RE: dovecot quota-warning detection mail

[Koga Hayashi]

Morikawa,

What do you mean by "logged-in user"?

%u stands for the username.
If, for an example, user "morikawa" exists in your dovecot server (I mean as 
local user), your quota warning configuration should be fine.
But if user "morikawa" does not exist in your server, and, dovecot can't 
resolve the username to the mail address, then the quota warning mail be 
rejected because dovecot can't find the "username" in local recipient table.

A little more information about your server environment will be appreciated.

Kouga
-Original Message-
From: dovecot  On Behalf Of 森川　孝司
Sent: Wednesday, October 28, 2020 10:17 AM
To: dovecot@dovecot.org
Subject: dovecot quota-warning detection mail

Hi, all.
we use quota-warning emails to notify you of quotas.

In rare cases, the email address has changed to the logged-in user.
(Because the address of %u is passed as the logged-in user.)

So I couldn’t send the email with “Recipient address rejected: User unknown in 
local recipient table”.

Why does my email address change to a logged-in user?
%u of "quota_warning = storage = 95 %% quota-warning 95% u"
The output is the logged-in user.

By Morikawa

RE: dovecot quota-warning detection mail

[Koga Hayashi]

Morikawa-san,

Your conf is wrong.

Should be:
   quota_warning = storage = 95 %% quota-warning 95 %u
Your conf:
   quota_warning = storage = 95 %% quota-warning 95% u

There's a space between % and u.

First of all, try the above and let us know if it changes.

Kouga

-Original Message-
From: 森川　孝司  
Sent: Wednesday, October 28, 2020 1:20 PM
To: 林 宏河 ; dovecot@dovecot.org
Subject: RE: dovecot quota-warning detection mail

Hi,Kouga-san

When quota-warning works normally
I'm sending an email to "From:  to = 
"

When it doesn't work
An email was sent to "From:  to = 
"
"Recipient address rejected: User unknown in local recipient table"

It will be.

cat /etc/dovecot/conf.d/90-quota.conf
--  plugin {
   quota_warning = storage = 95 %% quota-warning 95% u
   quota_warning1 = storage = 90 %% quota-warning 90% u
   quota_warning2 = storage = 85 %% quota-warning 85% u
   quota_warning3 = storage = 80 %% quota-warning 80% u }

service quota-warning {
   executable = script /usr/local/bin/quota-warning.pl
   user = dovecot
   unix_listener quota-warning {
 user = vmail
   }
}
-- -

And it is set.

Thank you.

-Original Message-
From: Koga Hayashi [mailto:haya...@progdence.co.jp]
Sent: Wednesday, October 28, 2020 12:50 PM
To: 森川　孝司 ; dovecot@dovecot.org
Subject: RE: dovecot quota-warning detection mail

Morikawa,

What do you mean by "logged-in user"?

%u stands for the username.
If, for an example, user "morikawa" exists in your dovecot server (I mean as 
local user), your quota warning configuration should be fine.
But if user "morikawa" does not exist in your server, and, dovecot can't 
resolve the username to the mail address, then the quota warning mail be 
rejected because dovecot can't find the "username" in local recipient table.

A little more information about your server environment will be appreciated.

Kouga
-Original Message-
From: dovecot  On Behalf Of 森川　孝司
Sent: Wednesday, October 28, 2020 10:17 AM
To: dovecot@dovecot.org
Subject: dovecot quota-warning detection mail

Hi, all.
we use quota-warning emails to notify you of quotas.

In rare cases, the email address has changed to the logged-in user.
(Because the address of %u is passed as the logged-in user.)

So I couldn’t send the email with “Recipient address rejected: User unknown in 
local recipient table”.

Why does my email address change to a logged-in user?
%u of "quota_warning = storage = 95 %% quota-warning 95% u"
The output is the logged-in user.

By Morikawa

RE: dovecot quota-warning detection mail

[森川 孝司]

Hi,Kouga-san

When quota-warning works normally
I'm sending an email to "From:  to =
"

When it doesn't work
An email was sent to "From:  to =
"
"Recipient address rejected: User unknown in local recipient table"

It will be.

cat /etc/dovecot/conf.d/90-quota.conf
-- 
plugin {
   quota_warning = storage = 95 %% quota-warning 95% u
   quota_warning1 = storage = 90 %% quota-warning 90% u
   quota_warning2 = storage = 85 %% quota-warning 85% u
   quota_warning3 = storage = 80 %% quota-warning 80% u
}

service quota-warning {
   executable = script /usr/local/bin/quota-warning.pl
   user = dovecot
   unix_listener quota-warning {
 user = vmail
   }
}
-- -

And it is set.

Thank you.

-Original Message-
From: Koga Hayashi [mailto:haya...@progdence.co.jp]
Sent: Wednesday, October 28, 2020 12:50 PM
To: 森川　孝司 ; dovecot@dovecot.org
Subject: RE: dovecot quota-warning detection mail

Morikawa,

What do you mean by "logged-in user"?

%u stands for the username.
If, for an example, user "morikawa" exists in your dovecot server (I mean as
local user), your quota warning configuration should be fine.
But if user "morikawa" does not exist in your server, and, dovecot can't
resolve the username to the mail address, then the quota warning mail be
rejected because dovecot can't find the "username" in local recipient table.

A little more information about your server environment will be appreciated.

Kouga
-Original Message-
From: dovecot  On Behalf Of 森川　孝司
Sent: Wednesday, October 28, 2020 10:17 AM
To: dovecot@dovecot.org
Subject: dovecot quota-warning detection mail

Hi, all.
we use quota-warning emails to notify you of quotas.

In rare cases, the email address has changed to the logged-in user.
(Because the address of %u is passed as the logged-in user.)

So I couldn’t send the email with “Recipient address rejected: User
unknown in local recipient table”.

Why does my email address change to a logged-in user?
%u of "quota_warning = storage = 95 %% quota-warning 95% u"
The output is the logged-in user.

By Morikawa

Re: SV: SV: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

And which email clients can do this? 

A defacto standard needs to be adopted. If I don't provide SPF or DKIM, I am 
likely to be deemed spammy, hence a defacto standard has been established. I 
don't see this with TOTP. 

I'm all for TOTP, but I'm not going to code my own. 





  Original Message  


From: sebast...@sebbe.eu
Sent: October 27, 2020 5:56 PM
To: dovecot@dovecot.org
Reply-to: dovecot@dovecot.org
Subject: SV: SV: Looking for a guide to collect all e-mail from the ISP mail 
server


>>Whatever Gmail wants is essentially a defacto standard.

Gmail have solved it with a Oauth authorization scheme. Basically, first time 
setting up mail, you are asked to authenticate by 2FA in a webview, then a 
shared secret is established, that is used during SMTP and IMAP time.
Both Hotmail and Gmail is using this hackish webview solution for Outlook 
integration (and integration in some other email clients).

Thats why Google and Microsoft have their own buttons inside Outlook and some 
other mail clients.

dovecot quota-warning detection mail

[森川 孝司]

Hi, all.
we use quota-warning emails to notify you of quotas.

In rare cases, the email address has changed to the logged-in user.
(Because the address of %u is passed as the logged-in user.)

So I couldn’t send the email with “Recipient address rejected: User
unknown in local recipient table”.

Why does my email address change to a logged-in user?
%u of "quota_warning = storage = 95 %% quota-warning 95% u"
The output is the logged-in user.

By Morikawa

SV: SV: Looking for a guide to collect all e-mail from the ISP mail server

[Sebastian Nielsen]

>>Whatever Gmail wants is essentially a defacto standard.

Gmail have solved it with a Oauth authorization scheme. Basically, first time 
setting up mail, you are asked to authenticate by 2FA in a webview, then a 
shared secret is established, that is used during SMTP and IMAP time.
Both Hotmail and Gmail is using this hackish webview solution for Outlook 
integration (and integration in some other email clients).

Thats why Google and Microsoft have their own buttons inside Outlook and some 
other mail clients.




smime.p7s
Description: S/MIME Cryptographic Signature

Re: SV: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

I would have to also hack the email client since I don't enter my 20 character 
high entropy password when I send or retrieve email.

You really need an email standard to integrate TOTP. To be realistic, you need 
Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live 
in the real world, so whatever Google wants, I comply. 







  Original Message  


From: jtam.h...@gmail.com
Sent: October 27, 2020 3:57 PM
To: dovecot@dovecot.org
Subject: Re: SV: Looking for a guide to collect all e-mail from the ISP mail 
server


On Tue, 27 Oct 2020, Sebastian Nielsen wrote:

> Kind of stupid that there doesn't exist some common standard for 2FA that
> works in email clients.

You can bodge it for HOTP/TOTP hardware token generators.  Dovecot allows
custom plugins to check passwords.  The plugin can take passwords of
the form {password}+{2fa-token}, then split each part to check against
authentication systems to check validity.

Joseph Tam 

Re: SV: Looking for a guide to collect all e-mail from the ISP mail server

[Joseph Tam]

On Tue, 27 Oct 2020, Sebastian Nielsen wrote:


Kind of stupid that there doesn't exist some common standard for 2FA that
works in email clients.


You can bodge it for HOTP/TOTP hardware token generators.  Dovecot allows
custom plugins to check passwords.  The plugin can take passwords of
the form {password}+{2fa-token}, then split each part to check against
authentication systems to check validity.

