Debug: SSL_get_servername() failed
I've setup Postfix to Dovecot LMTP delivery with mandatory TLS. Emails are being delivered with TLSv1.3 with no errors. However, setting: verbose_ssl = yes exposes this on each connection: lmtp(405619): Debug: SSL_get_servername() failed What it this mean, and what should I do about it?
Nightclub & Bar Show-Attendees List
Hi, Hope you're doing well! I am following up to check if you are interested in acquiring the pre-registered attendees List. Event Name: Nightclub & Bar Show Date : JUN/28 - JUN/30/2021 Location : Las Vegas, NV, United States Total Attendees: 17,000 Let me know your interest to send you further information. Regards, Emily Olson, Sr. Marketing Analyst.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
Ah, well, I suggest you write your own patch and implement it then, since you have no interest in any explanations at all having already made up your mind. You din't come here for help or information, you came to argue. right. that's it.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 09 Apr 2021, at 13:06, PGNet Dev wrote: >> then the software is entirely correct in deciding to use any of those >> addresses in whatever order it wants. > > Complete and utter malarkey. Ah, well, I suggest you write your own patch and implement it then, since you have no interest in any explanations at all having already made up your mind. You din't come here for help or information, you came to argue. You have the code, do as you will. -- "Are you pondering what I'm pondering?" "I think so, Brain. But suppose we do the hokey pokey and turn ourselves around, is that what it's really all about?"
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
then the software is entirely correct in deciding to use any of those addresses in whatever order it wants. Complete and utter malarkey. But believe what you like. Might wanna READ the code before going on about the "additional burden" http://dovecot.2317879.n4.nabble.com/how-to-set-smtp-client-gt-submission-relay-host-for-IPv4-only-td72077.html#a72097
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On Fri, Apr 09, 2021 at 01:15:27PM -0400, PGNet Dev wrote: There's no sound reason -- technical or otherwise -- of not providing perfectly legitimate infrastructure-config choices to the admin, and an option to override default behaviors. Especially when the override is of defaults that are questionable, internally-made assumptions in the 1st place. There most certainly is a sound reason, which is that it is code that would need to be written and maintained in order to solve a problem that is at least arguably user error. If the admin specifies a name rather than an IP address, and that name resolves to multiple addresses (whether they be different families of address is irrelevant), then the software is entirely correct in deciding to use any of those addresses in whatever order it wants. If you want to route around the DNS because of breakage in your local configuration, use a specific address or create a name that contains only the addresses you want. It is unreasonable instead to impose a burden of maintenance on the dovecot developers, or the penalty of poorly-exercised code (since this is, frankly, a corner case) on all the users. Regards, A -- Andrew Sullivan a...@crankycanuck.ca
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 4/9/21 12:55 PM, @lbutlr wrote: On 09 Apr 2021, at 08:29, PGNet Dev wrote: And it's a bad assumption that since the host is dual-stack that all services on it will be. If a hostname resolves to both an A and record, it should provides services on both. Says who/what? There is no should/must/shall in any internet standard that suggest/implies/requires that. It's blatantly obnvisou because otherwise you have to try to figure out if www.example.com:587 is on the A or the record, which is pretty much he opposite of how multiple records work. er, huh? the 'net doesn't run on what you think is 'blatantly obvious'. at least _my_ 'net doesn't. just because there's an available record does not mean that one intends to, let alone HAS to, use it. If you want to manage your infrastructure to suit your needs, then do so. That's the point. It's your choice. Feel free to be as loose or locked down as you choose. Postfix, as well as other services, seems to manage this all quite nicely. Define/restrict listeners as needed. Postfix, e.g., diligently adheres to internet standards, typically making them defaults, and often-not-always providing a knob to override. Where a standard does not mandate a preference, the preference is available & configurable by default. The app does not presume to assume what your infrastructure should be. Or other silly assumptions for that matter. OTOH, Re: this^ IPv6 business, dovecot, - *hardcodes* the order of inet addr family preference -- IPv6 first -- in its source - ignores system-defined precedence of IPv6/IPv4 in /etc/gai.conf - provides no option to set/override There's no sound reason -- technical or otherwise -- of not providing perfectly legitimate infrastructure-config choices to the admin, and an option to override default behaviors. Especially when the override is of defaults that are questionable, internally-made assumptions in the 1st place.