Adding Size information to Maildir files

[@lbutlr via dovecot]

I searched on this, but found information only for very very old dovecot 
versions, and those answers didn’t quite cover what I am asking.

All my current mail has the ",S=51489,W=52449:” style tag in the Maildir 
filename, but I have many messages in Archive mailboxes that have no size 
information.

Is it possible to automate adding the size info to the files without mucking up 
the mail in various ways?

(In my mail spool its about 10:1 with nearly 400,000 mails tagged with a size 
field and just over 40,000 not tagged, so it is definitely not something I want 
to do by hand).



-- 
You know, Rick, I have many a friend in Casablanca, but somehow, just
because you despise me, you are the only one I trust.

Re: v2.2.36 to v2.3.8 maildirlock bug

[@lbutlr via dovecot]

On 08 Dec 2019, at 05:58, @lbutlr  wrote:
> On 06 Dec 2019, at 16:28, Martynas Bendorius  wrote:
>> when zlib compression is enabled in dovecot, old emails remain untouched
> 
> I’ve been considering doing this, or at least looking into how much space 
> we’d save (answer so far, less than you might think), but I am hesitant to 
> “alter” the user’s mail stores without a bit more guidance.
> 
> Has anyone found a good walkthrough/guide on setting this up and also on 
> compressing the old mail?
> 
> Are there any common issues to watch out for? Is it entirely transparent to 
> the user?
> 
> https://wiki2.dovecot.org/Plugins/Zlib says it has moved to 
> https://doc.dovecot.org/plugin-settings/zlib_plugin/ which does not exist.
> 
> "Not Found
> The requested URL /plugin-settings/zlib_plugin/ was not found on this server."

The ULR on that page has the _ character instead of a - in the URL.

 loads and leads to



Which, sadly, does not have example code on actually compressing the existing 
mail, but does say to use maildirlock.




-- 
Wife: Who are you talking to? Husb: [on phone] Jon Wife: Aren't you
going to talk to me? Husb: I talked to you at dinner, do I need
to talk to you again?

Re: v2.2.36 to v2.3.8 maildirlock bug

[@lbutlr via dovecot]

On 06 Dec 2019, at 16:28, Martynas Bendorius  wrote:
> when zlib compression is enabled in dovecot, old emails remain untouched

I’ve been considering doing this, or at least looking into how much space we’d 
save (answer so far, less than you might think), but I am hesitant to “alter” 
the user’s mail stores without a bit more guidance.

Has anyone found a good walkthrough/guide on setting this up and also on 
compressing the old mail?

Are there any common issues to watch out for? Is it entirely transparent to the 
user?

https://wiki2.dovecot.org/Plugins/Zlib says it has moved to 
https://doc.dovecot.org/plugin-settings/zlib_plugin/ which does not exist.

"Not Found
The requested URL /plugin-settings/zlib_plugin/ was not found on this server."



-- 
I'm dangerous when I know what I'm doing.

Re: Can't see a specific mail in thunderbird but with mobile mail client

[@lbutlr via dovecot]

On 04 Dec 2019, at 02:36, Sami Ketola  wrote:
> did not notice that you have imap_zlib enabled for protocol imap, can you 
> disable that temporarily and re-record the rawlog.

Is it possible that is the source of the issue? It seems like when I tried to 
test that it did not work with a lot of clients, but I might be thinking of 
something else.


-- 
A Clean House Is A Sign Of A Misspent Life

Re: Duplicate e-mail with Dovecot and Sieve

[@lbutlr via dovecot]

On 28 Nov 2019, at 09:44, Claudio Corvino  wrote:
> Just one problem remaining: the e-mail that have l...@domain.tld in BCC could 
> not be intercepted by the sieve filter as in the header is not present any 
> reference to l...@domain.tld; am I missing something or this cannot be fixed?

The normal way to do this is to add an X-Loop header.

And no, there is no way to “fix” the design of Bcc.


-- 
"Those people who think they know everything are a great annoyance to
those of us who do." - Isaac Asimov

Re: Using dovecot Replication in a medium to large enterprise.

[@lbutlr via dovecot]

On 28 Nov 2019, at 00:35, Brent Clark  wrote:
> We have in excess of +/- 500 mail boxes and using just under 1TB of disk 
> space. That is a lot of small files.

That’s honestly pretty small. When it says "it's not recommended to be used in 
multi-million user installations”
You are several orders of magnitude away from that. Well, three if you want to 
be technical about it.

If you want a backup server ready to go, rsync will probably work just fine for 
you, or as Adi have mentioned, a block-level replicator (though I suspect that 
is overkill) and dsync is likely to do exactly what you want. Yes, you have to 
keep an eye on it, but at your level It’s probably going to be solid (based on 
reading other’s experiences with it).

Of course, it is also easy to do it wrong, so careful reading of the 
documentation is critical, and testing your solution a coupe thousands times 
before you start relying on it.



-- 
MS Word still hasn't caught up -- it has more bells and whistles, but
not as many pistons and cylinders. -- Steve Hayes

Re: ESEARCH is announced but it doesn't work

[@lbutlr via dovecot]

On 27 Nov 2019, at 21:51, Jesus Cea  wrote:
> tag1 ESEARCH IN (mailboxes "folder1" subtree "folder2") unseen
> tag1 BAD Error in IMAP command ESEARCH: Unknown command (0.001 + 0.000 secs).

This should answer your question, I think.


The ESEARCH capability indicates that the server supports RFC 4731 and RFC4466 
which defined the ESEARCH reponse and an extended format of the SEARCH command.

The MULTISEARCH capability (RFC 6237) builds upon the ESEARCH capability to 
make it possible to search in another mailbox than the currently selected one. 
The command syntax you're using requires MULTISEARCH.


-- 
Y is for YORRICK whose head was knocked in Z is for ZILLAH who drank
too much gin

Re: Performance mdbox vs mbox

[@lbutlr via dovecot]

On 26 Nov 2019, at 04:15, Marc Roos  wrote:
> If I do the same test[1] with mbox I can store around 31k messages and 
> mdbox 16k messages. I noticed also that cpu and disk utilization with 
> mdbox was not very high, while disk utilization on mbox was much higher. 
> That makes me wonder if I can tune mdbox to have better performance?

No one should use box for anything. It was designed for mail stores of a few 
megabytes.

*Every* other choice is better.



-- 
My little brother got his arm stuck in the microwave. So my mom had
to take him to the hospital. My grandma dropped acid this
morning, and she freaked out. She hijacked a busload of penguins.
So it's sort of a family crisis. Bye!

Re: Duplicate e-mail with Dovecot and Sieve

[@lbutlr via dovecot]

On 26 Nov 2019, at 03:13, Claudio Corvino  wrote:
>  

Please do not do this.


-- 
IT DOES NOT SUCK TO BE YOU Bart chalkboard Ep. AABF13

Re: Dovecot proxy with ldap, complains about 'host not given'

[@lbutlr via dovecot]

On 23 Nov 2019, at 16:11, Marc Roos  wrote:
> It looks like the dovecot proxy can authenticate correctly but fails 
> then on with this message
> 
> Nov 23 23:33:33 test2 dovecot: pop3-login: Error: proxy: host not given: 
> user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, 
> session=
> 
> I have configured a host= in ldap for this user

But is your query properly getting the host? (I don’t use ldap., but this is a 
common issue with sql lookups, so I assume that is a likely problem).


-- 
ARE YOU FAMILIAR WITH THE WORDS 'DEATH WAS HIS CONSTANT COMPANION'? 'But
I don't usually see you!’

Re: [Sieve] Multiple email recipients, how?

[@lbutlr via dovecot]

On 23 Nov 2019, at 15:40, Robert  wrote:
> I think you mean collecting all email addresses and connecting them 
> (manually) to the correct mailbox in the config of Postfix (or equiv, I have 
> no idea what is used at my hosting provider)? That sounds like a doable 
> one-time action if all new addresses use proper sub-addressing.

I didn’t realize you did not have control of your Mailserver.

Still, the sooner you get off the method you are using the better off everyone 
is going to be, I wouldn’t count on a mail server not noticing your multiple 
forwarding to different addresses and putting a stop to it, as it is resource 
intensive.

If you have access to create new email addresses you also probably have access 
to create aliases as well.

# Outside address   ALIASED TO INSIDE ADDRESS
amazonj...@example.com =>  john+ama...@example.com
roll20j...@example.com =>  john+rol...@example.com
applj...@example.com   =>  john+ap...@example.com
applenotj...@example.com   =>  notjohn+ap...@example.com
Etc etc

This removes the need to sieve scripts that try to parse the from.


-- 
I noticed that but was still trying to work out a way of drawing it to
everyone's attention that would be sufficiently satisfying, combining
maximum entertainment value for readers with maximum humiliation for you.
   — Laura

Re: [Sieve] Multiple email recipients, how?

[@lbutlr via dovecot]

On 23 Nov 2019, at 13:50, Robert  wrote:
> I do know that sub-addressing with a special character is nowadays a normal, 
> better, way to do it.
> Unfortunately we have used this system for a very long time, starting around 
> 2005... So there are a lot of existing email addresses.

Then set them up in virtual (or if not using postfix, whatever equivalent) and 
stop allowing new ones.

This is FAR simpler and workable than what you are trying to do, and has the 
added benefit of working very simply and having nearly no impact on your server.


-- 
NON-FLAMMABLE IS NOT A CHALLENGE Bart chalkboard Ep. BABF13

Re: [Sieve] Multiple email recipients, how?

[@lbutlr via dovecot]

On 22 Nov 2019, at 14:48, Ralph Seichter  wrote:
> * Robert via dovecot:
> 
>> We use a simple system for routing emails to different email users by 
>> postfixing the addresses with the actual user: xxxJohn@domain; 
>> yyyJohn@domain etc all will be delivered to user John.
>> (This way John can invent a new email address on-the-fly and that will 
>> be delivered to his email box.)
> 
> This seems like a strange way achieve flexible email addresses. Are you
> aware of sub-addressing? It has been around for ages, and is supported
> by Dovecot (and Gmail, incidentally).

Seconded, this is the way to go.

> Imagine an existing email account . If alice wants to
> use a subadress, she signs up with , and Dovecot
> can automatically place incoming mail for that address into INBOX/foo
> (or just INBOX if INBOX/foo does not exist). Alice can use as many
> sub-adresses as she needs without anybody making config changes.

