[Dovecot] dovecot logging

[Rajesh M]

hi

i am using dovecot version 1.2.11 with qmail toaster

is there a way to log the number of current imap connections at a given
time using dovecot log format ?

thanks
rajesh

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Jerry]

On Wed, 13 Oct 2010 22:42:15 +0200
Lukas Haase  articulated:

> Am 13.10.2010 13:08, schrieb Daniel Luttermann:
> > Lukas Haase wrote on 10/13/2010:
> > [...]
> > By default, Postfix rejects mails for unknown local users.If Postfix
> > accepts mails for unknown users than it's a configuration problem or
> > you don't maintain a list of valid users.
> 
> Yes, but I am talking about virtual users.
> 
> >> Is there a special reason why there is no discussion about this?
> >
> > It's Postfix related - Dovecot does no checks about valid recipients
> > for Postfix but you can use the same data sources as for Dovecot -
> > no need to maintain user lists for Postfix and Dovecot.
> 
> But *why* would you want to let dovecot (deliver) check this?
> 
> In any reason the MTA *must* have validated the existance of the
> local part. I do not know any reason why deliver should do this.
> 
> And again: Both
> http://wiki.dovecot.org/LDA/Postfix
> http://wiki.dovecot.org/LDA/Exim
> 
> describe setups for virtual users. But none of these pages give a
> hint that the MTA needs to check the local part too.
> 
> > Because Postfix needs to check for valid recipients why should
> > there a special hint in the Dovecot Wiki about that?
> 
> Because if someone implements a system based on the WIKI above he
> builds up an insecure system (producing backscatter).
> 
> > You must first make sure
> > that Postfix works as expected - no other IMAP Server checks vor
> > valid recipients.
> 
> Yes but no other IMAP server (but I only know Courier!) checks the 
> validity of the user in the LDA. maildrop for example does not.
> 
> >> However, as postfix seems to be really too unflexible I have set
> >> up exim to handle incoming mail and do the usercheck in the router
> >> (with an LDAP query). But now the user is doubled-checked: Once
> >> when receiving with exim and a second time in deliver. This is not
> >> necessary, so I guess I can disable the LDAP query for deliver and
> >> set up a static userdb.
> >
> > Why is Postfix unflexible? Use reject_unverified_recipient for
> > dynamic verification of valid recipients and there's no need to
> > maintain static files. You could also use a LDAP query to retreive
> > a list of valid recipients before you accept the mail for
> > non-existing users.
> 
> Thank you! Does reject_unverified_recipient also work when the mail
> is passed to deliver as described in
> http://wiki.dovecot.org/LDA/Postfix "Virtual Users"? If this would be
> the case then this is exactly what I was looking for!
> 
> Until now I tried to use an LDAP query. But also deliver uses an LDAP 
> query to check the existance of the user. And this was my question if 
> both of them are necessary.
> 
> To the question why postfix is too unflexible: I found no way how to:
> 
> * Hook up *fully* virtual users with dovecot (using deliver) for
> domain example.com
> * Hook up mailing lists for domain example.com using mailman
> 
> The current setup uses system users and therefore this setup is no 
> problem. But now there are virtual users ...
> 
> >> Why does the Wiki recommened to verfify with deliver when the user
> >> needs to be checked at the MTA anyway?
> >
> > Checking of valid recipients is a Postfix job so you can use
> > relay_recipient_maps, reject_unverified_sender or
> > virtual_mailbox_maps (depending on your configuration).
> >
> > Btw: what does the Wiki recommend? Weblink?
> 
> Yes of course, it is a postfix job. But also postfix jobs are
> described in the Wiki: http://wiki.dovecot.org/LDA/Postfix. And I
> think a small hint that the user must make sure that local parts are
> validated would be fine.

A discussion on the use of Postfix should be directed to its forum.
With that said, I use virtual users exclusively in conjunction with
Postfix, Dovecot and MySQL. You really need to look up how virtual
users are implemented in Postfix. For starters, you need these two
directives:

virtual_mailbox_domains = 
virtual_mailbox_maps = 

Your domains and users are listed there. Ask you question on the
Postfix forum and you should receive any assistance you desire,
assuming you still want any.

In any event, mail recipients, whether real or virtual should be
ascertained by the MTA and not the LDA.

-- 
Jerry ✌
dovecot.u...@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__
Kramer's Law:
You can never tell which way the train went by looking at the
tracks.

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Lukas Haase]

Am 13.10.2010 13:08, schrieb Daniel Luttermann:

Lukas Haase wrote on 10/13/2010:
[...]
By default, Postfix rejects mails for unknown local users.If Postfix
accepts mails for unknown users than it's a configuration problem or
you don't maintain a list of valid users.


Yes, but I am talking about virtual users.


Is there a special reason why there is no discussion about this?


It's Postfix related - Dovecot does no checks about valid recipients
for Postfix but you can use the same data sources as for Dovecot - no
need to maintain user lists for Postfix and Dovecot.


But *why* would you want to let dovecot (deliver) check this?

In any reason the MTA *must* have validated the existance of the local 
part. I do not know any reason why deliver should do this.


And again: Both
http://wiki.dovecot.org/LDA/Postfix
http://wiki.dovecot.org/LDA/Exim

describe setups for virtual users. But none of these pages give a hint 
that the MTA needs to check the local part too.



Because Postfix needs to check for valid recipients why should there a
special hint in the Dovecot Wiki about that?


Because if someone implements a system based on the WIKI above he builds 
up an insecure system (producing backscatter).



You must first make sure
that Postfix works as expected - no other IMAP Server checks vor valid
recipients.


Yes but no other IMAP server (but I only know Courier!) checks the 
validity of the user in the LDA. maildrop for example does not.



