client unable to send mail, dovecot-imap errors

[GE Junk]

Hi,

I have an email client that is currently unable to send mail through 
imap. I am getting a ton of errors in dovecot-imap.log. All of these 
errors continue to show up, even after purging the dovecot*.* files from 
the offending folders.


This happens to all email accounts on the server. Clearing the cache 
files doesn't fix, the error appears pretty much immediately after the 
new cache is generated.

==
Error: mmap() failed with file path/Maildir/dovecot.index.cache: Invalid 
argument

==

These errors are associated with an account unable to send right now. 
They seem to have only started since the send problem started.

==
Error: Corrupted transaction log file path/Maildir/dovecot.index.log seq 
5: indexid changed 1512100549 -> 1512183737 (sync_offset=0)


Error: Index path/Maildir/dovecot.index: Lost log for seq=5 
offset=12576: Failed to map file seq=178 offset=40..18446744073709551615 
(ret=0)


Warning: fscking index file path/Maildir/dovecot.index

Error: Fixed index file path/Maildir/dovecot.index: log_file_seq 5 -> 179

IMAP session state is inconsistent, please relogin. in=26 out=1276
==

This error is also associated with the offending email client
==
message repeated 9 times: [ imap(emailaddress): Error: Transaction log 
path/Maildir/dovecot.index.log: duplicate transaction log sequence (2)]

==

Some additional info:
dovecot: 2.2.22 (fe789d2)
Ubuntu Server 16.04
Running on a qemu VM installed on an Unraid 6.3.5 Server
4GB RAM
mail folder is located on virtio 9p2000 host passthru fs located on the 
same physical machine as the VM.


Anyone have any ideas? Need additional information?

Thanks,
Eric

Re: Lua Auth

[Mark Moseley]

On Thu, Nov 30, 2017 at 5:26 AM, Stephan Bosch  wrote:

>
>
> Op 29-11-2017 om 6:17 schreef Aki Tuomi:
>
>> On November 29, 2017 at 4:37 AM Mark Moseley 
>>> wrote:
>>>
>>>
>>> Just happened to be surfing the docs and saw this. This is beyond
>>> awesome:
>>>
>>> https://wiki2.dovecot.org/AuthDatabase/Lua
>>>
>>> Any words of wisdom on using it? I'd be putting a bunch of mysql logic in
>>> it. Any horrible gotchas there? When it says 'blocking', should I assume
>>> that means that a auth worker process will *not* accept any new auth
>>> lookups until both auth_passdb_lookup() and auth_userdb_lookup() have
>>> completed (in which I'd be doing several mysql calls)? If that's the
>>> case,
>>> I assume that the number of auth workers should be bumped up.
>>>
>>> And is a 2.3 release fairly imminent?
>>>
>> Hi!
>>
>> This feature was added very recently, and there is very little
>> operational experience on it. As the docs should say, blocking=yes means
>> that an auth worker is used, and yes, it will block each auth worker during
>> authentication, but what we tried, it should perform rather nicely.
>>
>> The most important gotcha is to always test your lua code rigorously,
>> because there is not much we can do to save you.
>>
>> It should be present in master branch, so if someone feels like trying it
>> out, please let us know if you find any bugs or strangeness. It's not
>> present in nightlies yet.
>>
>> We are planning on releasing 2.3.0 this year.
>>
>
> The Xi package builder has this feature enabled since yesterday. It is
> available in the dovecot-lua package; the first Xi package that doesn't
> have an official Debian equivalent (yet anyway).
>
>
>
I've been playing with Lua auth and so far no issues. I was previously
putting together a very ugly MySQL stored procedure. Using Lua would be a
lot easier (esp when it comes to returning an arbitrary number of columns).

