Re: test-crypto.c - Assert failed

[Tamsy]

 Original Message 
From: Tamsy [mailto:dovecot-l...@mohtex.net]
Sent: Wednesday, July 27, 2022 at 11:31
To: Dovecot
Subject: test-crypto.c - Assert failed

Dear List,

Please pardon me if this has been already discussed before. I couldn't
find the matter with a quick search.

On a new standard Ubuntu 22.04 LTS installation Dovecot's "configure &&
make" runs through but "make check" fails.

Is dovecot-2.3.19.1 not yet compatible with openSSL 3.0.2 (openssl
3.0.2-0ubuntu1.6) or is this just happening here?


Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:    22.04
Codename:   jammy

Linux 5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022
x86_64 x86_64 x86_64 GNU/Linux


$ make check


test_cipher_test_vectors . : ok
test_cipher_aead_test_vectors  : ok
test_hmac_test_vectors ... : ok
test_load_v1_keys  : ok
test_load_v1_key . : ok
test_load_v1_public_key .. : ok
test_load_v2_key . : ok
test_load_v2_public_key .. : ok
test_get_info_v2_key . : ok
test_gen_and_get_info_rsa_pem  : ok
test_get_info_rsa_private_key  : ok
test_get_info_invalid_keys ... : ok
test_get_info_key_encrypted .. : ok
test_get_info_pw_encrypted ... : ok
test-crypto.c:827: Assert failed: ret == TRUE
Panic: file dcrypt-openssl.c: line 2639
(dcrypt_openssl_private_to_public_key): assertion failed: (priv_key !=
NULL && pub_key_r != NULL)
Error: Raw backtrace: ./test-crypto(+0x60704) [0x168704] ->
./test-crypto(backtrace_append+0x1c) [0x168893] ->
./test-crypto(backtrace_get+0x2a) [0x1688bf] -> ./test-crypto(+0x28ef4)
[0x130ef4] -> ./test-crypto(default_fatal_handler+0) [0x130fc6] ->
./test-crypto(default_error_handler+0) [0x131014] ->
./test-crypto(i_fatal+0) [0x1312ae] ->
.libs/libdcrypt_openssl.so(+0xe795) [0x4ea3795] ->
./test-crypto(dcrypt_key_convert_private_to_public+0x7b) [0x11eeb1] ->
./test-crypto(+0x21655) [0x129655] -> ./test-crypto(+0x23d66) [0x12bd66]
-> ./test-crypto(test_run+0x21) [0x12c13a] -> ./test-crypto(main+0x83)
[0x12af16] -> /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x4893d90] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x4893e40] ->
./test-crypto(_start+0x25) [0x11c1a5]
../../run-test.sh: line 39: 164971 Aborted (core dumped)
/usr/bin/valgrind -q $trace_children --error-exitcode=213
--leak-check=full --gen-suppressions=all --suppressions="$supp_path"
--log-file=$test_out $noundef $*
==164971== Conditional jump or move depends on uninitialised value(s)
==164971==    at 0x514E234: ??? (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==    by 0x514E511: ??? (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==    by 0x504F0F4: EVP_DecryptFinal_ex (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==    by 0x4E9CD3F: dcrypt_openssl_ctx_sym_final (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/.libs/libdcrypt_openssl.so)
==164971==    by 0x11E3DB: dcrypt_ctx_sym_final (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==    by 0x1270DE: test_cipher_aead_test_vectors (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==    by 0x12BD65: test_run_funcs (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==    by 0x12C139: test_run (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==    by 0x12AF15: main (in
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==
{
    
    Memcheck:Cond
    obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.3
    obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.3
    fun:EVP_DecryptFinal_ex
    fun:dcrypt_openssl_ctx_sym_final
    fun:dcrypt_ctx_sym_final
    fun:test_cipher_aead_test_vectors
    fun:test_run_funcs
    fun:test_run
    fun:main
}
==164971== 2,304 bytes in 1 blocks are possibly lost in loss record 911
of 947
==164971==    at 0x4848899: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==164971==    by 0x4005D97: malloc (rtld-malloc.h:56)
==164971==    by 0x4005D97: _dlfo_mappings_segment_allocate
(dl-find_object.c:217)
==164971==    by 0x4005D97: _dl_find_object_update_1 (dl-find_object.c:671)
==164971==    by 0x4005D97: _dl_find_object_update (dl-find_object.c:804)
==164971==    by 0x400ECCF: dl_open_worker_begin (dl-open.c:735)
==164971==    by 0x49DEC27: _dl_catch_exception (d

test-crypto.c - Assert failed

[Tamsy]

Dear List,

Please pardon me if this has been already discussed before. I couldn't 
find the matter with a quick search.


On a new standard Ubuntu 22.04 LTS installation Dovecot's "configure && 
make" runs through but "make check" fails.


Is dovecot-2.3.19.1 not yet compatible with openSSL 3.0.2 (openssl 
3.0.2-0ubuntu1.6) or is this just happening here?



Distributor ID: Ubuntu
Description:Ubuntu 22.04 LTS
Release:22.04
Codename:   jammy

Linux 5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022 
x86_64 x86_64 x86_64 GNU/Linux



$ make check


test_cipher_test_vectors . : ok
test_cipher_aead_test_vectors  : ok
test_hmac_test_vectors ... : ok
test_load_v1_keys  : ok
test_load_v1_key . : ok
test_load_v1_public_key .. : ok
test_load_v2_key . : ok
test_load_v2_public_key .. : ok
test_get_info_v2_key . : ok
test_gen_and_get_info_rsa_pem  : ok
test_get_info_rsa_private_key  : ok
test_get_info_invalid_keys ... : ok
test_get_info_key_encrypted .. : ok
test_get_info_pw_encrypted ... : ok
test-crypto.c:827: Assert failed: ret == TRUE
Panic: file dcrypt-openssl.c: line 2639 
(dcrypt_openssl_private_to_public_key): assertion failed: (priv_key != 
NULL && pub_key_r != NULL)
Error: Raw backtrace: ./test-crypto(+0x60704) [0x168704] -> 
./test-crypto(backtrace_append+0x1c) [0x168893] -> 
./test-crypto(backtrace_get+0x2a) [0x1688bf] -> ./test-crypto(+0x28ef4) 
[0x130ef4] -> ./test-crypto(default_fatal_handler+0) [0x130fc6] -> 
./test-crypto(default_error_handler+0) [0x131014] -> 
./test-crypto(i_fatal+0) [0x1312ae] -> 
.libs/libdcrypt_openssl.so(+0xe795) [0x4ea3795] -> 
./test-crypto(dcrypt_key_convert_private_to_public+0x7b) [0x11eeb1] -> 
./test-crypto(+0x21655) [0x129655] -> ./test-crypto(+0x23d66) [0x12bd66] 
-> ./test-crypto(test_run+0x21) [0x12c13a] -> ./test-crypto(main+0x83) 
[0x12af16] -> /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x4893d90] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x4893e40] -> 
./test-crypto(_start+0x25) [0x11c1a5]
../../run-test.sh: line 39: 164971 Aborted (core dumped) 
/usr/bin/valgrind -q $trace_children --error-exitcode=213 
--leak-check=full --gen-suppressions=all --suppressions="$supp_path" 
--log-file=$test_out $noundef $*

==164971== Conditional jump or move depends on uninitialised value(s)
==164971==at 0x514E234: ??? (in 
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==by 0x514E511: ??? (in 
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==by 0x504F0F4: EVP_DecryptFinal_ex (in 
/usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==164971==by 0x4E9CD3F: dcrypt_openssl_ctx_sym_final (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/.libs/libdcrypt_openssl.so)
==164971==by 0x11E3DB: dcrypt_ctx_sym_final (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==by 0x1270DE: test_cipher_aead_test_vectors (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==by 0x12BD65: test_run_funcs (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==by 0x12C139: test_run (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)
==164971==by 0x12AF15: main (in 
/usr/local/src/dovecot-2.3.19.1/src/lib-dcrypt/test-crypto)

==164971==
{
   
   Memcheck:Cond
   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.3
   obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.3
   fun:EVP_DecryptFinal_ex
   fun:dcrypt_openssl_ctx_sym_final
   fun:dcrypt_ctx_sym_final
   fun:test_cipher_aead_test_vectors
   fun:test_run_funcs
   fun:test_run
   fun:main
}
==164971== 2,304 bytes in 1 blocks are possibly lost in loss record 911 
of 947
==164971==at 0x4848899: malloc (in 
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)

==164971==by 0x4005D97: malloc (rtld-malloc.h:56)
==164971==by 0x4005D97: _dlfo_mappings_segment_allocate 
(dl-find_object.c:217)

==164971==by 0x4005D97: _dl_find_object_update_1 (dl-find_object.c:671)
==164971==by 0x4005D97: _dl_find_object_update (dl-find_object.c:804)
==164971==by 0x400ECCF: dl_open_worker_begin (dl-open.c:735)
==164971==by 0x49DEC27: _dl_catch_exception (dl-error-skeleton.c:208)
==164971==by 0x400DF99: dl_open_worker (dl-open.c:782)
==164971==by 0x49DEC27: _dl_catch_exception (dl-error-skeleton.c:208)
==164971==by 0x400E34D: _dl_open (dl-open.c:883)
==164971==by 

Re: LDA ignores virtual mailbox settings

[Tamsy]

*From:* Toni Mueller [mailto:supp...@oeko.net]
*Sent:* Monday, December 28, 2020, 3:18 AM
*To:* Aki Tuomi
*Cc:* dovecot@dovecot.org
*Subject:* LDA ignores virtual mailbox settings


Hi Aki,

thanks for your quick response!

On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote:

On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote:

16:04:16 dovecot: auth: Debug: master 
in:USER#0111#011u...@example.com#011service=lda
16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't return 
userdb entries, trying the next userdb
16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT 
'/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as 
quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = 'A'
16:04:16 dovecot: auth: Debug: userdb 
out:USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0

^^

This shows that the database lookup works. The intended effect should be
that the message is delivered to

/path-to-mailboxen/example.com/user/Maidir/new

16:04:16 dovecot: lda(u...@example.com)<5291>: Error: 
setegid(privileged) failed: Operation not permitted
16:04:16 dovecot: lda(u...@example.com)<5291>: Error: 
Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied 
(euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 
8(mail), dir owned by 0:8 mode=0775)

^^

And this shows that dovecot-lda just ignores the result.