Joseph Tam 

[SOLVED] Re: doveadm SSL problem with recent update

[Trever L. Adams]

On 10/25/20 6:02 AM, Arjen de Korte wrote:
>
>   # SSL/TLS support: yes, no, required. 
>   ssl = no
>
>   !include_try 10-ssl.conf.ext 

Thank you very much. This did exactly what I needed.

[NOISSUE] Newbie question about replication

[Piotr Auksztulewicz]

On Mon, Oct 19, 2020 at 12:08:05AM +0200, Piotr Auksztulewicz wrote:
> On Sun, Oct 18, 2020 at 11:14:26PM +0200, John Fawcett wrote:
> > can you check if the missing emails are in the new directory on host B?
> 
> I cannot now. I did not think about that possibility when listing the
> contents of directories and have not checked the new directory.
> 
> > My guess is that the missing emails appeared on host A in new and were
> > replicated to host B in new. Then the imap client connected to host A
> > moved them from new to cur on host A and that such movement is not
> > subject to replica. So long as the emails have been replicated to either
> > new or cur on host B, then it should not be an issue about losing emails
> > if host A goes down, since connecting an imap client to host B will move
> > the emails to cur (that is no replication involved).

I have observed my servers for a few days and this is exactly what happens
- some mails are still in new/ on host B. The whole issue is nonexsitent.

Thanks for the hint.

-- 
Piotr "Malgond" Auksztulewicz firstn...@lastname.net

Re: Looking for a guide to collect all e-mail from the ISP mail server

[John Stoffel]

> "lists" == lists   writes:

lists> Ditto this. I pay for a VPS because I don't want my home facing
lists> the internet. If the VPS gets hacked, that is as far as they
lists> get.

Same here, I do this as well.

lists> You could do a mail server on a $5 Digital Ocean or Linode VPS
lists> if you don't run SpamAssassin.  Rather than have your email
lists> server on a 10 year old laptop, you let someone else maintain
lists> the hardware. You can and should image your VPS or pay for
lists> imaging. I do both.

Linode is better, if only because charter.net is blocking all of
Digital Ocean's netblocks for email.  Sigh...

lists> My pipe to the outside world is around 800mbps. I couldn't do
lists> that at home. I don't have to worry about leaving a computer
lists> running while on vacation.

Same here!

lists> Should the OP want to join the real world, here again in the
lists> guide I use. I like this person's approach because you can test
lists> each step. The maintenance is gui free. From start to finish
lists> figure on three hours. That includes setting up the VPS, spf,
lists> and DKIM. I strongly encourage Centos. I don't use it at home,
lists> but it is great for a server. It is a long term disty.

This nice thing about a VPS is that it's got redundant power,
networking, cooling, etc.  I pay $5/mon and another $6/qtr for my
domain DNS hosting.  Trivial costs for my own domain.

Dovecot, postfix, spamassasin, etc.  If you need more anti-spam, then
you'll need to spend $10/mon for a bigger memory VM in my expierence.

John

SV: Looking for a guide to collect all e-mail from the ISP mail server

[Sebastian Nielsen]

>>EU have very strict laws on the security of email and the requirement to
keep it archived and to ensure the data cannot get out. 

No.
GDPR is very organization-specific, meaning that a small organization or
non-profit with 5 employees, don't need the same security as a 100 employee
multi-million dollar organization.

They were going to require small companies and even private persons
processing data outside of the "personal space" limitation, to have the same
sort of physical and digital security as any multi-billion dollar
corporation, and require those that cannot cash up for such security, to
only use hosted cloud services and rented centrally-managed computers
without any own IT department.

Of course, they dropped that idea, because it was not fair against small
companies. They changed the ruling so the amount of security you need, is
dependant on how much people is at risk if the emails leak, and what type of
content the email has (if it has sensitive data, requirements are higher).

But also, export of data to third-world countries is not permitted at all,
regardless of organization size, due to the data losing legal protection (if
someone outside EU leaks the data, you cannot hold someone responsible),
unless specific requirements are met.

This means, a somewhat maintained mail server, physically located at a
company, is much better than using a hosted cloud service, as the cloud
services usually take extra payment to keep the data inside EU.

Same with the rulings on security bulletins - if you have a multi-billion
dollar company then you are expected to apply security fixes and patches,
even on a Saturday night. They are obliged by EU law to have alarms that
wake them up on any major security bulletin regarding any of the server
software.

For a small non-profit or family company - its OK to wait until business
hours with that - if that leads to the server being hacked - its okay. You
did what you could. Novody expects you to be available 24/7 to patch 0-days.

So its totally dependand on what type of organization you run, and the size
- that govern how much security you need.


And no, you don't need an UPS or backuped ISP connections, unless you run
something mission critical. Most mailservers will queue mails for several
days, so if your mailserver disappear for 1-2 days, it don't matter.
The "availability" requirements of GDPR only applies to society-cricical
services where it can actually cause harm to end-users if a service is down.

If its just a small non-profit with 5 employees, GDPR is not gonna care
because the email server was down for a day or two.






smime.p7s
Description: S/MIME Cryptographic Signature

Re: imapsieve: setting imapsieve_url disables admin scripts

[Gedalya]

On 10/27/20 7:52 PM, Stephan Bosch wrote:
>
>
> On 27/10/2020 11:32, Gedalya wrote:
>> Hello,
>>
>> The documentation says imapsieve_url "has no effect on the 
>> administrator-controlled Sieve scripts". However, when setting this item, I 
>> get lines such as:
>>
>> Error: imapsieve: mailbox INBOX: Failed to read /shared/imapsieve/script 
>> mailbox attribute: Mailbox attributes not enabled
>>
>> and that's it. imapsieve_mailboxXXX_* settings are completely ignored. 
>> Unsetting imapsieve_url makes it all work again.
>
> https://doc.dovecot.org/configuration_manual/imap_metadata/
>
> METADATA support is needed for IMAPSieve with user Sieve scripts.

OK, I see, so if I want user scripts to actually work I'd have to enable that.

Why does a broken user script configuration have to break admin scripts?

SV: Looking for a guide to collect all e-mail from the ISP mail server

[Sebastian Nielsen]

1: I meant like this:

Without whitelisting, you can't login to SMTP or IMAP, password isn't valid
at all.

To enable SMTP and IMAP, you then either surf ro webmail, or the 2FA
gateway, and login with:
Username + password + 2FA code + captcha.

When all is valid, then your IP is whitelisted for SMTP and IMAP access.
This still means you have to use usename/password for SMTP/IMAP.

So how would this be a security hole?
Instead of using only username+password for SMTP/IMAP?
The whitelisting procedure ADDS to the security. The baseline security with
username+password is already there, but now you ALSO need a whitelisted IP
to even get a chance to authenticate.

Kind of stupid that there doesn't exist some common standard for 2FA that
works in email clients. Some clients do support TLS client certificates, and
some clients do support certain "extensions" for 2FA auth. But only common
supported in all clients is password auth without 2FA, which is pretty
insecure.

Outlook have solved 2FA auth with a webview that uses OAUTH to create a
authentication token, for use with SMTP/IMAP using some proprietary
extension with gmail and hotmail.
But that webview is not something you can trigger from a third party
service.

Captcha is there to prevent bruteforcing. If a valid captcha is submitted
along with a 2FA code, you could lock out the account for 1 minute for each
invalid attempt.
If a invalid captcha is submitted, you ignore the request  completely.
This then prevents a attacker from flooding the server with invalid auth
requests for the sole purpose of keeping a user locked out. (Account Lockout
DDoS attack)


I had problems with my mail password getting hacked all the time. The
instant I added IP whitelist to my system and blocked all non-approved IPs
from authenticating at all (so you must have username + password + correct
IP to gain access) - then all hacking of my passwords have stopped. IP
lockout was the solution to my problems.


2: The idea with the reverse-proxy gateway, is only to prevent auth-bypass
or non-authenticated security holes. If you have a web service that has a
suspected vulnerability that could be used without authenticating, or could
be used to bypass authentication, then you put a reverse proxy in front. The
reverse proxy does the authentication, and only forwards requests belongning
to authenticated users.
Even if the webservice behind, has a auth-bypass hole, it cannot be
exploited, as the reverse proxy is behind the service, and non-authenticated
users cannot even touch the webservice at all.


-Ursprungligt meddelande-
Från: dovecot-boun...@dovecot.org  För @lbutlr
Skickat: den 27 oktober 2020 15:57
Till: dovecot mailing list 
Ämne: Re: Looking for a guide to collect all e-mail from the ISP mail server

On 25 Oct 2020, at 22:47, Sebastian Nielsen  wrote:
> The second way, is to not have webmail at all, but instead have a
authentication gateway in browser, where you must auth with 2FA and captcha.
The only purpose of this gateway, is to authenticate users with 2FA before
their IP is whitelisted.

I mostly agree with the sentiments in your email, but whitelsiting IP
addresses is a HORRIBLE idea and a massive gaping security hole and using a
captcha is only slightly less horrible and user-hostile. If you are using
2FA there is absolutely no reason to use a captcha.

A 2FA gateway that reverse proxies the webmail is quite good, but enforcing
good passwords and using TLS is good enough for nearly all use cases.