I'd love to see any test Lua code that the dovecot team has been playing
around with (and realize it's not remotely production-ready, so don't worry
about caveats

I did have a couple of questions though:

1) Is the data returned by Lua auth not cacheable? I've got the following
settings (and I'm just using Lua in the userdb lookup, not passdb -- passdb
is doing a lightweight SQL lookup for username/password):

auth_cache_negative_ttl = 1 mins
auth_cache_size = 10 M
auth_cache_ttl = 10 mins

but I notice that every time I auth, it'll redo all the queries in my Lua
code. I'd have expected that data to be served out of cache till the 10min
TTL is up


2) Is there an appropriate way to return data with spaces in it (or
presumably other non-alphanum chars. My quota name had a space in it, which
somehow got interpreted as 'yes' , i.e.:

imap: Error: Failed to initialize quota: Invalid quota root quota: Unknown
quota backend: yes

I simply changed the space to an underscore as a workaround, but I'm
curious if there's a better way. I tried various quoting without success.
Didn't try escaping yet.


3) Can you elaborate on the "auth_request#response_from_template(template)"
and "auth_request#var_expand(template)" functions? Specifically how to use
them. I'm guessing that I could've used one of them to work around #2 (that
it would have done the escaping for me)


Thanks!

iPhone no longer authenticating

[Mark Foley]

I've switched a user to being an active directory user. That user's email 
client authorizes
just fine with dovecot using GSSAPI. However, now his iPhone won't authorize. 
In the dovecot
log file I get:

Dec 01 14:27:28 auth: Debug: client in: AUTH1   PLAIN   service=imap
secured session=q4n3W0xfggBiZj9slip=98.102.63.107 rip=98.102.63.108 
  lport=993   rport=49538 resp=AG1wcmVzcwBEaW5va3JvbndhbGw0NQ== 
(previous base64 data may contain sensitive data)
Dec 01 14:27:32 auth-worker(5988): Debug: shadow(mpress,98.102.xx.yyy): lookup
Dec 01 14:27:32 auth-worker(5988): Info: shadow(mpress,98.102.xx.yyy): unknown 
user (given password: ***)
Dec 01 14:27:34 auth: Debug: client passdb out: FAIL1   user=mpress
Dec 01 14:27:34 imap-login: Info: Aborted login (auth failed, 1 attempts in 6 
secs): user=, method=PLAIN, rip=98.102.xx.yyy, lip=98.102.63.107, TLS, 
session=
Dec 01 14:27:34 imap-login: Debug: SSL alert: close notify [98.102.xx.yyy]

This same user will authenticate OK from his local domain workstation:

Dec 01 14:28:52 auth: Debug: master userdb out: USER1948516353  mpress  
system_groups_user=HPRS\mpress  uid=10005gid=1
home=/home/HPRS/mpress  auth_token=ce3050035718ed0996af698400c4de1be453ec06 
auth_user=mpress@HPRS.LOCAL
Dec 01 14:28:52 imap-login: Info: Login: user=, method=GSSAPI, 
rip=192.168.0.54, lip=192.168.0.2, mpid=9755, TLS, session=<6MT1YExftwDAqAA2>

I'm pretty sure the reason has to do with Active Directory authenication 
locally, but of course
his iPhone is not a member of the domain, and he is no longer in 
/etc/passwd/shadow.

So, what is the best way to get the iPhone to authenticate?

Here's my current config:

> doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.88 x86_64 Slackware 14.2 
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
  driver = shadow
}
protocols = imap
ssl_cert = 

Re: Dovecot lmtp doesn't log

[Thomas Leuxner]

* Tomislav Perisic  2017.12.01 15:30:

> Does anyone have a working configuration regarding this that they don't
> have a problem with LMTP logging? If yes could you please send me your
> config and dovecot version to compare.
2.2.devel (904765b05):

