Re: Recommended tool for migrating IMAP servers
Imapsync for sure. Have used it for both IMAP to IMAP and IMAP to Exchange migrations. Works great. > On Dec 3, 2017, at 2:08 PM, x9p wrote: > > Hi, > > I vouch for imapsync. Have used it in the past with quite a big amount of > emails. > > cheers. > > x0p > >> Hi Friends, >> I would like to ask you a suggestion: >> I need to migrate a imap server to a new one and then dismiss the old >> one. >> Reading from relative Dovecot documentation page >> (https://wiki.dovecot.org/Migration), more tools are shown: >> >> UW-IMAP's mailutil, imapsync, YippieMove and Larch. >> >> The each mail servers are Linux based, one of this (mine) is Dovecot. >> Based on your experience which of these tools would be preferable to >> use? >> >> >> Thank you very much >> >> Davide >> > >
Re: sieve vacation script exclude based on sender email address
On 1 Jun 2016 at 16:49, Stephan Bosch wrote: > > I've been looking at the sieve docs and recipes, done a lot of googling but > > no joy so far. > > > > Using stanard vacation script and that works great, however I want to > > exclude certain sender email addressess from ever receiving a vacation > > autoresponse, how do I go about adding that to my existing vacation recipe. > > > > I suspect my search terminology is what is causing me not to find anything > > as I typically am using exclude and similar search terms. > > Just use the envelope test: > > https://tools.ietf.org/html/rfc5228#section-5.4 > > Regards, > > Stephan. Any recommendations for example usage, the RFC doesn't really tell me how to use it so that the vacation script will not reply if the header test turns out to be true. I just want the email to be delivered without an autoresponse at that point. -- Harondel J. Sibble Sibble Computer Consulting Ltd. Creating Solutions for the small and medium business computer user. haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice)
sieve vacation script exclude based on sender email address
I thought I'd asked this question a few years ago but can't seem to find any eveidence of that so here goes. I've been looking at the sieve docs and recipes, done a lot of googling but no joy so far. Using stanard vacation script and that works great, however I want to exclude certain sender email addressess from ever receiving a vacation autoresponse, how do I go about adding that to my existing vacation recipe. I suspect my search terminology is what is causing me not to find anything as I typically am using exclude and similar search terms. -- Harondel J. Sibble Sibble Computer Consulting Ltd. Creating Solutions for the small and medium business computer user. haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice)
Re: speaking of sieve scripts... how to selectively not send vacation autoreply
On 4 Apr 2015 at 12:19, Stephan Bosch wrote: > > #if header :contains "addressidontw...@repliedtoo.tld" { > > # stop; > > #} > > > > vacation > > # Reply at most once a day to a same sender > > You should really inspect your log files or test the scripts with the > sieve-test command line tool. There is a syntax error in the part you > commented out: > > error: the header test requires 2 positional argument(s), but 1 is/are > specified. > > At delivery, this means that the script is not executed at all and the > message is just filed into INBOX. > > Regards, > > Stephan. I wasn't even aware of the sieve-test command, that'll really come in handy, thanks for that tip I believe I based my entry on the if header :contains "X-Spam-Level" "**" { discard; stop; } here and until you mentioned it, I did not realize the *'s were a second argument, I'd assumed it as part and parcel of the same argument. wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Spam.2BAC8-Virus_rules I'll try the recipie RH posted if address :is ["From", "Sender"] ["h.rei...@thelounge.net", "nick.z.edwa...@gmail.com"] { discard; } modified as below if address :is ["From", "Sender"] ["addressidontw...@repliedtoo.tld", "otheraddressidontw...@repliedtoo.tld"] { stop; } -- Harondel J. Sibble Sibble Computer Consulting Ltd. Creating Solutions for the small and medium business computer user. haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice)
speaking of sieve scripts... how to selectively not send vacation autoreply
