[Dovecot-news] v2.0.17 released
http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz.sig Among other changes: + Proxying now supports sending SSL client certificate to server with ssl_client_cert/key settings. + doveadm dump: Added support for dumping dbox headers/metadata. - Fixed memory leaks in login processes with SSL connections - vpopmail support was broken in v2.0.16 ___ Dovecot-news mailing list Dovecot-news@dovecot.org http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news
[Dovecot-news] v2.1.rc3 released
http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc3.tar.gz http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc3.tar.gz.sig Whops, rc2 was missing a file. I always run make distcheck, which should catch these, but recently it has always failed due to clang static checking giving one error that I didn't really want to fix. Because of that the distcheck didn't finish and didn't check for the missing file. So, anyway, I've made clang happy again, and now that I see how bad idea it is to just ignore the failed distcheck, I won't do that again in future. :) ___ Dovecot-news mailing list Dovecot-news@dovecot.org http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news
[Dovecot] Deduplication active - but how good does it perform?
I have deduplication active in my first mdbox: type mailbox, but how do I find out how well the deduplication works? Is there a way of finding out how much disk space I saved (if I saved some :) )? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
Yubao Liu wrote: Hi all, I have no idea about that message, here is my configuration, what's wrong? You have 2 passdb entries; 1 with a file and 1 with pam. I'm pretty sure PAM doesn't support DIGEST-MD5 authentication. Could be the cause of the problem. Debian testing, Dovecot 2.0.15 $ doveconf -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid auth_default_realm = corp.example.com auth_krb5_keytab = /etc/dovecot.keytab auth_master_user_separator = * auth_mechanisms = gssapi digest-md5 auth_realms = corp.example.com auth_username_format = %n first_valid_gid = 1000 first_valid_uid = 1000 mail_location = mdbox:/srv/mail/%u/Mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { driver = pam } plugin { sieve = /srv/mail/%u/.dovecot.sieve sieve_dir = /srv/mail/%u/sieve } protocols = imap lmtp sieve service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = home=/srv/mail/%u driver = passwd } protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = sieve } # cat /etc/dovecot/master-users x...@corp.example.com: The z is obtained by doveadm pw -s digest-md5 -u x...@corp.example.com, I tried to add prefix {DIGEST-MD5} before the generated hash and/or add scheme=DIGEST-MD5 to the passwd-file passdb's args option, both don't help. The error message: dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) dovecot: auth: Fatal: DIGEST-MD5 mechanism can't be supported with given passdbs gold dovecot: master: Error: service(auth): command startup failed, throttling I opened debug auth log, it showed dovecot read /etc/dovecot/master-users and parsed one line, then the error occurred. Doesn't passwd-file passdb support digest-md5 password scheme? If it doesn't support, how do I configure digest-md5 auth mechanism with digest-md5 password scheme for virtual users? Regards, Yubao Liu Rgds, N.
Re: [Dovecot] Deduplication active - but how good does it perform?
On 6.1.2012, at 12.09, Ralf Hildebrandt wrote: I have deduplication active in my first mdbox: type mailbox, but how do I find out how well the deduplication works? Is there a way of finding out how much disk space I saved (if I saved some :) )? You could look at the files in the attachments directory, and see how many links they have. Each file has 2 initially. Each additional link has saved you size of file bytes of space.
Re: [Dovecot] Possible mdbox corruption
On 5.1.2012, at 2.24, Daniel L. Miller wrote: I thought I had cleared out the corruption I had before - perhaps I was mistaken. What steps should I take to help locate these issues? Currently using 2.1rc1. I see the following errors in my logs, including out of memory and message size issues (at 15:30): .. Jan 4 05:17:17 bubba dovecot: master: Error: service(indexer-worker): child 10896 returned error 83 (Out of memory (vsz_limit=256 MB, you may need to increase it)) Jan 4 06:17:17 bubba dovecot: indexer-worker(us...@domain.com): Fatal: pool_system_realloc(134217728): Out of memory The problem is clearly that index-worker's vsz_limit is too low. Increase it (or default_vsz_limit).
Re: [Dovecot] Possible mdbox corruption
On 6.1.2012, at 12.55, Timo Sirainen wrote: Jan 4 05:17:17 bubba dovecot: master: Error: service(indexer-worker): child 10896 returned error 83 (Out of memory (vsz_limit=256 MB, you may need to increase it)) Jan 4 06:17:17 bubba dovecot: indexer-worker(us...@domain.com): Fatal: pool_system_realloc(134217728): Out of memory The problem is clearly that index-worker's vsz_limit is too low. Increase it (or default_vsz_limit). Although the source of the out-of-memory /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x7c) [0x7f0ec1a550ec] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x3292) [0x7f0ec024f292] - is something that shouldn't really be happening. I guess the Solr plugin wastes memory unnecessarily, I'll see what I can do about it. But for now just increase vsz limit.
Re: [Dovecot] Deduplication active - but how good does it perform?
Ralf Hildebrandt wrote: I have deduplication active in my first mdbox: type mailbox, but how do I find out how well the deduplication works? Is there a way of finding out how much disk space I saved (if I saved some :) )? You could check how much diskspace all the mail uses (or the mail of a user) and compare it to the quota dovecot reports. But I think you would need quota's activated for this. E.g. on my small server used diskquota is 2GB where doveadm quota reports all users use 3.1GB.
[Dovecot] howto disable indexing on dovecot-lda ?
Hello, is it possible to disable indexing on dovecot-lda ? Right now postfix delivers the mail directly to the nfs server without any problems. If I switch to dovecot-lda the system crashes do to the high I/O and locking. Indexing on lda is not very useful because the number of of imap logins is less than 5% that of incoming mails, so an user could wait for 3 sec to get his mail index, but a new mail can't. Dovecot version 1.2.15 mail_nfs_storage = yes mail_nfs_index = yes Than you !
