Re: Dovecot v2.3.17.1 Released

[Peter]

On 8/12/21 2:12 am, Alan Swanson wrote:

On Tue, 2021-12-07 at 12:09 +0100, Frank Elsner wrote:

On Tue, 7 Dec 2021 12:44:33 +0200 (EET) Aki Tuomi wrote:

We are happy to announce 2.3.17.1 patch release of Dovecot. This
contains some fixes for issues found after 2.3.17 release.


I still get the old error:

Dec  7 12:05:02 christo dovecot[481494]: master: Dovecot v2.3.17.1
(476cd46418) starting up for imap
Dec  7 12:05:17 christo dovecot[481540]: imap-login: Login: frank,
192.168.28.84, TLS
Dec  7 12:05:18 christo dovecot[481540]: IMAP(frank,192.168.28.84):
Fatal: master: service(imap): child 481654 killed with signal 11 (core
dumped)


[SNIP]


    Message: Process 481654 (imap) of user 1953 dumped core.
 
     Stack trace of thread 481654:

     #0  0x7fbd353c32cb fts_user_autoindex_exclude
(lib20_fts_plugin.so + 0xa2cb)
     #1  0x7fbd353cc3b6 fts_mailbox_allocated
(lib20_fts_plugin.so + 0x133b6)
 #2  0x7fbd35895d1c hook_mailbox_allocated

(libdovecot-storage.so.0 + 0x62d1c)

Reverting commit "fts: Use mailbox-match-plugin API for
fts_autoindex_exclude" resolved this core dump in lib20_fts_plugin.so
for me.

https://github.com/dovecot/core/commit/9d02ac2e4232cc69bc37344c6341674b87078301


Is this fixed yet in 2.3.18?


Peter

Re: Lucene support for FTS - EOL date.

[Michael Slusarz]

> On 02/04/2022 4:03 AM Jacek Grabowski  wrote:
> 
> Actually on the https://doc.dovecot.org/configuration_manual/fts/lucene/ site 
> we can read about lucene fts plugin:
> 
> "This plugin is no longer maintained in Dovecot (as of 2.3+) and will be 
> removed in the future."
> 
> Does anyone know about approximate EOL date for lucene plugin support in 
> Dovecot?
> 
Realistically ... many years ago.  There has been no maintenance or testing of 
the code for years now.

michael

Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

[Sebastian Nielsen]

I get it too. These appear because they don't replace either MAIL FROM: or Mime 
From: with the list address. This causes validations to fail since the mailing 
list is trying to spoof mail in your name, and of course, anti-spoofing 
security is going to react. DKIM can be troublesome since mailing lists 
sometimes change or reencode content so DKIM signature fails.

-Ursprungligt meddelande-
Från: dovecot-boun...@dovecot.org  För Lev 
Serebryakov
Skickat: den 4 februari 2022 21:58
Till: dovecot@dovecot.org
Ämne: dovecot mailing list (this mailing list), DKIM, SPF and DMARC


  My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies 
configured. It works fine till I write to this mailing list.

  After that I've got several DMARC reports about "spam" from my domain. All 
these reports are about my mailing list post.

  I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK 
ones, and others).

  Looks like mailing list software for this mailing list is misconfigured.

  I'm sure, I'll get new after this message.

-- 
// Black Lion AKA Lev Serebryakov

dovecot mailing list (this mailing list), DKIM, SPF and DMARC

[Lev Serebryakov]

 My domain (serebrtyajov.spb.ru) has all these "new" e-mail technologies 
configured. It works fine till I write to this mailing list.

 After that I've got several DMARC reports about "spam" from my domain. All 
these reports are about my mailing list post.

 I don't have such problems with other mailing lists (FreeBSD ones, OpenJDK 
ones, and others).

 Looks like mailing list software for this mailing list is misconfigured.

 I'm sure, I'll get new after this message.

--
// Black Lion AKA Lev Serebryakov

Re: [EXT] AW: Re: Dovecot installation problem (libssl_iostream_openssl.so is not portable!)

[Aki Tuomi]

I am not able to reproduce your issue, which makes it very hard to fix this.. 
Please keep responses on the list.

