Re: Bug: Shared Mailbox - Case Sensitivity
Am I missing something, or might this be a bug as it seems to me? Am 16.09.16 um 14:21 schrieb Leander Schäfer: Hi Aki, Thanks for your advice. Yes, I'm aware of this. Yet lowercasing should be the default since Dovecot 2.1.x., isn't it? Yet I wouldn't know where exactly to implement this %L, since the ACLs are set through IMAP commands through the users mailclient like Thunderbird. So in other words, the email address to whom the user want to grant ACLs provided by the user's mailclient, has nothing to do with my auth backend where e.g. %u => %Lu would apply. PLease correct me if I'm wrong here. It clearly looks like a bug of the internal processing of the "dovecot-acl-list" files. It simply lacks on a lowercase enforcement in the code, like it already seems to do for the "dovecot-acl" file. Best regards Leander Schäfer Am 16.09.16 um 12:53 schrieb Aki Tuomi: On 16.09.2016 12:54, Leander Schäfer wrote: Hi, unfortunately I found a bug in Dovecot's ACL handling for shared mailboxes. It turns out Dovecot doesn't enforce lower casing the privileged username to whom the mailbox should be shared to. This results in a invalid configuration. Users get confused, since they passed on a valid email address in their ACL setup. /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Spam/dovecot-acl user=leander@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/leander@mydomain.localdomain/maildir/dovecot-acl user=test@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Drafts/dovecot-acl user=Leander@MyDomain.LocalDomain eilrwts ^^ Doesn't work Best regards Leander Schäfer Hi! Did you know you can use %Lu instead of %u to force lowercasing? Aki
Re: acl_group not working not working correctly
Any idea? Am 17.09.16 um 00:44 schrieb Leander Schäfer: Hi, I'm trying to setup group based ACLs coming from OpenLDAP. My setup doesn't require a POSIX Group match. In the Dovecot configuration file I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The user has "public" in the LDAP attribute "mailAclGroups". It seems to get everything right. I checked with doveadm - and I see public ist listed as expected: cat /var/log/debug.log [...] Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK 1 user=leander@mydomain.localdomain acl_groups=public [...] cat /usr/local/etc/dovecot/global-acls INBOX owner lrwstipekxa Drafts owner lrwstipeka Sent owner lrwstipeka Spam owner lrwstipeka Trash owner lrwstipeka Public authenticated l Public group-override=public lrwstipekx Public/* group-override=public lrwstipekx doveadm mailbox list -u leander@mydomain.localdomain Drafts Sent Trash Spam Shared Public Public/Service Center Shared/test@mydomain.localdomain Shared/test@mydomain.localdomain/Drafts Shared/test@mydomain.localdomain/Sent Shared/test@mydomain.localdomain/Trash Shared/test@mydomain.localdomain/Spam INBOX But here comes the strange thing: telnet equal to Thunderbird: . LIST "" "*" * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \Sent) "/" Sent * LIST (\HasNoChildren \Trash) "/" Trash * LIST (\HasNoChildren \Junk) "/" Spam * LIST (\Noselect \HasChildren) "/" Shared * LIST (\HasChildren) "/" Shared/test@mydomain.localdomain * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Drafts * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Sent * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Trash * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Spam * LIST (\HasNoChildren) "/" INBOX . OK List completed (0.000 + 0.000 + 0.092 secs). Public and Public/* shoul be listed as well, but it isn't. Any idea why it is behaving like this? Thanks Best regards Leander Schäfer
Re: BUG - DELETE Public/Folder not working with Thunderbird
Alright. Thank you Am 17.09.16 um 17:20 schrieb Anton Yuzhaninov: On 2016-09-16 16:13, Leander Schäfer wrote: Thank you very much for your helpful hint. Thunderbird clearly wants to move Public/Test to the Trash of the user who subscribed the Public folder. Question is how to solve this from a Dovecot point of a view, so a user can also delete folders? 31432704[11f53e080]: 1f581800:192.168.10.52:A:SendData: 17 rename "Public/Test" "Trash/Test" 31432704[11f53e080]: ReadNextLine [stream=2ac7e870 nb=91 needmore=0] 31432704[11f53e080]: 1f581800:192.168.10.52:A:CreateNewLineFromSocket: 17 NO [CANNOT] Renaming not supported across non-private namespaces (0.000 + 0.000 secs). I don't sure something can be done by dovecot in this situation. You have to try workarounds in Thunderbird: http://kb.mozillazine.org/IMAP_folder_cannot_be_deleted I personally think, that MUA should delete folder (not rename) if folder is empty.
acl_group not working not working correctly
Hi, I'm trying to setup group based ACLs coming from OpenLDAP. My setup doesn't require a POSIX Group match. In the Dovecot configuration file I have this: "user_attrs = [...], mailAclGroups=acl_groups" as well as "acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300". The user has "public" in the LDAP attribute "mailAclGroups". It seems to get everything right. I checked with doveadm - and I see public ist listed as expected: cat /var/log/debug.log [...] Sep 16 23:39:04 WM-01 dovecot: auth: Debug: client passdb out: OK 1 user=leander@mydomain.localdomain acl_groups=public [...] cat /usr/local/etc/dovecot/global-acls INBOX owner lrwstipekxa Drafts owner lrwstipeka Sent owner lrwstipeka Spam owner lrwstipeka Trash owner lrwstipeka Public authenticated l Public group-override=public lrwstipekx Public/* group-override=public lrwstipekx doveadm mailbox list -u leander@mydomain.localdomain Drafts Sent Trash Spam Shared Public Public/Service Center Shared/test@mydomain.localdomain Shared/test@mydomain.localdomain/Drafts Shared/test@mydomain.localdomain/Sent Shared/test@mydomain.localdomain/Trash Shared/test@mydomain.localdomain/Spam INBOX But here comes the strange thing: telnet equal to Thunderbird: . LIST "" "*" * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \Sent) "/" Sent * LIST (\HasNoChildren \Trash) "/" Trash * LIST (\HasNoChildren \Junk) "/" Spam * LIST (\Noselect \HasChildren) "/" Shared * LIST (\HasChildren) "/" Shared/test@mydomain.localdomain * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Drafts * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Sent * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Trash * LIST (\HasNoChildren) "/" Shared/test@mydomain.localdomain/Spam * LIST (\HasNoChildren) "/" INBOX . OK List completed (0.000 + 0.000 + 0.092 secs). Public and Public/* shoul be listed as well, but it isn't. Any idea why it is behaving like this? Thanks Best regards Leander Schäfer
Re: BUG - DELETE Public/Folder not working with Thunderbird
Hi Anton,
Thank you very much for your helpful hint. Thunderbird clearly wants to
move Public/Test to the Trash of the user who subscribed the Public
folder. Question is how to solve this from a Dovecot point of a view, so
a user can also delete folders?