16:04:16 dovecot: lda(u...@example.com)<5291>: Error: 
Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: 
open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) 
egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 
0:8 mode=0775)
16:04:16 dovecot: lda(u...@example.com)<5291>: 
msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox INBOX: 
Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) 
failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, 
we're not in group 8(mail), dir owned by 0:8 mode=0775)
16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, 
orig_to=, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, 
dsn=4.3.0, status=deferred (temporary failure)


In /etc/postfix/master.cf, I have this to call it:

dovecot   unix  -   n   n   -   -   pipe
   flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d 
${user}@${domain} -a ${recipient}


Try adding

mail_privileged_group = mail

I am not sure why you recommend this. I never ever want to deliver to
/var/mail, and my mailbox directory has group 'mailbox' - hence I have

mail_privileged_group = mailbox

in my configuration.

My question is why this thing wants to deliver to /var/mail, despite
having a different location from the userdb, and how I can force it to
use the location from the userdb.


Thanks,
Toni

Sorry, I misread your problem..

can you try checking output of

`doveadm user `

# doveadm useru...@example.com
field   value
uid 12345
gid 12345
home/path-to-mailboxen/example.com/user
mailmaildir:~/Maildir:INBOX=~/Maildir
quota_rule  *:storage=0


and

`doveadm auth lookup `

# doveadm -v auth lookupu...@example.com
passdb:u...@example.com
   user  :u...@example.com


Also, including `doveconf -n` would be useful.

# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7
# Hostname: testvm.example.com
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 0
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time} 
%{storage_id} %{secured}
disable_plaintext_auth = no
login_access_sockets = tcpwrap
mail_debug = yes
mail_location = maildir:~/Maildir:INBOX=~/Maildir
mail_privileged_group = mailbox
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace inbox {
   inbox = yes
   location = maildir:~/Maildir:INBOX=~/Maildir
   mailbox Drafts {
 special_use = \Drafts
   }
   mailbox Junk {
 special_use = \Junk
   }
   mailbox Sent {
 special_use = \Sent
   }
   mailbox "Sent Messages" {
 special_use = \Sent
   }
   mailbox Trash {
 special_use = \Trash
   }
   prefix =
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   expire = Trash 30 Spam 30
   quota = maildir
   quota_rule = *:storage=5
   quota_rule2 = Trash:ignore
   sieve 

Re: Urgent - Help needed

[Tamsy]

*From:* Kishore Potnuru [mailto:kishore.reac...@gmail.com]
*Sent:* Tuesday, May 5, 2020, 4:02 PM
*To:* Benny Pedersen; Dovecot Mailing List
*Subject:* Urgent - Help needed



I am using pop3/imap, see the below file. We can't verify any logs? 
This is working fine from last one year. as part of testing we just 
stopped the services for 20minutes and restarted the dovecot and 
postfix server using "service  stop/start". No issues 
so far...


I would like know, if the application is reading the emails from the 
server, do we have any log in our server to see the same? Because I 
see them when the email is coming to the folder. I see them that they 
are deleted , once they are reading by the application. But 
application is not taking all the emails. few are missing, application 
team says. I want to tell them and show the logs that these are read 
by your server/application. that is my idea


[root@server new]# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 Red Hat Enterprise Linux 
Server release 7.4 (Maipo) xfs

disable_plaintext_auth = no
listen = *
log_path = /var/log/dovecot.log

mail_location = maildir:/kw/home/pop/%d/%n/Maildir/
passdb {
  args = /etc/dovecot/passwd
  driver = passwd-file
}
pop3_uidl_format = %g
protocols = imap pop3
ssl_cert = On Tue, May 5, 2020 at 9:33 AM Benny Pedersen > wrote:


On 2020-05-05 10:06, Kishore Potnuru wrote:

> Please help me...

with more sparse info ?

maillist would like to see

postconf -nf
postconf -Mf
doveconf -n

how is it setup to delivery virtual transport not using
dovecot-lda or
dovecot ltmp

do not make file system access to mails, use imap or pop3 protocols

as i read sparse info you are not using dovecot, so be it



As Huangbin and Benny already pointed it out and what is cleary shown by 
the log-snippet:


May  5 07:35:21 testserver postfix/virtual[29843]: EB6A2206818: 
to=, relay=virtual, delay=0.05, 
delays=0.05/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)


It is *NOT* Dovecot which is doing the final delivery of messages into 
the users mailbox.


Furthermore if the mailist is asking you for the output of:
postconf -nf
postconf -Mf
doveconf -n

but you only send some (very sparse) snippets out of it which nearly 
have no relevance to the problem you are describing you can not expect 
real support from the list.

Re: Sieve global path?

[Tamsy]

Stephan von Krawczynski wrote on 10.11.2017 16:35:

On Fri, 10 Nov 2017 03:41:20 -0500
Bill Shirley  wrote:


No it isn't shown as a folder.  All folder directories here begin with a dot.
i.e.  .INBOX  .Trash  .Drafts

Bill

No, they don't. me thought that, too. But using the rainloop webmail interface
on top of such a config showed the sieve folder in the overview. Sometimes you
can even see a "dovecot" folder, which also disappears when sieve is outside.

--
Regards,
Stephan




On 11/10/2017 3:07 AM, Stephan von Krawczynski wrote:

On Thu, 9 Nov 2017 21:02:44 -0500
Bill Shirley  wrote:
  

Set the sieve_global_dir like this.
/etc/dovecot/conf.d/99-mystuff.conf:
.
.
plugin {
     sieve = ~/Maildir/dovecot.sieve
     sieve_dir = ~/Maildir/sieve
     sieve_global_dir  = /etc/dovecot/sieve/global/
     sieve_before  = /etc/dovecot/sieve/before.d/
#  sieve_before2    =
#  sieve_before3    =
     sieve_after   = /etc/dovecot/sieve/after.d/
#  sieve_after2 =
#  sieve_after3 =

     fts   = lucene
     fts_lucene    = whitespace_chars=@.
}

Permissions:
drwxr-xr-x. 174 root root system_u:object_r:etc_t:s0 12288 Nov  9
11:43 /etc drwxr-xr-x.   4 root root system_u:object_r:dovecot_etc_t:s0
95 Apr 28  2016 /etc/dovecot drwxr-xr-x.   5 root root
system_u:object_r:dovecot_etc_t:s0    64 Jul 13  2015 /etc/dovecot/sieve
drwxr-xr-x.   2 root root system_u:object_r:dovecot_etc_t:s0    10 Jul 13
2015 /etc/dovecot/sieve/global

Since this directory is read-only to all but root, pre-complie your
scripts with 'sievec'.

Bill

... And don't follow this example setting sieve_dir inside your maildirs.
This will lead to the dir being shown as imap folder which you don't want.
Simply put out it outside and everything is fine.
  
Excactly the same happens with Roundcube (at least v.1.2): The Sieve 
folder shows up in the Folder View.

Re: under another kind of attack

[Tamsy]

Olaf Hopp wrote on 25.07.2017 16:37:

Hi folks,

"somehow" similar to the thread "under some kind oof attack" started 
by "MJ":


I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they 
are knocking

is very very low. So fail2ban will never catch them.

For example one IP:

Jul 25 14:03:17 irams1 dovecot: auth-worker(2212): 
pam(eurodisc,101.231.247.210,): unknown user
Jul 25 15:16:36 irams1 dovecot: auth-worker(11047): 
pam(gergei,101.231.247.210,): pam_authenticate() 
failed: Authentication failure (password mismatch?)
Jul 25 16:08:51 irams1 dovecot: auth-worker(3379): 
pam(icpe,101.231.247.210,): unknown user
Jul 25 16:10:47 irams1 dovecot: auth-worker(4250): 
pam(endsulei,101.231.247.210,): unknown user


Note the timestamps.
If I look the other way round (tries to one account) I'll get

Jul 25 01:30:48 irams1 dovecot: auth-worker(11276): 
pam(endsulei,60.166.12.117,): unknown user
Jul 25 01:31:26 irams1 dovecot: auth-worker(11276): 
pam(endsulei,222.243.211.200,): unknown user
Jul 25 13:29:22 irams1 dovecot: auth-worker(4745): 
pam(endsulei,60.2.50.114,<4elhpCJVtcw8AjJy>): unknown user
Jul 25 13:30:27 irams1 dovecot: auth-worker(4747): 
pam(endsulei,222.84.118.83,): unknown user
Jul 25 16:10:47 irams1 dovecot: auth-worker(4250): 
pam(endsulei,101.231.247.210,): unknown user
Jul 25 16:11:45 irams1 dovecot: auth-worker(5933): 
pam(endsulei,206.214.0.120,): unknown user


Also note the timestamps!

And I see many many distinct IPs per day (a few hundred) trying many 
many existing and non-existings accounts.
As you see in the timestamps in my examples, this can not be handled 
by fail2ban without affecting

regular users with typos.
Is anybody observing something similar ?
Anybody an idea against this ?
Many of these observed IPs are chinese mobile IPs, if this matters. 
But we have also chinese students and

researchers all abroad.


Regards,
Olaf



For those "unknown user" attacks on Dovecot we use a rule we named 
"dovecot-unknownusers.conf" with Fail2Ban:



failregex = ^%(__prefix_line)sauth-worker\(\d+\): 
(pam|sql)\(\S+,\): unknown user\s*$



"findtime" we set to 5400 (90 minutes) with "maxretry" set to 2.

Works pretty well to block those pesty slow pace attacks.

Re: Replacement for antispam plugin

[Tamsy]

Aki Tuomi wrote on 10.02.2017 15:06:

Hi!
Since antispam plugin is deprecated and we would really prefer people
not to use it, we wrote instructions on how to replace it with
IMAPSieve. Comments and suggestions are most welcome.

https://wiki.dovecot.org/HowTo/AntispamWithSieve

---
Aki Tuomi
Dovecot oy
We just implemented this according to the wiki. Works great and without 
any hiccups. Thanks, Aki

Re: v2.2.26 release candidate released

[Tamsy]

Aki Tuomi wrote on 21.10.2016 11:34:

On October 21, 2016 at 6:27 AM Tamsy <dovecot-l...@mohtex.net> wrote:


Timo Sirainen wrote on 20.10.2016 04:01:

http://dovecot.org/releases/2.2/rc/dovecot-2.2.26.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.26.rc1.tar.gz.sig

There are quite a lot of changes since v2.2.25. Please try out this RC so we 
can get a good and stable v2.2.26 out.