However, as postfix seems to be really too unflexible I have set up exim
to handle incoming mail and do the usercheck in the router (with an LDAP
query). But now the user is doubled-checked: Once when receiving with
exim and a second time in deliver. This is not necessary, so I guess I
can disable the LDAP query for deliver and set up a static userdb.


Why is Postfix unflexible? Use reject_unverified_recipient for dynamic
verification of valid recipients and there's no need to maintain
static files. You could also use a LDAP query to retreive a list of
valid recipients before you accept the mail for non-existing users.


Thank you! Does reject_unverified_recipient also work when the mail is 
passed to deliver as described in http://wiki.dovecot.org/LDA/Postfix 
"Virtual Users"? If this would be the case then this is exactly what I 
was looking for!


Until now I tried to use an LDAP query. But also deliver uses an LDAP 
query to check the existance of the user. And this was my question if 
both of them are necessary.


To the question why postfix is too unflexible: I found no way how to:

* Hook up *fully* virtual users with dovecot (using deliver) for domain 
example.com

* Hook up mailing lists for domain example.com using mailman

The current setup uses system users and therefore this setup is no 
problem. But now there are virtual users ...



Why does the Wiki recommened to verfify with deliver when the user needs
to be checked at the MTA anyway?


Checking of valid recipients is a Postfix job so you can use
relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps
(depending on your configuration).

Btw: what does the Wiki recommend? Weblink?


Yes of course, it is a postfix job. But also postfix jobs are described 
in the Wiki: http://wiki.dovecot.org/LDA/Postfix. And I think a small 
hint that the user must make sure that local parts are validated would 
be fine.


Regards Luke

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Lukas Haase]

Hi,

Thanks your your reply.

Am 13.10.2010 12:03, schrieb Jerry:

On Wed, 13 Oct 2010 11:32:50 +0200
Lukas Haase  articulated:


Hi,

I successfully configured dovecot using virtual users (and LDAP/AD).
deliver is the LDA and verifies if the user exists (as recommended in
the WIKI).

However, the howtos in the Wiki say *nothing* about the case that the
recipients should be verified *before* receiving the messages
(prevent backscatter, ...). All configurations in the dovecot-Wiki
(postfix and exim) just accept the mails and pass them to deliver.
Also, all howtos which I found on the web. If the user does not
exist, the mail is bounced because the mail was already accepted by
the MTA. Nowadays this is an unacceptable configuration!

Is there a special reason why there is no discussion about this?

However, as postfix seems to be really too unflexible I have set up
exim to handle incoming mail and do the usercheck in the router (with
an LDAP query). But now the user is doubled-checked: Once when
receiving with exim and a second time in deliver. This is not
necessary, so I guess I can disable the LDAP query for deliver and
set up a static userdb.

Why does the Wiki recommened to verfify with deliver when the user
needs to be checked at the MTA anyway?


First of all, I totally disagree about your Postfix comments. I have
personally found it to be rather easy to configure, and totally RTF
compliant, unlike some other MTAs.


Ok. Then please tell me how to:

1.) Connect Domain example.com to dovecot with virtual users (use 
deliver as LDA)

2.) Connect Domain example.com to mailman (e.g. li...@example.com)

Either I am too dumb or this pretty easy setup is not possible with 
postfix (but with exim of course).


(I think the reason is that mailman relies on the pipe "|" in the 
aliases database. But this only works with postfix's LDA. Also a 
different transport would work - but it is the same domain).



In any case, only the MTA can bounce
mail without causing back-scatter.


You didn't catch what I mean.

First the one way to prevent backscatter is to NOT accept any mail with 
invalid recipient. As soon as the MTA accepts mail and AFTERWARDS finds 
out that the user does not exist it may become a backscatter problem!


To my question:
First look at [1]. With this setup, ANY (!) mail is accepted by postfix 
without any checks! The check is only done by deliver, but this is too 
late. If the receipient does not exist, the mail gets bounced.


So why there is not even a hint for virtual_mailbox_maps or similar.

Then, search google for the same problem. You will find thousand of 
HOWTOs but not a single HOWTO has the hint that the MTA *must* check the 
validity of the user.


Now look at [2]. It is the same. Also in this setup all mails for the 
domain are accepted



Postfix has checks in place to check
and reject or accept mail.


Yes, that is what I said.

But again, the first question : Why is there not even a hint that this 
(important) thing also needs to be configured?


And question 2:


It is not Dovecot's job to do so. By the
time Dovecot receives the message the recipient should have all ready
been verified.


There are a few places (e.g. [3,4]) where it is recommended to check 
users existence with deliver. Why should this be necessary when the MTA 
checks existence?


[4] even states: "Unless your MTA already verifies that the user exists 
before calling deliver, you'll most likely want deliver itself to verify 
the user's existence."


But in general this must be the case anyway for the reasons mentioned 
above (maybe except for some contrived cases).




Regards,
Luke


[1] http://wiki.dovecot.org/LDA/Postfix
[2] http://wiki.dovecot.org/LDA/Exim
[3] http://wiki.dovecot.org/UserDatabase/Prefetch
[4] http://wiki.dovecot.org/UserDatabase/Static

[Dovecot] Missing ACLOCAL_AMFLAGS ?