Re: [Dovecot] Possible mdbox corruption
On Fri, 2012-01-06 at 12:57 +0200, Timo Sirainen wrote: On 6.1.2012, at 12.55, Timo Sirainen wrote: Jan 4 05:17:17 bubba dovecot: master: Error: service(indexer-worker): child 10896 returned error 83 (Out of memory (vsz_limit=256 MB, you may need to increase it)) Jan 4 06:17:17 bubba dovecot: indexer-worker(us...@domain.com): Fatal: pool_system_realloc(134217728): Out of memory The problem is clearly that index-worker's vsz_limit is too low. Increase it (or default_vsz_limit). Although the source of the out-of-memory /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x7c) [0x7f0ec1a550ec] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x3292) [0x7f0ec024f292] - is something that shouldn't really be happening. I guess the Solr plugin wastes memory unnecessarily, I'll see what I can do about it. But for now just increase vsz limit. I don't see any obvious reason why it would be using a lot of memory, unless you have a message that has huge (MIME) headers. See if http://hg.dovecot.org/dovecot-2.1/rev/380b0667e0a5 helps / logs a warning about it.
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On Fri, 2012-01-06 at 13:07 +0200, Adrian Minta wrote: Hello, is it possible to disable indexing on dovecot-lda ? protocol lda { mail_location = whatever-you-have-now:INDEX=MEMORY } Right now postfix delivers the mail directly to the nfs server without any problems. If I switch to dovecot-lda the system crashes do to the high I/O and locking. Disabling indexing won't disable writing to dovecot-uidlist file. So I don't know if disabling indexes actually helps.
[Dovecot] ACL with IMAP proxying
Hello, I'm trying to use ACLs to restrict subscription on public mailboxes, but I went into trouble. My setup is made of two servers, and users are shared between them via a proxy. User authentication is done with LDAP, and credentials aren't shared between the mailservers. Instead, the proxies are using master password. The thing is that when the ACLs are checked, it actually doesn't give the user login, but the master login, which is useless. Is there a way to use the first part of destuser as it is done when fetching info from the userdb? Any help is appreciated, Thansk! Alexis -- ACL bug logs : 104184 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: acl username = proxy 104185 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: owner = 0 104186 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl vfile: Global ACL directory: (none) 104187 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: Namespace : type=public, prefix=Shared., sep=., inbox=no,hidden=no, list=yes, subscriptions=no location=maildir:/var/vmail/domain/Shared -- Output of dovecot -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.3 ext3 auth_debug = yes auth_master_user_separator = * auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes first_valid_uid = 150 lmtp_proxy = yes login_trusted_networks = mail01.ip mail_debug = yes mail_location = maildir:/var/vmail/%d/%n mail_nfs_storage = yes mail_plugins = acl mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = maildir:/var/vmail/%d/%n prefix = separator = . type = private } namespace { location = maildir:/var/vmail/domain/Shared prefix = Shared. separator = . subscriptions = no type = public } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 recipient_delimiter = + sieve_after = /var/lib/dovecot/sieve/after.d/ sieve_before = /var/lib/dovecot/sieve/pre.d/ sieve_dir = /var/vmail/%d/%n/sieve sieve_global_path = /var/lib/dovecot/sieve/default.sieve } postmaster_address = user@domain protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service lmtp { inet_listener lmtp { address = mail02.ip port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl = required ssl_cert = /etc/ssl/mailcert.pem ssl_key = /etc/ssl/private/mailkey.pem userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol doveadm { auth_socket_path = director-userdb } protocol lda { mail_plugins = sieve } protocol imap { imap_id_send = name mail_plugins = acl imap_acl } protocol lmtp { passdb { args = /etc/dovecot/dovecot-sql-lmtp.conf driver = sql } passdb { args = /etc/dovecot/dovecot-ldap-lmtp.conf driver = ldap } }
Re: [Dovecot] ACL with IMAP proxying
On Fri, 2012-01-06 at 12:36 +0100, Alexis Lelion wrote: The thing is that when the ACLs are checked, it actually doesn't give the user login, but the master login, which is useless. Yes, this is intentional. Is there a way to use the first part of destuser as it is done when fetching info from the userdb? You should be able to work around this with modifying userdb's query: user_query = select '%n' AS master_user, ...
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On 1/6/2012 5:07 AM, Adrian Minta wrote: Hello, is it possible to disable indexing on dovecot-lda ? Right now postfix delivers the mail directly to the nfs server without any problems. If I switch to dovecot-lda the system crashes do to the high I/O and locking. Indexing on lda is not very useful because the number of of imap logins is less than 5% that of incoming mails, so an user could wait for 3 sec to get his mail index, but a new mail can't. Then why bother with Dovecot LDA w/disabled indexing (the main reason for using it in the first place) instead of simply sticking with Postfix Local(8)? -- Stan
Re: [Dovecot] Deduplication active - but how good does it perform?
On 2012-01-06 5:54 AM, Timo Sirainen t...@iki.fi wrote: On 6.1.2012, at 12.09, Ralf Hildebrandt wrote: I have deduplication active in my first mdbox: type mailbox, but how do I find out how well the deduplication works? Is there a way of finding out how much disk space I saved (if I saved some :) )? You could look at the files in the attachments directory, and see how many links they have. Each file has 2 initially. Each additional link has saved yousize of file bytes of space. Maybe there could be a doveadm command for this? That would be really useful for some kind of stats applications... especially for promoting its use in environments where large attachments are common... -- Best regards, Charles
Re: [Dovecot] Deduplication active - but how good does it perform?
On 2012-01-06 6:58 AM, Charles Marcus cmar...@media-brokers.com wrote: On 2012-01-06 5:54 AM, Timo Sirainen t...@iki.fi wrote: On 6.1.2012, at 12.09, Ralf Hildebrandt wrote: I have deduplication active in my first mdbox: type mailbox, but how do I find out how well the deduplication works? Is there a way of finding out how much disk space I saved (if I saved some :) )? You could look at the files in the attachments directory, and see how many links they have. Each file has 2 initially. Each additional link has saved yousize of file bytes of space. Maybe there could be a doveadm command for this? Incidentally, I use rsnapshot (which is simply a wrapper script for rsync) for my disk based backups. It uses hard links so that you can have hourly/daily/weekly/monthly (or whatever naming scheme you want) snapshots of your backups, but each snapshot simply contains hardlinks to the previous snapshots, so you can literally have hundreds of snapshots that only consume a little more space that one single whole snapshot. Anyway, rsnapshot has to leverage the du command to determine the amount of disk space each snapshot uses (when considered as a separate/standalone snapshot), or how much *actual* space each snapshot consumes (ie, only the files that are *not* hardlinked against a previous backup)... Maybe this could be a starting point for how to do this... http://rsnapshot.org/rsnapshot.html#usage and scroll down to the rsnapshot du command... -- Best regards, Charles
Re: [Dovecot] ACL with IMAP proxying
Hi Timo, Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy Is there any other flag I can set to avoid this? (Something like Y for the password)? Alexis On Fri, Jan 6, 2012 at 12:48 PM, Timo Sirainen t...@iki.fi wrote: On Fri, 2012-01-06 at 12:36 +0100, Alexis Lelion wrote: The thing is that when the ACLs are checked, it actually doesn't give the user login, but the master login, which is useless. Yes, this is intentional. Is there a way to use the first part of destuser as it is done when fetching info from the userdb? You should be able to work around this with modifying userdb's query: user_query = select '%n' AS master_user, ...
