Re: Dovecot - Xoauth2 - keycloak

[Aki Tuomi]

> On 09/07/2020 01:29 la.jolie@paquerette  wrote:
> 
>  
> Hello,
> 
> Still trying to make roundcube / Dovecot works with Keycloak.
> 
> Dovecot can't seem to validate the access_token that Roundcube gave.

Dovecot always does GET request when it does tokeninfo call. If you want to do 
introspection, you can tell dovecot to do POST into the token endpoint, but 
then you should leave the tokeninfo URL empty.

See https://doc.dovecot.org/configuration_manual/authentication/oauth2/

Aki

Re: Urgent Help required

[Aki Tuomi]

> On 08/07/2020 22:24 Justina Colmena ~biz  wrote:
> 
>  
> On July 8, 2020 11:01:20 AM AKDT, Alexander Dalloz  wrote:
> >Am 08.07.2020 um 20:28 schrieb Kishore Potnuru:
> >> Thank you for the reply.
> >> 
> >> As per our current infrastructure, I can go maximum of the redhat 7.7
> >> version. Not more than that. Am I able to install or upgrade to
> >dovecot 2.3
> >> version in redhat 7.7?
> 
> I am running Dovecot 2.2 "u" on CentOS from https://ius.io/. If there is a 
> package there for 2.3, it should be possible to upgrade on either CentOS or 
> RHEL.
> 
> I am still a little bit confused or concerned why mainstream packages seem to 
> be lagging so far behind on CentOS and RHEL since the sudden acquisition or 
> hostile corporate takeover of Red Hat by IBM.
> 
> Possibly a corporate labor-union work slowdown.  IBM is too big, too blue, 
> and too politically correct. Something is a little bit off. Too many echoes 
> in the hallways.
> 
> /Sorry for the rant.
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

We provide official community edition RPMs at https://repo.dovecot.org  for 2.3.

Aki

Dovecot - Xoauth2 - keycloak

[la.jolie@paquerette]

Hello,

Still trying to make roundcube / Dovecot works with Keycloak.