(I recently upped the minimum password length from 12 characters)

-- 
Ah we're lonely, we're romantic / and the cider's laced with acid /
and the Holy Spirit's crying, Where's the beef? / And the moon is
swimming naked / and the summer night is fragrant / with a mighty
expectation of relief




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

> On 26 Oct 2020, at 09:11, R. Diez  wrote:
> 
>>> 
>>> I would not advice any company that is continuously being fined for 
>>> breaking the law.
> 
>> This is not only an overstatement, it is completely irrelevant.  Given the 
>> OP problem
>> statement (small business, part-time admin, newbie to mail servers), I do 
>> not think there is a better solution
>> A small server already costs 20 USD / month, running a mail server consumes 
>> a significant amount of resources, and as the OP mentions running a mail 
>> server also represents a high security risk.
> 
> 
> Guys, this kind of advice is not helping me either.
> 
> First of all, I want to learn how to do it, just for fun. Even if paying for 
> a hosted solution is an economically better solution. It's not for me to 
> decide anyway.

If you want to do it for fun and learning, setup a private mail server for 
yourself and maybe some friends. You do not have "fun" with a company's emails, 
not even a non-profit. ESPECAILLY since you have rather sepcific legal 
restrictions and requirements on that email.

Doing it yourself is possible IF you already know what you are doing very well. 
Doing this yourself as a "fun learning experiment" is irresponsible.

> I will not recommend Google. Ever heard of data protection and data 
> confidentiality? And then you are completely dependent. Your are nothing for 
> a huge company like Google. If they lose your complete e-mail database, they 
> will tell you that they are awfully sorry. If at all.

You are still confusing two very different things, the paid Google hosting 
service and the free gmail service. They are not the same thing. You paranoia 
is based on ignorance. You do not, obviously have to go with Google. There are 
many other choices. Hundreds. Your government may even have a list of companies 
that comply with German and European laws.

> And no, running a mail server does not "consume a significant amount of 
> resources". Any 10-year-old laptop can easily cater for a small business.

That depends. You need to find an 18yo laptop that can run a current OS with 
current security libraries, so that's a stretch right there. And while it may 
not consume a lot of CPU resources, it consumes a lot of human/brain resources. 
It takes knowledge which takes time. Your idea that you can just setup a 
mialserver and walk away and never look at it again is laughable.

> Besides, paying $6/user/month is actually very expensive for some small 
> organisations.

Depends on what the cost of, for example, having all your email ransomwared or 
published to some website costs. If your non-profit gets funding, your country 
and the EU have very strict laws on the security of email and the requirement 
to keep it archived and to ensure the data cannot get out. You may be facing 
serious fines or even jail time if you setup an mail server badly that results 
(as it almost surely will) a third party accessing that mail.

> If you have 20 volunteers coming to the help in a small public library once a 
> month, that would be $1440 a year just for e-mail services.

If you feel the need to give 20 volunteers individual, personal email 
addresses, sure. $1500 a year for any sort of business, even a non-profit, is 
not a significant cost.

> Most such people would continue to use private Hotmail addresses. I would 
> rather install a Synology NAS and use whatever e-mail service it comes with 
> it.

You have to pay for that too.

> An on-premise mail server is, and should be, virtually free,

It is not. You need someone to admin it. You need someone to be vigilant and 
see when things are going wrong, or when an intruder has gained access, or when 
your DNS has expired, or your certificates need to be renewed, or a major 
system update is required. You also need (well, should have) a  backup server, 
UPS systems (check those batteries!) and a whole host of other things that need 
to be done.

> at least for a basic e-mail service. No need for cloud. No need to expose any 
> ports. No need to configure the firewall. No need to ask anything from your 
> ISP.

You cannot send or receive any email if all your ports are closed. In order to 
communicate with anyone else, you must have the ability to connect to them.

But it sure sounds like you've made up your mind to make the worst decision and 
are ignoring the advice of many people who do this all day, everyday. Good luck 
with that.

Please check with your legal counsel first, you may be shocked as to what the 
EU and Germany actually require and what penalties you face when you decide to 
ignore those requirements. For example, are you aware that Germany requires TLS 
encryption on all email? And has more stringent E2EE requirements on many 
emails?

-- 
"Let's get back to syntax of procmail and forget the syntax of
fools." Don

SV: Looking for a guide to collect all e-mail from the ISP mail server

[Sebastian Nielsen]

>> Running an unmaintained mail server is a BAD thing.

Of course. You maintain it.

>>I think you are confusing gmail and google apps (or whatever it is called
now, seems to change all the time).

Google apps uses the same restrictions. What I recall, you can disable SPF
and DKIM checks for trusted sources, but you cannot disable reputation
checks.

>>Wow. That sounds sooper not secure.

How? Of course, you must have some sort of secure communication between the
access controller system, and the system that manages logins for the
computers and such. Then when you scan the badge at your personal office
space (where only you have access), the access controller tells the system
to automatically logon the computer.

Another way is to have a RFID card reader where you put the badge to login
computer, and remove badge to logout.
Also a easy and secure system, but requires lots of integration work if you
want to use it with third-party services.

If you have own in-house servers, you can just tell those servers to check
on-the-fly with the access control system if there is a valid card on the
reader before giving computer X access to account Y - making it secure,
since you can then not tamper with anything to bypass the auth check - the
server, which is located in secure space, formally asks the access
controller "master", which is also located in secure space, if user X is
authenticated at reader Y.

>>You cannot keep a mail server automatically updated, sorry. That is a
fantasy.

You can. Ubuntu have packages  with mail servers automatically updated.
However, sometimes manual intervention is required to change the config when
some security holes appear that cannot be resolved with patches.




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

On 25 Oct 2020, at 22:51, Sebastian Nielsen  wrote:
>>> why not just point them at a hosting service like google apps, and let
>> google keep things up to date?
> 
> Costs money,

Yes. That is a *good* thing. Running an unmaintained mail server is a BAD thing.

> and also the problem is that gmail imposes heavy spam filters
> and "reputation blocks" meaning smaller providers with low email volumes,

I think you are confusing gmail and google apps (or whatever it is called now, 
seems to change all the time).

> Another thing is that you cannot impose IP restrictions when using Google
> Apps, or have SSO with trusted access from inside the office. (for example -
> scan your badge at the office door, your personal computer is automatically
> logged on and you get access to everything).

Wow. That sounds sooper not secure.

> With locally hosted servers, of course you have to keep them updated. Most
> linux distributions can keep them updated automatically.

You cannot keep a mail server automatically updated, sorry. That is a fantasy.

You can either spend money on someone know knows what they are doing in-house 
(more secure, more control, more money), or you can spend money on outsourcing 
someone who knows what they are doing (less money). The other option involves a 
pair of smoking boots and a crater and I do not recommend it.

-- 
Nothing like grilling a kosher dog over human hair to bring out the
subtle flavors.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

On 25 Oct 2020, at 22:47, Sebastian Nielsen  wrote:
> The second way, is to not have webmail at all, but instead have a 
> authentication gateway in browser, where you must auth with 2FA and captcha. 
> The only purpose of this gateway, is to authenticate users with 2FA before 
> their IP is whitelisted.

I mostly agree with the sentiments in your email, but whitelsiting IP addresses 
is a HORRIBLE idea and a massive gaping security hole and using a captcha is 
only slightly less horrible and user-hostile. If you are using 2FA there is 
absolutely no reason to use a captcha.

A 2FA gateway that reverse proxies the webmail is quite good, but enforcing 
good passwords and using TLS is good enough for nearly all use cases.

(I recently upped the minimum password length from 12 characters)

-- 
Ah we're lonely, we're romantic / and the cider's laced with acid /
and the Holy Spirit's crying, Where's the beef? / And the moon is
swimming naked / and the summer night is fragrant / with a mighty
expectation of relief

imapsieve: setting imapsieve_url disables admin scripts

[Gedalya]

Hello,

The documentation says imapsieve_url "has no effect on the 
administrator-controlled Sieve scripts". However, when setting this item, I get 
lines such as:

Error: imapsieve: mailbox INBOX: Failed to read /shared/imapsieve/script 
mailbox attribute: Mailbox attributes not enabled

and that's it. imapsieve_mailboxXXX_* settings are completely ignored. 
Unsetting imapsieve_url makes it all work again.

