Re: [Dovecot] shared mailboxes and indexes
El 23/11/12 08:07, Timo Sirainen escribió: On 16.11.2012, at 12.11, Angel L. Mateo wrote: We are deploying shared mailboxes in our mail system. We are running 2.1.9 and mail backend is maildir. As described at http://wiki.dovecot.org/SharedMailboxes/Shared when shared namespace is configured as namespace shared { separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children } each user accessing this folder has its own index, stored in ~/Maildir/shared/%%u/shared mailbox, hasn't it? Right. Our mail is store in NFS disks so we are very concerned about indexes optimizations (we had performance problems until we got all of our indexes and nfs tunned). So, is there any way so those indexes could be shared for all users (and they always would be updated). If you don't need per-user flags you can just remove the per-user INDEX. If you want per-user flags and want to share indexes, you need the new INDEXPVT option that exists in v2.2 or as a patch to v2.1: http://dovecot.org/patches/2.1/private-index.diff Regarding this... if we'd use dbox instead of maildir, indexes are a really important part of the mailbox and they can't be re-constructed when they are outdated. So, how do shared mailboxes work with dbox backend? Do I have to configure indexes in any particular way? INDEXPVT is a requirement with dbox if you want per-user flags. BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. Oh... sad to read this. I have multiple backend server behind a director one. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
Re: [Dovecot] doveadm fails with passdb authentication binds (dovecot 2.0.16)
Hello, # doveadm mailbox list -u user001 doveadm(user001): Error: user user001: Auth PASS lookup failed doveadm(user001): Fatal: passdb lookup failed Are you running this on a Dovecot proxy? It looks like doveadm wants to do a passdb lookup to find out which server should handle this user. Passdb lookups don't work with LDAP binding. But if everything else works then I think you simply shouldn't have enabled doveadm proxying. So, set doveadm_proxy_port back to 0? thank you Timo, setting doveadm_proxy_port to 0 did the trick.
Re: [Dovecot] Dovecot sieve with postfix.
Hi, thanks for the reply. I'm new to all this. How can I tell if postfix is deferring messages, or if it thinks they've been delieverd? Where is the postfix log? How do I feed a message to dovecot-lda manually, as mailman? How do I use LMTP instead of LDA? */#!/*JoePea On Mon, Nov 19, 2012 at 8:47 AM, Ben Morrow b...@morrow.me.uk wrote: At 6AM -0800 on 19/11/12 you (/#!/JoePea) wrote: I can't get dovecot working with postfix. If I leave virtual_transport set to virtual, I can send and receive messages just fine in roundcube. If I set virtual_transport to dovecot, I can only send messages in roundcube, but incoming messages never arrive. Seems I can't get dovecot-lda to work. I need dovecot-lda in order for sieve filters to work. Any idea what I'm doing wrong? Here's `doveconf -n`: http://pastie.org/5401133 `postconf -n`: http://pastie.org/5401157 and `postconf -M`: http://pastie.org/5401177 The only obvious thing I can see wrong there is that you have mail_plugins = sieve in dovecot.conf, which should be mail_plugins = sieve but I don't know that that would prevent delivery. Is Postfix deferring the message, or does it think it's been delivered? What do you see in your logs when a message is delivered (since you've redirected Dovecot away from syslog, you'd need to look at both Postfix's and Dovecot's logs)? What happens if you feed a message to dovecot-lda manually, as 'mailman'? Check the exitcode of lda and the logs, as well as seeing if the message was delivered. Since you've set up a dedicated transport for Dovecot, it would probably be worth using LMTP instead of the LDA. It should be more efficient, and since you're only using a single virtual user you can tell dovecot to run the LMTP server as 'mailman' instead of root. Ben
Re: [Dovecot] Dovecot sieve with postfix.
Hi, I tried changing dovecot-lda to deliver in master.cf and also added the acl plugin to the lda protocol like yours. It still won't work though. */#!/*JoePea On Mon, Nov 19, 2012 at 9:04 AM, Fi4IT - Daniel Fischer dfisc...@fi4it.dewrote: Hello Joe, i use this: main.cf virtual_transport = dovecot master.cf dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} /etc/dovecot/conf.d/15-lda.**conf protocol lda { log_path = /var/log/sieve.log mail_plugins = acl sieve } and that works fine with my tested clients (tb,outlook,roundcube) daniel Am 19.11.2012 15:17, schrieb /#!/JoePea: Hi all, I can't get dovecot working with postfix. If I leave virtual_transport set to virtual, I can send and receive messages just fine in roundcube. If I set virtual_transport to dovecot, I can only send messages in roundcube, but incoming messages never arrive. Seems I can't get dovecot-lda to work. I need dovecot-lda in order for sieve filters to work. Any idea what I'm doing wrong? Here's `doveconf -n`: http://pastie.org/5401133 `postconf -n`: http://pastie.org/5401157 and `postconf -M`: http://pastie.org/5401177 Note: All I have to do is change virtual_transport = dovecot to virtual_transport = virtual and all will be fine, except for that I won't have sieve filtering which is what I really want. */#!/*JoePea -- Fischer Daniel FI4IT - that's it Messerschmittstrasse 17 89231 Neu Ulm Email: dfisc...@fi4it.de Web: www.fi4it.de Telefon: 073180019370 Fax: 073180019375 Mobil: 01729230731
Re: [Dovecot] Dovecot sieve with postfix.
At 2AM -0800 on 26/11/12 you (/#!/JoePea) wrote: Hi, thanks for the reply. I'm new to all this. How can I tell if postfix is deferring messages, or if it thinks they've been delieverd? Where is the postfix log? You can tell if a message is still in the queue with 'mailq'. You can find out why by reading the log. If messages are being deferred they will eventually start bouncing, once Postfix decides they've spent too long in the queue. Postfix normally logs through the 'mail' facility of syslog. How do I feed a message to dovecot-lda manually, as mailman? Something along the lines of sudo -u mailman /usr/lib/dovecot/dovecot-lda -f some@user -d some@user /some/mail/message as root should work, depending on your sudo setup. Otherwise you will need to use su, which can be more awkward. How do I use LMTP instead of LDA? Read the wiki for the Dovecot end, and use virtual_transport = lmtp:unix:/path/to/lmtp/socket on the Postfix end. You will want to test the LMTP server is working manually (with nc -U or something) before trying to get Postfix to deliver to it. Ben
[Dovecot] IMAP proxy - can it detect parodying to itself?
Hi all, I have some IMAP servers fronted with separate perdition processes, and it would be ideal if I could collapse this down to having dovecot do both the IMAP proxying and the IMAP serving at the same time on the same IP addresses. One of the fields in my LDAP entries contains the canonical name of the server that hosts their mailbox, and if I follow the manual at http://wiki2.dovecot.org/PasswordDatabase/ExtraFields#LDAP I could add the host field to enable proxying. My question is whether dovecot has the ability to notice whether dovecot is being asked to proxy to itself, in other words the value of host is the current dovecot server, and when this happens, ignore the proxy and just be a straight IMAP server, because the user has connected to the right box already. Is this possible? Regards, Graham -- smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] IMAP proxy - can it detect parodying to itself?
On 26 Nov 2012, at 4:24 PM, Graham Leggett minf...@sharp.fm wrote: I have some IMAP servers fronted with separate perdition processes, and it would be ideal if I could collapse this down to having dovecot do both the IMAP proxying and the IMAP serving at the same time on the same IP addresses. A heartfelt thanks to Apple Autocorrect for changing parodying, oops, I meant parodying, aargh, I meant p r o x y i n g, to parodying in the subject of this message. Regards, Graham -- smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] IMAP proxy - can it detect parodying to itself?