Dovecot can't seem to validate the access_token that Roundcube gave.
-
Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/tokeneyJhbGciOiJFUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEZzR2aWtndzN2MWVpQVgxMU10YkFIaXRaUnM2R2RlVzN3b3hGTTBpd1NnIn0.eyJleHAiOjE1OTQyNDE0NjUsImlhdCI6MTU5NDI0MTI4NSwiYXV0aF90aW1lIjoxNTk0MjM0ODI3LCJqdGkiOiI0NjRlZjc5NS0yZDYzLTQzYjktYjU4My1iYTY2MmFkMWRhYzUiLCJpc3MiOiJodHRwczovL3Nzby5udWJvLmNvb3AvYXV0aC9yZWFsbXMvdGVzdF9zYW1sIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjhlZWNiODVjLTZlMDYtNGZhNC1iYTAwLTdlMGRlM2MyMWYxNCIsInR5cCI6IkJlYXJlciIsImF6cCI6InJvdW5kY3ViZSIsInNlc3Npb25fc3RhdGUiOiJmOTYyNWM3OS02OTM5LTRkZjEtOGM2Yi1hYWM5Y2EzYWJkY2YiLCJhY3IiOiIwIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9yYy5udWJvLmRvbWFpbmVwdWJsaWMubmV0Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgbWljcm9wcm9maWxlLWp3dCBwcm9maWxlIGVtYWlsIG9mZmxpbmVfYWNjZXNzIiwidWlkIjoicXVlbmVubmkiLCJ1cG4iOiJxdWVuZW5uaSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6Iktlbm55IExvdXZlYXV4IExvdXZlYXV4IiwiZ3JvdXBzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXSwicHJlZmVycmVkX3VzZXJuYW1lIjoicXVlbmVubmkiLCJnaXZlbl9uYW1lIjoiS2VubnkgTG91dmVhdXgiLCJmYW1pbHlfbmFtZSI6IkxvdXZlYXV4IiwiZW1haWwiOiJrZW5ueUBudWJvLnNpdGUifQ.TsUBiZ5nSTuA9ojr6bao5NQUHeNRmcYQZsC95rrhYca9FsFG4xG8mT53X9eOSNEqzRMJiPHaDuAh-3Bq8Rjdlg]:
Sent header
Jul 08 20:48:05 auth: Debug: http-client[1]: peer 11.22.33.44:443: No
more requests to service for this peer (1 connections exist, 0 pending)
Jul 08 20:48:05 auth: Debug: http-client[1]: conn 11.22.33.44:443 [0]:
Got 404 response for request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/tokeneyJhbGciOiJFUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEZzR2aWtndzN2MWVpQVgxMU10YkFIaXRaUnM2R2RlVzN3b3hGTTBpd1NnIn0.eyJleHAiOjE1OTQyNDE0NjUsImlhdCI6MTU5NDI0MTI4NSwiYXV0aF90aW1lIjoxNTk0MjM0ODI3LCJqdGkiOiI0NjRlZjc5NS0yZDYzLTQzYjktYjU4My1iYTY2MmFkMWRhYzUiLCJpc3MiOiJodHRwczovL3Nzby5udWJvLmNvb3AvYXV0aC9yZWFsbXMvdGVzdF9zYW1sIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjhlZWNiODVjLTZlMDYtNGZhNC1iYTAwLTdlMGRlM2MyMWYxNCIsInR5cCI6IkJlYXJlciIsImF6cCI6InJvdW5kY3ViZSIsInNlc3Npb25fc3RhdGUiOiJmOTYyNWM3OS02OTM5LTRkZjEtOGM2Yi1hYWM5Y2EzYWJkY2YiLCJhY3IiOiIwIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9yYy5udWJvLmRvbWFpbmVwdWJsaWMubmV0Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgbWljcm9wcm9maWxlLWp3dCBwcm9maWxlIGVtYWlsIG9mZmxpbmVfYWNjZXNzIiwidWlkIjoicXVlbmVubmkiLCJ1cG4iOiJxdWVuZW5uaSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6Iktlbm55IExvdXZlYXV4IExvdXZlYXV4IiwiZ3JvdXBzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXSwicHJlZmVycmVkX3VzZXJuYW1lIjoicXVlbmVubmkiLCJnaXZlbl9uYW1lIjoiS2VubnkgTG91dmVhdXgiLCJmYW1pbHlfbmFtZSI6IkxvdXZlYXV4IiwiZW1haWwiOiJrZW5ueUBudWJvLnNpdGUifQ.TsUBiZ5nSTuA9ojr6bao5NQUHeNRmcYQZsC95rrhYca9FsFG4xG8mT53X9eOSNEqzRMJiPHaDuAh-3Bq8Rjdlg]
(took 11 ms + 19 ms in queue)
Jul 08 20:48:05 auth: Debug:
oauth2(my.mail@whatever,::1,): oauth2:
callback(0, Invalid token)


The access_token used by Dovecot is the right one.
Dovecot also has the right login (my.mail@whatever)

The Nginx and Keycloak logs show this:

 - - [08/Jul/2020:23:25:18 +0200] "POST
/auth/realms/test_saml/protocol/openid-connect/token HTTP/1.1" 200 3171
"-" "Guzzle/5.3.1 curl/7.64.0 PHP/7.3.14-1~deb10u1"
- - [08/Jul/2020:23:42:05 +0200] "GET

RE: Urgent Help required

[Marc Roos]

>> IBM is too big, too blue, and too politically correct. Something is a 
little bit off.

I would pick IBM over Microsoft or Google any time. Totally fan of 
OpenPOWER initiative and power8/9 cpu's. I hope your wrong and IBM - 
RedHat is going to be a great combination.

Re: Urgent Help required

[Alexander Dalloz]

Am 08.07.2020 um 22:16 schrieb Kishore Potnuru:

Our organisation has dependencies. There is a separate team/department who
creates the servers for us. When they build a new RHEL system, the system
will come up with various in-house softwares/tools. Those tools are not
compatible as of now with RHEL8. So, our organisation is going with redhat
7.7 only as of today which is supported for all in-house tools also.


Sir,

I was not talking about RHEL 8 at all. I was saying to use 7.8 or 
whatever will be current when you will make use of RHEL 7.


If you and your organisation is using RHEL 7 Update 7 then you are 
already running without current bug fixes - given you have no EUS 
contract - and that is a big no no.


