Do we really need Solr commit as cronjob?

[Gao]

I am testing Solr FTS on dovecot. Read online that some suggested to run 
cronjob commit every minute, and optimize once a day.


I am using Solr 7.1.0 and I see some configurations:
In /etc/default/solr.in.sh:
#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000"
#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=6"

Also in solrconfig.xml:
    
${solr.autoCommit.maxTime:15000}
  false
    

   
${solr.autoSoftCommit.maxTime:-1}
    

So my question is do I still need run cronjob for commit?

Do I need uncomment these lines in the solr.in.sh? Does my 
solrconfig.xml overwrite the setting in solr.in.sh?


Thanks for help.

Re: iPhone/iPad IMAP connection bursts causes user+IP exceeded

[David.M.Clark]

Update:

I have modified mail_max_userip_connections to 400 which made no difference.

The end user customer actually had Apple remote into their device and 
they were impressed that the end user knew their IMAP settings. They 
tested it and during this connection time, it worked as expected with 
send and receive of e-mails. After Apple support disconnected from the 
device, it not longer worked.


The reseller I am supporting will ask them today to try something like 
"BlueMail" which is an app I use on my Samsung S8+ - as it is free in 
the Apple store and will determine if the Apple issue is with their 
e-mail app or comms itself from the phone.


Will keep you all posted on the outcome.

On 30/11/17 08:40, David.M.Clark wrote:

Thanks for the reply and suggestion Robert.

I have now set mail_max_userip_connections to 400 in 20-imap.conf to see 
if it makes any difference.


Late yesterday the customer tested from his office, an older IOS 9 
tablet and he had IMAP working in a matter of minutes, so is certainly 
an newer software version by Apple issue.


On 30/11/17 03:03, Robert Giles wrote:

David,

I'd say that if you set the mail_max_userip_connections value to a 
large-ish number (300-400), your users likely won't notice an issue on 
their iOS 10.x and iOS 11.x devices.  It's more of an annoyance in the 
logs, and occasionally the iOS Mail app will show that it is stuck 
checking mail for a few minutes (when the new max_userip_connections 
is reached again, but with a large number, it happens much less 
frequently).


Keep in mind max_userip applies to *authenticated* users, so a true, 
malicious DoS situation is less likely.


And yeah, I'm definitely tired of Apple going off and breaking their 
software, because the blame always comes back on IT instead of Apple :(


Robert



On 2017-11-28 at 22:18, David.M.Clark wrote:

Robert just got this one today.

A customer has phoned who has replaced or updated their Apple 'stuff' 
(including iPhone 8 just purchased) and the identical settings that 
work on the older Apple based devices, as well as Outlook based PCs, 
work fine with IMAP (internal port 143 and external port 10143), but 
the newer IOS based devices just do not work. iPhone 8 does not let 
you downgrade to earlier OS either, which is something the customer 
was thinking of doing.


Once again either Apple or Microsoft have 'moved the goal posts' 
expecting everyone else in the world to be forced to move with them.


They are reporting issues on-line also with MS server and Office 365 
so will be hoping we have some kind of good result quickly from Apple 
as this will only get worse as more people update and find their 
e-mail is 'dead in the water'.


On 04/11/17 06:19, Robert Giles wrote:
Apologies for bumping Joseph Tam's rather old thread, but I'm 
wondering if anyone has come up with a workaround/fix for this 
problem that iOS Mail.app clients (10.3.3, 11.0.3, 11.1?) continue 
to exhibit?


Robert



On 10/28/2016 at 03:49 PM, Joseph Tam wrote:

I frequently see this from my iPhone/iPad IMAP users:

 Oct 24 21:30:55 server dovecot: imap-login: Login: 
user=, ...

 [... repeated 10 times ...]
 Oct 24 21:32:54 server dovecot: imap-login: Maximum number of 
connections from user+IP exceeded (mail_max_userip_connections=12): 
user=

 Oct 24 21:32:54 server dovecot: imap(user): Logged out ...
 [... repeated 11 times ...]

These bursts of logins/max/logouts would cycling on for a few minutes.
Googling this problem seems to turn up lots of similar complaints 
about

iOS mail mail clients. e.g.

 https://discussions.apple.com/thread/2547839?tstart=0

iOS mail readers do not limit connections limit as other mailreaders
can.  I could increase mail_max_userip_connections, but that just 
moves

the goal posts.