[Eray Aslan]

dovecot-2.0.5

autoreconf is failing with: [1]

$ autoreconf -f -i
[...]
src/plugins/acl/Makefile.am:11: `module_LTLIBRARIES' is used but
`moduledir' is undefined
[...]
autoreconf-2.65: automake failed with exit status: 1

Also,
$ ./configure --help | grep module
  --with-nss  Build with NSS module support (auto)

In other words, no moduledir output in configure --help.  Looks like
dovecot.m4 is not being read.  With the patch below:

---
 Makefile.am |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index d037258..49514e4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,3 +1,4 @@
+ACLOCAL_AMFLAGS = -I .
 aclocaldir = $(datadir)/aclocal
 
 SUBDIRS = \
---

I get moduledir option in configure and working autoreconf.
-- 
Eray


[1]:
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
src/plugins/acl/Makefile.am:11: `module_LTLIBRARIES' is used but `moduledir' is 
undefined
src/plugins/acl/Makefile.am:14: variable `lib01_acl_plugin_la_SOURCES' is 
defined but no program or
src/plugins/acl/Makefile.am:14: library has `lib01_acl_plugin_la' as canonical 
name (possible typo)
src/plugins/acl/Makefile.am:9: variable `lib01_acl_plugin_la_LDFLAGS' is 
defined but no program or
src/plugins/acl/Makefile.am:9: library has `lib01_acl_plugin_la' as canonical 
name (possible typo)
src/plugins/autocreate/Makefile.am:9: `module_LTLIBRARIES' is used but 
`moduledir' is undefined
src/plugins/autocreate/Makefile.am:12: variable 
`lib20_autocreate_plugin_la_SOURCES' is defined but no program or
src/plugins/autocreate/Makefile.am:12: library has `lib20_autocreate_plugin_la' 
as canonical name (possible typo)
src/plugins/autocreate/Makefile.am:7: variable 
`lib20_autocreate_plugin_la_LDFLAGS' is defined but no program or
src/plugins/autocreate/Makefile.am:7: library has `lib20_autocreate_plugin_la' 
as canonical name (possible typo)
src/plugins/expire/Makefile.am:19: `module_LTLIBRARIES' is used but `moduledir' 
is undefined
src/plugins/expire/Makefile.am:22: variable `lib20_expire_plugin_la_SOURCES' is 
defined but no program or
src/plugins/expire/Makefile.am:22: library has `lib20_expire_plugin_la' as 
canonical name (possible typo)
src/plugins/expire/Makefile.am:17: variable `lib20_expire_plugin_la_LDFLAGS' is 
defined but no program or
src/plugins/expire/Makefile.am:17: library has `lib20_expire_plugin_la' as 
canonical name (possible typo)
src/plugins/fts-lucene/Makefile.am:11: `module_LTLIBRARIES' is used but 
`moduledir' is undefined
src/plugins/fts-lucene/Makefile.am:17: variable 
`lib21_fts_lucene_plugin_la_SOURCES' is defined but no program or
src/plugins/fts-lucene/Makefile.am:17: library has `lib21_fts_lucene_plugin_la' 
as canonical name (possible typo)
src/plugins/fts-lucene/Makefile.am:14: variable 
`lib21_fts_lucene_plugin_la_LIBADD' is defined but no program or
src/plugins/fts-lucene/Makefile.am:14: library has `lib21_fts_lucene_plugin_la' 
as canonical name (possible typo)
src/plugins/fts-lucene/Makefile.am:9: variable 
`lib21_fts_lucene_plugin_la_LDFLAGS' is defined but no program or
src/plugins/fts-lucene/Makefile.am:9: library has `lib21_fts_lucene_plugin_la' 
as canonical name (possible typo)
src/plugins/fts-solr/Makefile.am:14: DOVECOT_PLUGIN_DEPS does not appear in 
AM_CONDITIONAL
src/plugins/fts-solr/Makefile.am:11: `module_LTLIBRARIES' is used but 
`moduledir' is undefined
src/plugins/fts-solr/Makefile.am:22: variable 
`lib21_fts_solr_plugin_la_SOURCES' is defined but no program or
src/plugins/fts-solr/Makefile.am:22: library has `lib21_fts_solr_plugin_la' as 
canonical name (possible typo)
src/plugins/fts-solr/Makefile.am:18: variable `lib21_fts_solr_plugin_la_LIBADD' 
is defined but no program or
src/plugins/fts-solr/Makefile.am:18: library has `lib21_fts_solr_plugin_la' as 
canonical name (possible typo)
src/plugins/fts-solr/Makefile.am:9: variable `lib21_fts_solr_plugin_la_LDFLAGS' 
is defined but no program or
src/plugins/fts-solr/Makefile.am:9: library has `lib21_fts_solr_plugin_la' as 
canonical name (possible typo)
src/plugins/fts-squat/Makefile.am:13: DOVECOT_PLUGIN_DEPS does not appear in 
AM_CONDITIONAL
src/plugins/fts-squat/Makefile.am:10: `module_LTLIBRARIES' is used but 
`moduledir' is undefined
src/plugins/fts-squat/Makefile.am:18: variable 
`lib21_fts_squat_plugin_la_SOURCES' is defined but no program or
src/plugins/fts-squat/Makefile.am:18: library has `lib21_fts_squat_plugin_la' 
as canonical name (possible typo)
src/plugins/fts-squat/Makefile.am:14: variable 
`lib21_fts_squat_plugin_la_LIBADD' is defined but no program or
src/plugins/fts-squat/Makefile.am:14: library has `lib21_fts_squat_plugin_la' 
as canonical name (possible typo)
src/plugins/fts-squat/Makefile.am:8: varia

Re: [Dovecot] managesieve fileinto folder with international characters

[Edward Carraro]

Latest versions of everything Dovecot 2.0.5 and Pigeonhole 0.2.1

Re: [Dovecot] managesieve fileinto folder with international characters

[Stephan Bosch]

 Op 13-10-2010 20:04, Edward Carraro schreef:

I have a folder created in dovecot entered by the user as "ññoéé"

On the file system it appears as "&APEA8Q-o&AOkA6Q-" (mUTF7)

When creating a sieve rule, to file into the folder ññoéé, I am converting
the name from UTF8 into UTF7, the rule becomes

require ["fileinto"];
if header :contains ["From"] "u...@domain.com"
{
 fileinto "&APEA8Q-o&AOkA6Q-";
}


however when executed, a sieve log is generated saying:

failed to store into mailbox '&APEA8Q-o&AOkA6Q-' (&-APEA8Q-o&-AOkA6Q-):
Mailbox doesn't exist:&-APEA8Q-o&-AOkA6Q-.