2020200448[10053c700]: proposed url = Public/Test folder for connection
INBOX has To Wait = FALSE can run = FALSE
2020200448[10053c700]: proposed url = Public/Test folder for connection
Public/Test has To Wait = FALSE can run = TRUE
31432704[11f53e080]: 1f581800:192.168.10.52:S-Public/Test:SendData: DONE
31432704[11f53e080]: ReadNextLine [stream=2ac7e870 nb=52 needmore=0]
31432704[11f53e080]:
1f581800:192.168.10.52:S-Public/Test:CreateNewLineFromSocket: 14 OK Idle
completed (0.001 + 6.435 + 6.434 secs).
31432704[11f53e080]:
1f581800:192.168.10.52:S-Public/Test:ProcessCurrentURL: entering
31432704[11f53e080]:
1f581800:192.168.10.52:S-Public/Test:ProcessCurrentURL:imap://leander%40mydomain%2Elocaldomain@192.168.10.52:143/movefolderhierarchy%3E%5EPublic/Test%3E%5ETrash:
= currentUrl
31432704[11f53e080]: 1f581800:192.168.10.52:S-Public/Test:SendData: 15
list (subscribed) "" "Public/Test/*" return (special-use)
31432704[11f53e080]: ReadNextLine [stream=2ac7e870 nb=44 needmore=0]
31432704[11f53e080]:
1f581800:192.168.10.52:S-Public/Test:CreateNewLineFromSocket: 15 OK List
completed (0.000 + 0.000 secs).
31432704[11f53e080]: 1f581800:192.168.10.52:S-Public/Test:SendData: 16 close
31432704[11f53e080]: ReadNextLine [stream=2ac7e870 nb=45 needmore=0]
31432704[11f53e080]:
1f581800:192.168.10.52:S-Public/Test:CreateNewLineFromSocket: 16 OK
Close completed (0.000 + 0.000 secs).
31432704[11f53e080]: 1f581800:192.168.10.52:A:SendData: 17 rename
"Public/Test" "Trash/Test"
31432704[11f53e080]: ReadNextLine [stream=2ac7e870 nb=91 needmore=0]
31432704[11f53e080]: 1f581800:192.168.10.52:A:CreateNewLineFromSocket:
17 NO [CANNOT] Renaming not supported across non-private namespaces
(0.000 + 0.000 secs).
Best regards
Leander Schäfer
Am 16.09.16 um 21:33 schrieb Anton Yuzhaninov:
On 2016-09-16 15:20, Leander Schäfer wrote:
Unfortunately it looks like the parameter: "imap_client_workarounds =
tb-extra-mailbox-sep" does not work. Neither inside nor outside
"protocol imap {}" configuration section. ACLs are set correctly. Manual
"DELETE Public/Test" via telnet is working as expected. Is this a known
bug?
It will be useful to run Thunderbird with debug log and see which
command Thunderbird sends and how dovecot reply.
Example of script to run TB with debug log:
https://bitbucket.org/snippets/citrin/Bp5Xa
(don't share full log, it contain auth info, search for the command
with error).
BUG - DELETE Public/Folder not working with Thunderbird
Hi,
Unfortunately it looks like the parameter: "imap_client_workarounds =
tb-extra-mailbox-sep" does not work. Neither inside nor outside
"protocol imap {}" configuration section. ACLs are set correctly. Manual
"DELETE Public/Test" via telnet is working as expected. Is this a known bug?
See:
- https://help.ubuntu.com/community/Dovecot#Thunderbird
- http://wiki.dovecot.org/Clients#Thunderbird
# 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.15 (97b3da0)
# OS: FreeBSD 10.3-RELEASE amd64
[...]
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
[...]
namespace {
list = children
location =
maildir:%%h/maildir:INDEX=~/maildir/Shared/%%u:CONTROL=~/maildir/Shared/%%u:INDEXPVT=~/maildir/Shared
prefix = Shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
hidden = no
list = children
location =
maildir:~/../Public:LAYOUT=fs:INDEX=~/../Public:CONTROL=~/../Public:INDEXPVT=~/maildir/Public
prefix = Public/
separator = /
subscriptions = no
type = public
}
[...]
Best regards
Leander Schäfer
Re: Bug: Shared Mailbox - Case Sensitivity
Hi Aki, Thanks for your advice. Yes, I'm aware of this. Yet lowercasing should be the default since Dovecot 2.1.x., isn't it? Yet I wouldn't know where exactly to implement this %L, since the ACLs are set through IMAP commands through the users mailclient like Thunderbird. So in other words, the email address to whom the user want to grant ACLs provided by the user's mailclient, has nothing to do with my auth backend where e.g. %u => %Lu would apply. PLease correct me if I'm wrong here. It clearly looks like a bug of the internal processing of the "dovecot-acl-list" files. It simply lacks on a lowercase enforcement in the code, like it already seems to do for the "dovecot-acl" file. Best regards Leander Schäfer Am 16.09.16 um 12:53 schrieb Aki Tuomi: On 16.09.2016 12:54, Leander Schäfer wrote: Hi, unfortunately I found a bug in Dovecot's ACL handling for shared mailboxes. It turns out Dovecot doesn't enforce lower casing the privileged username to whom the mailbox should be shared to. This results in a invalid configuration. Users get confused, since they passed on a valid email address in their ACL setup. /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Spam/dovecot-acl user=leander@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/leander@mydomain.localdomain/maildir/dovecot-acl user=test@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Drafts/dovecot-acl user=Leander@MyDomain.LocalDomain eilrwts ^^ Doesn't work Best regards Leander Schäfer Hi! Did you know you can use %Lu instead of %u to force lowercasing? Aki
Bug: Shared Mailbox - Case Sensitivity
Hi, unfortunately I found a bug in Dovecot's ACL handling for shared mailboxes. It turns out Dovecot doesn't enforce lower casing the privileged username to whom the mailbox should be shared to. This results in a invalid configuration. Users get confused, since they passed on a valid email address in their ACL setup. /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Spam/dovecot-acl user=leander@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/leander@mydomain.localdomain/maildir/dovecot-acl user=test@mydomain.localdomain eilrwts ^^ works /usr/local/www/default/mail/test@mydomain.localdomain/maildir/.Drafts/dovecot-acl user=Leander@MyDomain.LocalDomain eilrwts ^^ Doesn't work Best regards Leander Schäfer
Re: Content-Enconding
Thank you for your quick feedback. I added it to my plugins in the config. How can I make sure my mailclients are using it? Is there a way to check this like I can check headers with additional Firefox plug-in you may recomment? Kind regards Leander Am 04.12.15 um 15:30 schrieb Michael Slusarz: On 12/4/2015 6:11 AM, Leander Schäfer wrote: With Apache one may use "mod_deflate" in order to reduce bandwidth by using e.g. gzip to compress the http traffic. I would like to use something similar for email traffic between mail clients to dovecote and postfix. My questions are: https://tools.ietf.org/html/rfc4978 michael