Using the new rawlog feature in 2.2.26 (thanks Dovecot team!), I 
was able

to see that these connection bursts are caused by clients doing global
searches.  The rawlogs show each mailbox being SELECT'd and searched
(e.g. From header string):

 1477369968.730450 2 ID ("name" "iPad Mail" "version" "13G36" 
"os" "iOS" "os-version" "9.3.5 (13G36)")

 1477369968.781932 3 SELECT {mailbox}
 1477369968.961636 4 UID SEARCH RETURN (COUNT) 1:* NOT DELETED
 1477369969.006087 5 UID SEARCH RETURN (ALL) 1:* NOT DELETED
 1477369969.052701 6 UID SEARCH RETURN (ALL) {search-term} NOT 
DELETED

 1477369974.624153 7 LOGOUT

Questions:

 1) How does this affect the user?  I heard from one user that it
 makes global searches unusable because his reader just spins its
 wheel.  I'm not sure whether this is impatience or this results
 in failed searches.

 2) Is there a client-side fix (e.g. connection limiting)?
 Apple appears to be intransigent on addressing this.

 3) Will maintaining search indices (e.g. solr) help with this?
 Maybe the searches are taking too long and the connections pile
 up waiting for previous searches 

Re: My Solr FTS problem

[Gao]

Thanks a lot for the help.

You are right about the JSON as the default in solr v7.1.0. I now 
switched it back to XML and now it works.


# doveadm -v index -u fail2...@mydomain.com Inbox
doveadm(fail2...@mydomain.com): Info: INBOX: Caching mails seq=1..388
388/388

Gao

On 2017-11-30 02:00 PM, Christian Kivalo wrote:

solr 7 and dovecot

My Solr FTS problem

[Gao]

I am testing the solr FTS following the guide here:
http://things.m31.ch/?p=379

Now I am having problem when I try to test:

# doveadm -v  index -u fail2...@mydomain.com Inbox
doveadm(fail2...@mydomain.com): Error: fts_solr: Invalid XML input at 
1:0: not well-formed (invalid token) (near: {

  "responseHeader":{
    "status":0,
    "QTime":0,
    "params":{
  "q":"box:8864fa1d51ea1d5a7b1296a1aaf8 AND user:fa)
doveadm(fail2...@mydomain.com): Error: Mailbox INBOX: Status lookup 
failed: Internal error occurred. Refer to server log for more 
information. [2017-11-30 13:05:24]


My system is CentOS 7, Dovecot 3.2.4 (installed from source with solr 
support), Java OpenJDK-1.8.0, Solr v7.1.0.


Could some one help me on this please?

Here is detailed debug out put:

[root@mail ~]# doveadm -vD  index -u fail2...@mydomain.com Inbox
Debug: Loading modules from directory: /usr/lib64/dovecot
Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Debug: Module loaded: /usr/lib64/dovecot/lib20_fts_plugin.so
Debug: Module loaded: /usr/lib64/dovecot/lib21_fts_solr_plugin.so
Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
symbol: acl_user_module (this is usually intentional, so just ignore 
this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore 
this message)
Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so
Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so

Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: 
undefined symbol: mail_crypt_box_get_pvt_digests (this is usually 
intentional, so just ignore this message)
doveadm(fail2...@mydomain.com): Debug: Added userdb setting: 
mail=maildir:/home/vmail/mydomain.com/fail2ban/
doveadm(fail2...@mydomain.com): Debug: Added userdb setting: 
plugin/quota_rule=*:bytes=0
doveadm(fail2...@mydomain.com): Debug: Effective uid=5000, gid=5000, 
home=/home/vmail/mydomain.com/fail2ban/
doveadm(fail2...@mydomain.com): Debug: Quota root: name=User quota 
backend=maildir args=
doveadm(fail2...@mydomain.com): Debug: Quota rule: root=User quota 
mailbox=* bytes=0 messages=0
doveadm(fail2...@mydomain.com): Debug: Quota rule: root=User quota 
mailbox=Trash bytes=+104857600 messages=0
doveadm(fail2...@mydomain.com): Debug: Quota warning: bytes=0 (90%) 
messages=0 reverse=no command=quota-warning 90 fail2...@mydomain.com 
mydomain.com
doveadm(fail2...@mydomain.com): Debug: Quota warning: bytes=0 (80%) 
messages=0 reverse=no command=quota-warning 80 fail2...@mydomain.com 
mydomain.com
doveadm(fail2...@mydomain.com): Debug: Quota grace: root=User quota 
bytes=0 (10%)
doveadm(fail2...@mydomain.com): Debug: Namespace inbox: type=private, 
prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:/home/vmail/mydomain.com/fail2ban/
doveadm(fail2...@mydomain.com): Debug: maildir++: 
root=/home/vmail/mydomain.com/fail2ban, index=, indexpvt=, control=, 
inbox=/home/vmail/mydomain.com/fail2ban, alt=
doveadm(fail2...@mydomain.com): Debug: quota: quota_over_flag check: 
quota_over_script unset - skipping

doveadm(fail2...@mydomain.com): Debug: INBOX: Mailbox opened because: index
doveadm(fail2...@mydomain.com): Debug: http-client: host 127.0.0.1: Host 
created
doveadm(fail2...@mydomain.com): Debug: http-client: peer 127.0.0.1:8983: 
Peer created
doveadm(fail2...@mydomain.com): Debug: http-client: queue 
http://127.0.0.1:8983: Setting up connection to 127.0.0.1:8983 (1 
requests pending)
doveadm(fail2...@mydomain.com): Debug: http-client: peer 127.0.0.1:8983: 
Linked queue http://127.0.0.1:8983 (1 queues linked)
doveadm(fail2...@mydomain.com): Debug: http-client: queue 
http://127.0.0.1:8983: Started new connection to 127.0.0.1:8983
doveadm(fail2...@mydomain.com): Debug: http-client: request [Req1: GET 
http://127.0.0.1:8983/solr/dovecot/select?fl=uid=1=uid+desc=box:8864fa1d51ea1d5a7b1296a1aaf8+AND+user:fail2...@mydomain.com]: 
Submitted
doveadm(fail2...@mydomain.com): Debug: http-client: Waiting for 1 
requests to finish
doveadm(fail2...@mydomain.com): Debug: http-client: peer 127.0.0.1:8983: 
Creating 1 new connections to handle requests (already 0 usable, 
connecting to 0, closing 0)
doveadm(fail2...@mydomain.com): Debug: http-client: peer 127.0.0.1:8983: 
Making new connection 1 of 1
doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983 
[0]: HTTP connection created (1 parallel connections exist)
doveadm(fail2...@mydomain.com): Debug: http-client: conn 127.0.0.1:8983 
[0]: Connected

Re: Unable to build sieve plugin

[Christian Kivalo]

Am 30. November 2017 18:20:58 MEZ schrieb Mark Foley :
>I'm wanting to experiment with sieve processing for the first time.
>Having some trouble getting
>started. I googled to page, https://wiki2.dovecot.org/Pigeonhole/Sieve,
>went to the "Download
>and Installation" link, then the "Pigeonhole download page" link and
>downloaded
>dovecot-2.2-pigeonhole-0.4.21.tar.gz (I have Dovecot version 2.2.15). I
>untarred, ran
>./configure (which appeared to run OK), then `make` and got the
>following erro:
>
>make[4]: Entering directory
>'/user/util/src/dovecot/dovecot-2.2-pigeonhole-0.4.21/src/lib-sieve/util'
>/bin/sh ../../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
>-I. -I../../..  -I/usr/local/include/dovecot  
>-DMODULEDIR=\""/usr/local/lib/dovecot"\"   -std=gnu99 -g -O2 -Wall -W
>-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
>-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
>-Wstrict-aliasing=2  -I../../.. -MT edit-mail.lo -MD -MP -MF
>.deps/edit-mail.Tpo -c -o edit-mail.lo edit-mail.c
>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../..
>-I/usr/local/include/dovecot -DMODULEDIR=\"/usr/local/lib/dovecot\"
>-std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations
>-Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast
>-fno-builtin-strftime -Wstrict-aliasing=2 -I../../.. -MT edit-mail.lo
>-MD -MP -MF .deps/edit-mail.Tpo -c edit-mail.c  -fPIC -DPIC -o
>.libs/edit-mail.o
>edit-mail.c: In function 'edit_mail_get_special':
>edit-mail.c:1592:8: error: 'MAIL_FETCH_STORAGE_ID' undeclared (first
>use in this function)
>   case MAIL_FETCH_STORAGE_ID:
>^
>edit-mail.c:1592:8: note: each undeclared identifier is reported only
>once for each function it appears in
>
>This was followed by several more errors and the make failed.
>
>What did I do wrong?
You need the current dovecot version for the current Pigeonhole version. 
For dovecot 2.2.15 you probably need to go back to pigeonhole 0.4.7 or even 
0.4.5  to get it to compile without errors, see the release notes on the 
mailing list. 