Don't need to block anyone like in the "Re: Dovecot Oy merger with Open-Xchange AG" thread, but when I have my vacation recipie active, I'd like it to NOT reply to certain addresses. I tried the following, you can see the section with if header :contains "addressidontw...@repliedtoo.tld" is commented out, once I'd added that section, no Vacation messages went out at all. Googling and reading the wiki and recipie suggestions doesn't make it clear how to exempt a list of addresses from ever receiving a vacation response. Suggestions on additional reading or solutions? require ["fileinto", "vacation"]; if header :comparator "i;ascii-casemap" :contains "Subject" "**SPAM**" { fileinto "Trash"; stop; } #if header :contains "addressidontw...@repliedtoo.tld" { # stop; #} vacation # Reply at most once a day to a same sender :days 1 :subject "Changes to email addresses effective Jan 01/15" # List of recipient addresses which are included in the auto replying. # If a mail's recipient is not on this list, no vacation reply is sent for it. :addresses ["u...@repliedtoo.tld"] This is on a Dovecot 1.x system that is slated for an upgrade soon. -- Harondel J. Sibble Sibble Computer Consulting Ltd. Creating Solutions for the small and medium business computer user. haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice)
[Dovecot] mixed client ssl certs and non cert
How do I setup mixed authentication so that I can have say a couple of machines on my lan only use ssl without client certs, but have all the other machines connecting from remotely required to have ssl certs to connect to imap? This is with Dovecot 1.1.4 on CentOS 5.2 -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients
On 22 Oct 2008 at 21:01, Timo Sirainen wrote: > A quick look shows that Exim apparently sends the valid-client-cert > parameter. Maybe it wouldn't be too difficult to modify Postfix's > sources either. I see there's been some discussion about this a few years ago http://www.dovecot.org/list/dovecot/2008-August/032732.html http://www.nabble.com/sasl-parameters-missing-td18820817.html I guess I'll have to look at Exim in the interim. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients
On 22 Oct 2008 at 20:37, Timo Sirainen wrote: > I don't think Postfix ever sends the "valid-cert" parameter that's > required for Dovecot to treat the authentication as valid. Bummer, any suggested workarounds or should I be looking at a different MTA that is known to work with Dovecot's SASL implementation. -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
[Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients
fault): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: mechanisms: plain login debug: yes debug_passwords: yes ssl_require_client_cert: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix Interestingly enough the mode line in the dovecot.conf file is set as 0660, not 432 as noted above?!?!? What else should I be looking at to troubleshoot this issue? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
Note, the problem below also occurs with Thunderbird so it's something server side, but the "what exactly" has me scractching my head... On 11 Oct 2008 at 23:43, Harondel J. Sibble wrote: > > > On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: > > > What is important: you can not self-sign each client certificate, but > > you need a CA with a self-signed root instead. I think you understand > > that already, just noting that for completeness. > > Then you simply configure Dovecot as described in > > http://wiki.dovecot.org/SSL/DovecotConfiguration > > > To sum it up: ssl_cert_file is responsible for server side TLS/SSL and > > needs to contain the complete verification path for the server > > certificate. It has no influence on client certs. ssl_ca_file is used > > for client cert verification only, and does not need to cover the > > server certificate. > > Okay, got this mostly working, currently testing with a Nokia e61i > smartphone > and having a problem which I'm not quote clear on where it lies, phone > issue, > postfix issue or dovecot sasl issue > > Here's the problem, I can successfully authenticate to dovecot via imap > using > client certs, however when I attempt to send an email, that is giving me > errors as follows > > Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: > auth > reply: FAIL?1?reason=Client didn't present valid SSL certificate > Oct 11 23:09:40 server postfix/smtpd[25720]: warning: > unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't > present valid SSL certificate > Oct 11 23:09:40 server postfix/smtpd[25720]: > unknown[192.xxx.yyy.zzz]: 535 > 5.7.0 Error: authentication failed: Client didn't present valid SSL > certificate > > On the phone, there is only the self signed personal cert used to > authenticate for imap. Postfix is set to authenticate using the same self > signed CA, server cert and server key. > > Any ideas on what I should look at next? > > I've already wiped all the certs from both the server and the phone and > recreated a new CA, but same problem occurs. > > Kinda out of ideas, any suggestions? > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: > What is important: you can not self-sign each client certificate, but > you need a CA with a self-signed root instead. I think you understand > that already, just noting that for completeness. > Then you simply configure Dovecot as described in > http://wiki.dovecot.org/SSL/DovecotConfiguration > To sum it up: ssl_cert_file is responsible for server side TLS/SSL and > needs to contain the complete verification path for the