Re: Dovecot installation problem (libssl_iostream_openssl.so is not portable!)
> On 28/01/2022 18:00 Dimitri wrote: > > > Hi there, > > i try to install dovecot from source with the following configuration: > > ./configure --prefix=/test/core/dovecot --with-ssldir=/test/core/dovecot/tls > > the configuration runs fine with the following output at the end: > > Install prefix . : /test/core/dovecot > > File offsets ... : 64bit > > I/O polling : epoll > > I/O notifys : inotify > > SSL : yes (OpenSSL) > > GSSAPI . : no > > passdbs : static passwd passwd-file shadow checkpassword > > : -pam -bsdauth -ldap -sql > > userdbs : static prefetch passwd passwd-file checkpassword > > : -ldap -sql > > CFLAGS . : -std=gnu99 -g -O2 -fstack-protector-strong > > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=keep > > -mindirect-branch=keep -Wall -W -Wmissing-prototypes -Wmissing-declarations > > -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast > > -fno-builtin-strftime -Wstrict-aliasing=2 -I/test/dep/openssl/include > > SYSTEMD : notify - /lib/systemd/system/dovecot.service > > SQL drivers : > > : -pgsql -mysql -sqlite -cassandra > > Full text search : squat > > : -lucene -solr > > But when i start to build (make) after a while i get the following error: > > *** Warning: Linking the executable test-iostream-ssl against the loadable > > module > > *** libssl_iostream_openssl.so is not portable! > > libtool: link: gcc -std=gnu99 -g -O2 -fstack-protector-strong > > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=keep > > -mindirect-branch=keep -Wall -W -Wmissing-prototypes -Wmissing-declarations > > -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast > > -fno-builtin-strftime -Wstrict-aliasing=2 -I/test/dep/openssl/include -o > > .libs/test-iostream-ssl test-iostream-ssl.o > > ./.libs/libssl_iostream_openssl.so ./.libs/libssl_iostream.a > > ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -L/test/dep/openssl/lib64 > > -lssl -lcrypto -ldl -Wl,-rpath -Wl,/test/core/dovecot/lib/dovecot > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `ERR_free_strings' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `ENGINE_cleanup' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `SSL_library_init' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `OBJ_cleanup' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `CRYPTO_cleanup_all_ex_data' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `OpenSSL_add_all_algorithms' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `SSL_CTX_set_tmp_rsa_callback' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `EVP_cleanup' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `SSL_load_error_strings' > > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > > `SSL_CTX_need_tmp_RSA' > > collect2: error: ld returned 1 exit status > > make[3]: *** [Makefile:655: test-iostream-ssl] Error 1 > > make[3]: Leaving directory '/test/tmp/dovecot-2.3.17.1/src/lib-ssl-iostream' > > make[2]: *** [Makefile:573: all-recursive] Error 1 > > make[2]: Leaving directory '/test/tmp/dovecot-2.3.17.1/src' > > make[1]: *** [Makefile:702: all-recursive] Error 1 > > make[1]: Leaving directory '/test/tmp/dovecot-2.3.17.1' > > make: *** [Makefile:546: all] Error 2 > > I've searched for the error and find some posts about set explicitly CPPFLAGS > and LDFLAGS > and something about missing shared libraries of openssl. > > My openssl have shared libraries (libcrypto.so libssl.so ...) and the > explicit use of CPPFLAGS and LDFLAGS to my openssl hasn't changed anything > > I use Openssl 3.0 but i've tested also 1.1.1m and 1.1.1g for example, same > error! > Dovecot is the latest 2.3.17.1 > My OS is Ubuntu 21.04 > > Can anyone help me with this please? > Thanks! > > > Hi Dimitri, I tried with 2.3.17.1 and ubuntu 21.04 (AMD64) and had no issues building it with openssl 1.1.1j. Did you remember to properly clean out your openssl 3.0.0 before trying 1.1.1? Aki
Re: Set mail crypt private password with OAUTH?