# 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.11 (6c69c917)
# OS: Linux 4.19.0-5-amd64 x86_64 Debian bullseye/sid xfs
# Hostname: --
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
imapc_features = rfc822.size fetch-headers
imapc_host = imap.gmail.com
imapc_port = 993
imapc_ssl = imaps
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_gid = vmail
mail_home = /srv/mail/domains/%d/%n
mail_location = mdbox:/srv/mail/domains/%d/%n/mdbox
mail_plugins = quota fts fts_solr
mail_prefetch_count = 20
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
mdbox_preallocate_space = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    autoexpunge = 30 days
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    autoexpunge = 30 days
    special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
  fts_tika = http://127.0.0.1:9998/tika/
  imapsieve_mailbox1_before = file:/usr/local/lib/imapsieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/usr/local/lib/imapsieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  imapsieve_mailbox3_before = file:/usr/local/lib/imapsieve/report-spam.sieve
  imapsieve_mailbox3_causes = COPY
  imapsieve_mailbox3_name = Junk2
  imapsieve_mailbox4_before = file:~/sieve/IMAP-Sent.sieve
  imapsieve_mailbox4_causes = APPEND COPY
  imapsieve_mailbox4_name = Sent
  quota = count:User quota:noenforcing
  quota_rule = *:storage=5120M
  quota_vsizes = yes
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve-global/fileinto-spam.sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_pipe_bin_dir = /usr/local/lib/imapsieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
pop3_fast_size_lookups = yes
pop3_no_flag_updates = yes
protocols = " imap lmtp sieve pop3"
quota_full_tempfail = yes
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener auth-client {
    group = Debian-exim
    mode = 0660
    user = Debian-exim
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
  user = $default_internal_user
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  service_count = 0
}
service imap {
  vsz_limit = 512 M
}
service lmtp {
  inet_listener lmtp {
    address = ---
    port = 2525
  }
  unix_listener lmtp {
    group = Debian-exim
    mode = 0660
    user = root
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 0
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  service_count = 0
}
ssl = required
ssl_cert = 

Re: Sieve body test

[@lbutlr]

On 26 Oct 2020, at 21:04, Stephan Bosch  wrote:
> On 23/10/2020 13:22, @lbutlr wrote:
>> On 22 Oct 2020, at 19:09, Stephan Bosch  wrote:
>>> You need to include the extprograms plugin:
>> I have, and vnf.dovecot.pipe doesn't give the error.
>> 
>>   sieve_plugins = sieve_imapsieve sieve_extprograms
>> 
>> ¯\_(ツ)_/¯
>> 
>> I am not using filter now though, so I haven't try to track down what the 
>> issue is.
> 
> And you also need to add vnd.dovecot.filter to sieve_extensions (or 
> sieve_global_extensions).

Ah, yes, so I do. I only had .pipe there. While I am here, does _global_ mean 
that they do not need to be listed in the requires header?

That's good, I'm working on a. Filter to restyle some html emails that I get to 
eliminate the white backgrounds, and filter is going to be necessary for that 
to work.

Something along the lines of

if allof ( header :contains "from" "someone",
   header :contains "to" "me".
   Header :contains "Subject" "Stupid HTML" ) {

  if body :raw :contains "" {
filter :try "darkmode.sh";
  }
}

darkmode.sh:
#!/bin/sh
sed -e '||* {color:white !important; background-color: black 
!important; } |'

(Not that I have even begun to test that)

-- 
[Unused] "Are you pondering what I'm pondering?"

Pinky: I think so, Brain, but she'd never leave Mickey.
Brain: I thought we agreed never to discuss that!

Re: Dovecot replication not picking up new mail in maildir

[jayare-dcml]

On 10/27/2020 7:56 AM, Aki Tuomi wrote:



On 27/10/2020 14:49 jayare-dcml at outlook.com wrote:


On 26/10/2020 19:25, John Fawcett wrote:

On 25/10/2020 17:19, jayare~dcml at videocoding.org wrote:

I've got a basic dovecot master-master replication setup between two
servers (imap1 and imap2). Actions such as deleting messages or moving
them between folders are replicated correctly and quickly.

However, when new mail is delivered by postfix, replication does not
occur until something else triggers it, such as one of the delete/move
actions mentioned earlier. A search suggested this may be due to the
notify plugin, but I don't see any issue with the settings. Output of
doveconf -n:


Hi

is there any error in the log?

Can you show some evidence or an example? ie some email delivery in the
master but not on the slave?

Can you be sure to check both new and cur subdirectories on master and
slave?

John


  There's precisely nothing in the log. The new mail arrives on the master, and 
it is as though dovecot completely ignores it for the purposes of replication.


However, I think I have solved the problem by enabling LMTP and forcing postfix 
to go through that rather than writing to the maildir directly. Perhaps LMTP is 
required for replication and I just didn't realize it. End result is (I think) 
it is working properly.


J




Sorry for empty mail, butterfingers...

Anyways, since replication is triggered by "replication" plugin, you need to 
involve either dovecot-lda or lmtp to the delivery process. Dovecot *will not* pick up 
replication need if you just drop files into the maildir as nothing will trigger dovecot 
code.

Aki



Thanks for confirming.  Seems to be working OK using LMTP now.

Re: Dovecot replication not picking up new mail in maildir

[Aki Tuomi]

> On 27/10/2020 14:49 Justin Ridge  wrote:
> 
> 
> On 26/10/2020 19:25, John Fawcett wrote:
> > On 25/10/2020 17:19, jayare~dcml at videocoding.org wrote:
> >> I've got a basic dovecot master-master replication setup between two
> >> servers (imap1 and imap2). Actions such as deleting messages or moving
> >> them between folders are replicated correctly and quickly.
> >>
> >> However, when new mail is delivered by postfix, replication does not
> >> occur until something else triggers it, such as one of the delete/move
> >> actions mentioned earlier. A search suggested this may be due to the
> >> notify plugin, but I don't see any issue with the settings. Output of
> >> doveconf -n:
> >
> > Hi
> >
> > is there any error in the log?
> >
> > Can you show some evidence or an example? ie some email delivery in the
> > master but not on the slave?
> >
> > Can you be sure to check both new and cur subdirectories on master and
> > slave?
> >
> > John
> 
>  There's precisely nothing in the log. The new mail arrives on the master, 
> and it is as though dovecot completely ignores it for the purposes of 
> replication.
> 
> 
> However, I think I have solved the problem by enabling LMTP and forcing 
> postfix to go through that rather than writing to the maildir directly. 
> Perhaps LMTP is required for replication and I just didn't realize it. End 
> result is (I think) it is working properly.
> 
> 
> J
> 
>

Sorry for empty mail, butterfingers...

Anyways, since replication is triggered by "replication" plugin, you need to 
involve either dovecot-lda or lmtp to the delivery process. Dovecot *will not* 
pick up replication need if you just drop files into the maildir as nothing 
will trigger dovecot code.

Aki

Re: Dovecot replication not picking up new mail in maildir

[Aki Tuomi]

> On 27/10/2020 14:49 Justin Ridge  wrote:
> 
> 
> On 26/10/2020 19:25, John Fawcett wrote:
> > On 25/10/2020 17:19, jayare~dcml at videocoding.org wrote:
> >> I've got a basic dovecot master-master replication setup between two
> >> servers (imap1 and imap2). Actions such as deleting messages or moving
> >> them between folders are replicated correctly and quickly.
> >>
> >> However, when new mail is delivered by postfix, replication does not
> >> occur until something else triggers it, such as one of the delete/move
> >> actions mentioned earlier. A search suggested this may be due to the
> >> notify plugin, but I don't see any issue with the settings. Output of
> >> doveconf -n:
> >
> > Hi
> >
> > is there any error in the log?
> >
> > Can you show some evidence or an example? ie some email delivery in the
> > master but not on the slave?
> >
> > Can you be sure to check both new and cur subdirectories on master and
> > slave?
> >
> > John
> 
>  There's precisely nothing in the log. The new mail arrives on the master, 
> and it is as though dovecot completely ignores it for the purposes of 
> replication.
> 
> 
> However, I think I have solved the problem by enabling LMTP and forcing 
> postfix to go through that rather than writing to the maildir directly. 
> Perhaps LMTP is required for replication and I just didn't realize it. End 
> result is (I think) it is working properly.
> 
> 
> J
> 
>

Re: Dovecot replication not picking up new mail in maildir

[Justin Ridge]

On 26/10/2020 19:25, John Fawcett wrote:
> On 25/10/2020 17:19, jayare~dcml at videocoding.org wrote:
>> I've got a basic dovecot master-master replication setup between two
>> servers (imap1 and imap2). Actions such as deleting messages or moving
>> them between folders are replicated correctly and quickly.
>>
>> However, when new mail is delivered by postfix, replication does not
>> occur until something else triggers it, such as one of the delete/move
>> actions mentioned earlier. A search suggested this may be due to the
>> notify plugin, but I don't see any issue with the settings. Output of
>> doveconf -n:
>
> Hi
>
> is there any error in the log?
>
> Can you show some evidence or an example? ie some email delivery in the
> master but not on the slave?
>
> Can you be sure to check both new and cur subdirectories on master and
> slave?
>
> John

There's precisely nothing in the log.  The new mail arrives on the master, and 
it is as though dovecot completely ignores it for the purposes of replication.

However, I think I have solved the problem by enabling LMTP and forcing postfix 
to go through that rather than writing to the maildir directly.  Perhaps LMTP 
is required for replication and I just didn't realize it.  End result is (I 
think) it is working properly.

