
Re: ot: copy physical mail files ?
On 2020-05-08 07:15, Voytek Eymont wrote: or even drag & drop in your mail client from one account to the other? hmmm, I use Squirrel web mail, don't have mail client, except on phone (maybe Android mail client can do...? not sure, must check) squirrelmail have no ajax, so not drag and drop support, try roundcube for this android have not ajax
Re: ot: copy physical mail files ?
> On May 8, 2020, at 1:15 AM, Voytek Eymont wrote: > > On Fri, May 8, 2020 1:18 am, ad...@awib.it wrote: >>> Am 07.05.2020 um 17:15 schrieb Admin dishaw.org : > >>> If you use the dovecot lmtp to deliver the mail, wouldn’t it be easier >>> to use sieve to redirect? > > problem is it's only some emails, that relate to this project > > this sender might send an email re this project, I want it in other tld; > or, he might send stuff NOT related to this project > emails relating to the project often include 'stuff' with them > > everyone else, replies to my emails sent from'correct' tld, this person, > gets me from his address book > > maybe I'll edit his address book ...? You can setup sieve to redirect email just from that one sender that shows up at the incorrect address—something like if allof(address :is “from" "problem.sen...@example.com”, address :is “to” “me@the-wrong-tld”) { redirect “me@the-correct-tld”; } If needed, you can add keyword test for the subject line. I have tried testing the body for keyword, so no comment on that option. > >> or even drag & drop in your mail client from one account to the other? > > hmmm, I use Squirrel web mail, don't have mail client, except on phone > (maybe Android mail client can do...? not sure, must check) > > > Another option, is to have a script that connects to your IMAP server and moves mail for you. For example, I use a perl script to process timesheets. You would need to have the script open two IMAP connections (one for each TLD).
Re: Support for MULTISEARCH
On 6.5.2020 3.57, Daniel Miller wrote: Does Dovecot presently support the MULTISEARCH command, or are there plans to do so? If you mean RFC7377, that is not supported. ref. https://www.imapwiki.org/Specs I would suggest evaluating if searching a single virtual folder could work for your use case. ref. https://doc.dovecot.org/configuration_manual/virtual_plugin/ br, Teemu --- Daniel
Re: dovecot-lda quota warning email add BCC
Dear dovecot users, I have setup doveot with quota warning. Once a quota wearning is reached a shell script is called which then sends an email to the user via dovecot LDA this is the command in the shell script: /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::quota" I already have looked in the docs: https://wiki.dovecot.org/LDA but can't find an option to add a BCC I would like to receive a copy of the quota warning email so I also get notified and know if user mailboxes get filled up. How could I achieve that? thanks & greetings Becki I will answer my question myself ;) it's been one of those days where you tend to make things more complicated than they actually are. I just modified the script and send another email with Dovecot LDA to the admin address. Sorry for the noise on the list! thanks & greetings Becki
courier-dovecot-migrate.pl and courier-5: UTF-8 flag
Hi, Courier to dovecot migration script https://dovecot.org/tools/courier-dovecot-migrate.pl referenced at the https://wiki.dovecot.org/Migration/Courier page has a couple of problems. One of them is that the script could not process courierpop3dsizelist generated by courier-5. File format has been changed a bit to mark UTF-8 messages with an additional attribute. Is it safe to ignore such flag or its value should be stored somewhere for dovecot? Internally courier assumes false value during migration from the previous format version (v2 to v3). --- courier-dovecot-migrate.pl.orig 2012-07-28 17:14:20.0 + +++ courier-dovecot-migrate.pl 2020-05-08 09:54:53.249214022 + @@ -170,8 +170,9 @@ my $pop3_fname = "$dir/$courier_pop3_uidfile"; open( $f, $pop3_fname ) || die $!; my $pop3_hdr = <$f>; -if ( $pop3_hdr =~ /^\/2 (\d+) (\d+)$/ ) { +if ( $pop3_hdr =~ /^\/[23] (\d+) (\d+)$/ ) { # /2 +# /3 $_ = <$f>; } elsif ( $pop3_hdr =~ /^\/1 (\d+)$/ ) { @@ -193,9 +194,13 @@ chomp $_; $line++; -my ( $full_fname, $fsize, $uid, $uidv ); +my ( $full_fname, $fsize, $uid, $uidv, $_is_utf8 ); -if ( /^([^ ]+) (\d+) (\d+):(\d+)$/ ) { +if ( /^([^ ]+) (\d+) (\d+):(\d+):(\d+)$/ ) { +# v3 +( $full_fname, $fsize, $uid, $uidv, $_is_utf8 ) = ( $1, $2, $3, $4, $5 ); +} +elsif ( /^([^ ]+) (\d+) (\d+):(\d+)$/ ) { # v2 ( $full_fname, $fsize, $uid, $uidv ) = ( $1, $2, $3, $4 ); }
Re: Seive + Spamprobe terminates with signal 6
On 22/4/20 10:40 am, Mark Constable wrote: Ubuntu 20.04, Dovecot 2.3.7.2, SpamProbe v1.4d. For the past weeks my sieve filters that call spamprobe have been crashing out for some users. For Googles sake, solved. I reverted to the older Bionic version of the Ubuntu spamprobe package and that seems to have fixed my problem... ## Downgrade spamprobe to prevent crashing, add to 20.04 sources.list ## deb http://au.archive.ubuntu.com/ubuntu bionic universe apt-get update #apt-cache showpkg spamprobe apt-get install spamprobe=1.4d-14build1 echo "spamprobe hold" | dpkg --set-selections -- Mark Constable 0419 530 037 https://spiderweb.com.au
dovecot-lda quota warning email add BCC
Dear dovecot users, I have setup doveot with quota warning. Once a quota wearning is reached a shell script is called which then sends an email to the user via dovecot LDA this is the command in the shell script: /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::quota" I already have looked in the docs: https://wiki.dovecot.org/LDA but can't find an option to add a BCC I would like to receive a copy of the quota warning email so I also get notified and know if user mailboxes get filled up. How could I achieve that? thanks & greetings Becki