At 4PM +0200 on 26/11/12 you (Graham Leggett) wrote: Hi all, I have some IMAP servers fronted with separate perdition processes, and it would be ideal if I could collapse this down to having dovecot do both the IMAP proxying and the IMAP serving at the same time on the same IP addresses. One of the fields in my LDAP entries contains the canonical name of the server that hosts their mailbox, and if I follow the manual at http://wiki2.dovecot.org/PasswordDatabase/ExtraFields#LDAP I could add the host field to enable proxying. You also need the 'proxy' or 'proxy_maybe' field, which is a boolean (the field just needs to be present). If you just configure 'host' you will get login referrals, which is not what you want. My question is whether dovecot has the ability to notice whether dovecot is being asked to proxy to itself, in other words the value of host is the current dovecot server, and when this happens, ignore the proxy and just be a straight IMAP server, because the user has connected to the right box already. This is what happens if you use 'proxy_maybe' instead of 'proxy'. Ben
[Dovecot] lmtp_rcpt_check_quota working somewhere?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I'm running Dovecot v2.1 and enabled the lmtp_rcpt_check_quota option in conf.d/20-lmtp.conf, because I just found it in the sample config. Is this option working somewhere? When I have the option enabled, I get _no_ response in the RCPT TO phase, if the user is under quota. If I go on and enter the DATA keyword eventually, I get 554 5.5.1 No valid recipients, so it looks like, the user is really ignored at all. For an user over quota, I get: 552 5.2.2 user Quota exceeded (mailbox for user is full) Without lmtp_rcpt_check_quota LMTP works fine. For the user over quota I get the error after DATA phase, the user under quota gets the message delivered. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBULOTyWoxLS8a3A9mAQITfggAoC0ujUXE53ePUEsTUHXlL2S0/hQCdAgA ppZnUPv9Gjh2oZjjrOmPa+zYVnd+6xK9m58bV4b7FPC+uz1otaS205WMIeZCuy5l kTtCpNpxxNfsUDzMM8zrRf+AZODAwUzwx7yknGdpXtezIGYg7kTKIXxs3KShgI3i ML/kbj4j+YkpdR0wUnZCIVM7MBukAJ3rhSqvfcY0ekZo8+ownqVjCE1PLhFy6oGE OsN8qY272nuvY9dLjflUjOKsvPVnviIu0kgRAZEsqPPp27Jp4GMsSpqqdAhjgbzH D8n9AnxVc6KYhq8qVpsWBCNy3/CwERsadZcRnl/4zcZmq19VsLLZMQ== =Nyqj -END PGP SIGNATURE-
[Dovecot] Vacation messages come from POSTMASTER, not user
Problem : All vacation autoreplies come from the postmaster address. Expected behavior : vacation notice comes from the user who set the vacation. Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) Any help appreciated! Sieve script used: if true { vacation :days 2 :subject Out of Office I am currently out of the office; stop; } Return-Path: X-Original-To: tests...@mydomain.com Delivered-To: tests...@mydomain.com Received: from localhost (localhost [127.0.0.1]) by quicksilver.mydomain.com (Postfix) with ESMTP id 12591BE16 for tests...@mydomain.com; Mon, 26 Nov 2012 16:54:16 + (GMT) X-Virus-Scanned: Debian amavisd-new at mydomain.com X-Spam-Flag: NO X-Spam-Score: -0.501 X-Spam-Level: X-Spam-Status: No, score=-0.501 required=5 tests=[BAYES_05=-0.5, NO_RELAYS=-0.001] autolearn=no Received: from quicksilver.mydomain.com ([127.0.0.1]) by localhost (quicksilver.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNM8HKzR4d0t for tests...@mydomain.com; Mon, 26 Nov 2012 16:54:06 + (GMT) Received: by quicksilver.mydomain.com (Postfix, from userid 15099) id DA3DABE1B; Mon, 26 Nov 2012 16:54:06 + (GMT) X-Sieve: Pigeonhole Sieve 0.3.0 Message-ID: dovecot-sieve-1353948846-83769...@quicksilver.mydomain.com Date: Mon, 26 Nov 2012 16:54:06 + From: Postmaster r...@mydomain.com To: tests...@mydomain.com Subject: Out of Office In-Reply-To: ac0fe0e6de81129e7499aba9aa67697a@localhost References: ac0fe0e6de81129e7499aba9aa67697a@localhost Auto-Submitted: auto-replied (vacation) Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit I am currently out of the office # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.6 ext3 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes listen = *, [::] log_timestamp = %Y-%m-%d %H:%M:%S mail_location = maildir:/var/maildirs/%n/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { home = /var/maildirs/%u mail_debug = yes sieve = /var/maildirs/%u/deliver.sieve sieve_dir = /var/maildirs/%n/sieve sieve_global_dir = /etc/sieve/ sieve_global_path = /etc/sieve/deliver.sieve sieve_vacation_dont_check_recipient = yes } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 } user = root } service imap-login { client_limit = 256 process_min_avail = 16 service_count = 0 vsz_limit = 256 M } service managesieve-login { client_limit = 256 process_min_avail = 16 service_count = 0 vsz_limit = 256 M } service pop3-login { client_limit = 256 process_min_avail = 16 service_count = 0 vsz_limit = 256 M } ssl_cert = /var/certs/wildcard.mydomain.ie-including-chain.pem ssl_key = /var/certs/wildcard.mydomain.ie.key userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 20 } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master mail_debug = yes mail_plugins = sieve postmaster_address = r...@mydomain.ie }
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
Am 26.11.2012 18:31, schrieb cfowler: Problem : All vacation autoreplies come from the postmaster address. is not really the postmaster address, its special for the mailer daemon Expected behavior : vacation notice comes from the user who set the vacation. at my knowledge, does not work that way ,yet, guess what you want, might work with invoking external script via sieve wait for other responses , special stefan might give better answer about sieve Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) Any help appreciated! Sieve script used: if true { vacation :days 2 :subject Out of Office I am currently out of the office; stop; } Return-Path: X-Original-To: tests...@mydomain.com Delivered-To: tests...@mydomain.com Received: from localhost (localhost [127.0.0.1]) by quicksilver.mydomain.com (Postfix) with ESMTP id 12591BE16 for tests...@mydomain.com; Mon, 26 Nov 2012 16:54:16 + (GMT) Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
At 5PM + on 26/11/12 you (cfowler) wrote: Problem : All vacation autoreplies come from the postmaster address. Expected behavior : vacation notice comes from the user who set the vacation. Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) snip sieve_vacation_dont_check_recipient = yes Why have you set this? Normally vacation will refuse to respond to a message which doesn't have your address in one of the recipient header fields; in fact the standard says that it MUST NOT respond unless this is the case. This setting turns that check off, in which case Pigeonhole will send a vacation response (despite the standard) but sends it from Postmaster. I assume this is done for privacy reasons, since the person the vacation response is being sent to doesn't necessarily know the user who set the vacation exists, or what their address might be. If you send a message with the user's email address in To:, do you get a vacation response From: the correct address? Ben
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
On 26-11-2012 17:59, Ben Morrow wrote: At 5PM + on 26/11/12 you (cfowler) wrote: Problem : All vacation autoreplies come from the postmaster address. Expected behavior : vacation notice comes from the user who set the vacation. Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) snip sieve_vacation_dont_check_recipient = yes Why have you set this? Normally vacation will refuse to respond to a message which doesn't have your address in one of the recipient header fields; in fact the standard says that it MUST NOT respond unless this is the case. This setting turns that check off, in which case Pigeonhole will send a vacation response (despite the standard) but sends it from Postmaster. I assume this is done for privacy reasons, since the person the vacation response is being sent to doesn't necessarily know the user who set the vacation exists, or what their address might be. This feature is the reason I've upgraded to 2.1.7 from 1.2.15 Our users have addresses like bmor...@foo.com We also store aliases for them in LDAP like ben.mor...@foo.com. Postfix knows of these aliases and accepts mail for them. Most of our users prefer to hand out this alias as their email address Mails to bmor...@foo.com were receiving vacation auto-replies as you'd expect in 1.2.15 Mails to ben.mor...@foo.com were not due to the infamous discarding vacation response for message implicitly delivered to bmor...@foo.com message. I know the correct behavior is for the users to write a correct sieve script with an addresses: line, but that's not going to happen unfortunately. The users just want Push button to make vacation go. If you send a message with the user's email address in To:, do you get a vacation response From: the correct address? No, mails to bmor...@foo.com also get Postmaster replies. With 1.2.15 we were at least getting autoreplies from bmor...@foo.com when a mail was sent to bmor...@foo.com. Ben
[Dovecot] sieve + dkim
message sent from the sieve-vacation does not contain dkim signature how to configure sieve to send messages via smtp transport with signing?