>--Mark

-- 
Christian Kivalo

Unable to build sieve plugin

[Mark Foley]

I'm wanting to experiment with sieve processing for the first time. Having some 
trouble getting
started. I googled to page, https://wiki2.dovecot.org/Pigeonhole/Sieve, went to 
the "Download
and Installation" link, then the "Pigeonhole download page" link and downloaded
dovecot-2.2-pigeonhole-0.4.21.tar.gz (I have Dovecot version 2.2.15). I 
untarred, ran
./configure (which appeared to run OK), then `make` and got the following erro:

make[4]: Entering directory 
'/user/util/src/dovecot/dovecot-2.2-pigeonhole-0.4.21/src/lib-sieve/util'
/bin/sh ../../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. 
-I../../..  -I/usr/local/include/dovecot   
-DMODULEDIR=\""/usr/local/lib/dovecot"\"   -std=gnu99 -g -O2 -Wall -W 
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts 
-Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2  
-I../../.. -MT edit-mail.lo -MD -MP -MF .deps/edit-mail.Tpo -c -o edit-mail.lo 
edit-mail.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. 
-I/usr/local/include/dovecot -DMODULEDIR=\"/usr/local/lib/dovecot\" -std=gnu99 
-g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith 
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime 
-Wstrict-aliasing=2 -I../../.. -MT edit-mail.lo -MD -MP -MF .deps/edit-mail.Tpo 
-c edit-mail.c  -fPIC -DPIC -o .libs/edit-mail.o
edit-mail.c: In function 'edit_mail_get_special':
edit-mail.c:1592:8: error: 'MAIL_FETCH_STORAGE_ID' undeclared (first use in 
this function)
   case MAIL_FETCH_STORAGE_ID:
^
edit-mail.c:1592:8: note: each undeclared identifier is reported only once for 
each function it appears in

This was followed by several more errors and the make failed.

What did I do wrong?

--Mark

Re: Sieve can't move messages in a public namespace

[Paolo]

Hello all,
finally I upgraded to dovecot 2.2.10 (that comes with CentOS 7.4).
But the problem is still there!

Why sieve can't move a message in a public namespace complaining about 
"Mailbox does not exists"?

None of you ever try? Some of you have a working setup?

I attach "dovecot -n" output.

The sieve script is:

   require ["fileinto", "envelope", "mailbox"];

   if header :contains ["From"] "a...@address.com" {
  fileinto "Cond-UFF_FORNITORI/CONTABILITA/Ricevuta";
   }


The error:

   error: msgid=<5df93e60-676c-f6bb-68b8-c17fe7493...@address.com>:
   failed to store into mailbox
   'Cond-UFF_FORNITORI/CONTABILITA/Ricevuta': Mailbox doesn't exist:
   Cond-UFF_FORNITORI/CONTABILITA/Ricevuta

Il 04/07/2017 10:34, Stephan Bosch ha scritto:

Op 7/4/2017 om 8:44 AM schreef Paolo:

Il 30/06/2017 10:46, Paolo ha scritto:

Hello,

my dovecot version is 2.1.17

I've configured some public namespaces (config attached). When a mail
arrives at a certain mail address, that mail is handled by dovecot
lmtp server and a sieve script is executed that shuold move the
message in one of the namespaces. This is the script:

require "fileinto";

if header :contains "From""exam...@example.com"  {
fileinto "Cond-UFF_FORNITORI/CONTABILITA/Inviata";
}
else {
 fileinto "Cond-UFF_FORNITORI/CONTABILITA/Ricevuta";
}

The problem is that the sieve script fails with the error:

sieve: info: started log at Jun 27 12:42:28.
error: msgid=:
failed to store into mailbox
'Cond-UFF_FORNITORI/CONTABILITA/Ricevuta': Mailbox doesn't exist:
Cond-UFF_FORNITORI/CONTABILITA/Ricevuta.