So far, behavior is correct. Sieve uses UTF-8, whereas IMAP and mail 
store use mUTF-7.



If I directly modify the sieve file and place the actual utf8 version of the
folder in it

require ["fileinto"];
if header :contains ["From"] "u...@domain.com"
{
 fileinto "ññoéé";
}

I get the following error:

main_script: line 1: error: folder name specified for fileinto command is
not utf-8: ññoéé.

A while back there was a bug in Dovecot UTF-8 verification. That should 
be fixed now. What versions of Dovecot and Pigeonhole are you using?


Regards,

Stephan.

Re: [Dovecot] managesieve fileinto folder with international characters

[William Blunn]

On 13/10/2010 19:04, Edward Carraro wrote:

main_script: line 1: error: folder name specified for fileinto command is not 
utf-8: ññoéé.


Which versions of things are you using?

There is a thread on a similar topic here

http://www.dovecot.org/list/dovecot/2010-August/051780.html

with a repository commit by Timo mentioned here

http://www.dovecot.org/list/dovecot/2010-August/051927.html

Bill

[Dovecot] managesieve fileinto folder with international characters

[Edward Carraro]

I have a folder created in dovecot entered by the user as "ññoéé"

On the file system it appears as "&APEA8Q-o&AOkA6Q-" (mUTF7)

When creating a sieve rule, to file into the folder ññoéé, I am converting
the name from UTF8 into UTF7, the rule becomes

require ["fileinto"];
if header :contains ["From"] "u...@domain.com"
{
fileinto "&APEA8Q-o&AOkA6Q-";
}


however when executed, a sieve log is generated saying:

failed to store into mailbox '&APEA8Q-o&AOkA6Q-' (&-APEA8Q-o&-AOkA6Q-):
Mailbox doesn't exist: &-APEA8Q-o&-AOkA6Q-.


If I directly modify the sieve file and place the actual utf8 version of the
folder in it

require ["fileinto"];
if header :contains ["From"] "u...@domain.com"
{
fileinto "ññoéé";
}

I get the following error:

main_script: line 1: error: folder name specified for fileinto command is
not utf-8: ññoéé.

Re: [Dovecot] Config review (2.0.5)

[Ralf Hildebrandt]

* Daniel L. Miller :

> Now wait a minute!  You said you found the problem and it was exactly
> what I suggested!  I've already received my prize for most
> intelligent @ss in a discussion group - you can't take that away from
> me!

Yes I can.
*it gone*

> What changed?  You turned off FTS, performance was better - and then
> it developed the problem again?  You didn't specify.

Colleague returned from vacation today and gave some ideas.
Today I turned off the "mail_log" and "notify" plugins and the load
dropped considerably. Both plugins were used with default settings.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Charles Marcus]

On 2010-10-13 5:32 AM, Lukas Haase wrote:
> I successfully configured dovecot using virtual users (and LDAP/AD).
> deliver is the LDA and verifies if the user exists (as recommended in
> the WIKI).

Not that it matters - but when you say 'deliver is the LDA' - do you
mean you are using the dovecot-LDA? Or postfix's deliver?

> However, the howtos in the Wiki say *nothing* about the case that the
> recipients should be verified *before* receiving the messages (prevent
> backscatter, ...).

No offense, but this is basic MTA-101 stuff... if you don't already know
this, you shouldn't be running a mail server.

> All configurations in the dovecot-Wiki (postfix and exim) just accept
> the mails and pass them to deliver.

A link to the exact one you used would be helpful... if there is a
problem with the wiki, it can/should be fixed, but I don't think thats
the case here...

> Also, all howtos which I found on the web. If the user does not
> exist, the mail is bounced because the mail was already accepted by
> the MTA. Nowadays this is an unacceptable configuration!

I agree - but 'all howtos' is a bit vague...

You need to provide links to the exactr HowTos/Wiki pages you used...

> Is there a special reason why there is no discussion about this?

Because dovecot is an IMAP/POP server, not an MTA, and recipient
verification is basic/standard MTA-101 stuff you should already know.

> However, as postfix seems to be really too unflexible

Ummm... prove it? Postfix is extremely flexible, and extremely easy to
set up in its basic configuration. It can get quite complex in large and
complex environments, but that is to be expected.

> I have set up exim to handle incoming mail and do the usercheck in
> the router (with an LDAP query).

Postfix does this out of the box using either reject_unlisted_recipient
(default), or reject_unverified_recipient (for downstream servers not in
your direct control and for which you don't have current lists of valid
recipients (but be sure that the downstream server is ok with you doing
this and can handle the traffic).

> But now the user is doubled-checked: Once when receiving with exim
> and a second time in deliver. This is not necessary, so I guess I can
> disable the LDAP query for deliver and set up a static userdb.
> 
> Why does the Wiki recommened to verfify with deliver when the user
> needs to be checked at the MTA anyway?

Still waiting for proof of where it says this. The way I understand it,
the userdb lookup the LDA *can* (doesn't *have* to) perform isn't for
verification purposes, it's for getting environment details - ie,
overriding settings for specific users.

-- 

Best regards,

Charles

[Dovecot] dovecot-lda segfaults (debug)

[Michael M Galapchuk]

Hello list,

When trying to deliver a big message (which over-quota user limit), I always 
get segmentation faults.
Others  common  delivers  work  fine. This only happens with messages,
which over-quota user limit.