Content-Enconding
Hi, With Apache one may use "mod_deflate" in order to reduce bandwidth by using e.g. gzip to compress the http traffic. I would like to use something similar for email traffic between mail clients to dovecote and postfix. My questions are: a) Is this established well enough in most mail clients? b) Can you recomment a good tutorial for this? Thank you very much
Re: imap-login: Fatal: pipe() failed: Too many open files
It turns out, that this errors too many open files ... occurred because a) missing index ATTRIBUTE eq for username and password in slapd.conf as well as b) password attribute was not read properly by dovecot from LDAP - I had to remove it from my schema and instead use userPassword from objectclass: simpleSecurityObject This two changes made the too many open files ... errors disapear. BUT, I still have the problem of receiving all those dovecot: auth: Error: lines in my maillog. I know I could turn them off by reducing debug parameters - but why is it declared as error in the first place - even though user authentication is working fine? Thanks Best Regards, Leander Am 26.01.15 um 12:16 schrieb Leander Schäfer: I also keep on getting funny errors of dovecot EVEN THOUGH I authenticated successfully through SMTP (Dovecto SASL) ?!?! Just for debugging this entire issue I set those parameters: debug_level = -1 auth_verbose = yes auth_verbose_passwords = yes auth_debug = yes auth_debug_passwords = yes mail_debug = yes verbose_ssl = yes cat /var/loca/maillog Jan 26 12:08:22 WM-01 postfix/postfix-script[97931]: starting the Postfix mail system Jan 26 12:08:22 WM-01 postfix/master[97933]: daemon started -- version 1.0, configuration /usr/local/etc/postfix Jan 26 12:08:22 WM-01 dovecot: master: Dovecot v2.2.15 starting up for imap, pop3, lmtp Jan 26 12:08:59 WM-01 postfix/smtpd[99014]: connect from localhost[127.0.0.1] Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_extended_operation_s Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_extended_operation Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_send_initial_request Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_new_connection 1 1 0 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_int_open_connection Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_connect_to_host: TCP 127.0.0.1:389 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_new_socket: 32 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_prepare_socket: 32 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_connect_to_host: Trying 127.0.0.1:389 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_pvt_connect: fd: 32 tm: -1 async: 0 Jan 26 12:08:59 WM-01 dovecot: auth: Error: attempting to connect: Jan 26 12:08:59 WM-01 dovecot: auth: Error: connect success Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_open_defconn: successful Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_send_server_request Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_result ld 0x1245e100 msgid 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: wait4msg ld 0x1245e100 msgid 1 (infinite timeout) Jan 26 12:08:59 WM-01 dovecot: auth: Error: wait4msg continue ld 0x1245e100 msgid 1 all 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ** ld 0x1245e100 Connections: Jan 26 12:08:59 WM-01 dovecot: auth: Error: * host: 127.0.0.1 port: 389 (default) Jan 26 12:08:59 WM-01 dovecot: auth: Error: refcnt: 2 status: Connected Jan 26 12:08:59 WM-01 dovecot: auth: Error: last used: Mon Jan 26 12:08:59 2015 Jan 26 12:08:59 WM-01 dovecot: auth: Error: Jan 26 12:08:59 WM-01 dovecot: auth: Error: Jan 26 12:08:59 WM-01 dovecot: auth: Error: ** ld 0x1245e100 Outstanding Requests: Jan 26 12:08:59 WM-01 dovecot: auth: Error: * msgid 1, origid 1, status InProgress Jan 26 12:08:59 WM-01 dovecot: auth: Error:outstanding referrals 0, parent count 0 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ld 0x1245e100 request count 1 (abandoned 0) Jan 26 12:08:59 WM-01 dovecot: auth: Error: ** ld 0x1245e100 Response Queue: Jan 26 12:08:59 WM-01 dovecot: auth: Error:Empty Jan 26 12:08:59 WM-01 dovecot: auth: Error: ld 0x1245e100 response count 0 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_chkResponseList ld 0x1245e100 msgid 1 all 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_chkResponseList returns ld 0x1245e100 NULL Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_int_select Jan 26 12:08:59 WM-01 dovecot: auth: Error: read1msg: ld 0x1245e100 msgid 1 all 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: read1msg: ld 0x1245e100 msgid 1 message type extended-result Jan 26 12:08:59 WM-01 dovecot: auth: Error: read1msg: ld 0x1245e100 0 new referrals Jan 26 12:08:59 WM-01 dovecot: auth: Error: read1msg: mark request completed, ld 0x1245e100 msgid 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: request done: ld 0x1245e100 msgid 1 Jan 26 12:08:59 WM-01 dovecot: auth: Error: res_errno: 0, res_error: , res_matched: Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_free_request (origid 1, msgid 1) Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_parse_extended_result Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_parse_result Jan 26 12:08:59 WM-01 dovecot: auth: Error: ldap_msgfree Jan 26 12:08:59 WM-01 dovecot: auth: Error: TLS trace: SSL_connect:before/connect initialization Jan 26 12:08:59 WM-01 dovecot: auth: Error: TLS trace: SSL_connect:SSLv2/v3 write client hello A Jan 26 12:08:59 WM-01 dovecot
Postfix , Dovecot the Spam fight
Hi, I'm currently busy with a substiution of my current mail server. I'm currently using * Clam-SMTP and * SpamAssassin to fight Spam. I wonder if it is worth implementing AmaViS with SpamAssassin backend instead and also using AmaViS to speak to clamd directly. But I more and more wonder wether AmaViS is even worth it?! It currently looks to me as if AmaViS is eating LOTS of ressources and it is very uncomfortable for automated installations if you have to do dynamic batch changes on the AmaViS configs - sed(1) is your friend but this hectic escaping and workarrounds is really not sustainable to maintain. So my question is: Does AmaViS have any advantages compared to the current setup? I don't seem to find lots of qualified discussions for this on the net. The AmaViS related articles I found are freaking old. Would be nice the get your best practice as a change. Thanks a lot Best regards Leander