Far too many web monkeys seem to get their email validation coede from the same 
inept repository somewhere, and return error that “+” is not allowed in email 
addresses. The larger the company, the more likely they are to be incompetent, 
so I have setup my dovecot and postfix to use two legal delimiters, + and _

> Frankly, the Sieve-based approach you describe seems pretty complicated
> in comparison.

And prone to failure.

mall...@example.com
jonmall...@example.com
malloryjo...@example.com

Use address extensions. This is all that is required to setup two delimiters:

/etc/postfix/main.cf
recipient_delimiter = +_

/etc/dovecot/dovecot.conf 
protocol lmtp {
  … 
  recipient_delimiter = +_
}


-- 
Yeah, and I never wanted to kick Albert Einstein in the nuts.

Re: Sieve and recipient_delimiter

[@lbutlr via dovecot]

On 16 Nov 2019, at 22:06, Sean Kamath  wrote:
> On Nov 16, 2019, at 09:46, @lbutlr via dovecot  wrote:
>> I use recipient_delimiter addresseses quiet a bit, and I want to put several 
>> of them into a mailbox
>> 
>> if anyof (header :contains ["to"] [ “FOO", “foo", “bar", “florin"]) {
>>   fileinto :create “later";
>>   stop;
>> }

> # MORE NOTES:
> # Using :localpart takes just the local part of an address
> # header selects a header, address selects an address
> # Looks like this is the spec:
> # :localpart = :user+:detail
> # address are :localpart @ :domain, or :user + :detail @ :domain
> # See RFC5233
> 
> I use this bit for figuring out what :detail something (might) be going to:
> 
> # Check to see if we have detail. . .
> if address :matches :detail "To" "*" {
>  # Save name in ${detail} in all lowercase
>  # Joe, joe, jOe thus all become 'joe'.
>  # Note that we set it to lower, not first-cap
>  # because we're going to use this name for a mailbox
>  set :lower "detail" "${1}";
>  set :lower "user" "${def_user}”;
> }
> 
> I don’t know where I got this from, but I am pretty sure it was on this list. 
> :-)
> 
> I use it to bucket email based on detail (if no detail, it goes into the 
> address’s default folder, otherwise it goes into the detail folder).

While this is interesting, I am not using if address :matches, I am using if 
header :contains.


-- 
"A common mistake people make when trying to design something completely
foolproof is to underestimate the ingenuity of complete fools.: -
Douglas Adams

Re: Auto expunge log

[@lbutlr via dovecot]

> On 16 Nov 2019, at 12:41, Michael Ludwig  wrote:
> 
> Hi,
> 
> I'm just setting up a new dovecot system and wonder why I get this
> error. On another dovecot system this works with no problems.
> 
> Log entry when exiting MUA Thunderbird:
> ===
> Nov 16 20:16:35 myhostname dovecot: imap(i...@mydomain.de): Error:
> autoexpunge: Couldn't create dovecot.autoexpunge.lock lock:
> file_create_locked(/var/mail/vmail/mydomain.de/info//dovecot.autoexpunge.lock)
> failed: 
> safe_mkstemp(/var/mail/vmail/mydomain.de/info//dovecot.autoexpunge.lock)
> failed: No such file or directory

Do you have mail_home set? And do you have the right permissions on it?


> ===
> 
> Is this double slash between /info//dovecot.auto... okay?

Not usually, no.

> I believe
> there should be a "Mailbox" in between?

Depends on your setup, but ~/Maildir/ is usual though certainly not required.


-- 
BILL: I can't get behind the Gods, who are more vengeful, angry, an
dangerous if you don't believe in them!
HENRY: Why can't all these God just get along? I mean, they're
omnipotent and omnipresent, what's the problem?

Sieve and recipient_delimiter

[@lbutlr via dovecot]

I use recipient_delimiter addresseses quiet a bit, and I want to put several of 
them into a mailbox

if anyof (header :contains ["to"] [ “FOO", “foo", “bar", “florin"]) {
fileinto :create “later";
stop;
}

When I get an email addressed to me+...@example.com or me_flo...@example.com, 
the messages end up in my inbox (Yes, I have both + and _ defined as delimiters 
in postfix and in dovecot).

Is this because sieve is not seeing the delimiter? I am wondering this because 
I have another rule that seems to be working fine that is largely the same, but 
operates on domains:

if anyof ( header :contains ["From"] [“kreme.com", “localdomain1.tld”, 
   "localdomain2.tld", "localdomain3.tld", “covisp.net” ]){
   fileinto :create "priority";
}



-- 
She'd always tried to face towards the light. But the harder you stared into
the brightness the harsher it burned into you until, at last, the temptation
picked you up and bid you turn around to see how long, rich, strong and dark,
streaming away behind you, your shadow had become- --Carpe Jugulum

Re: MariaDB database for users and passwords?

[@lbutlr via dovecot]

On 08 Nov 2019, at 11:56, Ken Wright  wrote:
> Nov  8 13:28:53 grace dovecot: auth: Fatal: Unknown passdb driver ‘

You do not have Dovecot compiled with support for mysql'




-- 
Love is like oxygen / You get too much / you get too high / Not enough
and you're gonna die

Re: MariaDB database for users and passwords?

[@lbutlr via dovecot]

On 07 Nov 2019, at 23:00, Ken Wright  wrote:
> I'm getting an error message saying "user unknown" when I send test
> emails to my server.

You need to look at the logs.



-- 
Everybody wants a rock to wrap a piece of string around

Re: Bug report

[@lbutlr via dovecot]

On 01 Nov 2019, at 16:30, Peter Nabbefeld  wrote:
> ~/.getmail/log
> =
> 2019-11-01 21:44:20 Delivery error (command deliver 42245 error (127, exec of 
> command deliver failed (change UID/GID to vmail/vmail failed ([Errno 1] 
> Operation not permitted

Seems pretty clear, get mail is not running as the right user and doesn’t have 
permission to change to the right user. Seems to be a configuration issue with 
get mail (not sure what that is).


-- 
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper is
this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's dead.”

Re: changing cipher for imap clients

[@lbutlr via dovecot]

On 28 Oct 2019, at 08:45, Fourhundred Thecat <400the...@gmx.ch> wrote:
> setting ssl_prefer_server_ciphers=yes did the trick. Now my imap client
> uses ECDHE-RSA-AES256-SHA

Now go turn off TLSv1



-- 
At night when the bars close down
Brandy walks through a silent town
And loves a man who's not around

Re: Password issue

[@lbutlr via dovecot]

On Oct 12, 2019, at 8:10 AM, johnt...@tulpex.com wrote:
> I run my mail server with no security. 

This is extremely foolish and your “reasons” are even more foolish. If you 
allow unauthenticated users to send mail from your server then you *will* be 
blacklisted, and rightly so.

(For example, it is trivial to get a free and automated certificate for your 
server that allows you to encrypt all of your connections).


-- 
I WILL NOT TRADE PANTS WITH OTHERS Bart chalkboard Ep. 7F05

Re: Password issue

[@lbutlr via dovecot]

On Oct 11, 2019, at 8:28 PM, Amir Caspi  wrote:
> I'm sure you tried this before deleting/re-adding, but just in case not: you 
> do have to close out of the settings window (or switch to another account) to 
> get the settings to save... it should ask you to save when you do that.  If 
> you don't save -- for example, if you make the change and then try checking 
> for mail while the Settings window is still open and unsaved -- then it will 
> use the old settings.

Yes. Not only does it ask to save, but it first verifies the settings. This 
failure to verify is what finally clued me in that it was the MUA that was the 
issue (combined with it working fine over webmail).



-- 
This above all, to thine own self be true And it must follow, as the
night the day, Thou canst not then be false to any man.

Re: Password issue

[@lbutlr via dovecot]

On Oct 11, 2019, at 2:00 PM, Joseph Tam  wrote:
> On Fri, 11 Oct 2019, @lbutlr wrote:
> 
 Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts 
 in 33 secs): user=, xx.xx.xx.xx, PLAIN, TLS
>> 
>> This turns out to have been caused by the MUA attempting to connect to
>> port 25 (despite clearly showing port 587 in the MUA settings).  Thanks
>> to Mac/iOS account syncing, merely trying to change the port never
>> seemed to work, but removing the account entirely and recreating it got
>> it to connect to port 587 as configured.
> 
> Yes, MacOSX Mail.app seems to bumble around, even ignoring your
> port settings to find the "correct" configuration.  (This happens,
> for example, when there is a transient network problem).  You need to
> disable "Automatically manage connections" to stop these mail readers
> from wandering around and strictly use your settings.

There is no such setting in iOS or iPadOS though, and setting the explicit port 
for SMTP and.or IMAP advanced settings didn’t change the port it actually tried 
connecting go until I removed the account and re-added it.

No problems on iOS 12 or macOS 10.14 so far.

> This behaviour can be exploited to grab credentials using a MITM attacks,
> by convincing MacOSX clients that the target server does not support
> SSL/TLS, then providing a cleartext listener or proxy.

I have filed a suggestion to have a setting for never connecting to a mail 
server without security, but nothing so far. Perhaps I should refile it as a 
critical security flaw?


-- 
We could grind our enemies into talcum powder with a sledgehammer,
but gosh, we did that last night.

Re: Password issue

[@lbutlr via dovecot]

On Oct 9, 2019, at 5:23 PM, @lbutlr  wrote:
> First, logins in to check mail and succeeds
> 
>> Oct 09 16:02:16 imap-login: Info: Login: user=, 
>> xx.xx.xx.xx, PLAIN, TLS
> 
> Sends device MUA info
> 
>> Oct 09 16:02:16 imap(myu...@covisp.net)<84553>: Info: ID 
>> sent: name=iPad Mail, version=17A860, os=iOS, os-version=13.1.2 (17A860)
> 
> Fails to send mail
> 
>> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 
>> 33 secs): user=, xx.xx.xx.xx, PLAIN, TLS

This turns out to have been caused by the MUA attempting to connect to port 25 
(despite clearly showing port 587 in the MUA settings). Thanks to Mac/iOS 
account syncing, merely trying to change the port never seemed to work, but 
removing the account entirely and recreating it got it to connect to port 587 
as configured.

Does dovecot log the ports if any of the various debug settings are enabled?