Re: [Dovecot] Dovecot sieve with postfix.
may be this is the best way dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} -a ${recipient} parameter-a $ {recipient} allow to keep the recipient's address in the headers from: 19.11.12 21:04, Fi4IT - Daniel Fischer пишет: Hello Joe, i use this: main.cf virtual_transport = dovecot master.cf dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} /etc/dovecot/conf.d/15-lda.conf protocol lda { log_path = /var/log/sieve.log mail_plugins = acl sieve } and that works fine with my tested clients (tb,outlook,roundcube) daniel Am 19.11.2012 15:17, schrieb /#!/JoePea: Hi all, I can't get dovecot working with postfix. If I leave virtual_transport set to virtual, I can send and receive messages just fine in roundcube. If I set virtual_transport to dovecot, I can only send messages in roundcube, but incoming messages never arrive. Seems I can't get dovecot-lda to work. I need dovecot-lda in order for sieve filters to work. Any idea what I'm doing wrong? Here's `doveconf -n`: http://pastie.org/5401133 `postconf -n`: http://pastie.org/5401157 and `postconf -M`: http://pastie.org/5401177 Note: All I have to do is change virtual_transport = dovecot to virtual_transport = virtual and all will be fine, except for that I won't have sieve filtering which is what I really want. */#!/*JoePea
Re: [Dovecot] sieve + dkim
On 11/26/2012 07:58 PM Николай Клименко wrote: message sent from the sieve-vacation does not contain dkim signature how to configure sieve to send messages via smtp transport with signing? Configure a submission host: http://hg.dovecot.org/dovecot-2.1/file/e95479f439aa/doc/example-config/conf.d/15-lda.conf#l20 Regards, Pascal -- The trapper recommends today: face1e55.1233...@localdomain.org
Re: [Dovecot] cannot update mailbox - unable to lock for exclusive access
So this is a step in the right direction. But still far less than optimal. The read/write lock contention on mbox is unnecessarily eating up system resources (mainly memory), and causing unnecessary delivery delays to the mailbox. You should really start looking at migrating to maildir. It's not that difficult (though maybe more so with 1.0.7) if you don't have a ton of mailboxes, and especially with POP since the mailboxes typically wont be holding much mail to migrate. How many do you have? There's around four hundred mail boxes or so. Some used more intensively than others. Our server is with Rackspace, and RHEL5 is the OS they offered us as an upgrade path from RHEL4. So they're getting the support from Red Hat and we're getting the support from Rackspace. The plot thickens again. You're using a rented server. Sigh... This entire thread could have been greatly shortened, saving all of us much time, if you'd have given all these details up front. Is this a cloud server (shared host), or a dedicated server? It's a dedicated server FWIW, you don't have RHEL5, but CentOS 5. Hosting companies don't pay for RHEL licenses for 10s of thousands of hosts. It's RHEL5: $cat /etc/issue Red Hat Enterprise Linux Server release 5.8 (Tikanga) The cost of the license is included in our contract. I have a few salient recommendations for you: 1. Migrate to maildir. It is far more appropriate for a POP workload. Yes, this will be our next course of action 2. Switch to a hosting provider that offers much more recent software. We can upgrade the software if we wish, but will no longer get full support from Rackspace if we do this. 3. Or, get a colo server so you can use whatever software you wish. We can install whatever software we wish at the moment, but see the point above. Finally, if this email service you're providing isn't all that critical to you or your organization, simply prod along as you have been, fighting these problems frequently along the way. It's kind of working ok now but we will go with your recommendation of switching to maildir when we have time. Thanks for your help
Re: [Dovecot] memory allocation issues
On Fri, Nov 23, 2012 at 08:36:37AM +0200, Timo Sirainen wrote: On 9.11.2012, at 2.49, Kelsey Cummings wrote: One of our dovecot backend servers ran into a problem with it's auth process a few days ago. This doesn't appear to be the error logged when dovecot hits its internal limit so I'm not sure what is going on here. auth: Error: malloc: 58012: Cannot allocate memory auth: Error: Unable to allocate memory for mutexes from the region auth: Error: PANIC: Cannot allocate memory auth: passwd(test,1.1.1.1,8HTlNHzNIQBAjhKC): unknown user It would have been nicer if libc would have just crashed the process instead of silently converting it into unknown user error.. That's probably actually a bug since the getpwuid_r() that Dovecot uses would have been able to return an error message. We saw two boxes do this over the weekend. pop3: Error: Authenticated user not found from userdb, auth lookup +id=2509111297 (client-pid=4781 client-id=1) pop3-login: Internal login failure (pid=4781 id=1) (internal failure, 1 +succesful auths): user=test... There was at least 10+GB free RAM on the server and no indication of a system level issue at the same time. The server is running 2.1.9. There were about 3,200 active sessions, with something like 12 new sessions/sec. The other identical servers are/were handling virtually identical load with the same service uptime and haven't had any issues so far. (Crash happened 7 days ago.) Memory leak maybe? service auth { vsz_limit } anyway was reached (default 256 MB). It is currently set to 768M, I'll go ahead and raise it up to 1G. Anything I can do to help see if it is a memory leak? # dovecot -n # 2.1.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.9.1.el6.x86_64 x86_64 Scientific Linux release 6.3 (Carbon) auth_master_user_separator = * auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1 auth_worker_max_count = 64 login_log_format_elements = user=%u session=%{session} method=%m rip=%r lip=%l mpid=%e %c mail_fsync = always mail_log_prefix = %s(%u): session=%{session} mail_plugins = stats zlib maildir_very_dirty_syncs = yes mmap_disable = yes namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = imap driver = pam } plugin { lazy_expunge = DELETED_MESSAGES. mail_log_events = delete expunge flag_change mail_log_fields = uid box msgid from flags size quota = fs:User quota stats_refresh = 30 secs stats_track_cmds = yes } protocols = imap pop3 service anvil { client_limit = 1 } service auth { client_limit = 1 vsz_limit = 768 M } service doveadm { inet_listener { port = 1842 } unix_listener doveadm-server { mode = 0666 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 7000 process_min_avail = 32 vsz_limit = 256 M } service imap-postlogin { executable = script-login -d /etc/dovecot/bin/sonic-imap-postlogin user = $default_internal_user } service imap { executable = imap imap-postlogin process_limit = 4096 vsz_limit = 512 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_limit = 2000 process_min_avail = 32 vsz_limit = 256 M } service pop3-postlogin { executable = script-login -d /etc/dovecot/bin/sonic-pop3-postlogin user = $default_internal_user } service pop3 { executable = pop3 pop3-postlogin process_limit = 4096 } service stats { fifo_listener stats-mail { mode = 0666 } } shutdown_clients = no ssl = required ssl_parameters_regenerate = 1 days syslog_facility = local0 userdb { driver = passwd } verbose_proctitle = yes protocol imap { imap_id_send = support-url support-email mail_max_userip_connections = 20 mail_plugins = stats zlib mwi_update mail_log notify imap_stats imap_zlib } protocol pop3 { mail_plugins = stats zlib lazy_expunge pop3_fast_size_lookups = yes pop3_uidl_format = %f } -- Kelsey Cummings - k...@corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407
Re: [Dovecot] sieve + dkim
thx for answer i use 1.x I found the solution in main.cf content_filter=smtp-amavis:[127.0.0.1]:10026 #filter with dkim and in master.cf public_ip_external_user:smtp inet n - - - - smtpd #some smtpd_recipient_restrictions rules #some smtpd_sender_restrictions rules -o content_filter=smtp-amavis:[127.0.0.1]:10024 #filter for external user 26.11.12 23:52, Pascal Volk пишет: On 11/26/2012 07:58 PM Николай Клименко wrote: message sent from the sieve-vacation does not contain dkim signature how to configure sieve to send messages via smtp transport with signing? Configure a submission host: http://hg.dovecot.org/dovecot-2.1/file/e95479f439aa/doc/example-config/conf.d/15-lda.conf#l20 Regards, Pascal
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
On 11/26/2012 6:31 PM, cfowler wrote: Problem : All vacation autoreplies come from the postmaster address. Expected behavior : vacation notice comes from the user who set the vacation. Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) Any help appreciated! This should fix that: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/b56711807edc Regards, Stephan.