> On 28/01/2022 21:27 Max Kostikov wrote: > > > We currently use Dovecot and mailbox encryption via the > mail-crypt-plugin. > With standard password authentication, we set the value of the > individual > password to encrypt the contents of the > userdb_mail_crypt_private_password > mailbox in the SQL query. > Is it possible to set the userdb_mail_crypt_private_password value when > authenticating via OAUTH2 ? > > -- > Best regards, > Max Kostikov You probably want to split your passdb drivers into two, one which does the authentication and second which populates the private password value. This way it should work correctly on both cases. passdb { driver = sql skip = unauthenticated ... } and ensure your return in this sql query `'Y' as noauthenticate'` Aki
Re: How to use virtual "All" and "Flagged" mailbox?
> On 26/01/2022 19:48 A B wrote: > > > Hello, > > I'm trying to use the virtual "All" and "Flagged" mailboxes as described in > 15-mailboxes.conf. > > The information here > (https://doc.dovecot.org/configuration_manual/virtual_plugin/) doesn't really > touch on how to actually interact with the virtual mailboxes. > > My presumption is that when I mark an email message in the Inbox as FLAGGED > (and I can confirm the \Flagged flag has been set) then I should then be able > to either (1) see a copy of that message in the virtual.Flagged folder, or > (2) when I use an imap command to get the message nums or whatever from the > virtual.Flagged folder/mailbox, it should return the message that is flagged > in the inbox as a result. > > Additionally, I'm presuming that for each new user that automatically gets > added, I would have to create my own script that would add the > dovecot-virtual file, dovecot doesn't do that on its own. > > When I view the user's directory I see these folders were created: > --- You usually use these global virtual folders like this: namespace virtual { location = virtual:/etc/dovecot/virtual:INDEX=~/.virtual:CONTROL=~/.virtual:VOLATILEDIR=~/.virtual/ ... rest of the settings } Then you create the dovecot-virtual files under /etc/dovecot/virtual like /etc/dovecot/virtual/Flagged/dovecot-virtual This lets you creat them automatically for all users. Aki
Re: Sync via ssh fails when ssl is active
> On 25/01/2022 15:35 Christian Mack wrote: > > > Hello > > Am 20.01.22 um 16:32 schrieb Johan: > > > > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied > > Check permission on /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem > > > Kind regards, > Christian Mack This is probably because of a known issue... You need to configure ssl=no !try_include ssl.conf and put in ssl.conf ssl=yes ssl_cert=
Re: Fwd: Dsync replication - delayed replication (Sync lock)
Did you check what process the locking PID was? Aki > On 25/01/2022 12:20 Claudio Corvino wrote: > > > Hi, > we have the same issue and the same configuration except for Dovecot version, > ours is the latest into Dovecot repo; in addition we do not have DNS round > robin. > Does anybody have a solution? > > Kind regards > On 07/09/20 15:53, Daniel Botting wrote: > > > Dear Sirs, > > Further to my last email have any list members seen this before and are > > able to offer advice on how to resolve this please. > > I should note as well that we are running Dovecot from the upstream Debian > > packages at https://repo.dovecot.org/ce-2.3-latest/debian/buster . > > > > Kind regards > > Daniel > > > > > > > > Forwarded Message > > Subject: Dsync replication - delayed replication (Sync lock) > > Date: Tue, 1 Sep 2020 16:17:15 +0100 > > From: Daniel Botting > > To: dovecot@dovecot.org > > > > > > > > Hi, > > Our setup: > > Two Debian 10 machines that are setup to replicate mail between them, we > > have round robin DNS setup so a user can connect to either server. > > > > What should happen: > > Mail is delivered to either server and replicated across straight away to > > their mailbox on the other server so it does not matter which one they are > > connected to they will receive it fairly soon after delivery. > > What actually