J

Re: Indexer error after upgrade to 2.3.11.3 [trial patch]

[John Fawcett]

On 22/10/2020 10:23, John Fawcett wrote:
> On 21/10/2020 19:00, John Fawcett wrote:
>> On 21/10/2020 16:44, Patrik Peng wrote:
>>> On 16.10.20 18:34, Patrik Peng wrote:
 On 16.10.20 18:00, Scott Q. wrote:
> This reminds me, the way I was able to reproduce this consistently
> was by having large headers ( 100+ lines ).
>
>
> On Friday, 16/10/2020 at 11:49 Patrik Peng wrote:
>
> On 19.08.20 17:37, Josef 'Jeff' Sipek wrote:
>
>> On Wed, Aug 19, 2020 at 17:03:57 +0200, Alessio Cecchi wrote:
>>> Hi,
>>> after the upgrade to Dovecot 2.3.11.3, from 2.3.10.1, I see 
>>> frequently 
>>> these errors from different users:
>> It looks like this has been around for a while and you just got 
>> unlucky and
>> started seeing this now.  Here's a quick & dirty patch that should 
>> fix this.
>> If you can try it, let us know how it went.
>> Jeff.
>>
>> diff --git a/src/plugins/fts-solr/solr-connection.c 
>> b/src/plugins/fts-solr/solr-connection.c
>> index 
>> ae720b5e2870a852c1b6c440939e3c7c0fa72b5c..9d364f93e2cd1b716b9ab61bd39656a6c5b1ea04
>>  100644
>> --- a/src/plugins/fts-solr/solr-connection.c
>> +++ b/src/plugins/fts-solr/solr-connection.c
>> @@ -103,7 +103,7 @@ int solr_connection_init(const struct 
>> fts_solr_settings *solr_set,
>>  http_set.ssl = ssl_client_set;
>>  http_set.debug = solr_set->debug;
>>  http_set.rawlog_dir = solr_set->rawlog_dir;
>> -solr_http_client = http_client_init(&http_set);
>> +solr_http_client = http_client_init_private(&http_set);
>>  }
>>  *conn_r = conn;
>> diff --git a/src/plugins/fts/fts-parser-tika.c 
>> b/src/plugins/fts/fts-parser-tika.c
>> index 
>> a4b8b5c3034f57e22e77caa759c090da6b62f8ba..b8b57a350b9a710d101ac7ccbcc14560d415d905
>>  100644
>> --- a/src/plugins/fts/fts-parser-tika.c
>> +++ b/src/plugins/fts/fts-parser-tika.c
>> @@ -77,7 +77,7 @@ tika_get_http_client_url(struct mail_user *user, 
>> struct http_url **http_url_r)
>>  http_set.request_timeout_msecs = 60*1000;
>>  http_set.ssl = &ssl_set;
>>  http_set.debug = user->mail_debug;
>> -tika_http_client = http_client_init(&http_set);
>> +tika_http_client = http_client_init_private(&http_set);
>>  }
>>  *http_url_r = tuser->http_url;
>>  return 0;
>
> Greetings
>
> I'm also experiencing these issues while running Dovecot
> 2.3.11.3 with Solr 8.6.3 on FreeBSD 11.4. As mentioned in a
> previous mail, the above patch is already applied to Dovecot's
> FreeBSD Port, confirmed by the patches being present in the
> portstree
> 
> (https://svnweb.freebsd.org/ports/branches/2020Q3/mail/dovecot/files/).
>
> In a FreeBSD VM with the official image
> 
> (https://download.freebsd.org/ftp/releases/VM-IMAGES/12.1-RELEASE/amd64/Latest/)
> I compiled dovecot from git and was able to reproduce the
> error with the patch mentioned above applied and also without
> any patches at all. From these results i conclude, that
> neither the patches applied in FreeBSDs portstree or the patch
> above have any influence.
>
> I also managed to reproduce the same results on a Debian 10
> machine (also with and without the patch):
>
> doveadm(some.u...@example.com): Panic: file http-client-request.c: 
> line 1232 (http_client_request_send_more): assertion failed: 
> (req->payload_input != NULL)
> doveadm(some.u...@example.com): Error: Raw backtrace: 
> /usr/local/lib/dovecot/libdovecot.so 
> .0(backtrace_append+0x42) [0x7f093f7fc3c2]
> -> /usr/local/lib/dovecot/libdovecot.so 
> .0(backtrace_get+0x1e) [0x7f093f7fc4ce] -> 
> /usr/local/lib/dovecot/libdovecot.so .0(+0xea341) 
> [0x7f093f807341]
> -> /usr/local/lib/dovecot/libdovecot.so 
> .0(+0xea381) [0x7f093f807381] -> 
> /usr/local/lib/dovecot/libdovecot.so .0(i_fatal+0) 
> [0x7f093f75c074]
> -> /usr/local/lib/dovecot/libdovecot.so 
> .0(http_client_request_send_more+0x378) 
> [0x7f093f7a47a8]
> -> /usr/local/lib/dovecot/libdovecot.so 
> .0(http_client_connection_output+0xe4) 
> [0x7f093f7a90f4]
> -> /usr/local/lib/dovecot/libssl_iostream_openssl.so 
> (+0x8bff) [0x7f093ec71bff]
> -> /usr/local/lib/dovecot/libdovecot.so 
> .0(+0x1148b0) [0x7f093f8318b0]

Re: imapsieve: setting imapsieve_url disables admin scripts

[Stephan Bosch]

On 27/10/2020 11:32, Gedalya wrote:

Hello,

The documentation says imapsieve_url "has no effect on the administrator-controlled 
Sieve scripts". However, when setting this item, I get lines such as:

Error: imapsieve: mailbox INBOX: Failed to read /shared/imapsieve/script 
mailbox attribute: Mailbox attributes not enabled

and that's it. imapsieve_mailboxXXX_* settings are completely ignored. 
Unsetting imapsieve_url makes it all work again.


https://doc.dovecot.org/configuration_manual/imap_metadata/

METADATA support is needed for IMAPSieve with user Sieve scripts.

Regards,

Stephan.




# 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.11 (6c69c917)
# OS: Linux 4.19.0-5-amd64 x86_64 Debian bullseye/sid xfs
# Hostname: --
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
imapc_features = rfc822.size fetch-headers
imapc_host = imap.gmail.com
imapc_port = 993
imapc_ssl = imaps
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_gid = vmail
mail_home = /srv/mail/domains/%d/%n
mail_location = mdbox:/srv/mail/domains/%d/%n/mdbox
mail_plugins = quota fts fts_solr
mail_prefetch_count = 20
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
mdbox_preallocate_space = yes
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     autoexpunge = 30 days
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     autoexpunge = 30 days
     special_use = \Trash
   }
   prefix =
   separator = /
}
passdb {
   args = /etc/dovecot/master-users
   driver = passwd-file
   master = yes
   pass = yes
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   fts = solr
   fts_autoindex = yes
   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
   fts_tika = http://127.0.0.1:9998/tika/
   imapsieve_mailbox1_before = file:/usr/local/lib/imapsieve/report-spam.sieve
   imapsieve_mailbox1_causes = COPY
   imapsieve_mailbox1_name = Junk
   imapsieve_mailbox2_before = file:/usr/local/lib/imapsieve/report-ham.sieve
   imapsieve_mailbox2_causes = COPY
   imapsieve_mailbox2_from = Junk
   imapsieve_mailbox2_name = *
   imapsieve_mailbox3_before = file:/usr/local/lib/imapsieve/report-spam.sieve
   imapsieve_mailbox3_causes = COPY
   imapsieve_mailbox3_name = Junk2
   imapsieve_mailbox4_before = file:~/sieve/IMAP-Sent.sieve
   imapsieve_mailbox4_causes = APPEND COPY
   imapsieve_mailbox4_name = Sent
   quota = count:User quota:noenforcing
   quota_rule = *:storage=5120M
   quota_vsizes = yes
   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_before = /etc/dovecot/sieve-global/fileinto-spam.sieve
   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
   sieve_pipe_bin_dir = /usr/local/lib/imapsieve
   sieve_plugins = sieve_imapsieve sieve_extprograms
}
pop3_fast_size_lookups = yes
pop3_no_flag_updates = yes
protocols = " imap lmtp sieve pop3"
quota_full_tempfail = yes
service auth-worker {
   user = $default_internal_user
}
service auth {
   unix_listener auth-client {
     group = Debian-exim
     mode = 0660
     user = Debian-exim
   }
   unix_listener auth-userdb {
     group = vmail
     mode = 0660
     user = vmail
   }
   user = $default_internal_user
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   service_count = 0
}
service imap {
   vsz_limit = 512 M
}
service lmtp {
   inet_listener lmtp {
     address = ---
     port = 2525
   }
   unix_listener lmtp {
     group = Debian-exim
     mode = 0660
     user = root
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   service_count = 0
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   service_count = 0
}
ssl = required
ssl_cert = 

Re: imapc_port not working

[Aki Tuomi]

Not sure what happens if you do that with Sieve refilter (UID FILTER) command 
with imapc. 

Are you sure you want to use imapc and not something like fetchmail here 
instead?