Alexander

RE: Urgent Help required

[Marc Roos]

>>The other side of the question is, Why is the software always so 
"vulnerable" and "broken" in the first >>place as to be unsuitable for 
Long Term Support?
>>
>>If the software code worked when it was released some number of years 
ago, then why doesn't it still work >>the same way today as it it did 
when it was released?

Whenever I hear people complain about computers and/or software. I 
always suggest them to use something like the abacus of 2000 bc. You 
should be glad for what they do for you ;) And since humans operate 
them, you will find annoyances as with doctors amputating the wrong 
limb.

Re: Urgent Help required

[Kishore Potnuru]

Hi,

Our organisation has dependencies. There is a separate team/department who
creates the servers for us. When they build a new RHEL system, the system
will come up with various in-house softwares/tools. Those tools are not
compatible as of now with RHEL8. So, our organisation is going with redhat
7.7 only as of today which is supported for all in-house tools also.

This is my current situation:

1)

I have 2 test servers which are loaded with the following configuration.

=
[root@devap01 ~]# cat /etc/redhat-*
Red Hat Enterprise Linux Server release 6.10 (Santiago)

[root@devap01 ~]# dovecot --version
2.0.9

[root@devap01 ~]# postconf | grep mail_version
mail_version = 2.6.6
===

So, I would like to install the max possible dovecot version on the above
servers for the testing purpose. I would like to implement the
HA/Resilience with those 2 servers.  I have shared storage and individual
storage in this environment. But I am seeing some issues with both of them
( I explained details in my first email thread). please see if you can help.


2)  If it is successful, I will get two RHEL 7.7 servers to implement
the same in LIVE environment for HA/Resilience.


First I am going with compatibility issues to resolve in my environment.
Once that is resolved, I will go with HA/Resilience implementation.

Please let me know if you need any more details.

Thanks & Regards,
Kishore Potnuru


On Wed, Jul 8, 2020 at 8:57 PM Marc Roos  wrote:

>
>
> >>> with broken or vulnerable software is there really a benefit?
> >>
> >> LTS distributions back port necessary patches
>
> >Then the OP should be able to update to a dovecot that doesn't have the
> issue, right?
>
> I have no idea what his issue is, and why he is stuck even in specific
> releases. I have been running dovecot on el6 and el7 for years and years
> without issues.
>
>
>
>
>
>
>
>

Re: Urgent Help required

[infoomatic]

On 08.07.20 20:28, Kishore Potnuru wrote:
>
> I have another question. I understand redhat 6.10 will go out of
> support in november 2020. But this is a test environment. Am i able to
> install dovecot 2.3 version on redhat 6.10? For the Live support, I
> will be doing it on redhat 7.7 version. 
>
> For testing, I am trying redhat 6.10 version, if it is successful, i
> will be trying the Live one's on redhat 7.7 version.


Testing with version 6.10 and then running on 7.7 is probably not a good
idea. I highly recommend the same versions of software for testing and
production - so better start your tests on 7.7

RE: Urgent Help required

[Marc Roos]

>>> with broken or vulnerable software is there really a benefit?
>> 
>> LTS distributions back port necessary patches

>Then the OP should be able to update to a dovecot that doesn't have the 
issue, right?

I have no idea what his issue is, and why he is stuck even in specific 
releases. I have been running dovecot on el6 and el7 for years and years 
without issues.

Re: Urgent Help required

[@lbutlr]

On 08 Jul 2020, at 13:39, Marc Roos  wrote:
>> with broken or vulnerable software is there really a benefit?
> 
> LTS distributions back port necessary patches

Then the OP should be able to update to a dovecot that doesn't have the issue, 
right?




-- 
'And I suppose you know what sound is made by one hand clapping, do
you?' said the holy man nastily. YES. CL. THE OTHER HAND MAKES
THE AP.