* master: Removed hardcoded 511 backlog limit for listen(). The kernel
  should limit this as needed.
* doveadm import: Source user is now initialized the same as target
  user. Added -U parameter to override the source user.
* Mailbox names are no longer limited to 16 hierarchy levels. We'll
  check another way to make sure mailbox names can't grow larger than
  4096 bytes.

+ Added a concept of "alternative usernames" by returning user_* extra
  field(s) in passdb. doveadm proxy list shows these alt usernames in
  "doveadm proxy list" output. "doveadm director kick" adds
  -f  parameter. The alt usernames don't have to be
  unique, so this allows creation of user groups and kicking them in
  one command.
+ auth: passdb/userdb dict allows now %variables in key settings.
+ auth: If passdb returns noauthenticate=yes extra field, assume that
  it only set extra fields and authentication wasn't actually performed.
+ auth: passdb static now supports password={scheme} prefix.
+ imapc: Added imapc_max_line_length to limit maximum memory usage.
+ imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs.
  This replaces at least partially the rawlog plugin.
+ dsync: Added dsync_features=empty-header-workaround setting. This
  makes incremental dsyncs work better for servers that randomly return
  empty headers for mails. When an empty header is seen for an existing
  mail, dsync assumes that it matches the local mail.
+ doveadm sync/backup: Added -I  parameter to skip too
  large mails.
+ doveadm sync/backup: Fixed -t parameter and added -e for "end date".
+ doveadm mailbox metadata: Added -s parameter to allow accessing
  server metadata by using empty mailbox name.

- master process's listener socket was leaked to all child processes.
  This might have allowed untrusted processes to capture and prevent
  "doveadm service stop" comands from working.
- auth: userdb fields weren't passed to auth-workers, so %{userdb:*}
  from previous userdbs didn't work there.
- auth: Each userdb lookup from cache reset its TTL.
- auth: Fixed auth_bind=yes + sasl_bind=yes to work together
- auth: Blocking userdb lookups reset extra fields set by previous
  userdbs.
- auth: Cache keys didn't include %{passdb:*} and %{userdb:*}
- auth-policy: Fixed crash due to using already-freed memory if policy
  lookup takes longer than auth request exists.
- lib-auth: Unescape passdb/userdb extra fields. Mainly affected
  returning extra fields with LFs or TABs.
- lmtp_user_concurrency_limit>0 setting was logging unnecessary
  anvil errors.
- lmtp_user_concurrency_limit is now checked before quota check with
  lmtp_rcpt_check_quota=yes to avoid unnecessary quota work.
- lmtp: %{userdb:*} variables didn't work in mail_log_prefix
- autoexpunge settings for mailboxes with wildcards didn't work when
  namespace prefix was non-empty.
- Fixed writing >2GB to iostream-temp files (used by fs-compress,
  fs-metawrap, doveadm-http)
- director: Ignore duplicates in director_servers setting.
- zlib, IMAP BINARY: Fixed internal caching when accessing multiple
  newly created mails. They all had UID=0 and the next mail could have
  wrongly used the previously cached mail.
- doveadm stats reset wasn't reseting all the stats.
- auth_stats=yes: Don't update num_logins, since it doubles them when
  using with mail stats.
- quota count: Fixed deadlocks when updating vsize header.
- dict-quota: Fixed crashes happening due to memory corruption.
- dict proxy: Fixed various timeout-related bugs.
- doveadm proxying: Fixed -A and -u wildcard handling.
- doveadm proxying: Fixed hangs and bugs related to printing.
- imap: Fixed wrongly triggering assert-crash in
  client_check_command_hangs.
- imap proxy: Don't send ID command pipelined with nopipelining=yes
- imap-hibernate: Don't execute quota_over_script or last_login after
  un-hibernation.
- imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one
  IP packet.
- imap-hibern

Re: v2.2.26 release candidate released

[Tamsy]

Timo Sirainen wrote on 20.10.2016 04:01:

http://dovecot.org/releases/2.2/rc/dovecot-2.2.26.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.26.rc1.tar.gz.sig

There are quite a lot of changes since v2.2.25. Please try out this RC so we 
can get a good and stable v2.2.26 out.

* master: Removed hardcoded 511 backlog limit for listen(). The kernel
  should limit this as needed.
* doveadm import: Source user is now initialized the same as target
  user. Added -U parameter to override the source user.
* Mailbox names are no longer limited to 16 hierarchy levels. We'll
  check another way to make sure mailbox names can't grow larger than
  4096 bytes.

+ Added a concept of "alternative usernames" by returning user_* extra
  field(s) in passdb. doveadm proxy list shows these alt usernames in
  "doveadm proxy list" output. "doveadm director kick" adds
  -f  parameter. The alt usernames don't have to be
  unique, so this allows creation of user groups and kicking them in
  one command.
+ auth: passdb/userdb dict allows now %variables in key settings.
+ auth: If passdb returns noauthenticate=yes extra field, assume that
  it only set extra fields and authentication wasn't actually performed.
+ auth: passdb static now supports password={scheme} prefix.
+ imapc: Added imapc_max_line_length to limit maximum memory usage.
+ imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs.
  This replaces at least partially the rawlog plugin.
+ dsync: Added dsync_features=empty-header-workaround setting. This
  makes incremental dsyncs work better for servers that randomly return
  empty headers for mails. When an empty header is seen for an existing
  mail, dsync assumes that it matches the local mail.
+ doveadm sync/backup: Added -I  parameter to skip too
  large mails.
+ doveadm sync/backup: Fixed -t parameter and added -e for "end date".
+ doveadm mailbox metadata: Added -s parameter to allow accessing
  server metadata by using empty mailbox name.

- master process's listener socket was leaked to all child processes.
  This might have allowed untrusted processes to capture and prevent
  "doveadm service stop" comands from working.
- auth: userdb fields weren't passed to auth-workers, so %{userdb:*}
  from previous userdbs didn't work there.
- auth: Each userdb lookup from cache reset its TTL.
- auth: Fixed auth_bind=yes + sasl_bind=yes to work together
- auth: Blocking userdb lookups reset extra fields set by previous
  userdbs.
- auth: Cache keys didn't include %{passdb:*} and %{userdb:*}
- auth-policy: Fixed crash due to using already-freed memory if policy
  lookup takes longer than auth request exists.
- lib-auth: Unescape passdb/userdb extra fields. Mainly affected
  returning extra fields with LFs or TABs.
- lmtp_user_concurrency_limit>0 setting was logging unnecessary
  anvil errors.
- lmtp_user_concurrency_limit is now checked before quota check with
  lmtp_rcpt_check_quota=yes to avoid unnecessary quota work.
- lmtp: %{userdb:*} variables didn't work in mail_log_prefix
- autoexpunge settings for mailboxes with wildcards didn't work when
  namespace prefix was non-empty.
- Fixed writing >2GB to iostream-temp files (used by fs-compress,
  fs-metawrap, doveadm-http)
- director: Ignore duplicates in director_servers setting.
- zlib, IMAP BINARY: Fixed internal caching when accessing multiple
  newly created mails. They all had UID=0 and the next mail could have
  wrongly used the previously cached mail.
- doveadm stats reset wasn't reseting all the stats.
- auth_stats=yes: Don't update num_logins, since it doubles them when
  using with mail stats.
- quota count: Fixed deadlocks when updating vsize header.
- dict-quota: Fixed crashes happening due to memory corruption.
- dict proxy: Fixed various timeout-related bugs.
- doveadm proxying: Fixed -A and -u wildcard handling.
- doveadm proxying: Fixed hangs and bugs related to printing.
- imap: Fixed wrongly triggering assert-crash in
  client_check_command_hangs.
- imap proxy: Don't send ID command pipelined with nopipelining=yes
- imap-hibernate: Don't execute quota_over_script or last_login after
  un-hibernation.
- imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one
  IP packet.
- imap-hibernate: Fixed various failures when un-hibernating.
- fts: fts_autoindex=yes was broken in 2.2.25 unless
  fts_autoindex_exclude settings existed.
- 

Re: ssl_cipher_list

[Tamsy]

LuKreme wrote on 08.02.2015 12:11:

How do I get a list of the possible ciphers that are installed on the system 
for use in ssl_cipher_list?




Verbose listing of all OpenSSL ciphers including NULL ciphers: openssl 
ciphers -v 'ALL:eNULL'


See also: https://www.openssl.org/docs/apps/ciphers.html

Re: logwatch reporting

[Tamsy]

Robert Moskowitz wrote on 20.11.2014 20:41:
I just launched a new mailserver that is using dovecot.  My previous 
mailserver used courier-mail.  I am expecting better things with this 
new server, but I was use to some login information in logwatch that I 
am not seeing now.  For example I would get:




 [IMAPd] Logout stats:
 
User | Logouts | Downloaded | Mbox 
Size
 --- | --- | -- | 
--
   us...@htt-consult.com  |  55 | 219571 
|  0
   us...@htt-consult.com  | 285 | 221681 
|  0
  us...@labs.htt-consult.com  |  32 |  15183 
|  0
 --- 

   372 | 456435 
|  0




 **Unmatched Entries**
Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 
Time(s)


 -- IMAP End -


- POP-3 Begin 


 [POP3] Logout stats (in MB):
 
User | Logouts | Downloaded | Mbox 
Size
 --- | --- | -- | 
--
   us...@htt-consult.com  |  78 |   5.96 
|  0
   us...@communaljob.com  | 215 |   9.24 
|  0
   us...@htt-consult.com  |   1 |   7.47 
|  0
   us...@htt-consult.com  |   1 |   2.34 
|  0
   us...@htt-consult.com  | 301 |  31.08 
|  0
  us...@labs.htt-consult.com  | 201 |   4.98 
|  0
 --- 

   797 |  61.06 
|   0.00




 **Unmatched Entries**
Disconnected, ip=[:::107.150.52.84]: 2 Time(s)
Disconnected, ip=[:::12.159.43.147]: 50 Time(s)
Disconnected, ip=[:::172.245.45.20]: 61 Time(s)
LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s)
LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s)
LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s)

LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s)
LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s)
Maximum connection limit reached for :::172.245.45.20: 509 
Time(s)


 -- POP-3 End -


Whereas dovecot is only reporting:

- Dovecot Begin 



 Dovecot disconnects:
Inactivity: 1 Time(s)
Logged out: 379 Time(s)
no auth attempts: 5 Time(s)
no reason: 1 Time(s)
tried to use disabled plaintext auth: 1 Time(s)

 **Unmatched Entries**
dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s)

 -- Dovecot End -


How can I get more detailed user activity reporting to logwatch?