Aki


> On 27/10/2020 11:52 David Tildesley  wrote:
> 
> 
> Hi Aki ,
> 
> I need to Sieve to match the message headers TO, CC, BCC against a list of 
> email addresses. If it gets a match, I want Sieve to set the x-original-to 
> header to that email address (I think I can do that with Sieve extension).
> 
> Is this doable?
> 
> Thanks,
> David.
> 
> On Tuesday, 27 October 2020, 10:47:02 pm NZDT, Aki Tuomi 
>  wrote:
> 
> 
> imap proxy is a "dumb proxy", it will just pass everything to google & back 
> after you've authenticated.
> 
> imapc allows you to use imap sieve to some extent. I'm not sure what kind of 
> Sieve manipulations you have in mind.
> 
> Aki
> 
> 
> > On 27/10/2020 11:42 David Tildesley  wrote:
> > 
> > 
> > Hi Aki,
> > 
> > Thanks. I didn't know that about imapc - but by the way, I finally got it 
> > working.
> > 
> > The reason why I am inserting Dovecot between my (single) client and our 
> > Exchange server (eventually - I am still testing against imap.gmail.com) is 
> > to that I can manipulate the email with Sieve due to limitations of my 
> > client (Genesys).
> > 
> > Give the above scenario, should I use imapc or proxy ?
> > 
> > Thanks for your help.
> > 
> > Regards,
> > David.
> > 
> > 
> > On Tuesday, 27 October 2020, 10:17:37 pm NZDT, Aki Tuomi 
> >  wrote:
> > 
> > 
> > You know that imapc != imap proxy.
> > 
> > imapc is a thin client, which is a "mail storage provider" like maildir.
> > 
> > imap proxy is when you proxy the connection somewhere. this is done with 
> > proxy_ settings in passdb.
> > 
> > You need to specify
> > 
> > ssl_client_ca_dir = /etc/ssl/certs
> > 
> > to get cert verification working with imapc. it's required.
> > 
> > Aki
> > 
> > 
> > > On 27/10/2020 10:54 David Tildesley  wrote:
> > > 
> > > 
> > > I have solved the port problem by specifying it in the passdb section as 
> > > userdb_imapc_port=993
> > > 
> > > But:
> > > This is in the error log when I make a connection from the client:
> > > 
> > > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot 
> > > verify certificate without ssl_ca_dir or ssl_ca_file setting
> > > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): 
> > > command startup failed, throttling for 2 secs
> > > 
> > > 
> > > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
> > >  wrote:
> > > 
> > > 
> > > 
> > > @imapproxy01:/etc/dovecot/conf.d$ dovecot -n
> > > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> > > # Pigeonhole version 0.5.7.2 ()
> > > # OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS
> > > # Hostname: 
> > > imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.net
> > > auth_verbose = yes
> > > disable_plaintext_auth = no
> > > imapc_host = imap.gmail.com
> > > imapc_password = # hidden, use -P to show it
> > > imapc_port = 993
> > > imapc_ssl = imaps
> > > imapc_ssl_verify = no
> > > imapc_user = xxx...@gmail.com
> > > mail_home = /home/vmail/%u
> > > mail_location = imapc:~/imapc
> > > mail_privileged_group = mail
> > > namespace inbox {
> > > inbox = yes
> > > location =
> > > mailbox Drafts {
> > > special_use = \Drafts
> > > }
> > > mailbox Junk {
> > > special_use = \Junk
> > > }
> > > mailbox Sent {
> > > special_use = \Sent
> > > }
> > > mailbox "Sent Messages" {
> > > special_use = \Sent
> > > }
> > > mailbox Trash {
> > > special_use = \Trash
> > > }
> > > prefix =
> > > }
> > > passdb {
> > > args = host=imap.gmail.com port=993 ssl=imaps
> > > default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
> > > userdb_namespace/gmail/subscriptions=no 
> > > userdb_namespace/gmail/separator=. 
> > > userdb_namespace/gmail/prefix=INBOX.gmail. 
> > > userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
> > > userdb_imapc_user=x...@gmail.com 
> > > userdb_imapc_password=#hidden_use-P_to_show# userdb_imapc_ssl=imaps 
> > > userdb_imapc_ssl_ca_dir=/etc/ssl/certs userdb_imapc_port=993
> > > driver = imap
> > > }
> > > plugin {
> > > sieve = file:~/sieve;active=~/.dovecot.sieve
> > > }
> > > protocols = " imap"
> > > ssl_cert =  > > ssl_client_ca_dir = /etc/ssl/certs
> > > ssl_dh = # hidden, use -P to show it
> > > ssl_key = # hidden, use -P to show it
> > > userdb {
> > > driver = prefetch
> > > }
> > > 
> > > On Tuesday, 27 October 2020, 09:16:51 pm NZDT, Aki Tuomi 
> > >  wrote:
> > > 
> > > 
> > > 
> > > > On 27/10/2020 10:08 David Tildesley  wrote:
> > > > 
> > > > 
> > > > Hi,
> > > > 
> > > > Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> > > > 
> > > > I have configured for imap proxy to imap.gmail.com
> > > > 
> > > > However whilst the imapc_host setting is working, imapc_port is not - 
> > > > it ignores the value I set and dovecot always tries to connect to gmail 
> > > > on port 143 (as per error log output).
> > > > 
> > > > I ha

Re: imapc_port not working

[David Tildesley]

 Hi Aki ,
I need to Sieve to match the message headers TO, CC, BCC against a list of 
email addresses. If it gets a match, I want Sieve to set the x-original-to 
header to that email address (I think I can do that with Sieve extension).
Is this doable?
Thanks,David.
On Tuesday, 27 October 2020, 10:47:02 pm NZDT, Aki Tuomi 
 wrote:  
 
 imap proxy is a "dumb proxy", it will just pass everything to google & back 
after you've authenticated.

imapc allows you to use imap sieve to some extent. I'm not sure what kind of 
Sieve manipulations you have in mind.

Aki

> On 27/10/2020 11:42 David Tildesley  wrote:
> 
> 
> Hi Aki,
> 
> Thanks. I didn't know that about imapc - but by the way, I finally got it 
> working.
> 
> The reason why I am inserting Dovecot between my (single) client and our 
> Exchange server (eventually - I am still testing against imap.gmail.com) is 
> to that I can manipulate the email with Sieve due to limitations of my client 
> (Genesys).
> 
> Give the above scenario, should I use imapc or proxy ?
> 
> Thanks for your help.
> 
> Regards,
> David.
> 
> 
> On Tuesday, 27 October 2020, 10:17:37 pm NZDT, Aki Tuomi 
>  wrote:
> 
> 
> You know that imapc != imap proxy.
> 
> imapc is a thin client, which is a "mail storage provider" like maildir.
> 
> imap proxy is when you proxy the connection somewhere. this is done with 
> proxy_ settings in passdb.
> 
> You need to specify
> 
> ssl_client_ca_dir = /etc/ssl/certs
> 
> to get cert verification working with imapc. it's required.
> 
> Aki
> 
> 
> > On 27/10/2020 10:54 David Tildesley  wrote:
> > 
> > 
> > I have solved the port problem by specifying it in the passdb section as 
> > userdb_imapc_port=993
> > 
> > But:
> > This is in the error log when I make a connection from the client:
> > 
> > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot 
> > verify certificate without ssl_ca_dir or ssl_ca_file setting
> > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command 
> > startup failed, throttling for 2 secs
> > 
> > 
> > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
> >  wrote:
> > 
> > 
> > 
> > @imapproxy01:/etc/dovecot/conf.d$ dovecot -n
> > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> > # Pigeonhole version 0.5.7.2 ()
> > # OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS
> > # Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.net
> > auth_verbose = yes
> > disable_plaintext_auth = no
> > imapc_host = imap.gmail.com
> > imapc_password = # hidden, use -P to show it
> > imapc_port = 993
> > imapc_ssl = imaps
> > imapc_ssl_verify = no
> > imapc_user = xxx...@gmail.com
> > mail_home = /home/vmail/%u
> > mail_location = imapc:~/imapc
> > mail_privileged_group = mail
> > namespace inbox {
> > inbox = yes
> > location =
> > mailbox Drafts {
> > special_use = \Drafts
> > }
> > mailbox Junk {
> > special_use = \Junk
> > }
> > mailbox Sent {
> > special_use = \Sent
> > }
> > mailbox "Sent Messages" {
> > special_use = \Sent
> > }
> > mailbox Trash {
> > special_use = \Trash
> > }
> > prefix =
> > }
> > passdb {
> > args = host=imap.gmail.com port=993 ssl=imaps
> > default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
> > userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
> > userdb_namespace/gmail/prefix=INBOX.gmail. 
> > userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
> > userdb_imapc_user=x...@gmail.com 
> > userdb_imapc_password=#hidden_use-P_to_show# userdb_imapc_ssl=imaps 
> > userdb_imapc_ssl_ca_dir=/etc/ssl/certs userdb_imapc_port=993
> > driver = imap
> > }
> > plugin {
> > sieve = file:~/sieve;active=~/.dovecot.sieve
> > }
> > protocols = " imap"
> > ssl_cert =  > ssl_client_ca_dir = /etc/ssl/certs
> > ssl_dh = # hidden, use -P to show it
> > ssl_key = # hidden, use -P to show it
> > userdb {
> > driver = prefetch
> > }
> > 
> > On Tuesday, 27 October 2020, 09:16:51 pm NZDT, Aki Tuomi 
> >  wrote:
> > 
> > 
> > 
> > > On 27/10/2020 10:08 David Tildesley  wrote:
> > > 
> > > 
> > > Hi,
> > > 
> > > Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> > > 
> > > I have configured for imap proxy to imap.gmail.com
> > > 
> > > However whilst the imapc_host setting is working, imapc_port is not - it 
> > > ignores the value I set and dovecot always tries to connect to gmail on 
> > > port 143 (as per error log output).
> > > 
> > > I have the imapc settings in the 10-mail.conf which gets loaded by 
> > > dovecoat.conf
> > > 
> > > Looks like a bug.
> > > 
> > > Any assistance would appreciated.
> > > 
> > > Regards,
> > > David.
> > 
> > 
> > Can you provide output of `doveconf -n`?
> > 
> > Aki
> >
  

Re: imapc_port not working

[Aki Tuomi]

imap proxy is a "dumb proxy", it will just pass everything to google & back 
after you've authenticated.

imapc allows you to use imap sieve to some extent. I'm not sure what kind of 
Sieve manipulations you have in mind.