Re: Urgent Help required

[Sami Ketola]

> On 8. Jul 2020, at 21.28, Kishore Potnuru  wrote:
> 
> Thank you for the reply. 
> 
> As per our current infrastructure, I can go maximum of the redhat 7.7 
> version. Not more than that. Am I able to install or upgrade to dovecot 2.3 
> version in redhat 7.7?
> 
> I have another question. I understand redhat 6.10 will go out of support in 
> november 2020. But this is a test environment. Am i able to install dovecot 
> 2.3 version on redhat 6.10? For the Live support, I will be doing it on 
> redhat 7.7 version. 
> 
> For testing, I am trying redhat 6.10 version, if it is successful, i will be 
> trying the Live one's on redhat 7.7 version.
> 
> Please help me if it is possible to install dovecot 2.3 on redhat 6.10? This 
> is a temporary test setup only. 

https://repo.dovecot.org/  has 2.3.10.1 CE release 
for CentOS 6. It should work on RHEL 6 too.

But since support for CentOS/RHEL 6 is dropping soon, I think we will stop 
building CentOS 6 CE releases soon. Not sure what will be the last one as I'm 
not in charge of that.

Sami

RE: Urgent Help required

[Marc Roos]

 
> with broken or vulnerable software is there really a benefit?

LTS distributions back port necessary patches

Re: Urgent Help required

[@lbutlr]

On 08 Jul 2020, at 12:28, Kishore Potnuru  wrote:
> As per our current infrastructure, I can go maximum of the redhat 7.7 version.

If you have artificial constraints that limit your software to only what is 
available for old Extended Support systems them when that old software is not 
working, you need to go to the people providing the extended support and have 
them fix the software.

I something is working in the current Dovecot but you can't use the current 
dovecot, there's not really any way for dovecot to solve that for you.

With the rapid changes in security requirements and in particular for mail, 
running mail on a 10 year-old release and maybe considering updating to a 6 
year-old release is just not a good plan.

It seems to me that mail, DNS, http, and TLS/SSH/etc software should be kept 
up-to-date on any forward-facing machines. "Extended" versions of the OS sound 
like they're a great idea, but when they leave you behind with broken or 
vulnerable software is there really a benefit?


-- 
Say, give it up, give it up, television's taking its toll That's
enough, that's enough, gimme the remote control I've been nice,
I've been good, please don't do this to me Turn it off, turn it
off, I don't want to have to see

Re: Urgent Help required

[Justina Colmena ~biz]

On July 8, 2020 11:01:20 AM AKDT, Alexander Dalloz  wrote:
>Am 08.07.2020 um 20:28 schrieb Kishore Potnuru:
>> Thank you for the reply.
>> 
>> As per our current infrastructure, I can go maximum of the redhat 7.7
>> version. Not more than that. Am I able to install or upgrade to
>dovecot 2.3
>> version in redhat 7.7?

I am running Dovecot 2.2 "u" on CentOS from https://ius.io/. If there is a 
package there for 2.3, it should be possible to upgrade on either CentOS or 
RHEL.

I am still a little bit confused or concerned why mainstream packages seem to 
be lagging so far behind on CentOS and RHEL since the sudden acquisition or 
hostile corporate takeover of Red Hat by IBM.

Possibly a corporate labor-union work slowdown.  IBM is too big, too blue, and 
too politically correct. Something is a little bit off. Too many echoes in the 
hallways.

/Sorry for the rant.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Urgent Help required

[Alexander Dalloz]

Am 08.07.2020 um 20:28 schrieb Kishore Potnuru:

Thank you for the reply.

As per our current infrastructure, I can go maximum of the redhat 7.7
version. Not more than that. Am I able to install or upgrade to dovecot 2.3
version in redhat 7.7?


Believe me, there is no technical reason why you can't use the current 
update release of RHEL 7. Current is


# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.8 (Maipo)

redhat-release-server-7.8-2.el7.x86_64


I have another question. I understand redhat 6.10 will go out of support in
november 2020. But this is a test environment. Am i able to install dovecot
2.3 version on redhat 6.10? For the Live support, I will be doing it on
redhat 7.7 version.


Red Hat does not provide a newer dovecot. If you don't need their 
support and just test out dovecot 2.3 you can get it as a working RPM 
package from ghettoforge.org.



For testing, I am trying redhat 6.10 version, if it is successful, i will
be trying the Live one's on redhat 7.7 version.