And why is connection to mysql under Unmatched Entries?




What version of Logwatch is installed on the server and on which distro?
We are using Logwatch here too and the summary for Dovecot is very 
detailed; even more detailed compared to what you got with courier-mail.

Re: automatically create Spam mailbox

[Tamsy]

Cliff Hayes wrote on 14.11.2014 06:01:
I am trying to set up dovecot to automatically create a Spam mailbox 
for every user.


http://wiki2.dovecot.org/MailboxSettings shows how to do this but not 
what config file to put it in so I assume 10-mail.conf.

When I put it in there as follows...

namespace inbox {
  mailbox Spam {
auto = create
special_use = \Junk
  }
}

... I get the following error ...

doveconf: Fatal: Error in configuration file 
/etc/dovecot/conf.d/10-mail.conf line 107: Unknown setting: mailbox


How do I create the mailbox?


Try:

namespace inbox {
  mailbox Spam {
auto = subscribe
special_use = \Junk
   }
}

Re: building latest stable for ubuntu 14.04

[Tamsy]

Eduardo Casarero wrote on 07.11.2014 05:48:

Hi list, Does anybody have some notes/blog post/etc about building dovecot
deb packages?


If this is ment to be used on your box you can easily accomplish this by 
using checkinstall. Take a look at 
https://help.ubuntu.com/community/CheckInstall and 
http://packages.ubuntu.com/en/trusty/checkinstall for more information.

Re: dovecot-2-2-pigeonhole-92405f753f6a - 77e6a42bff9b

[Tamsy]

Timo Sirainen wrote on 29.07.2014 18:09:
 On 29 Jul 2014, at 06:10, Tamsy dovecot-l...@mohtex.net wrote:

 Just a report to Stephan:

 I tried to compile two builds from the Mercurial:
 - dovecot-2-2-pigeonhole-92405f753f6a
 - dovecot-2-2-pigeonhole-77e6a42bff9b

 Both builds fail to compile with the same following error:

  8 
 ../../src/lib-sieve-tool/.libs/libsieve-tool.a(sieve-tool.o): In
 function `sieve_tool_open_output_stream':
 /usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/lib-sieve-tool/sieve-tool.c:518:
 undefined reference to `o_stream_create_fd_autoclose'
 ../../src/lib-sieve/.libs/libdovecot-sieve.so: undefined reference to
 `i_stream_create_fd_autoclose'
 You need to compile against a newer Dovecot hg version.

Thank you for the hint. On Dovecot 2.2.13 now but will upgrade soonest
to the latest HG and let you know.

Re: dovecot-2-2-pigeonhole-92405f753f6a - 77e6a42bff9b

[Tamsy]

Timo Sirainen wrote on 29.07.2014 18:09:
 On 29 Jul 2014, at 06:10, Tamsy dovecot-l...@mohtex.net wrote:

 Just a report to Stephan:

 I tried to compile two builds from the Mercurial:
 - dovecot-2-2-pigeonhole-92405f753f6a
 - dovecot-2-2-pigeonhole-77e6a42bff9b

 Both builds fail to compile with the same following error:

  8 
 ../../src/lib-sieve-tool/.libs/libsieve-tool.a(sieve-tool.o): In
 function `sieve_tool_open_output_stream':
 /usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/lib-sieve-tool/sieve-tool.c:518:
 undefined reference to `o_stream_create_fd_autoclose'
 ../../src/lib-sieve/.libs/libdovecot-sieve.so: undefined reference to
 `i_stream_create_fd_autoclose'
 You need to compile against a newer Dovecot hg version.

To Report back on this matter:
After upgrading Dovecot to the latest HG version, Pigeonhole compiled
nicely.
Thank you Timo.

dovecot-2-2-pigeonhole-92405f753f6a - 77e6a42bff9b

[Tamsy]

Just a report to Stephan:

I tried to compile two builds from the Mercurial:
- dovecot-2-2-pigeonhole-92405f753f6a
- dovecot-2-2-pigeonhole-77e6a42bff9b

Both builds fail to compile with the same following error:

 8 
../../src/lib-sieve-tool/.libs/libsieve-tool.a(sieve-tool.o): In
function `sieve_tool_open_output_stream':
/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/lib-sieve-tool/sieve-tool.c:518:
undefined reference to `o_stream_create_fd_autoclose'
../../src/lib-sieve/.libs/libdovecot-sieve.so: undefined reference to
`i_stream_create_fd_autoclose'
collect2: ld returned 1 exit status
make[3]: *** [sievec] Error 1
make[3]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src/sieve-tools'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/usr/local/src/dovecot-2-2-pigeonhole-77e6a42bff9b'
make: *** [all] Error 2

Server OS: 2 servers, both running on Ubuntu 10.04 32 Bit

Rgds
Tamsy

Re: Dovecot pigeonhole help sought

[Tamsy]

Timothy Murphy wrote on 28.07.2014 00:08:
 I'm running postfix + dovecot + dovecot-pigeonhole
 on my CentOS-7 home server.
 I would like spam to finish up in ~/Maildir/.Spam/ .
 Spam is being marked, but is not separated -
 it ends up with all the other email in ~/Maildir/cur/ .
 Evidently there is some step I have omitted to take.

 I give the output of sudo doveconf -n below.
 The file ~/.dovecot.sieve reads:
 --
 # Sieve Filter

 require [fileinto,regex,envelope,vacation];

 if header :contains X-Spam-Flag YES {
 fileinto /home/tim/Maildir/.Spam/;
 }
 --

 When I run sudo systemctl restart dovecot
 I see the line
   Jul 27 18:54:23 alfred dovecot: master: Dovecot v2.2.10 starting up
 for imap, pop3, lmtp, sieve (core dumps disabled)
 in /var/log/maillog

 Output of sudo doveconf -n  dovecot.conf
 --
 # 2.2.10: /etc/dovecot/dovecot.conf
 # OS: Linux 3.10.0-123.4.4.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 
 (Core)
 listen = *
 mail_debug = yes
 mail_location = maildir:~/Maildir
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character 
 vacation subaddress 
 comparator-i;ascii-numeric relational regex imap4flags copy include variables 
 body enotify 
 environment mailbox date ihave
 mbox_write_locks = fcntl
 namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
 special_use = \Drafts
   }
   mailbox Junk {
 special_use = \Junk
   }
   mailbox Sent {
 special_use = \Sent
   }
   mailbox Sent Messages {
 special_use = \Sent
   }
   mailbox Trash {
 special_use = \Trash
   }
   prefix =
 }
 passdb {
   driver = pam
 }
 plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
 }
 protocols = imap pop3 lmtp sieve
 ssl = required
 ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
 ssl_key = /etc/pki/dovecot/private/dovecot.pem
 userdb {
   driver = passwd
 }
 protocol lmtp {
   mail_plugins =  sieve
 }
 protocol lda {
   mail_plugins =  sieve
 }
 --

 Any advice or suggestions gratefully received.

Simply:

require [fileinto];
if anyof (header :contains X-Spam-Flag YES)
{
fileinto Spam;
stop;
}

Re: [Dovecot] Still no messages from dovecot

[Tamsy]

Steve Campbell wrote the following on 12.04.2014 02:32:
 I'm still not seeing emails from the list. With help from others, I
 thought I had the IPs cleared since the change back in February, but
 apparently not.

 Can someone PM me and let me know what outgoing IP addresses the list
 is using please?

 steve campbell


Dear Steve,

Just tried twice to pm you the Headers of the last message from the list
but those messages were also rejected by mailserver2.cnappers.net.
Seems you have to fix some things to receive messages from the list:

 campb...@cnpapers.com: host mailserver2.cnpapers.net[216.12.119.162]
 said: 550 5.7.1 Access denied (in reply to MAIL FROM command)

 Apr 12 02:51:30 ns1 postfix/smtp[9177]: 5ACDA300AC262:
 to=campb...@cnpapers.com,
 relay=mailserver2.cnpapers.net[216.12.119.162]:25, delay=0.76,
 delays=0.07/0.01/0.57/0.11, dsn=5.7.1, status=bounced (host
 mailserver2.cnpapers.net[216.12.119.162] said: 550 5.7.1 Access denied
 (in reply to MAIL FROM command))



0x5DC8E7D9.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] plain test passwords

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Eric Broch wrote the following on 11.02.2014 09:19:
 Is it possible to enable plaintext passwords on dovecot?

A simple look at the Wiki will answer your question:
http://wiki2.dovecot.org/Authentication/Mechanisms


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
 
iQEcBAEBAgAGBQJS+ZKuAAoJEKYXVM1dyOfZQ1UIAJxqQB+ydWsp+8dMr26LqyyB
xAPmq1wOsSG/HURaATP3HHhEAx9MKm9GkXq+psy6vOUWArloLy4P4+yZ3zcNVvix
PMT4q1DY6UL4GGF3S8AHSfWhR2fV6qoEg8bRFtVCdazhuIrzSogAgAk3SK3p9bKP
VT4gr7aY/pNaT+lupbXrH4C9gs2cHbnlnVX/WVOJu//Hp576hzOWMWE+UyVxCjv6
aN5BAvC718p/314vMZSuq1PAlP8OnGSgg75It/MzBs8YEXydz7jKJiu6S8fsJ1VR
ZHdI6RivMjxcDor1MXTSJRtyUP6Z+121rIVzU/sG+KBNKEqFvsRm0PhXmFqZQIA=
=X93l
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Pigeonhole make check fails with Dovecot 2.2.8

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Axel Luttgens wrote the following on 20.11.2013 15:16:
 Le 20 nov. 2013 à 04:33, Tamsy a écrit :

 [...]