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
On 11/26/2012 6:59 PM, Ben Morrow wrote: At 5PM + on 26/11/12 you (cfowler) wrote: This setting turns that check off, in which case Pigeonhole will send a vacation response (despite the standard) but sends it from Postmaster. Actually, this shouldn't have happened. Originally, it would only use 'Postmaster' when the recipient address is unknown, but that situation would never occur. With the addition of the dont_check_recipient setting, this got changed unintentionally. I assume this is done for privacy reasons, since the person the vacation response is being sent to doesn't necessarily know the user who set the vacation exists, or what their address might be. Interesting notion, but the real reason is of a more stupid nature as explained above. :) Do you think this is something people would want to configure? Since this particular feature deviates from the standard to begin with, nothing is specified about what should be done. I think the added anonymity would often be useless, because the content of the vacation message can contain all sorts of information on the recipient, including the mail address, e.g. in the signature. If you send a message with the user's email address in To:, do you get a vacation response From: the correct address? Since the recipient check is not performed, the recipient address used for the reply remained NULL and the reply code would revert to Postmaster at all times. This is fixed now. Regards, Stephan.
Re: [Dovecot] sieve + dkim
You do know that inline comments as you have below are not supported in postfix config files and WILL cause unexpected behavior depending on where they are and what they contain, right? On 2012-11-26 3:13 PM, Николай Клименко klimenk...@theitidea.ru wrote: thx for answer i use 1.x I found the solution in main.cf content_filter=smtp-amavis:[127.0.0.1]:10026 #filter with dkim and in master.cf public_ip_external_user:smtp inet n - - - - smtpd #some smtpd_recipient_restrictions rules #some smtpd_sender_restrictions rules -o content_filter=smtp-amavis:[127.0.0.1]:10024 #filter for external user 26.11.12 23:52, Pascal Volk пишет: On 11/26/2012 07:58 PM Николай Клименко wrote: message sent from the sieve-vacation does not contain dkim signature how to configure sieve to send messages via smtp transport with signing? Configure a submission host: http://hg.dovecot.org/dovecot-2.1/file/e95479f439aa/doc/example-config/conf.d/15-lda.conf#l20 Regards, Pascal -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax
Re: [Dovecot] sieve + dkim
yes of course this is only remarks for easily understanding 27.11.12 0:33, Charles Marcus пишет: You do know that inline comments as you have below are not supported in postfix config files and WILL cause unexpected behavior depending on where they are and what they contain, right? On 2012-11-26 3:13 PM, Николай Клименко klimenk...@theitidea.ru wrote: thx for answer i use 1.x I found the solution in main.cf content_filter=smtp-amavis:[127.0.0.1]:10026 #filter with dkim and in master.cf public_ip_external_user:smtp inet n - - - - smtpd #some smtpd_recipient_restrictions rules #some smtpd_sender_restrictions rules -o content_filter=smtp-amavis:[127.0.0.1]:10024 #filter for external user 26.11.12 23:52, Pascal Volk пишет: On 11/26/2012 07:58 PM Николай Клименко wrote: message sent from the sieve-vacation does not contain dkim signature how to configure sieve to send messages via smtp transport with signing? Configure a submission host: http://hg.dovecot.org/dovecot-2.1/file/e95479f439aa/doc/example-config/conf.d/15-lda.conf#l20 Regards, Pascal
Re: [Dovecot] Dovecot sieve with postfix.
Hi Ben, Indeed, the mailq command shows my test messages sitting there with mail transport unavailable. ┌─[11:48:22/hypership/root/~] └─╼ mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 2DCCB580C01 1901 Mon Nov 26 11:45:02 trus...@gmail.com (mail transport unavailable) trus...@bettafootwear.com B1449580C03 1895 Mon Nov 26 11:48:41 trus...@gmail.com (mail transport unavailable) trus...@bettafootwear.com -- 5 Kbytes in 2 Requests. I checked in /etc/syslog-ng/syslog-ng.conf and it shows destination d_mail { file(/var/log/mail.log); }; but there is no such mail.log file so I created one. I logged in as mailman by doing su -s /bin/bash mailman then ran /usr/lib/dovecot/dovecot-lda -f trus...@gmail.com -d trus...@bettafootwear.com /home/mailman/test_msg.txt where /home/mailman/test_msg.txt contains a plain text sentence. After doing that, mailq shows the new messages, but with the same mail transport unavailable message. However, in Roundcube I see a new blank message with no subject for each attempt of the dovecot-lda command. Also, the after running the dovecot-lda command a few times, I noticed it was saying that the log files weren't writable (permission denied), so I fixed that... However, that doesn't seem to have fixed the problem as test emails from gmail still don't appear in Roundcube, but I see them with mailq with mail transport unavailable. I'll skip setting up LMTP until I get it working with LDA so I know what I'm doing before getting into more complications. */#!/*JoePea On Mon, Nov 26, 2012 at 3:52 AM, Ben Morrow b...@morrow.me.uk wrote: At 2AM -0800 on 26/11/12 you (/#!/JoePea) wrote: Hi, thanks for the reply. I'm new to all this. How can I tell if postfix is deferring messages, or if it thinks they've been delieverd? Where is the postfix log? You can tell if a message is still in the queue with 'mailq'. You can find out why by reading the log. If messages are being deferred they will eventually start bouncing, once Postfix decides they've spent too long in the queue. Postfix normally logs through the 'mail' facility of syslog. How do I feed a message to dovecot-lda manually, as mailman? Something along the lines of sudo -u mailman /usr/lib/dovecot/dovecot-lda -f some@user -d some@user /some/mail/message as root should work, depending on your sudo setup. Otherwise you will need to use su, which can be more awkward. How do I use LMTP instead of LDA? Read the wiki for the Dovecot end, and use virtual_transport = lmtp:unix:/path/to/lmtp/socket on the Postfix end. You will want to test the LMTP server is working manually (with nc -U or something) before trying to get Postfix to deliver to it. Ben
Re: [Dovecot] cannot update mailbox - unable to lock for exclusive access
On 11/26/2012 1:58 PM, 1st WebDesigns wrote: So this is a step in the right direction. But still far less than optimal. The read/write lock contention on mbox is unnecessarily eating up system resources (mainly memory), and causing unnecessary delivery delays to the mailbox. You should really start looking at migrating to maildir. It's not that difficult (though maybe more so with 1.0.7) if you don't have a ton of mailboxes, and especially with POP since the mailboxes typically wont be holding much mail to migrate. How many do you have? There's around four hundred mail boxes or so. Some used more intensively than others. There are methods to convert one mailbox at a time, groups of mailboxes, or all mailboxes in one fell swoop in a batch mode. I'm uncertain WRT the status of the tools in 1.0.7, but given the age of that release you may avoid problems by upgrading to Dovecot 1.2.x or later before doing the conversion. If you attempt the conversion on 1.0.7 and hit snags, this mailing list may not be of much help as nobody has used 1.0.7 for years. You may want to post a new thread asking Timo about such a conversion with 1.0.7. He doesn't seem to be paying attention to this thread. Our server is with Rackspace, and RHEL5 is the OS they offered us as an upgrade path from RHEL4. So they're getting the support from Red Hat and we're getting the support from Rackspace. The plot thickens again. You're using a rented server. Sigh... This entire thread could have been greatly shortened, saving all of us much time, if you'd have given all these details up front. Is this a cloud server (shared host), or a dedicated server? It's a dedicated server FWIW, you don't have RHEL5, but CentOS 5. Hosting companies don't pay for RHEL licenses for 10s of thousands of