Aki

> On 27/10/2020 11:42 David Tildesley  wrote:
> 
> 
> Hi Aki,
> 
> Thanks. I didn't know that about imapc - but by the way, I finally got it 
> working.
> 
> The reason why I am inserting Dovecot between my (single) client and our 
> Exchange server (eventually - I am still testing against imap.gmail.com) is 
> to that I can manipulate the email with Sieve due to limitations of my client 
> (Genesys).
> 
> Give the above scenario, should I use imapc or proxy ?
> 
> Thanks for your help.
> 
> Regards,
> David.
> 
> 
> On Tuesday, 27 October 2020, 10:17:37 pm NZDT, Aki Tuomi 
>  wrote:
> 
> 
> You know that imapc != imap proxy.
> 
> imapc is a thin client, which is a "mail storage provider" like maildir.
> 
> imap proxy is when you proxy the connection somewhere. this is done with 
> proxy_ settings in passdb.
> 
> You need to specify
> 
> ssl_client_ca_dir = /etc/ssl/certs
> 
> to get cert verification working with imapc. it's required.
> 
> Aki
> 
> 
> > On 27/10/2020 10:54 David Tildesley  wrote:
> > 
> > 
> > I have solved the port problem by specifying it in the passdb section as 
> > userdb_imapc_port=993
> > 
> > But:
> > This is in the error log when I make a connection from the client:
> > 
> > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot 
> > verify certificate without ssl_ca_dir or ssl_ca_file setting
> > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command 
> > startup failed, throttling for 2 secs
> > 
> > 
> > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
> >  wrote:
> > 
> > 
> > 
> > @imapproxy01:/etc/dovecot/conf.d$ dovecot -n
> > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> > # Pigeonhole version 0.5.7.2 ()
> > # OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS
> > # Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.net
> > auth_verbose = yes
> > disable_plaintext_auth = no
> > imapc_host = imap.gmail.com
> > imapc_password = # hidden, use -P to show it
> > imapc_port = 993
> > imapc_ssl = imaps
> > imapc_ssl_verify = no
> > imapc_user = xxx...@gmail.com
> > mail_home = /home/vmail/%u
> > mail_location = imapc:~/imapc
> > mail_privileged_group = mail
> > namespace inbox {
> > inbox = yes
> > location =
> > mailbox Drafts {
> > special_use = \Drafts
> > }
> > mailbox Junk {
> > special_use = \Junk
> > }
> > mailbox Sent {
> > special_use = \Sent
> > }
> > mailbox "Sent Messages" {
> > special_use = \Sent
> > }
> > mailbox Trash {
> > special_use = \Trash
> > }
> > prefix =
> > }
> > passdb {
> > args = host=imap.gmail.com port=993 ssl=imaps
> > default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
> > userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
> > userdb_namespace/gmail/prefix=INBOX.gmail. 
> > userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
> > userdb_imapc_user=x...@gmail.com 
> > userdb_imapc_password=#hidden_use-P_to_show# userdb_imapc_ssl=imaps 
> > userdb_imapc_ssl_ca_dir=/etc/ssl/certs userdb_imapc_port=993
> > driver = imap
> > }
> > plugin {
> > sieve = file:~/sieve;active=~/.dovecot.sieve
> > }
> > protocols = " imap"
> > ssl_cert =  > ssl_client_ca_dir = /etc/ssl/certs
> > ssl_dh = # hidden, use -P to show it
> > ssl_key = # hidden, use -P to show it
> > userdb {
> > driver = prefetch
> > }
> > 
> > On Tuesday, 27 October 2020, 09:16:51 pm NZDT, Aki Tuomi 
> >  wrote:
> > 
> > 
> > 
> > > On 27/10/2020 10:08 David Tildesley  wrote:
> > > 
> > > 
> > > Hi,
> > > 
> > > Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> > > 
> > > I have configured for imap proxy to imap.gmail.com
> > > 
> > > However whilst the imapc_host setting is working, imapc_port is not - it 
> > > ignores the value I set and dovecot always tries to connect to gmail on 
> > > port 143 (as per error log output).
> > > 
> > > I have the imapc settings in the 10-mail.conf which gets loaded by 
> > > dovecoat.conf
> > > 
> > > Looks like a bug.
> > > 
> > > Any assistance would appreciated.
> > > 
> > > Regards,
> > > David.
> > 
> > 
> > Can you provide output of `doveconf -n`?
> > 
> > Aki
> >

Re: imapc_port not working

[David Tildesley]

 Hi Aki,
Thanks. I didn't know that about imapc - but by the way, I finally got it 
working.
The reason why I am inserting Dovecot between my (single) client and our 
Exchange server (eventually - I am still testing against imap.gmail.com)  is to 
that I can manipulate the email with Sieve due to limitations of my client 
(Genesys).
Give the above scenario, should I use imapc or proxy ?
Thanks for your help.
Regards,
David.

On Tuesday, 27 October 2020, 10:17:37 pm NZDT, Aki Tuomi 
 wrote:  
 
 You know that imapc != imap proxy.

imapc is a thin client, which is a "mail storage provider" like maildir.

imap proxy is when you proxy the connection somewhere. this is done with proxy_ 
settings in passdb.

You need to specify

ssl_client_ca_dir = /etc/ssl/certs

to get cert verification working with imapc. it's required.

Aki

> On 27/10/2020 10:54 David Tildesley  wrote:
> 
> 
> I have solved the port problem by specifying it in the passdb section as 
> userdb_imapc_port=993
> 
> But:
> This is in the error log when I make a connection from the client:
> 
> Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify 
> certificate without ssl_ca_dir or ssl_ca_file setting
> Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command 
> startup failed, throttling for 2 secs
> 
> 
> On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
>  wrote:
> 
> 
> 
> @imapproxy01:/etc/dovecot/conf.d$ dovecot -n
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 ()
> # OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS
> # Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.net
> auth_verbose = yes
> disable_plaintext_auth = no
> imapc_host = imap.gmail.com
> imapc_password = # hidden, use -P to show it
> imapc_port = 993
> imapc_ssl = imaps
> imapc_ssl_verify = no
> imapc_user = xxx...@gmail.com
> mail_home = /home/vmail/%u
> mail_location = imapc:~/imapc
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = host=imap.gmail.com port=993 ssl=imaps
> default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
> userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
> userdb_namespace/gmail/prefix=INBOX.gmail. 
> userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
> userdb_imapc_user=x...@gmail.com userdb_imapc_password=#hidden_use-P_to_show# 
> userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
> userdb_imapc_port=993
> driver = imap
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> protocols = " imap"
> ssl_cert =  ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = prefetch
> }
> 
> On Tuesday, 27 October 2020, 09:16:51 pm NZDT, Aki Tuomi 
>  wrote:
> 
> 
> 
> > On 27/10/2020 10:08 David Tildesley  wrote:
> > 
> > 
> > Hi,
> > 
> > Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> > 
> > I have configured for imap proxy to imap.gmail.com
> > 
> > However whilst the imapc_host setting is working, imapc_port is not - it 
> > ignores the value I set and dovecot always tries to connect to gmail on 
> > port 143 (as per error log output).
> > 
> > I have the imapc settings in the 10-mail.conf which gets loaded by 
> > dovecoat.conf
> > 
> > Looks like a bug.
> > 
> > Any assistance would appreciated.
> > 
> > Regards,
> > David.
> 
> 
> Can you provide output of `doveconf -n`?
> 
> Aki
>
  

Re: imapc_port not working

[Aki Tuomi]

You know that imapc != imap proxy.

imapc is a thin client, which is a "mail storage provider" like maildir.

imap proxy is when you proxy the connection somewhere. this is done with proxy_ 
settings in passdb.

You need to specify

ssl_client_ca_dir = /etc/ssl/certs

to get cert verification working with imapc. it's required.