 I have tried to compile Pigeonhole 0.4.2 and also the latest
 dovecot-2-2-pigeonhole-b7434a02fc51  from the Mercurial repository but
 the outcome at make test is always the same:

 3: Test 'Ignoring whitespace' FAILED: header test does not strip leading
 whitespace

 Hello Tamsy,

 No such failure here, with a standard compilation of 2.2.7/0.4.2 on
Mac OS X 10.8.5.
 Could this be OS-related, related to some libraries?
 During the compilation, were warnings that could provide some hints
emitted?

 Axel


Hi Axel,

Thank you for the info.

Our servers are running on Ubuntu 10.04, 32bit. With Dovecot/Pigeonhole
2.2.7/0.4.2 that error when running make check for Pigeonhole does not
happen on any of our servers. It seems to be the combo
Dovecot/Pigeonhole 2.2.8/0.4.2 (and also with Mercurial b7434a02fc51).
Probably some incompatibilities. Maybe Stephan can take a look at this?
Configure and make for Pigeonhole is going without any errors but
make check just stops after the following without any further message:

Test case: ./tests/test-header.svtest:
  1: Test 'Basic functionality' SUCCEEDED
  2: Test 'Matching empty key' SUCCEEDED
  3: Test 'Ignoring whitespace' FAILED: header test does not strip
leading whitespace
  4: Test 'Absent or empty header' SUCCEEDED
  5: Test 'Invalid header name' SUCCEEDED
  6: Test 'Folded header' SUCCEEDED
 FAIL: 1 of 6 tests failed.
 make: *** [tests/test-header.svtest] Error 1

header test does not strip leading whitespace is the only clue.

Cheers,
Tamsy


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
 
iQEcBAEBAgAGBQJSjHLYAAoJEKYXVM1dyOfZJMEH/0L42e9kcW380BSoDblvUjMJ
4xWzbYbRikliKqF8+8QOvmcHZF5wgmsxhdNtPdvMlLnS6YDhLGcJbPf4BeY3/IIi
pTehQ8h+v4qBB2lJvJfdFAZ1ZEQ6QLK11nCxg5X+u50tAOoflZbWZUdmhu7zDJ8W
Kw5Ta6l2etMjEbXwKEK3w+aQh/jAd89fcPlCbOcfHsq85Y3hTT5Wtn8itCFYUOkh
aVSr40R5wV93T3GpwvNxaOk5FLeSRcx/1sqzWjVrUTSTJhLLMG9RQEYDCxwpecRx
af94Uw5ir5qBym4lqK48arLhH8xv4FF+2Z9Yj8tiC0YKKcTr3OowdaWKbgVd544=
=Vkol
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Pigeonhole make check fails with Dovecot 2.2.8

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Timo Sirainen wrote the following on 20.11.2013 20:08:
 On 20.11.2013, at 14.40, Timo Sirainen t...@iki.fi wrote:

 On 20.11.2013, at 5.33, Tamsy dovecot-l...@mohtex.net wrote:

 When compiling dovecot-2.2-pigeonhole-0.4.2 at the stage make check
 Pigeonhole is throwing the following message and stops:

 Test case: ./tests/test-header.svtest:

 1: Test 'Basic functionality' SUCCEEDED
 2: Test 'Matching empty key' SUCCEEDED
 3: Test 'Ignoring whitespace' FAILED: header test does not strip
 leading whitespace
 4: Test 'Absent or empty header' SUCCEEDED
 5: Test 'Invalid header name' SUCCEEDED
 6: Test 'Folded header’ SUCCEEDED
 Interestingly caused by the improved caching code. Fixed by
http://hg.dovecot.org/dovecot-2.2/rev/f4eb4b5884b2
 And http://hg.dovecot.org/dovecot-2.2/rev/4ef184875799
http://hg.dovecot.org/dovecot-2.2/rev/47923cfd4b56

 These are very old bugs. Wonder if they’ve caused other trouble earlier.


Hi Timo,

After applying your patches to Dovecot 2.2.8:
1. http://hg.dovecot.org/dovecot-2.2/rev/f4eb4b5884b2
2. http://hg.dovecot.org/dovecot-2.2/rev/4ef184875799
3. http://hg.dovecot.org/dovecot-2.2/rev/47923cfd4b56

I can confirm that make check using latest
dovecot-2-2-pigeonhole-b7434a02fc51 from the Mercurial repository is
finishing without error now, all tests are succeeding.

In particular Test case: ./tests/test-header.svtest:

 1: Test 'Basic functionality' SUCCEEDED
 2: Test 'Matching empty key' SUCCEEDED
 3: Test 'Ignoring whitespace' SUCCEEDED
 4: Test 'Absent or empty header' SUCCEEDED
 5: Test 'Invalid header name' SUCCEEDED
 6: Test 'Folded header' SUCCEEDED

PASS: 6 tests succeeded.

Thank you,
Tamsy
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
 
iQEcBAEBAgAGBQJSjLzMAAoJEKYXVM1dyOfZzvwH/1Xl5ysdOFQel5jWMeCDtuZP
a/nli5L0mZe2l16MVdUJ8lDn7tpQv13WkZV81vYTIayu/b+MTGa1OZVoQakgWUUx
dF26Jc0E5/pVOM0jlJgagGjwhFjjAUGkOeKEfIi6ScGekTuvunlBfkJ+rbouAise
HCRHnPgvIv+o+S8hDNTOyKz2S8/2cR/Yip8j2k6UYn9DUCR1Phs7ypugkcXhBIHG
ee4vHyY0tFCprps9tN12xr+qOn7R/wTHTqw9JZZNyXVrxt3ZLOH7IApeaWeMNFDz
FmwKjrDiXHK0HVJVVfjvvSZqDX5+BMFe4kDiKVqEdewex1b+tVXTCD5wSlU3pTk=
=srRX
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

[Dovecot] Pigeonhole make check fails with Dovecot 2.2.8

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Is it just here?

When compiling dovecot-2.2-pigeonhole-0.4.2 at the stage make check
Pigeonhole is throwing the following message and stops:

Test case: ./tests/test-header.svtest:

 1: Test 'Basic functionality' SUCCEEDED
 2: Test 'Matching empty key' SUCCEEDED
 3: Test 'Ignoring whitespace' FAILED: header test does not strip
leading whitespace
 4: Test 'Absent or empty header' SUCCEEDED
 5: Test 'Invalid header name' SUCCEEDED
 6: Test 'Folded header' SUCCEEDED

I have tried to compile Pigeonhole 0.4.2 and also the latest
dovecot-2-2-pigeonhole-b7434a02fc51  from the Mercurial repository but
the outcome at make test is always the same:

3: Test 'Ignoring whitespace' FAILED: header test does not strip leading
whitespace

Cheers,
Tamsy


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
 
iQEcBAEBAgAGBQJSjC2QAAoJEKYXVM1dyOfZ9xsIAKDC7goLP3N2rr90Lf0P6gam
wQFmYY3HUMIKi3FKWcCy6DQBN6Qr33QWTk/b4OY1LDMOETolZTWIEwvlix+YdI8x
oRdKQXWHR9k+jd9etWkNuuk2xUnbjz353IOMZ3Yc+spuv0JyUvYhef6pfq3MLTYQ
R+YW4aoNp3XstAKcknnkduNwrfRXoZoFT/YOU3VQyDUwUa6u07JhuL+onZtb0mO+
HsdD4NNY28YqHY1/eoT3YNRbgtRxyOfzxh3f17ITbquM0ZgiPJucWX7HpIiwNJFu
3gqkceDLqqAL9DKUjDapSyR2IjxJlRSGcxQckxlkGXzcaTNNWqAn7mMxSr3hEaY=
=EY7D
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Conditional jump or move depends on uninitialised value(s)

[Tamsy]

Tamsy wrote the following on 28.09.2013 07:21:
 Timo Sirainen wrote the following on 27.09.2013 22:22:
 On 26.9.2013, at 8.17, Tamsy dovecot-l...@mohtex.net wrote:

 Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on make check with the
 following errors.
 make install is finishing just fine and Dovecot itself works
 flawlessly so far.
 Yeah, the problem is only with 32bit systems. It's only in lib-http though, 
 so you're probably not using it unless you're using fts-solr. 
 http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10

 Thank you Timo.
 Yes, I'm with 32bit systems und yes, I'm using fts-solr. Will try the
 patch later today and report back.
FYI: After applying your patch make check finishes without problems.
All good now. Thank you again, Timo.


0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Conditional jump or move depends on uninitialised value(s)

[Tamsy]

Timo Sirainen wrote the following on 27.09.2013 22:22:
 On 26.9.2013, at 8.17, Tamsy dovecot-l...@mohtex.net wrote:

 Dovecot 2.2.6 compiled on Ubuntu 10.04 fails on make check with the
 following errors.
 make install is finishing just fine and Dovecot itself works
 flawlessly so far.
 Yeah, the problem is only with 32bit systems. It's only in lib-http though, 
 so you're probably not using it unless you're using fts-solr. 
 http://hg.dovecot.org/dovecot-2.2/rev/83e74b3a0d10


Thank you Timo.
Yes, I'm with 32bit systems und yes, I'm using fts-solr. Will try the
patch later today and report back.


0x5DC8E7D9.asc
Description: application/pgp-keys

[Dovecot] Conditional jump or move depends on uninitialised value(s)

[Tamsy]

: http_header_parse_next_field
(http-header-parser.c:296)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804FC92: http_header_parse_next_field
(http-header-parser.c:320)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804F9B2: http_header_parse_next_field
(http-header-parser.c:296)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
==15579== Conditional jump or move depends on uninitialised value(s)
==15579==at 0x804FCDF: http_header_parse_next_field
(http-header-parser.c:320)
==15579==by 0x804F225: test_http_header_parse_invalid
(test-http-header-parser.c:325)
==15579==by 0x8050251: test_run_funcs (test-common.c:228)
==15579==by 0x80503D1: test_run (test-common.c:236)
==15579==by 0x804F164: main (test-http-header-parser.c:343)
==15579==
make[2]: *** [check-test] Error 1
make[2]: Leaving directory `/usr/local/src/dovecot-2.2.6/src/lib-http'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/dovecot-2.2.6/src'
make: *** [check-recursive] Error 1
- - 8 -

Is it just me?