hosts. It's RHEL5: $cat /etc/issue Red Hat Enterprise Linux Server release 5.8 (Tikanga) The cost of the license is included in our contract. Now that's interesting. I have a few salient recommendations for you: 1. Migrate to maildir. It is far more appropriate for a POP workload. Yes, this will be our next course of action 2. Switch to a hosting provider that offers much more recent software. We can upgrade the software if we wish, but will no longer get full support from Rackspace if we do this. And you consider this a net loss? If you're that dependent on your provider's tit, find one that can suckle you on RHEL 6.3. Or buy your copy/license directly from Red Hat and get support directly from them. 3. Or, get a colo server so you can use whatever software you wish. We can install whatever software we wish at the moment, but see the point above. See my point above. And WRT Dovecot and most other application software, you'll get better support from the community than your bulk hosting provider anyway. Their primary business is making $$ from providing you a host and a pipe. Customer support is a cost, especially application support, not a profit center, and thus is almost always a secondary concern at best. Red Hat's entire business model is customer support, same for SuSE. Finally, if this email service you're providing isn't all that critical to you or your organization, simply prod along as you have been, fighting these problems frequently along the way. It's kind of working ok now but we will go with your recommendation of switching to maildir when we have time. Thanks for your help As I said, you can migrate users individually. You could easily do 10 users a day during coffee breaks etc and be done in a month plus. Do 40 a day and you're done in 10 days. The only time you'll burn is in the learning curve, not the actual mailbox migration which takes no time at all with POP accounts. Always test with a dummy mailbox first to iron out any issues. Then start migrating the problem users first, the smart phone users who tie up their mailboxes for many minutes during download. -- Stan
Re: [Dovecot] cannot update mailbox - unable to lock for exclusive access
Thanks, all your comments are noted. As I said, you can migrate users individually. You could easily do 10 users a day during coffee breaks etc and be done in a month plus. Do 40 a day and you're done in 10 days. The only time you'll burn is in the learning curve, not the actual mailbox migration which takes no time at all with POP accounts. That's interesting, as I (wrongly) assumed switching from mbox to maildir was an all or nothing process. You're saying we can run half the mailboxes in mbox format and the other half in maildir format? In which case we can get going with this sooner than I thought. Always test with a dummy mailbox first to iron out any issues. Then start migrating the problem users first, the smart phone users who tie up their mailboxes for many minutes during download. Thank you - I would probably start with the CEO's mailbox first and then go from there :-D
Re: [Dovecot] Vacation messages come from POSTMASTER, not user
At 6PM + on 26/11/12 you (cfowler) wrote: On 26-11-2012 17:59, Ben Morrow wrote: At 5PM + on 26/11/12 you (cfowler) wrote: Problem : All vacation autoreplies come from the postmaster address. Expected behavior : vacation notice comes from the user who set the vacation. Platform : Dovecot 2.1.7 on Debian Squeeze ( See below for example reply, sieve script and dovecot -n output) snip sieve_vacation_dont_check_recipient = yes Why have you set this? Normally vacation will refuse to respond to a message which doesn't have your address in one of the recipient header fields; in fact the standard says that it MUST NOT respond unless this is the case. (Stephan has explained that I am wrong here: that's what comes from reading the code rather than running it...) This feature is the reason I've upgraded to 2.1.7 from 1.2.15 Our users have addresses like bmor...@foo.com We also store aliases for them in LDAP like ben.mor...@foo.com. Postfix knows of these aliases and accepts mail for them. Most of our users prefer to hand out this alias as their email address Mails to bmor...@foo.com were receiving vacation auto-replies as you'd expect in 1.2.15 Mails to ben.mor...@foo.com were not due to the infamous discarding vacation response for message implicitly delivered to bmor...@foo.com message. I know the correct behavior is for the users to write a correct sieve script with an addresses: line, but that's not going to happen unfortunately. The users just want Push button to make vacation go. I see... this is a little tricky, yes, and I think you're right this is the only straightforward solution at the moment. You do want to be a little careful about enabling this, though: the restriction is there in the standard to prevent automated replies from being sent for messages to mailing lists and group aliases and such, where the sender does not (and should not) know the list of final delivery addresses, and certainly doesn't want vacation replies from all of them. Since most mailing lists now set the List-* headers (which prevent vacation replies anyway), they should be OK, so this is probably only a problem if you use internal aliases which expand to lists of users. Ideally pigeonhole would take advantage of this paragraph in the standard An email address is considered to belong to the recipient if it is one of: 1. an email address known by the implementation to be associated with the recipient, and allow you to specify a dict in which to lookup a default :addresses list for each recipient. That way you could turn this parameter back off, but instead give Dovecot the information it needs to determine that a message To: ben.mor...@foo.com was in fact directly addressed to this user. I wonder how difficult that would be... If you send a message with the user's email address in To:, do you get a vacation response From: the correct address? No, mails to bmor...@foo.com also get Postmaster replies. With 1.2.15 we were at least getting autoreplies from bmor...@foo.com when a mail was sent to bmor...@foo.com. Stephan said xthread that this has now been fixed. Ben
Re: [Dovecot] cannot update mailbox - unable to lock for exclusive access
On 11/26/2012 3:39 PM, 1st WebDesigns wrote: Thanks, all your comments are noted. As I said, you can migrate users individually. You could easily do 10 users a day during coffee breaks etc and be done in a month plus. Do 40 a day and you're done in 10 days. The only time you'll burn is in the learning curve, not the actual mailbox migration which takes no time at all with POP accounts. That's interesting, as I (wrongly) assumed switching from mbox to maildir was an all or nothing process. You're saying we can run half the mailboxes in mbox format and the other half in maildir format? In which case we can get going with this sooner than I thought. Yes, this can be done. But if you're using UNIX system user accounts IIRC you'll have to convert to virtual users before you can migrate one user at a time. Virtual user setup is required to change mail_location on a per user basis. With system users mail_location is defined once for all users. Converting to virtual users first makes the process more painful. I've not done such a POP mboxmaildir migration myself, so hopefully someone who has will chime in. If not start a new thread called need POP mboxmaildir migration help or similar. And again, I wouldn't try any of this with 1.0.7. Upgrade to at least 1.2.x first. Always test with a dummy mailbox first to iron out any issues. Then start migrating the problem users first, the smart phone users who tie up their mailboxes for many minutes during download. Thank you - I would probably start with the CEO's mailbox first and then go from there :-D Start a new thread as I suggested. State your version, current user account type (system or virtual), and post your dovecot -n at the end of the email. You'll get many more helpful suggestions and insight from people who've actually done this migration. -- Stan
Re: [Dovecot] lmtp_rcpt_check_quota working somewhere?