Re: [Dovecot] doveadm + dsync merging
On Thu, 2011-12-29 at 15:19 +0100, Pascal Volk wrote: b) Don't have the dsync prefix: dsync mirror - doveadm mirror dsync backup - doveadm backup dsync server - doveadm dsync-server (could be hidden from the doveadm commands list) I did this now, with mirror - sync. I'd prefer doveadm commands with the dsync prefix. (a)) Because: * doveadm already has other 'command groups' like mailbox, director … * that's the way to avoid command clashes (w/o hiding anything) There are already many mail related commands that don't have any prefix. For example I think doveadm import and doveadm backup are quite related. Also dsync is perhaps more about the internal implementation, so in future it's possible that sync/backup works some other way..
Re: [Dovecot] ACL with IMAP proxying
On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy I thought it would have been the other way around.. See if http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? Is there any other flag I can set to avoid this? (Something like Y for the password)? Nope.
Re: [Dovecot] ACL with IMAP proxying
Another possibility: http://wiki2.dovecot.org/PostLoginScripting and set MASTER_USER environment. On Fri, 2012-01-06 at 13:55 +0100, Alexis Lelion wrote: Thanks Timo. I'm actually using a packaged version of Dovecot 2.0 from Debian, so I can't apply the patch easily right now. I'll try do build dovecot this weekend and see if it solves the issue. Cheers Alexis On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen t...@iki.fi wrote: On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy I thought it would have been the other way around.. See if http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? Is there any other flag I can set to avoid this? (Something like Y for the password)? Nope.
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On 01/06/12 13:39, Timo Sirainen wrote: On Fri, 2012-01-06 at 13:07 +0200, Adrian Minta wrote: Hello, is it possible to disable indexing on dovecot-lda ? protocol lda { mail_location = whatever-you-have-now:INDEX=MEMORY } Right now postfix delivers the mail directly to the nfs server without any problems. If I switch to dovecot-lda the system crashes do to the high I/O and locking. Disabling indexing won't disable writing to dovecot-uidlist file. So I don't know if disabling indexes actually helps. I don't have mail_location under protocol lda: protocol lda { # Address to use when sending rejection mails. postmaster_address = postmaster@xxx sendmail_path = /usr/lib/sendmail auth_socket_path = /var/run/dovecot/auth-master mail_plugins = quota syslog_facility = mail } The mail_location is present only global. What to do then ?
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On 01/06/12 13:50, Stan Hoeppner wrote: On 1/6/2012 5:07 AM, Adrian Minta wrote: Hello, is it possible to disable indexing on dovecot-lda ? Right now postfix delivers the mail directly to the nfs server without any problems. If I switch to dovecot-lda the system crashes do to the high I/O and locking. Indexing on lda is not very useful because the number of of imap logins is less than 5% that of incoming mails, so an user could wait for 3 sec to get his mail index, but a new mail can't. Then why bother with Dovecot LDA w/disabled indexing (the main reason for using it in the first place) instead of simply sticking with Postfix Local(8)? Because of sieve and quota support. Another possible advantage will be the support for hashed mailbox directories.
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On Fri, 2012-01-06 at 15:01 +0200, Adrian Minta wrote: protocol lda { mail_location = whatever-you-have-now:INDEX=MEMORY } I don't have mail_location under protocol lda: Just add it there.
Re: [Dovecot] ACL with IMAP proxying
It worked! Thanks a lot for your help and have a wonderful day! On Fri, Jan 6, 2012 at 1:57 PM, Timo Sirainen t...@iki.fi wrote: Another possibility: http://wiki2.dovecot.org/PostLoginScripting and set MASTER_USER environment. On Fri, 2012-01-06 at 13:55 +0100, Alexis Lelion wrote: Thanks Timo. I'm actually using a packaged version of Dovecot 2.0 from Debian, so I can't apply the patch easily right now. I'll try do build dovecot this weekend and see if it solves the issue. Cheers Alexis On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen t...@iki.fi wrote: On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy I thought it would have been the other way around.. See if http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? Is there any other flag I can set to avoid this? (Something like Y for the password)? Nope.
Re: [Dovecot] howto disable indexing on dovecot-lda ?
On 01/06/12 15:08, Timo Sirainen wrote: On Fri, 2012-01-06 at 15:01 +0200, Adrian Minta wrote: protocol lda { mail_location = whatever-you-have-now:INDEX=MEMORY } I don't have mail_location under protocol lda: Just add it there. Thank you ! Dovecot didn't complain after restart and the dovecot -a reports it correctly: lda: postmaster_address: postmaster@xxx sendmail_path: /usr/lib/sendmail auth_socket_path: /var/run/dovecot/auth-master mail_plugins: quota syslog_facility: mail mail_location: maildir:/var/virtual/%d/%u:INDEX=MEMORY I will do a test with this.