Cheers,
Tamsy
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJSQ9FeAAoJEKYXVM1dyOfZVsoIAOM1z1aULWvVqGJScmd8uNXz
EG1gRnG6vlrjdUa+8mYQq7RPZZbZ2Cvxd73rkWtptPFAQX+gKsHsh53HS2GKohle
W6dJWnEdR7cvUk1UC7FHK3KR5+Z2pdbxhwGB0G26jHKf2OM7dyNcrmtXgkvb3Mwp
4AHrRHVYnPDkcF4Mc9mCnlGdHGsG1bA2BMtI6eR1vbAMKlUy9v11EfunDJHwqkwf
9A5vWAqCnNT9QewJctrHubnN+Rzz5ZLA0cc5ngTL+hsSknIKzH/bj1R99Orca7VN
AzBYkWRQ2GqKWxdSBs8RSGv/bVojW1SLjp04xEea+zUeV6sg3RMGkou/pK+lfj4=
=o8pw
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Disabled pop3-login

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
LuKreme wrote the following on 26.08.2013 06:42:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3):

  # doveconf -n
 # 2.2.5: /usr/local/etc/dovecot/dovecot.conf
 # OS: FreeBSD 9.1-RELEASE i386 
 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
 disable_plaintext_auth = no
 first_valid_uid = 89
 log_path = /var/log/dovecot
 login_log_format_elements = user=%u %r %m %c
 mail_location = maildir:~/Maildir
 mail_max_userip_connections = 50
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
 namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
 special_use = \Drafts
   }
   mailbox Junk {
 auto = subscribe
 special_use = \Junk
   }
   mailbox NotJunk {
 auto = subscribe
   }
   mailbox Sent {
 special_use = \Sent
   }
   mailbox Sent Messages {
 special_use = \Sent
   }
   mailbox Trash {
 special_use = \Trash
   }
   prefix =
 }
 passdb {
   driver = pam
 }
 passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
 }
 service auth {
   unix_listener /var/spool/postfix/private/auth {
 mode = 0666
   }
 }
 service imap-login {
   inet_listener imaps {
 port = 993
 ssl = yes
   }
 }
 ssl_cert = /etc/ssl/certs/dovecot.pem
 ssl_key = /etc/ssl/private/dovecot.pem
 userdb {
   driver = passwd
 }
 userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   default_fields = uid=vpopmail gid=vchkpw
mail_location=/usr/local/virtual/%u
   driver = sql
 }

 but I see thousands (tens of thousands) of

 dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=+VcroT7kUgBKX1KW
 dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=kbNdoT7kWwBKX1KW
 dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=rRWQoT7kWgBKX1KW
 dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=feCpoT7kfwBKX1KW
 dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=lmTCoT7kiQBKX1KW
 dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=5oPcoT7ktABKX1KW

 Yes, I need to install fail2ban or something on this new machine, but
still...


Besides of the above, if you are not going to use POP3 at all I would
close port 110 and port 995 with DROP to let to go these accesses to
nowhere.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJSGqVsAAoJEKYXVM1dyOfZYEIH+wT//iSbLbn7mwruVTm7N7vC
G4NIUduFeW/s+zFJ+36QwPHG+gGnSM0uDk0upfeytjh0IMh0ADRZGhKQ/A3wnQy+
qNsu1Cvy5GsBag1mi4gJndJoPPZe8JAMaHncbm6lAN3s5wDFGtqyT7V/4BYUSsmV
NkeWayP/r6NK9LCKsV2jnxJvdSyn20iiViMRYWRqNViPyvmlUKEpkjSqbGhDPpv4
DYCKBx1DO17j2S2nbpeqYEuQoZNkHVWi10UzLBFt05Ubt0AIMMIGcTOcPzZftn5a
UL1d8M7JvGDd50u9B4/Xh8zdr8PKZT05kpPqMe0rVDNkwHpUe9Se/oyfXNwU2tk=
=rKgv
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Disabled pop3-login

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Reindl Harald wrote the following on 26.08.2013 07:56:


 Am 26.08.2013 02:46, schrieb Tamsy:
 LuKreme wrote the following on 26.08.2013 06:42:
 In my dovecot.conf I do not have pop3-login anabled (since I do not
support pop3):

 as said already, it's one line in dovecot.conf
 protocols = imap

 Besides of the above, if you are not going to use POP3 at all I would
 close port 110 and port 995 with DROP to let to go these accesses to
 nowhere

 besides the fact that unused services should not listen at all
 this advice in case of firewalls is wrong - close *any* port
 as default and open *only* the one you are using

 not the other direction DROP specific ones you do not want

 frankly, there are 65535 possible ports



Reindl is correct like almost always. But isn't it the basics anyway
when going for IPtables, to drop all at first and open one by one as
needed? Obviously LuKreme has at least port left 110 open and what I
ment is to close it right away to let these thousands (tens of
thousands) accesses to go nowhere




-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJSGqtuAAoJEKYXVM1dyOfZvKYH/2MSgMAyq6hyt1g8SmEkdVpC
XL4SYjg2Fj0TYo6NjMSUTo7FWwz+8rO3cvqKeoMUzv4vwzzdHnG52LVRq71NrwwY
nbL1IKN/HsQp7SfF9Gy+H5l9tkTiXrPZU6/6Ku0DQ7JtLCsi6Q0KP9+66ZnW+uqH
T82Z0KlJDVizFxeSPb4MiNmIj/AaOe+brFX8iXisXuSG4toZFkL2VtWaVYsIW3+V
+9ao+8mw4IJt/9F9t40YUsINqokWkbhG5VZKdln93lUd4m/+LbTUPwEMG+PAsmHE
MoysHKbmBniPvLvIlj7oNIeZROYuxSm1fndHlXewlq/vD/Qt9TBHYN3S/UmtN3I=
=IuF8
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] dovecot fts solr plugin

[Tamsy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Thomas Baumann wrote the following on 05.08.2013 19:27:

Regarding:
org.apache.solr.common.SolrException log SEVERE:
org.apache.solr.common.SolrException: undefined field text

As for Solr 4.4.0 this went away after editing solr-schema.xml (from
Dovecot 2.2.4),
Changing the call to:
fieldType name=text to fieldType name=text_general
Changing all calls to field name type=text to type=text_general
and by adding:
field name=text type=text_general indexed=true stored=false
multiValued=true/
before:
field name=_version_ type=long indexed=true stored=true/

Although fts solr searches are working fine even with the above errors
in the logs.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJR/8DCAAoJEFJuhDv/UPjwuFoIALV/W4Az52nTEImAPPu6cE6l
H95rVMFpQ2bvIyyjY9I0AZrPB/Fk2RudVGVJTj3AXwCFph/nKEJ2Rc1AZsio5HQz
evJA1KR+U7mXh2SEw0mADUM83JTQPCiBipu5g3w91XWX8D9kvYBRmSmDwuYkDp94
byLqxwEbJ5f8AeNDhYQ5QNmBYd/j7r8e5bYEzxcjHr/ICXkCIWiO/mvV1/NlHYE6
QS3SVEx9FLDOZoAb0c/UDvQyF/khUDZ028b1Afo1b4qHVU0r41KccoTvHgBl6sl5
x1+4f+qQLP4I5NZohfOxBHvU0jaSQk+jBDXuQU+FNuqkfwlkbhLTQdwgBcx22o8=
=7PcO
-END PGP SIGNATURE-



0xFF50F8F0.asc
Description: application/pgp-keys

Re: [Dovecot] dovecot cores

[Tamsy]

dove...@freakout.de wrote the following on 12.10.2012 13:50:

According to Timo Sirainen:

On 11.10.2012, at 9.43, dove...@freakout.de wrote:

Dovecot code is calling str_to_time() from libmysqlclient,
instead of from Dovecot's internal code.
Not the first time mysql conflicted with Dovecot code.
This could be worked around, but .. why is your dovecot
binary linked with libmysqlclient?
Only auth and dict binaries should be.


but dovecot's configure script does not allow to specify the
mysql libs and headers explictly - only by global CPPFLAGS and
LDFLAGS extensions, which are used for all binaries - when i
tried to specify:

./configure --prefix=/opt/dovecot --sysconfdir=/etc/dovecot 
--mandir=/opt/dovecot/man \
--docdir=/opt/dovecot/doc --libexecdir=/opt/dovecot/sbin 
--datadir=/opt/dovecot \
--with-rundir=/var/dovecot/run --with-statedir=/var/dovecot/state \
--with-mysql=/opt/mysql/bin/mysql_config
checking for ...
checking pkg-config is at least version 0.9.0... yes
configure: error: --with-mysql=path not supported. You may want to use instead:
CPPFLAGS=-I/opt/mysql/bin/mysql_config/include 
LDFLAGS=-L/opt/mysql/bin/mysql_config/lib ./configure --with-mysql

i followed the hint from the configure script above and run
into the core-dumps due to symbol clash str_to_time.

How to work around with mysql in non-standard location?

Thanks
Axel


This one works for me for mysql in a non-standard location (my.cnf is in 
/etc):


CPPFLAGS='-I/opt/mysql/include/mysql' LDFLAGS='-L/opt/mysql/lib/mysql 
-lmysqlclient -lz -lcrypt -lnsl -lm' ./configure --with-mysql .