server > certificate. It has no influence on client certs. ssl_ca_file is used > for client cert verification only, and does not need to cover the > server certificate. Okay, got this mostly working, currently testing with a Nokia e61i smartphone and having a problem which I'm not quote clear on where it lies, phone issue, postfix issue or dovecot sasl issue Here's the problem, I can successfully authenticate to dovecot via imap using client certs, however when I attempt to send an email, that is giving me errors as follows Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: auth reply: FAIL?1?reason=Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: warning: unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: > unknown[192.xxx.yyy.zzz]: 535 5.7.0 Error: authentication failed: Client didn't present valid SSL certificate On the phone, there is only the self signed personal cert used to authenticate for imap. Postfix is set to authenticate using the same self signed CA, server cert and server key. Any ideas on what I should look at next? I've already wiped all the certs from both the server and the phone and recreated a new CA, but same problem occurs. Kinda out of ideas, any suggestions? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 9 Oct 2008 at 20:33, Timo Sirainen wrote: > My guess would be that your client just doesn't support sending SSL > client certificates. Or perhaps you'd need to configure it to do it > somehow. Well contrary to what WebIS tech support says, that looks to be the case as the same client cert imported into Thunderbird works perfectly. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 9 Oct 2008 at 20:33, Timo Sirainen wrote: > v1.1 logs more with verbose_ssl=yes. 1.0.7 doesn't log anything other than the initial connection :-( Guess it's time to upgrade > > 2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL > > certificate Note, this was the log from the client side, not the server side. > My guess would be that your client just doesn't support sending SSL > client certificates. Or perhaps you'd need to configure it to do it > somehow. According to the client developer, it will automatically send the personal certificate, there is only a single one installed on the pda. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 8 Oct 2008 at 1:05, Harondel J. Sibble wrote: > auth default { > # Space separated list of wanted authentication mechanisms: > # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi > mechanisms = plain > ssl_require_client_cert = yes > > ssl_ca_file = /etc/pki/dovecot/certs/dovecot-clientcerts > ssl_verify_client_cert = yes > verbose_ssl = yes > ssl_require_client_cert = yes > > The following is all I see on the connection attempt from the pda > > Oct 8 01:00:55 myserver dovecot: Dovecot v1.0.7 starting up > Oct 8 01:01:51 myserver dovecot: imap-login: Disconnected: method=PLAIN, > rip=10.12.13.14, lip=10.12.13.14, TLS > The client side logs show the following at this point 2239561866 - 2008.10.9 16:11:54 R * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN- REFERRALS AUTH=PLAIN 2239561866 - 2008.10.9 16:11:54 R 0 OK Capability completed. 2239561866 - 2008.10.9 16:11:54 S 1 LOGIN 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0xE 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x68 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x68 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x65 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x66 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x67 2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0xF 2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL certificate 2239561866 - 2008.10.9 16:11:54 *** Non Critical Error: 0x80C40001 2239561866 - 2008.10.9 16:12:50 *** Critical Error: 0x80C40001 2239561866 - 2008.10.9 16:12:50 Connection failed - stopping all connections 2239561866 - 2008.10.9 16:12:50 Connection's SyncExecute finished 3325771946 - 2008.10.9 16:12:51 Stopping synchronization... 3325771946 - 2008.10.9 16:12:51 Forcing disconnection... 3325771946 - 2008.10.9 16:12:51 Synchronization stopped 2755981250 - 2008.10.9 16:12:51 Stopping existing connections (1 total) 2755981250 - 2008.10.9 16:12:51 Deleting connection... -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: > What is important: you can not self-sign each client certificate, but you > need > a CA with a self-signed root instead. I think you understand that already, > just noting that for completeness. > > Then you simply configure Dovecot as described in > http://wiki.dovecot.org/SSL/DovecotConfiguration Followed those directions, enabled the client side certificate checking, but no go. > Then configure client cert verification as described in the last section of > above mentioned wiki page. > ssl_ca_file is used for client cert verification only, and does not need to > cover the server certificate. Done, I have the following enabled. auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi mechanisms = plain ssl_require_client_cert = yes ssl_ca_file = /etc/pki/dovecot/certs/dovecot-clientcerts ssl_verify_client_cert = yes verbose_ssl = yes ssl_require_client_cert = yes Logs don't show anything of any interest, on the client side (windows mobile 5 phone running Web IS's Flexmail4. When I asked their tech support about using a client cert, I got this Greetings and thank you for contacting us. It should be using the certs which the PDA has installed. Is the cert installed (in the device settings > System > Certificates We appreciate having the opportunity to help and service you. Please let us know if there is anything more we can do. I've verified that my root ca is installed on the pda and the personal cert is also installed. The following is all I see on the connection attempt from the pda Oct 8 01:00:55 myserver dovecot: Dovecot v1.0.7 starting up Oct 8 01:01:51 myserver dovecot: imap-login: Disconnected: method=PLAIN, rip=10.12.13.14, lip=10.12.13.14, TLS At this point the client device is stuck asking to confirm account credentials -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
Thanks, your detailed instructions were EXACTLY what I was looking for, I'll try them out and report back in a few days with the results. On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: > Then you simply configure Dovecot as described in > http://wiki.dovecot.org/SSL/DovecotConfiguration > > In short: Put your godaddy SSl certificate, and then the complete > hierachy of godaddy CA certificates (I don't know how many levels they > have) in (e.g.) /etc/ssl/dovecot.pem, and set > ssl_cert_file=/etc/ssl/dovecot.pem. Don't forget to set the path to > your private key or add it to the beginning of your cert file. This > handles SSL/TLS for the server. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 1 Oct 2008 at 10:37, Bill Cole wrote: > I've heard so many conflicting stories about the X509/SSL/TLS capabilities > of different mobile platforms that I don't know what to believe. I've got direct experience with a bunch of the platforms, so I am not all that concerned about that problem. > I would expect that the Windows Mobile devices could use any cert you > can construct, It needs a specific format, der encoded IIRC, other than that it works fine. > and I know that *some* Palm mailers can deal with self-signed server certs > and so could *probably* deal with client certs, but even that's an iffy Back in my Palm days, the mail client I was using did support client certs, but that was a LONG time ago. > proposition because so many Palm devices are carrier-customized in bad > ways (particularly by Verizon.) My biz partner has a Telus Treo 700p or 750p. All my devices are unlocked phones so that's not a problem. > I've seen enough stupid failure when asking for client certs that I > wouldn't try it with any platform where the vendor does not clearly > explain how to do it. The vendor as in the cellular telco? Bah, I pretty much ignore what they have to say. Or do you mean the OS vendor? There's plenty of info on the net about that and I've rarely had problems. > Dovecot does have to trust the signing cert for the clients (i.e. it can't > just be looking at some default bundle of commercial CA's) but that's not > really connected to its server cert. Yes, I thought so and that is exactly the crux of my problem, how do I get dovecot to trust both cert chains, GoDaddy and my self signed client certs simultaneously? I can't seem to find anything on that specific issue. > This can't just be about education. With the 2 other people I'll be dealing with, it's enough, I continually beat the security drum to them, they used to say I was just too paranoid, now when I say, events have shown I wasn't paranoid enough, they nod sagely :-) Every now and then I have to hit them with a clue stick, but they've come a long way. > The vast majority of users will not tolerate having to enter a > worthwhile password every time they want to make a mail connection > unless it is forced on them, particularly on a device with a tiny > keyboard. Woah, lets make the disctinction between technically inclided people who understand the risks and regular users. The 2 folks in question are of the former variety. I am well aquainted with the latter variety amongst my clients. They'd rather shoot themselves in the foot so they can have ease of use, I am quite familiar with dealing with them > You partners may need to be told clearly that if they cannot or will > not enforce frequent password entry on end-users in some fashion, > client certs are literally worthless and any effort (or money) spent to > make them work initially or support them in the future is wasted. At this point that's a secondary issue, I just want to get it working for MY use, once we get our colo equipment updated, then I can implement it for them, knowing full well that they don't view security as seriously as I do, hence the reason I'll probably always have my own gear under my control. > An alternative approach that might be easier to implement on some > platforms (certainly on Palm and iPhone) would be to force the device > to lock on Couldn't care less about the iPhone at this point since it doesn't offer much of the business functionality I expect, maybe in 3-6 months, who know. > extended idle, network disconnect, or reset, requiring a password to > unlock it. That enforces a "something you know" on the whole device, > rather than just on mail. Makes sense, I already do that with devices under my control as a matter of course. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 29 Sep 2008 at 10:43, Bill Cole wrote: > Right. You need to keep track of what client certs you trust, so you really > should be *at least* the immediate issuer (signer) of the client certs. The > only reasons you would want your signing cert for those client certs to have > a commercial issuer would be: That's my intent to have full control over the client certs hence the reason for going with self signed certs for the client side. > 1. You want the client certs to be generally usable with those devices and > servers other than your own. I do not, this is only for use with my infrastructure and will be limited to a small handfull of people. > 2. The devices do not support the addition of new "root" certificates (i.e. > your signing cert.) Mix of devices, but primarily windows mobile, palm, symbian and blackberry handhelds. There will also be a few laptops. > It is also likely to be irrelevant. The signature chain of a server's cert > does not influence what signing chain a client cert needs to have. Ohh I was wondering about that... Okay then so as long as Dovecot is set to check client certs and the client cert presented matches the check points, CN, domain name, user email etc, it'll just work? > That is only true if you are using a dependable mechanism to assure that > users will actually be required to enter a password live rather than have > their mail client save it I've already beat that one into the couple of business partners that will be making use of this. Personally I don't ever save passwords, in browsers or otherwise as a matter of course so not an issue for me. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] client certs with godaddy ssl cert
On 27 Sep 2008 at 13:22, mouss wrote: > if you have a commercial cert, you don't need a self signed cert. self > signed certs are for people who don't want to get a cert signed by a 3d > party (commercial or other). For email, you generally don't need a > commercial certificate because your users know you and you know them, > and because users don't connect to thousand imap servers. Huh? I am looking to implement client side certificates which have to be installed on the end user device before they are able to connect to my mailserver. I already have a commercial cert on the mailserver so that's a moot point. Secondly a client cert allows me to verify that the device connecting is allowed, this is secondary to any login info the user may have, ie 2 factor authentication, something you know (uid/password) and something you have (certificate). -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
[Dovecot] client certs with godaddy ssl cert
I've read the client ssl cert section in the wiki and it talks about using a self signed cert, if I am using a commercial cert, in this case godaddy, how do I implement a self signed cert for the client side and have dovecot make use of this? I know the mechanics of setting up the self signed ca, the question is more what configuration changes do I need to make in dovecot to handle both godaddy and the self signed ca functionality? Thanks -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] syncml with server push email
On 27 Aug 2008 at 11:54, Robert Schetterer wrote: > use horde webmail newest version connected to dovecot, it has a full > featured syncml server for calender , tasks, addresses Heh, I am looking for email syncing over syncml, I already have syncing of those things working with eGroupWare. All I need is email syncing working now. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] syncml with server push email