-- 
I NO LONGER WANT MY MTV Bart chalkboard Ep. 3G02

Re: Password issue

[@lbutlr via dovecot]

On Oct 9, 2019, at 5:23 PM, @lbutlr  wrote:
> Postfix logs "Client host rejected: Access denied” but as I said, other 
> accounts can submit and there’s nothing special in the submission service in 
> master.cf.

submission inet  n   -   n   -   -   smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_sasl_type=dovecot
   -o smtpd_sasl_security_options=noanonymous
   -o smtpd_sasl_path=private/auth
   -o smtpd_milters=
   -o milter_connect_macros=
   -o milter_macro_daemon_name=ORIGINATING
   -o syslog_name=postfix/submit
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o smtpd_data_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o smtpd_helo_restrictions=
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

Password issue

[@lbutlr via dovecot]

One of my accounts was having login failures when trying to send mail, but was 
able to check mail.

I tried everything I could think of to see what the issue might be, but 
eventually went in and reset the password in the sql database (I knew the 
password, so I reset it to the same password).

{SHA256-CRYPT}$5$VuS… 
{SHA256-CRYPT}$5$VI7…

So the password was updated properly.

Clients can still login to check mail, but are failing to send mail, so the 
password was not the issue.

First, logins in to check mail and succeeds

> Oct 09 16:02:16 imap-login: Info: Login: user=, 
> xx.xx.xx.xx, PLAIN, TLS

Sends device MUA info

> Oct 09 16:02:16 imap(myu...@covisp.net)<84553>: Info: ID 
> sent: name=iPad Mail, version=17A860, os=iOS, os-version=13.1.2 (17A860)

Fails to send mail

> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 
> 33 secs): user=, xx.xx.xx.xx, PLAIN, TLS

Postfix logs "Client host rejected: Access denied” but as I said, other 
accounts can submit and there’s nothing special in the submission service in 
master.cf.

Passwords are all copied/pasted so identical in both IMAP (p993) and SMTP 
(p587) settings. Settings for the SMTP server are identical to the other 
accounts using the same server.

I don’t know how to login to IMAP via the openssl command line interface, but 
this is what happens when I login to the submission port.

 % openssl s_client -connect mail.covisp.net:587 -starttls smtp 
… 
auth login
334 VXNlcm5hbWU6
base64(username)=
334 UGFzc3dvcmQ6
base64(pasword)=
DONE

(Same results without the terminating ‘=‘)

I’m sure I am missing something really obvious?



-- 
Lithium will no longer be available on credit

Re: Website Down? Not down.

[@lbutlr via dovecot]

On Sep 26, 2019, at 10:47 PM, dun...@gmail.com wrote:
> Its not down, its most likely your providers DNS resolution.

As I said, multiple connections failed. T-mobile started working about 2 hours 
ago, century link soon after. Comcast took longer, but is working now. Each of 
these connections have different DNS servers.


-- 
Charlie don't surf!

Website down?

[@lbutlr via dovecot]

I am not able to reach the dovecot site on any one of three connections (home, 
office, mobile).

Trying to look up DNS shows no records.



-- 
But just because you've seen me on your TV Doesn't mean I'm any more
enlightened than you

Re: File manager or browser for IMAP?

[@lbutlr via dovecot]

On Sep 25, 2019, at 4:20 PM, Joseph Tam  wrote:
> you can mulch through mail fairly quickly.

Now there is a good image!

I’m probably going to steal that. Mulch is a word that need more use.


-- 
I WILL NOT YELL "FIRE" IN A CROWDED CLASSROOM Bart chalkboard Ep. 7G01

Re: Dovecot UIDs and POP.

[@lbutlr via dovecot]

On Sep 22, 2019, at 11:20 PM, Plutocrat  wrote:
> doveadm sync -u

Did the target machine already have the user setup? I think dsync wants to sync 
mailboxes between configured and working servers with users already defined.



-- 
"Back off, man. I'm a scientist.”

Re: Spam Blocking by filtering on username / id

[@lbutlr via dovecot]

On Sep 22, 2019, at 11:29 PM, Plutocrat  wrote:
> This is probably quite an easy question, but I haven't been able to find the 
> answer. I'm running a server where all the email addresses are in the format 
> "u...@domain.com". I've noticed that a large number of fake login attempts 
> use the format "user" eg. reception, service, root, admin. 
> 
> Is it possible to prevent any such logins to these email users without an 
> @domain.com?

Are users able to login without the @domain part?

> Or maybe ignore them. Or drop them from the logging. 

As Bernd said, fail2ban will ban these Its from repeatedly trying to login, but 
they will still be logged.

There is also sshguard that will do the same thing.

One of these should probably be running anyway as they help mitigate issues 
where someone keep hammering on your system, however in the days of DDOS, they 
are less helpful than they used to be.




-- 
MEGAHAL: within my penguin lies a torrid story of hate and love.

Re: Dovecot UIDs and POP.

[@lbutlr via dovecot]

On Sep 20, 2019, at 10:38 PM, Plutocrat  wrote:
> I recently performed a mail server migration for a client under fairly 
> serious time constraints (ahem, yes one of those jobs). I would normally use 
> imapsync to get all the mail copied to the new server, but under the 
> circumstances, I had to write a script to rsync each of the mailboxes over 
> ssh, from one server to another. 
> 
> This all worked fine, except for the fact that if a client was using a POP 
> email client, when they connected to the new server, they re-downloaded all 
> their mail, creating duplicates of everything in their Outlook client. Of 
> course they weren't happy about this. IMAP email clients were OK. No 
> duplicates, and everything was fine. 

Dealing with weird POP3 things h is why I disabled it on my server more than a 
decade ago; users have to beg for POP access and promise they will ONLY use it 
to get their mail into gmail.

> So while I was migrating the mail, I did try for a while to understand the 
> format of the UID files, but failed to do so in the available time, so the 
> client just had to deal with duplicate emails. But now the smoke has cleared, 
> I'd like to understand the problem a little better, and I was hoping someone 
> on this forum could explain it to me, and the changes I'd need to make to the 
> files so that the POP client DIDN'T download the duplicate emails.

Did you check ? It has a lot of info on 
this.

Seems dsync would hav been the best way to do this?



> As a secondary question -- and perhaps I should put this in a separate 
> message -- I did notice that "doveadm sync" would apparently have helped me 
> with this, but I wasn't able to get that to work either. I believe it was 
> something to do with the fact that all the mailboxes were under the same 
> linux user account on the target server, and I couldn't figure out all the 
> paths and permissions in time. Would 'doveadm sync' have fixed all the UID 
> and duplicate POP email issues? 

Don’t know, but dsync says it does this:

"The pop3-migration plugin is used to preserve POP3 UIDLs. When dsync is 
handling IMAP INBOX and requests a POP3 UIDL, the plugin connects to the POP3 
server and figures out which IMAP messages match which POP3 messages and then 
returns the appropriate POP3 UIDL.”

Trouble is, if you are migrating POP and the server is not up, I am not sure 
what you can do with dsync?


-- 
@mdhughes: One of the few regrets I have about lawn-less apartments:
Shallow graves are so much harder to come by.

Re: Gnu sieve vs Dovecot sieve-filter - sieve-filter extremely slow at lda (writing emails to local mbox files)

[@lbutlr via dovecot]

On Sep 12, 2019, at 12:57 AM, Zenaan Harkness  wrote:
> The next step, I throw the email-incoming-unsorted mbox file at a
> sieve processor, to sort the emails from that mbox, into other
> mboxes, according to the sieve rules file.

I would expect mbox is the worst possible format choice for this.

> Gnu sieve balks on emails which have no x-message-id (?? something
> like this) header field, so after a few years, I finally decided to
> switch "up" to Dovecot/Pigeonhole's "sieve-filter" command.
> 
> Using Gnu sieve, this mbox sorting step was even faster than mpop (/
> getmail) - and mpop and getmail are really fast (compared with
> fetchmail), since they pipeline the email downloads.

Perhaps because of its reliance on the header allowing it to index?

> Even with 100s of emails, Gnu sieve would take only 10 to 20 seconds
> at most. Super fast.

That doesn’t sound fast. I processed a few thousand messages through sieve in 
less than 10 seconds, if I recall correctly.

> See below for details, any ideas appreciated.

The first thing I would do is download to Maildir and see what the difference 
is.



-- 
What we have here is a failure to communicate.

Re: [Bug] Sieve vacation :addresses match only,> case-sensitive?

[@lbutlr via dovecot]

On Sep 11, 2019, at 1:25 PM, Klaus Steinberger 
 wrote:
> I never saw any mail system in which the local Part ist Case sensitive!

Every Unix/Linux system (I’d say that represents the majority of mail systems) 
has a case sensitive local part. Most mail admins have set their systems up to 
normalize all users on lowercase names, but that is not and has not always been 
the case.



-- 
Belief is one of the most powerful organic forces in the multiverse. It
may not be able to move mountains, exactly. But it can create someone
who can.

Re: Random duplicated emails

[@lbutlr via dovecot]

On 9 Sep 2019, at 10:08, Francis  wrote:
> Where should I look to diagnostic this issue?

Look at the raw stored messages. Your MTA probably has an internal ID (queuid 
in postfix) that should tell you if the messages are getting duped before they 
get to dovecot.

the raw messages should have time stamps showing when they were written, so 
that will give you something else to check in the logs.

Both you mail and dovecot logs, of course.

Since these are local emails on one server, is it possible that server is 
sending mail to the other server that is coming back as a second copy?


-- 
Try to realize it's all within yourself/No one else can make you change

Re: Quota and maildir does not work with subfolders of INBOX

[@lbutlr via dovecot]

On 9 Sep 2019, at 09:27, Niels Kobschätzki  wrote:
> The moment I remove those folders, the size gets calculated correctly. 
> Unfortunately those folders are generated by some clients automatically afaik 
> (like .INBOX.Trash)

That sounds like a misconfiguration of the IMAP client. Someone has gone in and 
improperly set INBOX as the IMAP path Prefix in their MUA.

I used to have this problem with some users until I implemented repeated and 
consistent application of a clue bat.

I don’t know of a server-side setting to prevent users from screwing up this 
setting, but maybe?


-- 
but then a lot of nice things turn bad out there

Re: Off-site cloud backup (eg Amazon S3, Wasabi)

[@lbutlr via dovecot]

On 9 Sep 2019, at 07:47, James Brown  wrote:
> Should I use a Dovecot process, rsync, a Mac app like Arq or Jungle Disk, or 
> something else?

I do not have specific experience with using S3, but if rsync is possible that 
is always my first choice, though if you want to backup to prevent ransomware 
issues, I’d use rsnapshot since that will give you history.

If you are concerned about never ever losing a single email no matter what, 
then you need a replication server that supports versioning.





-- 
A cubicle is simply a cell without a door.