Re: Postfix , Dovecot the Spam fight
Hi Harald puuhh - thank you for your positive feedback. I'm really relieved ;) It's been a pleasure to write batch scripts for configurin SpamAssassin - and it has also been running like a charm the past 6 years. Go to hell AmaViS ! Crap ;) Best regards Leander Am 09.02.15 um 22:33 schrieb Reindl Harald: Am 09.02.2015 um 22:29 schrieb Leander Schäfer: I'm currently busy with a substiution of my current mail server. I'm currently using * Clam-SMTP and * SpamAssassin to fight Spam. I wonder if it is worth implementing AmaViS with SpamAssassin backend instead and also using AmaViS to speak to clamd directly. But I more and more wonder wether AmaViS is even worth it?! It currently looks to me as if AmaViS is eating LOTS of ressources and it is very uncomfortable for automated installations if you have to do dynamic batch changes on the AmaViS configs - sed(1) is your friend but this hectic escaping and workarrounds is really not sustainable to maintain. So my question is: Does AmaViS have any advantages compared to the current setup? I don't seem to find lots of qualified discussions for this on the net. The AmaViS related articles I found are freaking old. Would be nice the get your best practice as a change i don't see advantages but issues if you ask something on the SA list and finally find out that amavis handles configurations different ressource usage is mostly the same, amavis is only the glue the hard work is done anyways by spamassassin and clamav for both milters exists so you can reject spam instead only flag and deliver or even more worse silently discard it - not a real problem with postscreen and RBL scroing in front, happy running here since 2014/08 with zero load even at peaks of 400 junk attempts per minute smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock, unix:/run/clamav-milter/clamav-milter.socket
LDAP: unused uid missing
Does someone know what this means? It looks to me like it got the UID, yet it complains ... ? Also, why does it complain about attributes being unused, yet I use prefetch, so they will be used?! Log: [...] dovecot: auth: Debug: ldap(t...@mydomain.tld,192.168.10.233,Rl2CF+UNhgDAqArp): result: mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 mailQuotaStorage=10240 mailQuotaMessages=20; mailQuotaMessages,mailStorageDirectory,mailUidNumber,mailQuotaStorage,mailGidNumber unused dovecot: auth: Debug: ldap(t...@mydomain.tld,192.168.10.233,Rl2CF+UNhgDAqArp): result: mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 mailQuotaStorage=10240 mailQuotaMessages=20; uid missing [...] As mentioned, I use prefetch, so this is how my dovecot/dovecot-ldap.conf.ext is looking: [...] #user_attrs = mailStorageDirectory=home=%$/%u, mailStorageDirectory=mail=maildir:%$/%u/maildir, mailUidNumber=uid, mailGidNumber=gid, mailQuotaStorage=quota_rule=*:storage=%$, mailQuotaMessages=quota_rule2=*:messages=%$ pass_attrs = uid=user, userPassword=password, mailStorageDirectory=userdb_home=%$/%u, mailStorageDirectory=userdb_mail=maildir:%$/%u/maildir, mailUidNumber=userdb_uid, mailGidNumber=userdb_gid, mailQuotaStorage=userdb_quota_rule=*:storage=%$, mailQuotaMessages=userdb_quota_rule2=*:messages=%$ [...] Thanks
LDAP Quota Limits Warnings
I found this on the dovecot wiki:
The following limit names are supported:
*
*storage*: Quota limit in kilobytes, 0 means unlimited.
*
*bytes*: Quota limit in bytes, 0 means unlimited.
*
*messages*: Quota limit in number of messages, 0 means unlimited.
This probably isn't very useful.
*
*backend*: Quota backend-specific limit configuration.
*
*ignore*: Don't include the specified mailbox in quota at all.
As I understood it, all 5 limit categories are valid to use with maildir
format while only storage and messages are valid to use with dmbox
format, right?
Also the ignore limit may appear more than one time for a user - like
Trash:ignore and Spam:ignore, right?
So I assumed following should work - and it does - except for ignore -
even though LDAP does not hold multiple values for it - only a single
one for each limit:
user_attrs = [...] mailQuotaStorage=quota_rule=*:storage=%$,
mailQuotaMessages=quota_rule2=*:messages=%$,
mailQuotaIgnore=quota_rule3=*:ignore=%$
pass_attrs = [...] mailQuotaStorage=userdb_quota_rule=*:storage=%$,
mailQuotaMessages=userdb_quota_rule2=*:messages=%$,
mailQuotaIgnore=userdb_quota_rule3=*:ignore=%$
And unfortunately /var/log/maillog tells me:
dovecot: imap(abuse@netocean.local): Error: user abuse@netocean.local:
Initialization failed: Failed to initialize quota: Invalid quota root
quota: Invalid rule *:ignore=Trash: Unknown rule limit name: ignore
Yet /var/log/debug.log sounds a bit more promising ... but then again
not really ...
dovecot: imap: Debug: Added userdb setting:
mail=maildir:/usr/local/www/default/mail/u...@mydomain.tld
dovecot: imap: Debug: Added userdb setting:
plugin/quota_rule=*:storage=1048576
dovecot: imap: Debug: Added userdb setting: plugin/quota_rule2=*:messages=10
dovecot: imap: Debug: Added userdb setting:
plugin/quota_rule3=*:ignore=Trash
dovecot: imap(abuse@netocean.local): Debug: Effective uid=2110,
gid=2110, home=/var/vmail/u...@mydomain.tld/mail
dovecot: imap(abuse@netocean.local): Debug: Quota root: name=User quota
backend=maildir args=
dovecot: imap(abuse@netocean.local): Debug: Quota rule: root=User quota
mailbox=* bytes=1073741824 messages=0
dovecot: imap(abuse@netocean.local): Debug: Quota rule: root=User quota
mailbox=* bytes=1073741824 messages=10
dovecot: imap(abuse@netocean.local): Debug: Quota rule: root=User quota
mailbox=* bytes=1073741824 messages=10
Additionally, if one of the two working quotas (storage messages) is
exceeded than Dovecot sends out a warning from this setting:
plugin {
quota_warning = storage=90%% quota-warning 90 %u
quota_warning2 = storage=75%% quota-warning 75 %u
# What message to send to IMAP clients (and SMTP senders) when quota
is exceeded?
quota_exceeded_message = Quota exceeded, please go to
http://MyDomain.TLD for instructions on how to fix this.
}
No my question is how to provide two different warnings.
One for storage like: Sorry, you're mail storage is full. Please delete
some.
And a second for messages like: Sorry, you've too many messages. Please
delete some.