Please help me if it is possible to install dovecot 2.3 on redhat 6.10?
This is a temporary test setup only.


https://mirror.ghettoforge.org/distributions/gf/el/6/plus/x86_64/dovecot23-2.3.10.1-1.gf.el6.x86_64.rpm

http://ghettoforge.org/index.php/Usage


Thanks,
Kishore Potnuru


Alexander

Re: Urgent Help required

[Kishore Potnuru]

Thank you for the reply.

As per our current infrastructure, I can go maximum of the redhat 7.7
version. Not more than that. Am I able to install or upgrade to dovecot 2.3
version in redhat 7.7?

I have another question. I understand redhat 6.10 will go out of support in
november 2020. But this is a test environment. Am i able to install dovecot
2.3 version on redhat 6.10? For the Live support, I will be doing it on
redhat 7.7 version.

For testing, I am trying redhat 6.10 version, if it is successful, i will
be trying the Live one's on redhat 7.7 version.

Please help me if it is possible to install dovecot 2.3 on redhat 6.10?
This is a temporary test setup only.

Thanks,
Kishore Potnuru



On Wed, Jul 8, 2020 at 6:26 PM Alexander Dalloz  wrote:

> Am 08.07.2020 um 11:53 schrieb Kishore Potnuru:
> > Hi All,
> >
> > I request your help on this.
> >
> > I have 2 dovecot test servers (IMAP protocol) installed with the
> following
> > configuration.
> > =
> > [root@devap01 ~]# cat /etc/redhat-*
> > Red Hat Enterprise Linux Server release 6.10 (Santiago)
> >
> > [root@devap01 ~]# dovecot --version
> > 2.0.9
> >
> > [root@devap01 ~]# postconf | grep mail_version
> > mail_version = 2.6.6
> > ===
>
> Kishore,
>
> please don't address me personally. This is a mailing list and I don't
> offer / sell consulting.
>
> Let me comment only on the versions you provide. Please be aware that
> RHEL 6 will get EOL by end of November this year. So your strategy
> better comprises a migration to RHEL 7 or RHEL 8.
>
> Along that steps to a current RHEL major release you will profit from
> newer Dovecot and Postfix releases. Running RHEL 8 you would even get
> pretty current releases, still supported by the upstream projects.
>
> Alexander
>

Re: Urgent Help required

[Alexander Dalloz]

Am 08.07.2020 um 11:53 schrieb Kishore Potnuru:

Hi All,

I request your help on this.

I have 2 dovecot test servers (IMAP protocol) installed with the following
configuration.
=
[root@devap01 ~]# cat /etc/redhat-*
Red Hat Enterprise Linux Server release 6.10 (Santiago)

[root@devap01 ~]# dovecot --version
2.0.9

[root@devap01 ~]# postconf | grep mail_version
mail_version = 2.6.6
===


Kishore,

please don't address me personally. This is a mailing list and I don't 
offer / sell consulting.


Let me comment only on the versions you provide. Please be aware that 
RHEL 6 will get EOL by end of November this year. So your strategy 
better comprises a migration to RHEL 7 or RHEL 8.


Along that steps to a current RHEL major release you will profit from 
newer Dovecot and Postfix releases. Running RHEL 8 you would even get 
pretty current releases, still supported by the upstream projects.


Alexander

Request for help - dovecot

[Kishore Potnuru]

Hi All,

Can you please help me in understanding this:

1. At present my RHEL server is 6.10 version. Am I able to install dovecot
2.2 or 2.3 version?
2. Am i able to upgrade directly from 2.0 to 2.3? or I should go
periodically from 2.0 to 2.1, then 2.1 to 2.2, then 2.2 to 2.3?
3. could you please suggest to me steps to pick the correct package to
upgrade in the above version (2.1, 2.2, 2.3)?
4. From Which location do I need to download the packages?
5. I am using redhat servers. Am i able to directly download and upgrade
the software from my redhat linux server? Please advise step-by-step
instructions for this?