Re: doveadm mailbox list

[@lbutlr via dovecot]

On 8 Sep 2019, at 12:11, Daniel Miller  wrote:
> Seems reasonable. Now, with a non-existent mailbox...
> doveadm mailbox list -u  bogus
>   returns "bogus"
> 
> doveadm mailbox list -u  bogus*
>   returns ""
> 
> Is this a bug or correct behavior?

Seems like a bug. If it is correct IO can’t wait to hear the explanation, and I 
would suggest the man page needs updating.

 root@mail # doveadm mailbox list -u krem...@kreme.com "bogus"
bogus
 root@mail # doveadm mailbox list -u krem...@kreme.com "bogus*"
 root@mail # doveadm mailbox list -u krem...@kreme.com "dovecot"
dovecot
 root@mail # doveadm mailbox list -u krem...@kreme.com "dovecot*"
dovecot
 root@mail # doveadm mailbox list -u krem...@kreme.com "dovecott*”
 root@mail # 




-- 
I believe you can joke about anything. -- George Carlin

Re: How are imap images supposed to be stored

[@lbutlr via dovecot]

On 3 Sep 2019, at 00:32, d.gent...@m4ever.de wrote:
> This is a question about the imap protocol, since I am having a hard time 
> finding these things out, so I hope you guys can help me.  We are using 
> Dovecot to receive mails and having an issue with Thunderbird. ⌘

You and most everyone who uses Thunderbird.

> Basically, we are running into this bug with a lot of people: 
> https://bugzilla.mozilla.org/show_bug.cgi?id=216308. 

That links includes what is claimed to be a solution, have you tried it>

>> Account Settings > Server Settings > Connection Security: SSL/TLS

(that should be the setting for all mail clients anyway).


-- 
"Get your facts first, and then you can distort them as much as you
please." - Mark Twain

Re: Server administration

[@lbutlr via dovecot]

On 4 Sep 2019, at 07:26, @lbutlr  wrote:
>  with IMAP logging and local rules.

IMAP logins.


-- 
"640K ought to be enough RAM for anybody." - Bill Gates, 1981

Re: Server administration

[@lbutlr via dovecot]

On 2 Sep 2019, at 02:08, Alexander Dalloz  wrote:
> Unless you run a big install with lots of accounts where it can be handy to 
> use some sort of meta tool (modoboa, postfixadmin, ...) there is zero need 
> for an SQL backend.

It is much easier to manage users, even a few users, via a database than 
dealing with local users. (Having manage both for years and years and finally 
having moved everyone into a database I’ve spent a lot of time on this, a 
database back end is better.

And even without having a large user base, a tool like postfixadmin lets the 
user do some of their management themselves (changing passwords, creating 
aliases, etc).

> Anyhow, someone like the OP who appears not to be much experienced in the 
> field of running his own mail service should not get the idea a database 
> backend is what he really needs. Start KISS and master all the complex 
> requirements in a simple manner first.

Since local users open a security hole into your mail server, I would argue 
that virtual users *is* keeping it simple, also, if you end up with many users 
in the future you will need to got to a database of some sort anyway, whether 
SQL-like or LDAP like, so you might as well do it from the start. I’d say SQL 
is simpler to deal with than LDAP, but I also have more experience with SQL, so 
I would.

> Or outsource the task to a mail service provider.

Yes, this is the best choice.



-- 
Q: how do you titillate an ocelot?  A: you oscillate its tit a lot.

Re: Server administration

[@lbutlr via dovecot]

On 1 Sep 2019, at 15:53, Michael Hallager  wrote:
> On 2019-09-02 06:24, Alexander Dalloz via dovecot wrote:
>> Am 01.09.2019 um 14:41 schrieb Aleksandr Mette via dovecot:
>>> 4. Forward e-mail
>> Don't do that nor let your users auto-forward their mail received on
>> your MX. Else you will end up faster than you think on blacklists as
>> very likely your server will forward SPAM and gets classified as a
>> SPAM source.
> 
> You have to let users forward their email

No you don’t.

> because this is functionality they expect.

Which they can manage themselves with IMAP logging and local rules.

> The trick is to spam scan all email first, otherwise as Alexander has said, 
> you end up on RBL's.

A lot of mail that is not spam when it arrives WILL be spam when it is 
forwarded as it will fail SPF, Fail DKIM, and any header checks will flag the 
mail as suspicious.

The only way to safely forward mail is to enclose it as an attachment, and this 
is something users do not want.



-- 
Oh never resist an impulse, Sabrina. Especially if it's terrible.

Re: sometimes no shared cipher after upgrade from 2.2 to 2.3

[@lbutlr via dovecot]

On 21 Aug 2019, at 07:12, Kristijan Savic - ratiokontakt GmbH 
 wrote:
> ssl3

> Any ide what could be causing it?

Old MUAs or bad settings on the MUA. SSLv3 should not be used.

You should NOT try to add support for SSLv3.



-- 
"Alas, earwax.”

Re: Dovecot and hard links?

[@lbutlr via dovecot]

On 16 Aug 19, at 16:57 , @lbutlr  wrote:
> Ack. I checked the junk folder and there are 379 files in there with 379 
> links!

It appears the main culprit is actually the sieve script that is supposed to 
mark messages moved out of the Junk box as ham. Somehow it was getting itself 
stuck and creating new hard links over at over. Before I for it under control, 
I have 240,000 “messages:” in the inbox, 141 of which were actual messages. I 
have disabled the sieve script and so far the problem hahasn’t reoccurred, but 
then the sieve script has been there a long time without issues before, so I 
suspect there was something else going on.

 # cat report-ham.sieve.disabled
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];

if environment :matches "imap.mailbox" "*" {
  set "mailbox" "${1}";
}

if string "${mailbox}" "Trash" {
  stop;
}

if environment :matches "imap.user" "*" {
  set "username" "${1}";
}

pipe :copy "sa-learn-ham.sh" [ "${username}" ];

Executed via:

plugin {
  …
  imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
…
}

Re: Dovecot and hard links?

[@lbutlr via dovecot]

On 17 Aug 19, at 10:14 , Timo Sirainen  wrote:
> Hard links are created when a mail is copied with the IMAP COPY command. So 
> Dovecot just does what the client asks it to do. Maybe you have some 
> misbehaving IMAP client?

Maybe. Heck, I’ll grant probably, even.

But what do I do about it? How can I see when and where Dovecot is making 
hundreds of hard links to single messages? And when I have 379 hard links in a 
single folder all linking in the same Maildir folder that isn’t an IMAP COPY, 
can it?

 # find . -samefile 
cur/1564791714.M272226P99946.mail.covisp.net,S=8572,W=8738:2,Sbm
 
./cur/1564212774.M188126P73039.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564249810.M383378P61816.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564249870.M645963P63778.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564249931.M726654P10909.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564249992.M167306P22041.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250054.M627856P36026.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250120.M344375P57372.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250184.M87018P78868.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250244.M239686P97249.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250307.M256738P32251.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250369.M562195P60508.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250432.M269767P89961.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250493.M348431P23010.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250554.M213392P36137.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250614.M852674P98300.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250701.M145311P56821.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250788.M796958P24655.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250850.M154873P76505.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564250910.M858640P38368.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564251004.M975829P24042.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564251099.M801627P27707.mail.covisp.net,S=8572,W=8738:2,Saei
./cur/1564251204.M608023P48105.mail.covisp.net,S=8572,W=8738:2,Saei

Etc etc.

(Also,I have tried two find the mappings for the ,Sbm and ,Saei but I do not 
have a dovecot-keywords file on my system anywhere (according to locate at 
least). I mean, I know S is Seen, but abeim are a mystery.)

Re: Dovecot and hard links?

[@lbutlr via dovecot]

On 16 Aug 19, at 07:33 , @lbutlr  wrote:
> I was looking at a mail folder and I noted that a file in the inbox had a 
> total of 11 hard links to it:

Ack. I checked the junk folder and there are 379 files in there with 379 links!

Since they were all in jink I just deleted them all, but that cannot possibly 
be desired behavior.

What do I check here?




-- 
Wonderful girl! Either I'm going to kill her or I'm beginning to like
her.

Dovecot and hard links?

[@lbutlr via dovecot]

I was looking at a mail folder and I noted that a file in the inbox had a total 
of 11 hard links to it:

 # exa -lH cur/1564249738.M167990P53982.mail.covisp.net,S=8572,W=8738:2,Sgl
.rw--- 11 8.6k vpopmail 19 Jul 19:59 
cur/1564249738.M167990P53982.mail.covisp.net,S=8572,W=8738:2,Sgl

 # find . -samefile  
cur/1564249738.M167990P53982.mail.covisp.net,S=8572,W=8738:2,Sgl
[6:59] 
[/usr/local/virtual/kr...@kreme.com/Maildir] 
./.Junk/cur/1564253637.M808919P50422.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564253637.M808920P50422.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564253723.M977674P50422.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564253723.M977675P50422.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564253723.M977676P50422.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1563587951.M591499P47868.mail.covisp.net,S=8572,W=8738:2,
./.Junk/cur/1564851795.M381461P10380.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564851795.M381462P10380.mail.covisp.net,S=8572,W=8738:2,bc
./.Junk/cur/1564852369.M760020P10380.mail.covisp.net,S=8572,W=8738:2,bc
./.Trash/cur/1563587951.M591499P47868.mail.covisp.net,S=8572,W=8738:2,S
./cur/1564249738.M167990P53982.mail.covisp.net,S=8572,W=8738:2,Sgl

A bit of background: a few weeks ago I had thousands of files in the mail store 
that had hundreds of links, and I got that all cleaned up through juggling some 
grep and awk to delete all but one of the linked files. I figured this was 
caused by something I’d done when I moved local users into being virtual users 
and eliminated pam authentication in favor of sql. But this gives me pause.

I think it’s normal for a file in the INBOX that is marked as junk or as 
deleted to have a single hard link (or at least it is since the default was set 
to maildir_copy_with_hardlinks), but 11?

And when do these hard links get cleaned off? If I delete the trashed and 
junked messages, when does dovecot go through and removed the linked files in 
the cur/ folder?

(It’s not immediate, I trashed those copies in Junk and Trash and the original 
file is still in the cur folder)




-- 
There is nothing so stupid that some person somewhere will not, with
earnestness, say it.

Re: Solr, Dovecot & macOS / iOS

[@lbutlr via dovecot]

On 13 Aug 19, at 05:58 , James Brown  wrote:
> 
> b) does Mail.app and other mail clients on Macs or iOS devices perform 
> searches on their local copy of mail or does it just send a search request to 
> the server?