Thanks Best Regards
Leander
Thunderbird: improper command pipelining after EHLO
I couldn't find working solutions for this anomalie on the net. What does this mean and does someone know how to fix this? postfix/smtpd[18757]: improper command pipelining after EHLO from unknown[192.168.10.233]: QUIT\r\n Thanks Best Regards, Leander
Re: Thunderbird: improper command pipelining after EHLO
I'll check my master.cf again. I'm also more and more sure the mistake is hiding in there. Thanks Am 26.01.15 um 15:29 schrieb Reindl Harald: Am 26.01.2015 um 15:22 schrieb Leander Schäfer: I couldn't find working solutions for this anomalie on the net. What does this mean and does someone know how to fix this? postfix/smtpd[18757]: improper command pipelining after EHLO from unknown[192.168.10.233]: QUIT\r\n that's hardly a dovecot topic and without postconf -n, in doubt with content of master.cf and more informations nobody can help you at all On Mon, Jan 26, 2015 at 9:29 AM, Reindl Haraldh.rei...@thelounge.net wrote: Am 26.01.2015 um 15:22 schrieb Leander Schäfer: I couldn't find working solutions for this anomalie on the net. What does this mean and does someone know how to fix this? postfix/smtpd[18757]: improper command pipelining after EHLO from unknown[192.168.10.233]: QUIT\r\n that's hardly a dovecot topic and without postconf -n, in doubt with content of master.cf and more informations nobody can help you at all Agreed. smtpd means mail going out. Unless you setup dovecot to help with the authentication, it could not care less about how your email leaves your server. If you control your postfix server, crank up debugging and see if that helps. If you can't, try the thunderbird list/forum; it too has a debugging mode (https://wiki.mozilla.org/MailNews:Logging).
Re: imap-login: Fatal: pipe() failed: Too many open files
Am 26.01.15 um 02:24 schrieb Edgar Pettijohn: Sorry didn't scroll to the bottom to see the dovecot -n. I'm assuming freebsd has an /etc/login.conf similiar to openbsd. If so you may need to do something similiar to this: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: Rebuild the login.conf.db file if necessary: # [ -f /etc/login.conf.db ] cap_mkdb /etc/login.conf Hope this helps. Thanks for the hint. FreeBSD takes sysctl(8) settings as a base to ulimit(3). I even tried tuning on those values. sysctl kern.maxfilesperproc=405587 sysctl kern.maxfiles=428433 Unfortunately this does not solve the problem. I don't think it is the root of the problem. The current value - even with Dovecot and Postfix already running is: kern.openfiles: 675 It is just, that Dovecot is kind of in a frozen condition when trying to login to it via telnet(1). Am 26.01.15 um 02:20 schrieb Reindl Harald: Am 26.01.2015 um 02:13 schrieb Leander Schäfer: I just checked my ulimit again and it really seems like it has more than enough - so I still don't understand what I've configured wrong here ;/ root@WM-01 [~]$ su -m dovecot -c ulimit -a socket buffer size (bytes, -b) unlimited core file size (blocks, -c) unlimited data seg size (kbytes, -d) 33554432 file size (blocks, -f) unlimited max locked memory (kbytes, -l) 131072 max memory size (kbytes, -m) 7067352 open files (-n) 205587 pipe size(512 bytes, -p) 1 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 11278 virtual memory (kbytes, -v) unlimited swap size (kbytes, -w) unlimited besides that imap-login typically does *not* run under the same user (here dovenull versus dovecot) who tells you that 205587 is more than enough just because it is a high value? Yes, because I am monitoring those values via Munin. I can clearly see that my system does not require a value even close to this. By average my system has 673 files open. In FreeBSD sysctl(8) is the base for ulimit(3) - meaning since I don't maintain user specific ulimit(3) - it is also the same values for dovenull, postfix, vmail and every other user on the system. My current sysctl(8) values should provide way enough space to grow super large: sysctl kern.maxfilesperproc=205587 sysctl kern.maxfiles=228433 And this is where it becomes so absurd to me. I don't see where I should tune anymore. I more and more get the feeling it is a configuration error of dovecot itself?! Thanks Best Regards, Leander
Re: imap-login: Fatal: pipe() failed: Too many open files
Jan 26 12:09:09 WM-01 dovecot: auth: Error: last used: Mon Jan 26 12:09:09 2015 Jan 26 12:09:09 WM-01 dovecot: auth: Error: Jan 26 12:09:09 WM-01 dovecot: auth: Error: Jan 26 12:09:09 WM-01 dovecot: auth: Error: ** ld 0x1245e100 Outstanding Requests: Jan 26 12:09:09 WM-01 dovecot: auth: Error:Empty Jan 26 12:09:09 WM-01 dovecot: auth: Error: ld 0x1245e100 request count 0 (abandoned 0) Jan 26 12:09:09 WM-01 dovecot: auth: Error: ** ld 0x1245e100 Response Queue: Jan 26 12:09:09 WM-01 dovecot: auth: Error:Empty Jan 26 12:09:09 WM-01 dovecot: auth: Error: ld 0x1245e100 response count 0 Jan 26 12:09:09 WM-01 dovecot: auth: Error: ldap_chkResponseList ld 0x1245e100 msgid -1 all 0 Jan 26 12:09:09 WM-01 dovecot: auth: Error: ldap_chkResponseList returns ld 0x1245e100 NULL Jan 26 12:09:09 WM-01 dovecot: auth: Error: ldap_int_select Jan 26 12:09:20 WM-01 postfix/smtpd[99014]: lost connection after AUTH from localhost[127.0.0.1] Jan 26 12:09:20 WM-01 postfix/smtpd[99014]: disconnect from localhost[127.0.0.1] Am 26.01.15 um 11:27 schrieb Leander Schäfer: Am 26.01.15 um 02:24 schrieb Edgar Pettijohn: Sorry didn't scroll to the bottom to see the dovecot -n. I'm assuming freebsd has an /etc/login.conf similiar to openbsd. If so you may need to do something similiar to this: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: Rebuild the login.conf.db file if necessary: # [ -f /etc/login.conf.db ] cap_mkdb /etc/login.conf Hope this helps. Thanks for the hint. FreeBSD takes sysctl(8) settings as a base to ulimit(3). I even tried tuning on those values. sysctl kern.maxfilesperproc=405587 sysctl kern.maxfiles=428433 Unfortunately this does not solve the problem. I don't think it is the root of the problem. The current value - even with Dovecot and Postfix already running is: kern.openfiles: 675 It is just, that Dovecot is kind of in a frozen condition when trying to login to it via telnet(1). Am 26.01.15 um 02:20 schrieb Reindl Harald: Am 26.01.2015 um 02:13 schrieb Leander Schäfer: I just checked my ulimit again and it really seems like it has more than enough - so I still don't understand what I've configured wrong here ;/ root@WM-01 [~]$ su -m dovecot -c ulimit -a socket buffer size (bytes, -b) unlimited core file size (blocks, -c) unlimited data seg size (kbytes, -d) 33554432 file size (blocks, -f) unlimited max locked memory (kbytes, -l) 131072 max memory size (kbytes, -m) 7067352 open files (-n) 205587 pipe size(512 bytes, -p) 1 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 11278 virtual memory (kbytes, -v) unlimited swap size (kbytes, -w) unlimited besides that imap-login typically does *not* run under the same user (here dovenull versus dovecot) who tells you that 205587 is more than enough just because it is a high value? Yes, because I am monitoring those values via Munin. I can clearly see that my system does not require a value even close to this. By average my system has 673 files open. In FreeBSD sysctl(8) is the base for ulimit(3) - meaning since I don't maintain user specific ulimit(3) - it is also the same values for dovenull, postfix, vmail and every other user on the system. My current sysctl(8) values should provide way enough space to grow super large: sysctl kern.maxfilesperproc=205587 sysctl kern.maxfiles=228433 And this is where it becomes so absurd to me. I don't see where I should tune anymore. I more and more get the feeling it is a configuration error of dovecot itself?! Thanks Best Regards, Leander
imap-login: Fatal: pipe() failed: Too many open files
Hi
I keep on getting errors and can't connect/login to Dovecot. I did my
research but unfortunately without success. It is for sure not ulimit
because ulimit is set to unlimited per default already. Still , it
complains about Too many open files but this is a test system and the
service dovecot and postfix have just been started. No one except me is
testing on this system. This is very weired ;/
root@WM-01 [~]$ service dovecot stop; service postfix stop ; echo
/var/log/maillog ; echo /var/log/slapd.log ; service postfix start
; service dovecot start
Stopping dovecot.