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
On 01/06/2012 06:52 PM, Nick Rosier wrote: Yubao Liu wrote: Hi all, I have no idea about that message, here is my configuration, what's wrong? You have 2 passdb entries; 1 with a file and 1 with pam. I'm pretty sure PAM doesn't support DIGEST-MD5 authentication. Could be the cause of the problem. Thanks, that does be the cause. http://hg.dovecot.org/dovecot-2.0/file/684381041dc4/src/auth/auth.c 121 static bool auth_passdb_list_have_lookup_credentials(struct auth *auth) 122 { 123 struct auth_passdb *passdb; 124 125 for (passdb = auth-passdbs; passdb != NULL; passdb = passdb-next) { 126 if (passdb-passdb-iface.lookup_credentials != NULL) 127 return TRUE; 128 } 129 return FALSE; 130 } I don't know why this function doesn't check auth-masterdbs, if I insert these lines after line 128, that error goes away, and dovecot's imap-login process happily does DIGEST-MD5 authentication [1]. In my configuration, masterdbs contains passdb passwd-file, passdbs contains passdb pam. for (passdb = auth-masterdbs; passdb != NULL; passdb = passdb-next) { if (passdb-passdb-iface.lookup_credentials != NULL) return TRUE; } [1] But the authentication for user*master always fails, I realized master users can't login as other users by DIGEST-MD5 or CRAM-MD5 auth mechanisms because these authentication mechanisms use user*master as username in hash algorithm, not just master. Regards, Yubao Liu Debian testing, Dovecot 2.0.15 $ doveconf -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid auth_default_realm = corp.example.com auth_krb5_keytab = /etc/dovecot.keytab auth_master_user_separator = * auth_mechanisms = gssapi digest-md5 auth_realms = corp.example.com auth_username_format = %n first_valid_gid = 1000 first_valid_uid = 1000 mail_location = mdbox:/srv/mail/%u/Mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { driver = pam } plugin { sieve = /srv/mail/%u/.dovecot.sieve sieve_dir = /srv/mail/%u/sieve } protocols = imap lmtp sieve service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } } ssl_cert =/etc/ssl/certs/dovecot.pem ssl_key =/etc/ssl/private/dovecot.pem userdb { args = home=/srv/mail/%u driver = passwd } protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = sieve } # cat /etc/dovecot/master-users x...@corp.example.com: The z is obtained by doveadm pw -s digest-md5 -u x...@corp.example.com, I tried to add prefix {DIGEST-MD5} before the generated hash and/or add scheme=DIGEST-MD5 to the passwd-file passdb's args option, both don't help. The error message: dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) dovecot: auth: Fatal: DIGEST-MD5 mechanism can't be supported with given passdbs gold dovecot: master: Error: service(auth): command startup failed, throttling I opened debug auth log, it showed dovecot read /etc/dovecot/master-users and parsed one line, then the error occurred. Doesn't passwd-file passdb support digest-md5 password scheme? If it doesn't support, how do I configure digest-md5 auth mechanism with digest-md5 password scheme for virtual users? Regards, Yubao Liu Rgds, N.
Re: [Dovecot] v2.1.rc2 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo Sirainen said the following on 06/01/12 17:42: http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc2.tar.gz Making all in doveadm make[3]: Entering directory `/usr/src/dovecot-2.1.rc2/src/doveadm' Making all in dsync make[4]: Entering directory `/usr/src/dovecot-2.1.rc2/src/doveadm/dsync' gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-test - -I../../../src/lib-settings -I../../../src/lib-master -I../../../src/lib-mail - -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage - -I../../../src/doveadm -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes - -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 - -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include-MT doveadm-dsync.o -MD -MP -MF .deps/doveadm-dsync.Tpo -c -o doveadm-dsync.o doveadm-dsync.c doveadm-dsync.c:17:27: error: doveadm-dsync.h: No such file or directory doveadm-dsync.c:386: warning: no previous prototype for ‘doveadm_dsync_main’ make[4]: *** [doveadm-dsync.o] Error 1 make[4]: Leaving directory `/usr/src/dovecot-2.1.rc2/src/doveadm/dsync' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/usr/src/dovecot-2.1.rc2/src/doveadm' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/dovecot-2.1.rc2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/dovecot-2.1.rc2' make: *** [all] Error 2 In fact the file doveadm-dsync.h is not in the tarball Ciao, luigi - -- / +--[Luigi Rosa]-- \ Non cercare di vincere mai un gatto in testardaggine. --Robert A. Heinlein -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8HK68ACgkQ3kWu7Tfl6ZRCkgCgwUGMxj12NBI3p8FO0W2AIBwW uSAAn3YuEAtm5ulsvWaPuPeylK2e/Vpc =kzD0 -END PGP SIGNATURE-
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
On 01/07/2012 12:44 AM, Timo Sirainen wrote: On Sat, 2012-01-07 at 00:15 +0800, Yubao Liu wrote: I don't know why this function doesn't check auth-masterdbs, if I insert these lines after line 128, that error goes away, and dovecot's imap-login process happily does DIGEST-MD5 authentication [1]. In my configuration, masterdbs contains passdb passwd-file, passdbs contains passdb pam. So .. you want DIGEST-MD5 authentication for the master users, but not for anyone else? I hadn't really thought anyone would want that.. I hope users use GSSAPI authentication from native MUA, but RoundCube webmail doesn't support that, so that I have to use DIGEST-MD5/CRAM-MD5/ PLAIN/LOGIN for authentication between RoundCube and Dovecot, and let RoundCube login as master user for normal user. I really don't like to transfer password as plain text, so I prefer DIGEST-MD5 and CRAM-MD5 for both auth mechanisms and password schemes. My last email is partially wrong, DIGEST-MD5 can't be used for master users because 'real_user*master_user' is used to calculate digest in IMAP client, this can't be consistent with digest in passdb because only 'master_user' is used to calculate digest. But CRAM-MD5 doesn't use user name to calculate digest, I just tried it successfully with my rude patch to src/auth/auth.c in my previous email:-) # doveadm pw -s CRAM-MD5 -u webmail (use 123456 as passwd) # cat /etc/dovecot/master-users webmail:{CRAM-MD5}dd59f669267e9bb13d42a1ba57c972c5b13a4b2ae457c9ada8035dc7d8bae41b ^D $ gsasl --imap imap.corp.example.com --verbose -m CRAM-MD5 -a 'dieken*webm...