Re: Namespace question

[Aki Tuomi]

Yes, it gets created automatically.
---Aki TuomiDovecot oy
 Original message From: J Doe  Date: 
24/07/2018  00:10  (GMT+02:00) To: dovecot@dovecot.org Subject: Namespace 
question 
Hi,

I have a question about the “inbox” namespace, as mentioned in: 
conf.d/10-mail.conf.

I have written my dovecot.conf file from scratch and do not include: 
conf.d/10-mail.conf.  I have not defined the “inbox” namespace and so I am 
assuming that one is created by default.

When I list the dovecot defaults via “sudo doveconf -d”, I notice that no 
“namespace inbox” entry exists.

If “namespace inbox” is not specified, is one still created by default ?

Thanks,

- J

Namespace question

[J Doe]

Hi,

I have a question about the “inbox” namespace, as mentioned in: 
conf.d/10-mail.conf.

I have written my dovecot.conf file from scratch and do not include: 
conf.d/10-mail.conf.  I have not defined the “inbox” namespace and so I am 
assuming that one is created by default.

When I list the dovecot defaults via “sudo doveconf -d”, I notice that no 
“namespace inbox” entry exists.

If “namespace inbox” is not specified, is one still created by default ?

Thanks,

- J

anvil in 2.3.2.1?

[kevin martin]

Has anvil gone away in 2.3.2.1?   I ask only because I don't find an
example of anvil in the conf.d files anymore and I'm migrating from  2.2.10
version to 2.3.2.1.

Thanks.

Re: doveadm expunge didn't clear Trash mailbox

[Michael Wagner]

On Jul 18, 2018 um 15:05:46, Joseph Tam wrote:
> On Wed, 18 Jul 2018, Sophie Loewenthal wrote:
> 
> > Why did my 'doveadm expunge' command not clear the Trash out of a mailbox?
> > 
> > The oldest messages was put into the Trash on the 26th June 2018 as shown 
> > in the file timestamp.
> > 
> > -rw--- 1 vmail mail 33056 Jun 26 16:46 
> > 1530031582.M768773P18242.mx10,S=33056,W=33510:2,RS
> > 
> > # doveadm -D expunge -u testu...@example.org mailbox Trash savedbefore 2d
> 
> I was going to suggest that you dump the savedbefore dates on all your
> messages to see what Dovecot thinks your message's timestamps are.
> I tried it out myself and was surprised to find *all* messages in *any*
> mailbox I looked at gave the same timestamp -- probably that of the
> latest message.
> 
> For example,
> 
>   # doveadm -f tab fetch -u {user} "uid date.saved" mailbox Trash
>   uid date.saved
>   23624   2018-07-18 14:50:03
>   23625   2018-07-18 14:50:03
>   [... 3657 lines removed ...]
>   27295   2018-07-18 14:50:03
>   27296   2018-07-18 14:50:03
>   27297   2018-07-18 14:50:03
> 
>   # doveadm -f tab fetch -u {user} "uid date.saved" mailbox INBOX
>   uid date.saved
>   94878   2018-07-18 14:53:46
>   100366  2018-07-18 14:53:46
>   [... 140 lines removed ...]
>   102313  2018-07-18 14:53:46
>   102314  2018-07-18 14:53:46
>   102315  2018-07-18 14:53:46
> 
> This would explain why the cron script I use to blow away old deleted mail
> has not fired in ages.
> 
> Is this a bug, or am I not understanding what "savedbefore" means now?  It
> certainly has changed behaviour since <2.2, since my script used to
> work before.
 
Hello Joseph,

here works a dovecot 2.2.27 on a raspberrypi and the behaviour is as 
expected. 

doveadm -f tab fetch -u  "uid date.saved" mailbox Trash
uid date.saved
314 2018-06-23 00:35:59
315 2018-06-23 12:39:10
316 2018-06-24 10:32:43
317 2018-06-24 10:32:43
318 2018-06-24 10:32:47
319 2018-06-24 14:26:24
320 2018-06-24 14:26:24
321 2018-06-24 14:28:45
322 2018-06-24 14:28:45
-- lines skipped
574 2018-07-20 20:58:21
575 2018-07-21 17:22:17
576 2018-07-22 15:15:18
577 2018-07-22 15:28:28
578 2018-07-22 15:28:28
579 2018-07-22 15:28:28
580 2018-07-22 16:12:47
581 2018-07-23 13:27:12
582 2018-07-23 12:55:26
583 2018-07-23 13:19:01
584 2018-07-23 13:19:01
585 2018-07-23 13:49:01
586 2018-07-23 13:52:46

And I have a cron script that expunges the mails older than 30 days.

/usr/bin/doveadm expunge -u  mailbox Trash savedbefore 30d

Michael



signature.asc
Description: PGP signature

Re: Dovecot pop3d and imapd problem

[Tom Hendrikx]

Hi,

The OS packges you mention went missing. So it would be the most logical
step to find a support forum (mailing list, web forum, bug tracker) for
your OS, and post this question there In general, people can help you
find out what happened with those packages, and when they were
uninstalled. You are talking about dpkg and apt, so a debian mailing
list or a forum like askubuntu.com might be the best way to go.


Kind regards,

Tom

On 23-07-18 09:30, John Paul Iglesia wrote:
> Then how this happened. Can you give me some pointers on how to trace
> this problem?
> 
> Please advise.
> 
> Thanks,
> 
> paul.tcbc
> 
> 
> On 07/23/2018 02:28 PM, Steffen Kaiser wrote:
> On Mon, 23 Jul 2018, John Paul Iglesia wrote:
> 
 Recently, i had issues on dovecot. All packages of dovecot were
 installed on my system then suddenly when I checked yesterday the
 packages for dovecot-pop3d and dovecot-imapd were no longer on the
 list of app installed.

 Because of this dovecot service stop running. I checked the apt
 history log, term log and even dpkg log, there were no information
 about removing the packages. It just shown on my apt list the
 packages were not longer there.

 I had to reinstalled these 2 packages just to make dovecot run and
 for me to be able to receive and send messages.


 What do you think is the problem, is it dovecot bug?
> 
> Dovecot does not entangle itself with the package management of the
> system. So: No, it's no Dovecot bug.
> 
> -- Steffen Kaiser
> 

Re: Dovecot pop3d and imapd problem

[John Paul Iglesia]

Then how this happened. Can you give me some pointers on how to trace 
this problem?


Please advise.

Thanks,

paul.tcbc


On 07/23/2018 02:28 PM, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 23 Jul 2018, John Paul Iglesia wrote:

Recently, i had issues on dovecot. All packages of dovecot were 
installed on my system then suddenly when I checked yesterday the 
packages for dovecot-pop3d and dovecot-imapd were no longer on the 
list of app installed.


Because of this dovecot service stop running. I checked the apt 
history log, term log and even dpkg log, there were no information 
about removing the packages. It just shown on my apt list the 
packages were not longer there.


I had to reinstalled these 2 packages just to make dovecot run and 
for me to be able to receive and send messages.



What do you think is the problem, is it dovecot bug?


Dovecot does not entangle itself with the package management of the 
system. So: No, it's no Dovecot bug.


- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBW1V1hMQnQQNheMxiAQK8jAf/X+tVqkO8HTAeF6gxRtKBTvv+oczRizxl
BzaKZAfJyvtY21hO0TTViDzk2vDjYUo9tQEMK+qvwFTg8ZclIisRwgDeJcwQa1by
irtRAY/djuagcKkVUdGZRXFauECFnnTxJvN5HPO8udwbfe1gzg6iQIpD0eJ/ppgh
Qo7JRY6qCh9hzFRaoaEBdd2YF4qlHAbrwygaLHDrq5wzJphqTgTCDMAU542/IdZO
irN3PsFXvaNISXF4XPn5nYPY6H6qBYgNK6hlsNNTyagBSqXiDVVD8i68G8BP/bFQ
oSTnE+h2kjGYdMcvfltSOjGNesTPRH1yzTBcfmaXe3aZDNglJh9C3w==
=4G9A
-END PGP SIGNATURE-

Re: dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI

[Aki Tuomi]

Can you provide some details on what those openssl commands returned?

Aki


On 20.07.2018 12:14, Martin Johannes Dauser wrote:
> Hi,
>
> I recognised some funny behaviour on my server. IMAP clients which
> won't send an Server Name Indication (SNI) sometimes get the wrong
> certificate. I would expect that those clients always get the default
> certificate (of my new domain), instead in about 20 to 50% of
> connections the certificate of my old domain will be presented.
> (sample rate was 3 times 30 connections)
>
> Clients sending SNI always get the right certificate.
>
> A user informed me that offlineIMAP complains 
> 'CA Cert verifying failed:
>    no matching domain name found in certificate'
> So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI,
> there is a newer version upstream though.
>
>
> I myself checked the server's behaviour with openssl:
>
> $ openssl s_client -showcerts -connect IP-address:993
>
> and
>
> $ openssl s_client -showcerts -connect IP-address:993 -servername
> imap.domain
>
>
> I'm totally clueless about how come.
>
> Best regards
> Martin Johannes Dauser
>
>
>
>
> # 2.2.10: /etc/dovecot/dovecot.conf
> # OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux
> Server release 7.5 (Maipo) 
>
> ...
>
> service imap-login {
>   inet_listener imap {
> address = 127.0.0.1
> port = 143
>   }
>   inet_listener imaps {
> port = 993
> ssl = yes
>   }
>   process_min_avail = 8
>   service_count = 0
> }
>
> ...
>
> ssl = required
> # set default cert
> ssl_cert =  ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-
> SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!DES:!3DES:!TLSv1
>
> ssl_key =  ssl_protocols = !SSLv2 !SSLv3
>
> ...
>
> # set alternativ cert for old domain
> local_name mail.old.domain {
>   ssl_cert =    ssl_key =  }
> local_name imap.old.domain {
>   ssl_cert =    ssl_key =  }
> local_name pop.old.domain {
>   ssl_cert =    ssl_key =  }
>
> # set explicit cert for new domain
> local_name mail.new.domain {
>   ssl_cert =    ssl_key =  }
> local_name imap.new.domain {
>   ssl_cert =    ssl_key =  }
> local_name pop.new.domain {
>   ssl_cert =    ssl_key =  }
>
>
>