On 26.11.2012, at 18.07, Steffen Kaiser wrote: I'm running Dovecot v2.1 and enabled the lmtp_rcpt_check_quota option in conf.d/20-lmtp.conf, because I just found it in the sample config. Is this option working somewhere? When I have the option enabled, I get _no_ response in the RCPT TO phase, if the user is under quota. If I go on and enter the DATA keyword eventually, I get 554 5.5.1 No valid recipients, so it looks like, the user is really ignored at all. Fixed: http://hg.dovecot.org/dovecot-2.1/rev/bebe54e1d640
Re: [Dovecot] shared mailboxes and indexes
On 23.11.2012, at 17.53, Sven Hartge wrote: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup. This was me. It works (with one minor quirk, more on this later) in my current test setup like so: a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Note: You CANNOT have ACLs activated on the users-servers, because this will interfere with the permissions of ht IMAPShared namespace, rendering the mailboxes located in there unavailable for your users. And some way to disable ACLs for shared namespaces that use imapc. Not sure what would be a nice way of doing this. The attached patch contains these two changes. The first one I could commit immediately. The second one probably would need to be configurable somehow (maybe a generic disable_acls=yes setting for namespace?) diff Description: Binary data Now the mentioned quirk: Because all connections on the shared-server are made to the same user shared and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value. I set mine to 1000 just to be sure. --- But: I have NOT configured login_trusted_networks, so this may be my error in that case. I don't think that setting helps.
Re: [Dovecot] shared mailboxes and indexes
On 27.11.2012, at 3.00, Timo Sirainen wrote: Now the mentioned quirk: Because all connections on the shared-server are made to the same user shared and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value. I set mine to 1000 just to be sure. --- But: I have NOT configured login_trusted_networks, so this may be my error in that case. I don't think that setting helps. But something like this should help: remote 10.0.0.0/8 { mail_max_userip_connections = 0 }
Re: [Dovecot] Default fallback behaviour
On 23.11.2012, at 9.46, Nikita Koshikov wrote: Hello list, Here is the problem: I have few: passdb { #1 } passdb { #2 } And relative userdb sections. If user not found in 1) section it fallbacks to next one - it's expected and right, IMHO. But when the user exists in both section and password verification fails on 1) database it successfully authenticated on next one. I think this behaviour should be configured. The main goal of 1) section for this server is to overwrite users in main (section2) database. It's not always possible to know why #1 failed. For example PAM doesn't always tell if the password was wrong or if the user didn't exist. Maybe I missed something and this option is already in dovecot code and I can't find it ? Or if not - will it be added in the future ? I'm not very interested in adding it, especially because it can't be done reliably.
Re: [Dovecot] Plugin help, number of messages in mailbox
On 22.11.2012, at 17.06, Richard Platel wrote: We use Dovecot for IMAP and POP (but not LDA), we want to do something when a user has an INBOX that becomes empty, or becomes not empty (set a flag in memcached, but that's not really important). I'm writing a plugin (for Dovecot 2.1.7). On mailbox_open() I can use mailbox_get_status() to get a count of messages in the mailbox, and then decrement this in expunge() or increment it in mailbox save_finish() (for IMAP APPEND or COPY commands). So all mailbox access goes through Dovecot. Nothing else changes the underlying storage directly? However in expunge() and mailbox_save_finish, even after calling the super function, mailbox_get_status doesn't update the number of messages in the mailbox. You'll get the updated count only after mailbox_sync_deinit(). This is a problem if (for example) there are concurrent POP sessions. Two POP sessions could get all the messages in INBOX, one could logout, calling expunge a few times, eventually causing my plugin to note that the inbox is empty, then our LDA could deliver a message, mark the INBOX not empty, then the other POP session could log out, call expunge and cause my plugin to mark the INBOX empty, when it's not. So in summation: how can a plugin be notified of changes to a mailbox, and then accurately get the real number of messages in that mailbox? I think if you hook into sync_deinit() and use a local lock file while you send the notification it would probably be race-free.
Re: [Dovecot] Filesystem quotas
On 21.11.2012, at 19.34, Andreas Kasenides wrote: I could not determine if when using filesystem quotas (http://wiki2.dovecot.org/Quota/FS) Dovecot will use the reported quota and limits without the need of configuring them via quota_rules. Is this possible somehow? Such a feature would determine the quota limits automatically from the filesystem quotas thereby allowing to make use of them in quota warnings. Dovecot already knows the quota settings and limits. Here is evidence from the logs Nov 21 19:24:22 iolaos dovecot: imap(user): Debug: box=/Mail/ank mount=/newmail match=yes Nov 21 19:24:22 iolaos dovecot: imap(user): Debug: quota-fs: host=..ucy.xx.cy, path=/mail, uid=211, bytes Nov 21 19:24:22 iolaos dovecot: imap(user): Debug: quota-fs: uid=211, value=2779115520, limit=8388608000 I am using (testing) version 2.2alpha1. With fs quota Dovecot itself doesn't enforce any limits, and the limits are read from the filesystem. So quota_rules are ignored.
Re: [Dovecot] shared mailboxes and indexes
Timo Sirainen t...@iki.fi wrote: On 23.11.2012, at 17.53, Sven Hartge wrote: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup. This was me. It works (with one minor quirk, more on this later) in my current test setup like so: a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Wouldn't you still need the target users host because this will be dynamic depending on the target user? Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] panic fts_solr for bad attachment
On 18.11.2012, at 16.54, Robert Strötgen wrote: Nov 18, 2012 2:59:09 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Invalid UTF-8 start byte 0xfc (at char #25214836, byte #26687495) Annoying. I guess these fix it: http://hg.dovecot.org/dovecot-2.1/rev/172295f5a78b http://hg.dovecot.org/dovecot-2.1/rev/01550514f189 http://hg.dovecot.org/dovecot-2.1/rev/339e654f371e
Re: [Dovecot] shared mailboxes and indexes
On 27.11.2012, at 3.24, Sven Hartge wrote: For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Wouldn't you still need the target users host because this will be dynamic depending on the target user? imapc_host = director Also the database of which users have mailboxes shared to others would need to be something that all the servers can access. Either via NFS or with SQL backend.
Re: [Dovecot] Dovecot director doveadm with switch -A error
On 21.11.2012, at 15.05, Ramon Frontera wrote: we have a problem with our director proxy configuration. When we run on proxy server the doveadm command with -A switch, fails with the error: # doveadm -D quota get -A doveadm(user1): Debug: auth input: user=user1 proxy starttls=any-cert doveadm(user1): Error: Proxy is missing destination host doveadm: Error: Failed to iterate through some users Well, I fixed various bugs in doveadm code related to this: http://hg.dovecot.org/dovecot-2.1/rev/6f19c535110e http://hg.dovecot.org/dovecot-2.1/rev/275a57b8dc70 http://hg.dovecot.org/dovecot-2.1/rev/0dc3f56e6468 http://hg.dovecot.org/dovecot-2.1/rev/fdc509644d05 But I don't think they fix your specific issue. It looks as if doveadm is connecting to auth process directly instead of director.. Do: strace -s 1000 -o log doveadm quota get -A and send me the log? Note that the log contains the doveadm_password in the base64 strings.