happens: > > In some instances the user will experience a delayed receipt of messages if > > they are not connected to the server that the message is initially > > delivered to, sometimes the delay is 5/10 minutes, we had a recent support > > ticket submitted where it was over an hour. > > Error message seen in mail.err: > > > > Sep 1 10:16:15 dovecot: > > dsync-local(): Error: Couldn't lock > > /path/to/mailbox/.dovecot-sync.lock: > > fcntl(/path/to/mailbox/.dovecot-sync.lock, write-lock, F_SETLKW) locking > > failed: Timed out after 30 seconds (WRITE lock held by pid 3697) > > Process 3697 is dovecot/doveadm-server. > > > > Doveconf -n output: > > # 2.3.10.1 (a3d0e1171): /etc/dovecot/dovecot.conf > > # Pigeonhole version 0.5.10 (67bf5bd7) > > # OS: Linux 4.19.0-10-amd64 x86_64 Debian 10.5 > > # Hostname: > > auth_verbose = yes > > default_vsz_limit = 0 > > doveadm_password = # hidden, use -P to show it > > first_valid_gid = 8 > > first_valid_uid = 8 > > last_valid_gid = 8 > > last_valid_uid = 8 > > lda_mailbox_autocreate = yes > > lda_mailbox_autosubscribe = yes > > mail_gid = 8 > > mail_location = maildir:~/Maildir > > mail_plugins = " notify replication" > > mail_uid = 8 > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex im > > ap4flags copy include variables body enotify environment mailbox date > > index ihave duplicate mime foreverypart extracttext editheader imapfla > > gs > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Junk { > > special_use = \Junk > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix = > > } > > passdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > } > > plugin { > > mail_replica = tcps:: > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > sieve_extensions = +editheader +imapflags > > } > > postmaster_address = postmaster@ > > protocols = " imap sieve pop3" > > replication_max_conns = 12 > > service aggregator { > > fifo_listener replication-notify-fifo { > > user = mail > > } > > unix_listener replication-notify { > > user = mail > > } > > } > > service auth { > > unix_listener /var/run/dovecot-exim-bridge { > > mode = 0660 > > user = Debian-exim > > } > > } > > service doveadm { > > inet_listener { > > port = > > ssl = yes > > } > > } > > service imap-login { > > inet_listener imap { > > port = 143 > > } > > } > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > process_limit = 512 > > process_min_avail = 4 > > service_count = 1 > > } > > service imap { > > process_limit = 1024 > > } > > service managesieve-login { > > inet_listener sieve { > > port = > > } > > process_min_avail = 1 > > service_count = 8 > > vsz_limit = 256 M > > } > > service managesieve { > > process_limit = 1024 > > } > > service replicator { > > process_min_avail = 1 > > unix_listener replicator-doveadm { > > mode = 0666 > > } > > } > > ssl = required > > ssl_cert = > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > > ssl_client_ca_dir = /etc/ssl/certs > > ssl_key = # hidden, use -P to show it > > ssl_min_protocol = TLSv1.2 > > userdb { > > args = /etc/dovecot/dovecot-ldap.conf.ext > > driver = ldap > > override_fields =
Re: Received invalid SSL certificate: unable to get certificate CRL
> On 26/01/2022 11:19 Markus Winkler wrote: > > > Hi Laura, > > On Wed, 26 Jan 2022 at 12:09:04AM +, Laura Smith wrote: > >‐‐‐ Original Message ‐‐‐ > >> > >> I thought that > >> > >> ssl_ca = >> > >> is worth a try. > > > > > >Does ssl_ca even apply to dsync/imapc ? > > as I wrote: I cannot test your scenario and the link to the documentation I > sent was only a rough idea. > > >Looking at the docs its all about client certificate authentication ? > >Something which does not apply to my environment, and even if it did, it > >would not apply to dsync/imapc because I am initiating the connection, not > >the remote end ? > > In my understanding this parameter is not only about client certificate > authentication. If you want, then please have a look at this: > > https://doc.dovecot.org/settings/core/#core_setting-ssl_ca > > [...] > These CAs are also used by some processes for validating outgoing SSL > connections, i.e. performing the same function as ssl_client_ca_file. > [...] > > And that's why I wrote: it's worth a try (it takes only two minutes to test > it ...). IMHO of course. If you don't want to test it, OK. But I have > no further ideas, sorry. > > Regards, > Markus Hi Laura, did you try this? Did it work? Aki