Here is more details:

/var/log/maillog:
...
** u...@fakedomain.ua R=virtual_user T=dovecot_virtual_delivery: Child process 
of dovecot_virtual_delivery transport (running command 
"/usr/local/libexec/dovecot/deliver -d $local_p...@$domain  -f 
$sender_address") was terminated by signal 11 (segmentation fault)
...

/var/log/messages:
...
kernel: pid 27409 (deliver), uid 26: exited on signal 11
...

dovecot -n:

# 1.2.14: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.3-RELEASE-p2 amd64
protocols: imap pop3 imaps pop3s managesieve
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login
login_log_format_elements: user=<%u> method=%m rip=%r %c
login_processes_count: 10
valid_chroot_dirs: /var/mail
verbose_proctitle: yes
first_valid_uid: 26
first_valid_gid: 6
mail_privileged_group: mail
mail_location: mbox:~/mail:INBOX=/var/mail/virtual/%Ld/%Ln
mail_debug: yes
mbox_write_locks: fcntl
mbox_min_index_size: 100
mbox_very_dirty_syncs: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve
imap_client_workarounds(default): delay-newmail netscape-eoh 
tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_no_flag_updates(default): no
pop3_no_flag_updates(imap): no
pop3_no_flag_updates(pop3): yes
pop3_no_flag_updates(managesieve): no
pop3_enable_last(default): no
pop3_enable_last(imap): no
pop3_enable_last(pop3): yes
pop3_enable_last(managesieve): no
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
pop3_lock_session(managesieve): no
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
lda:
  postmaster_address: postmas...@fakedomain.ua
  mail_plugins: quota
  quota_full_tempfail: no
  sendmail_path: /usr/local/sbin/exim
  log_path: /var/log/dovecot-deliver-errors.log
  info_log_path: /var/log/dovecot-deliver.log
auth default:
  mechanisms: plain login
  default_realm: fakedomain.ua
  username_format: %Lu
  debug: yes
  passdb:
driver: sql
args: /usr/local/etc/dovecot-mysql.conf
  userdb:
driver: sql
args: /usr/local/etc/dovecot-mysql.conf
  socket:
type: listen
client:
  path: /var/run/dovecot/auth-client
  mode: 432
master:
  path: /var/run/dovecot/auth-master
  mode: 384
  user: mailnull
  group: mail
plugin:
  quota: dict:user::proxy::quotadict
dict:
  quotadict: mysql:/usr/local/etc/dovecot-dict-quota.conf

---

/var/log/dovecot-deliver.log (before segfaults):

Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: Loading modules from 
directory: /usr/local/lib/dovecot/lda
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: Module loaded: 
/usr/local/lib/dovecot/lda/lib10_quota_plugin.so
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: auth input: 
home=/var/mail/virtual/home/fakedomain.ua/user
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: auth input: uid=26
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: auth input: gid=6
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: auth input: 
quota_rule=*:bytes=10485760
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: Quota root: name=user 
backend=dict args=:proxy::quotadict
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: Quota rule: root=user 
mailbox=* bytes=10485760 messages=0
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: dict quota: 
user=u...@fakedomain.ua, uri=proxy::quotadict, noenforcing=0
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: mbox: 
data=/var/mail/virtual/home/fakedomain.ua/user/mail:INBOX=/var/mail/virtual
/fakedomain.ua/user
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: fs: 
root=/var/mail/virtual/home/fakedomain.ua/user/mail, index=, control=, inbox=
/var/mail/virtual/fakedomain.ua/user
Oct 05 14:55:43 deliver(u...@fakedomain.ua): Info: dict quota: 
user=u...@fakedomain.ua, uri=proxy::quotadict, noenfor

[Dovecot] doveadm doesn't seem to honor mail_location, mail_uid, mail_gid

[Trever L. Adams]

 I am adjusting the recommended ldap configuration to match active
directory instead of the standard posixaccount layout. The problem is
that doveadm seems to ignore mail_uid and mail_gid along with (possibly)
mail_location.

This is a setup with all virtual users (all ldap, not system accounts).
Everything works in postfix and standard dovecot operation, it is only
doveadm which doesn't work.

Ldap queries return everything but these entries (as they do not exist
in AD). These items I have tried setting in the configuration and in
environment variables.

Any help would be GREATLY appreciated.

Thank you,
Trever
-- 
"The three Rs of Microsoft support: Retry, Reboot, Reinstall." -- Unknown




signature.asc
Description: OpenPGP digital signature

[Dovecot] Last login tracking with login_executable

[Denny Lin]

Hi,

I'm using Dovecot 1.2.14, and I've read PostLoginScripting on the wiki.

Is there any way to make Dovecot use the same username/password for
database access as userdb and passdb queries? Specifying the password
with -p doesn't seem like a good idea, so I'm wondering if it can be
handled by Dovecot directly.

Or is it possible to track last logins with a plugin similar to quota?

-- 
Denny Lin

Re: [Dovecot] strange behavior with virtual accounts and imap

[Charles Marcus]

Please don't top-post...

On 2010-10-13 7:15 AM, vladi wrote:
> info@ is postfix alias, all mail send to info@ is distributed to all 
> other accounts. info@ doesn't have email in Maildir Users have
> configured POP3 account for sending email via info@ every user have
> configured IMAP account for his email and POP3 for info@ but via pop3
> cannot receive emails for info@ because postfix doesn't store email
> in info's Maildir It's a complete mistery.

Doesn't sound mysterious to me. If info@ is *only* an alias and does
*not* have its own mailbox, then each user that is included in the alias
list should receive a copy of the email in their own Inbox.

In other words, aliases are not user accounts (local or virtual) and
don't have mail delivered, so there is nothing to retrieve from 'info's
Maildir'...