Aki

> On 04/02/2022 20:21 Dimitri  wrote:
> 
>  
> Hi Aki,
> 
> yes, i even have reinstalled the whole OS, but still the same error.
> 
> 
> Sent with ProtonMail Secure Email.
> 
> --- Original Message ---
> 
> Aki Tuomi  schrieb am Freitag, 4. Februar 2022 um 
> 19:17:
> 
> > On 04/02/2022 20:14 Dimitri dimitri_em...@protonmail.com wrote:
> >
> > No One?
> >
> > Nobody there who can help me?
> 
> Did you ensure you cleaned up openssl 3.0 files before trying again?
> 
> Aki

Re: Password Mismatch when connecting from Email Client

[Benny Pedersen]

On 2022-02-04 18:33, Francis Greaves wrote:

Well my PostfixAdmin is setup like this:

$CONF['encrypt'] = 'md5crypt';

and dovecot default_pass_scheme = MD5-CRYPT

So I would have thought that would match OK.

I have tried a password with just AlphaNumeric characters, no special
chars but same error.



and thats why i asked what is in mysql password field

no info no help here


should i keep repeat ?

Re: Dovecot installation problem (libssl_iostream_openssl.so is not portable!)

[Aki Tuomi]

> On 04/02/2022 20:14 Dimitri  wrote:
> 
> 
> No One?
> 
> Nobody there who can help me?
>

Did you ensure you cleaned up openssl 3.0 files before trying again?

Aki

Dovecot installation problem (libssl_iostream_openssl.so is not portable!)

[Dimitri]

No One?

Nobody there who can help me?

Re: Password Mismatch when connecting from Email Client

[Alexander Dalloz]

Am 04.02.2022 um 18:33 schrieb Francis Greaves:

Well my PostfixAdmin is setup like this:

$CONF['encrypt'] = 'md5crypt';

and dovecot default_pass_scheme = MD5-CRYPT


Use

$CONF['encrypt'] = 'dovecot:MD5-CRYPT'
$CONF['dovecotpw'] = "/path/to/doveadm pw";

in conf.inc.php of Postfixadmin.

Alexander

Re: Password Mismatch when connecting from Email Client

[Francis Greaves]

Well my PostfixAdmin is setup like this:



$CONF['encrypt'] = 'md5crypt';



and dovecot default_pass_scheme = MD5-CRYPT



So I would have thought that would match OK.



I have tried a password with just AlphaNumeric characters, no special chars but 
same error.






 On Fri, 04 Feb 2022 17:16:05 + Benny Pedersen  wrote 



On 2022-02-04 18:08, João Silva wrote: 
> On 04/02/2022 16:51, Francis Greaves wrote: 
> 
>> My dovecot-sql.conf.ext file has this line: 
>> 
>> default_pass_scheme = MD5-CRYPT 
>> 
>> looking in the postfixadmin database passwords are encrypted 
> 
> How? there are several ways to encrypt passwords. If the 
> default_pass_scheme mismatch the way postfixadmin encrypts the 
> passwords the verification will fail. 
 
and thats why i asked what is in mysql password field 
 
no info no help here

Re: Password Mismatch when connecting from Email Client

[justina colmena ~biz]

That is a test user on a private network. Not publicly accessible at all.

Anyways, I have had the best luck on dovecot and postfix with the unix/linux 
utility "pass" to generate fairly long alphanumeric-only passwords as I have 
found that any special characters in passwords are ending up garbled or 
misinterpreted when I attempt to log in to dovecot on IMAP or POP.

On February 4, 2022 7:37:54 AM AKST, Benny Pedersen  wrote:
>On 2022-02-04 17:17, Dr Francis Greaves wrote:
>
>> Any help much appreciated.
>
>what is stored in mysql on the password field ?
>
>you dont need to expose passwords in maillists 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Password Mismatch when connecting from Email Client

[Benny Pedersen]

On 2022-02-04 18:08, João Silva wrote:

On 04/02/2022 16:51, Francis Greaves wrote:


My dovecot-sql.conf.ext file has this line:

default_pass_scheme = MD5-CRYPT

looking in the postfixadmin database passwords are encrypted


How? there are several ways to encrypt passwords. If the
default_pass_scheme mismatch the way postfixadmin encrypts the
passwords the verification will fail.


and thats why i asked what is in mysql password field

no info no help here

Re: Password Mismatch when connecting from Email Client

[João Silva]

On 04/02/2022 16:51, Francis Greaves wrote:

My dovecot-sql.conf.ext file has this line:
default_pass_scheme = MD5-CRYPT
looking in the postfixadmin database passwords are encrypted


How? there are several ways to encrypt passwords. If the 
default_pass_scheme mismatch the way postfixadmin encrypts the passwords 
the verification will fail.