Re: silly quesiton [ot]
On Sun, Jan 30, 2022 at 07:49:56PM -0900, justina colmena ~biz wrote: > On January 30, 2022 6:30:44 PM AKST, Sam Kuper wrote: >> On Sun, Jan 30, 2022 at 06:17:49PM -0900, justina colmena ~biz wrote: >>> On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: Storing mail in a db... at the end of the day isn't it still just a file (.db file) on the drive? Aren't you just adding bloat and complexity vs just storing the mail directly (maildir format) to a file on the drive? [...] >>> >>> You'll get better indexing and fast full text search by storing your >>> emails in a database rather than a flat file, hopefully after >>> decoding any attachments. Especially for spam scoring, analysis, and >>> classification. Much better performance deleting or moving specific >>> messages, too. >> >> Do you have evidence to back up these claims, specifically re: mail >> servers? >> >> Like-for-like benchmarks, for instance? > > Just ideas. OK, no then. > Removing or deleting a single message from near the beginning of a > large flat file takes an inordinate amount of time because the > remainder of the flat file has to be rewritten all the way from the > point of the deleted message to the end of the file and then > truncated. You might want to look up what Maildir is before making bold but apparently unfounded claims about it. Maildir is not a "large flat file". It is a set of conventions that amount to a database specification, in the traditional sense of the word "database": a system for storing data. (Not a relational database.) DJB developed Maildir to gain performance and reliability improvements over mbox files. Unlike Maildirs, mbox files *are* "large flat files". Best wishes, Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
You can probably use auth_default_realm for this, see https://doc.dovecot.org/settings/core/?highlight=realm#core_setting-auth_default_realm Aki > On 24/01/2022 20:05 da...@kosmosisland.com wrote: > > > Hello Aki, > > Thank you, that works. But it doesn't solve my main problem. Newer > versions of Outlook started to parse the "@domain" out of the > "user@domain" which yielded only "user". I found that by prepending a '\' > (backslash) it would yield "user@domain" correctly. But with GSSAPI, the > backslash fails and removing it allows for correct authentication of the > whole user name including "@domain". The problem now is having to > configure all the many clients in the field that have the backslash > prepended to the user name. Is here a way around this with version 2.3? > > Regards, > David Koski > da...@kosmosisland.com > dko...@sutinen.com > > > > > > > On 23 January 2022 1.29.43 UTC, David Koski > > wrote: > >>Is NTLM now dead? The Readme says: > >> > >>2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek > >> (48d6f7282) > >> > >>    auth: Remove ntlm mechanism & the LANMAN and NTLM password > >> schemes > >> > >>> > >>> Regards, > >>> David Koski > >>> > >> > > > > You should use GSSAPI instead. > > > > Aki > >
Re: silly quesiton [ot]
Just ideas. Removing or deleting a single message from near the beginning of a large flat file takes an inordinate amount of time because the remainder of the flat file has to be rewritten all the way from the point of the deleted message to the end of the file and then truncated. On January 30, 2022 6:30:44 PM AKST, Sam Kuper wrote: >On Sun, Jan 30, 2022 at 06:17:49PM -0900, justina colmena ~biz wrote: >> On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: >>> Storing mail in a db... at the end of the day isn't it still just a >>> file (.db file) on the drive? >>> >>> Aren't you just adding bloat and complexity vs just storing the mail >>> directly (maildir format) to a file