Waiting for PIDS: 3245.
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: starting the Postfix mail system
Starting dovecot.
root@WM-01 [~]$ telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
root@WM-01 [~]$ cat /var/log/mail
Jan 26 01:39:12 WM-01 dovecot: imap-login: Fatal: pipe() failed: Too
many open files
Jan 26 01:39:12 WM-01 dovecot: master: Error: service(imap-login):
command startup failed, throttling for 4 secs
If I uncoment port = 0 in POP and IMAP then it looks even worse then
above. Telnet is not even closed by remote host and three of the Too
many open files errors are showing up in maillog:
root@WM-01 [~]$ telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet Connection closed.
root@WM-01 [~]$ cat /var/log/maillog
Jan 26 01:45:19 WM-01 postfix/postfix-script[60560]: starting the
Postfix mail system
Jan 26 01:45:19 WM-01 postfix/master[60562]: daemon started -- version
1.0, configuration /usr/local/etc/postfix
Jan 26 01:45:19 WM-01 dovecot: master: Dovecot v2.2.15 starting up for
imap, pop3, lmtp
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: socket(login) failed:
Too many open files
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: auth: connect(login)
failed: Too many open files
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: net_accept() failed:
Too many open files
root@WM-01 [~]$
Does anyone have an idea what could be wrong here? I attached the
relevant configuration below. I use OpenLDAP as backend.
Please let me know if you need more information. Thank you very much.
Best Regards,
Leander
# == dovecot -n == #
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: FreeBSD 10.1-RELEASE amd64 ufs
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 3 secs
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_greeting = Welcome to Mail Server.
login_log_format_elements = user=%u method=%m rip=%r lip=%l mpid=%e %c %k
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/var/mail/%d/%n
mail_plugins = quota expire mail_log notify
mail_privileged_group = mail
mail_temp_dir = /tmp/Dovecot
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
expire = Trash
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = maildir:User quota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+30%%
quota_rule3 = Sent:storage=+30%%
quota_warning = storage=90%% quota-warning 90 %u
quota_warning2 = storage=75%% quota-warning 75 %u
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = i...@netocean.de
sendmail_path = /usr/local/sbin/sendmail
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
user = vmail
}
service pop3-login {
inet_listener pop3s {
port = 0
}
}
service quota-warning {
executable = script
Re: imap-login: Fatal: pipe() failed: Too many open files
I just checked my ulimit again and it really seems like it hhas more
than enough - so I still don't understand what I've configured wrong here ;/
root@WM-01 [~]$ su -m dovecot -c ulimit -a
socket buffer size (bytes, -b) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 33554432
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 131072
max memory size (kbytes, -m) 7067352
open files (-n) 205587
pipe size(512 bytes, -p) 1
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 11278
virtual memory (kbytes, -v) unlimited
swap size (kbytes, -w) unlimited
Best Regards,
Leander
Am 26.01.15 um 01:50 schrieb Leander Schäfer:
Hi
I keep on getting errors and can't connect/login to Dovecot. I did my
research but unfortunately without success. It is for sure not ulimit
because ulimit is set to unlimited per default already. Still , it
complains about Too many open files but this is a test system and
the service dovecot and postfix have just been started. No one except
me is testing on this system. This is very weired ;/
root@WM-01 [~]$ service dovecot stop; service postfix stop ; echo
/var/log/maillog ; echo /var/log/slapd.log ; service postfix
start ; service dovecot start
Stopping dovecot.
Waiting for PIDS: 3245.
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: starting the Postfix mail system
Starting dovecot.
root@WM-01 [~]$ telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
root@WM-01 [~]$ cat /var/log/mail
Jan 26 01:39:12 WM-01 dovecot: imap-login: Fatal: pipe() failed: Too
many open files
Jan 26 01:39:12 WM-01 dovecot: master: Error: service(imap-login):
command startup failed, throttling for 4 secs
If I uncoment port = 0 in POP and IMAP then it looks even worse then
above. Telnet is not even closed by remote host and three of the Too
many open files errors are showing up in maillog:
root@WM-01 [~]$ telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet Connection closed.
root@WM-01 [~]$ cat /var/log/maillog
Jan 26 01:45:19 WM-01 postfix/postfix-script[60560]: starting the
Postfix mail system
Jan 26 01:45:19 WM-01 postfix/master[60562]: daemon started -- version
1.0, configuration /usr/local/etc/postfix
Jan 26 01:45:19 WM-01 dovecot: master: Dovecot v2.2.15 starting up for
imap, pop3, lmtp
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: socket(login)
failed: Too many open files
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: auth: connect(login)
failed: Too many open files
Jan 26 01:45:24 WM-01 dovecot: imap-login: Error: net_accept() failed:
Too many open files
root@WM-01 [~]$
Does anyone have an idea what could be wrong here? I attached the
relevant configuration below. I use OpenLDAP as backend.