Re: [Dovecot] panic fts_solr for bad attachment
On 11/26/2012 5:50 PM, Timo Sirainen wrote: On 18.11.2012, at 16.54, Robert Strötgen wrote: Nov 18, 2012 2:59:09 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Invalid UTF-8 start byte 0xfc (at char #25214836, byte #26687495) Annoying. I guess these fix it: http://hg.dovecot.org/dovecot-2.1/rev/172295f5a78b http://hg.dovecot.org/dovecot-2.1/rev/01550514f189 http://hg.dovecot.org/dovecot-2.1/rev/339e654f371e These patches have improved fts for me - but I still have errors like: Nov 26 20:49:29 bubba dovecot: indexer-worker(dmil...@amfes.com): Panic: file solr-connection.c: line 547 (solr_connection_post_more): assertion failed: (maxfd = 0) Nov 26 20:49:29 bubba dovecot: indexer-worker(dmil...@amfes.com): Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0x45cea) [0x7f0c66c33cea] - /usr/local/lib/dovecot/libdovecot.so.0(+0x45d2e) [0x7f0c66c33d2e] - /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f0c66c07d10] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x6de5) [0x7f0c653a6de5] - /usr/local/lib/dovecot/lib21_fts_solr_plugin.so(+0x3867) [0x7f0c653a3867] - /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x53b) [0x7f0c655b2b2b] - /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xc530) [0x7f0c655b7530] - dovecot/indexer-worker [dmil...@amfes.com Archives/2010 - 7000/7266]() [0x402326] - dovecot/indexer-worker [dmil...@amfes.com Archives/2010 - 7000/7266]() [0x4026cc] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f0c66c40b76] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f0c66c419c7] - /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f0c66c406b8] - /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f0c66c2c203] - dovecot/indexer-worker [dmil...@amfes.com Archives/2010 - 7000/7266](main+0x10a) [0x401dfa] - /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7f0c6685276d] - dovecot/indexer-worker [dmil...@amfes.com Archives/2010 - 7000/7266]() [0x401e9d] The solr log shows: Nov 26, 2012 8:49:29 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Illegal character ((CTRL-CHAR, code 8)) at [row,col {unknown-source}]: [1011144,197790] -- Daniel
Re: [Dovecot] panic fts_solr for bad attachment
On 11/26/2012 5:50 PM, Timo Sirainen wrote: On 18.11.2012, at 16.54, Robert Strötgen wrote: Nov 18, 2012 2:59:09 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Invalid UTF-8 start byte 0xfc (at char #25214836, byte #26687495) Annoying. I guess these fix it: http://hg.dovecot.org/dovecot-2.1/rev/172295f5a78b http://hg.dovecot.org/dovecot-2.1/rev/01550514f189 http://hg.dovecot.org/dovecot-2.1/rev/339e654f371e The waitFlush option for solr's commit method has been deprecated - and removed completely in the current version. Suggest a change to fts-backend-solr.c: in fts_backend_solr_update_deinit() str = t_strdup_printf(commit waitSearcher=\%s\/, ctx-documents_added ? true : false); -- Daniel
Re: [Dovecot] panic fts_solr for bad attachment
On 27.11.2012, at 6.51, Daniel L. Miller wrote: On 11/26/2012 5:50 PM, Timo Sirainen wrote: On 18.11.2012, at 16.54, Robert Strötgen wrote: Nov 18, 2012 2:59:09 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Invalid UTF-8 start byte 0xfc (at char #25214836, byte #26687495) Annoying. I guess these fix it: http://hg.dovecot.org/dovecot-2.1/rev/172295f5a78b http://hg.dovecot.org/dovecot-2.1/rev/01550514f189 http://hg.dovecot.org/dovecot-2.1/rev/339e654f371e Ugh. Should have known this was already being done. Reversed the whole thing. These patches have improved fts for me - but I still have errors like: .. Nov 26, 2012 8:49:29 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Illegal character ((CTRL-CHAR, code 8)) at [row,col {unknown-source}]: [1011144,197790] Something's wrong. The Solr code was already supposed to catch all of these.
Re: [Dovecot] panic fts_solr for bad attachment
On 27.11.2012, at 7.50, Timo Sirainen wrote: Nov 26, 2012 8:49:29 PM org.apache.solr.common.SolrException log SEVERE: org.apache.solr.common.SolrException: Illegal character ((CTRL-CHAR, code 8)) at [row,col {unknown-source}]: [1011144,197790] Something's wrong. The Solr code was already supposed to catch all of these. http://dovecot.org/tmp/allchars.gz If you send this mail to yourself and index it, does it fail? (Works for me.)
Re: [Dovecot] Dovecot sieve with postfix.
1. clear the log 2. Send message 3. show mail.log mail.err you should add following in main.cf dovecot_destination_recipient_limit = 1 27.11.12 1:15, /#!/JoePea пишет: Hi, thanks for the reply, What's the difference between dovecot-lda and deliver? Are they the same? The manpages are identical. I tried both and I also tried adding the -a ${recipient} argument but there was no change. It still doesn't work. Any other ideas? */#/!//*JoePea On Mon, Nov 26, 2012 at 11:26 AM, Николай Клименко klimenk...@theitidea.ru mailto:klimenk...@theitidea.ru wrote: may be this is the best way dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} -a ${recipient} parameter-a $ {recipient} allow to keep the recipient's address in the headers from: 19.11.12 21:04, Fi4IT - Daniel Fischer пишет: Hello Joe, i use this: main.cf http://main.cf virtual_transport = dovecot master.cf http://master.cf dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} /etc/dovecot/conf.d/15-lda.conf protocol lda { log_path = /var/log/sieve.log mail_plugins = acl sieve } and that works fine with my tested clients (tb,outlook,roundcube) daniel Am 19.11.2012 15:17, schrieb /#!/JoePea: Hi all, I can't get dovecot working with postfix. If I leave virtual_transport set to virtual, I can send and receive messages just fine in roundcube. If I set virtual_transport to dovecot, I can only send messages in roundcube, but incoming messages never arrive. Seems I can't get dovecot-lda to work. I need dovecot-lda in order for sieve filters to work. Any idea what I'm doing wrong? Here's `doveconf -n`: http://pastie.org/5401133 `postconf -n`: http://pastie.org/5401157 and `postconf -M`: http://pastie.org/5401177 Note: All I have to do is change virtual_transport = dovecot to virtual_transport = virtual and all will be fine, except for that I won't have sieve filtering which is what I really want. */#!/*JoePea
Re: [Dovecot] memory allocation issues
On 26.11.2012, at 22.03, Kelsey Cummings wrote: auth: Error: malloc: 58012: Cannot allocate memory auth: Error: Unable to allocate memory for mutexes from the region auth: Error: PANIC: Cannot allocate memory auth: passwd(test,1.1.1.1,8HTlNHzNIQBAjhKC): unknown user .. Memory leak maybe? service auth { vsz_limit } anyway was reached (default 256 MB). It is currently set to 768M, I'll go ahead and raise it up to 1G. Anything I can do to help see if it is a memory leak? Is it really the auth master process that fails? passdb { args = imap driver = pam } .. userdb { driver = passwd } Both of these lookups should be done by auth-worker processes. So why is it the auth process that complains? Anyway .. if the problem really is auth-worker and this is only a logging problem (I would have expected auth-worker: prefix in log lines), then the solution is simple. Just restart the auth-worker processes every 1000 lookups: service auth-worker { service_count = 1000 }
Re: [Dovecot] memory allocation issues
On 27.11.2012, at 8.39, Timo Sirainen wrote: userdb { driver = passwd } Both of these lookups should be done by auth-worker processes. So why is it the auth process that complains? Because of a bug in v2.0.16+ :( http://hg.dovecot.org/dovecot-2.1/rev/8e5d9d88e250 As a workaround you can use for existing versions: userdb { driver = passwd args = blocking=yes }
[Dovecot] Dovecot IMAP/POP3 auto creating maildir
Hi I have observed that after deleting a mailbox and removing the user from the userdb, immediately accessing the mail account via POP3/IMAP causes Dovecot to auto create an empty mailbox, because the userdb/passdb details are still cached for 10minutes. Is there any option to tell Dovecot POP3/IMAP not to auto create the mailbox if it does not exist? Alternatively and less desirably is there a mechanism for telling Dovecot to expire a userdb/passdb cached entry? Running Dovecot 2.1.9 Dominic
Re: [Dovecot] Dovecot IMAP/POP3 auto creating maildir
On 27.11.2012, at 8.48, Dominic Malolepszy wrote: I have observed that after deleting a mailbox and removing the user from the userdb, immediately accessing the mail account via POP3/IMAP causes Dovecot to auto create an empty mailbox, because the userdb/passdb details are still cached for 10minutes. Is there any option to tell Dovecot POP3/IMAP not to auto create the mailbox if it does not exist? Change the parent directory permissions so that the mkdir() fails. Alternatively and less desirably is there a mechanism for telling Dovecot to expire a userdb/passdb cached entry? v2.1.9+ has: doveadm auth cache flush user@domain
Re: [Dovecot] Feature request: add information to error message: client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)
On 2.11.2012, at 17.55, Steffen Kaiser wrote: Please add the information to this error, which socket has the problem and which uid access is and what is expected. For instance, when the quota dict request fails, because of permission problems, you get a very detailed info about the current problem. And, further more, hints to solve it. BTW: I'm trying to configure shared mailboxes for a virtual user system, when one user with ACLs on other mailboxes requests a LIST, I get this error. In my case, I solved the problem by chmod u+x auth-userdb . http://hg.dovecot.org/dovecot-2.1/rev/c811aab61355 ?