On 27 Aug 2008 at 9:57, Steve Roemen wrote: > I use Funambol to push email to clients, I'm using courier at the moment > (that's going to change here in a few), but using it on dovecot > shouldn't matter. I ran into the time problem too, and found that I had > to set the client's timezone preference and set it to force a conversion > within the admin package. Interesting, was that on 7.x or previous, I experienced the tz problem on 6.5 and there was a lot of discussion on the funambol list about this issue, it was determined to be a problem with the conversion from ical to vcal (and also different versions of ical) by the server. After about 8 months of that I went to eGroupWare and haven't looked back as it offers more functionality and it's syncml just works, but it doesn't seem to have support for email, so I reinstalled funambol yesterday, but that brought up another problem. I am using a windows mobile device that I want to do pushed email syncing with. Because of numerous problems with the Funambol Windows Mobile client, I ended up buying the Synthesis SyncML Pro client, however it comes up with a 10415 error on sync, which according to google means it doesn't support the same email data type so no go there. https://core.forge.funambol.org/ds/viewMessage.do?dsForumId=416&dsMessageId=15 947&orderBy=createDate&orderType=desc The connection works fine as I can see the traffic in the funambol logs and the connection to the dovecot server on the same machine, so I'll probably give a funambol client another try to see what happens, but having to use 2 different clients on the same pda phone to stay synced kinda sucks. My temporary goal is to use it to push email to a Nokia E61i since my provider no longer offers BlackBerry Connect and then go back to a new Windows Mobile Smartphone I have on order (O2 XDA Flame) Which reminds me, is it possible to use sieve in the mix so that I can control what messages get forwarded to the phone rather than the whole kit and kaboodle, so mail comes into dovecot, runs through sieve and the stuff that the sieve rules allow, gets forwarded to the phone by funambol? -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
[Dovecot] syncml with server push email
Any recommendations for server push email using syncml and dovecot? I am familiar with Funambol for syncing pim info, but not used it for email. Are there any recommended opensource or commercial syncml servers that are known to integrate nicely with Dovecot 1.x? Googling hasn't really turned up much in the way of useful info. To mix it up a little, I was using Funambol for the Pim stuff, but ran into a bunch of issues and switched to eGroupWare which has it's own syncml ability which works quite nicely with my pda. I stopped using Funambol as the server didn't properly deal with the conversion from vcal to ical and as a result appointments synced on the pda end, always ended up 8 hours early :-( This was going from ThunderBird to Windows Mobile, so I am hoping to avoid this happening again. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] problems with sieve and lda
On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote: > How are you calling deliver in postfix? Do you see in postfix's logs the > messages being handled to deliver? Hmm, oddly enough, adding a .forward in the users home dir with | "/usr/libexec/dovecot/deliver" Then everything works. Any ideas why? According to everything I've read including the wiki, that shouldn't be necessary. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] problems with sieve and lda
On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote: > How are you calling deliver in postfix? Do you see in postfix's logs the > messages being handled to deliver? Well, I seem to have made the problem worse as I was adjusting settings throughout the day. Here's where I am at, if I now enable mailbox_transport = dovecot I get the following in /var/log/maillog and mail doesn't get delivered Aug 11 18:21:50 servername postfix/local[9858]: warning: connect #7 to subsystem private/dovecot: Connection refused Aug 11 18:22:00 servername postfix/local[9858]: warning: connect #8 to subsystem private/dovecot: Connection refused Aug 11 18:22:10 servername postfix/local[9858]: warning: connect #9 to subsystem private/dovecot: Connection refused Aug 11 18:22:20 servername postfix/local[9858]: warning: connect #10 to subsystem private/dovecot: Connection refused Aug 11 18:22:30 servername postfix/local[9858]: fatal: connect #11 to subsystem private/dovecot: Connection refused Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: premature end-of- input on private/local socket while reading input attribute name Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: private/local socket: malformed response Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: transport local failure -- see a previous warning/fatal/panic logfile record for the problem description Aug 11 18:22:31 servername postfix/master[9836]: warning: process /usr/libexec/postfix/local pid 9858 exit status 1 Aug 11 18:22:31 servername postfix/master[9836]: warning: /usr/libexec/postfix/local: bad command startup -- throttling Aug 11 18:22:31 servername postfix/qmgr[9838]: 25BC982BF7: to=<[EMAIL PROTECTED]>, orig_to=<[EMAIL PROTECTED]>, relay=none, delay=101, delays=0.04/101/0/0, dsn=4.3.0, status=deferred (unknown mail transport error) disable that setting in main.cf, restart postfix and flush the queue and all is good again. This happen's with both the config file I was working on today and also with the one I had yesterday when I started this thread. Looks like I was getting this yesterday too, but slightly different Aug 10 18:29:17 servername postfix/local[11905]: warning: connect #1 to subsystem private/dovecot: No such file or directory Aug 10 18:29:27 servername postfix/local[11905]: warning: connect #2 to subsystem private/dovecot: No such file or directory Aug 10 18:29:37 servername postfix/local[11905]: warning: connect #3 to subsystem private/dovecot: No such file or directory Although I suspect that was when I had enabled the transport changes in master.cf just for testing purposes. The logs show connection refused stuff only happening today. Googling's coming up with squat. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] problems with sieve and lda