@corp.example.com' -p 123456 Trying `gold.corp.example.com'... * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. . CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 . OK Pre-login capabilities listed, post-login capabilities have more. . STARTTLS . OK Begin TLS negotiation now. . CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 . OK Pre-login capabilities listed, post-login capabilities have more. . AUTHENTICATE CRAM-MD5 + PDM1OTIzODgxNjgyNzUxMjUuMTMyNTg3MDQwMkBnb2xkPg== ZGlla2VuKndlYm1haWxAY29ycC5leGFtcGxlLmNvbSBkYjRlZWJlMTUwZGZjZjg5NTVkODZhNDBlMGJiZmQzNA== * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS Client authentication finished (server trusted)... Enter application data (EOF to finish): It's also OK to use -a 'dieken*webmail' instead of -a 'dieken*webm...@corp.example.com'. # doveconf -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid auth_debug = yes auth_debug_passwords = yes auth_default_realm = corp.example.com auth_krb5_keytab = /etc/dovecot.keytab auth_master_user_separator = * auth_mechanisms = gssapi digest-md5 cram-md5 auth_realms = corp.example.com auth_username_format = %n auth_verbose = yes auth_verbose_passwords = plain first_valid_gid = 1000 first_valid_uid = 1000 mail_debug = yes mail_location = mdbox:/srv/mail/%u/Mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { driver = pam } plugin { sieve = /srv/mail/%u/.dovecot.sieve sieve_dir = /srv/mail/%u/sieve } protocols = imap lmtp sieve service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = home=/srv/mail/%u driver = passwd } verbose_ssl = yes protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = sieve } Regards, Yubao Liu
Re: [Dovecot] Possible mdbox corruption
On 1/6/2012 2:57 AM, Timo Sirainen wrote: On 6.1.2012, at 12.55, Timo Sirainen wrote: Jan 4 05:17:17 bubba dovecot: master: Error: service(indexer-worker): child 10896 returned error 83 (Out of memory (vsz_limit=256 MB, you may need to increase it)) Jan 4 06:17:17 bubba dovecot: indexer-worker(us...@domain.com): Fatal: pool_system_realloc(134217728): Out of memory The problem is clearly that index-worker's vsz_limit is too low. Increase it (or default_vsz_limit). Although the source of the out-of-memory /usr/local/lib/dovecot/libdovecot.so.0(buffer_write+0x7c) [0x7f0ec1a550ec] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x3292) [0x7f0ec024f292] - is something that shouldn't really be happening. I guess the Solr plugin wastes memory unnecessarily, I'll see what I can do about it. But for now just increase vsz limit. I set default_vsz_limit = 1024M. Those errors appear gone - but I do have messages like: Jan 6 09:22:42 bubba dovecot: indexer-worker(us...@domain.com): Error: fts_solr: Indexing failed: 400 Illegal character ((CTRL-CHAR, code 18)) at [row,col {unknown-source}]: [482765,16] Jan 6 09:22:42 bubba dovecot: indexer-worker: Error: Google seems to indicate that Solr cannot handle invalid characters - and that it is the responsibility of the calling program to strip out such. A quick search shows me a both an individual character comparison in Java and a regex used for the purpose. Is there any illegal character protection in the Dovecot Solr plugin? -- Daniel
Re: [Dovecot] Possible mdbox corruption
On 6.1.2012, at 19.30, Daniel L. Miller wrote: Jan 6 09:22:42 bubba dovecot: indexer-worker(us...@domain.com): Error: fts_solr: Indexing failed: 400 Illegal character ((CTRL-CHAR, code 18)) at [row,col {unknown-source}]: [482765,16] Jan 6 09:22:42 bubba dovecot: indexer-worker: Error: Google seems to indicate that Solr cannot handle invalid characters - and that it is the responsibility of the calling program to strip out such. A quick search shows me a both an individual character comparison in Java and a regex used for the purpose. Is there any illegal character protection in the Dovecot Solr plugin? Yes, there is. So I'm not really sure what it's complaining about. Are you using the solr or solr_old backend?
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
On 01/07/2012 12:44 AM, Timo Sirainen wrote: On Sat, 2012-01-07 at 00:15 +0800, Yubao Liu wrote: I don't know why this function doesn't check auth-masterdbs, if I insert these lines after line 128, that error goes away, and dovecot's imap-login process happily does DIGEST-MD5 authentication [1]. In my configuration, masterdbs contains passdb passwd-file, passdbs contains passdb pam. So .. you want DIGEST-MD5 authentication for the master users, but not for anyone else? I hadn't really thought anyone would want that.. Is there any special reason that master passdb isn't taken into account in src/auth/auth.c:auth_passdb_list_have_lookup_credentials() ? I feel master passdb is also a kind of passdb. http://wiki2.dovecot.org/PasswordDatabase You can use multiple databases, so if the password doesn't match in the first database, Dovecot checks the next one. This can be useful if you want to easily support having both virtual users and also local system users (see Authentication/MultipleDatabases http://wiki2.dovecot.org/Authentication/MultipleDatabases). This is exactly my use case, I use Kerberos for system users, I'm curious why master passdb isn't used to check have_lookup_credentials ability. http://wiki2.dovecot.org/Authentication/MultipleDatabases Currently the fallback works only with the PLAIN authentication mechanism. I hope this limitation can be relaxed. Regards, Yubao Liu
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
On 6.1.2012, at 19.45, Yubao Liu wrote: On 01/07/2012 12:44 AM, Timo Sirainen wrote: On Sat, 2012-01-07 at 00:15 +0800, Yubao Liu wrote: I don't know why this function doesn't check auth-masterdbs, if I insert these lines after line 128, that error goes away, and dovecot's imap-login process happily does DIGEST-MD5 authentication [1]. In my configuration, masterdbs contains passdb passwd-file, passdbs contains passdb pam. So .. you want DIGEST-MD5 authentication for the master users, but not for anyone else? I hadn't really thought anyone would want that.. Is there any special reason that master passdb isn't taken into account in src/auth/auth.c:auth_passdb_list_have_lookup_credentials() ? I feel master passdb is also a kind of passdb. I guess it could be changed. It wasn't done intentionally that way. This is exactly my use case, I use Kerberos for system users, I'm curious why master passdb isn't used to check have_lookup_credentials ability http://wiki2.dovecot.org/Authentication/MultipleDatabases Currently the fallback works only with the PLAIN authentication mechanism. I hope this limitation can be relaxed. It might already be .. I don't remember. In any case you have only PAM passdb, so it shouldn't matter. GSSAPI isn't a passdb.