Re: [Dovecot] imap-login hanging when firewall blocks ssl handshaking
Could you try with the attached patch, and with only the problematic client running? What does it log (the beginning of the session until it starts repeating the same lines)? On Sat, 2012-11-24 at 00:16 -0800, Erik A Johnson wrote: Thanks, Timo. Nope, still an infinite loop. Anything I can try using gdb to trace? On Nov 22, 2012, at 10:52 PM, Timo Sirainen t...@iki.fi wrote: On 10.11.2012, at 12.44, Erik A Johnson wrote: imap-login processes are hanging (using 100% of CPU) when connected from a client that is partially blocked by a firewall. It appears that imap-login is stuck in a loop trying to complete an ssl handshake. imap-login is working fine for other clients not blocked by the firewall (including localhost). This is dovecot 2.1.10 under Mac OS X 10.8.2 (compiled from sources); the firewall is Little Snitch 3.0.1 blocking port 993, which appears to let the connection initiate but then squashes and disconnects the socket during ssl handshaking. gdb backtrace and Activity Monitor's Sample Process show that imap-login is stuck calling ioloop-kqueue's io_loop_handler_run - io_loop_call_io - ssl_step repeatedly; dtruss shows that it is repeatedly making system calls to kevent and read, the latter returning -1 with errno 57=ENOTCONN=Socket is not connected. (I also tried ./configure --with-ioloop=poll and --with-iopoll=select instead of the default best = kqueue but the results were the same; --with-iopoll=epoll didn't work because epoll is not available on this machine.) The client, initiated by the command openssl s_client -connect SERVER:993, first responds CONNECTED(0003) but then immediately the error 60278:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-44/src/ssl/s23_lib.c:182:. The infinite loop is in src/lib/ioloop.c in the function io_loop_run where the statement while (ioloop-running) io_loop_handler_run(ioloop) is executed. I wonder if this fixes it? http://hg.dovecot.org/dovecot-2.1/rev/e95479f439aa diff -r 174d7e974326 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Tue Nov 27 09:13:57 2012 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Tue Nov 27 09:17:03 2012 +0200 @@ -108,6 +108,7 @@ static void ssl_read(struct ssl_proxy *proxy); static void ssl_write(struct ssl_proxy *proxy); static void ssl_step(struct ssl_proxy *proxy); +static void ssl_step_write(struct ssl_proxy *proxy); static void ssl_proxy_destroy(struct ssl_proxy *proxy); static void ssl_proxy_unref(struct ssl_proxy *proxy); @@ -248,6 +249,7 @@ static void ssl_set_io(struct ssl_proxy *proxy, enum ssl_io_action action) { + i_debug(ssl_set_io(%d), action); switch (action) { case SSL_ADD_INPUT: if (proxy-io_ssl_read != NULL) @@ -263,7 +265,7 @@ if (proxy-io_ssl_write != NULL) break; proxy-io_ssl_write = io_add(proxy-fd_ssl, IO_WRITE, - ssl_step, proxy); + ssl_step_write, proxy); break; case SSL_REMOVE_OUTPUT: if (proxy-io_ssl_write != NULL) @@ -404,12 +406,15 @@ i_free_and_null(proxy-last_error); err = SSL_get_error(proxy-ssl, ret); + i_debug(SSL_get_error() = %d, err); switch (err) { case SSL_ERROR_WANT_READ: + i_debug( - want_read); ssl_set_io(proxy, SSL_ADD_INPUT); break; case SSL_ERROR_WANT_WRITE: + i_debug( - want_write); ssl_set_io(proxy, SSL_ADD_OUTPUT); break; case SSL_ERROR_SYSCALL: @@ -463,6 +468,7 @@ } } else { ret = SSL_accept(proxy-ssl); + i_debug(ssl_handshake: SSL_accept()=%d, ret); if (ret != 1) { ssl_handle_error(proxy, ret, SSL_accept()); return; @@ -520,8 +526,15 @@ } } +static void ssl_step_write(struct ssl_proxy *proxy) +{ + i_debug(ssl_step_write()); + ssl_step(proxy); +} + static void ssl_step(struct ssl_proxy *proxy) { + i_debug(ssl_step()); proxy-refcount++; if (!proxy-handshaked)
Re: [Dovecot] Default fallback behaviour
On Tue, Nov 27, 2012 at 3:04 AM, Timo Sirainen t...@iki.fi wrote: On 23.11.2012, at 9.46, Nikita Koshikov wrote: Hello list, Here is the problem: I have few: passdb { #1 } passdb { #2 } And relative userdb sections. If user not found in 1) section it fallbacks to next one - it's expected and right, IMHO. But when the user exists in both section and password verification fails on 1) database it successfully authenticated on next one. I think this behaviour should be configured. The main goal of 1) section for this server is to overwrite users in main (section2) database. It's not always possible to know why #1 failed. For example PAM doesn't always tell if the password was wrong or if the user didn't exist. Maybe I missed something and this option is already in dovecot code and I can't find it ? Or if not - will it be added in the future ? I'm not very interested in adding it, especially because it can't be done reliably. Thank's for the anwer. It's a pity to hear, because it's security feature I need to provide. The problem - that main passdb - is ldap and there are about - 5-7 people who can edit it and simply to login as different users. Yes, activity is logged - but mailbox can be read\stolen. The main goal for passwd-file database is to revrite ldap very critical mailboxes to local file. It can be edited only but 1 person - it is nativly to trust 1, but not to 7.
Re: [Dovecot] Default fallback behaviour
On 27.11.2012, at 9.37, Nikita Koshikov wrote: Here is the problem: I have few: passdb { #1 } passdb { #2 } And relative userdb sections. If user not found in 1) section it fallbacks to next one - it's expected and right, IMHO. But when the user exists in both section and password verification fails on 1) database it successfully authenticated on next one. I think this behaviour should be configured. The main goal of 1) section for this server is to overwrite users in main (section2) database. Thank's for the anwer. It's a pity to hear, because it's security feature I need to provide. The problem - that main passdb - is ldap and there are about - 5-7 people who can edit it and simply to login as different users. Yes, activity is logged - but mailbox can be read\stolen. The main goal for passwd-file database is to revrite ldap very critical mailboxes to local file. It can be edited only but 1 person - it is nativly to trust 1, but not to 7. Try if a modified version of Alessio's suggestion works: passdb { driver = passwd-file args = /etc/passwd.important } passdb { driver = passwd-file args = /etc/passwd.important deny = yes } passdb { driver = ldap }