Thanks,
Kishore Potnuru

On Wed, Jul 8, 2020 at 11:38 AM Kishore Potnuru 
wrote:

> Thank you for your reply.
>
> 1. Am i able to upgrade directly from 2.0 to 2.3? or I should go
> periodically from 2.0 to 2.1, then 2.1 to 2.2, then 2.2 to 2.3?
> 2. could you please suggest me steps to pick the correct package to
> upgrade in the above version (2.1, 2.2, 2.3)?
> 3. which location i need to download the packages?
> 4. I am using redhat servers. Am i able to directly download and upgrade
> the software from my redhat linux server? please advise step-by-step
> instructions for this?
>
> Thanks,
> Kishore Potnuru
>
>
> On Wed, Jul 8, 2020 at 11:00 AM Apostolis Hardalias <
> a.hardal...@skroutz.gr> wrote:
>
>>
>> On 7/8/20 12:53 PM, Kishore Potnuru wrote:
>> > Hi All,
>> >
>> > I request your help on this.
>> >
>> > I have 2 dovecot test servers (IMAP protocol) installed with the
>> > following configuration.
>> > =
>> > [root@devap01 ~]# cat /etc/redhat-*
>> > Red Hat Enterprise Linux Server release 6.10 (Santiago)
>> >
>> > [root@devap01 ~]# dovecot --version
>> > 2.0.9
>> >
>> > [root@devap01 ~]# postconf | grep mail_version
>> > mail_version = 2.6.6
>> > ===
>> >
>> > I have another server also "devap02" with the same configuration.
>> >
>> > Couple of points/questions/queries here.
>> >
>> > 1. I know these servers are having old dovecot versions. I would like
>> > to upgrade to the latest versions. Could you please suggest the steps
>> > for upgrading to the latest version in redhat (step by step details
>> > are helpful please) . If I upgrade to the latest version, will there
>> > be any impact on the existing configuration/setup?
>>
>> Check the documents posted here:
>>
>> https://doc.dovecot.org/installation_guide/upgrading/from-2.0-to-2.1/
>>
>> https://doc.dovecot.org/installation_guide/upgrading/from-2.1-to-2.2/
>>
>> https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
>>
>> Depending on your setup, you may also need to check for changes to
>> additional software (e.g. amavis)
>>
>> >
>> > 2. Now I have added these 2 servers behind the Load Balancer. Enabled
>> > 110/143 ports on the Load Balancer FQDN (test.pop3.testing.com
>> > ) and opened the firewall ports. Here I
>> > configured IMAP settings from microsoft outlook to see the emails. I
>> > gave the Incoming Mail Server & Outgoing mail server as
>> > "test.pop3.testing.com ". It is
>> > configured without errors in Outlook. But I see these 2 types issues
>> > (shared storage & individual storage)
>> >
>> >a) individual separate storage - When I send 10 emails to LB FQDN
>> > (test.pop3.testing.com ), the emails are
>> > going to 2 backend servers. But when i see the emails from Outlook
>> > inbox, it shows 5 emails from one server for some time. After sometime
>> > it shows other 5 emails in the inbox. But, I am not able to see all 10
>> > emails at same time in my inbox. Please suggest how to fix this issue?
>> > In this scenario, I have separate individual storage in both the
>> servers.
>>
>> I'm not sure if you've set it up already because it's unclear from the
>> configuration you posted but, you may wanna have a look at:
>> https://wiki.dovecot.org/Replication
>>
>> I suggest using replication after you've upgraded since earlier versions
>> of dovecot had a few issues.
>>
>>
>> >b) common shared storage - I have tried a different scenario also.
>> > I also have one common NFS storage. So, I have configured that storage
>> > in both the servers. So when I sent 10 emails, I see all the 10 emails
>> > from both the servers as it is common shared storage. But, I am not
>> > getting those 10 emails delivered into my Outlook. I have made all the
>> > configuration correctly. Please suggest what is the mistake here.
>> >
>> > Dovecot.conf
>> > =
>> >
>> > [root@devap01 ~]# cat /etc/dovecot/dovecot.conf
>> > disable_plaintext_auth = no
>> >
>> > listen = *
>> > log_path = /var/log/dovecot.log
>> > mail_location = maildir:/r3/mail/virtual/%d/%n/Maildir/
>> > passdb {
>> > args = /etc/dovecot/passwd
>> > driver = passwd-file
>> > }
>> > pop3_uidl_format = %g
>> > protocols = imap pop3
>> > ssl = yes
>> > ssl_cert = > > ssl_key = > >
>> 

Re: Urgent Help required

[Kishore Potnuru]

Thank you for your reply.