> I've change the system to courier and it works fine. The Q. here is
> why Dovecot behaves strange

Courier can be installed as either just a standalone POP/IMAP server, or
as a complete solutions (it has an MTA component as well).

It sounds to me like you are confused on the MTA side, and you somehow
confirgured Courier to deliver mail to BOTH an info@ user account *and*
*also* alias it to other users.

-- 

Best regards,

Charles

Re: [Dovecot] strange behavior with virtual accounts and imap

[vladi]

 info@ is postfix alias, all mail send to info@ is distributed to all 
other accounts. info@ doesn't have email in Maildir

Users have configured POP3 account for sending email via info@
every user have configured IMAP account for his email and POP3 for info@
but via pop3 cannot receive emails for info@ because postfix doesn't 
store email in info's Maildir
It's a complete mistery. I've change the system to courier and it works 
fine. The Q. here is why Dovecot behaves strange


On 10/11/2010 11:48 PM, Charles Marcus wrote:

On 2010-10-11 3:36 PM, vladi wrote:

There is one group account named info, all the mail is forwarded to
every other account.

Here, this sounds like info@ is a 'list'...


Users download their mail via Outlook (2003, 2007)
with imap.

IMAP protocol is where mail is stored on the SERVER... yes, when an IMAP
client connects, a COPY is downloaded locally for reading, but the
server retains the main/working copy.


If someone downloads email send to info and delete it after that.
Outlook stoke the message and doesn't delete it immediately, thats
normal. But if later someone else downloads his mail and it have
received the same letter to info. The message appear as if it's
already deleted by that user. But is supposed to be unreaded. I cant
find any info why is this happening. Please help

It sounds like all of them are simply talking to the same IMAP account
(info@) - in which case, that's the way IMAP works. If multiple people
are connecting to the same account (or shared folder) over IMAP, and one
person deletes a message, it is deleted for all...

Sounds like you want POP accounts, not IMAP...

Re: [Dovecot] Limit access to dovecot by domains?

[Charles Marcus]

On 2010-10-13 4:23 AM, William Blunn wrote:
> Have you considered using "fail2ban" ?

+1

Works incredibly well, reliable, flexible... and best of all works for
any other services you run too (not dovecot specific)...

-- 

Best regards,

Charles

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Daniel Luttermann]

Lukas Haase wrote on 10/13/2010:

> Hi,

> I successfully configured dovecot using virtual users (and LDAP/AD). 
> deliver is the LDA and verifies if the user exists (as recommended in 
> the WIKI).

> However, the howtos in the Wiki say *nothing* about the case that the
> recipients should be verified *before* receiving the messages (prevent
> backscatter, ...). All configurations in the dovecot-Wiki (postfix and
> exim) just accept the mails and pass them to deliver. Also, all howtos
> which I found on the web. If the user does not exist, the mail is 
> bounced because the mail was already accepted by the MTA. Nowadays this
> is an unacceptable configuration!

By default, Postfix rejects mails for unknown local users.If Postfix
accepts mails for unknown users than it's a configuration problem or
you don't maintain a list of valid users.

> Is there a special reason why there is no discussion about this?

It's Postfix related - Dovecot does no checks about valid recipients
for Postfix but you can use the same data sources as for Dovecot - no
need to maintain user lists for Postfix and Dovecot.

Because Postfix needs to check for valid recipients why should there a
special hint in the Dovecot Wiki about that? You must first make sure
that Postfix works as expected - no other IMAP Server checks vor valid
recipients.

> However, as postfix seems to be really too unflexible I have set up exim
> to handle incoming mail and do the usercheck in the router (with an LDAP
> query). But now the user is doubled-checked: Once when receiving with 
> exim and a second time in deliver. This is not necessary, so I guess I
> can disable the LDAP query for deliver and set up a static userdb.

Why is Postfix unflexible? Use reject_unverified_recipient for dynamic
verification of valid recipients and there's no need to maintain
static files. You could also use a LDAP query to retreive a list of
valid recipients before you accept the mail for non-existing users.

> Why does the Wiki recommened to verfify with deliver when the user needs
> to be checked at the MTA anyway?

Checking of valid recipients is a Postfix job so you can use
relay_recipient_maps, reject_unverified_sender or virtual_mailbox_maps
(depending on your configuration).

Btw: what does the Wiki recommend? Weblink?


--
Daniel

Re: [Dovecot] Why deliver+usercheck? deliver+MTA?

[Jerry]

On Wed, 13 Oct 2010 11:32:50 +0200
Lukas Haase  articulated:

> Hi,
> 
> I successfully configured dovecot using virtual users (and LDAP/AD). 
> deliver is the LDA and verifies if the user exists (as recommended in 
> the WIKI).
> 
> However, the howtos in the Wiki say *nothing* about the case that the 
> recipients should be verified *before* receiving the messages
> (prevent backscatter, ...). All configurations in the dovecot-Wiki
> (postfix and exim) just accept the mails and pass them to deliver.
> Also, all howtos which I found on the web. If the user does not
> exist, the mail is bounced because the mail was already accepted by
> the MTA. Nowadays this is an unacceptable configuration!
> 
> Is there a special reason why there is no discussion about this?
> 
> However, as postfix seems to be really too unflexible I have set up
> exim to handle incoming mail and do the usercheck in the router (with
> an LDAP query). But now the user is doubled-checked: Once when
> receiving with exim and a second time in deliver. This is not
> necessary, so I guess I can disable the LDAP query for deliver and
> set up a static userdb.
> 
> Why does the Wiki recommened to verfify with deliver when the user
> needs to be checked at the MTA anyway?

First of all, I totally disagree about your Postfix comments. I have
personally found it to be rather easy to configure, and totally RTF
compliant, unlike some other MTAs. In any case, only the MTA can bounce
mail without causing back-scatter. Postfix has checks in place to check
and reject or accept mail. It is not Dovecot's job to do so. By the
time Dovecot receives the message the recipient should have all ready
been verified.