I double checked config, dovecot documentation, sieve documentation,
ACL, filesystem paths, filesystem permissions, etc. etc. I'm pretty
sure it's all right.
So why isn't sieve working?

Thanks if you bother to answer & Cheers

Paolo


Nobody has clues?

Your version is very old. Can you try upgrading first?

Regards,

Stephan.


# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-693.5.2.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 
(Core)  xfs
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = gssapi plain
default_process_limit = 300
disable_plaintext_auth = no
hostname = mail.fcr.re.it
mail_debug = yes
mail_gid = vmail
mail_location = 
sdbox:/home/vmail/mailboxes/%n/dbox:ALT=/mnt/dovecot-altstorage/%n
mail_max_userip_connections = 15
mail_plugins = acl listescape
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  location = 
maildir:/home/vmail/mailboxes/Condivise/UFF_FORNITORI-maildir:INDEX=~/Cond-indexes/.UFF_FORNITORI:CONTROL=~/Cond-control/.UFF_FORNITORI
  prefix = Cond-UFF_FORNITORI/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/FCR-dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/home/vmail/mailboxes/shared-mailboxes.db
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve-pre
  sieve_max_redirects = 8
}
postmaster_address = postmas...@fcr.re.it
service auth {
  client_limit = 1300
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service imap-login {
  process_min_avail = 10
}
service imap {
  vsz_limit = 256 M
}
service lmtp {
  executable = lmtp -L
  process_min_avail = 5
}
ssl = required
ssl_cert = 

Re: Username character disallowed by auth_username_chars: 0x13

[Alex]

Hi,

On Wed, Nov 29, 2017 at 12:18 AM, Aki Tuomi  wrote:
>
>> On November 29, 2017 at 5:58 AM Alex  wrote:
>>
>>
>> Hi, I'm receiving the following messages in my mail logs that I
>> haven't seen before:
>>
>> Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21):
>> Username character disallowed by auth_username_chars: 0x13 (username:
>> AB?)
>> Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21):
>> Username character disallowed by auth_username_chars: 0x13 (username:
>> AB?)
>>
>> There's thousands of them, from hundreds of different IP addresses. I
>> suspect it's an exploit attempt, but does anyone know which?
>>
>> I've added a fail2ban entry, but I'd also like to make sure my dovecot
>> is not vulnerable. This is on a fc25 system with all updates.
>
> 0x13 is carriage return, so it could just be a mistake in the spam robots 
> code.

It turned out there was a carriage return in the GCOS field of one of
the users in the password file, and for every dovecot login there was
an entry similar to the above in the logs.

Re: Detect port number of SASL AUTH request?

[Stephan Bosch]

Op 16-11-2017 om 2:07 schreef MRob:
Hi, this is partly Postfix related, but I want to know if there could 
be way to distinguish port of the SASL AUTH request to segregate user 
services.


Currently I use unix listener for dovecot sasl auth, but could change 
to inet_listener.


Only way I can think is to have different SASL AUTH services for each 
master.cf entry where its needed. But is it possible for Dovecot to 
have more than one SASL AUTH services with different configuration 
setup? It would be nicer if there was a way for Postfix to tell 
Dovecot about the port the client connected on.


Or maybe it can be done with a SASL realm? I'm not sure how? Any help 
please?


I am not sure I understand the question completely.

The Dovecot SASL auth protocol allows setting various auxiliary fields:

https://github.com/dovecot/core/blob/release-2.2.33/src/auth/auth-request.c#L370 
(Which, apparently, aren't all documented: 
https://wiki2.dovecot.org/Design/AuthProtocol)


The service connection ports are among those fields. So, at least an 
authentication client (e.g. Postfix) could pass the ip:port to Dovecot. 
I don't know whether Postfix sets one of these port values at this time.


