Re: Retrieving mail from read-only mdbox

[Peter Benko]

>This is a 'has anyone run into this and solved it' post. And yes, I've been
>reading and re-reading TFM but without luck. The background is that I'm
>working on tooling before we start a mass maildir->mdbox conversion. One of
>those tools is recovering mail from backups (easy as pie with maildir).
>
>We've got all of our email on Netapp file servers. They have nice
>snapshotting but the snapshots are, of course, readonly.
>
>My question: is there a doveadm command that will allow for email to be
>retrieved from a readonly mdbox, either directly (like manipulating the
>mdbox files directly) or by doveadm talking to the dovecot processes?
>
>Ideally, there'd be something like doveadm dump, but that could dump
>selected message contents.
>
>I've tried using IMAP with mail_location pointed at the snapshot, but,
>though I can get a listing of emails in the mailbox, the fetch fails when
>dovecot can't write-lock dovecot.index.log.
>
>If anyone has gotten something similar to work, I'd love to hear about it.
>A working IMAP setup would be the ideal, since it's more easily automatible
>(but I'll take whatever I can get).
>
>Any and all hints are most welcome!

Hi Mark,

I had exactly the same problem as you. I also tried to put the INDEX to a 
writeable fs (also to MEMORY) but it did not work. What I did in the end is 
that I created a writeable version of my read-only snapshot using AuFS. This 
way I was able to access the snapshot over IMAP and destroy the AuFS mount when 
finished.

It's not a perfect solution, but it works :)

Regards,

Peter

Re: Retrieving mail from read-only mdbox

[Mark Moseley]

On Wed, May 31, 2017 at 3:24 PM, M. Balridge  wrote:

> Quoting Mark Moseley :
>
> > I've tried using IMAP with mail_location pointed at the snapshot, but,
> > though I can get a listing of emails in the mailbox, the fetch fails when
> > dovecot can't write-lock dovecot.index.log.
>
> I'm surprised that dovecot would even try to write-lock a write-protected
> file/directory, though I can appreciate the situation where a file may be
> in a
> directory that is writable by some UID other than the one dovecot is
> running as.
>
> Is there an unsafe control over lock_method similar to Samba's fake oplocks
> setting in Dovecot?
>
> If anyone wants some good "horror" writing, a perusal of Jeremy Allison's
> write-up on the schizophrenic approaches to file-locking is worthy of your
> time.
>
> https://www.samba.org/samba/news/articles/low_point/tale_two_stds_os2.html
>
>
>
There's no fake locks from what I can tell. If I'm reading the source
right, the only valid options are fcntl, flock, and dotlock.
Tried 'em all :)

Re: Retrieving mail from read-only mdbox

[Mark Moseley]

>
> >
> > > I've tried using IMAP with mail_location pointed at the snapshot, but,
> > > though I can get a listing of emails in the mailbox, the fetch fails
> when
> > > dovecot can't write-lock dovecot.index.log.
> >
> > I've thought about doing this someday (adding snapshots to a user's
> > namespace) but never got around to doing it.  Snapshots get rotated
> > (e.g. hourly.1 -> hourly.2 -> etc.)  so every hour, so any indices
> > produced gets invalidated.  You would need to generate MEMORY indices
> > to create it on the fly.  Something like
> >
> >   namespace snapshots {
> >   location = ...:INDEX==MEMORY
> >   ...
> >   }
> >
> > I'm not sure how dovecot would react when NetApp pulls the rug out
> > from under one of the hourly snapshots and replace it with the next
> > hour's version.
> >
> > Joseph Tam 
>
> location=...:INDEX=MEMORY, actually.
>
> When the rug gets pulled, what happens, depends on whether the user has
> the snapshots location open or not, but it would probably kick the user out
> in the end and complain. But then the user would probably reconnect? =)
>
>

I didn't want to muddy the waters in my first message with all the stuff
I've tried, but that was one of them. On our existing maildir mailboxes, we
have INDEX pointed at a local SSD, so that was one of the first things I
tried. For this readonly mdbox, I tried pointing INDEX= at a local disk, as
well as MEMORY. I've also got CONTROL= set to local disk as well for this.