1. Am i able to upgrade directly from 2.0 to 2.3? or I should go
periodically from 2.0 to 2.1, then 2.1 to 2.2, then 2.2 to 2.3?
2. could you please suggest me steps to pick the correct package to upgrade
in the above version (2.1, 2.2, 2.3)?
3. which location i need to download the packages?
4. I am using redhat servers. Am i able to directly download and upgrade
the software from my redhat linux server? please advise step-by-step
instructions for this?

Thanks,
Kishore Potnuru


On Wed, Jul 8, 2020 at 11:00 AM Apostolis Hardalias 
wrote:

>
> On 7/8/20 12:53 PM, Kishore Potnuru wrote:
> > Hi All,
> >
> > I request your help on this.
> >
> > I have 2 dovecot test servers (IMAP protocol) installed with the
> > following configuration.
> > =
> > [root@devap01 ~]# cat /etc/redhat-*
> > Red Hat Enterprise Linux Server release 6.10 (Santiago)
> >
> > [root@devap01 ~]# dovecot --version
> > 2.0.9
> >
> > [root@devap01 ~]# postconf | grep mail_version
> > mail_version = 2.6.6
> > ===
> >
> > I have another server also "devap02" with the same configuration.
> >
> > Couple of points/questions/queries here.
> >
> > 1. I know these servers are having old dovecot versions. I would like
> > to upgrade to the latest versions. Could you please suggest the steps
> > for upgrading to the latest version in redhat (step by step details
> > are helpful please) . If I upgrade to the latest version, will there
> > be any impact on the existing configuration/setup?
>
> Check the documents posted here:
>
> https://doc.dovecot.org/installation_guide/upgrading/from-2.0-to-2.1/
>
> https://doc.dovecot.org/installation_guide/upgrading/from-2.1-to-2.2/
>
> https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
>
> Depending on your setup, you may also need to check for changes to
> additional software (e.g. amavis)
>
> >
> > 2. Now I have added these 2 servers behind the Load Balancer. Enabled
> > 110/143 ports on the Load Balancer FQDN (test.pop3.testing.com
> > ) and opened the firewall ports. Here I
> > configured IMAP settings from microsoft outlook to see the emails. I
> > gave the Incoming Mail Server & Outgoing mail server as
> > "test.pop3.testing.com ". It is
> > configured without errors in Outlook. But I see these 2 types issues
> > (shared storage & individual storage)
> >
> >a) individual separate storage - When I send 10 emails to LB FQDN
> > (test.pop3.testing.com ), the emails are
> > going to 2 backend servers. But when i see the emails from Outlook
> > inbox, it shows 5 emails from one server for some time. After sometime
> > it shows other 5 emails in the inbox. But, I am not able to see all 10
> > emails at same time in my inbox. Please suggest how to fix this issue?
> > In this scenario, I have separate individual storage in both the servers.
>
> I'm not sure if you've set it up already because it's unclear from the
> configuration you posted but, you may wanna have a look at:
> https://wiki.dovecot.org/Replication
>
> I suggest using replication after you've upgraded since earlier versions
> of dovecot had a few issues.
>
>
> >b) common shared storage - I have tried a different scenario also.
> > I also have one common NFS storage. So, I have configured that storage
> > in both the servers. So when I sent 10 emails, I see all the 10 emails
> > from both the servers as it is common shared storage. But, I am not
> > getting those 10 emails delivered into my Outlook. I have made all the
> > configuration correctly. Please suggest what is the mistake here.
> >
> > Dovecot.conf
> > =
> >
> > [root@devap01 ~]# cat /etc/dovecot/dovecot.conf
> > disable_plaintext_auth = no
> >
> > listen = *
> > log_path = /var/log/dovecot.log
> > mail_location = maildir:/r3/mail/virtual/%d/%n/Maildir/
> > passdb {
> > args = /etc/dovecot/passwd
> > driver = passwd-file
> > }
> > pop3_uidl_format = %g
> > protocols = imap pop3
> > ssl = yes
> > ssl_cert =  > ssl_key =  >
> > userdb {
> > args = uid=vmail gid=vmail home=/r3/mail/virtual/%d/%n
> > driver = static
> > }
> > mail_debug = no
> > verbose_ssl = no
> > =
> >
> > Please help me here.
> >
> > Thanks,
> > Kishore Potnuru
>

Urgent Help required

[Kishore Potnuru]

Hi All,

I request your help on this.