[Dovecot] v2.1.rc3 released
http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc3.tar.gz http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc3.tar.gz.sig Whops, rc2 was missing a file. I always run make distcheck, which should catch these, but recently it has always failed due to clang static checking giving one error that I didn't really want to fix. Because of that the distcheck didn't finish and didn't check for the missing file. So, anyway, I've made clang happy again, and now that I see how bad idea it is to just ignore the failed distcheck, I won't do that again in future. :)
[Dovecot] change initial permissions on creation of mail folder
Installed dovcot from Debian .deb file. Creating a new account for system users sets permission for user-only. Where to change initial permissions on creation of mail folder and other subdirectories. Installed dovecot using apt-get install dovecot-imapd dovecot-pop3d. Any time when I create a new account in my mail client for a system user, Dovecot tries to create ~/mail/.imap/INBOX. The permissions for mail and .imap are set to 0700. By this permissions INBOX can not be created leading to an error message in log files. When I manualy change the permissions to 0770, INBOX is created
Re: [Dovecot] v2.1.rc2 released
On Fri, Jan 06, 2012 at 06:42:07PM +0200, Timo Sirainen wrote: http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc2.tar.gz http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc2.tar.gz.sig Lots of fixes since rc1. Some of the changes were larger than I wanted at RC stage, but they had to be done now.. Hopefully it's all over now, and we can have v2.1.0 soon. :) Some of the more important changes: * dsync was merged into doveadm. There is still dsync symlink pointing to doveadm, which you can use the old way for now. The preferred ways to run dsync are doveadm sync (for old dsync mirror) and doveadm backup. + IMAP SPECIAL-USE extension to describe mailboxes + Added mailbox {} sections, which deprecate autocreate plugin + lib-fs: Added mode parameter to posix backend to specify mode for created files/dirs (for mail_attachment_dir). + inet_listener names are now used to figure out what type the socket is when useful. For example naming service auth { inet_listener } to auth-client vs. auth-userdb has different behavior. + Added pop3c (= POP3 client) storage backend. - LMTP proxying code was simplified, hopefully fixing its problems. - dsync: Don't remove user's subscriptions for subscriptions=no namespaces. Suggestion: Get rid of the --as-needed ld flag. This is a show stopper for me. Also, Making all in doveadm Making all in dsync gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-test -I../../../src/lib-settings -I../../../src/lib-master -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/doveadm-std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -I/usr/contrib/include -MT doveadm-dsync.o -MD -MP -MF .deps/doveadm-dsync.Tpo -c -o doveadm-dsync.o doveadm-dsync.c doveadm-dsync.c:17:27: doveadm-dsync.h: No such file or directory doveadm-dsync.c:386: warning: no previous prototype for `doveadm_dsync_main' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Looks like rc3 needed . -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 !
Re: [Dovecot] v2.1.rc2 released
On Fri, Jan 06, 2012 at 01:12:56PM -0700, The Doctor wrote: On Fri, Jan 06, 2012 at 06:42:07PM +0200, Timo Sirainen wrote: http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc2.tar.gz http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc2.tar.gz.sig Lots of fixes since rc1. Some of the changes were larger than I wanted at RC stage, but they had to be done now.. Hopefully it's all over now, and we can have v2.1.0 soon. :) Some of the more important changes: * dsync was merged into doveadm. There is still dsync symlink pointing to doveadm, which you can use the old way for now. The preferred ways to run dsync are doveadm sync (for old dsync mirror) and doveadm backup. + IMAP SPECIAL-USE extension to describe mailboxes + Added mailbox {} sections, which deprecate autocreate plugin + lib-fs: Added mode parameter to posix backend to specify mode for created files/dirs (for mail_attachment_dir). + inet_listener names are now used to figure out what type the socket is when useful. For example naming service auth { inet_listener } to auth-client vs. auth-userdb has different behavior. + Added pop3c (= POP3 client) storage backend. - LMTP proxying code was simplified, hopefully fixing its problems. - dsync: Don't remove user's subscriptions for subscriptions=no namespaces. Suggestion: Get rid of the --as-needed ld flag. This is a show stopper for me. Also, Making all in doveadm Making all in dsync gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-test -I../../../src/lib-settings -I../../../src/lib-master -I../../../src/lib-mail -I../../../src/lib-imap -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/doveadm -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -I/usr/contrib/include -MT doveadm-dsync.o -MD -MP -MF .deps/doveadm-dsync.Tpo -c -o doveadm-dsync.o doveadm-dsync.c doveadm-dsync.c:17:27: doveadm-dsync.h: No such file or directory doveadm-dsync.c:386: warning: no previous prototype for `doveadm_dsync_main' *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Looks like rc3 needed . Just noted your rc3 notice. Can you get an rc4 going where the above 2 mentions are fixed? -- Member - Liberal InternationalThis is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 ! -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! https://www.fullyfollow.me/rootnl2k Merry Christmas 2011 and Happy New Year 2012 !
Re: [Dovecot] v2.1.rc2 released
On 6.1.2012, at 22.19, The Doctor wrote: doveadm-dsync.c:17:27: doveadm-dsync.h: No such file or directory doveadm-dsync.c:386: warning: no previous prototype for `doveadm_dsync_main' *** Error code 1 Looks like rc3 needed . Just noted your rc3 notice. Can you get an rc4 going where the above 2 mentions are fixed? rc3 fixes these.
Re: [Dovecot] Possible mdbox corruption
On 1/6/2012 9:36 AM, Timo Sirainen wrote: On 6.1.2012, at 19.30, Daniel L. Miller wrote: Jan 6 09:22:42 bubba dovecot: indexer-worker(us...@domain.com): Error: fts_solr: Indexing failed: 400 Illegal character ((CTRL-CHAR, code 18)) at [row,col {unknown-source}]: [482765,16] Jan 6 09:22:42 bubba dovecot: indexer-worker: Error: Google seems to indicate that Solr cannot handle invalid characters - and that it is the responsibility of the calling program to strip out such. A quick search shows me a both an individual character comparison in Java and a regex used for the purpose. Is there any illegal character protection in the Dovecot Solr plugin? Yes, there is. So I'm not really sure what it's complaining about. Are you using the solr or solr_old backend? Solr. plugin { fts = solr fts_solr = url=http://localhost:8983/solr/ } -- Daniel
[Dovecot] failed: Too many levels of symbolic links
All, My dovecot install works great except for one error I keep seeing this in my logs. The folder has 7138 messages in it. I am informed the user they needed to reduce the number of messages in the folder and believe this will fix the problem. My question is about where the problem lies. Is the problem related to an internal limit with Dovecot v2.0.15 or with my Debian (3.1.0-1-amd64)? Thanks --- dovecot: imap(xx...@x.com): Error: readdir(///X/X/XXX/XXX/XXX) failed: Too many levels of symbolic links David Egbert Paperclip Systems, LLC --- This message, its contents, and attachments are confidential and are only authorized for the intended recipient. Disclosure, re-distribution, or use of said information is strictly prohibited, and may be excluded from disclosure by applicable law. If you are not the intended recipient, or their intermediary, please notify the sender and delete this message.