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 09 Apr 2021, at 08:29, PGNet Dev wrote: > >>> And it's a bad assumption that since the host is dual-stack that all >>> services on it will be. >> If a hostname resolves to both an A and record, it should provides >> services on both. > > Says who/what? > > There is no should/must/shall in any internet standard that > suggest/implies/requires that. It's blatantly obnvisou because otherwise you have to try to figure out if www.example.com:587 is on the A or the record, which is pretty much he opposite of how multiple records work. If you had a DNS that returned multiple IPs got ;old balancing, would it be rational to have only SOME of those IPs respond on port 587 and others respond only on port 465 or 8955? Of course not. If you have to mandate ipv4, use the ipv4 address. -- I desire the things that will destroy me in the end.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 09 Apr 2021, at 07:57, Arjen de Korte wrote: > Citeren PGNet Dev : >> And it's a bad assumption that since the host is dual-stack that all >> services on it will be. > I fail to see why. If a hostname resolves to both an A and record, it > should provides services on both. Yes, that would be my stance on it. >> The 'solution' is to have Dovecot relay submit connect where & how you TELL >> it to connect, NOT where it assumes it's OK to connect. > > You've already told it where to connect: internal.mx.example.com. Since that > host has both an A and record, you're telling it both are equally fine. > If that's not what you want, either hardcode the IPv4 address in the > submission_relay_host or create an internal-ipv4.mx.example.com A record. Right. The tools are already there, there is no need for dovecot to add another specific setting for this edge case when it is entirely unnecessary. > It's a head scratcher why people still insist on running services on legacy > IPv4 only. Some of us have no choice, sadly. Two of the largest ISPs (Comcast and Century Link) in the US refuse to offer IPv6 to business customers, and have gone to some lengths to screw up IPv6 for their consumer customers. -- Alice: If you would just shut up for about for two seconds, this sex dream would pass the Bechdel test.
Re: debug SMTP commands sent/received to/from the submission service
Aki Tuomi wrote: > > > > I'm trying to debug SMTP commands clients send to the submission > > service. > > > > I've tried > > > > protocol submission { > > rawlog_dir = /var/tmp/dovecot > > } > > > > but /var/tmp/dovecot remains empty. What am I missing? I'd use Wireshark > > but the communication between SMTP clients and Dovecot is encrypted > > after STARTTLS, so Wireshark is pretty useless here. > > > > Can you please point me to the right direction to log all SMTP commands? > > All is happening on Debian/buster, Dovecot 2.3.4.1. > > > > -- > > Victor Sudakov VAS4-RIPE > > http://vas.tomsk.ru/ > > 2:5005/49@fidonet > > Sorry for sending empty mail first... > > I would recommend using > >rawlog_dir = /var/tmp/dovecot/%u > > and then ensuring that the directory, which expands to the username, > *exists* and is *writable* to your mail user. Dovecot will not attempt > to create this directory. > Well, I did not use the "%u" macro as I would be happy to have all raw logs in one directory, but the directory /var/tmp/dovecot/ does exist and is chmod 777, and I did "systemctl reload dovecot" after changing the config, still there is nothing there. Any more ideas? -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet signature.asc Description: PGP signature
Re: debug SMTP commands sent/received to/from the submission service
Plutocrat wrote: > On 09/04/2021 15.13, Victor Sudakov wrote: > > I'd use Wireshark but the communication between SMTP clients and Dovecot is > > encrypted > > after STARTTLS, so Wireshark is pretty useless here. > > You might get some useful information connecting with openssl s_client > > Here's a page googled at random. > https://halon.io/blog/how-to-test-smtp-servers-using-the-command-line/ Maybe I had phrased my question incorrectly, but I am interested in snooping the exchange between Dovecot and an SMTP client (PHP Mailer in my case), not in manual sending of SMTP commands. -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet signature.asc Description: PGP signature
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
And it's a bad assumption that since the host is dual-stack that all services on it will be. If a hostname resolves to both an A and record, it should provides services on both. Says who/what? There is no should/must/shall in any internet standard that suggest/implies/requires that.