Re: dovecot lmtp and drop privileges to specific user

[Aki Tuomi]

On 21.07.2018 13:04, Christos Chatzaras wrote:
> Is it possible when dovecot LMTP to drop privileges to a specific user 
> instead of the e-mail account user?

Yes. You can use

protocol lda {
  userdb {
    driver = static
    args = uid=whatever gid=whoever
  }
}

Aki

Re: Dsync fails to connect to remote IMAP server

[Aki Tuomi]

Hi!

You need to add a ssl_client_ca_* setting even if you don't want the
imapc to verify the remote cert. I'll have to look into why this has
been made a requirement in the code, since it has to do what with how we
do OpenSSL initialization.

Aki

On 21.07.2018 12:59, Andrzej Polatyński wrote:
> Hi,
>
> I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1
> (8e2f634). The old server uses self signed SSL certificate.
>
> I'm using the following configuration:
>
> imapc_host = 10.1.1.3
> imapc_user = %u
> imapc_features = rfc822.size fetch-headers
> imapc_port = 993
> imapc_ssl = imaps
> imapc_ssl_verify = no
> mail_prefetch_count = 20
> mail_shared_explicit_inbox = no
> Launching dsync with the command:
>
> doveadm -o mail_fsync=never -o imapc_password=PASSWORD-Dv backup -R -u
> USER@DOMAIN imapc:
>
> In the output logs I get messages like below:
>
> dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993 ):
> Couldn't initialize SSL context: Can't verify remote server certs
> without trusted CAs (ssl_client_ca_* settings)
> dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection
> dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address
> (reconnect_ok=true, last_connect=1532016643)
> dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to
> 10.1.1.3:993 
> dsync(USER@DOMAIN): Info: imapc(10.1.1.3:993): Connected to
> 10.1.1.3:993  (local 172.17.0.5:51972
> )
> dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): No SSL context
> dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected
> Am I missing some configuration parameters?
>
>
> -- 
> Regards,
> Andrew

Re: Dovecot pop3d and imapd problem

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 23 Jul 2018, John Paul Iglesia wrote:

Recently, i had issues on dovecot. All packages of dovecot were installed on 
my system then suddenly when I checked yesterday the packages for 
dovecot-pop3d and dovecot-imapd were no longer on the list of app installed.


Because of this dovecot service stop running. I checked the apt history log, 
term log and even dpkg log, there were no information about removing the 
packages. It just shown on my apt list the packages were not longer there.


I had to reinstalled these 2 packages just to make dovecot run and for me to 
be able to receive and send messages.



What do you think is the problem, is it dovecot bug?


Dovecot does not entangle itself with the package management of the 
system. So: No, it's no Dovecot bug.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBW1V1hMQnQQNheMxiAQK8jAf/X+tVqkO8HTAeF6gxRtKBTvv+oczRizxl
BzaKZAfJyvtY21hO0TTViDzk2vDjYUo9tQEMK+qvwFTg8ZclIisRwgDeJcwQa1by
irtRAY/djuagcKkVUdGZRXFauECFnnTxJvN5HPO8udwbfe1gzg6iQIpD0eJ/ppgh
Qo7JRY6qCh9hzFRaoaEBdd2YF4qlHAbrwygaLHDrq5wzJphqTgTCDMAU542/IdZO
irN3PsFXvaNISXF4XPn5nYPY6H6qBYgNK6hlsNNTyagBSqXiDVVD8i68G8BP/bFQ
oSTnE+h2kjGYdMcvfltSOjGNesTPRH1yzTBcfmaXe3aZDNglJh9C3w==
=4G9A
-END PGP SIGNATURE-