On 11 Aug 2008 at 6:35, Charles Marcus wrote: > If I'm not mistaken, sieve support has improved dramatically in the > latest versions (1.1.2 being the current). > > Use the atrpms repo... Sure, I see that in the version history, but that won't necessarily solve the current problem I am having where deliver is not triggering at all. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] problems with sieve and lda
On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote: > To use -d ACCOUNT, you need a master socket where deliver looks up > user information: see the "Virtual Users" section in > http://wiki.dovecot.org/LDA . But if you are not using virtual users > (and only used -d to test), you should not need it. Yes, that's what I figured, the lda/postfix link in the wiki makes it seem really simple, change one setting and you're done. > How are you calling deliver in postfix? Do you see in postfix's logs the > messages being handled to deliver? Exactly as noted at the wiki page above which says all I need to do is enter the proper path to deliver in mailbox_command in main.cf. With this set, emails make it to the inbox but I never see ANY reference to deliver in the logs, it's only when I run the deliver command manually from the cli or enabled the changes in the master.cf that anything shows up in the deliver log. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
[Dovecot] problems with sieve and lda
Okay, after reading the wiki and list archives, I am confused. I am attemping to get the deliver LDA working on a centos 5.1 system # rpm -qa | grep dovecot dovecot-1.0.7-2.el5 dovecot-sieve-1.0.2-6.el5 # rpm -qa | grep postfix postfix-2.3.3-2 so that I can use Sieve for mail filtering to imap folders, I am using the mbox format Following the wiki here for system users http://wiki.dovecot.org/LDA/Postfix I never get any info in the logs about cmusieve, the only way I see anything show up is if I add the transport settings to postfix/master.cf or see below >From reading the list archives, as best as I can tell, the only time I need to make the changes in postfix's master.cf is if I am using a virtual environment, otherwise for local delivery, all I need is the mailbox_command setting in postfix/main.cf However with that setting, I get nothing! If I then run deliver from the command line as per a couple of mailling postings, cat /etc/hosts | /usr/libexec/dovecot/deliver -d [EMAIL PROTECTED] -f [EMAIL PROTECTED] I get deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Error: Can't connect to auth server at /var/run/dovecot/auth-master: No such file or directory Config stuff (dovecot -n) # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot/dovecot.log info_log_path: /var/log/dovecot/dovecot.log protocols: imaps pop3s listen(default): *:143 listen(imap): *:143 listen(pop3): [::] ssl_listen(default): *:943 ssl_listen(imap): *:943 ssl_listen(pop3): ssl_cert_file: /etc/pki/dovecot/certs/dovecot.cert ssl_key_file: /etc/pki/tls/private/my.domain.tld.key verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u:INDEX=~/mail/.imap/.imap/indexes/ mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: passdb: driver: pam userdb: driver: passwd postfix/main.cf has mailbox_commmand = /usr/libexec/dovecot/deliver A .dovecot.sieve file with the following contents for testing purposes is located at ~/mail require "fileinto"; if header :comparator "i;ascii-casemap" :contains "Subject" "**SPAM**" { fileinto "Trash"; stop; } The LDA section from the dovecot.conf file protocol lda { # Address to use when sending rejection mails. # postmaster_address = # Hostname to use in various parts of sent mails, eg. in Message-Id. # Default is the system's real hostname. #hostname = # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. mail_plugin_dir = /usr/lib/dovecot/lda mail_plugins = cmusieve # Binary to use for sending mails. #sendmail_path = /usr/lib/sendmail # UNIX socket path to master authentication server to find users. #auth_socket_path = /var/run/dovecot/auth-master #sieve_global_path = script_path = ~/.dovecot.sieve log_path = /var/log/dovecot/deliverlog info_log_path = /var/log/dovecot/deliverlog debug = yes } What am I missing here to getting this working -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)