Dovecot in my book
Hello everybody, I just wanted to let you know that Dovecot installation and configuration are extensively discussed in my first book (among other subjects). Not trying to spam; I just thought you might like to know. The book is available in English: https://www.apress.com/book/9781484269596 in French: https://www.editions-eni.fr/livre/installation-et-configuration-d-un-serveur-internet-bind-apache-nginx-dovecot-postfix-9782409026027 and in Dutch: https://webshop.boomberoepsonderwijs.nl/101-6714_configuratie-van-een-internetserver Any remarks and suggestions are welcomed. Keep up the good work! Have a nice weekend, Rob LA LAU -- | Contact :| ISBN : || | rob...@librobert.net | 978-90-372-5751-9 | www.librobert.net | 978-2-409-02602-7 | +33.6.41.38.44.94 | 978-1-4842-6959-6
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On Friday, April 9, 2021 5:19:20 AM AKDT PGNet Dev wrote: > And it's a bad assumption that since the host is dual-stack that all > services on it will be. That's right. Email stuff that's supposed to work has to be crippled and disabled somehow so that it does not actually work as it is supposed to. There's a knob to tweak to break someone's mailbox for a party prank, cut off a service if it isn't immediately obvious how it's affecting someone else's work, or screw something else up so it can't or doesn't work reliably, either. signature.asc Description: This is a digitally signed message part.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
Citeren PGNet Dev : On 4/9/21 8:08 AM, @lbutlr wrote: On 08 Apr 2021, at 06:08, PGNet Dev wrote: whereas other services listen at both IPv4 & IPv6 addresses, with IPv6 preferred over IPv4, postfix listens ONLY on IPv4, Do you mean that YOUR postfix only listens to ipv4? Yep. If so, wouldn't the solution be to setup postfix to listen to ipv6? That would work, of course, but that's not the point. I'm not planning to open postfix listener on the public IPv6 in order to accommodate one service connection (Dovecot's relay submit), only to have to add add'l knobs to lock down access. There is no need to use a global address, assuming the systems Postfix and Dovecot are on the same LAN, a link-local IPv6 address would be just fine. This is no less insecure than a RFC1918 IPv4 address. And it's a bad assumption that since the host is dual-stack that all services on it will be. I fail to see why. If a hostname resolves to both an A and record, it should provides services on both. The 'solution' is to have Dovecot relay submit connect where & how you TELL it to connect, NOT where it assumes it's OK to connect. You've already told it where to connect: internal.mx.example.com. Since that host has both an A and record, you're telling it both are equally fine. If that's not what you want, either hardcode the IPv4 address in the submission_relay_host or create an internal-ipv4.mx.example.com A record. It's already possible to set submission_relay_host = submission_relay_port = submission_relay_ssl= submission_relay_ssl_verify = submission_relay_trusted= in order to specify exactly how/where to securely connect for relay. It's a head scratcher what the philosophical reticence is for completing the picture with a submission_relay_inet_protocols or somesuch. It's a head scratcher why people still insist on running services on legacy IPv4 only.