Mail.app uses spotlight on the local data, so if your users are all Mac then 
solar is pointless.

Re: Autoexpunge not working for Junk?

[@lbutlr via dovecot]

On 12 Aug 2019, at 00:18, Sami Ketola  wrote:
> "1. What's the first mail's saved-timestamp?
> doveadm fetch -u user date.saved mailbox Junk 1
> 
> 2. That timestamp should also be the same in dovecot.list.index:
> doveadm mailbox status -u user firstsaved Junk"
> 
> can you check that information?

Not for awhile since I manually cleaned out my junk a few days ago.

However, messages are moved to Junk almost entirely automatically. One or two 
outliers, sure, but a bunch of messages over 2 weeks old that have been in junk 
less than two weeks seems… unlikely.

Re: Autoexpunge not working for Junk?

[@lbutlr via dovecot]

On 8 Aug 2019, at 13:03, Amir Caspi  wrote:
> IMHO the setting should apply regardless of protocol, but is that actually 
> the case in practice?

It seems to be broken.

I have

namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
autoexpunge = 14 days
auto = subscribe
special_use = \Junk
}
… 
}

and I have messages in my Junk Mail from 16 July 2019



-- 
I AM ZOMBOR! (kelly) ZOMBOR!

index failed

[@lbutlr via dovecot]

When reindexing I go the following error

Mailbox test: UID=1: read(/path/to/mail,S=4248,W=4349) failed: Cached message 
size larger than expected (4248 > 1182, box=test, UID=1) (read reason=mail 
stream)

In this case, the message was an unimportant test message with no content, so I 
simply removed it, but had it been important what would I need to do?


-- 
Nine-tenths of the universe is the knowledge of the position and
direction of everything in the other tenth. Every atom has its
biography, every star its file, every chemical exchange its equivalent
of the inspector with a clipboard. It is unaccounted for because it is
doing the accounting for the rest of it. Nine-tenths of the universe, in
fact, is the paperwork. --The Thief of Time

Re: Since multiple ,matches

[@lbutlr via dovecot]

Never mind, I figured out my (stupid) error.

> I have a rule in sieve like the following:
> 
> if anyof (header :contains ["to"] [ "box", "change", "cornell”, “twitter”]) {




-- 
'My strength is like the strength of ten because my heart is pure,' said
Carrot. 'Really? Well, there's eleven of them.' —Jingo

Since multiple ,matches

[@lbutlr via dovecot]

I have a rule in sieve like the following:

if anyof (header :contains ["to"] [ "box", "change", "cornell”, “twitter”]) {
   setflag "\\Seen";
   fileinto :create "misc";
   stop;
}

The messages that come in are using address extensions, so 
user+twit...@example.com, for example.

The trouble is, this sieve recipe doesn’t get triggered and the message gets 
filed into the extension folder “twitter” or “cornell” instead of “misc”.

I have a very similar recipe following that one:

if header :contains "to" "root" {
   setflag "\\Seen";
   addflag "$label5"; 
   fileinto :create "root";
   stop;
}

And that one works as I expect.

Is that multiple match format valid for :contains (I’ve only seen it used for 
:regex)? I don’t get an error.

Is there a way to run a debug log for the sieve recipe? Preferably for a single 
user.


-- 
Vernon: Now this is the thought that wakes me up in the middle of the
night. That when I get older, these kids are going to take care of me
Carl: I wouldn't count on it.

Re: Help with IMAP IDLE

[@lbutlr via dovecot]

On 27 Jul 2019, at 04:15, Jorge Bastos  wrote:
> When i migrated the account from the old imap server to the new (dovecot), i
> didn't removed and created the account in msoutlook, as i didn't saw any
> reason to do it.
> Creating the account again, IDLE works ok!

Glad you got that figured out. Seems like a weird one.



-- 
CURSIVE WRITING DOES NOT MEAN WHAT I THINK IT DOES Bart chalkboard Ep.
2F11

Re: Dovecot, FreeBSD, and Solr?

[@lbutlr via dovecot]

On 27 Jul 2019, at 00:42, Patrick Mahan  wrote:
> On Fri, Jul 26, 2019 at 2:44 PM @lbutlr via dovecot  
> wrote:
> On 26 Jul 2019, at 09:35, dove...@filter.demeijer.com wrote:
> > I basically followed https://www.c0ffee.net/blog/mail-server-guide/ And
> > dovecot with solr is running fine on freebsd for me.
> 
> Thanks for that link, looks very straight-forward.
> 
> 
> I too followed that guide for setting up dovecot+postfix+solr.  The one major 
> caveat is that the binary dovecot package does not have solr support and I 
> had to build it from the port source tree and enable it.

I had some sort of issue and didn’t have time to look into it, so disabled solr 
(everything was being deferred).

The configuration is right, but I think he maxprocess setting on my freebsd is 
very old, out of date, and low (solr threw a warning that I needed to increase 
it)



-- 
Law of Probability Dispersal: Whatever hits the fan will not be evenly
distributed.

Re: Dovecot, FreeBSD, and Solr?

[@lbutlr via dovecot]

On 26 Jul 2019, at 09:35, dove...@filter.demeijer.com wrote:
> I basically followed https://www.c0ffee.net/blog/mail-server-guide/ And
> dovecot with solr is running fine on freebsd for me.

Thanks for that link, looks very straight-forward.


-- 
Nothing says poor craftsmanship more than wrinkled duct tape.

Re: Sieve adding header content to a different header

[@lbutlr via dovecot]

> Subject: This is the subject:
> X-Foo: bar
> 
> how would I do the following:
> 
>  1) Add the contents of X-Foo to subject 
> Subject: [bar] This is the subject
> 
>  2) replicate the X-Foo header into X-temp
> X-temp: X-foo-bar

Is there a sieve list that might be more appropriate for sieve specific 
questions?


-- 
This is to say: while it was true that they had just appeared in this
particular set of dimensions, it was also true that they had been living
in them all along. It is at this point that normal language gives up,
and goes and has a drink. --Colour of Magic

Re: Freebsd ports?

[@lbutlr via dovecot]

On 23 Jul 2019, at 08:00, @lbutlr  wrote:
> The version of dovecot in freebsd ports tree is still 2.3.6, any idea when 
> this will be updated to 2.3.7?

Sorry, please ignore this; brain cloud.


-- 
I gotta straighten my face This mellow-thighed chick just put my spine
out of place

Freebsd ports?

[@lbutlr via dovecot]

The version of dovecot in freebsd ports tree is still 2.3.6, any idea when this 
will be updated to 2.3.7?


-- 
"I can't see the point in the theatre. All that sex and violence. I get
enough of that at home. Apart from the sex, of course." -  Baldrick

Sieve adding header content to a different header

[@lbutlr via dovecot]

Given a message itht he headers:

Subject: This is the subject:
X-Foo: bar

how would I do the following:

   1) Add the contents of X-Foo to subject 
  Subject: [bar] This is the subject

   2) replicate the X-Foo header into X-temp
  X-temp: X-foo-bar



-- 
THE PRESIDENT DID IT IS NOT AN EXCUSE Bart chalkboard Ep. AABF05

Re: Help with IMAP IDLE

[@lbutlr via dovecot]

On 22 Jul 2019, at 03:45, Jorge Bastos via dovecot  wrote:
> On Jul 21, 2019, at 11:50, Jorge Bastos via dovecot  
> wrote:
>>> SSL/TLS is done via Stunnel
> 
>> Dirst, others have asked but I haven’t seen an answer, do you have any 
>> reason to think Outlook supports IMAP idle at all? I mean, I know 
>> outlook.com > doesn’t support it, so maybe it just doesn’t work?

>> Secondly, assuming Outlook does support IMAP idle, if you setup Dovecot to 
>> use SSL and not stunnel do things work?

> Yes, it works with other IMAP servers, why should not work with dovecot?

I’m confused by your answer, how do your dovecot settings and/or use of stunnel 
affect other IMAP servers?

This account with a dovecot server:

Jul 22 04:26:51 mail dovecot: imap(krem...@kreme.com)<15649>: 
Connection closed (IDLE running for 0.001 + waiting input for 465.309 secs, 2 B 
in + 10 B out, state=wait-input) in=1549 out=5488 deleted=0 expunged=0 
trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

Re: pigeonhole question: filtering on delivered-to in case of fetchmail

[@lbutlr via dovecot]

> On 17 Jul 2019, at 10:03, Trever L. Adams via dovecot  
> wrote:
> 
>> On 15 Jul 2019, at 18:11, Trever L. Adams via dovecot > > wrote:
>> >
>>  So, one of the problems I am seeing is that people are trying to fake
>> 
>> >
>>  users into revealing information by sending from an outside domain but
>> 
>> >
>>  with an internal reply to address and claiming to be administration, IT
>> 
>> >
>>  or what not.
>> 
>> 
>> You should not accept external mail claiming to be from your domain unless 
>> that mail comes via authenticated submission. But if the reply to is going 
>> to an internal address… 
>> 
>> I’m puzzled by exactly what you mean here. Are you saying that users on your 
>> system are trying to phish other users on your system?
>> 
>> >
>>  I can set up something that will reject if from is outside the domain by
>> 
>> >
>>  reply to is internal. The problem is in some setups, there are fetchmail
>> 
>> >
>>  setups. I do not want to reject these with a message. Which is what I am
>> 
>> >
>>  currently doing for the others. Maybe I should discard them all without
>> 
>> >
>>  rejecting.
>> 
>> 
>> I haven’t used fetch mail in many many years, so I can’t answer anything 
>> specifically about it, but if you use it to allow external senders to send 
>> mail via your system in a way that is not authenticated then you should not 
>> do that.
>> 
> I do NOT allow email claiming to be from my domains. The problem is "forgery" 
> of Reply-To headers. 

People are forging reply-to headers to go to local addresses on your system? 
What is the possible motivation to that? Anyone replying will not reach the 
spammer/phisher.

> Some nonsense about having failed to follow directions and if I don't click 
> the link below, the account would be deleted. It was NOT talking about an 
> account on another system, but the email account itself.

Ah, I see what the problem is now. This is a job for SpamAssassin. Or a milter 
to strip URLs )or render them uunlcikable) to external domain from animal with 
a reply-to-header in your domain. But what email clients show reply-to and not 
From? Heck, don't most mail clients not show reply-to at all?

> So, as you see, it is coming from an outside domain. As the sieve code 
> showed, I am testing for where reply-to claims to be for internal domain, but 
> the from is NOT from it. This email was a good example of that.