Re: [Dovecot] failed: Too many levels of symbolic links
On 6.1.2012, at 22.44, David Egbert wrote: dovecot: imap(xx...@x.com): Error: readdir(///X/X/XXX/XXX/XXX) failed: Too many levels of symbolic links You have a symlink loop. Either a symlink that points to itself or one of the parent directories.
Re: [Dovecot] 2.1.rc1 (056934abd2ef): virtual plugin mailbox search pattern
ON 23.12.2011 18:33, wrote e-frog: Hello Timo, With dovecot 2.1.rc1 (056934abd2ef) there seems to be something wrong with virtual plugin mailbox search patterns. I'm using a virtual mailbox 'unread' with the following dovecot-virtual file $ cat dovecot-virtual * unseen For testing propose I created the following folders with each containing one unread message INBOX, INBOX/level1 and INBOX/level1/level2 2.1.rc1 (056934abd2ef) 1 LIST * * LIST (\HasChildren) / INBOX * LIST (\HasChildren) / INBOX/level1 * LIST (\HasNoChildren) / INBOX/level1/level2 * LIST (\HasChildren) / virtual * LIST (\HasNoChildren) / virtual/unread 1 OK List completed. 2 STATUS INBOX (UNSEEN) * STATUS INBOX (UNSEEN 1) 2 OK Status completed. 3 STATUS INBOX/level1 (UNSEEN) * STATUS INBOX/level1 (UNSEEN 1) 3 OK Status completed. 4 STATUS INBOX/level1/level2 (UNSEEN) * STATUS INBOX/level1/level2 (UNSEEN 1) 4 OK Status completed. 5 STATUS virtual/unread (UNSEEN) * STATUS virtual/unread (UNSEEN 1) 5 OK Status completed. Result: virtual/unread shows only 1 unseen message. Further tests showed it's the one from INBOX. The mails from the deeper levels are not found. Downgrading to 2.0.16 restores the correct behavior: 1 LIST * * LIST (\HasChildren) / INBOX * LIST (\HasChildren) / INBOX/level1 * LIST (\HasNoChildren) / INBOX/level1/level2 * LIST (\HasChildren) / virtual * LIST (\HasNoChildren) / virtual/unread 1 OK List completed. 2 STATUS INBOX (UNSEEN) * STATUS INBOX (UNSEEN 1) 2 OK Status completed. 3 STATUS INBOX/level1 (UNSEEN) * STATUS INBOX/level1 (UNSEEN 1) 3 OK Status completed. 4 STATUS INBOX/level1/level2 (UNSEEN) * STATUS INBOX/level1/level2 (UNSEEN 1) 4 OK Status completed. 5 STATUS virtual/unread (UNSEEN) * STATUS virtual/unread (UNSEEN 3) 5 OK Status completed. Result: virtual/unread shows 3 unseen messages as it should The namespace configuration is as following namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { location = virtual:~/virtual prefix = virtual/ separator = / subscriptions = no type = private } I've also tried this with location = virtual:~/virtual:LAYOUT=maildir++ leading to the same result. Thanks, e-frog Just tested this on 2.1.rc3 and this still doesn't work like in v2.0. It seems like the search stops at the first hierarchy separator. Is there anything in addition I can do to help fix this issue? Thanks, e-frog
Re: [Dovecot] failed: Too many levels of symbolic links
On 1/6/2012 2:16 PM, Timo Sirainen wrote: On 6.1.2012, at 22.44, David Egbert wrote: dovecot: imap(xx...@x.com): Error: readdir(///X/X/XXX/XXX/XXX) failed: Too many levels of symbolic links You have a symlink loop. Either a symlink that points to itself or one of the parent directories. I thought that might have been the case, but I checked and there are no symlinks in that directory, or any of the directories above it in the path. All of the directories and files were created by dovecot. I didn't notice this in the logs until recently. The files are stored on an NFS Raid if that makes any difference. --- David Egbert
Re: [Dovecot] failed: Too many levels of symbolic links
On 6.1.2012, at 23.41, David Egbert wrote: On 1/6/2012 2:16 PM, Timo Sirainen wrote: On 6.1.2012, at 22.44, David Egbert wrote: dovecot: imap(xx...@x.com): Error: readdir(///X/X/XXX/XXX/XXX) failed: Too many levels of symbolic links You have a symlink loop. Either a symlink that points to itself or one of the parent directories. I thought that might have been the case, but I checked and there are no symlinks in that directory, or any of the directories above it in the path. All of the directories and files were created by dovecot. I didn't notice this in the logs until recently. The files are stored on an NFS Raid if that makes any difference. Well, then.. You have a bit too many Xes in there for me to guess which readdir() is the one failing. I guess it's /new or /cur for a Maildir? Anyway, readdir() is failing with ELOOP. Does it always fail with Too many levels of symbolic links or is it sometimes different? This sounds like a bug in Linux NFS client code. You can reproduce this always with this one user's Maildir? Can you do ls in the directory?