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 4/9/21 8:08 AM, @lbutlr wrote: On 08 Apr 2021, at 06:08, PGNet Dev wrote: whereas other services listen at both IPv4 & IPv6 addresses, with IPv6 preferred over IPv4, postfix listens ONLY on IPv4, Do you mean that YOUR postfix only listens to ipv4? Yep. If so, wouldn't the solution be to setup postfix to listen to ipv6? That would work, of course, but that's not the point. I'm not planning to open postfix listener on the public IPv6 in order to accommodate one service connection (Dovecot's relay submit), only to have to add add'l knobs to lock down access. And it's a bad assumption that since the host is dual-stack that all services on it will be. The 'solution' is to have Dovecot relay submit connect where & how you TELL it to connect, NOT where it assumes it's OK to connect. It's already possible to set submission_relay_host = submission_relay_port = submission_relay_ssl= submission_relay_ssl_verify = submission_relay_trusted= in order to specify exactly how/where to securely connect for relay. It's a head scratcher what the philosophical reticence is for completing the picture with a submission_relay_inet_protocols or somesuch. Postfix added support for IPv6 back in version 2 days. inet_protocols = ipv4, ipv6 or inet_protocols = all (My ISP does not provide IPv6, so I have little experience with it, so entirely possible I am missing something here).
Re: altmove reverse doesn't work
I already trued doveadm purge but with no luck. Also debug parameter doesn't show any interesting output as you can see below. It shows that it's moving about 7 messages but in fact it doesn't do anything. If I repeat the command the output is still same. I just found that a few other people already explained same problem, for example here: https://dovecot.org/pipermail/dovecot/2021-February/121329.html Is there any chance to get it fixed in upstream? Apr 09 14:58:00 Debug: Loading modules from directory: /usr/lib/dovecot/modules Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/lib20_fts_plugin.so Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Apr 09 14:58:00 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Apr 09 14:58:00 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Apr 09 14:58:00 Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so Apr 09 14:58:00 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: auth-master: userdb lookup(myu...@mydomain.yyy): Started userdb lookup Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=14462,uid=0): Client connected (fd=8) Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: auth-master: userdb lookup(myu...@mydomain.yyy): auth USER input: myu...@mydomain.yyy quota_rule=*:bytes=20GB Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: auth-master: userdb lookup(myu...@mydomain.yyy): Finished userdb lookup (username=myu...@mydomain.yyy quota_rule=*:bytes=20GB) Apr 09 14:58:00 doveadm(myu...@mydomain.yyy)<27721><>: Debug: Added userdb setting: plugin/quota_rule=*:bytes=20GB Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Effective uid=2000, gid=2000, home=/var/vmail/mydomain.yyy.com/myuser Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota root: name=User quota backend=dict args=:proxy::quota Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota rule: root=User quota mailbox=* bytes=21474836480 messages=0 Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota rule: root=User quota mailbox=Trash ignored Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota rule: root=User quota mailbox=Junk ignored Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota warning: bytes=17179869184 (80%) messages=0 reverse=no command=quota-warning 90 myu...@mydomain.yyy Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota warning: bytes=18253611008 (85%) messages=0 reverse=no command=quota-warning 95 myu...@mydomain.yyy Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota warning: bytes=20401094656 (95%) messages=0 reverse=no command=quota-warning 105 myu...@mydomain.yyy Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Quota grace: root=User quota bytes=2147483648 (10%) Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: quota-dict: user=myu...@mydomain.yyy, uri=proxy::quota, noenforcing=0 Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox:ALT=/var/vmail-archive/mydomain.yyy.com/myuser/mdbox Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: fs: root=/var/vmail/mydomain.yyy.com/myuser/mdbox, index=, indexpvt=, control=, inbox=, alt=/var/vmail-archive/mydomain.yyy.com/myuser/mdbox Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: fts: No fts setting - plugin disabled Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: acl: initializing backend with data: vfile Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: acl: acl username = myu...@mydomain.yyy Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: acl: owner = 1 Apr 09 14:58:00 doveadm(myu...@mydomain.yyy): Debug: acl vfile: Global ACLs disabled Apr 09 14:58:00 doveadm(myu...@mydomain.yyy):