And even then, there's the question of whether the port value can be 
used as a selector in some dynamic configuration. The local {...} 
configuration sections can as far as I know only be used with IPs and 
not with ports or IP:ports. Maybe you could do some magic in variable 
substitutions, e.g. use it in the passdb/userdb database lookup.


Regards,

Stephan.

Re: Plugin 'sieve_imapsieve' not found

[Christopher Satchell]

Thank you very much, the solution was so simple.

Am 30.11.2017 um 14:32 schrieb Felix Zielcke:

Am Donnerstag, den 30.11.2017, 13:47 +0100 schrieb Christopher
Satchell:

Hello,

when Dovecot launches (and pretty much at any action afterwards) it
always throws following error:


managesieve: Fatal: Plugin 'sieve_imapsieve' not found from
directory

/usr/lib/dovecot/modules/sieve

config: Error: managesieve-login: dump-capability process returned
89

dovecot-sieve and dovecot-managesieved are both installed and the
only
plugin in the mentioned folder is
`lib90_sieve_extprograms_plugin.so`.

`doveconf -n` output:

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)

Hi Christopher,

IMAPSieve extension was added with Pigeonhole 0.4.14

Regards,
Felix

Re: Dovecot lmtp doesn't log

[Stephan Bosch]

Op 25-11-2017 om 13:00 schreef Tomislav Perisic:

Does anyone have any idea regarding this?

On 17 Nov 2017 11:36, "Tomislav Perisic"  wrote:

Hi,

We have 2 servers, server A and server B.

Server A has:

Postfix
dovecot-2.2.33.2-1.el6.x86_64

Server B has:

dovecot-2.2.33.2-1.el6.x86_64
dovecot-pigeonhole-2.2.33.2-1.el6.x86_64

Server A receives email on postfix, dovecot then takes that email from
postfix and proxies it to Server B Dovecot. Dovecot on Server B takes the
proxied email and delivers it with lmtp to the user inboxes.

The problem is that the dovecot on server B Doesn't log anything regarding
the emails that are being delivered to the mailbox via lmtp.

Dovecot on server A logs everything perfectly regarding the proxy, so my
assumption is that there is an issue with Dovecot lmtp logging. We changed
the logging from syslog directly to a file and we noticed the same problem,
missing log entries.

We also tried turning on verbose logging and it didn't help.


Are you sure you're looking in the right place?

You can find out where logs are written using `doveadm log find`.

Especially with mail_debug enabled, you should see a lot of log messages 
for an LMTP delivery.


Regards,

Stephan.



Server B:

Red Hat  6.7 x86_64

rpm -qa | grep dove
dovecot-2.2.33.2-1.el6.x86_64
dovecot-pigeonhole-2.2.33.2-1.el6.x86_64

doveconf -n

# 2.2.33.2: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21
auth_cache_negative_ttl = 0
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
listen = *
mail_debug = yes
mail_gid = mail
mail_location = maildir:~/Maildir
mail_plugins = " quota zlib"
mail_uid = vmail
managesieve_notify_capability = mailto

namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
 auto = subscribe
 special_use = \Drafts
   }
   mailbox Sent {
 auto = subscribe
 special_use = \Sent
   }
   mailbox Spam {
 auto = subscribe
 special_use = \Junk
   }
   mailbox Trash {
 auto = subscribe
 special_use = \Trash
   }
   mailbox Virus {
 auto = subscribe
   }

plugin {
   quota = maildir:User quota
   sieve_extensions = +editheader
   sieve_max_actions = 32
   sieve_max_redirects = 4
   sieve_max_script_size = 1M
   sieve_quota_max_scripts = 0
   sieve_trace_debug = yes
   sieve_trace_level = matching
   sieve_vacation_dont_check_recipient = yes
   sieve_vacation_send_from_recipient = yes
   sieve_vacation_use_original_recipient = yes
   zlib_save = gz
   zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth {
   unix_listener auth-userdb {
 group = mail
 mode = 0666
 user = vmail
   }
}
service lmtp {
   inet_listener lmtp {
 port = xx
   }
}
service managesieve-login {
   inet_listener sieve {
 port = xx
   }
   service_count = 1
}

protocol lmtp {
   mail_plugins = " quota zlib sieve mail_log notify"
}
protocol imap {
   mail_plugins = " quota zlib imap_quota imap_zlib"
}
protocol sieve {
   managesieve_implementation_string = dovecot
   managesieve_logout_format = bytes ( in=%i : out=%o )
   managesieve_max_line_length = 65536
   managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
}