 On Fri, 04 Feb 2022 16:37:54 + *Benny Pedersen * 
wrote 


On 2022-02-04 17:17, Dr Francis Greaves wrote:

> Any help much appreciated.

what is stored in mysql on the password field ?

you dont need to expose passwords in maillists 

Re: Password Mismatch when connecting from Email Client

[Francis Greaves]

My dovecot-sql.conf.ext file has this line:

default_pass_scheme = MD5-CRYPT

looking in the postfixadmin database passwords are encrypted







 On Fri, 04 Feb 2022 16:37:54 + Benny Pedersen  wrote 



On 2022-02-04 17:17, Dr Francis Greaves wrote: 
 
> Any help much appreciated. 
 
what is stored in mysql on the password field ? 
 
you dont need to expose passwords in maillists 

Re: Password Mismatch when connecting from Email Client

[Benny Pedersen]

On 2022-02-04 17:17, Dr Francis Greaves wrote:


Any help much appreciated.


what is stored in mysql on the password field ?

you dont need to expose passwords in maillists 

Re: Password Mismatch when connecting from Email Client

[João Silva]

The passwords are stored in plaintext in the database?

Already checked

https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/DOVECOT.txt 



Once a dumped to a postfix admin database crypt passwords straight from 
/etc/shadow without a single issue, that's why I'm asking if the 
passwords are in plaintext or not.


On 04/02/2022 16:17, Dr Francis Greaves wrote:


Dear All

I have Postfix version 3.3.0, Dovecot Version 2.2.33.2 and 
PostfixAdmin version 3.3.10 using MySQL on a small device running 
Ubuntu VERSION="18.04.6 LTS (Bionic Beaver)" for my internal LAN Mail.


I have a user ad...@fsoft.nnet with a mailbox setup in PostfixAdmin 
with a password as 'Test75?'


Everything is running fine, but I cannot get my Email Client 
Thunderbird to connect.


I have setup the debugging to see that the correct password is being 
used, which it is, but I have this error:


dovecot: auth-worker(26468):
sql(ad...@fsoft.nnet,10.6.10.10,): Password
mismatch (given password: Test75?)

showing that dovecot disagrees!!!

Why is this? Is it something to do with the permissions in PostfixAdmin?

I did find a post on Server Fault 
 
where someone had the same problem. He just tried various passwords 
until he found one that worked I have not found any other post 
about this exact problem.


Any help much appreciated.

Regards
Francis

Password Mismatch when connecting from Email Client

[Dr Francis Greaves]

Dear All
I have
Postfix version 3.3.0, Dovecot Version 2.2.33.2 and PostfixAdmin
version 3.3.10 using MySQL on a small device running Ubuntu
VERSION="18.04.6 LTS (Bionic Beaver)" for my internal LAN
Mail.

I have a user mailto:ad...@fsoft.nnet with a mailbox setup in
PostfixAdmin with a password as 'Test75?'

Everything is running fine, but I cannot get my Email Client
Thunderbird to connect.

I have setup the debugging to see that the correct password
is being used, which it is, but I have this error:

dovecot: auth-worker(26468):
sql(mailto:ad...@fsoft.nnet,10.6.10.10,): Password
mismatch (given password: Test75?)


showing that dovecot disagrees!!!

Why is this? Is it something to do with the permissions in
PostfixAdmin?

I did find 
https://serverfault.com/questions/696715/password-mismatch-in-dovecot-with-postafixadmin
 where someone had the same problem. He just tried various passwords until he 
found one that
worked I have not found any other post about this exact problem.

Any help much appreciated.