Re: altmove reverse doesn't work
> On 09/04/2021 15:34 Zdeněk Zámečník wrote: > > > I am having troubles with moving emails from alternative storage to primary > storage. If I call command like: > doveadm altmove -r -u myu...@mydomain.yyy ALL > it is doing something (it took almost a minute at first time) but there are > still emails in alternative storage. There is not reported any error. Below > is my config: > Try running doveadm -D altmove -r -u myu...@mydomain.yyy ALL maybe it sheds some light? Also, try running doveadm purge after altmove. Aki
altmove reverse doesn't work
I am having troubles with moving emails from alternative storage to primary storage. If I call command like: doveadm altmove -r -u myu...@mydomain.yyy ALL it is doing something (it took almost a minute at first time) but there are still emails in alternative storage. There is not reported any error. Below is my config: # Pigeonhole version 0.5.14 (1b5c82b2) # OS: Linux 5.3.18-3-pve x86_64 Debian 10.9 # Hostname: mail.mydomain.yyy auth_cache_size = 2 M auth_cache_ttl = 5 mins auth_cache_verify_password_with_worker = yes auth_master_user_separator = * auth_mechanisms = plain login dict { acl = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no imap_client_workarounds = delay-newmail imap_hibernate_timeout = 5 secs imap_id_log = * imap_id_retain = yes login_trusted_networks = 127.0.0.0/8 mail_gid = 2000 mail_home = /var/vmail/%d/%n mail_location = mdbox:~/mdbox:ALT=/var/vmail-archive/%d/%n/mdbox mail_max_userip_connections = 60 mail_plugins = acl zlib fts quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader imapsieve vnd.dovecot.imapsieve mdbox_rotate_interval = 1 days mdbox_rotate_size = 16 M namespace { inbox = yes location = mailbox "Deleted Items" { auto = no special_use = \Trash } mailbox "Deleted Messages" { auto = no special_use = \Trash } mailbox Drafts { auto = no special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox "Junk E-mail" { auto = no special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = no special_use = \Junk } mailbox Trash { special_use = \Trash } mailbox virtual/All { auto = no special_use = \All } prefix = separator = / type = private } namespace { inbox = no list = children location = mdbox:/var/vmail/%%d/%%n/mdbox:ALT=/var/vmail-archive/%%d/%%n/mdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { args = /etc/dovecot/masters.db driver = passwd-file master = yes pass = yes } plugin { acl = vfile acl_shared_dict = proxy::acl imapsieve_mailbox1_before = file:/var/vmail/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * imapsieve_mailbox3_before = file:/var/vmail/sieve/report-spam.sieve imapsieve_mailbox3_causes = COPY imapsieve_mailbox3_name = Junk imapsieve_mailbox4_before = file:/var/vmail/sieve/report-ham.sieve imapsieve_mailbox4_causes = COPY imapsieve_mailbox4_from = Junk imapsieve_mailbox4_name = * mailbox_alias_new = Sent Messages mailbox_alias_new2 = Sent Items mailbox_alias_new3 = Deleted Items mailbox_alias_old = Sent mailbox_alias_old2 = Sent mailbox_alias_old3 = Trash quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule2 = Trash:ignore quota_rule3 = Junk:ignore quota_warning = storage=80%% quota-warning 90 %u quota_warning2 = storage=85%% quota-warning 95 %u quota_warning3 = storage=95%% quota-warning 105 %u sieve = /var/vmail/%d/%n/sieve/.sieve sieve_after = /var/vmail/%d/%n/sieve/autoreply.sieve sieve_before = /var/vmail/sieve/global.sieve sieve_dir = /var/vmail/%d/%n/sieve sieve_extensions = +editheader +vacation-seconds sieve_global_dir = /var/vmail/sieve/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_max_redirects = 20 sieve_max_script_size = 2M sieve_pipe_bin_dir = /usr/lib/dovecot sieve_plugins = sieve_imapsieve sieve_extprograms sieve_vacation_send_from_recipient = yes } protocols = imap sieve lmtp pop3 service auth-worker { unix_listener auth-worker { user = vmail } user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = vmail } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap-hibernate { unix_listener imap-hibernate { group = $default_internal_group mode = 0660 } } service imap-login { process_min_avail = 10 service_count = 0 vsz_limit = 512 M } service imap { executable = imap
Re: How to prevent, or change priority, of dovecot's FAILed relay-submission to relay's IPv6 address, and submit ONLY/first to IPv4?
