Re: System load spike on dovecot reload
Hello, On Fri, 21 Apr 2017 10:43:47 +0200 d...@evilcigi.eu wrote: > Hi everyone, > > I'm running dovecot with quite a lot of users and lots of active imap > connections (like 20'000). I'm using different user IDs for users, so I > need to have imap {service_count=1} - i.e. I have a lots of imap > processes running. > We peaked out at 65k imap processes before upgrading to a version where imap-hibernate more or less works, but we're using a common ID. --- dovecot 119157 0.1 0.0 59364 52216 ?SApr01 48:25 dovecot/imap-hibernate [15137 connections] --- The service_count parameter in this context is not doing what you think it does, I have it at 200 these days and that will allow imap (or pop3) processes to be recycled (they are labeled with "idling" when waiting for a new client), not having one imap process serve multiple clients. --- mail 591307 0.0 0.0 29876 4712 ?SApr20 0:00 dovecot/imap [idling] mail 735323 0.0 0.0 27396 4196 ?S13:20 0:00 dovecot/pop3 [idling] --- The advantage (for me at least) is that the dovecot master process doesn't have to to spin up a new mail processes each time during logins. Since this process is quite single-threaded, it becomes a bottleneck eventually. > Everything works fine, until I reload dovecot configuration. When that > happen, every client is forced to relogin in the same time and that > causes a huge system load spike (2-3000 5 min load). > Unless you're making a change that affects the dovecot master process, restarting everything isn't needed and you should set "shutdown_clients = no". You could still kick users with "dovecot kick" at a leisurely pace, but security problems with the mail processes are rare. > I was thinking that it would be great, if dovecot wouldn't kick all the > users in the same time during reload, but somehow gradually, during > specified interval. I'm aware of the shutdown_clients directive that > could help, but I don't like it - I've very much gotten to like it, once things got huge and busy. > I do want the clients get disconnected > on dovecot shutdown and also I want them to relogin in reasonably short > time after reload. > > Is something like that possible with dovecot or does it make sense to > implement that in the future versions? > Run a dovecot proxy (if you have single box with all these users on it, Mr. Murphy would like a word with you) and set "login_proxy_max_disconnect_delay" to something that suits you. Christian -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/
imap service count>1 (was System load spike ...)
I'm running dovecot with quite a lot of users and lots of active imap connections (like 20'000). I'm using different user IDs for users, so I need to have imap {service_count=1} - i.e. I have a lots of imap processes running. I had a misconception this service's service_count was non-adjustable. (https://wiki.dovecot.org/Services on imap service) service_count can be changed from 1 if only a single UID is used for mail users. This is improves performance, but it's less secure, because bugs in code may leak email data from another user's earlier connection. How easy would it be to implement a hybrid solution that maps all imap service for a unique UID to a single worker process. It would result in modest performance gain for busy servers, and data leakage security would be minimal. Joseph Tam
Re: Re: Pipe to PHP script using Sieve Extprograms
Oops, the configuration files in conf.d weren't included. They are now. I am now seeing the follow errors showing up in the maillogs: dovecot: master: Error: bind(/var/run/dovecot/sieve-pipe/php) failed: No such file or directory dovecot: master: Fatal: Failed to start listeners I may be completely wrong here, but isn't it supposed to create this on its own since it's a unix listener? The service looks like this now: service php { # Define the executed script as parameter to the sieve service executable = script /etc/dovecot/sieve-pipe/php.sh # Use some unprivileged user for executing the program user = dovenull # The unix socket located in the sieve_pipe_socket_dir (as defined in the # plugin {} section above) unix_listener sieve-pipe/php { # LDA/LMTP must have access user = vmail mode = 0600 } }
Re: System load spike on dovecot reload
> On Apr 21, 2017, at 4:43 AM, d...@evilcigi.eu wrote: > > Hi everyone, > > I'm running dovecot with quite a lot of users and lots of active imap > connections (like 20'000). I'm using different user IDs for users, so I need > to have imap {service_count=1} - i.e. I have a lots of imap processes running. > > Everything works fine, until I reload dovecot configuration. When that > happen, every client is forced to relogin in the same time and that causes a > huge system load spike (2-3000 5 min load). > > I was thinking that it would be great, if dovecot wouldn't kick all the users > in the same time during reload, but somehow gradually, during specified > interval. I'm aware of the shutdown_clients directive that could help, but I > don't like it - I do want the clients get disconnected on dovecot shutdown > and also I want them to relogin in reasonably short time after reload. You could run a Dovecot IMAP proxy in a Docker container on your server and run a separate Dovecot IMAP server in another container. Once both containers are up and running, enable the Dovecot IMAP proxy to start sending IMAP sessions to the IMAP server. When the time comes to change the Dovecot configuration, deploy another instance of Dovecot IMAP server with the new configuration. Once the new container is up and running, configure Dovecot IMAP proxy to direct a few specific test users to the new Dovecot IMAP server. When satisfied that the new server can handle new user sessions, configure Dovecot IMAP proxy to direct all new sessions to the new instance. After everything seems to be working fine for a period of time, start kicking users on the old Dovecot IMAP server off (at a comfortable pace) so they will reconnect to the new Dovecot IMAP server. When the old Dovecot IMAP server is no longer managing any sessions, it can be removed from the server (that is, the Docker container stopped and eventually removed completely). Since all containers are running on the same host server, the old and new Dovecot containers will be configured to access the same Dovecot mail storage by mounting the host storage to both containers. I think Docker containers are the easiest way to manage Dovecot in production. Kevin
System load spike on dovecot reload
Hi everyone, I'm running dovecot with quite a lot of users and lots of active imap connections (like 20'000). I'm using different user IDs for users, so I need to have imap {service_count=1} - i.e. I have a lots of imap processes running. Everything works fine, until I reload dovecot configuration. When that happen, every client is forced to relogin in the same time and that causes a huge system load spike (2-3000 5 min load). I was thinking that it would be great, if dovecot wouldn't kick all the users in the same time during reload, but somehow gradually, during specified interval. I'm aware of the shutdown_clients directive that could help, but I don't like it - I do want the clients get disconnected on dovecot shutdown and also I want them to relogin in reasonably short time after reload. Is something like that possible with dovecot or does it make sense to implement that in the future versions? Thank you. Dave.
Re: Pipe to PHP script using Sieve Extprograms
Op 4/21/2017 om 6:08 PM schreef Thomas: > Hello, > > I seem to be having some issues trying to setup a pipe to PHP scripts > using Sieve Extprograms. I am trying to allow each individual mailbox > to setup its own PHP pipe rules (in other words, each user should be > able to pipe incoming emails to a user defined PHP script). > > I have the following lines in my main Sieve configuration file > (/etc/dovecot/conf.d/90-sieve.conf): > >sieve_extensions = +vnd.dovecot.pipe >sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute >sieve_plugins = sieve_extprograms > I don't see these settings in your dovecot -n output below. > > I have configured a Sieve service that looks like this > (/etc/dovecot/conf.d/90-sieve-extprograms.conf): > >service php { > # Define the executed script as parameter to the sieve service > executable = /var/run/dovecot/sieve-pipe/php.sh > > # Use some unprivileged user for executing the program > user = dovenull > > # The unix socket located in the sieve_pipe_socket_dir (as >defined in the > # plugin {} section above) > unix_listener sieve-pipe/php { > # LDA/LMTP must have access > user = vmail > mode = 0600 > } >} > > > > Contents of /var/run/dovecot/sieve-pipe/php.sh: > >#!/usr/bin/php > > > > Sieve script for one of my mailboxes: > >require ["fileinto", "regex", "date", "relational", "vacation"]; >require ["mailbox", "imap4flags", "vnd.dovecot.pipe"]; > ># Move spam to spam folder >if header :contains "X-Spam-Flag" "YES" { > fileinto "Junk"; > # Stop here so that we do not reply on spams > stop; >} > >pipe :try "php /var/www/web2/piping.php supp...@example.com" > >keep; > > > > This results however in the following error in my log file: > >main script: line 5: error: require command: unknown Sieve >capability `vnd.dovecot.pipe'. >main script: line 14: error: unknown command 'pipe' (only reported >once at first occurence). >main script: error: validation failed. > > > I am also not quite confident I have set this up correctly. Am I > heading in the right direction for what I am trying to achieve? > > Dovecot version: 2.2.10 > > dovecot -n: > ># 2.2.10: /etc/dovecot/dovecot.conf ># OS: Linux 3.10.0-514.16.1.el7.x86_64 x86_64 CentOS Linux release >7.3.1611 (Core) >auth_mechanisms = plain login >disable_plaintext_auth = no >listen = *,[::] >log_timestamp = "%Y-%m-%d %H:%M:%S " >mail_plugins = " quota" >mail_privileged_group = vmail >managesieve_notify_capability = mailto >managesieve_sieve_capability = fileinto reject envelope >encoded-character vacation subaddress comparator-i;ascii-numeric >relational regex imap4flags copy include variables body enotify >environment mailbox date ihave >passdb { > args = /etc/dovecot-sql.conf > driver = sql >} >plugin { > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > sieve = /var/vmail/%d/%n/.sieve >} >protocols = imap pop3 >service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root >} >service imap-login { > client_limit = 1000 > process_limit = 500 >} >service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } >} >ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 >userdb { > driver = prefetch >} >userdb { > args = /etc/dovecot-sql.conf > driver = sql >} >protocol imap { > mail_plugins = quota imap_quota >} >protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv >} >protocol lda { > mail_plugins = sieve quota > postmaster_address = root@localhost >} >protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster@localhost >}
Pipe to PHP script using Sieve Extprograms
Hello, I seem to be having some issues trying to setup a pipe to PHP scripts using Sieve Extprograms. I am trying to allow each individual mailbox to setup its own PHP pipe rules (in other words, each user should be able to pipe incoming emails to a user defined PHP script). I have the following lines in my main Sieve configuration file (/etc/dovecot/conf.d/90-sieve.conf): sieve_extensions = +vnd.dovecot.pipe sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_plugins = sieve_extprograms I have configured a Sieve service that looks like this (/etc/dovecot/conf.d/90-sieve-extprograms.conf): service php { # Define the executed script as parameter to the sieve service executable = /var/run/dovecot/sieve-pipe/php.sh # Use some unprivileged user for executing the program user = dovenull # The unix socket located in the sieve_pipe_socket_dir (as defined in the # plugin {} section above) unix_listener sieve-pipe/php { # LDA/LMTP must have access user = vmail mode = 0600 } } Contents of /var/run/dovecot/sieve-pipe/php.sh: #!/usr/bin/php Sieve script for one of my mailboxes: require ["fileinto", "regex", "date", "relational", "vacation"]; require ["mailbox", "imap4flags", "vnd.dovecot.pipe"]; # Move spam to spam folder if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; # Stop here so that we do not reply on spams stop; } pipe :try "php /var/www/web2/piping.php supp...@example.com" keep; This results however in the following error in my log file: main script: line 5: error: require command: unknown Sieve capability `vnd.dovecot.pipe'. main script: line 14: error: unknown command 'pipe' (only reported once at first occurence). main script: error: validation failed. I am also not quite confident I have set this up correctly. Am I heading in the right direction for what I am trying to achieve? Dovecot version: 2.2.10 dovecot -n: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.16.1.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core) auth_mechanisms = plain login disable_plaintext_auth = no listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_plugins = " quota" mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 500 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert =
Re: Host ... is being updated before previous update had finished
Timo/Aki/Docecot guys, any hints here? Is this a bug? Design issue? On Fri, Apr 7, 2017 at 10:10 AM Mark Moseley wrote: > On Mon, Apr 3, 2017 at 6:04 PM, Mark Moseley > wrote: > >> We just had a bunch of backend boxes go down due to a DDoS in our >> director cluster. When the DDoS died down, our director ring was a mess. >> >> Each box had thousands (and hundreds per second, which is a bit much) of >> log lines like the following: >> >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (down -> >> up) - setting to state=up vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (down -> >> up) - setting to state=up vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.10:9090/left): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.2:9090/right): Host >> 10.1.17.15 is being updated before previous update had finished (down -> >> up) - setting to state=up vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.2:9090/right): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.2:9090/right): Host >> 10.1.17.15 is being updated before previous update had finished (down -> >> up) - setting to state=up vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.2:9090/right): Host >> 10.1.17.15 is being updated before previous update had finished (up -> >> down) - setting to state=down vhosts=100 >> Apr 03 19:59:29 director: Warning: director(10.1.20.2:9090/right): Host >> 10.1.17.15 is being updated before previous update had finished (down -> >> up) - setting to state=up vhosts=100 >> >> This was on every director box and the status of all of the directors in >> 'doveadm director ring status' was 'handshaking'. >> >> Here's a sample packet between directors: >> >> 19:51:23.552280 IP 10.1.20.10.56670 > 10.1.20.1.9090: Flags [P.], seq >> 4147:5128, ack 0, win 0, options [nop,nop,TS val 1373505883 ecr >> 1721203906], length 981 >> >> Q. [f.|.HOST 10.1.20.10 90901006732 10.1.17.15 >> 100 D1491260800 >> HOST10.1.20.10 90901006733 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006734 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006735 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006736 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006737 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006738 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006739 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006740 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006741 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006742 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006743 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006744 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006745 10.1.17.15 100 >> U1491260800 >> HOST10.1.20.10 90901006746 10.1.17.15 100 >> D1491260800 >> HOST10.1.20.10 90901006747 10.1.17.15 100 >> U1491260800 >> SYNC10.1.20.10 90901011840 7 1491263483 3377546382 >> >> I'm guessing that D1491260800 is the user hash (with D for down), and the >> U version is for 'up'. >> >> I'm happy to provide the full tcpdump (and/or doveconf -a), though the >> tcpdump is basically all identical the one I pasted (same hash, same host). >> >> This seems pretty fragile. There should be some sort of tie break for >> that, instead of bringing the entire cluster to its knees. Or just drop the >> backend host completely. Or something, anything besides hosing things >> pretty badly. >> >> This is 2.2.27, on both the directors and backend. If the answer is >> upgrade to 2.2.28, then I'll upgrade immediately. I see >> commit a9ade104616bbb81c34cc6f8bfde5dab0571afac mentions the same error but >> the commit predates 2.2.27 by a month and a half. >> >> In the meantime, is there any doveadm command I could've done to fix >> this? I tried removing the host (doveadm director remove 10.1.17.15) but >> that did
Issue with POP3s TLS/SSL on port 995 on Outlook 2016
Dear Team, I'm facing issue with POP3s TLS/SSL on port 995 only for outlook2016. It's working fine with dovecot v2.2.28 on test environment. Is the dovecot v2.2.28 is stable released? I can upgrade the version from v2.1.17 to v2.2.28 on production if its stable version. Kindly confirm and provide the proper solution. Thanks and Regards, Bhushan Previous Mail:==I have faced issue with email downloading in the email client by using pop3s SSL port 995 in dovecot v2.1.17 for outlook client 2016 on production environment. As per my troubleshooting on my test environment, I have upgraded dovecot version v2.2.28, and changed paramer "ssl_dh_parameters_length = 2048" and "verbose_ssl = yes", The issue seems to be resolved in dovecot v2.2.28. What can i do to resolve this issue in dovecot v2.1.17? Kindly help.
Re: Feature Request - Director Balance
On 20 Apr 2017, at 17.35, Webert de Souza Lima wrote: > > Hi, > > often I run into the situation where a dovecot server goes down for > maintenance, and all users get concentrated in the remaining dovecot server > (considering I have 2 dovecot servers only). > > When that dovecot server comes back online, director server will send new > users to it, but the dovecot server that was up all the time will still > have tons of clients mapped to it. > > I suggest the director servers to always try to balance load between > servers, in the way: > > - if a server has several more connections than other, mark it to > re-balance > - when a user connected to this loaded server disconnects, map it to > another server (that is per definition not the same server) immediately. > > that way it would gracefully re-balance, not killing existing connections, > just waiting for them to finish. You could effectively do this by shrinking the director_user_expire time. But if it's too low, it causes director to be a bit more inefficient when assigning users to backends. Also if backends are doing any background work (e.g. full text search indexing) director might move the user away too early. But setting it to e.g. 5 minutes would likely help a lot. There's of course also the doveadm director flush, which can be used to move users between backends, but that requires killing the connections for now. I've some future plans to make it possible to move connections between backends without disconnecting the IMAP client.
Re: namespace assertion failed
On 20 Apr 2017, at 19.29, Elisamuel Resto wrote: > > Hello, > > I'm trying to figure out if this is a configuration issue or an actual bug. > Dovecot does start, but if anybody tries to log in or if you run sievec you > get an assertion fail and a coredump. > > --- > sievec(root): Panic: file mail-namespace.c: line 709 (mail_namespace_find): > assertion failed: (ns != NULL) > sievec(root): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(+0x9c3a2) [0x7ff70e2133a2] -> > /usr/lib/dovecot/libdovecot.so.0(+0x9c429) [0x7ff70e213429] -> > /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff70e1a5e41] -> > /usr/lib/dovecot/libdovecot-storage.so.0(mail_namespace_find+0xc8) > [0x7ff70e4e03a8] -> /usr/lib/dovecot/modules/lib11_trash_plugin.so(+0x1e56) Trash plugin was broken in 2.2.28. Use 2.2.29.
Re: [BUG] config-parser.c: line 89 - crash on comma in namespace mailbox
On 17 Apr 2017, at 15.45, Alek wrote: > > Hi! > On the latest versions (2.2.28, 2.2.29.x) we get crash on dovecot config > parse. > Error in config parser when checking namespace mailbox name. > Reason: comma in mailbox name. > Worked well in versions < 2.2.22. Do not know if it was working on > 2.2.23-2.2.27, skipped this versions. > > Example: > namespace inbox { > mailbox "&BB4EQgQ,BEAEMAQyBDsENQQ9BD0ESwQ1-" { >special_use = \Sent > } > } > > doveconf: Panic: file config-parser.c: line 89 (config_add_type): assertion > failed: (ret > 0) Crash isn't good, but you're not supposed to be using mUTF-7 names in here (or anywhere in Dovecot configs). Did it ever really even work? > Info: > &BB4EQgQ,BEAEMAQyBDsENQQ9BD0ESwQ1- - is a valid mailbox name for russian > Outlook folder "Отправленные". You should be using this name as UTF-8 directly.
Re: LDAP schema ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 21 Apr 2017, Mihai Badici wrote: On Friday 21 April 2017 08:36:47 Steffen Kaiser wrote: On Tue, 18 Apr 2017, Dave Dodd wrote: I am trying to determine the correct LDAP schema I need to use to have either mailLocation or mailboxPath available ? Should I be just adding this to one of my own custom objectClasses ? Surprisingly, lots of installations seem to work with standard schemas - if you believe internet search results. Dovecot's LDAP connection is very generic, so maybe it's easier to adopt Dovecot to an existing infrastructure than vice verse. However, I have added several Dovecot related attributes and some objectclasses to my schema, esp. to support the generic userdb_import . -- Steffen Kaiser Let me summarize: In fact, when using the /etc/passwd the only information dovecot need is the username and the password. So if you switch to ldap you only need those attributes. ( The e-mail address is not needed by dovecot, but is needed for MTA) You can then use the inetorgperson schema without problems. But, since you want to use LDAP, you probably want to take advantage of the user managements tools, you want to use a Global Address List, maybe multiple servers etc. When I started to configure my template, i searched for a schema with "vacation" attribute. I even wrote a postfix filter who used this attribute to generate autoresponder messages. I found ispenv2.ldif , i still use it, even I switched to sieve for autoresponder so i don't need vacation anymore. But ispenv2 has also some nice attributes for managing users "ISP style": details about payment, contract, price, user disabled etc In the mean time I started to use parts from the kolab project. So I consider to start using also their schema in the future, because it has some attributes useful for enterprise usage scenario ( and because I want to have some compatibility) So, at the end, the reason for choosing a schema or extending the existing one is not related mainly to the mail system ( which works great with inetorgperson schema, for example) but rather to the organizational model you use . Yes, my thinking, too. I have: quota mail location (as override for some users) import (generic, for anything else, e.g. some users have a home override or specific system_uids or groups) Actually I discovered import too late, otherwise I would not have added quota and mail location as stand alone attributes. There are some other local attributes for other services, so they don't hurt. :) - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWPm3tnz1H7kL/d9rAQKoAQgAl4XHW+0DW6+gk1O6AAJu0+5+nRP6756g 4a3hl/+7o3qBOOMma8kPxy6IEWAQu0cCI9r3CVeR8aCLL3HNPgArhv+eOH9FWL1n I3DSutLQDTZbb1jMafAuBiykA5A04vk3SAsHA24UgwmjSK2rEkM29U91FEW9umrm jcolgrLJrloWG1JAaePaNopx7TneDBbHFLlwn4to0t8Ra0OHAA60tEuF0EfXPWLl 2QJz+hq1gPhQ2K3C1dSSK7e7AAdX/Nvm/x7ehXFHpq1KAGnMteeAaDuk1nD+f43F S5wgcASFOzIMKD2NxkMvBbvR79Ly0YHmJ4JFVa9SBwBOzGQ0dUPxwA== =cFDV -END PGP SIGNATURE-
Re: LDAP schema ?
On Friday 21 April 2017 08:36:47 Steffen Kaiser wrote: > On Tue, 18 Apr 2017, Dave Dodd wrote: > > I am trying to determine the correct LDAP schema I need to use to have > > either mailLocation or mailboxPath available ? > > > > Should I be just adding this to one of my own custom objectClasses ? > > Surprisingly, lots of installations seem to work with standard schemas - > if you believe internet search results. > > Dovecot's LDAP connection is very generic, so maybe it's easier to adopt > Dovecot to an existing infrastructure than vice verse. > > However, I have added several Dovecot related attributes and some > objectclasses to my schema, esp. to support the generic userdb_import . > > -- > Steffen Kaiser Let me summarize: In fact, when using the /etc/passwd the only information dovecot need is the username and the password. So if you switch to ldap you only need those attributes. ( The e-mail address is not needed by dovecot, but is needed for MTA) You can then use the inetorgperson schema without problems. But, since you want to use LDAP, you probably want to take advantage of the user managements tools, you want to use a Global Address List, maybe multiple servers etc. When I started to configure my template, i searched for a schema with "vacation" attribute. I even wrote a postfix filter who used this attribute to generate autoresponder messages. I found ispenv2.ldif , i still use it, even I switched to sieve for autoresponder so i don't need vacation anymore. But ispenv2 has also some nice attributes for managing users "ISP style": details about payment, contract, price, user disabled etc In the mean time I started to use parts from the kolab project. So I consider to start using also their schema in the future, because it has some attributes useful for enterprise usage scenario ( and because I want to have some compatibility) So, at the end, the reason for choosing a schema or extending the existing one is not related mainly to the mail system ( which works great with inetorgperson schema, for example) but rather to the organizational model you use .