# doveconf deliver_log_format syslog_facility
deliver_log_format = msgid=%m, time=%{delivery_time}ms, status=%$
syslog_facility = local1

rsyslog.conf:
local1.*-/var/log/dovecot/dovecot.log

local1.info   -/var/log/dovecot/dovecot.info
local1.warn   -/var/log/dovecot/dovecot.warn
local1.err/var/log/dovecot/dovecot.err
if ($syslogfacility-text=='local1') and ($programname=='dovecot') and\
($msg contains 'lmtp') and ($msg contains 'stored mail into mailbox')\
 then -/var/log/dovecot/dovecot.lmtp


signature.asc
Description: PGP signature

Re: Dovecot lmtp doesn't log

[Tomislav Perisic]

Hi,

Thanks for replying.

initially logging was done via syslog, and the custom log file for mail.*
facility was /var/log/maillog. Everything was logged normally (dovecot
login logouts, sieve scripts, extra debugging lines) but nothing regarding
LMTP. I would receive the email in my inbox but I wouldnt be able to see
anything in the logs regarding this. After that i turned off syslog and
used the direct dovecot logging to a separate file. Again, it was logging
everything except of LMTP (mail debug is turned on).

Does anyone have a working configuration regarding this that they don't
have a problem with LMTP logging? If yes could you please send me your
config and dovecot version to compare.

Or if anyone has any other ideas.

Thank you.


On Thu, Nov 30, 2017 at 2:34 PM, Stephan Bosch  wrote:

>
>
> Op 25-11-2017 om 13:00 schreef Tomislav Perisic:
>
>> Does anyone have any idea regarding this?
>>
>> On 17 Nov 2017 11:36, "Tomislav Perisic"  wrote:
>>
>> Hi,
>>
>> We have 2 servers, server A and server B.
>>
>> Server A has:
>>
>> Postfix
>> dovecot-2.2.33.2-1.el6.x86_64
>>
>> Server B has:
>>
>> dovecot-2.2.33.2-1.el6.x86_64
>> dovecot-pigeonhole-2.2.33.2-1.el6.x86_64
>>
>> Server A receives email on postfix, dovecot then takes that email from
>> postfix and proxies it to Server B Dovecot. Dovecot on Server B takes the
>> proxied email and delivers it with lmtp to the user inboxes.
>>
>> The problem is that the dovecot on server B Doesn't log anything regarding
>> the emails that are being delivered to the mailbox via lmtp.
>>
>> Dovecot on server A logs everything perfectly regarding the proxy, so my
>> assumption is that there is an issue with Dovecot lmtp logging. We changed
>> the logging from syslog directly to a file and we noticed the same
>> problem,
>> missing log entries.
>>
>> We also tried turning on verbose logging and it didn't help.
>>
>
> Are you sure you're looking in the right place?
>
> You can find out where logs are written using `doveadm log find`.
>
> Especially with mail_debug enabled, you should see a lot of log messages
> for an LMTP delivery.
>
> Regards,
>
> Stephan.
>
>
>
>> Server B:
>>
>> Red Hat  6.7 x86_64
>>
>> rpm -qa | grep dove
>> dovecot-2.2.33.2-1.el6.x86_64
>> dovecot-pigeonhole-2.2.33.2-1.el6.x86_64
>>
>> doveconf -n
>>
>> # 2.2.33.2: /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.21
>> auth_cache_negative_ttl = 0
>> auth_debug = yes
>> auth_debug_passwords = yes
>> auth_verbose = yes
>> listen = *
>> mail_debug = yes
>> mail_gid = mail
>> mail_location = maildir:~/Maildir
>> mail_plugins = " quota zlib"
>> mail_uid = vmail
>> managesieve_notify_capability = mailto
>>
>> namespace inbox {
>>inbox = yes
>>location =
>>mailbox Drafts {
>>  auto = subscribe
>>  special_use = \Drafts
>>}
>>mailbox Sent {
>>  auto = subscribe
>>  special_use = \Sent
>>}
>>mailbox Spam {
>>  auto = subscribe
>>  special_use = \Junk
>>}
>>mailbox Trash {
>>  auto = subscribe
>>  special_use = \Trash
>>}
>>mailbox Virus {
>>  auto = subscribe
>>}
>>
>> plugin {
>>quota = maildir:User quota
>>sieve_extensions = +editheader
>>sieve_max_actions = 32
>>sieve_max_redirects = 4
>>sieve_max_script_size = 1M
>>sieve_quota_max_scripts = 0
>>sieve_trace_debug = yes
>>sieve_trace_level = matching
>>sieve_vacation_dont_check_recipient = yes
>>sieve_vacation_send_from_recipient = yes
>>sieve_vacation_use_original_recipient = yes
>>zlib_save = gz
>>zlib_save_level = 6
>> }
>> protocols = imap pop3 lmtp sieve
>> service auth {
>>unix_listener auth-userdb {
>>  group = mail
>>  mode = 0666
>>  user = vmail
>>}
>> }
>> service lmtp {
>>inet_listener lmtp {
>>  port = xx
>>}
>> }
>> service managesieve-login {
>>inet_listener sieve {
>>  port = xx
>>}
>>service_count = 1
>> }
>>
>> protocol lmtp {
>>mail_plugins = " quota zlib sieve mail_log notify"
>> }
>> protocol imap {
>>mail_plugins = " quota zlib imap_quota imap_zlib"
>> }
>> protocol sieve {
>>managesieve_implementation_string = dovecot
>>managesieve_logout_format = bytes ( in=%i : out=%o )
>>managesieve_max_line_length = 65536
>>managesieve_sieve_capability = fileinto reject envelope
>> encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date ihave
>> }
>>
>
>

