Migrate Dovecot 2.0.16 (mbox) to Dovecot 2.3.16 (MaiDir) and preserve POP UIDs
Already done a first migration using imapsync Good result, but there is the POP3 UIDs problem. Searching online give a Tried to understand the instructions on: https://doc.dovecot.org/settings/plugin/pop3-migration-plugin/? with limited comprension results (the link in the page is to the old wiki). Searching online give more confusion ... I am obviouly interested to resync the INBOX with somethig that give to clients the old UIDs so they don't re-download all messages in the inbox as duplicates into their mailbox. I suppose I can do: doveadm -v expunge -u mailbox INBOX all rm dovecot* in the Maildir folder doveadm force-resync -u INBOX then use dsync to migrate the INBOX Here I need some hints to how setup it and wich syntax use. If useful I can copy or mount the /var/mail/ folder of the old server that contains the users INBOX to the new server. Thanks, B. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: master-users problem
On Sat, 20 Jan 2024, Andreas Haerter wrote:
Hi Barbara,
On 13.12.23 15:08, Barbara M. wrote:
passdb {
args = /etc/dovecot/master-users
Correct me if I am wrong, but IIRC, these files are read after privileges are
dropped... so quick guess: is the file readable by the service user itself?
Default config from the distro rpm (RL9), was:
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
pass = yes
}
I solved my problem with this config:
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/master-users
master = yes
result_success = continue
}
passdb {
driver = shadow
}
userdb {
driver = passwd
}
that I get from the dovecot doc.
I'm not a dovecot configuration expert, so I don't understand exactly
how the added sections interact in the config, but this solved my problem
(hoping that I haven't created other problems that I don't see at the
moment ... ;-) ).
Thanks, B.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: master-users problem
On Sat, 23 Dec 2023, Noel Butler via dovecot wrote:
Hi Barbara,
On 14/12/2023 00:08, Barbara M. wrote:
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
result_success = continue
}
try replacing result_success with
pass = yes
Thanks for replay.
Already tried without success.
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
#result_success = continue
pass = yes
}
Anyway, tried again using a test user box3 and next with master user aa33:
]# telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user box3
+OK
pass *
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
# telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user box3*aa33
+OK
pass
-ERR [AUTH] Authorization failed
quit
+OK Logging out
Connection closed by foreign host.
In the enabled log I have:
Dec 24 15:54:15 pop3-login: Info: Login: user=, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, mpid=1282414, secured, session=<59mCn0INEIh/AAAB>
Dec 24 15:54:19 pop3(box3)<1282414><59mCn0INEIh/AAAB>: Info: Disconnected:
Logged out top=0/0, retr=0/0, del=0/774, size=328796462
Dec 24 15:54:44 auth: Info: Master user logging in as box3
Dec 24 15:54:46 auth-worker(1282411): Info: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<4>: pam(box3,127.0.0.1,oUINxMh/AAAB>): pam_authenticate() failed: Authentication failure
(Password mismatch?) (given password: XX)
Dec 24 15:54:51 pop3-login: Info: Disconnected: Aborted login by logging
out (authorization failed, 1 attempts in 7 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured,
session=
The master user was copied from the old server and also created with the
syntax:
htpasswd -b -c -s passwd.masterusers aa33
And I have a row like:
aa33:{SHA}jWMl8Ye1yJr+5Y5bo=
in the file /etc/dovecot/master-users
If useful (hoping I have extraced valuable info), I report below the debug
log:
Dec 24 15:54:15 auth: Debug: client in: AUTH1 PLAIN
service=pop3secured session=59mCn0INEIh/AAABlip=127.0.0.1 rip=127.0.0.1 lport=110 rport=34832
resp=AGJveDMAMS1DYXNpbm80NS5hcGY= (previous base64 data may contain sensitive data)
Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing
passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<2>: Handling PASSV request
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97):
auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup service=dovecot
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): #1/1 style=1 msg=Password:
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<2>: Finished
Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished
passdb lookup
Dec 24 15:54:15 auth: Debug: auth(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Auth
request finished
Dec 24 15:54:15 auth: Debug: client passdb out: OK 1 user=box3
Dec 24 15:54:15 auth: Debug: master in: REQUEST 2573860865 1282408 1
a3c5e0293a186740512d8f0033e971a1session_pid=1282414
Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>):
Performing userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<3>: Handling USER request
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97):
auth-worker<3>: passwd(box3,127.0.0.1,<
59mCn0INEIh/AAAB>): Performing userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker
(pid=1282053,uid=97): auth-worker<3>: Finished
Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>):
Finished userdb lookup
Dec 24 15:54:15 auth: Debug: master userdb out: USER2573860865 box3
system_groups_u
master-users problem
I am trying to activate master-users as usual but seems in this case I am
doing something wrong and I can't have it working.