-- 
Jerry ✌
dovecot.u...@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__
Women are always anxious to urge bachelors to matrimony; is it
from charity, or revenge?


Gustave Vapereau

Re: [Dovecot] Command died with signal 11: " /usr/libexec/dovecot/dovecot-lda"

[Xiiph]

Stephan Bosch  rename-it.nl> writes:

> 
> On 10/04/2010 09:38 PM, Schmidt wrote:
> > Am 04.10.2010 16:41, schrieb Timo Sirainen:
> >> On Mon, 2010-10-04 at 14:36 +0200, spamvoll  googlemail.com wrote:
> >>
> >>> "Undelivered Mail Returned to Sender" ->
> >>> Command died with signal 11: "/usr/libexec/dovecot/dovecot-lda"
> >>
> >> Difficult to do anything about this without a gdb backtrace. Can you
> >> reproduce it by manually running dovecot-lda? If not, getting a core
> >> dump would be the next best way to get a backtrace.
> >> http://dovecot.org/bugreport.html
> >>
> >>
> >
> > Hi,
> >
> > I become aware this error today too. I checked my log, first time it 
> > ocourrs was Sep. 28, should be with version 2.0.3.
> >
> > Every time a core file is generated at ~account. (maildir)
> > Can I do something with that file?
> >
> > After postfix is killed it starts again and delivers this message. I 
> > think the message was still queued by postfix. Additionally the sender 
> > gets a non delivery.
> >
> > regards
> 
> Please make a gdb backtrace as described here:
> 
> http://www.dovecot.org/bugreport.htm
> 
> Regards,
> 
> Stephan
> 
> 


This has happened to me too. After a bit of investigation I believe I found what
causes it, and I have successfully managed to reproduce it.

This seems to happen when dovecot-lda attempts to deliver a mail to multiple
aliases resolving to the same user. For example:

# /etc/aliases
xiiph:  xi...@example.com
admin:  xi...@example.com

Sending a mail to both xiiph and admin (for example as to and cc) will result in
one mail being delivered, and one mail bounced with signal 11 from dovecot-lda.

The server behaves as I would want it to, only deliver one mail and not two to
the same user, but I would wish for it to silently ignore the error and suppress
the warning mail, as it may confuse senders.


/X

[Dovecot] bug in dsync

[Tobias Daucher]

Hi,
I'm trying to convert mailboxes from mbox zu mdbox.
The following command was performed:

dsync mirror -u tsdauche mbox:~/.NCmail/Drafts
dsync(tsdauche): Fatal: execvp(-u) failed: No such file or directory
dsync(tsdauche): Panic: file dsync-worker-local.c: line 185 
(dsync_drop_extra_namespaces): assertion failed: (ns != NULL)
[1]   Abort trap (core dumped) dsync mirror -u tsdauche 
mbox:~/.NCmail/Drafts



I also tried other combinations with dsync, but they all fail... :(
I'm sending the core file and the conf output with this mail.
Hope you can find out whats the problem, thanks a lot!
Tobi
--


Dr. Nagler & Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler


dovecot.conf

# 2.0.3: /usr/local/etc/dovecot/dovecot.conf
# OS: NetBSD 5.0.2 amd64
auth_cache_size = 10485760
auth_cache_ttl = 36000 s
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
base_dir = /var/run/dovecot/
debug_log_path = /var/tmp/dovecot-debug-log
default_internal_user = open-xchange
default_login_user = open-xchange
deliver_log_format = msgid=%m: %$ From = %f Size = %p
disable_plaintext_auth = no
dotlock_use_excl = yes
hostname = s051
info_log_path = syslog
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
mail_plugin_dir = /usr/lib/dovecot
mdbox_rotate_size = 209715200
namespace {
  hidden = yes
  inbox = no
  list = yes
  location = mdbox:%h/.NCmailmd
  prefix = NCmailmd/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = yes
  list = children
  location = mdbox:/var/mail/%u
  prefix = _INBOX_/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = no
  list = yes
  location = mbox:%h/.NCmailmd/ARCHIV
  prefix = ARCHIV/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = no
  list = children
  location = mdbox:%h/.NONEXISTENT
  no_storage_autocreate = yes
  no_storage_autodetect = yes
  prefix = NONEXISTENT/
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  driver = passwd
}
postmaster_address = postmas...@nagler-company.com
protocols = imap
quota_full_tempfail = yes
sendmail_path = /usr/pkg/libexec/sendmail/sendmail
service auth-worker {
  user = root
}
service auth {
  unix_listener auth-userdb {
group =
mode = 0666
user =
  }
  user = $default_internal_user
}
service imap-login {
  process_min_avail = 1
  service_count = 0
  vsz_limit = 67108864
}
service imap {
  process_limit = 1024
  vsz_limit = 268435456
}
ssl = no
userdb {
  driver = passwd
}
verbose_proctitle = yes
protocol imap {
  imap_client_workarounds = delay-newmail
  imap_idle_notify_interval = 120 s
  imap_logout_format = bytes=%i/%o
  imap_max_line_length = 65536
  mail_max_userip_connections = 0
  mail_plugins =
}

[Dovecot] mbox folder deleting

[Tobias Daucher]

Hi there again,
I just wanna tell you what little bug we've found...
Namespace is in mbox format.
After deleting an mbox the entry in the .imap stays so not everyting is 
moved away and ist just hanging around...

not so bad, but would be nice if it was cleaned up...
thanks
Tobi
--


Dr. Nagler & Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler

[Dovecot] Why deliver+usercheck? deliver+MTA?