on the drive? [...] >> >> You'll get better indexing and fast full text search by storing your >> emails in a database rather than a flat file, hopefully after decoding >> any attachments. Especially for spam scoring, analysis, and >> classification. Much better performance deleting or moving specific >> messages, too. > >Do you have evidence to back up these claims, specifically re: mail >servers? > >Like-for-like benchmarks, for instance? > >Thanks, > >Sam > >-- >A: When it messes up the order in which people normally read text. >Q: When is top-posting a bad thing? > >() ASCII ribbon campaign. Please avoid HTML emails & proprietary >/\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: silly quesiton [ot]
On Sun, Jan 30, 2022 at 09:46:53PM -0500, dove...@ptld.com wrote: > Storing mail in a db... at the end of the day isn't it still just a file (.db > file) on the drive? > Aren't you just adding bloat and complexity vs just storing the mail directly > (maildir format) to a file on the drive? > > What do you think you are saving? Security? > If someone can read files on your server, they can equally read a maildir or > a .db file. > K.I.S.S. I gain modularity for a system. The database is the foundation. I am working with: 1. Dovecot 2. Neomutt 3. OpenSMTPD Now, if I decide to drop or addon some new program, I can just adjust and/or add some new tables. Write a new stored procedure. Drop in a new Perl module or subroutine. 1. Dovecot 2. Neomutt 3. OpenSMTPD 4. Xyz 5. Abc 6. SuperDuperMail-ThingyPlus So what I am working for is a system that is united. Add a new user and email, CLI program, bang. All done. Change a password with a web interface. Click. All done. I'm in no rush. This is a fun side project. I have already done this type of work successfully for other kinds of projects, so it's different, but not really outside of my past experience. Secure today is wide open tomorrow. File, memory, etc. all get broken eventually. I'm much more worried about my own mistakes than that of others. :-* -- Chris Bennett
Re: silly quesiton [ot]
On Sun, Jan 30, 2022 at 06:17:49PM -0900, justina colmena ~biz wrote: > On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: >> Storing mail in a db... at the end of the day isn't it still just a >> file (.db file) on the drive? >> >> Aren't you just adding bloat and complexity vs just storing the mail >> directly (maildir format) to a file on the drive? [...] > > You'll get better indexing and fast full text search by storing your > emails in a database rather than a flat file, hopefully after decoding > any attachments. Especially for spam scoring, analysis, and > classification. Much better performance deleting or moving specific > messages, too. Do you have evidence to back up these claims, specifically re: mail servers? Like-for-like benchmarks, for instance? Thanks, Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: silly quesiton [ot]
You'll get better indexing and fast full text search by storing your emails in a database rather than a flat file, hopefully after decoding any attachments. Especially for spam scoring, analysis, and classification. Much better performance deleting or moving specific messages, too. On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: >Storing mail in a db... at the end of the day isn't it still just a file (.db >file) on the drive? >Aren't you just adding bloat and complexity vs just storing the mail directly >(maildir format) to a file on the drive? > >What do you think you are saving? Security? >If someone can read files on your server, they can equally read a maildir or a >.db file. >K.I.S.S. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: silly quesiton [ot]
Storing mail in a db... at the end of the day isn't it still just a file (.db file) on the drive? Aren't you just adding bloat and complexity vs just storing the mail directly (maildir format) to a file on the drive? What do you think you are saving? Security? If someone can read files on your server, they can equally read a maildir or a .db file. K.I.S.S.