Aki

> On 27/10/2020 10:54 David Tildesley  wrote:
> 
> 
> I have solved the port problem by specifying it in the passdb section as 
> userdb_imapc_port=993
> 
> But:
> This is in the error log when I make a connection from the client:
> 
> Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify 
> certificate without ssl_ca_dir or ssl_ca_file setting
> Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command 
> startup failed, throttling for 2 secs
> 
> 
> On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
>  wrote:
> 
> 
> 
> @imapproxy01:/etc/dovecot/conf.d$ dovecot -n
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 ()
> # OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS
> # Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.net
> auth_verbose = yes
> disable_plaintext_auth = no
> imapc_host = imap.gmail.com
> imapc_password = # hidden, use -P to show it
> imapc_port = 993
> imapc_ssl = imaps
> imapc_ssl_verify = no
> imapc_user = xxx...@gmail.com
> mail_home = /home/vmail/%u
> mail_location = imapc:~/imapc
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = host=imap.gmail.com port=993 ssl=imaps
> default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
> userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
> userdb_namespace/gmail/prefix=INBOX.gmail. 
> userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
> userdb_imapc_user=x...@gmail.com userdb_imapc_password=#hidden_use-P_to_show# 
> userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
> userdb_imapc_port=993
> driver = imap
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> protocols = " imap"
> ssl_cert =  ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = prefetch
> }
> 
> On Tuesday, 27 October 2020, 09:16:51 pm NZDT, Aki Tuomi 
>  wrote:
> 
> 
> 
> > On 27/10/2020 10:08 David Tildesley  wrote:
> > 
> > 
> > Hi,
> > 
> > Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> > 
> > I have configured for imap proxy to imap.gmail.com
> > 
> > However whilst the imapc_host setting is working, imapc_port is not - it 
> > ignores the value I set and dovecot always tries to connect to gmail on 
> > port 143 (as per error log output).
> > 
> > I have the imapc settings in the 10-mail.conf which gets loaded by 
> > dovecoat.conf
> > 
> > Looks like a bug.
> > 
> > Any assistance would appreciated.
> > 
> > Regards,
> > David.
> 
> 
> Can you provide output of `doveconf -n`?
> 
> Aki
>

Re: imapc_port not working

[David Tildesley]

 I solved that certificate problem (temporarily) by disabling cert check.
But now I get the following more obscure error:
Error: Couldn't drop privileges: User is missing UID (see mail_uid setting)

On Tuesday, 27 October 2020, 09:55:28 pm NZDT, David Tildesley 
 wrote:  
 
  I have solved the port problem by specifying it in the passdb section as 
userdb_imapc_port=993
But:This is in the error log when I make a connection from the client:
Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify 
certificate without ssl_ca_dir or ssl_ca_file settingOct 27 08:49:16 
imapproxy01 dovecot: master: Error: service(auth): command startup failed, 
throttling for 2 secs

On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
 wrote:  
 
  
@imapproxy01:/etc/dovecot/conf.d$ dovecot -n# 2.3.7.2 (3c910f64b): 
/etc/dovecot/dovecot.conf# Pigeonhole version 0.5.7.2 ()# OS: Linux 
5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS# Hostname: 
imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.netauth_verbose = 
yesdisable_plaintext_auth = noimapc_host = imap.gmail.comimapc_password = # 
hidden, use -P to show itimapc_port = 993imapc_ssl = imapsimapc_ssl_verify = 
noimapc_user = xx@gmail.commail_home = /home/vmail/%umail_location = 
imapc:~/imapcmail_privileged_group = mailnamespace inbox {  inbox = yes  
location =  mailbox Drafts {    special_use = \Drafts  }  mailbox Junk {    
special_use = \Junk  }  mailbox Sent {    special_use = \Sent  }  mailbox "Sent 
Messages" {    special_use = \Sent  }  mailbox Trash {    special_use = \Trash  
}  prefix =}passdb {  args = host=imap.gmail.com port=993 ssl=imaps  
default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
userdb_namespace/gmail/prefix=INBOX.gmail. 
userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
userdb_imapc_user=x...@gmail.com userdb_imapc_password=#hidden_use-P_to_show# 
userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
userdb_imapc_port=993  driver = imap}plugin {  sieve = 
file:~/sieve;active=~/.dovecot.sieve}protocols = " imap"ssl_cert = 
 wrote:  
 
 
> On 27/10/2020 10:08 David Tildesley  wrote:
> 
> 
> Hi,
> 
> Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> 
> I have configured for imap proxy to imap.gmail.com
> 
> However whilst the imapc_host setting is working, imapc_port is not - it 
> ignores the value I set and dovecot always tries to connect to gmail on port 
> 143 (as per error log output).
> 
> I have the imapc settings in the 10-mail.conf which gets loaded by 
> dovecoat.conf
> 
> Looks like a bug.
> 
> Any assistance would appreciated.
> 
> Regards,
> David.

Can you provide output of `doveconf -n`?

Aki
  

Re: imapc_port not working

[David Tildesley]

 I have solved the port problem by specifying it in the passdb section as 
userdb_imapc_port=993
But:This is in the error log when I make a connection from the client:
Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify 
certificate without ssl_ca_dir or ssl_ca_file settingOct 27 08:49:16 
imapproxy01 dovecot: master: Error: service(auth): command startup failed, 
throttling for 2 secs

On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley 
 wrote:  
 
  
@imapproxy01:/etc/dovecot/conf.d$ dovecot -n# 2.3.7.2 (3c910f64b): 
/etc/dovecot/dovecot.conf# Pigeonhole version 0.5.7.2 ()# OS: Linux 
5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS# Hostname: 
imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.netauth_verbose = 
yesdisable_plaintext_auth = noimapc_host = imap.gmail.comimapc_password = # 
hidden, use -P to show itimapc_port = 993imapc_ssl = imapsimapc_ssl_verify = 
noimapc_user = xx@gmail.commail_home = /home/vmail/%umail_location = 
imapc:~/imapcmail_privileged_group = mailnamespace inbox {  inbox = yes  
location =  mailbox Drafts {    special_use = \Drafts  }  mailbox Junk {    
special_use = \Junk  }  mailbox Sent {    special_use = \Sent  }  mailbox "Sent 
Messages" {    special_use = \Sent  }  mailbox Trash {    special_use = \Trash  
}  prefix =}passdb {  args = host=imap.gmail.com port=993 ssl=imaps  
default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
userdb_namespace/gmail/prefix=INBOX.gmail. 
userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
userdb_imapc_user=x...@gmail.com userdb_imapc_password=#hidden_use-P_to_show# 
userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
userdb_imapc_port=993  driver = imap}plugin {  sieve = 
file:~/sieve;active=~/.dovecot.sieve}protocols = " imap"ssl_cert = 
 wrote:  
 
 
> On 27/10/2020 10:08 David Tildesley  wrote:
> 
> 
> Hi,
> 
> Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> 
> I have configured for imap proxy to imap.gmail.com
> 
> However whilst the imapc_host setting is working, imapc_port is not - it 
> ignores the value I set and dovecot always tries to connect to gmail on port 
> 143 (as per error log output).
> 
> I have the imapc settings in the 10-mail.conf which gets loaded by 
> dovecoat.conf
> 
> Looks like a bug.
> 
> Any assistance would appreciated.
> 
> Regards,
> David.

Can you provide output of `doveconf -n`?

Aki

Re: imapc_port not working

[David Tildesley]

 
@imapproxy01:/etc/dovecot/conf.d$ dovecot -n# 2.3.7.2 (3c910f64b): 
/etc/dovecot/dovecot.conf# Pigeonhole version 0.5.7.2 ()# OS: Linux 
5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS# Hostname: 
imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.netauth_verbose = 
yesdisable_plaintext_auth = noimapc_host = imap.gmail.comimapc_password = # 
hidden, use -P to show itimapc_port = 993imapc_ssl = imapsimapc_ssl_verify = 
noimapc_user = xx@gmail.commail_home = /home/vmail/%umail_location = 
imapc:~/imapcmail_privileged_group = mailnamespace inbox {  inbox = yes  
location =  mailbox Drafts {    special_use = \Drafts  }  mailbox Junk {    
special_use = \Junk  }  mailbox Sent {    special_use = \Sent  }  mailbox "Sent 
Messages" {    special_use = \Sent  }  mailbox Trash {    special_use = \Trash  
}  prefix =}passdb {  args = host=imap.gmail.com port=993 ssl=imaps  
default_fields = userdb_namespace=gmail userdb_namespace/gmail/list=yes 
userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
userdb_namespace/gmail/prefix=INBOX.gmail. 
userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
userdb_imapc_user=x...@gmail.com userdb_imapc_password=#hidden_use-P_to_show# 
userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
userdb_imapc_port=993  driver = imap}plugin {  sieve = 
file:~/sieve;active=~/.dovecot.sieve}protocols = " imap"ssl_cert = 
 wrote:  
 
 
> On 27/10/2020 10:08 David Tildesley  wrote:
> 
> 
> Hi,
> 
> Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> 
> I have configured for imap proxy to imap.gmail.com
> 
> However whilst the imapc_host setting is working, imapc_port is not - it 
> ignores the value I set and dovecot always tries to connect to gmail on port 
> 143 (as per error log output).
> 
> I have the imapc settings in the 10-mail.conf which gets loaded by 
> dovecoat.conf
> 
> Looks like a bug.
> 
> Any assistance would appreciated.
> 
> Regards,
> David.

Can you provide output of `doveconf -n`?

Aki
  

Re: imapc_port not working

[Aki Tuomi]

> On 27/10/2020 10:08 David Tildesley  wrote:
> 
> 
> Hi,
> 
> Dovecot v2.3.7.2 on Ubuntu 18.04LTS
> 
> I have configured for imap proxy to imap.gmail.com
> 
> However whilst the imapc_host setting is working, imapc_port is not - it 
> ignores the value I set and dovecot always tries to connect to gmail on port 
> 143 (as per error log output).
> 
> I have the imapc settings in the 10-mail.conf which gets loaded by 
> dovecoat.conf
> 
> Looks like a bug.
> 
> Any assistance would appreciated.
> 
> Regards,
> David.

Can you provide output of `doveconf -n`?

Aki

imapc_port not working

[David Tildesley]

Hi,
Dovecot v2.3.7.2 on Ubuntu 18.04LTS

I have configured for imap proxy to imap.gmail.com
However whilst the imapc_host setting is working, imapc_port is not - it 
ignores the value I set and dovecot always tries to connect to gmail on port 
143 (as per error log output).
I have the imapc settings in the 10-mail.conf which gets loaded by dovecoat.conf
Looks like a bug.
Any assistance would appreciated.
Regards,David.