[Lukas Haase]

Hi,

I successfully configured dovecot using virtual users (and LDAP/AD). 
deliver is the LDA and verifies if the user exists (as recommended in 
the WIKI).


However, the howtos in the Wiki say *nothing* about the case that the 
recipients should be verified *before* receiving the messages (prevent 
backscatter, ...). All configurations in the dovecot-Wiki (postfix and 
exim) just accept the mails and pass them to deliver. Also, all howtos 
which I found on the web. If the user does not exist, the mail is 
bounced because the mail was already accepted by the MTA. Nowadays this 
is an unacceptable configuration!


Is there a special reason why there is no discussion about this?

However, as postfix seems to be really too unflexible I have set up exim 
to handle incoming mail and do the usercheck in the router (with an LDAP 
query). But now the user is doubled-checked: Once when receiving with 
exim and a second time in deliver. This is not necessary, so I guess I 
can disable the LDAP query for deliver and set up a static userdb.


Why does the Wiki recommened to verfify with deliver when the user needs 
to be checked at the MTA anyway?


Regards, Luke

[Dovecot] Director and CRAM-MD5

[Martin Spuetz]

Hello,

i have a setup with two director servers pointing to two backends. I
don't care that much for load balancing, my main goal is high availability.

CRAM-MD5 auth is working fine if I connect directly to the backends, but
the director only supports AUTH=PLAIN because of the static passdb.

director config:
> passdb {
>   driver = static
>   args = nopassword=y proxy=y
> }
> 
> director_servers = director1 director2
> director_mail_servers = backend1 backend2

backend config:
> passdb {
>   driver = vpopmail
>   args =
> }
> 
> userdb {
>   driver = vpopmail
> }

It seems that the director is only working, if I use the static passdb?!

How can I use the director with other passdb drivers than the static one?

Greetings,
Martin

Re: [Dovecot] Limit access to dovecot by domains?

[William Blunn]

On 13/10/2010 08:08, Jobst Schmalenbach wrote:

Is there any way to limit access to dovecot by domains.

I only need to give access to a well known set of domains, all from 
Australia and all networks are known and used either from people at 
home or mobile access (phones, laptops etc).


Have you considered using "fail2ban" ?

This should then block calling IP addresses based on the suspiciousness 
of the activity originating from those addresses.


Also it should mean you wouldn't need to keep housekeeping the list of 
allowed networks. So people using networks you hadn't thought of, or 
people travelling abroad, would still be able to get access without 
having to bother you.


In addition it should cover the case of black hats operating out of (or 
bouncing activity through) your semi-trusted list  
{optusnet,bigpond,tpg}.com.au.


Bill

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

[Stephan Bosch]

 Op 12-10-2010 5:47, Jerrale G schreef:
 We have used the great managesieve you have merged together, with 
sieve, to create pigeonhole. However, when a user creates a custom 
script through a GUI of ours, the default, as we expected, would be 
ignored. Maybe you could add a retain_sieve_global=yes|no setting OR 
be more complex by having the sieve_global_dir copied to the users 
sieve_dir on first managesieve script save, if another setting to do 
this was set to yes. This way the administrators can create a skeleton 
directory and the users can retain the default skeleton settings.
You could put the sieve directory with the default script in your 
skeleton. I'm not sure though what you need exactly.


Maybe, in the future, you can do, just like the master auth for 
logging into users' imap accounts, you could have the master=yes allow 
login to each user's managesieve.


Haven't tested, but this should already work for ManageSieve I believe.

Just some suggestions but, until a new feature comes around, I will 
have a cron job or a imap-login script do the trick.


Well, post-login scripting should also work for ManageSieve:

http://wiki2.dovecot.org/PostLoginScripting

Regards,

Stephan.

Re: [Dovecot] Limit access to dovecot by domains?

[David Ford]

 use the connect-acl script at
http://www.linux.org.py/wiki/howto/dovecot_connect_acl

or, the post-login script at http://wiki.dovecot.org/PostLoginScripting

(side note, http://spameatingmonkey.com/ Geo blacklist, for similar
reasons but blocking outsider countries like oh say, china users that
like to brute force)

On 10/13/2010 03:08 AM, Jobst Schmalenbach wrote:
> Hi.
>
> Is there any way to limit access to dovecot by domains.
>
> I only need to give access to a well known set of domains, all from 
> Australia and all networks are known and used either from people
> at home or mobile access (phones, laptops etc).
>
> iptables is not possible as e.g. OPTUS does not give away all of the 
> networks mobile phones are connected to. I know some, but not all.
>
> It would be much nicer and easier to allow 
>
>   optusnet.com.au
>   bigpond.com.au
>   tpg.com.au
>
> and I have given 100% of our users access.
>
>
> I know there is an extra field called "allow_nets", I tried this
> and failed. I did a search and found that this only works with SQL?
>
>
> Maybe I could include a script that would check the reverse DNS record
> of a connected IP and then I could filter?
>
>
> Jobst
>
>
>
>
>

[Dovecot] Limit access to dovecot by domains?

[Jobst Schmalenbach]

Hi.

Is there any way to limit access to dovecot by domains.

I only need to give access to a well known set of domains, all from 
Australia and all networks are known and used either from people
at home or mobile access (phones, laptops etc).

iptables is not possible as e.g. OPTUS does not give away all of the 
networks mobile phones are connected to. I know some, but not all.

It would be much nicer and easier to allow 

  optusnet.com.au
  bigpond.com.au
  tpg.com.au

and I have given 100% of our users access.


I know there is an extra field called "allow_nets", I tried this
and failed. I did a search and found that this only works with SQL?


Maybe I could include a script that would check the reverse DNS record
of a connected IP and then I could filter?


Jobst





-- 
Why is the man who invests all your money called a broker?

  | |0| |   Jobst Schmalenbach, jo...@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia