Re: [Dovecot] Disagreement on where mail goes.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 17 Aug 2013, LuKreme wrote: On 16 Aug 2013, at 17:55 , Bob Miller b...@computerisms.ca wrote: One guess: your mail_location is misconfigured. something like: mail_location = maildir:/usr/local/%u/Maildir First, that isn't the right location. I moved the mail folders into maildir because dovecot didn’t see the mail otherwise. It shouls be /usr/local/%u But *only* for the sql users. I though mail_location would set it globally for all users. ? See http://wiki2.dovecot.org/MailLocation/Maildir I never used it myself, but if you specify mail_location, you should be able to drop /Maildir from the path. If Dovecot is to automagically detect the mailbox format, you need Maildir. If you want to use different mail locations, you need to have your userdb return another mail_location setting for (some) users. E.g. configure the default / usual mail_location in the conf files and have SQL return a field mail with the proper location for that particular user. http://wiki2.dovecot.org/MailLocation 2. mail userdb field overrides mail_location setting. http://wiki2.dovecot.org/AuthDatabase/SQL - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhG+Z13r2wJMiz2NAQKG7gf7BPZku1Ix3vKFOOZj6LiBS5vuoubXbYXW LTaASX/LIY0x7yYwcSP+BSEmhYEKjr3iw+IyyDs/yRfr18brMTinIrBH1B0HOwms 9g/WWH1qFUe0eqBq7V6X4lRVJ5SaDoxirR9K6GDudrDI5D3N/HuLu1LQQRfLZSu6 tzAwrLKkplpI3mhooplLs9LaBn9qjuTlCu1pHrjlUHqlIqLtNnAPR20YDZrSBryX 1tq0YcVRXcvbZ/wodJYAuPmrZFzMhMjeSgqys7P24Mtoubb0YODjJZII/Dj7Bnpd X2nZ5KQn/EuzNmew/9hezVTkTyOWp3c8/RE3tQJwVMa8d73GYiDr0A== =K19R -END PGP SIGNATURE-
Re: [Dovecot] dovecot is working, sort of
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 16 Aug 2013, LuKreme wrote: I have two kinds of accounts on the machine, local (shell) accounts in /home/ and virtual (MySQL) accounts in /usr/local/virtual. I tried to add the hid/gid args in the sql block, but the syntax was incorrect. There is default_fields, that should do it, e.g. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields = uid=vpopmail gid=postfix } I did not see anything about default_fields, so that is news to me. It seems better, structurally, to do this wo when I next gt int there to fix stuff, I will probably do that instead of... http://wiki2.dovecot.org/UserDatabase?highlight=(default_fields) Or extent your SQL user_query to return static values for uid / gid. That is what I did, though I still have a problem with it all (see Disagreement on where mail goes. thread). With both mechanisms you can solve the mail_location problem as well, by defining mail= in default_fields or returing a field mail. Actually, you can use both: use default_fields = mail=/path/%u for most SQL users and return the field mail with some content, in order to override even the that default. The system users would then use the mail_location setting from the conf files. BTW: Your users have a home directory and Dovecot knows about it? Use home with default_fields. It should differ from the mail location. http://wiki2.dovecot.org/VirtualUsers/Home Therefore, to use %h/Maildir is not a bad decision for virtual users, too. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUhHAVl3r2wJMiz2NAQKYEAgAmCLPax/Fk2pyckFVFF9CCh0cG1WESw5H dbEbgoRsCu/dC3BzUHYwAq3SKTGkpfl7ztiqzhzhdMYldaQYbFq6IreABB/URz15 7/wmBf46ouadREHZ7vElkOPEpxPCjg98np0SbkE+DBt83mgWFqkUACJVA3m6uVnN EpwKJnusIVIdx3Kef41pS8Qf1UpUjFKb1rvz9j3BhHlVKAODENrlZzt5ZU3liUMO W4uvM1NtG8SoUW+KQZNf9fdvnq0skEGAFP81bUZtgySZxSvyKeUXcBQUvL98ab9Q 7P6Gvz7R7gd2izPUgyex8xFNuFlsEM4SZ6qUMuKApgQsVJvqM0qduQ== =fkM0 -END PGP SIGNATURE-
Re: [Dovecot] Using procmail to mark messages as read in dovecot
Am 19.08.2013 01:53, schrieb LuKreme: So, I use procmail extensively, and I have for a long time, but marking messages as 'read' in a Maildir has always been a little wonky: TRAP='mv $LASTFOLDER ${LASTFOLDER}:2,S' Since I've switched to dovecot, is there a way to mark a message on delivery as read or not new or seen? perhaps this helps http://www.gyford.com/phil/writing/2010/07/02/sieve-filters.php # File messages from a mailing list I never get round to reading, # and mark them as read so I don't feel guilty. if header :contains [From] mailingl...@example.com { setflag \\Seen; fileinto FolderName/MailboxName; stop; } http://wiki.dovecot.org/LDA/Sieve#Flagging_or_Highlighting_your_mail http://tools.ietf.org/html/draft-ietf-sieve-imapflags-05 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Maildirmake equiv?
On 2013-08-18 8:24 PM, LuKreme krem...@kreme.com wrote: Yep. seems to work fine. I think courier had a special command because it creates some extra files and a directory inside the maildir for its indexing. Courier doesn't use indexing. -- Best regards, */Charles/*
Re: [Dovecot] Expunged message reappeared, giving a new UID
Are there any more tests I can run for this? Thanks, Simon. On Thu, 2013-08-08 at 09:21 +0100, Simon Fraser wrote: On Tue, 2013-08-06 at 19:15 +0300, Timo Sirainen wrote: Presumably it's thinking the -r /tmp/dsync-rawlog is a mail location? I've tried changing its location in the appends, but it doesn't make a difference. Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. I ran two tests: one using 'doveadm expunge' and one deleting the message using mutt. Since the hosts mentioned so far have a copy of my full mailbox on, I re-ran the tests (with the same results) on a test server with a fresh mailbox on, so there was no extra folder synchronisation in there to fill up the rawlog. Those log entries are too big for the mailing list (70k+), so are here: 'doveadm expunge' dsync-rawlog node A http://pastebin.com/LtUnENPv 'doveadm expunge' dsync-rawlog node B http://pastebin.com/QaWLyZq2 imap expunge dsync-rawlog node A http://pastebin.com/SuFdWn0w imap expunge dsync-rawlog node B http://pastebin.com/Ex66s7hq Mail logs on both contain entries like this: Aug 6 18:04:37 dcot2a dovecot: master: Dovecot v2.2.5 starting up (core dumps disabled) Aug 6 18:04:38 dcot2a dovecot: doveadm: Error: Don't give mail location with -d parameter Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
[Dovecot] Dsync confusion...
Hi, Maybe I've been staring at config files and man pages too long, but the doc page for Dsync is a little confusing and I don't how to solve my problem. I've probably missed something simple and stupid, but as I said, I've been staring at this problem too long and need a second pair of eyes on it ! Per doveconf below the user/owner for auth db is a user with shell /bin/false. Root SSH login is also disabled on the target machine, so I need to use a script user to do the sync. I installed dovecot on the target host and config'd it as per the second doveconf below But all I ever get are errors such as : su -c dsync -u t...@somewhere.example.com backup its-virtm...@somewhere.example.com its_scripts dsync(its_scripts): Fatal: setuid(1001(its-virtmail) from userdb lookup) failed with euid=1002(its_scripts): Operation not permitted (This binary should probably be called with process user set to 1001(its-virtmail) instead of 1002(its_scripts)) root@ukc-vm02-mx01:/etc/dovecot/conf.d# dsync(its_scripts): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=1002(its_scripts) egid=1002(its_scripts) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Even if I temporarily give /bin/sh and an ssh key to the dovecot user, I still can't get it to work : ssh its-virtm...@somewhere.example.com dsync -u t...@example.com dsync(its-virtmail): Error: user t...@somewhere.example.com: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/srv/mail/example.com/test dsync(its-virtmail): Fatal: User init failed dsync-local(t...@somewhere.example.com): Error: read() from worker server failed: EOF # SOURCE HOST # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS auth_verbose = yes auth_verbose_passwords = sha1 mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { fts = solr fts_solr = url=http://localhost:8080/solr/ sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = its-virtmail mode = 0660 user = its-virtmail } } service imap-login { process_min_avail = 3 } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = its-virtmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieves { port = 5190 ssl = yes } process_min_avail = 3 } ssl = required ssl_cert = /etc/ssl/certs/mx_example.com.pem ssl_cipher_list = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!PSK:@STRENGTH ssl_key = /etc/ssl/private/mx_example.com.key userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 mail_plugins = fts fts_solr } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to %t was automatically rejected:%n%r } protocol lmtp { mail_plugins = sieve postmaster_address = postmas...@example.com } #DEST HOST # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-37-generic x86_64 Ubuntu 12.04.2 LTS auth_verbose = yes auth_verbose_passwords = sha1 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth { unix_listener auth-userdb { group = its-virtmail user = its-virtmail } } service lmtp { process_min_avail = 3 user = its-virtmail } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file }
[Dovecot] Maximum number of connections from user+IP exceeded
All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly (about one every second) when I checked mail after waking up this morning. The account is question is my main account and has a lot of mail, but it is not the account with the most mailboxes, that one is working fine. I looked at the documentation on how to increase this setting, but http://wiki.dovecot.org/MainConfig is for 1.x and clicking the 'wiki2 link brings up a mostly blank page with no configuration info at all. It looks like in dovecot 1.x this would go in an protocol imap block, but I don't have one of those in my conf. # doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } -- 'Never trust a ruler who puts his faith in tunnels and bunkers and escape routes. The chances are that his heart isn't in the job.'
Re: [Dovecot] Maximum number of connections from user+IP exceeded
Am 19.08.2013 14:00, schrieb LuKreme: All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly in case of IMAP 10 is *way* too low! keep in mind that * a IMAP client opens one connection *per folder* * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done * if you have a few imap-users behind the same NAT you are done signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Maximum number of connections from user+IP exceeded
Am 19.08.2013 14:03, schrieb Reindl Harald: Am 19.08.2013 14:00, schrieb LuKreme: All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly in case of IMAP 10 is *way* too low! keep in mind that * a IMAP client opens one connection *per folder* * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done * if you have a few imap-users behind the same NAT you are done missed I looked at the documentation on how to increase this setting and It looks like in dovecot 1.x this would go in an protocol imap block, but I don't have one of those in my conf it goes in no block, part of the main config login_log_format_elements = user=%u %r %m %c login_log_format = %$: %s mail_max_userip_connections= 50 auth_mechanisms= CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no shutdown_clients = no version_ignore = yes signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Disagreement on where mail goes.
On 19 Aug 2013, at 00:42 , Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote: See http://wiki2.dovecot.org/MailLocation/Maildir I never used it myself, but if you specify mail_location, you should be able to drop /Maildir from the path. If Dovecot is to automagically detect the mailbox format, you need Maildir. If you want to use different mail locations, you need to have your userdb return another mail_location setting for (some) users. E.g. configure the default / usual mail_location in the conf files and have SQL return a field mail with the proper location for that particular user. http://wiki2.dovecot.org/MailLocation 2. mail userdb field overrides mail_location setting. http://wiki2.dovecot.org/AuthDatabase/SQL Thanks, I'v read those, but I don't know what the scope of that setting is. I have mail_location set to milder:~/Maildir at the top-level of the dovecot.conf. If I try to set it again in the userdb userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields= uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u } Well, I thought that threw an error last time I tried it. Hmm. OK. watches the logs with suspicion for a while OK, never mind. I don't know what I did last time, that does seem to work. -- Nothing gold can stay -- Robert Frost Stay gold -- Johnny Cade
[Dovecot] age-limit
I'm trying to figure if there is a proactive way to enforce item age on maildir . maildir-cleanup kind of does it but im looking for something similiar to quota ++ that you can add to dovecot but for item age not size. Any ideas?
Re: [Dovecot] Maximum number of connections from user+IP exceeded
On 8/19/2013 7:03 AM, Reindl Harald wrote: Am 19.08.2013 14:00, schrieb LuKreme: All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly in case of IMAP 10 is *way* too low! keep in mind that * a IMAP client opens one connection *per folder* What do you mean by per folder? I've been limiting Tbird to 2 IMAP connections for many years and, unsurprisingly, it never opens more than two IMAP connections to Dovecot no matter how many folders I access, tabs I have open, or searches I perform, etc: tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap And with the default TB limit of 5 it never opens more than 5. Which clients exhibit this per folder connection behavior? That seems totally unnecessary. * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done Again, not folder dependent but client configuration dependent. If your client is RC it never opens more than one connection per user, and closes the connection after each operation. * if you have a few imap-users behind the same NAT you are done This isn't correct either. It's user+IP. So you could have 30 connections from 3 users, 100 from 10 users, through one NAT IP, with a setting of 10. -- Stan
Re: [Dovecot] Maximum number of connections from user+IP exceeded
Am 19.08.2013 23:00, schrieb Stan Hoeppner: On 8/19/2013 7:03 AM, Reindl Harald wrote: Am 19.08.2013 14:00, schrieb LuKreme: All of a sudden I am getting these errors on one of my accounts: imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) It was working fine last night when I went to bed, and is posting these errors nearly constantly in case of IMAP 10 is *way* too low! keep in mind that * a IMAP client opens one connection *per folder* What do you mean by per folder? I've been limiting Tbird to 2 IMAP connections for many years and, unsurprisingly, it never opens more than two IMAP connections to Dovecot no matter how many folders I access, tabs I have open, or searches I perform, etc: tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap and it will never check more than 2 folder relieable and in time for new mails And with the default TB limit of 5 it never opens more than 5 fine - and with Inbox, Sent, Trash, Junk and Drafts it will so with 2 client from the smane NAT your 10 are done Which clients exhibit this per folder connection behavior? That seems totally unnecessary. may i suggest you read about how IMAP IDLE works? http://forum.emclient.com/emclient/topics/imap_idle_should_open_a_connection_to_each_folder_but_it_does_not http://kb.mozillazine.org/IMAP:_advanced_account_configuration * if you have 5 folders and a user with 3 devices (workstation, phone, tablet) you are done Again, not folder dependent but client configuration dependent. If your client is RC it never opens more than one connection per user, and closes the connection after each operation. Roundcube is not a regulary client because with stateless HTTP you hardly can implement IMAP IDLE * if you have a few imap-users behind the same NAT you are done This isn't correct either. It's user+IP says who? this makes no sense to limit anything relieable hence, a bad guy has no user at all and opens a lot of connections for damage So you could have 30 connections from 3 users, 100 from 10 users, through one NAT IP, with a setting of 10 even with your example of 5 default connections you have a problem with the same user owning 3 devices - they most likely sometimes are behind his home NAT and turned on signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Maximum number of connections from user+IP exceeded
On 2013-08-19 23:00, Stan Hoeppner wrote: * a IMAP client opens one connection *per folder* What do you mean by per folder? I've been limiting Tbird to 2 IMAP connections for many years and, unsurprisingly, it never opens more than two IMAP connections to Dovecot no matter how many folders I access, tabs I have open, or searches I perform, etc: tcp 0 0 192.168.100.9:143 192.168.100.53:1663 ESTABLISHED 13189/imap tcp 0 0 192.168.100.9:143 192.168.100.53:1672 ESTABLISHED 13192/imap And with the default TB limit of 5 it never opens more than 5. Which clients exhibit this per folder connection behavior? That seems totally unnecessary. Any client which supports the 'IDLE' command does this; it's a mechanism to avoid that a client has to poll the IMAP server for new mail. The client does an 'IDLE' call *per folder* which only returns when the server adds new mail to the folder. Hence, the IDLE call blocks the connection, which is why mail clients which use IDLE have to establish multiple IMAP connections, one per folder which is monitored using this feature. -- Frerich Raabe - ra...@froglogic.com www.froglogic.com - Multi-Platform GUI Testing
Re: [Dovecot] Dovecot + SELinux permission problems - Virtual user permissions?
Sorry about the delays on following up on this, I am really struggling to get somewhere, but have made some minor progress, see below. I am now starting to suspect that it may be a problem that I have a virtual user in dovecot trying to access a maildir owned by the system user. Although the maildir has full permissions (777), could it be that SELinux is blocking the virtual user access to the file through dovecot because it is owned by the system user? Thomas Harold thomas-li...@nybeta.com writes: On 6/24/2013 9:58 AM, Johnny wrote: Yes, /var/log/audit/ with audit.log. There are some archived logs as well, but no recent messages regarding dovecot perms. Typically you could use sealert -a /var/log/audit/audit.log /var/log/audit/audit.log.1 to get a feel for how many SELinux exceptions are happening. I found out that auditd had the wrong permissions and therefore didn't start. Setting the permissions of /var/log/audit/audit.log to 0600 enabled starting auditd. Unfortunately, audit.log doesn't log any errors with SELinux in Permissive mode (nor for Enforcing). Also, when you say that the restorecon -R did not fix the issue, did you check the output of ls -Z after running it? I also found out that semanage didn't work initially, as there was a symbolic link in the path. Referencing the location directly, the relabelling worked, so now Maildir and all below is type mail_spool_t. , ls -Z /home/user/data1/Maildir | drwx--. user user system_u:object_r:mail_spool_t:s0 juser | | drwx--. user user system_u:object_r:mail_spool_t:s0 yggdrasil | ` However, looking at your original message, I'm wondering why the forward slashes are doubled up. For instance: /home/user/data1/Maildir// Good spot! I have defined different virtual users for in a 'users' file, and there was a trailing slash in the maildir location as well as a leading slash in mail folder path. I have now removed the trailing slash so there is no double slashes in the path anymore. The problem however still remains; with SELinux in Permissive, there are no issues in logging into the dovecot server. When I set it to Enforcing, the telnet session is closed immediately when trying to login with the message : telnet localhost 143 : a login [user] [password] , | * BYE Internal error occurred. Refer to server log for more information. | Connection closed by foreign host. ` From the dovecot log (below) it looks like a write permission error. , cat /var/log/dovecot | Aug 19 23:33:29 imap-login: Info: Login: user=juser, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5217, secured, session=2AKSh1Tk1QB/AAAB | Aug 19 23:34:11 imap(juser): Info: Connection closed in=0 out=319 | Aug 19 23:34:18 imap-login: Info: Login: user=juser, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5224, secured, session=34J+ilTk1gB/AAAB | Aug 19 23:34:18 imap(juser): Error: chdir(/home/user/data1/Maildir//) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir// stat(/home/user/data1/Maildir//) failed: Permission denied) | Aug 19 23:34:18 imap(juser): Error: chdir(/home/user/data1/Maildir/) failed: Permission denied | Aug 19 23:34:18 imap(juser): Error: user juser: Initialization failed: Namespace '': stat(/home/user/data1/Maildir//juser) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir//juser stat(/home/user/data1/Maildir//juser) failed: Permission denied) ` , ls -Z /home/user/data1/Maildir | drwx--. user user system_u:object_r:mail_spool_t:s0 juser | | drwx--. user user system_u:object_r:mail_spool_t:s0 yggdrasil | ` Changing permissions to 777 doesn't change matters at all. Looking at the permission error in /var/log/dovecot again leads me to think that /maybe/ the issue is that I have a virtual dovecot user 'juser' which tries to read the Maildir owned by 'user'. I.e. these lines: Permission deinied: | Aug 19 23:34:18 imap(juser): Error: user juser: Initialization failed: Namespace '': stat(/home/user/data1/Maildir/juser) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir/juser stat(/home/user/data1/Maildir/juser) failed: Permission denied) File ownership: | drwxrwxrwx. user user system_u:object_r:mail_spool_t:s0 juser | -- Johnny
Re: [Dovecot] Maximum number of connections from user+IP exceeded
On 8/19/2013 4:10 PM, Reindl Harald wrote: may i suggest you read about how IMAP IDLE works? Oh, well sure, if you hang your hat on IDLE then your arguments here might make sense. But because of the brain dead one socket per folder architecture of IDLE few have adopted it en masse. Which is why my comments ignored the existence of IDLE. And which is also why the creators of the RFC stated clients must not count on the existence of IDLE and must poll, which seems really odd. Many have, and still ask, why even have IDLE then if we must still poll? http://tools.ietf.org/html/rfc2177 (While the spec actually does allow a server to push EXISTS responses aysynchronously, a client can't expect this behaviour and must poll.) Given the option of potentially dozens of open sockets between his server and any client simply to allow IDLE to work for all folders, or one or two connections and strictly client polling, I'd guess most admins will choose the latter. -- Stan
Re: [Dovecot] Maximum number of connections from user+IP exceeded
Am 20.08.2013 01:45, schrieb Stan Hoeppner: On 8/19/2013 4:10 PM, Reindl Harald wrote: may i suggest you read about how IMAP IDLE works? Oh, well sure, if you hang your hat on IDLE then your arguments here might make sense. But because of the brain dead one socket per folder architecture of IDLE few have adopted it en masse. Which is why my comments ignored the existence of IDLE. And which is also why the creators of the RFC stated clients must not count on the existence of IDLE and must poll, which seems really odd. Many have, and still ask, why even have IDLE then if we must still poll? http://tools.ietf.org/html/rfc2177 (While the spec actually does allow a server to push EXISTS responses aysynchronously, a client can't expect this behaviour and must poll.) Given the option of potentially dozens of open sockets between his server and any client simply to allow IDLE to work for all folders, or one or two connections and strictly client polling, I'd guess most admins will choose the latter why we have IDLE is easy explained, i get around 500 mails per day well, i can't imagine my personal work-load woking without IDLE 30 folders sorted with Sieve * several lists with own folders * company (there folders, one for internal lists) * customers * vendors * server-status (logwatch, mail-stats of 20 servers) * error-notifies from watchdog (own cron-watchdogs, HP ILO, VMware vSphere, UPS...) INBOX is a place where rarely a message comes in and with K9 on Android it's easy to select which folders should be considered for the common-inbox and which are pointless on a mobile (INBOX is none of them) on a mailserver which can handle thousands of connections there is rarely a reason to disable IDLE and so a connection limit of 10 per IP is questionable signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Calling dovecot-lda correctly from exim for virtual user setup
On 2013-08-02 14:25, Timo Sirainen wrote: On Tue, 2013-07-30 at 14:55 +0200, Frerich Raabe wrote: I'm running Dovecot 2.1.7 on Debian. Exim is the MTA. I was recently made aware of the fact that the way in which Exim invokes dovecot-lda is prone to code injection: dovecot_virtual_delivery: driver = pipe command = HOME=/home/vmail/\$local_part /usr/lib/dovecot/dovecot-lda -f \$sender_address use_shell .. I.e. a command is executed via the shell, and Exim uses non-sanitized user input (mail header fields) to construct the command. Now, the reason I invoked dovecot like that is to pass a plausible value for the HOME environment variable, so that dovecot-lda can determine where the Maildir directory of the recipient is. Is there any way to achieve this without requiring HOME to be set correctly? I looked at the -m switch but as far as I can see that merely defines the destination mailbox, but not the path to the Maildir directory, correct? Maybe set mail_home = /home/vmail/%n ? Sorry for the late reply, I totally forgot to follow-up on this. Setting mail_home didn't seem to help (according to 'doveadm user' the home directory was already computed corretly). It turned out that what *did* help was to pass '-d $local_part' to dovecot-lda. Apparently that makes it do a userdb lookup which in turn makes it figure out the home directory. -- Frerich Raabe - ra...@froglogic.com www.froglogic.com - Multi-Platform GUI Testing