Re: silly quesiton [ot]
On 2022-01-31 02:30, Sean Kamath wrote: On Jan 30, 2022, at 10:55, Chris Bennett wrote: On Tue, Jan 25, 2022 at 03:50:12AM -0900, justina colmena ~biz wrote: Maybe a future programming project idea: I want a system that will store all mail messages and user account info in, say, a postgresql transactional database, a little more manageable and reliable than ad hoc databasing with those flat files all over the place cluttering up the system. I am in progress moving towards something like that. As of right now, perl, dovecot for IMAP, neomutt and OpenSMTPD. Right now, .neomuttrc files *only* exist during the usage of neomutt. They have random names, cannot be written to and are immediately erased after neomutt starts (not quits). That is a very small window of threat. I would very much like to put all of the messages into PostgreSQL also instead of file folders under the user vmail. This is just a side project. As I have been advised, there is no need to even write a configuration file at all, but there are some issues with dbh that I need to solve with a different database module. If someone can read files that never exist, well... At some point you have to at least consider trusting something. That or just turn it all off and get another career. -- Chris Bennett At some point you gotta ask yourself why you’re trusting your database more than your OS. And why you don’t trust the OS to handle files in a trusted way, but do for memory. dbmail exists, runs fine on sqlite3 :=) but that joke, why try ? how huge would that sqlite3 file be ?, i say no to one sqlite3 file, but yes if each mail user have there own sqlite3 tree with seperate sqlite3 file pr folder and user if more huge setup is meeded, then postgresql with replication, but this is not needed with dovecot, its more solid and with performance with imap protocol, and load balanced i would not wish for disaster with sqlite3, but it could be done, also sqlite cluster exists dream on, its monday where noting works :=)
Re: silly quesiton [ot]
> On Jan 30, 2022, at 10:55, Chris Bennett > wrote: > > On Tue, Jan 25, 2022 at 03:50:12AM -0900, justina colmena ~biz wrote: >> Maybe a future programming project idea: I want a system that will store all >> mail messages and user account info in, say, a postgresql transactional >> database, a little more manageable and reliable than ad hoc databasing with >> those flat files all over the place cluttering up the system. >> > > I am in progress moving towards something like that. > As of right now, perl, dovecot for IMAP, neomutt and OpenSMTPD. > > Right now, .neomuttrc files *only* exist during the usage of neomutt. > They have random names, cannot be written to and are immediately erased > after neomutt starts (not quits). That is a very small window of threat. > > I would very much like to put all of the messages into PostgreSQL also > instead of file folders under the user vmail. > > This is just a side project. > As I have been advised, there is no need to even write a configuration > file at all, but there are some issues with dbh that I need to solve > with a different database module. > > If someone can read files that never exist, well... > At some point you have to at least consider trusting something. > That or just turn it all off and get another career. > > -- > Chris Bennett At some point you gotta ask yourself why you’re trusting your database more than your OS. And why you don’t trust the OS to handle files in a trusted way, but do for memory. Sean
Re: Sync via ssh fails when ssl is active
Den 2022-01-27 kl. 10:24, skrev Stuart Henderson: This is a problem that was introduced in 2.3.11 and fixed in 2.3.17. Updating would be better, but as a workaround you can move the ssl_key line to a separate config file, make it only readable by root, and use e.g. !include_try /etc/dovecot/ssl-keys.conf to pull it in. Ok, Thank you for explaining. Good to know I'm not misunderstanding everything. I choose to switch to dovecot's repository and update. And restore security for certs :) /Johan Pålsson
Re: silly quesiton
On Tue, Jan 25, 2022 at 03:50:12AM -0900, justina colmena ~biz wrote: > Maybe a future programming project idea: I want a system that will store all > mail messages and user account info in, say, a postgresql transactional > database, a little more manageable and reliable than ad hoc databasing with > those flat files all over the place cluttering up the system. > I am in progress moving towards something like that. As of right now, perl, dovecot for IMAP, neomutt and OpenSMTPD. Right now, .neomuttrc files *only* exist during the usage of neomutt. They have random names, cannot be written to and are immediately erased after neomutt starts (not quits). That is a very small window of threat. I would very much like to put all of the messages into PostgreSQL also instead of file folders under the user vmail. This is just a side project. As I have been advised, there is no need to even write a configuration file at all, but there are some issues with dbh that I need to solve with a different database module. If someone can read files that never exist, well... At some point you have to at least consider trusting something. That or just turn it all off and get another career. -- Chris Bennett