Please let me know if you need more information. Thank you very much.
Best Regards,
Leander
# == dovecot -n == #
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: FreeBSD 10.1-RELEASE amd64 ufs
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 3 secs
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_greeting = Welcome to Mail Server.
login_log_format_elements = user=%u method=%m rip=%r lip=%l mpid=%e
%c %k
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/var/mail/%d/%n
mail_plugins = quota expire mail_log notify
mail_privileged_group = mail
mail_temp_dir = /tmp/Dovecot
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
expire = Trash
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = maildir:User quota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_rule = *:storage=1G
quota_rule2
Re: Postfix Dovecot LDAP setup
... Silly me ... turns out I had a newline in my LDIF that's why it
ignored all the attributes below.
wasted 1.5 days on this flippn thing. Crap ;(
Anyway .. happy to move on now ;)
Am 22.01.15 um 22:19 schrieb Leander Schäfer:
[EDIT]: Sorry about the second mail. ignore the first one - it had try
and error mistakes in. Problem is still the very same as explaned
below. Thanks a lot.
Hi,
since days I'm trying to substitude my SQL based Postfix/Dovecot mail
server by a LDAP based setup. Everything seems to go smooth so far -
thanks to the many how to and Dovecot wiki. Unfortunately I'm
struggeling, since I have to create individual a LDAP schema which
suits the currently used LDAP structure. The current tructure looks
like this:
= dc=MyDomain,dc=TLD
== ou=People
=== uid=User-1
ou=mail
=== uid=User-2
ou=mail
... and so on ...
Within ou=mail should be the individual mail account(s) information of
a user. So in the end I want to add a(nother) mail account by
something like this:
cat EOF ./newUser.ldif
dn:
mailAddress=t...@domain.tld,ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD
objectclass: top
objectclass: mailAccount
mailAddress: t...@domain.tld
MailPassword: {SSHA}SomePassword
MailAccountStatus: active
[...]
EOF
Therefore I setup a LDAP schema like the following, but it seems to
ignore the attributes MailPassword and noMailAccountStatus. Why? I
don't understand what I'm missing here on my objectclass? ;/
# == LDAP schema === #
#
# OID Macros (10001 should be IANA-registered)
#
objectidentifier nameSpace 1.3.6.1.4.1.10001
objectidentifier mail nameSpace:1
objectidentifier objectClassAccount mail:1
objectidentifier objectClassAccountInfo mail:2
#
# Attributes: objectClass[NAME]:1.[SERIAL]
#
attributetype ( objectClassAccount:1.1
NAME 'mailAddress'
DESC 'The hosted mail addresses'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( objectClassAccount:1.2
NAME 'MailPassword'
DESC 'The hosted mail password'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
attributetype ( objectClassAccount:1.3
NAME 'MailAccountStatus'
DESC 'The status of a user account: active, noaccess, disabled,
deleted'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
[...]
#
# Objects: objectClass[NAME]:2.[SERIAL]
#
objectclass ( objectClassAccount:2.1
NAME 'mailAccount'
SUP ( top )
STRUCTURAL
DESC 'Mail account'
MUST ( mailAddress )
MAY ( MailPassword $ MailAccountStatus ) )
# == #
Thanks
Best Regards,
Leander
Postfix Dovecot LDAP setup
Hi,
since days I'm trying to substitude my SQL based Postfix/Dovecot mail
server by a LDAP based setup. Everything seems to go smooth so far -
thanks to the many how to and Dovecot wiki. Unfortunately I'm
struggeling, since I have to create individual a LDAP schema which suits
the currently used LDAP structure. The current tructure looks like this:
= dc=MyDomain,dc=TLD
== ou=People
=== uid=User-1
ou=mail
=== uid=User-2
ou=mail
... and so on ...
Within ou=mail should be the individual mail account(s) information of a
user. So in the end I want to add a(nother) mail account by something
like this:
cat EOF ./newUser.ldif
dn:
mailAddress=t...@domain.tld,ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD
objectclass: top
objectclass: mailAccount
mailAddress: t...@domain.tld
noMailPassword: {SSHA}SomePassword
noMailAccountStatus: active
[...]
EOF
Therefore I setup a LDAP schema like the following, but it seems to
ignore the attributes MailPassword and noMailAccountStatus. Why? I
don't understand what I'm missing here on my objectclass? ;/
# == LDAP schema === #
#
# OID Macros (10001 should be IANA-registered)
#
objectidentifier nameSpace 1.3.6.1.4.1.10001
objectidentifier mail nameSpace:1
objectidentifier objectClassAccount mail:1
objectidentifier objectClassAccountInfo mail:2
#
# Attributes: objectClass[NAME]:1.[SERIAL]
#
attributetype ( objectClassAccount:1.1
NAME 'mailAddress'
DESC 'The hosted mail addresses'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( objectClassAccount:1.2
NAME 'MailPassword'
DESC 'The hosted mail password'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
attributetype ( objectClassAccount:1.3
NAME 'MailAccountStatus'
DESC 'The status of a user account: active, noaccess, disabled,
deleted'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
[...]
#
# Objects: objectClass[NAME]:2.[SERIAL]
#
objectclass ( objectClassAccount:2.1
NAME 'mailAccount'
SUP ( top )
STRUCTURAL
DESC 'Mail account'
MUST ( mailAddress )
MAY ( MailPassword $ MailAccountStatus ) )
# == #
Thanks
Best Regards,
Leander
Postfix Dovecot LDAP setup
[EDIT]: Sorry about the second mail. ignore the first one - it had try
and error mistakes in. Problem is still the very same as explaned below.
Thanks a lot.
Hi,
since days I'm trying to substitude my SQL based Postfix/Dovecot mail
server by a LDAP based setup. Everything seems to go smooth so far -
thanks to the many how to and Dovecot wiki. Unfortunately I'm
struggeling, since I have to create individual a LDAP schema which suits
the currently used LDAP structure. The current tructure looks like this:
= dc=MyDomain,dc=TLD
== ou=People
=== uid=User-1
ou=mail
=== uid=User-2
ou=mail
... and so on ...
Within ou=mail should be the individual mail account(s) information of a
user. So in the end I want to add a(nother) mail account by something
like this:
cat EOF ./newUser.ldif
dn:
mailAddress=t...@domain.tld,ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD
objectclass: top
objectclass: mailAccount
mailAddress: t...@domain.tld
MailPassword: {SSHA}SomePassword
MailAccountStatus: active
[...]
