Migrate Dovecot 2.0.16 (mbox) to Dovecot 2.3.16 (MaiDir) and preserve POP UIDs
Already done a first migration using imapsync Good result, but there is the POP3 UIDs problem. Searching online give a Tried to understand the instructions on: https://doc.dovecot.org/settings/plugin/pop3-migration-plugin/? with limited comprension results (the link in the page is to the old wiki). Searching online give more confusion ... I am obviouly interested to resync the INBOX with somethig that give to clients the old UIDs so they don't re-download all messages in the inbox as duplicates into their mailbox. I suppose I can do: doveadm -v expunge -u mailbox INBOX all rm dovecot* in the Maildir folder doveadm force-resync -u INBOX then use dsync to migrate the INBOX Here I need some hints to how setup it and wich syntax use. If useful I can copy or mount the /var/mail/ folder of the old server that contains the users INBOX to the new server. Thanks, B. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: master-users problem
On Sat, 20 Jan 2024, Andreas Haerter wrote: Hi Barbara, On 13.12.23 15:08, Barbara M. wrote: passdb { args = /etc/dovecot/master-users Correct me if I am wrong, but IIRC, these files are read after privileges are dropped... so quick guess: is the file readable by the service user itself? Default config from the distro rpm (RL9), was: passdb { driver = passwd-file master = yes args = /etc/dovecot/master-users pass = yes } I solved my problem with this config: auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/master-users master = yes result_success = continue } passdb { driver = shadow } userdb { driver = passwd } that I get from the dovecot doc. I'm not a dovecot configuration expert, so I don't understand exactly how the added sections interact in the config, but this solved my problem (hoping that I haven't created other problems that I don't see at the moment ... ;-) ). Thanks, B. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: master-users problem
On Sat, 23 Dec 2023, Noel Butler via dovecot wrote: Hi Barbara, On 14/12/2023 00:08, Barbara M. wrote: passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes result_success = continue } try replacing result_success with pass = yes Thanks for replay. Already tried without success. passdb { driver = passwd-file master = yes args = /etc/dovecot/master-users #result_success = continue pass = yes } Anyway, tried again using a test user box3 and next with master user aa33: ]# telnet 0 110 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK Dovecot ready. user box3 +OK pass * +OK Logged in. quit +OK Logging out. Connection closed by foreign host. # telnet 0 110 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK Dovecot ready. user box3*aa33 +OK pass -ERR [AUTH] Authorization failed quit +OK Logging out Connection closed by foreign host. In the enabled log I have: Dec 24 15:54:15 pop3-login: Info: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1282414, secured, session=<59mCn0INEIh/AAAB> Dec 24 15:54:19 pop3(box3)<1282414><59mCn0INEIh/AAAB>: Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/774, size=328796462 Dec 24 15:54:44 auth: Info: Master user logging in as box3 Dec 24 15:54:46 auth-worker(1282411): Info: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<4>: pam(box3,127.0.0.1,oUINxMh/AAAB>): pam_authenticate() failed: Authentication failure (Password mismatch?) (given password: XX) Dec 24 15:54:51 pop3-login: Info: Disconnected: Aborted login by logging out (authorization failed, 1 attempts in 7 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session= The master user was copied from the old server and also created with the syntax: htpasswd -b -c -s passwd.masterusers aa33 And I have a row like: aa33:{SHA}jWMl8Ye1yJr+5Y5bo= in the file /etc/dovecot/master-users If useful (hoping I have extraced valuable info), I report below the debug log: Dec 24 15:54:15 auth: Debug: client in: AUTH1 PLAIN service=pop3secured session=59mCn0INEIh/AAABlip=127.0.0.1 rip=127.0.0.1 lport=110 rport=34832 resp=AGJveDMAMS1DYXNpbm80NS5hcGY= (previous base64 data may contain sensitive data) Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing passdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: Handling PASSV request Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing passdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup service=dovecot Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): #1/1 style=1 msg=Password: Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished passdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<2>: Finished Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished passdb lookup Dec 24 15:54:15 auth: Debug: auth(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Auth request finished Dec 24 15:54:15 auth: Debug: client passdb out: OK 1 user=box3 Dec 24 15:54:15 auth: Debug: master in: REQUEST 2573860865 1282408 1 a3c5e0293a186740512d8f0033e971a1session_pid=1282414 Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing userdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<3>: Handling USER request Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,< 59mCn0INEIh/AAAB>): Performing userdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished userdb lookup Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): auth-worker<3>: Finished Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished userdb lookup Dec 24 15:54:15 auth: Debug: master userdb out: USER2573860865 box3 system_groups_u
master-users problem
I am trying to activate master-users as usual but seems in this case I am doing something wrong and I can't have it working. It is a Rocky Linux 9.x (in Proxmox CT), installed with virtualmin and using system users: # doveconf -n # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # OS: Linux 6.5.11-4-pve x86_64 Rocky Linux release 9.3 (Blue Onyx) auth_master_user_separator = * auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 1000 mail_location = maildir:~/Maildir mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes result_success = continue } passdb { driver = pam } protocols = imap pop3 ssl = required ssl_cert =
RE: migration from 2.0.16
On Thu, 17 Dec 2020, Marc Roos wrote: I would not choose centos 8 it has EOL < than centos7. IBM is pulling the plug on the centos distribution, and makes it more or less a beta for the rhel. Thus centos7 and then you have a few years to decide what to choose. Enough to go to full containerized eg. ;) We own the servers and use CT (LXC). The IBM move is clear, but going to C7 today seems to me not a good choice. It is in its descending stage and in a couple of years packages are going to became very outdated. If RH8 remain "open source" I suppose the community or some interested medium level company that use CentOS for their business can became a new CentOS and switch to a different named distro is supposed to be only a question of replace repositories. That seems to me a smoother path (IMHO). Debian 10 is EOL on 2022 Ubuntu LTS seems a solution, but I hadn't ever used it (I may be wrong, but in the past Canonical don't inspire me to much trust). Other options (not too "exotic")? You do not need to rsync, dovecot can sync messages. I am just in the process of migrating a server from a different network to a different mailbox format. My approach was to create an 'archive' namespace on shared slower but distributed storage so I do not have to move to much data. I am studying the situation, but there are many variables and the old age of the source server probably meke it more complex. And I am not a dovecot expert ... Thanks, B.
RE: migration from 2.0.16
On Thu, 17 Dec 2020, Aki Tuomi wrote: I would recommend using dsync migration to get rid of mbox format. We no longer develop that format, and bugs are limited to reading mbox format. Ok, but I assume that dovecot 2.3.x still support mbox? (just in case the mbox --> MailDir migration give more problems than expected expecially with POP3 UIDL) I would also recommend using master password / master user login with doveadm sync, and do the synchronization over imapc: to get the data safely migrated to your new system. You should use doveadm sync -u user backup -R imapc: on the new server to pull the data from old server. See https://wiki.dovecot.org/Migration/Dsync for more details. Ok, but My old server is 2.0.16. The suggested URL say: "You need Dovecot v2.1.4+ for this." I can't understand if it refers to source or destination server I tried to activate master password / master user, but I get: # telnet 0 143 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a login USER*MASTER MASTERPWD a NO [AUTHENTICATIONFAILED] Authentication failed. Nothing in dovecot.[log|info.log] (real user/pwd replaced) /etc/dovecot/passwd.masterusers created using htpasswd ... tried with standard pwd created by htpasswd or replacing the encrypted pwd with a know passwd form /etc/shadow. My current dovecot -n : # 2.0.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-48-pve x86_64 CentOS release 6.10 (Final) auth_mechanisms = plain login default_client_limit = 3000 default_process_limit = 500 disable_plaintext_auth = no info_log_path = /var/log/mail/dovecot.info.log log_path = /var/log/mail/dovecot.log mail_full_filesystem_access = yes mail_location = mbox:~/:INBOX=/var/mail/%u mbox_read_locks = dotlock fcntl passdb { driver = pam } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } protocols = imap pop3 service imap { process_limit = 512 } service pop3 { process_limit = 1024 } ssl_cert = ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM ssl_key =
migration from 2.0.16
I have an old server with CentOS 6.x and dovecot 2.0.16 (postfix-2.6.6 and roundcube), that was an update from a 1.x many years ago ... Users in /etc/passwd Mailbox format mbox some filtering via procmail About 5.000 users, 1 TB data (/var/mail + /home/users) Obviously I am searching for a smooth upgrade path (with no or minimal downtime and users problems) ;-) Until few days ago my idea was a CentOS 8.x new box with the standard default packages (dovecot-2.3.8, postfix-3.3, ...). Now this can be reconsidered. I suppose there will be a RockyLinux or something equivalent but if there is a good reason I can consider Debian or other OS if they have a decent EOL or some advantages. Anyway, the more relevant problem at the moment is collect info for the best approch to have a smooth dovecot upgrade. My dream is the possibility to configure a new server and rsync the data (/var/mail + /home/users), and, when the tests are satisfiable do the final sync and swap the IP, but I suppose deleting the .imap folders isn't a simple complete solution to compatibility problems. Any hints, links, experiences are appreciated. Thanks, B.