Re: [Dovecot] DRAC plugin for Dovecot-2.x
Hello, USUDA Hisashi us...@designet.co.jp writes: Hello All, I released the DRAC plugin for dovecot-2.x. http://sourceforge.jp/projects/dovecot2-drac/ It's based the plugin for dovecot-1.1: http://dovecot.org/patches/1.1/drac.c I recently tried to get your DRAC plugin to work for 2.2.5, but it fails to compile as it is looking for network.h include file, and that doesn't appear to exist any longer in 2.2. Do you have plans to make a newer version of this plugin? thanks, micah
Re: [Dovecot] Using procmail to mark messages as read in dovecot
On 18 Aug 2013, at 19:46 , Benny Pedersen m...@junc.eu wrote: LuKreme skrev den 2013-08-19 01:53: Since I've switched to dovecot, is there a way to mark a message on delivery as read or not new or seen? http://www.emaildiscussions.com/showthread.php?t=43128 it just require sieve On 19 Aug 2013, at 01:45 , Robert Schetterer r...@sys4.de wrote: # File messages from a mailing list I never get round to reading, # and mark them as read so I don't feel guilty. if header :contains [From] mailingl...@example.com { setflag \\Seen; fileinto FolderName/MailboxName; stop; } I am assuming that sieve acts as a LDA like procmail, so it's an either/or? I have a *lot* of procmail recipes I've written over the last 20 years or so. -- I get the feeling that some people's idea of heaven is an I told you so T-shirt - mmalc
Re: [Dovecot] Maximum number of connections from user+IP exceeded
On 8/19/2013 6:55 PM, Reindl Harald wrote: Am 20.08.2013 01:45, schrieb Stan Hoeppner: On 8/19/2013 4:10 PM, Reindl Harald wrote: may i suggest you read about how IMAP IDLE works? Oh, well sure, if you hang your hat on IDLE then your arguments here might make sense. But because of the brain dead one socket per folder architecture of IDLE few have adopted it en masse. Which is why my comments ignored the existence of IDLE. And which is also why the creators of the RFC stated clients must not count on the existence of IDLE and must poll, which seems really odd. Many have, and still ask, why even have IDLE then if we must still poll? http://tools.ietf.org/html/rfc2177 (While the spec actually does allow a server to push EXISTS responses aysynchronously, a client can't expect this behaviour and must poll.) Given the option of potentially dozens of open sockets between his server and any client simply to allow IDLE to work for all folders, or one or two connections and strictly client polling, I'd guess most admins will choose the latter why we have IDLE is easy explained, i get around 500 mails per day well, i can't imagine my personal work-load woking without IDLE 30 folders sorted with Sieve * several lists with own folders * company (there folders, one for internal lists) * customers * vendors * server-status (logwatch, mail-stats of 20 servers) * error-notifies from watchdog (own cron-watchdogs, HP ILO, VMware vSphere, UPS...) INBOX is a place where rarely a message comes in and with K9 on Android it's easy to select which folders should be considered for the common-inbox and which are pointless on a mobile (INBOX is none of them) IDLE is not required for this. Polling, which is the default on all MUAs, accomplishes the same over one socket, a few max, depending on what you're doing -concurrently- in the MUA. on a mailserver which can handle thousands of connections there is rarely a reason to disable IDLE and so a connection limit of 10 per IP is questionable The server resources aren't necessarily a problem as you can always go cluster. One potential problem though, and there are likely others, is that you're potentially increasing the SPI/NAT session tracking on the edge router by 3-6 fold by allowing 30 sessions vs 5 or 10. Add that on top of the other traffic types and, for many, this may require larger routers, a license upgrade, or both. If you're an org of any size and tunneling the IMAP sessions through VPN routers, an upgrade would likely be mandatory. Thus for some orgs simply increasing allowed connections to support IDLE on arbitrary folder counts may come with a $20-100K price tag. If this was money in your pocket, would you spend it to simply replace poll with push, given that poll works fine, and given that push yields no -real- advantage over poll? -- Stan