Rds
Tamsy

Re: [Dovecot] dovecot cores

[Tamsy]

Timo Sirainen wrote the following on 12.10.2012 14:34:

On 12.10.2012, at 10.02, dove...@freakout.de wrote:


According to Timo Sirainen:

Simply specifying -I or -L paths doesn't link with libmysql. What exactly did 
you use for CPPFLAGS/LDFLAGS/configure?


ok - i specified: CFLAGS=-I/opt/zlib/include -I/opt/ssl/include 
-I/opt/mysql/include
  LDFLAGS=-L/opt/zlib/lib -L/opt/ssl/lib -L/opt/mysql/lib 
-lmysqlclient

-lmysqlclient shouldn't be in LDFLAGS.


if i omit -lmysqlclient (seems to be the reason for the hassle) i get:

libtool: link: gcc4 -std=gnu99 -g -I/opt/zlib/include -I/opt/ssl/include 
-I/opt/mysql/include -Wall -W -Wmissing-prototypes -Wmissing-declarations 
-Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast 
-fno-builtin-strftime -Wstrict-aliasing=2 -I/opt/ssl/include -o .libs/auth 
auth.o auth-cache.o auth-client-connection.o
auth-master-connection.o auth-postfix-connection.o mech-otp-skey-common.o 
mech-plain-common.o auth-penalty.o auth-request.o auth-request-handler.o 
auth-settings.o auth-stream.o auth-worker-client.o auth-worker-server.o 
db-checkpassword.o db-dict.o db-sql.o db-passwd-file.o main.o mech.o 
mech-anonymous.o mech-plain.o mech-login.o
mech-cram-md5.o mech-digest-md5.o mech-external.o mech-gssapi.o mech-ntlm.o 
mech-otp.o mech-scram-sha1.o mech-skey.o mech-rpa.o mech-apop.o mech-winbind.o 
passdb.o passdb-blocking.o passdb-bsdauth.o passdb-cache.o 
passdb-checkpassword.o passdb-dict.o passdb-passwd.o passdb-passwd-file.o 
passdb-pam.o passdb-shadow.o passdb-sia.o
passdb-vpopmail.o passdb-sql.o passdb-static.o passdb-template.o userdb.o 
userdb-blocking.o userdb-checkpassword.o userdb-dict.o userdb-nss.o 
userdb-passwd.o userdb-passwd-file.o userdb-prefetch.o userdb-static.o 
userdb-vpopmail.o userdb-sql.o userdb-template.o db-ldap.o passdb-ldap.o 
userdb-ldap.o -Wl,--export-dynamic  -L/opt
/zlib/lib -L/opt/ssl/lib -L/opt/mysql/lib libpassword.a ../lib-ntlm/libntlm.a 
../lib-otp/libotp.a ../../src/lib-sql/.libs/libsql.a 
../../src/lib-dovecot/.libs/libdovecot.so -lcrypt -ldl -Wl,-rpath 
-Wl,/opt/dovecot/lib
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_connect':
/usr/src/rpm/BUILD/dovecot-2.1.10/src/lib-sql/driver-mysql.c:83: undefined 
reference to `mysql_options'

... tons of other undefined reference to mysqlclient

/usr/src/rpm/BUILD/dovecot-2.1.10/src/lib-sql/driver-mysql.c:470: undefined 
reference to `mysql_error'
collect2: error: ld returned 1 exit status

I'm not sure why it's doing that. It really shouldn't. You could try 
SQL_LIBS=-lmysqlclient or AUTH_LIBS=-lmysqlclient or MYSQL_LIBS=-lmysqlclient 
if one of them helps.
Axel, please let us know whether one of these works: 
SQL_LIBS=-lmysqlclient or AUTH_LIBS=-lmysqlclient or 
MYSQL_LIBS=-lmysqlclient.


Since Dovecot 1.x all the way up to 2.1.10 I had trouble with this and 
only by putting -lmysqlclient in LDFLAGS as described before Dovecot 
compiles without error (Ubuntu Server 8.04  10.04, mySQL in a 
non-standart location).

Re: [Dovecot] dovecot cores

[Tamsy]

Timo Sirainen wrote the following on 12.10.2012 14:50:

On 12.10.2012, at 10.45, Tamsy wrote:


Axel, please let us know whether one of these works: SQL_LIBS=-lmysqlclient or 
AUTH_LIBS=-lmysqlclient or MYSQL_LIBS=-lmysqlclient.

Since Dovecot 1.x all the way up to 2.1.10 I had trouble with this and only by 
putting -lmysqlclient in LDFLAGS as described before Dovecot compiles without error 
(Ubuntu Server 8.04  10.04, mySQL in a non-standart location).

If you run configure without adding the -lmysqlclient, what do you get with:

egrep -i 'mysql|auth_libs|sql_libs' Makefile

I guess the problem is that I shouldn't have copypasted the mysql detection 
code from php, and configure somehow passes successfully without actually setting 
any MYSQL_LIBS..


Just ran configure without adding the -lmysqlclient 
(CPPFLAGS='-I/opt/mysql/include/mysql' LDFLAGS='-L/opt/mysql/lib/mysql 
-lz -lcrypt -lnsl -lm' ./configure --with-mysql


egrep -i 'mysql|auth_libs|sql_libs' Makefile

says:

AUTH_LIBS =
CPPFLAGS = -I/opt/mysql/include/mysql
LDFLAGS = $(NOPLUGIN_LDFLAGS) -L/opt/mysql/lib/mysql -lz -lcrypt -lnsl -lm
MYSQL_CFLAGS =
MYSQL_CONFIG = NO
MYSQL_LIBS =
PGSQL_LIBS =
SQL_LIBS =
sql_drivers =  mysql
  scan-build -o scan-reports ../configure --with-ldap=auto 
--with-pgsql=auto --with-mysql=auto --with-sqlite=auto --with-solr=auto 
--with-gssapi=auto --with-libwrap=auto; \


configure runs without error but make ends with:
snip
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_result_get_error':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:469: undefined 
reference to `mysql_errno'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:470: undefined 
reference to `mysql_error'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_result_get_field_value_binary':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:436: undefined 
reference to `mysql_fetch_lengths'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_result_fetch_fields':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:383: undefined 
reference to `mysql_num_fields'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:384: undefined 
reference to `mysql_fetch_fields'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_result_next_row':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:366: undefined 
reference to `mysql_fetch_row'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:370: undefined 
reference to `mysql_errno'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_result_free':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:351: undefined 
reference to `mysql_free_result'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_do_query':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:233: undefined 
reference to `mysql_query'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:237: undefined 
reference to `mysql_errno'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_query_s':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:315: undefined 
reference to `mysql_affected_rows'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:316: undefined 
reference to `mysql_store_result'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:321: undefined 
reference to `mysql_next_result'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:332: undefined 
reference to `mysql_free_result'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:327: undefined 
reference to `mysql_errno'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_exec':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:284: undefined 
reference to `mysql_error'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_escape_string':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:274: undefined 
reference to `mysql_real_escape_string'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:268: undefined 
reference to `mysql_escape_string'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_connect':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:83: undefined 
reference to `mysql_options'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:87: undefined 
reference to `mysql_options'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:92: undefined 
reference to `mysql_ssl_set'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:110: undefined 
reference to `mysql_real_connect'
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:123: undefined 
reference to `mysql_error'
../../src/lib-sql/.libs/libsql.a(driver-mysql.o): In function 
`driver_mysql_deinit_v':
/usr/local/src/dovecot-2.1.10/src/lib-sql/driver-mysql.c:226: undefined 
reference to `mysql_close'
../../src/lib-sql/.libs/libsql.a(driver

Re: [Dovecot] segfault in Debian Squeeze + Dovecot 2.1.10

[Tamsy]

Joe Auty wrote the following on 23.09.2012 13:00:


Robert Schetterer mailto:rob...@schetterer.org
September 23, 2012 1:44 AM

show your dovecot conf


Thanks!

http://pastebin.com/gVRrCjyK

I took what you said literally, please let me know if you'd like to 
see any of the other Debian config files.






Joe Auty mailto:j...@netmusician.org
September 22, 2012 3:57 PM
Hello,

I'm seeing a lot of these in my /var/log/messages in Debian Squeeze, 
I suspect this might be causing performance issues. Any suggestions 
what I can try to fix this?



I'm using the 2.1.10 packages obtained with the following in my 
sources.list:


deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.1 main


I need to use Dovecot 2.1.x because I need to support handling 
multiple SSL certs.





With show your dovecot conf Robert means show us the output of 
doveconf -n

Re: [Dovecot] Can we know when a user read our email?

[Tamsy]

Richard wrote the following on 04.06.2012 05:20:



Date: Sunday, June 03, 2012 02:54:32 PM -0400
From: Jerryje...@seibercom.net


On Sun, 03 Jun 2012 20:19:20 +0200
Reindl Harald articulated:

people are mostly to stupid to realize what they
are trying to accomplish and why it it a bad idea

this is why we professionals exist and if people
refuse what you are explaining them kiss them
goodbye - irt will be better for you over the long

No offense, but considering your business attitude and disdain for
potential clients and your opinion of them, it would be a far
better thing if they steered clear of you all together. There are
many considerate, intelligent, compassionate professionals out
there who would be willing to take on the difficult client. Any
asshole can service the routine, run of the mill, client. It
takes a true professional to work with and service a difficult
one.

Something that seems to be missing from this discussion are
considerations of privacy and (personal) security. There are fairly
serious implications of a sender being able to tell that/when
someone has downloaded/opened a message -- including discovery of
daily patterns and potentially where the recipient is, or isn't.

I think it is our responsibility to understand these issues and
explain them to managers/clients in order to bring them along if we
refuse (as I would) to provide a capability such as this. [I always
set the sendmail noreceipts PrivacyOptions so it doesn't respond
to these disposition requests.]

One approach is to point out to managers/clients that if their
system is configured to return read receipts, anyone sending mail to
them on that system will be able to get these same types of
receipts. When they think about that they may not like the
implications and may reconsider their request.

Just because it is technically possible to do something (and even if
other vendors provide the capability) does not mean that it is the
ethically or legally responsible thing to do.


- Richard




I totally agree with Richard's point of few.

I would consider it as intrusive and even intimidating if the sender of 
an E-Mail can monitor whether and when I open/read his mail.
Just imagine this would happen with the good old hard printed mail the 
postman put into the mailbox at our door: As soon as we open the 
envelope and unfold the letter a microchip sends a note to the sender 
that his letter has been opened and read.
I can already see the public outcry if something like this would happen 
some day...


If somebody sends me a mail, it is up to me whether I want to open and 
read its content or whether I just want to bin it without having opened 
it. This is my right since the moment that mail has reached my mailbox, 
no matter whether it is a hardcopy mail or an E-Mail, it belongs to me 
and I can do with it whatever I like without letting the sender know how 
it has finally ended.