Re: [Dovecot] failed: Too many levels of symbolic links
On 1/6/2012 2:51 PM, Timo Sirainen wrote: On 6.1.2012, at 23.41, David Egbert wrote: On 1/6/2012 2:16 PM, Timo Sirainen wrote: On 6.1.2012, at 22.44, David Egbert wrote: dovecot: imap(xx...@x.com): Error: readdir(///X/X/XXX/XXX/XXX) failed: Too many levels of symbolic links You have a symlink loop. Either a symlink that points to itself or one of the parent directories. I thought that might have been the case, but I checked and there are no symlinks in that directory, or any of the directories above it in the path. All of the directories and files were created by dovecot. I didn't notice this in the logs until recently. The files are stored on an NFS Raid if that makes any difference. Well, then.. You have a bit too many Xes in there for me to guess which readdir() is the one failing. I guess it's /new or /cur for a Maildir? Anyway, readdir() is failing with ELOOP. Does it always fail with Too many levels of symbolic links or is it sometimes different? This sounds like a bug in Linux NFS client code. You can reproduce this always with this one user's Maildir? Can you do ls in the directory? Sorry about the X's... it is a client directory. We support many domains and their privacy is paramount. You are correct it is in the /cur directory. I can LS all of directories without problems. This user has 10+Gb in his mail box spread across 352 subscribed folders. As for the logs it is always the directory, always the same error. David Egbert
Re: [Dovecot] failed: Too many levels of symbolic links
On 7.1.2012, at 0.10, David Egbert wrote: Anyway, readdir() is failing with ELOOP. Does it always fail with Too many levels of symbolic links or is it sometimes different? This sounds like a bug in Linux NFS client code. You can reproduce this always with this one user's Maildir? Can you do ls in the directory? Sorry about the X's... it is a client directory. We support many domains and their privacy is paramount. You are correct it is in the /cur directory. I can LS all of directories without problems. This user has 10+Gb in his mail box spread across 352 subscribed folders. As for the logs it is always the directory, always the same error. Try the attached test program. Run it as: ./readdir /path/to/Maildir/cur Does it also give non-zero error? readdir.c Description: Binary data
Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
On 01/07/2012 01:51 AM, Timo Sirainen wrote: On 6.1.2012, at 19.45, Yubao Liu wrote: On 01/07/2012 12:44 AM, Timo Sirainen wrote: On Sat, 2012-01-07 at 00:15 +0800, Yubao Liu wrote: I don't know why this function doesn't check auth-masterdbs, if I insert these lines after line 128, that error goes away, and dovecot's imap-login process happily does DIGEST-MD5 authentication [1]. In my configuration, masterdbs contains passdb passwd-file, passdbs contains passdb pam. So .. you want DIGEST-MD5 authentication for the master users, but not for anyone else? I hadn't really thought anyone would want that.. Is there any special reason that master passdb isn't taken into account in src/auth/auth.c:auth_passdb_list_have_lookup_credentials() ? I feel master passdb is also a kind of passdb. I guess it could be changed. It wasn't done intentionally that way. I guess this change broke old way: http://hg.dovecot.org/dovecot-2.0/rev/b05793c609ac In old version, auth-passdbs contains all passdbs, this revision changes auth-passdbs to only contain non-master passdbs. I'm not sure which fix is better or even my proposal is correct or fully: a) in src/auth/auth.c:auth_passdb_preinit(), insert master passdb to auth-passdbs too, and remove duplicate code for masterdbs in auth_init() and auth_deinit(). b) add similar code for masterdbs in auth_passdb_list_have_verify_plain(), auth_passdb_list_have_lookup_credentials(), auth_passdb_list_have_set_credentials(). This is exactly my use case, I use Kerberos for system users, I'm curious why master passdb isn't used to check have_lookup_credentials ability http://wiki2.dovecot.org/Authentication/MultipleDatabases Currently the fallback works only with the PLAIN authentication mechanism. I hope this limitation can be relaxed. It might already be .. I don't remember. In any case you have only PAM passdb, so it shouldn't matter. GSSAPI isn't a passdb. If the fix above is added, then I can use CRAM-MD5 with master passwd-file passdb and normal pam passdb, else imap-login process can't startup due to check in auth_mech_list_verify_passdb(). Attached two patches against dovecot-2.0 branch for the two schemes, the first is cleaner but may affect other logics in other source files. Another related question is pass option in master passdb, if I set it to yes, the authentication fails: Jan 7 11:26:00 gold dovecot: auth: Debug: client in: AUTH#0111#011CRAM-MD5#011service=imap#011secured#011lip=127.0.1.1#011rip=127.0.0.1#011lport=143#011rport=51771 Jan 7 11:26:00 gold dovecot: auth: Debug: client out: CONT#0111#011PDk4NjcwMDY1MTU3NzI3MjguMTMyNTkwNjc2MEBnb2xkPg== Jan 7 11:26:00 gold dovecot: auth: Debug: client in: CONT#0111#011ZGlla2VuKndlYm1haWwgYmNkMzFiMWE1YjQ1OWQ0OGRkZWQ4ZmIzZDhmMjVhZTc= Jan 7 11:26:00 gold dovecot: auth: Debug: auth(webmail,127.0.0.1,master): Master user lookup for login: dieken Jan 7 11:26:00 gold dovecot: auth: Debug: passwd-file(webmail,127.0.0.1,master): lookup: user=webmail file=/etc/dovecot/master-users Jan 7 11:26:00 gold dovecot: auth: passdb(webmail,127.0.0.1,master): Master user logging in as dieken Jan 7 11:26:00 gold dovecot: auth: Error: passdb(dieken,127.0.0.1): No passdbs support skipping password verification - pass=yes can't be used in master passdb Jan 7 11:26:00 gold dovecot: auth: Debug: password(dieken,127.0.0.1): passdb doesn't support credential lookups My normal passdb is a PAM passdb, it doesn't support credential lookups, that's reasonable, but I feel the comment for pass option is confusing: $ less /etc/dovecot/conf.d/auth-master.conf.ext # Example master user passdb using passwd-file. You can use any passdb though. passdb { driver = passwd-file master = yes args = /etc/dovecot/master-users # Unless you're using PAM, you probably still want the destination user to # be looked up from passdb that it really exists. pass=yes does that. pass = yes } According the comment, it's to check whether the real user exists, why not to check userdb but another passdb? Even it must check against passdb, in this case, it's obvious not necessary to lookup credentials, it's enough to to lookup user name only. Regards, Yubao Liu diff -r 38972af8bd29 src/auth/auth.c --- a/src/auth/auth.c Fri Jan 06 16:04:20 2012 +0200 +++ b/src/auth/auth.c Sat Jan 07 10:24:12 2012 +0800 @@ -69,12 +69,10 @@ db_count = 0; } - /* initialize passdbs first and count them */ for (passdb_count = 0, i = 0; i db_count; i++) { if (passdbs[i]-master) continue; - auth_passdb_preinit(auth, passdbs[i], auth-passdbs); passdb_count++; last_passdb = i; } @@ -82,6 +80,8 @@ i_fatal(Last passdb can't have pass=yes); for (i = 0; i db_count; i++) { + auth_passdb_preinit(auth, passdbs[i], auth-passdbs); + if (!passdbs[i]-master) continue; @@ -190,8 +190,6 @@ struct auth_passdb *passdb; struct auth_userdb *userdb; - for (passdb = auth-masterdbs; passdb