EOF
Therefore I setup a LDAP schema like the following, but it seems to
ignore the attributes MailPassword and noMailAccountStatus. Why? I
don't understand what I'm missing here on my objectclass? ;/
# == LDAP schema === #
#
# OID Macros (10001 should be IANA-registered)
#
objectidentifier nameSpace 1.3.6.1.4.1.10001
objectidentifier mail nameSpace:1
objectidentifier objectClassAccount mail:1
objectidentifier objectClassAccountInfo mail:2
#
# Attributes: objectClass[NAME]:1.[SERIAL]
#
attributetype ( objectClassAccount:1.1
NAME 'mailAddress'
DESC 'The hosted mail addresses'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( objectClassAccount:1.2
NAME 'MailPassword'
DESC 'The hosted mail password'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
attributetype ( objectClassAccount:1.3
NAME 'MailAccountStatus'
DESC 'The status of a user account: active, noaccess, disabled,
deleted'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
[...]
#
# Objects: objectClass[NAME]:2.[SERIAL]
#
objectclass ( objectClassAccount:2.1
NAME 'mailAccount'
SUP ( top )
STRUCTURAL
DESC 'Mail account'
MUST ( mailAddress )
MAY ( MailPassword $ MailAccountStatus ) )
# == #
Thanks
Best Regards,
Leander
Re: Does dovecot work OK on *BSD?
Hi Steve, Go for FreeBSD ;) it offers Dovecot(2) via ports or via package. I always recommend ports though, due to the fact of being able to enable/disable options - but that's your choise. Ports: cd /usr/ports/mail/dovecot2 make install clean or via pkg(8): pkg install dovecot2 I can allway recommend to ask your friend Google: FreeBSD + Dovecot + Tutorial or FreeBSD + Dovecot + How to. According to my knowledge, it works quite the same with the other BSDs in your list. It's been a while since I worked with one of them. I sticked to FreeBSD * For updating / maintenance of ports and packages, I recommend portmaster. * For System binary related updates there is freebsd-update(8). Best Regards, Leander S. Am 25.09.14 18:14, schrieb Steve Litt: Hi all, I have a dovecot server on my Debian Wheezy desktop computer. My days with Debian are limited, and I'm investigating several 'BSD's: OpenBSD FreeBSD PCBSD NetBSD DragonflyBSD etc Is there any reason Dovecot wouldn't work on any of those? Does anyone know if those OS's have packages for Dovecot, or do I need to compile it myself? Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance
Re: Dovecot2 Antispam MAILTRAIN backend with SpamAssassin
I remember, that I also struggled for quite a while until I figured it
out. Here is what I used on my FreeBSD Dovecot installation ...
Remember, that the following code is working on dovecot --version
1.2.12 ... but it could also be valid for later versions. I simply
havn't checked it out yet.
### Dovecot AntiSpam ###
# mail signature (used with any backend requiring a signature)
#antispam_signature = X-Spam-Status
#antispam_signature_missing = move
antispam_mail_sendmail = /usr/local/etc/dovecot/sa-learn-helper.sh
antispam_mail_sendmail_args = --username=%Lu
antispam_mail_spam = --spam
antispam_mail_notspam = --ham
antispam_mail_tmpdir = /tmp
antispam_spam = Spam
#antispam_unsure = Virus
antispam_trash = Trash
echo '#!/usr/local/bin/bash
#/usr/local/bin/sa-learn ${1} ${2} ${3} ${4}
/var/log/DoveDamnAntiSpam.log
/usr/local/bin/sa-learn ${1} ${2} ${3} ${4}
exit 0
' /usr/local/etc/dovecot/sa-learn-helper.sh
chmod 0777 /usr/local/etc/dovecot/sa-learn-helper.sh ;
chown root:wheel /usr/local/etc/dovecot/sa-learn-helper.sh ;
Best regards
Leander
Am 15.07.14 15:00, schrieb Mohammad S. Babaei:
Hi there,
I've already asked this question on FreeBSD forums without getting any
response. So, I thought it's a good idea to ask it again here.
I've setup Dovecote2 (2.2.13) + Postfix + SpamAssassin on my FreeBSD 10
VPS and it works flawlessly. Though, I couldn't setup the Dovecot
Antispam plugin to train SpamAssassin when I move mails to the Junk
folder.
I installed the plugin from FreeBSD ports and followed the official
documentation [1] and the man page [2] without any success.
This is my configuration:
# 2.2.13: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.0-RELEASE-p6 i386 ufs
auth_mechanisms = plain login digest-md5
disable_plaintext_auth = no
first_valid_gid = 6
first_valid_uid = 26
last_valid_gid = 6
last_valid_uid = 26
lmtp_save_to_detail_mailbox = yes
mail_gid = mail
mail_location = mdbox:/mail/%d/%u
mail_privileged_group = mail
mail_uid = mailnull
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = no
special_use = Archive
}
mailbox Drafts {
auto = subscribe
special_use = Drafts
}
mailbox Flagged {
auto = no
special_use = Flagged
}
mailbox Junk {
auto = subscribe
special_use = Junk
}
mailbox Sent {
auto = subscribe
special_use = Sent
}
mailbox Trash {
auto = subscribe
special_use = Trash
}
mailbox virtual/All {
auto = no
special_use = All
}
prefix =
separator = /
}
passdb {
args = /mail/%d/dovecot_passwd
driver = passwd-file
}
plugin {
antispam_backend = MAILTRAIN
antispam_mail_notspam = --ham
antispam_mail_sendmail = /mail/sa-learn-pipe.sh
antispam_mail_spam = --spam
antispam_spam = Junk
antispam_trash = Trash
quota_rule = *:storage=8GB
sieve = /mail/%d/%u/dovecot.sieve
sieve_dir = /mail/%d/%u
sieve_global_dir = /mail/sieve
sieve_global_path = /mail/sieve/globalfilter.sieve
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
group = mail
mode = 0660
user = postfix
}
unix_listener auth-master {
group = mail
mode = 0600
user = mailnull
}
user = root
}
service imap-login {
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 32
process_min_avail = 1
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 1024
}
service pop3-login {
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 32
process_min_avail = 1
}
ssl_cert = /etc/ssl/dovecot/cert.pem
ssl_key = /etc/ssl/dovecot/key.pem
userdb {
args = /mail/%d/dovecot_passwd
driver = passwd-file
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = sieve
postmaster_address = postmas...@somedomain.com
quota_full_tempfail = yes
}
protocol sieve {
mail_max_userip_connections = 10
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_line_length = 65536
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_plugins = quota imap_quota antispam
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
mail_plugins = quota sieve
postmaster_address = postmas...@somedomain.com
sendmail_path = /usr/local/sbin/sendmail
}
And,