It is a Rocky Linux 9.x (in Proxmox CT), installed with virtualmin and
using system users:
# doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 6.5.11-4-pve x86_64 Rocky Linux release 9.3 (Blue Onyx)
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
first_valid_uid = 1000
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
result_success = continue
}
passdb {
driver = pam
}
protocols = imap pop3
ssl = required
ssl_cert =
RE: migration from 2.0.16
On Thu, 17 Dec 2020, Marc Roos wrote: I would not choose centos 8 it has EOL < than centos7. IBM is pulling the plug on the centos distribution, and makes it more or less a beta for the rhel. Thus centos7 and then you have a few years to decide what to choose. Enough to go to full containerized eg. ;) We own the servers and use CT (LXC). The IBM move is clear, but going to C7 today seems to me not a good choice. It is in its descending stage and in a couple of years packages are going to became very outdated. If RH8 remain "open source" I suppose the community or some interested medium level company that use CentOS for their business can became a new CentOS and switch to a different named distro is supposed to be only a question of replace repositories. That seems to me a smoother path (IMHO). Debian 10 is EOL on 2022 Ubuntu LTS seems a solution, but I hadn't ever used it (I may be wrong, but in the past Canonical don't inspire me to much trust). Other options (not too "exotic")? You do not need to rsync, dovecot can sync messages. I am just in the process of migrating a server from a different network to a different mailbox format. My approach was to create an 'archive' namespace on shared slower but distributed storage so I do not have to move to much data. I am studying the situation, but there are many variables and the old age of the source server probably meke it more complex. And I am not a dovecot expert ... Thanks, B.
RE: migration from 2.0.16
On Thu, 17 Dec 2020, Aki Tuomi wrote:
I would recommend using dsync migration to get rid of mbox format. We no longer
develop that format, and bugs are limited to reading mbox format.
Ok, but I assume that dovecot 2.3.x still support mbox? (just in case the
mbox --> MailDir migration give more problems than expected expecially
with POP3 UIDL)
I would also recommend using master password / master user login with doveadm
sync, and do the synchronization over imapc: to get the data safely migrated to
your new system.
You should use
doveadm sync -u user backup -R imapc:
on the new server to pull the data from old server. See
https://wiki.dovecot.org/Migration/Dsync for more details.
Ok, but My old server is 2.0.16.
The suggested URL say: "You need Dovecot v2.1.4+ for this."
I can't understand if it refers to source or destination server
I tried to activate master password / master user, but I get:
# telnet 0 143
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login USER*MASTER MASTERPWD
a NO [AUTHENTICATIONFAILED] Authentication failed.
Nothing in dovecot.[log|info.log]
(real user/pwd replaced)
/etc/dovecot/passwd.masterusers created using htpasswd ...
tried with standard pwd created by htpasswd or replacing the encrypted
pwd with a know passwd form /etc/shadow.
My current dovecot -n :
# 2.0.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-48-pve x86_64 CentOS release 6.10 (Final)
auth_mechanisms = plain login
default_client_limit = 3000
default_process_limit = 500
disable_plaintext_auth = no
info_log_path = /var/log/mail/dovecot.info.log
log_path = /var/log/mail/dovecot.log
mail_full_filesystem_access = yes
mail_location = mbox:~/:INBOX=/var/mail/%u
mbox_read_locks = dotlock fcntl
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
protocols = imap pop3
service imap {
process_limit = 512
}
service pop3 {
process_limit = 1024
}
ssl_cert = ssl_cipher_list =
ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM
ssl_key =
migration from 2.0.16
I have an old server with CentOS 6.x and dovecot 2.0.16 (postfix-2.6.6 and roundcube), that was an update from a 1.x many years ago ... Users in /etc/passwd Mailbox format mbox some filtering via procmail About 5.000 users, 1 TB data (/var/mail + /home/users) Obviously I am searching for a smooth upgrade path (with no or minimal downtime and users problems) ;-) Until few days ago my idea was a CentOS 8.x new box with the standard default packages (dovecot-2.3.8, postfix-3.3, ...). Now this can be reconsidered. I suppose there will be a RockyLinux or something equivalent but if there is a good reason I can consider Debian or other OS if they have a decent EOL or some advantages. Anyway, the more relevant problem at the moment is collect info for the best approch to have a smooth dovecot upgrade. My dream is the possibility to configure a new server and rsync the data (/var/mail + /home/users), and, when the tests are satisfiable do the final sync and swap the IP, but I suppose deleting the .imap folders isn't a simple complete solution to compatibility problems. Any hints, links, experiences are appreciated. Thanks, B.