On 08 Apr 2021, at 06:08, PGNet Dev wrote: > whereas other services listen at both IPv4 & IPv6 addresses, with IPv6 > preferred over IPv4, postfix listens ONLY on IPv4, Do you mean that YOUR postfix only listens to ipv4? If so, wouldn't the solution be to setup postfix to listen to ipv6? Postfix added support for IPv6 back in version 2 days. inet_protocols = ipv4, ipv6 or inet_protocols = all (My ISP does not provide IPv6, so I have little experience with it, so entirely possible I am missing something here). -- Eliot: Jesus. Alice has gone full Harry Potter part seven/eight over there. Margo: God, I hope we're winning.
Re: debug SMTP commands sent/received to/from the submission service
On 09/04/2021 15.13, Victor Sudakov wrote: I'd use Wireshark but the communication between SMTP clients and Dovecot is encrypted after STARTTLS, so Wireshark is pretty useless here. You might get some useful information connecting with openssl s_client Here's a page googled at random. https://halon.io/blog/how-to-test-smtp-servers-using-the-command-line/ And man page. https://linux.die.net/man/1/s_client P
Re: debug SMTP commands sent/received to/from the submission service
> On 09/04/2021 10:13 Victor Sudakov wrote: > > > Dear Colleagues, > > I'm trying to debug SMTP commands clients send to the submission > service. > > I've tried > > protocol submission { > rawlog_dir = /var/tmp/dovecot > } > > but /var/tmp/dovecot remains empty. What am I missing? I'd use Wireshark > but the communication between SMTP clients and Dovecot is encrypted > after STARTTLS, so Wireshark is pretty useless here. > > Can you please point me to the right direction to log all SMTP commands? > All is happening on Debian/buster, Dovecot 2.3.4.1. > > -- > Victor Sudakov VAS4-RIPE > http://vas.tomsk.ru/ > 2:5005/49@fidonet Sorry for sending empty mail first... I would recommend using rawlog_dir = /var/tmp/dovecot/%u and then ensuring that the directory, which expands to the username, *exists* and is *writable* to your mail user. Dovecot will not attempt to create this directory. Aki
Re: debug SMTP commands sent/received to/from the submission service
> On 09/04/2021 10:13 Victor Sudakov wrote: > > > Dear Colleagues, > > I'm trying to debug SMTP commands clients send to the submission > service. > > I've tried > > protocol submission { > rawlog_dir = /var/tmp/dovecot > } > > but /var/tmp/dovecot remains empty. What am I missing? I'd use Wireshark > but the communication between SMTP clients and Dovecot is encrypted > after STARTTLS, so Wireshark is pretty useless here. > > Can you please point me to the right direction to log all SMTP commands? > All is happening on Debian/buster, Dovecot 2.3.4.1. > > -- > Victor Sudakov VAS4-RIPE > http://vas.tomsk.ru/ > 2:5005/49@fidonet
debug SMTP commands sent/received to/from the submission service
Dear Colleagues, I'm trying to debug SMTP commands clients send to the submission service. I've tried protocol submission { rawlog_dir = /var/tmp/dovecot } but /var/tmp/dovecot remains empty. What am I missing? I'd use Wireshark but the communication between SMTP clients and Dovecot is encrypted after STARTTLS, so Wireshark is pretty useless here. Can you please point me to the right direction to log all SMTP commands? All is happening on Debian/buster, Dovecot 2.3.4.1. -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet signature.asc Description: PGP signature