Re: Autoreplies are not sent

[Sergio Belkin]

2017-11-30 9:28 GMT-03:00 Sergio Belkin :

>
>
> El 30 nov. 2017 4:02 a.m., "Steffen Kaiser" 
> escribió:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On Wed, 29 Nov 2017, Sergio Belkin wrote:
>
> Now, I'd want to every mail was sent to support-...@example.com it
>> triggers
>> an autoreply vacation style.
>>
>> So, I've wrote and compiled a sieve filter, something like that and put in
>> op1@example.local sieve folder.
>>
>> But it fails complaining like that:
>> nov 29 15:55:39 muteriver.example.local dovecot[12549]: lmtp(12675,
>> op1@example.local): CqNdF6sCH1qDMQAAcSFsIQ: sieve: msgid=<
>> ded22f3d-f1e3-157e-0667-ca73d851d...@example.com>: discarding vacation
>> response for implicitly delivered message; no known (envelope) recipient
>> address found in message headers (recipient=, and
>> additional `:addresses' are specified)
>>
>
> your MTA does not pass the envelope sender to Dovecot. Do you use LMTP or
> LDA to deliver the messages?
>
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEVAwUBWh+tI8QnQQNheMxiAQLi4AgAuTja/RGggap3E/EmqoDt42FNfPV/Tx+i
> wYC/IoM9KG+IZE4YcVVQW15EMt3CYNWf8VFU4ln45yAPuE/QidZLBdV5P0Ob9CLn
> uh7o02fc4RHQsmLeDNL3A9NpNTJR/Tj013fW2ZFvEA4hNU7f7IM07j28xZMWLI0Z
> ToRXWptFmw4SYKuK3utPlE2D3H7kqxskY/736qEoW97p6KFzAre36BH1ANe25/dD
> SygYJNEuh5B1VsKZg/NJjTpPbZwLCsqoP0lOW/tCG/SyPO991jPM1vzuI2A5r9fk
> OsxjYnb4xnufiu3Xe0EUkFee3fen9EAQ1LZdDHaueKva3TQmPLb4ow==
> =2Ex/
> -END PGP SIGNATURE-
>
> Steffen, Thanks, I use lmtp.
> Greets.
>


I know by now that it's somewhat OT, but please could you give a clue to
set postfix to pass the envelope?
I have enable_original_recipient = yes  in postfix, but it does not work
either...

Thanks in advance!

-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org