Re: Plugin 'sieve_imapsieve' not found

[Felix Zielcke]

Am Donnerstag, den 30.11.2017, 13:47 +0100 schrieb Christopher
Satchell:
> Hello,
> 
> when Dovecot launches (and pretty much at any action afterwards) it 
> always throws following error:
> 
> > managesieve: Fatal: Plugin 'sieve_imapsieve' not found from
> > directory 
> 
> /usr/lib/dovecot/modules/sieve
> > config: Error: managesieve-login: dump-capability process returned
> > 89
> 
> dovecot-sieve and dovecot-managesieved are both installed and the
> only 
> plugin in the mentioned folder is
> `lib90_sieve_extprograms_plugin.so`.
> 
> `doveconf -n` output:
> 
> # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.13 (7b14904)

Hi Christopher,

IMAPSieve extension was added with Pigeonhole 0.4.14

Regards,
Felix

Re: Plugin 'sieve_imapsieve' not found

[Stephan Bosch]

Op 30-11-2017 om 13:47 schreef Christopher Satchell:

Hello,

when Dovecot launches (and pretty much at any action afterwards) it 
always throws following error:


| managesieve: Fatal: Plugin 'sieve_imapsieve' not found from 
directory /usr/lib/dovecot/modules/sieve

| config: Error: managesieve-login: dump-capability process returned 89

dovecot-sieve and dovecot-managesieved are both installed and the only 
plugin in the mentioned folder is `lib90_sieve_extprograms_plugin.so`.


plugin {
  
  sieve_plugins = sieve_imapsieve sieve_extprograms
}

There's your problem. Your Dovecot is too old to have imapsieve support, 
so that plugin is not installed. Why do you have it enabled then?


Regards,

Stephan.



`doveconf -n` output:

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
managesieve(username): Fatal: Plugin 'sieve_imapsieve' not found from 
directory /usr/lib/dovecot/modules/sieve

doveconf: Error: managesieve-login: dump-capability process returned 89
# OS: Linux 4.4.0-101-generic x86_64 Ubuntu 16.04.3 LTS
auth_mechanisms = plain login
mail_gid = vmail
mail_home = /var/vmail/mailboxes/%d/%n
mail_location = maildir:~/mail:LAYOUT=fs
mail_privileged_group = vmail
mail_uid = vmail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  imapsieve_mailbox1_before = 
file:/var/vmail/sieve/global/learn-spam.sieve

  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = 
file:/var/vmail/sieve/global/learn-ham.sieve

  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  quota = maildir:User quota
  quota_exceeded_message = Benutzer %u hat das Speichervolumen 
überschritten. / User %u has exhausted allowed storage space.
  sieve = 
file:/var/vmail/sieve/%d/%n/scripts;active=/var/vmail/sieve/%d/%n/active-script.sieve

  sieve_before = /var/vmail/sieve/global/spam-global.sieve
  sieve_global_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /usr/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = vmail
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
ssl = required
ssl_cert = ssl_cipher_list = 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

ssl_dh_parameters_length = 2048
ssl_key = 

Re: Autoreplies are not sent

[Sergio Belkin]

El 30 nov. 2017 4:02 a.m., "Steffen Kaiser" 
escribió:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Wed, 29 Nov 2017, Sergio Belkin wrote:

Now, I'd want to every mail was sent to support-...@example.com it triggers
> an autoreply vacation style.
>
> So, I've wrote and compiled a sieve filter, something like that and put in
> op1@example.local sieve folder.
>
> But it fails complaining like that:
> nov 29 15:55:39 muteriver.example.local dovecot[12549]: lmtp(12675,
> op1@example.local): CqNdF6sCH1qDMQAAcSFsIQ: sieve: msgid=<
> ded22f3d-f1e3-157e-0667-ca73d851d...@example.com>: discarding vacation
> response for implicitly delivered message; no known (envelope) recipient
> address found in message headers (recipient=, and
> additional `:addresses' are specified)
>

your MTA does not pass the envelope sender to Dovecot. Do you use LMTP or
LDA to deliver the messages?

- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWh+tI8QnQQNheMxiAQLi4AgAuTja/RGggap3E/EmqoDt42FNfPV/Tx+i
wYC/IoM9KG+IZE4YcVVQW15EMt3CYNWf8VFU4ln45yAPuE/QidZLBdV5P0Ob9CLn
uh7o02fc4RHQsmLeDNL3A9NpNTJR/Tj013fW2ZFvEA4hNU7f7IM07j28xZMWLI0Z
ToRXWptFmw4SYKuK3utPlE2D3H7kqxskY/736qEoW97p6KFzAre36BH1ANe25/dD
SygYJNEuh5B1VsKZg/NJjTpPbZwLCsqoP0lOW/tCG/SyPO991jPM1vzuI2A5r9fk
OsxjYnb4xnufiu3Xe0EUkFee3fen9EAQ1LZdDHaueKva3TQmPLb4ow==
=2Ex/
-END PGP SIGNATURE-

Steffen, Thanks, I use lmtp.
Greets.

Re: dovecot - 2 Faktor Auth

[Aki Tuomi]

On 30.11.2017 12:33, Hajo Locke wrote:
> Hallo Liste,
>
> hat sich schon mal jemand mit 2 Faktor Auth für dovecot beschäftigt?
> Es geht dabei nicht nur um die Absicherung einer Weboberfläche sondern
> direkt die Absicherung der Standard pop/imap Verbindungen des Clients.
> Wir machen das auth bisher über MySQL.  Rein technisch würde das
> gehen, da man die Password-Query beliebig anpassen und auch mit
> allow_nets arbeiten kann. Es wäre eher die Herausforderung für den
> Client den 2. Faktor zu erfüllen und seine IP freizuschalten. Man
> müsste dann ja Clients wie Thunderbird veranlassen irgendwie die
> Challenge des 2. Faktors anzuzeigen und zu erfüllen. Vermutlich kann
> man das nur mit speziellen Clients z.B. einer eigenen App machen.
> Hat jemand in dem Bereich Erfahrung und kann diese teilen?
>
> Danke,
> Hajo

Hi!

This is an english speaking list. Please send your question in english.

Aki

dovecot - 2 Faktor Auth

[Hajo Locke]

Hallo Liste,

hat sich schon mal jemand mit 2 Faktor Auth für dovecot beschäftigt? Es 
geht dabei nicht nur um die Absicherung einer Weboberfläche sondern 
direkt die Absicherung der Standard pop/imap Verbindungen des Clients.
Wir machen das auth bisher über MySQL.  Rein technisch würde das gehen, 
da man die Password-Query beliebig anpassen und auch mit allow_nets 
arbeiten kann. Es wäre eher die Herausforderung für den Client den 2. 
Faktor zu erfüllen und seine IP freizuschalten. Man müsste dann ja 
Clients wie Thunderbird veranlassen irgendwie die Challenge des 2. 
Faktors anzuzeigen und zu erfüllen. Vermutlich kann man das nur mit 
speziellen Clients z.B. einer eigenen App machen.

Hat jemand in dem Bereich Erfahrung und kann diese teilen?

Danke,
Hajo

Re: ManageSieve: authenticate "EXTERNAL" not behaving correctly

[Marc Weustink]

Stephan Bosch wrote:



Op 28-10-2017 om 17:18 schreef Stephan Bosch:

Op 10/26/2017 om 1:32 PM schreef Marc Weustink:

...


Will get back on this later.


This was actually a Dovecot problem. Merged yesterday:

https://github.com/dovecot/core/commit/451698c60d7b3a763742c8e99503ab30596036f0 

https://github.com/dovecot/core/commit/e4b72bd73bfffda7906faa248eab31f936cfc6fa 

https://github.com/dovecot/core/commit/ad3e5fb08578161731085cfc025659753d2682cb 

https://github.com/dovecot/core/commit/981f260cfa17a22faf4ff047e479e63cad01aa65 





Great, Thanks.
Marc