I have 2 dovecot test servers (IMAP protocol) installed with the following
configuration.
=
[root@devap01 ~]# cat /etc/redhat-*
Red Hat Enterprise Linux Server release 6.10 (Santiago)

[root@devap01 ~]# dovecot --version
2.0.9

[root@devap01 ~]# postconf | grep mail_version
mail_version = 2.6.6
===

I have another server also "devap02" with the same configuration.

Couple of points/questions/queries here.

1. I know these servers are having old dovecot versions. I would like to
upgrade to the latest versions. Could you please suggest the steps for
upgrading to the latest version in redhat (step by step details are helpful
please) . If I upgrade to the latest version, will there be any impact on
the existing configuration/setup?


2. Now I have added these 2 servers behind the Load Balancer. Enabled
110/143 ports on the Load Balancer FQDN (test.pop3.testing.com) and opened
the firewall ports. Here I configured IMAP settings from microsoft outlook
to see the emails. I gave the Incoming Mail Server & Outgoing mail server
as "test.pop3.testing.com". It is configured without errors in Outlook. But
I see these 2 types issues (shared storage & individual storage)

   a) individual separate storage - When I send 10 emails to LB FQDN (
test.pop3.testing.com), the emails are going to 2 backend servers. But when
i see the emails from Outlook inbox, it shows 5 emails from one server for
some time. After sometime it shows other 5 emails in the inbox. But, I am
not able to see all 10 emails at same time in my inbox. Please suggest how
to fix this issue? In this scenario, I have separate individual storage in
both the servers.

   b) common shared storage - I have tried a different scenario also. I
also have one common NFS storage. So, I have configured that storage in
both the servers. So when I sent 10 emails, I see all the 10 emails from
both the servers as it is common shared storage. But, I am not getting
those 10 emails delivered into my Outlook. I have made all the
configuration correctly. Please suggest what is the mistake here.

Dovecot.conf
=

[root@devap01 ~]# cat /etc/dovecot/dovecot.conf
disable_plaintext_auth = no

listen = *
log_path = /var/log/dovecot.log
mail_location = maildir:/r3/mail/virtual/%d/%n/Maildir/
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
pop3_uidl_format = %g
protocols = imap pop3
ssl = yes
ssl_cert = 

Re: Outlook vs Thunderbird (re disabling SSL)

[Sam Kuper]

On Wed, Jul 08, 2020 at 12:05:55PM +1000, Mark Constable wrote:
> I spent a week trying every cypher combination I could find via Google
> for Dovecot but with the phone going off the hook from complaints by
> customers not being able to pick up their mail. We had to respond with
> some solution so, after a week, disabling SSL was very reluctantly the
> only option left. We lost ~40 customers to outlook.com because of
> this.

Ouch.  But does outlook.com not require TLS?  (I don't currently have an
outlook.com account.)

If so, then why would customers be able to solve their problem by moving
to outlook.com?  Maybe by using outlook.com's webmail interface, I
guess, but you could presumably compete with this by offering
Squirrelmail or Roundcube.

Yet another possible workaround for customers using email clients or
operating systems that don't speak recent versions of TLS is to have
them install stunnel on their PC, or else to send them a box (e.g.
Raspberry Pi) running stunnel that they can put on their LAN/WLAN:

https://joewein.net/blog/2018/07/04/outlook-express-error-0x800ccc0b-and-the-end-of-tls-1-0-deprecated-ssl-protocol/

https://en.wikipedia.org/wiki/Stunnel

Of course, the main problem with sending a box is that it would
periodically require software updates & reboots.  If you already have a
routine for upgrading software on boxes on customer premises, then
include the boxes in that routine; otherwise, it's a headache.

Also, the stunnel approach would not help for non-jailbroken iOS devices
except while they are downstream of an stunnel box.  So, OK over the
WLAN but no good while on mobile data.

Anyway, good luck!

-- 
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?

()  ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\  file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.