Re: [Dovecot] BEWARE: you might be supporting the lists owner!!

[Tamsy]

Oon-Ee Ng wrote the following on 19.05.2012 08:43:

On May 19, 2012 9:36 AM, Noel Butlernoel.but...@ausics.net  wrote:

On Fri, 2012-05-18 at 06:48 -0400, Jerry wrote:



basically a non-event. It must have been a really slow news day.


non-event? You wouldnt be saying that if certain other operators with
their products did that. I've seen you bitch and whinge about far far
far less over the years Jerry.



Almost every commercial product I know off does send unsolicited email.
There's a delete or report spam button/shortcut key for that. If it helps
some other users, and more importantly the dovecot project, i'm not too
bothered with that little inconvenience. The world doesn't revolve around
my convenience




This thread has already evolved into an ideological conflict. Better to 
leave it now since every word, every further argument is just heating 
the atmosphere up and is scaring other users off the list…

Re: [Dovecot] BEWARE: you might be supporting the lists owner!!

[Tamsy]

Linda Walsh wrote the following on 18.05.2012 10:32:

Jeff Kletsky wrote:
Even with good intent the message in question is clearly in 
violation of CAN-SPAM and Cal. Bus. Prof. Code Sec. 17529, of which 
the sender was informed of when my server was accessed.

---
   And you have proof of this?  That they received notice?  I assume 
you have
their signature?  Computers talking in the night doesn't count as 
'proof'.



It was very clearly an electronic mail message the primary purpose 
of which is the commercial advertisement or promotion of a commercial 
product or service. 

===
   Really?  Dovecot is a commercial venture?  I thought it was free 
software.
Someone, with the personal permission of the list owner was allowed to 
mention that they would be willing to offer support for this 
product?   Are you pissed because they didn't offer it for free?  This 
is a list about dovecot -- no where does it say it will be private nor 
that the email addresses on this list are protected from spam.  
Dovecot isn't a private company.
   It doesn't matter if it was good or bad intent.  You being on this 
list
of your own free will establishes a relationship of the sort that, if 
pre-existing, permits commercial offers.  If you don't want that ever 
again, otherwise by remaining on the list, you give some permission 
for occasional

messages that might be construed to offering services for money, that are
approved by the list owner.

   If it exceeds anyone's tolerance, including mine, I would believe 
any of us would have the same right to leave.  I don't think the list 
owner would want to abuse his position and cause wholesale 
departures.  OTOH, I don't think this

rises anywhere near to the level of even the most minor offense.

   Personally, I found this discussion *about* the issue to have 
generated more traffic than all the spam I've gotten from this list in 
the past 6 months.


   So -- guess what?   I don't care.

   You might want to reconsider your demands on the list owner who has 
put together some fine quality software for your use -- for free.   
Otherwise,  you risk really looking like a completely self-centered 
pompous ass.
And note,  this is based on current traffic levels from this list of 
such email (which are way exceeded by the people talking about it -- 
so it's completely irrational to argue about it occurring or not when 
the people complaining about it have generated over 10 times as much 
traffic in a few days.  As for the spam
levels from here.. My spam filters regularly take out about 30 spam 
messages/day
(based on the 1200+ messages in the past 40 days in my spam folder).  
Like 1
email from a list I subscribe to is gonna likely even be noticed by 
me??  Unlikely.


(normally a lurker, but someone who can't tolerate intolerance!  ;-)  
)...





Well said Linda!

All that noise because of one mail offering some paid support is so 
unnecessary!


The Delete-Button is just one click away and in case something like this 
happens too often what for do we have this wonderful Sieve to this great 
Dovecot-software? ;-)

Re: [Dovecot] vacation plugins for squirrelmail

[Tamsy]

Show us your avelsieve-config in 
your-squirrelmail-dir/plugins/avelsieve/config/config.php



Daminto Lie wrote the following on 17.04.2012 09:31:

Thank you folks for your replies.


I realised that the dovecot 1.2.9 that I installed via ubuntu synaptic package manager 
has already come with sieve plugins. After making some modifications on the dovecot.conf 
file, I went to download and install avelsieve 1.0.1 (stable version) onto the 
squirrelmail. Then, I run in squirrelmail conf.pl and added the plugin. I logged in and 
could see Filter option right on the top header row. I went to click it and 
nothing came up. I checked in the mail.log but did not see any errors there.

Here is my snapshot of dovecot configuration
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-40-generic-pae i686 Ubuntu 10.04.4 LTS ext4
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap
listen: *:143
ssl:
  no
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 1001
last_valid_uid: 600
mail_privileged_group: mail
mail_location: maildir:/var/vmail/%u/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: outlook-idle delay-newmail netscape-eoh 
tb-extra-mailbox-sep
lda:
   postmaster_address: postmas...@ourcompany.com
   mail_plugins: sieve
   quota_full_tempfail: yes
   deliver_log_format: msgid=%m: %$
   sendmail_path: /usr/lib/sendmail
   rejection_reason: Your message to%t  was automatically rejected:%n%r
   auth_socket_path: /var/run/dovecot-auth-master
auth default:
   mechanisms: plain login
   username_format: %Lu
   verbose: yes
   debug: yes
   debug_passwords: yes
   passdb:
 driver:
  pam
   passdb:
 driver: ldap
 args: /etc/dovecot/dovecot-ldap.conf
   userdb:
 driver: passwd
   userdb:
 driver: static
 args: uid=1001 gid=1001 home=/var/vmail/%u allow_all_users=yes
   socket:
 type: listen
 client:
   path: /var/spool/postfix/private/auth
   mode: 432
   user: postfix
   group: mail
 master:
   path: /var/run/dovecot-auth-master
   mode: 432
   user: vmail
   group: vmail
plugin:
   sieve: /var/vmail/%u/.sieve

Also, I have restarted dovecot after making changes to the dovecot.conf.

Any help would be very much appreciated.

Thank you

  




  From: Artur Zaprzałaartur.zaprz...@talex.pl
To: Dovecot Mailing Listdovecot@dovecot.org
Cc: Daminto Liedli...@yahoo.com.au
Sent: Thursday, 12 April 2012 11:46 PM
Subject: Re: [Dovecot] vacation plugins for squirrelmail

Daminto Lie wrote:

Hi,

I am afraid I

  have a question to ask of you all. I have just completed setting up a mail 
server running on Ubuntu Server 10.04. It has postfix, dovecot 1.2.19, LDAP and 
squirrelmail as the webmail. I have also created virtual users accounts on the 
system through LDAP. I can send and receive mails which is great. Now, what I 
am trying to do is to set up a vacation auto-reply on the squirrelmail so that 
users who are about to go on vacation can set it up themselves. I was looking 
around for the vacation plugins for dovecot that I can incorporate it into 
squirrelmail.

Any help would be very much appreciated.

Thank you


I'm using Avelsieve 1.9.9 with a set of my own bugfixes:
http://email.uoa.gr/avelsieve/

[Dovecot] 2.0.8 enable-header-install

[Tamsy]

Dear List,

up to Dovecot 2.07 I used --enable-header-install for the Sieve Plugin 
when configuring Dovecot before compiling. With 2.0.8 I get the 
following message when running the configure script: configure: 
WARNING: unrecognized options: --enable-header-install


Is this intentionally? Is there a substitute directive for Sieve when 
compiling Dovecot 2.08?


Rgds

Tamsy

Re: [Dovecot] 2.0.8 enable-header-install

[Tamsy]

Timo Sirainen wrote the following on 05.12.2010 01:22:

On 4.12.2010, at 13.38, Tamsy wrote:


Dear List,

up to Dovecot 2.07 I used --enable-header-install for the Sieve Plugin when configuring 
Dovecot before compiling. With 2.0.8 I get the following message when running the configure script: 
configure: WARNING: unrecognized options: --enable-header-install

Is this intentionally?

Yes.


Is there a substitute directive for Sieve when compiling Dovecot 2.08?

No. It's done always now.


Thank you Timo :)

Re: [Dovecot] Prevent dovecot.sieve.log logs

[Tamsy]

Hi Thiago,

Simply let Logrotate handle these logs too. It can compress/move/delete 
them and this way no overquota at your Sieve filesystem will happen. Do 
a 'man logrotate' to see how to achieve this.


Rgds
Tamsy



Thiago Henrique wrote the following on 26.10.2010 18:44:

Hi,

This log is not controlled by Syslog and it is not rotated by Logrotate.
I'm afraid that happens overquota in my Sieve filesystem.

Thanks.
--
Thiago Henrique


Em Seg, 2010-10-25 às 22:02 +0200, Stephan Bosch escreveu:

On 10/25/2010 08:05 PM, Thiago Henrique wrote:

Hello,

When an account overquota happens, a log is generated:
/var/lib/imap/sieve/username/dovecot.sieve.log

Is there a way to prevent this?

Currently, no. This feature has existed since the early stages of the
cmusieve plugin. To my knowledge, you are the first to request this.
What's your problem exactly?

Regards,

Stephan.

Re: [Dovecot] Maildir filename extensions S=size and W=vsize

[Tamsy]

mail...@securitylabs.it wrote the following on 25/10/2010 15:27:

On 25/10/2010 10:00, Ralf Hildebrandt wrote:

I'd like to add S=size  and W=vsize  to the filenames in my Maildir
storage for newly delivered mails. But I cannot find where I can make
Dovecot's LDA add those. Anybody?

http://wiki2.dovecot.org/MailboxFormat/Maildir says:

A maildir filename with those fields would look something like: 
1035478339.27041_118.foo.org,S=1000,W=1030:2,S

which is exactly what I want, but it doesn't tell me how!


Hello, I think it's by default. My delivery command in exim is:

command = /usr/local/libexec/dovecot/deliver -d $local_p...@$domain -f 
$sender_address -a $original_local_p...@$original_domain


and size and vsize are present.


Hello,

it should be like that by default. On a newly installed Dovecot 2 (LDA) 
with Postfix 2.7 and Maildir it reads on my box:


1287917936.M244862P10492.foo.net,S=11693,W=11922:2,Sa