However (and I assumed that this was probably due to the nature of mdbox
and a known thing), if I set INDEX to anything (MEMORY or a path) on my
mdbox mailboxes, dovecot acts as if the mailbox is empty. I've tried every
permutation I can think of, but the end result is this: without INDEX=, I
can get a list of messages (still can't FETCH due to the index); if I add
INDEX=, I get no results. Debug output with INDEX shows that auth is ok,
the index is being picked up correctly and that the mail_location is still
correct.

I notice too that when I have INDEX set to a path, when I strace the imap
process, though it stat()s the mail_location, it never once tries to stat()
or open any of the storage files under the mail_location. It *does* stat()
the 'storage' directory inside the snapshot, but never walks that directory
nor stat()s the m.# files inside of it.

If I have INDEX set to MEMORY, as of 2.2.30 (I didn't see this with 2.2.27,
though I still got an empty mailbox result), I get a traceback in the logs:

Jun 01 14:10:06 imap-login: Info: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8542, secured,
session=
Jun 01 14:10:06 imap(md...@test.com): Panic: file mailbox-list.c: line
1330: unreached
Jun 01 14:10:06 imap(md...@test.com): Error: Raw backtrace:
/usr/lib/dovecot/libdovecot.so.0(+0x9d9e2) [0x6b2dd043f9e2] ->
/usr/lib/dovecot/libdovecot.so.0(+0x9dacd) [0x6b2dd043facd] ->
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x6b2dd03d1821] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_list_get_root_forced+0x51)
[0x6b2dd0721891] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mdbox_map_init+0x28)
[0x6b2dd07376b8] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mdbox_storage_create+0xeb)
[0x6b2dd073e2cb] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_create_full+0x3d4)
[0x6b2dd0714884] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_storage_create+0x2c)
[0x6b2dd0714c2c] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_namespaces_init_add+0x159)
[0x6b2dd070ac09] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_namespaces_init+0xd9)
[0x6b2dd070bd99] -> dovecot/imap [md...@test.com 127.0.0.1]() [0x426a10] ->
/usr/lib/dovecot/libdovecot.so.0(+0x37783) [0x6b2dd03d9783] ->
/usr/lib/dovecot/libdovecot.so.0(+0x37a4d) [0x6b2dd03d9a4d] ->
/usr/lib/dovecot/libdovecot.so.0(+0x383da) [0x6b2dd03da3da] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x52) [0x6b2dd0454c42] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109)
[0x6b2dd04562b9] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x3c) [0x6b2dd0454cdc]
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x6b2dd0454e88] ->
/usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x6b2dd03dbd93]
-> dovecot/imap [md...@test.com 127.0.0.1](main+0x302) [0x40caa2] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x6b2dcfff9830] ->
dovecot/imap [md...@test.com 127.0.0.1](_start+0x29) [0x40cc29]
Jun 01 14:10:06 imap(md...@test.com): Fatal: master: service(imap): child
8542 killed with signal 6 (core dumps disabled)

But again, I figured that maybe this was normal for mdbox (or that I've
goofed something else up). Also, the 'If I set index, the mailbox is empty
or I get a traceback' happens if I'm looking at a readonly mdbox or a
regular, writable mdbox (and the writable one works perfectly if you remove
INDEX=).

BTW, in my case, the 'snapshot' IMAP wouldn't be directly accessible to end

Problem with dsync backup

[Sergio Belkin]

Hi folks,

Firstly, the first:

dovecot --version
2.2.10

dovecot -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-514.16.1.el7.x86_64 x86_64 CentOS Linux release 7.3.1611
(Core)
auth_debug = yes
auth_krb5_keytab = /var/lib/dovecot/krb5.keytab
auth_master_user_separator = *
auth_mechanisms = plain login gssapi
auth_verbose = yes
debug_log_path = /dev/null
default_process_limit = 400
disable_plaintext_auth = no
first_valid_uid = 988
imapc_features = rfc822.size fetch-headers
imapc_host = mail.example-aid.com
imapc_master_user = osstand
imapc_password = secret
imapc_ssl = starttls
imapc_ssl_verify = no
imapc_user = %u
import_environment = TZ KRB5CCNAME
last_valid_uid = 988
lmtp_save_to_detail_mailbox = yes
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_plugins = " acl listescape fts fts_lucene"
mail_prefetch_count = 20
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave imapflags
mbox_write_locks = fcntl
namespace PUBLIC {
list = children
location =
maildir:/var/lib/nethserver/vmail/vmail/Maildir:INDEXPVT=~/Maildir/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace ROOT {
inbox = yes
location =
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = no
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
type = private
}
namespace SHARED_USERS {
disabled = no
list = children
location =
maildir:/var/lib/nethserver/vmail/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
prefix = Shared/%%n@example.local/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = dovecot-master
driver = pam
master = yes
}
passdb {
args = /etc/dovecot/deny.passwd
deny = yes
driver = passwd-file
}
passdb {
args = max_requests=100 failure_show_msg=yes blocking=yes
driver = pam
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/nethserver/vmail/shared-mailboxes.db
antispam_backend = MAILTRAIN
antispam_mail_notspam = ham
antispam_mail_sendmail = /usr/libexec/nethserver/spam-training.sh
antispam_mail_sendmail_args = %u
antispam_mail_spam = spam
antispam_spam = Junk
antispam_trash = Trash
fts = lucene
fts_lucene = whitespace_chars=@.
sieve_after = /var/lib/nethserver/sieve-scripts/after.sieve
sieve_before = /var/lib/nethserver/sieve-scripts/before.sieve
sieve_extensions = +imapflags
}
protocols = imap lmtp sieve pop3
service anvil {
client_limit = 1603
}
service auth {
client_limit = 2000
unix_listener /var/spool/postfix/private/smtpauth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0660
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
}
unix_listener imap-ipc {
group = root
mode = 0600
user = $default_internal_user
}
}
service imap-postlogin {
executable = script-login /usr/libexec/nethserver/dovecot-postlogin
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
service lmtp {
client_limit = 1
unix_listener lmtp {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service managesieve {
executable = managesieve sieve-postlogin
}
service pop3-postlogin {
executable = script-login /usr/libexec/nethserver/dovecot-postlogin
user = $default_internal_user
}
service pop3 {
executable = pop3 pop3-postlogin
}
service sieve-postlogin {
executable = script-login /usr/libexec/nethserver/dovecot-postlogin
user = $default_internal_user
}
ssl_cert = ):
unknown user

Please could you help to know where is the error?

Thanks in advance!!

-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

Re: Possible RENAME bug

[A.L.E.C]

On 06/01/2017 10:25 AM, Gabriele Bulfon wrote:
> Is there anything I can do to force "" to reappear without having to 
> create a new folder?
> Any idea?

We may need `doveconf -n` output and information about ACL of the
removed folder and all its parents. Also did you try to use LIST with *
instead of %?

-- 
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]

PGP: 19359DC1 # Blog: https://kolabian.wordpress.com

Re: v2.2.30 released

[Odhiambo Washington]

Nothing in the error log, because authentication is actually successful.

 2.2.29 (13ebc01): /opt/dovecot2.2/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.3-STABLE i386  ufs
auth_cache_size = 20 M
auth_master_user_separator = *
auth_mechanisms = plain login digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
base_dir = /var/run/dovecot/
default_login_user = dovecot
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 26
hostname = gw.localdomain
info_log_path = /var/log/dovecot.log
mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDEX=MEMORY
mail_plugins = " quota"
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_log_fields = uid box msgid size
  quota_rule = *:storage=1G
  quota_rule2 = Trash:storage=+100M
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u
}
postmaster_address = postmaster@localdomain
service auth {
  unix_listener auth-client {
mode = 0600
user = mailnull
  }
  unix_listener auth-userdb {
group = mailnull
user = mailnull
  }
}
service quota-warning {
  executable = script /opt/dovecot2.2/scripts/quota-warning.sh
  unix_listener quota-warning {
user = mailnull
  }
  user = dovecot
}
ssl_cert =  wrote:

> At least doveconf -n output would help. I guess related to authentication
> settings. Are there any errors in logs?
>
> > On 1 Jun 2017, at 12.14, Odhiambo Washington  wrote:
> >
> >> On 30 May 2017 at 21:16, Timo Sirainen  wrote:
> >>
> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
> >>
> >> * auth: Use timing safe comparisons for everything related to
> >>   passwords. It's unlikely that these could have been used for
> >>   practical attacks, especially because Dovecot delays and flushes all
> >>   failed authentications in 2 second intervals. Also it could have
> >>   worked only when passwords were stored in plaintext in the passdb.
> >> * master process sends SIGQUIT to all running children at shutdown,
> >>   which instructs them to close all the socket listeners immediately.
> >>   This way restarting Dovecot should no longer fail due to some
> >>   processes keeping the listeners open for a long time.
> >>
> >> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
> >> + auth: Add passdb { username_filter } to use passdb only if user
> >>   matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
> >> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
> >>   the transaction after saving this many new messages. Because of the
> >>   way dsync works, it may not always be possible if mails are copied
> >>   or UIDs need to change.
> >> + imapc: Support imapc_features=search without ESEARCH extension.
> >> + imapc: Add imapc_features=fetch-bodystructure to pass through remote
> >>   server's FETCH BODY and BODYSTRUCTURE.
> >> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
> >>   remote server.
> >> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
> >> + If dovecot.index.cache corruption is detected, reset only the one
> >>   corrupted mail instead of the whole file.
> >> + doveadm mailbox status: Add "firstsaved" field.
> >> + director_flush_socket: Add old host's up/down and vhost count as
> >> parameters
> >> - More fixes to automatically fix corruption in dovecot.list.index
> >> - dsync-server: Fix support for dsync_features=empty-header-workaround
> >> - imapc: Various bugfixes, including infinite loops on some errors
> >> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
> >>   enabled modseq tracking via CONDSTORE/QRESYNC.
> >> - fts-lucene: Fix it to work again with mbox format
> >> - Some internal error messages may have contained garbage in v2.2.29
> >> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
> >>   are used. Otherwise the copied mails can't be opened.
> >> - vpopmail: Fix compiling
> >>
> >
> >
> > Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
> > Outlook!) were being prompted for mail password! They'd enter it, mail is
> > fetched, and on the next check (even though the password had always been
> > saved) they'd be prompted again. So I quickly reverted to 2.2.29 and
> peace
> > prevailed.
> >
> > Now I am just wondering what exactly is causing this and how to fix it
> if I
> > am to come to 

Re: SSL problem - no banner

[Marcio Merlone]

Em 29/05/2017 15:35, Aki Tuomi escreveu:

On May 29, 2017 at 9:27 PM Marcio Merlone  wrote:

I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has
a valid Letsencrypt certificate but the problem also happens with a
self-digned one.

Only openssl s_client -connect localhost:993 works fine and fast, while
all MUA's and telnet does not. Telnet timeouts waiting for banner after
a minute or so:
(...)

It is not exactly obvious what you are expecting to happen. You won't get plain 
text banner out of port 993, if you want to use STARTTLS, use port 143.

So obvious, thank you.

--
*Marcio Merlone*

Two domains, same users

[Sandbox]

Hi,

I have two LDAP domains, which has some equal users, eg:

a...@domain1.com
a...@domain2.com

I sat up this config:
domain1 users maildirs are stored in /home/vmail/username
domain2 users maildirs are stored in /home/vmail/domain2/username

This works fine except one thing: i cant set up the ldap query to choose
the correct maildir if the user names are equal.
Is it possible to use a user_filter which will choose the correct maildir
and user/domain from the email address?

My current ldap.conf for domain1:

hosts = ldap.domain1.com
base = ou=People,dc=domain1,dc=com
ldap_version = 3
user_attrs = uid=user
user_filter = (uid=%n)
pass_attrs = uid=user,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5

and for domain2:
hosts = ldap.domain2.com
base = ou=People,dc=domain2,dc=com
ldap_version = 3
user_attrs = \
=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
user_filter = (uid=%n)
pass_attrs = uid=%n,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5

Thanks, Robert

Re: v2.2.30 released

[Timo Sirainen]

At least doveconf -n output would help. I guess related to authentication 
settings. Are there any errors in logs?