Yes, sieve would be ideal for this as it’s very easy to match that and then 
feed the message to your bayes filtering, but you have to make exceptions for 
mailing lists,a s they often have a from and a reply-to that are different.

I don’t think I’ve seen this behavior, and I still find it a bit weird. 


-- 
BILL: I can't get behind the Gods, who are more vengeful, angry, an
dangerous if you don't believe in them!
HENRY: Why can't all these God just get along? I mean, they're
omnipotent and omnipresent, what's the problem?

Re: Auto-duplicate mailstore?

[@lbutlr via dovecot]

On 12 Jul 2019, at 16:15, @lbutlr via dovecot  wrote:
> I am looking for something that is similar to replication, but without a 
> second server. I currently have a system setup using postfix bcc to write out 
> copies of all email, but what I would rather do is just have all the mail 
> written to /usr/local/virtual/%u/Maildir and also to 
> /backup/usr/local/virtual/%u/Maildir (for example) as this will make 
> restoring messages much simpler.

Any ideas on how to do this?

A sort of copy on save function.



-- 
From deep inside the tears that I'm forced to cry From deep inside the
pain I--I chose to hide

Re: pigeonhole question: filtering on delivered-to in case of fetchmail

[@lbutlr via dovecot]

On 15 Jul 2019, at 18:11, Trever L. Adams via dovecot  
wrote:
> So, one of the problems I am seeing is that people are trying to fake
> users into revealing information by sending from an outside domain but
> with an internal reply to address and claiming to be administration, IT
> or what not.

You should not accept external mail claiming to be from your domain unless that 
mail comes via authenticated submission. But if the reply to is going to an 
internal address… 

I’m puzzled by exactly what you mean here. Are you saying that users on your 
system are trying to phish other users on your system?

> I can set up something that will reject if from is outside the domain by
> reply to is internal. The problem is in some setups, there are fetchmail
> setups. I do not want to reject these with a message. Which is what I am
> currently doing for the others. Maybe I should discard them all without
> rejecting.

I haven’t used fetch mail in many many years, so I can’t answer anything 
specifically about it, but if you use it to allow external senders to send mail 
via your system in a way that is not authenticated then you should not do that.



-- 
NON-FLAMMABLE IS NOT A CHALLENGE Bart chalkboard Ep. BABF13

Re: Sent messages disappear and don't arrive. (Receiving is ok)

[@lbutlr via dovecot]

On 14 Jul 2019, at 03:35, John via dovecot  wrote:
> I'm running an email server (Postfix, Dovecot, MySQL) on an RPi. I set it up 
> using this 'howto' https://pestmeester.nl/index.html#11.0. It seemed to work 
> but now sent emails just disappear and are not received. Inward emails are 
> ok. 

You will need to look in your postfix logs to see what is happening to outbound 
mails.

If you are on a home connection, most ISPs do not allow mail servers.


-- 
Science is the foot that kicks magic square in the nuts.

Re: Getting SSL certificate/key from database

[@lbutlr via dovecot]

On 13 Jul 2019, at 22:57, Yevgeny Kosarzhevsky via dovecot 
 wrote:
> I am not finding how to read SSL keys/certificates from database.
> Is this possible? Or only file reads allowed?

As I read it, only files are allowed.



-- 
"I'm just like every modern woman trying to have it all. A loving
husband, a family. I only wish I had more time to seek out the dark
forces and join their hellish crusade.”

Re: Auto-duplicate mailstore?

[@lbutlr via dovecot]

On 12 Jul 2019, at 16:15, @lbutlr via dovecot  wrote:
> I am looking for something that is similar to replication, but without a 
> second server. I currently have a system setup using postfix bcc to write out 
> copies of all email, but what I would rather do is just have all the mail 
> written to /usr/local/virtual/%u/Maildir and also to 
> /backup/usr/local/virtual/%u/Maildir (for example) as this will make 
> restoring messages much simpler.

Note: doveadm backup is not a solution because it replicates the current state 
of the mailstore, what I need is a separate backup that is not altered by 
user’s screwing things up or accidentally deleting mail.

Certainly, a way to expire older mails from the backup would be great, but the 
crucial “feature” is that the backup doesn’t delete any mails based on user 
action.



-- 
And I was grounded while you filled the skies I was dumbfounded by
truth; you cut through lies

Auto-duplicate mailstore?

[@lbutlr via dovecot]

I am looking for something that is similar to replication, but without a second 
server. I currently have a system setup using postfix bcc to write out copies 
of all email, but what I would rather do is just have all the mail written to 
/usr/local/virtual/%u/Maildir and also to /backup/usr/local/virtual/%u/Maildir 
(for example) as this will make restoring messages much simpler.


-- 
Gods don't like people not doing much work. People who aren't busy all
the time might start to think.

Reprocess mail through sieve?

[@lbutlr via dovecot]

is there a way to process a mailbox through an existing sieve script as it the 
mail was being delivered anew?

I’ve cleaned up a lot of my list-sorting scripts and I would like to process a 
bunch of mail again so it gets sorted properly.

If I can do this could I also do it for a specific date range?

For example, let’s say io want to reprocess all the messages that are in 
“Archive” from between 20190501 and 20190630?



-- 
Think of how stupid the average person is, and realize half of them are
stupider than that.

Re: mail_crypt: multiple keypairs

[@lbutlr via dovecot]

On 4 Jul 2019, at 03:17, @lbutlr via dovecot  wrote:
> On 3 Jul 2019, at 06:38, mabi via dovecot  wrote:
>> Is it possible to delete the inactive keypair? if yes how?
> 
> Wouldn’t you then be unable to encrypt previous emails?

UNencrypt, of course.

Re: mail_crypt: multiple keypairs

[@lbutlr via dovecot]

On 3 Jul 2019, at 06:38, mabi via dovecot  wrote:
> Is it possible to delete the inactive keypair? if yes how?

Wouldn’t you then be unable to encrypt previous emails?

Re: Dovecot 2.3.0 TLS

[@lbutlr via dovecot]

On 3 Jul 2019, at 02:55, Peter Kahl via dovecot  wrote:
> I failed to disclose that the described problem occurs on iOS 13.0 beta.
> 
> After trying again and again, it appears that a bug in iOS 13.0 beta is the 
> likely culprit. I am reading on Reddit that there is some bug in iOS with 
> certificate trust...

I am accessing my dovecot mail via iOS 13 beta without issue. (noe on eta 3, 
but had no issues with beta 2 or 3. Well, no issues with MAIL that is).

I am running current doevcot.

I just opened the mail client on my phone:

imap(krem...@kreme.com)<12940><14ffIdeMDf9JDqGg>: ID sent: name=iPhone Mail, 
version=17A5522f, os=iOS, os-version=13.0 (17A5522f)

Re: Sieve question

[@lbutlr via dovecot]

On 3 Jul 2019, at 01:28, Stephan Bosch via dovecot  wrote:
> On 03/07/2019 04:44, @lbutlr via dovecot wrote:
>> I have the following in my active sieve file, and there are no errors logged.
>> 
>> 
>> if header :contains "to" "+root" {
>>setflag "\\Seen";
>>fileinto :create "root";
>>stop;
>> }
>> 
>> The message is put in .root, bit is not marked as seen.
>> 
>> Is the default action to put mail in a folder matching the extension taking 
>> precedence?
> 
> That should work. What version is this (output from `dovecot -`n`)? There 
> have been some bugs with flags in the recent history.

# 2.3.6 (7eab80676): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.6 (92dc263a)
# OS: FreeBSD 11.2-RELEASE-p10 i386  

It seems ti be working now. Does dovecot need to refresh the sieve rules 
periodically? (It has not been restarted recently., so it’s not that).

Sieve question

[@lbutlr via dovecot]

I have the following in my active sieve file, and there are no errors logged.


if header :contains "to" "+root" {
   setflag "\\Seen";
   fileinto :create "root";
   stop;
}

The message is put in .root, bit is not marked as seen.

Is the default action to put mail in a folder matching the extension taking 
precedence?

Re: Problem in doveadm import dovecot 2.2

[@lbutlr via dovecot]

On Jun 26, 2019, at 3:40 PM, Alexander Varejão via dovecot 
 wrote:
> I always used dovecot in version 2.0 and in the last month i update my 
> servers to dovecot 2.2 but now i have problems with comand dovecot import, 
> not works for me, bellow i put 2 examples used in my tests in boths cases not 
> works for me.

“Not work:” is not helpful.

Do you have error messages?

Have you run th commands with -Dv flags?

Do you have logs?

Have you posted your doveconf -n?

Re: LastLogin update

[@lbutlr via dovecot]

On 24 Jun 2019, at 08:25, Júlio Covolato via dovecot  
wrote:
> #$ cat dovecot-last-login.conf

[ … ]

> dovecot.conf:
> 
> plugin {
> # Track last login time on imap and pop3
> last_login_dict = proxy::lastlogin
> last_login_key = last-login/%u/%d/%r/%s
> }

Thank you, that is very clear.

Where is the file dovecot-last-login.conf referenced in the dovecot.conf? Or it 
is enabled by virtue of being in conf.d/?


-- 
"I hate to advocate drugs, alcohol, violence, or insanity to anyone, but
they've always worked for me." --Hunter Thompson

Re: LastLogin update

[@lbutlr via dovecot]

> On 20 Jun 2019, at 11:36, Adrian Minta via dovecot  
> wrote:
> 
> this seems to work very well: 
> 
> https://docs.iredmail.org/track.user.last.login.html

This is cool, but I have a question:

> For MySQL/MariaDB backends, we create the sql table in database vmail.

Would this interfere with or confuse postfixadmin? I use that so that users can 
update their own passwords and domain admins can add users and aliases.

> You could also add "rip = $rip" in "fields" for the ip address.



-- 
Lead me not into temptation, I can find the way.

Re: last login user tracking

[@lbutlr via dovecot]

On 21 Jun 2019, at 15:13, David Mehler via dovecot  wrote:
> the problem is the last login value does not mean anything to me.

It is standard unix “seconds since the epoch’ and can be converted into any 
format you want in any time zone at any time by using the date command.

# date -r 15 +%F-%T
2019-04-17-20:45:55



-- 
Mos Eisley spaceport. You will never find a more wretched hive of scum
and villainy. We must be cautious.

Re: Submission service and SMTP AUTH capability

[@lbutlr via dovecot]

On 21 Jun 2019, at 08:40, Germán Herrera via dovecot  
wrote:
> I also found out that the AUTH is shown before entering STARTTLS if I set 
> "ssl = yes", but the capability is hidden from pre-starttls EHLO if I do 
> enforce SSL with "ssl = required", which is my server configuration.
> 
> That is an strange behavior for me, but I can deal with it now that I know 
> how it works.

That is perfectly normal, AFAIK. If you require encryption (which you should) 
then the only thin the client sends is STARRTLS and nothing can happen before 
that.


-- 
To read makes our speaking English good.

Re: Dovecot and Solr on the same server or on different

[@lbutlr via dovecot]

On 20 Jun 2019, at 07:45, Götz Reinicke via dovecot  wrote:
> Yes, we are on VMs. Of course I could extend the resources for the dovecot VM 
> (more CPU, more RAM) but as mentioned having separate VMs/systems is in some 
> situations the preferred way.

Yep, that totally makes sense. I am Old™ and still think of “server” as a 
physical box sitting in a rack.

-- 
Lead me not into temptation, I can find the way.

Re: mremap_anon() failed: Not enough space

[@lbutlr via dovecot]

On 20 Jun 2019, at 07:46, Dave McGuire via dovecot  wrote:
> On 6/20/19 6:07 AM, @lbutlr via dovecot wrote:
>>> Jun 19 14:47:31  dovecot: [ID 583609 local0.error]
>>> imap(): Error:
>>> mremap_anon(/var/mail///mailboxes/INBOX/Trash/dbox-Mails/dovecot.index.cache,
>>> 27632) failed: Not enough space
>>> 
>>> I'm running 2.2.36.1 under Solaris 10 (patched to current) on
>>> UltraSPARC.  There's plenty of memory, plenty of swap, and plenty of
>>> disk, but this is a fairly busy mail server.
>> 
>> Are you sure there is plenty of space on /var/mail/ ? Because that should 
>> only show up when the mount point is full.
> 
>  Yes, there's about 3TB available there.
> 
>> Also, what is your definition of “plenty”? (I have some index files in the 
>> 50MB range, and I am sure there are people with indexes much larger than 
>> that).
> 
>  The index file in question was 255MB.  In desperation, and watching
> the other thread going on about index files, I moved dovecot.index.cache
> aside and let it be re-created.  No further issues have appeared in the
> log, and the new dovecot.index.cache file (created yesterday) has grown
> to about 120KB.
> 
>  The spool in question was about 3GB, with about 100K messages in it.
> I've never seen a dovecot.index.cache file grow so large; does that seem
> reasonable to you?

They seem to grow. As I meant to say, but typoed, I have some in the range of 
500MB here (not 50MB, though I have those too). I think deleting the 
index.cache every now and then is probably reasonable but I don’t know what a 
reasonable time frame is. Yearly? I might start with yearly. I removed them all 
yeterday shortly after posting to see how things would go.

# exa -l /usr/local/virtual/*/*/.*/dove* | sort -k 2 -h   

They are much much smaller (under 10MB), but I am sure they will grow as users 
access the larger folders on their mail store (it’s not unusual for user to 
have 4-5GB of email in their .Archive mail store).

It’s also possible that the cache files USED to grow quite large in previous 
versions and that now they are much more reasonable, but the only way to reset 
their size appears to be to delete them and let dovecot rebuild them.

Anyway, if you get any sort of index errors in the future the first trouble 
shooting step is to delete the index file. If that doesn’t work, delete all the 
index files for that folder. Then if that still didn’t fix it you start looking 
for other causes.

Re: Dovecot and Solr on the same server or on different

[@lbutlr via dovecot]

On 20 Jun 2019, at 04:12, Riccardo Bicelli via dovecot  
wrote:
> I agree that is a small mail load.
> But I mean, if you are running virtual machines (like me)  it is
> better to split the roles and leave solr on its own.

Oh, right. I thought we were talking about actual hardware separation.

-- 
Lead me not into temptation, I can find the way.

Re: Help on CRAM-MD5

[@lbutlr via dovecot]

On 20 Jun 2019, at 04:14, Jorge Bastos via dovecot  wrote:
> I don't desagree with your vision, but if the use of CRAM- has to use
> plaint text password's on the server there's a dark side, or there's a
> CRAM-XXX that can use encrypted on server side? There's always the thing
> that can clients don't support it.

The “encrypted” password store that CRAM-MD5 supports is MD5 which cannot be 
classified as encryption at this point.

Not sure why  you are saying CRAM-XXX as there is only CRAM-MD5.

-- 
Lead me not into temptation, I can find the way.

Re: mremap_anon() failed: Not enough space

[@lbutlr via dovecot]

On 19 Jun 2019, at 13:13, Dave McGuire via dovecot  wrote:
> Jun 19 14:47:31  dovecot: [ID 583609 local0.error]
> imap(): Error:
> mremap_anon(/var/mail///mailboxes/INBOX/Trash/dbox-Mails/dovecot.index.cache,
> 27632) failed: Not enough space
> 
>  I'm running 2.2.36.1 under Solaris 10 (patched to current) on
> UltraSPARC.  There's plenty of memory, plenty of swap, and plenty of
> disk, but this is a fairly busy mail server.

Are you sure there is plenty of space on /var/mail/ ? Because that should only 
show up when the mount point is full.

Also, what is your definition of “plenty”? (I have some index files in the 50MB 
range, and I am sure there are people with indexes much larger than that).

-- 
Lead me not into temptation, I can find the way.

Re: Help on CRAM-MD5

[@lbutlr via dovecot]

On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot  
wrote:
> There is plenty of context where TLS is not possible/desirable.

I’d say that is terrible advice. There are no reasonable contexts where is it 
is acceptable to send mail credentials without encryption. My users have had to 
use STARTTLS for submission for many many years. Insecure connections from 
users are not an option.

> And without client certificate, mutual strong authentication is not 
> available,

For certain values of strong, sure. But nearly no one needs mutual strong 
authentication to the level that client certs are necessary, and if someone 
does need them, then that is not a significant hurdle. And the connections are 
still encrypted.

*ALL* user to server transactions should be encrypted and nothing should be 
willfully downgrading security in the flawed reasoning of convenience. That is 
why we have as many security issue as we do right now; we are still living down 
the legacy of the previous century’s lack of security at ever stage in design.



-- 
Yeah, Nick. Nick's the kinda guy you can trust. Nick's your buddy Nick's
the kinda guy you drink beers with. The kinda guy that doesn't care if
you puke in his car. Nick.

Re: Dovecot and Solr on the same server or on different

[@lbutlr via dovecot]

On 20 Jun 2019, at 01:21, Riccardo Bicelli via dovecot  
wrote:

>  ha scritto:
>> what would you suggest? What are the pros and cons  for having dovecot and 
>> Solr on the same or different hots?
>> 
>> I have about 800 accounts, some millions of mails and about 2 TB of zipped 
>> mails.
>> 
>> From the recent experiences regarding maintenance I’d prefer different hosts 
>> for each.

> Hi, from a scalability perspective I would put solr on a separate host.

With that small a mail load?

I mean, the scalability issues will be a long time coming unless the hardware 
is really weak, and the headache of two servers not to mention the constant 
communication between them… 

But if that’s what you would rather do anyway, then sure.


-- 
Don't ride in anything with a Capissen-38 engine, they fall right out of
the sky

Re: recipient delimiters

[@lbutlr via dovecot]

On 19 Jun 2019, at 17:37, Stephan Bosch via dovecot  wrote:
> On 20/06/2019 01:20, @lbutlr via dovecot wrote:
>> On 18 Jun 2019, at 15:03, @lbutlr via dovecot  wrote:
>>> I don’t see a way to tell dovecot what delimiters to use, and it appears it 
>>> is still using a single delimiter only despite postfix having added support 
>>> for more than one years ago.
>> Ideas?
> 
> There is the recipient_delimiter setting. For recent versions, this is a list 
> of characters recognized as such.

In Dovecot? Ugh, I searched dovecot wiki for that.

Oh, I forgot to click on “text” for the search and got zero hits.

<https://wiki.dovecot.org/Upgrading/2.3?highlight=%28recipient_delimiter%29>

protocol lmtp {
  postmaster_address = postmas...@covisp.net   # required
  mail_plugins = quota sieve
  info_log_path = /var/log/dovecot-lmtp.log
  lmtp_save_to_detail_mailbox = yes
  recipient_delimiter = +_
}

爛
-- 
Lead me not into temptation, I can find the way.

Re: recipient delimiters

[@lbutlr via dovecot]

On 18 Jun 2019, at 15:03, @lbutlr via dovecot  wrote:
> I don’t see a way to tell dovecot what delimiters to use, and it appears it 
> is still using a single delimiter only despite postfix having added support 
> for more than one years ago.

Ideas?

-- 
Lead me not into temptation, I can find the way.

Re: IMAP IDLE

[@lbutlr via dovecot]

On 19 Jun 2019, at 16:11, Jorge Bastos via dovecot  wrote:
> root@fastmail:/etc/dovecot# doveconf |grep -i idle
> default_idle_kill = 1 mins
> imap_idle_notify_interval = 2 mins
> imapc_max_idle_time = 29 mins
> mailbox_idle_check_interval = 30 secs

I have: 
default_idle_kill = 1 mins
director_ping_idle_timeout = 30 secs
imap_idle_notify_interval = 2 mins
imapc_max_idle_time = 29 mins
mailbox_idle_check_interval = 30 secs

[ A lot of idle_kill = ]

submission_relay_max_idle_time = 29 mins

(none of these are in doveconf -n)

What version of dovecot are you running?

-- 
Lead me not into temptation, I can find the way.

Re: Problem syncing mail with IMAP

[@lbutlr via dovecot]

On 19 Jun 2019, at 12:17, Odhiambo Washington via dovecot  
wrote:
> I am seeing the following errors in my logs, which I believe are preventing 
> Outlook from syncing.
> How do I solve these?

Have you rebuilt the index files?

The simplest and surest way is to stop dovecot, move the index files aside, and 
restart dovecot.

dovecot.index
dovecot.index.cache
dovecot.index.log

You could start with just the dovecot.index.cache, but usually it is simpler to 
just force dovecot to rebuild the indexes.

If this is a persistent problem, then you need to figure out why things are 
wonky (like, are you storing the indexes and/or mail on a network share?).

If things go badly, replace the index files you moved.

I think that maybe 

# doveadm index -A “*” 

will rebuilt the indexes without stopping dovecot, but I will wait for someone 
to correct me on that.

-- 
Updated to be PRCE compatible after 400 years: /(bb|[^b]{2})/

Re: User listing returned failure with -A

[@lbutlr via dovecot]

On 19 Jun 2019, at 08:33, Aki Tuomi via dovecot  wrote:
> Dovecot uses auth process to collect users, so maybe look at your iterate 
> query? https://wiki.dovecot.org/AuthDatabase/SQL#User_iteration

Yeah, didn’t have one of those.  ¯\_(ツ)_/¯ 

iterate_query = select username from mailbox

Seem to have sorted that out, thank you.

-- 
The Nixon I remembered was absolutely humorless; I couldn't imagine
him laughing at anything except maybe a paraplegic who wanted to vote
Democratic but couldn't quite reach the lever on the voting machine.
 - Hunter S Thompson

Re: User listing returned failure with -A

[@lbutlr via dovecot]

On 19 Jun 2019, at 00:42, Aki Tuomi via dovecot  wrote:
> Your userdb does not support listing, check dovecot logs, the error will
> not be reported by doveadm.

sqlpool(mysql): Query failed, retrying: Table 'postfix.users' doesn't exist

Well, that is true, there is no users table, the table is ‘mailbox’ and the 
field is ‘username'

Any way yo tell doveadm what to look for?



-- 
*** AgentSmith sets mode: +m

Re: Converting mdbox to mbox/MailDir

[@lbutlr via dovecot]

On 18 Jun 2019, at 20:46, Adam Raszkiewicz  wrote:
> maildir -> mdbox it is maildir to mdbox conversion when I'm looking something 
> opposite: mdbox -> maildir

Please go back and read all the words in my previous reply.

-- 
Lead me not into temptation, I can find the way.

User listing returned failure with -A

[@lbutlr via dovecot]

First, I archive the old messages in the INBOX on my list account

 # doveadm -Dv move -u krem...@kreme.com Archive mailbox INBOX BEFORE 90d   

   Debug: Loading modules from directory: 
/usr/local/lib/dovecot/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: Undefined symbol 
"acl_user_module" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: Undefined symbol 
"expire_set_lookup" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: Undefined symbol 
"quota_user_module" (this is usually intentional, so just ignore this message)
Debug: Module loaded: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: Undefined symbol 
"fts_filter_filter" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: Undefined 
symbol "mail_crypt_user_get_public_key" (this is usually intentional, so just 
ignore this message)
doveadm(krem...@kreme.com)<64937><>: Debug: auth USER input: krem...@kreme.com 
uid=89 gid=89 
mail_location=maildir:/usr/local/virtual/krem...@kreme.com/Maildir 
mail=maildir:/usr/local/virtual/krem...@kreme.com/Maildir 
home=/usr/local/virtual/krem...@kreme.com/
doveadm(krem...@kreme.com)<64937><>: Debug: Added userdb setting: 
mail=maildir:/usr/local/virtual/krem...@kreme.com/Maildir
doveadm(krem...@kreme.com)<64937><>: Debug: Added userdb setting: 
mail_location=maildir:/usr/local/virtual/krem...@kreme.com/Maildir
doveadm(krem...@kreme.com): Debug: Effective uid=89, gid=89, 
home=/usr/local/virtual/krem...@kreme.com/
doveadm(krem...@kreme.com): Debug: Namespace inbox: type=private, prefix=, 
sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:/usr/local/virtual/krem...@kreme.com/Maildir
doveadm(krem...@kreme.com): Debug: maildir++: 
root=/usr/local/virtual/krem...@kreme.com/Maildir, index=, indexpvt=, control=, 
inbox=/usr/local/virtual/krem...@kreme.com/Maildir, alt=
doveadm(krem...@kreme.com): Debug: Mailbox Archive: Mailbox opened because: move
doveadm(krem...@kreme.com): Debug: Mailbox INBOX: Mailbox opened because: move

OK. that went well, how about all users now?

 # doveadm -Dv move -A Archive mailbox INBOX BEFORE 90d 

   Debug: Loading modules from directory: 
/usr/local/lib/dovecot/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so: Undefined symbol 
"acl_user_module" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: Undefined symbol 
"expire_set_lookup" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: Undefined symbol 
"quota_user_module" (this is usually intentional, so just ignore this message)
Debug: Module loaded: 
/usr/local/lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: Undefined symbol 
"fts_filter_filter" (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: 
/usr/local/lib/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: Undefined 
symbol "mail_crypt_user_get_public_key" (this is usually intentional, so just 
ignore this message)
Error: User listing returned failure

doveadm: Error: Failed to iterate through some users

Ok, so I try the following:

 # cd /usr/local/virtual && for i in *; do doveadm move -u $i  Archive mailbox 
INBOX BEFORE 90d; done 

And that works fine.

Everything is the same up until the Error but since nothing else is logged, 
where do I go from here?

-- 
There are strange things done in the midnight sun/By the men who moil
for gold; The Arctic trails have their secret tales/That would make your
blood run cold; The Northern Lights have seen queer sights,/But the
queerest they ever did see Was the night on the marge of Lake Lebarge/
When I cremated Sam McGee

Re: Converting mdbox to mbox/MailDir

[@lbutlr via dovecot]

On 18 Jun 2019, at 20:04, Adam Raszkiewicz via dovecot  
wrote:
> 
> On 6/18/19, 9:59 PM, "dovecot on behalf of @lbutlr via dovecot" 
>  wrote:
>> On 18 Jun 2019, at 15:18, Benny Pedersen via dovecot  
>> wrote:
>> @lbutlr via dovecot skrev den 2019-06-18 23:06:
>>> On 18 Jun 2019, at 14:32, Adam Raszkiewicz via dovecot
>>>  wrote:
>>>> Is there any way to convert Dovecot's mdbox/dbox to mbox, MailDir or eml 
>>>> format (or any other easy to import format)?
>>> https://wiki.dovecot.org/Migration/MailFormat
>>> page error python update that failed ?
>><https://is.gd/ZmfHY9>
> 
> I saw that before but there is only maildir -> mdbox but not mdbox -> maildir

maildir -> mdbox migration. Set mail_location=mdbox:~/mdbox and run dsync -u 
username mirror maildir:~/Maildir

Seems that the opposite of that might be a possible solution? I mean, I would 
try it myself.

Do it on backups, of course.

Also, please don’t top-post, it makes fixing these messages very annoying.


-- 
Lead me not into temptation, I can find the way.

Re: Help on CRAM-MD5

[@lbutlr via dovecot]

> On 18 Jun 2019, at 16:56, Shaun Johnson via dovecot  
> wrote:
> 
> On Tue, 18 Jun 2019 16:41:06 -0600
> "@lbutlr via dovecot"  wrote:
> 
>> What is the reason for wanting to enable CRAM-MD5? That was intended
>> to use on unsecured connections; you should not be allowing
>> authentication on unsecured connections in 2019.
>> 
>> Establish a secure submission on port 587 or smtps on 465 and do not
>> use CRAM-MD5 at all.
>> 
> 
> Possibly a backwards compatibility thing?

I don’t see how, it should never have been enabled on a secure connection, so 
there’s nothing to be compatible with.

> For a while iPhones wanted to default to CRAM-MD5 as well…

Only for insecure connections as I recall.

I can’t think of any reason for using CRAM-MD5 with STARTTLS on submission or 
secured smtps. YMMV, but it offers absolutely no advantage to secure 
authentication.


-- 
All our loves are first loves

Re: Help on CRAM-MD5

[@lbutlr via dovecot]

On 18 Jun 2019, at 16:04, Jorge Bastos via dovecot  wrote:
> I'm using dovecot and mysql users, and i'm creating the password with:
> 
> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))

Why not just use the builtin tool in dovecot?

doveadm pw -s SHA256-CRYPT  -p ‘password[goes]here!’

(or SHA512-CRYPT in your case, I guess).

> So far so good, everything's fine.
> Today saw that i didn't enabled CRAM-MD5

Why would you?

> , but if I do, and the (at least)
> IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't
> authenticate.
> What am i doing wrong, or that can be done so that all types work (SASL
> PLAIN LOGIN + CRAM-MD5)?

What is the reason for wanting to enable CRAM-MD5? That was intended to use on 
unsecured connections; you should not be allowing authentication on unsecured 
connections in 2019.

Establish a secure submission on port 587 or smtps on 465 and do not use 
CRAM-MD5 at all.


-- 
"Part of the inhumanity of the computer is that, once it is competently
programmed and working smoothly, it is completely honest." - Isaac
Asimov

Re: Converting mdbox to mbox/MailDir

[@lbutlr via dovecot]

> On 18 Jun 2019, at 15:18, Benny Pedersen via dovecot  
> wrote:
> 
> @lbutlr via dovecot skrev den 2019-06-18 23:06:
>> On 18 Jun 2019, at 14:32, Adam Raszkiewicz via dovecot
>>  wrote:
>>> Is there any way to convert Dovecot's mdbox/dbox to mbox, MailDir or eml 
>>> format (or any other easy to import format)?
>> https://wiki.dovecot.org/Migration/MailFormat
> 
> page error python update that failed ?

<https://www.google.com/search?safe=off=safari=hp=wVYJXd-zAamC0wL5qZLwCw=https%3A%2F%2Fwiki.dovecot.org%2FMigration%2FMailFormat=https%3A%2F%2Fwiki.dovecot.org%2FMigration%2FMailFormat_l=psy-ab.12..33i160l3.18745.18745..27580...0.0..0.162.333.2j1..01..gws-wiz.0.cdoJgBaH5Wg>

or 

<https://is.gd/ZmfHY9>

Click the down triangle and choose “Cached”

Re: Converting mdbox to mbox/MailDir

[@lbutlr via dovecot]

On 18 Jun 2019, at 14:32, Adam Raszkiewicz via dovecot  
wrote:
> Is there any way to convert Dovecot's mdbox/dbox to mbox, MailDir or eml 
> format (or any other easy to import format)?

https://wiki.dovecot.org/Migration/MailFormat

recipient delimiters

[@lbutlr via dovecot]

Since many broken websites and idiot companies will not allow a ‘+’ in an email 
address, I have long used two delimiters in postfix:

recipient_delimiter = +_

However, now that dovecot is handling verification for postfix via 
reject_unverified_recipient, dovecot complains about any address using an _ as 
a delimiter.

I don’t see a way to tell dovecot what delimiters to use, and it appears it is 
still using a single delimiter only despite postfix having added support for 
more than one years ago.

Anything that I can do in dovecot to 1) validate these emails and 2) treat 
user_extension the same as user+extension at delivery?


-- 
Love is like oxygen / You get too much / you get too high / Not enough
and you're gonna die