Regards

Francis

Problem with chrooted user, manage-sieve plugin, lmtp and Thunderbird manage sieve extension: wrong symbolic link to active script

[Lev Serebryakov]

 I'm not sure, is it dovecot-managesieve plugin or Thunderbird extension.

 I have virtual users which are "chrooted" to their Maildirs, like this:

user_query = SELECT '/usr/home/hosted/v-mail/%d/%n' AS chroot, \
'/' AS home, 'maildir:~/' AS mail, email.uid AS uid, email.gid AS gid 
FROM \


 It works perfectly.

 I'm using sieve and manage-sieve plugins for dovecot. `.dovecot.sieve` link is 
relative, like this:

v-mail@onlyone:~/serebryakov.spb.ru/lev # ls -l .dovecot.sieve
lrwxr-xr-x  1 root  v-mail  17 Feb  4 18:19 .dovecot.sieve -> sieve/TOTAL.sieve

 It works. But when I deactivate/activate script via Manage sieve extension in 
Thunderbird link becomes absolute (with respect to chroot):

v-mail@onlyone:~/serebryakov.spb.ru/lev # ls -l .dovecot.sieve
lrwxr-xr-x  1 root  v-mail  17 Feb  4 18:19 .dovecot.sieve -> /sieve/TOTAL.sieve

  and delivery agent (LMTP) start to complain:

v-mail@onlyone:~/serebryakov.spb.ru/lev # grep .dovecot.sieve 
/var/log/dovecot.log
Feb 04 18:18:42 lmtp(l...@serebryakov.spb.ru)<36054>: 
Warning: sieve: file storage: Active sieve script symlink 
/usr/home/hosted/v-mail/serebryakov.spb.ru/lev/.dovecot.sieve is broken: Invalid/unknown 
path to storage (points to /sieve).

 I'm not sure, is it problem of manage-sieve plugin, lmtp sieve plugin or 
Thunderbird Sieve extension...

--
// Black Lion AKA Lev Serebryakov

Feature request: use`openid_configuration_url` to guess OIDC endpoints and keys

[Éloi Rivard]

Since version 2.3.16 dovecot has a openid_configuration_url [1] configuration
parameter. Here is the documentation about this parameter:

> Support for RFC 7628 OpenID Discovery (OIDC) can be achieved with 
> openid_configuration_url setting. Setting this causes Dovecot to report OIDC
> configuration URL as openid-configuration element in error JSON.

After reading the RFC I understand this brings some context to the error
messages, but at first glance I would have expected more from this parameter.

- Dovecot could read the userinfo_endpoint option [2] in the OIDC discovery
endpoint to guess the IDP userinfo endpoint [3], and make the dovecot
introspection_url parameter optional.

- Dovecot could read the introspection_endpoint option [4] in the OIDC discovery
endpoint to guess the IDP introspection endpoint [5], and make the dovecot
tokeninfo_url parameter optional. RFC8414 is still a draft though, but there
seems to be a convention about this parameter be called either
token_introspection_endpoint or introspection_endpoint. Maybe both could be
checked?

- Dovecot could read the jwks_uri [4] option in the OIDC discovery endpoint to
guess the IDP public keys, and make the local_validation_key_dict dovecot
parameter optional.

I would suggest to keep the values in introspection_url, tokeninfo_url and
local_validation_key_dict if defined, but use the values found in the OIDC
discovery endpoint by default.

I think this would really help using OAUTH with dovecot.
What do you think?

[1]
https://doc.dovecot.org/configuration_manual/authentication/oauth2/#openid-discovery
[2] https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
[3] https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
[4] https://datatracker.ietf.org/doc/html/rfc8414#section-2
[5] https://datatracker.ietf.org/doc/html/rfc7662

Lucene support for FTS - EOL date.

[Jacek Grabowski]

Hello

Actually on the https://doc.dovecot.org/configuration_manual/fts/lucene/
site we can read about lucene fts plugin:

"This plugin is no longer maintained in Dovecot (as of 2.3+) and will be
removed in the future."

Does anyone know about approximate EOL date for lucene plugin support in
Dovecot?



-- 
Pozdrawiam.
Jacek Grabowski.