> On 1 Jun 2017, at 12.14, Odhiambo Washington  wrote:
> 
>> On 30 May 2017 at 21:16, Timo Sirainen  wrote:
>> 
>> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
>> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>> 
>> * auth: Use timing safe comparisons for everything related to
>>   passwords. It's unlikely that these could have been used for
>>   practical attacks, especially because Dovecot delays and flushes all
>>   failed authentications in 2 second intervals. Also it could have
>>   worked only when passwords were stored in plaintext in the passdb.
>> * master process sends SIGQUIT to all running children at shutdown,
>>   which instructs them to close all the socket listeners immediately.
>>   This way restarting Dovecot should no longer fail due to some
>>   processes keeping the listeners open for a long time.
>> 
>> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
>> + auth: Add passdb { username_filter } to use passdb only if user
>>   matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
>> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
>>   the transaction after saving this many new messages. Because of the
>>   way dsync works, it may not always be possible if mails are copied
>>   or UIDs need to change.
>> + imapc: Support imapc_features=search without ESEARCH extension.
>> + imapc: Add imapc_features=fetch-bodystructure to pass through remote
>>   server's FETCH BODY and BODYSTRUCTURE.
>> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
>>   remote server.
>> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
>> + If dovecot.index.cache corruption is detected, reset only the one
>>   corrupted mail instead of the whole file.
>> + doveadm mailbox status: Add "firstsaved" field.
>> + director_flush_socket: Add old host's up/down and vhost count as
>> parameters
>> - More fixes to automatically fix corruption in dovecot.list.index
>> - dsync-server: Fix support for dsync_features=empty-header-workaround
>> - imapc: Various bugfixes, including infinite loops on some errors
>> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
>>   enabled modseq tracking via CONDSTORE/QRESYNC.
>> - fts-lucene: Fix it to work again with mbox format
>> - Some internal error messages may have contained garbage in v2.2.29
>> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
>>   are used. Otherwise the copied mails can't be opened.
>> - vpopmail: Fix compiling
>> 
> 
> 
> Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
> Outlook!) were being prompted for mail password! They'd enter it, mail is
> fetched, and on the next check (even though the password had always been
> saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace
> prevailed.
> 
> Now I am just wondering what exactly is causing this and how to fix it if I
> am to come to 2.2.30.1
> 
> 
> 
> -- 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."

Re: Bug with 2.2.29-1~auto+25 back to haunt me

[Ralf Hildebrandt]

* Aki Tuomi :

> > > So I added 
> > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > > 
> > > But alas:
> > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in 
> > > /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by 
> > > ssl_ca =  > > 
> > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
> > > 
> > > ssl_ca =  > > 
> > > So what gives?
> > 
> > It seems to be similar to:
> > https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
> > 
> > "Can't verify remote server certs without trusted CAs (ssl_client_ca_* 
> > settings)"
> > 
> > -- 
> > Ralf Hildebrandt
> >   Geschäftsbereich IT | Abteilung Netzwerk
> >   Charité - Universitätsmedizin Berlin
> >   Campus Benjamin Franklin
> >   Hindenburgdamm 30 | D-12203 Berlin
> >   Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> >   ralf.hildebra...@charite.de | https://www.charite.de
> >
> 
> Hi.
> 
> passdb imap was changed to verify remote SSL cert by default (yeah, it
> kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir
> setting in args. Or you can disable this behaviour with
> allow_invalid_cert.

I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been 
replaced by ssl_ca = 

Re: v2.2.30 released

[Odhiambo Washington]

On 30 May 2017 at 21:16, Timo Sirainen  wrote:

> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>
>  * auth: Use timing safe comparisons for everything related to
>passwords. It's unlikely that these could have been used for
>practical attacks, especially because Dovecot delays and flushes all
>failed authentications in 2 second intervals. Also it could have
>worked only when passwords were stored in plaintext in the passdb.
>  * master process sends SIGQUIT to all running children at shutdown,
>which instructs them to close all the socket listeners immediately.
>This way restarting Dovecot should no longer fail due to some
>processes keeping the listeners open for a long time.
>
>  + auth: Add passdb { mechanisms=none } to match separate passdb lookup
>  + auth: Add passdb { username_filter } to use passdb only if user
>matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
>  + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
>the transaction after saving this many new messages. Because of the
>way dsync works, it may not always be possible if mails are copied
>or UIDs need to change.
>  + imapc: Support imapc_features=search without ESEARCH extension.
>  + imapc: Add imapc_features=fetch-bodystructure to pass through remote
>server's FETCH BODY and BODYSTRUCTURE.
>  + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
>remote server.
>  + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
>  + If dovecot.index.cache corruption is detected, reset only the one
>corrupted mail instead of the whole file.
>  + doveadm mailbox status: Add "firstsaved" field.
>  + director_flush_socket: Add old host's up/down and vhost count as
> parameters
>  - More fixes to automatically fix corruption in dovecot.list.index
>  - dsync-server: Fix support for dsync_features=empty-header-workaround
>  - imapc: Various bugfixes, including infinite loops on some errors
>  - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
>enabled modseq tracking via CONDSTORE/QRESYNC.
>  - fts-lucene: Fix it to work again with mbox format
>  - Some internal error messages may have contained garbage in v2.2.29
>  - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
>are used. Otherwise the copied mails can't be opened.
>  - vpopmail: Fix compiling
>


Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
Outlook!) were being prompted for mail password! They'd enter it, mail is
fetched, and on the next check (even though the password had always been
saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace
prevailed.

Now I am just wondering what exactly is causing this and how to fix it if I
am to come to 2.2.30.1



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

Possible RENAME bug

[Gabriele Bulfon]

Hello, I'm having some trouble working on a webapp managing the imap tree on 
Dovecot.
The same doesn't happen on other imap servers (e.g. Cyrus).
Looks like if I receive shared folders from another user, and try to rename a 
folder in it, the rename command returns "ok", then if you list the new folder 
name, it isn't there.
Looks like you've lost all the original folder because if you try listing the 
parent folder, you don't have nor the original nor the new name, even trying to 
logout/disconnect and reconnect/login.
Luckily nothing is lost actually, if you try to create a new folder on the 
parent folder, and then list the parent folder, you get both the newly created 
one and the renamed one also appears magically!
Here is the IMAP trace to reproduce:
*** ON ACCOUN RECEIVING SHARED FOLDER
*** PREPARE A FOLDER IN SHARED TREE WITH JUST ONE CHILD ""
*** THEN RENAME  FOLDER TO 
*** AFTER "OK Rename" FOLDER IS NOT PRESENT IN LIST
A3 LIST "" Shared/gabriele.pr...@sonicle.com/Junk/
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk/
A3 OK List completed.
A4 RENAME Shared/gabriele.pr...@sonicle.com/Junk/ 
Shared/gabriele.pr...@sonicle.com/Junk/
A4 OK Rename completed.
A5 LIST "" Shared/gabriele.pr...@sonicle.com/Junk/
A5 OK List completed.
***  IS NOT LISTED AFTER "OK Rename"!
*** LOGOUT/DISCONNECT - CONNECT/LOGIN AND LIST BRANCH ***
A66 LIST "" "Shared/gabriele.pr...@sonicle.com/%"
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Sent
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Drafts
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Trash
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Spam
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/INBOX
A66 OK List completed.
*** Junk HAS NO CHILDREN!
*** CREATE A NEW FOLDER IN Junk ***
A68 CREATE Shared/gabriele.pr...@sonicle.com/Junk/
A68 OK Create completed.
A69 LIST "" Shared/gabriele.pr...@sonicle.com/Junk/
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk/
A69 OK List completed.
*** "" IS LISTED, SO NOW LIST PARENT BRANCH ***
A26 LIST "" "Shared/gabriele.pr...@sonicle.com/%"
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Sent
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Drafts
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Trash
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Spam
* LIST (\HasChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/INBOX
A26 OK List completed.
*** Junk NOW HAS CHILDREN, SO NOW LIST Junk BRANCH ***
A29 LIST "" "Shared/gabriele.pr...@sonicle.com/Junk/%"
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk/
* LIST (\HasNoChildren) "/" Shared/gabriele.pr...@sonicle.com/Junk/
A29 OK List completed.
***  MAGICALLY APPEARS! NOTHING IS LOST.
Is there anything I can do to force "" to reappear without having to create 
a new folder?
Any idea?
Thanks in advance,
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon