Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
On 07/01/2014 03:06 PM, Jiri Bourek wrote: That really depends, rebuilding indexes can increase your downtime for hours, so it may be better to pay a bit for extra storage space instead of not being paid at all by your customers. Building the index as far as I remember doesn't cost in downtime but in higher I/O usage which slows down the server. Eliezer
[Dovecot] What are the options for HA and\or replication and\or storage?
I am considering couple options of converting a current service into a HA using multi servers or any other solutions. The point is that I am thinking about the options and which I am looking for. NFS can be a storage which has it's own pros and cons. There is the option of DRBD but as of now it's limited for two hosts. What options do exist out-there as a solution? The main issues are that the current service is based on Maildir and is on one server with resierfs. The service is composed of one host with 50k users couple disks in raid6. On the same machine we have postfix as mailer. I would like to hear about HA environment that I can use to replicate the boxes. My basic research leaded me to smtp on one host or more and using lmtp to send the messages to dovecot o another host which will have a replicated host and will be used with storage system based on ISCSI or NFS. Any other idea to enhance the current one or to replace it is more then just welcome. Thanks, Eliezer
Re: [Dovecot] Dovecot ontop of glusterfs issue.
On 05/22/2014 01:56 PM, Harlan Stenn wrote: Is there a good reason you're not just running ntpd? Ntpdate has had a number of bugs in it for a long time, they will never OK so after searching the issue it seems like: I have installed the ntp on all of the servers and due to a faliure in one of the servers it seems like the ntp was not present. This caused only one node of the glusterfs to be out of sync and only some file access transactions which came from the not-synced server were delivered with the wrong timestamp. So it was a fault but only on one node only made it weird to find and identify. In the ls it was showing one clock time and while the file was fetched it got another timestamp. Thanks, Eliezer
Re: [Dovecot] Dovecot ontop of glusterfs issue.
Well manually using a crontab with ntpdate to a pool of servers should be good enough right? Eliezer On 05/22/2014 07:09 AM, Murray Trainer wrote: Hi Eliezer, We had the same errors a few weeks ago. Turned out the time on our NFS server was out by over 30 secs as NTP wasn't setup correctly . Looks like the time on one of yours is out by about 250 secs (361-105). Murray
[Dovecot] Dovecot ontop of glusterfs issue.
Hey, I am testing Glusterfs as a storage backend for dovecot as a LDA and imap server. I have seen similar lines in the logs to these: May 21 10:46:01 mailgw dovecot: imap(elie...@ngtech.co.il): Warning: Created dotlock file's timestamp is different than current time (1400658105 vs 1400658361): /home/vmail/ngtech.co.il/eliezer/Maildir/.Mailing_lists.ceph_users/dovecot-uidlist May 21 10:46:01 mailgw dovecot: imap(elie...@ngtech.co.il): Error: Transaction log /home/vmail/ngtech.co.il/eliezer/Maildir/dovecot.index.log: duplicate transaction log sequence (2713) The volume is mounted only by one server with ubutntu 14.04. I have seen threads and posts about similar issue with nfs. I want to try to debug the issue but note that with the same settings of the server nfs worked fine but slower. dovecot -n output: http://pastebin.centos.org/9626/ The glusterfs is a replicated volume constructed of two bricks which is mounted only on one dovecot server. All three servers are using the same ntp pool and are synced. Any direction is better then the state I am now. Thanks, Eliezer
Re: [Dovecot] LDA quota rejection
The basic mail systems do need this option.. We are not talking about plain mail.. Once a message was dropped or was not delivered there is a need to know that it was not sent or received. While some will separate internal mail from external it's their preference but once I send an email to a company I would like to know that my system and their system is working properly. In a case that the company do not want to reveal it's computing resources to the outer world it's a matter of security and other policies rather then basic email policies. I do remember that in real mail once the recipient box did not got the mail it was sent back to the original sender as it was paid for this service. Eliezer On 22/09/13 06:16, Noel Butler wrote: Dovecot should never generate a message to send to sender, this is classified as backscatter. Your MTA should get the quota answer from dovecot when the sender connects, and tries to mail and fail then, it is the MTA (maillog file) you need to look at to see why your MTA is not tempfailing the connection.
Re: [Dovecot] SSL with startssl.com certificates
On 10/09/2013 11:15 PM, Reindl Harald wrote: why in the world should it take more than 1 second? and even if - how does this matter? The dovecot daemon waited only 1 second for responnse.. and if there is a 900 Mhz client like many devices that uses android how long it would take to encypt end decrypt over Mobile network a 4k encryption without any assisting crypt cards?? Eliezer
Re: [Dovecot] SSL with startssl.com certificates
On 10/09/2013 10:55 PM, Reindl Harald wrote: Am 09.10.2013 21:45, schrieb Eliezer Croitoru: On 10/09/2013 10:31 PM, Reindl Harald wrote: Am 09.10.2013 21:27, schrieb Eliezer Croitoru: On 09/13/2013 02:59 PM, Dan Langille wrote: *** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session= How about tring to use a username to identify the user?? it is very clear that there is nothing that the client tries to do... it is much more clear that there is no username if the client refuses the SSL handshake because it does not like the cert or the offered ssl-ciphers user=<> is pretty normal in a lot of cases * ssl cert not accepted and not allowed by the user in case of untrusted * no cipher the client accpets * no auth-mech the client accepts offered by the server so how do *you* imagine to see a username in the log? I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. not their job and not part of the problem * your client accepts a certificate * your client does not accept your certificate in case it does not *you* as enduser have to accept/import the servers cert http://stackoverflow.com/questions/10879370/startssl-class-1-certificate-not-accepted-by-browser-weblogic-10-0-1 http://www.startssl.com/?app=25#31 if someone does not know what a "intermediate CA" he needs to RTFM or *read* messages of his client or buy by all major clients acepted certificates but that all has less to do with your blunty "it is very clear that there is nothing that the client tries to do" showing that you have zero expierience how a client handshake works -> it does not send usernames or even passwords until it is not satisfied with the negotiation of auth-mechs and ssl-handshake I Would try to use StartSSL with squid and I will see if the docs in squid ssl-bump explains the subject in a way I can understand. As Dan explained his major problem is with specific encryption cypher in a very specific size.. I would imaging that 4k bits certificate handshake and validation can take more then 1 sec.. Am I right about it? Thanks, Eliezer
Re: [Dovecot] SSL with startssl.com certificates
On 10/09/2013 10:31 PM, Reindl Harald wrote: Am 09.10.2013 21:27, schrieb Eliezer Croitoru: On 09/13/2013 02:59 PM, Dan Langille wrote: *** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session= How about tring to use a username to identify the user?? it is very clear that there is nothing that the client tries to do... it is much more clear that there is no username if the client refuses the SSL handshake because it does not like the cert or the offered ssl-ciphers user=<> is pretty normal in a lot of cases * ssl cert not accepted and not allowed by the user in case of untrusted * no cipher the client accpets * no auth-mech the client accepts offered by the server so how do *you* imagine to see a username in the log? I expect that StarSSL will put a good configuration examples for Apache Postfix Dovecot Exim nginx and more.. This way their service would give much more... I am just still unsure How long would it take to write the docs that exalain all the mentioned above: there is a SSL hirarcy and StarSSL uses this hirarchy which you need to understand and then the next thing to do is to answer a question or two to make sure you understand that everything is OK with the service etc. A basic openssl client into a ssl port should be sufficent but in a case of a special client that verifies two way key it's another story. Hope there was a solution in the upper part of the thread. Eliezer
Re: [Dovecot] SSL with startssl.com certificates
On 09/13/2013 02:59 PM, Dan Langille wrote: *** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session= How about tring to use a username to identify the user?? it is very clear that there is nothing that the client tries to do... Eliezer
Re: [Dovecot] The docs a re a bit weird on "Directory hashing"
Hey, On 08/08/2013 10:29 AM, Jan-Frode Myklebust wrote: > On Thu, Aug 08, 2013 at 01:42:43AM +0300, Eliezer Croitoru wrote: >> >> And means a two layers cache of max 16 directories on the first layer >> and 256 directories on the second layer. >> The above allows millions of files storage and can benefit from all ext4 >> lower kernel levels of compatibly rather then do stuff on the user-land.. >> Since I am not 100% sure that the scheme I understood is indeed what I >> think I assume the above will need a small correction. > > I use: > > mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln "R" what for?? I do understand a Lower case on the names and have seen the effect but how would R be helpful?? Eliezer > > which gives me 256 buckets containing domainname/username/, and the > buckets are a hash of Lowercase Reverse usernames. To get the same > layout as squid, I would try: > > mail_home = /srv/mailstore/%16LRHu/%256LRHu/%Lu > > Ref: http://wiki2.dovecot.org/Variables for variables and modifiers. > > BTW: I'm lowercasing everything, because I once got bitten by a variable > not being lowercased in one version, and suddenly this changing in > another version. It's probably redundant here -- but it was painful to > fix when it happened.. > > > -jf >
[Dovecot] The docs a re a bit weird on "Directory hashing"
In squid we use a double layer of hashed directories on the FS to allow storage of millions of files. I was reading the "Directory hashing" section but never understood it.. since it's written.. in a way I could not understand. I am using this line: mail_location = maildir:/home/vmail/%d/%n/Maildir/ and I want to migrate to a hash based directory scheme. While trying to understand how that hash will work I stumbled a old thread at: http://www.dovecot.org/list/dovecot/2010-June/049695.html there they used: mail_location=maildir:/buzones/us.es/%1Hu/%2.1u/%n so I assume it should be used like that: mail_location=maildir:/home/vmail/%H/%2.256Hn/%d_%n/Maildir/ or: mail_location=maildir:/home/vmail/%1Mu/%2.1Mu/%d_%n/Maildir/ It's a bit hard to think alone so I hope you can assist me. let say I want to follow the model of squid cache_dir which has: cache_dir aufs /usr/local/squid/var/cache/squid 4 16 256 And means a two layers cache of max 16 directories on the first layer and 256 directories on the second layer. The above allows millions of files storage and can benefit from all ext4 lower kernel levels of compatibly rather then do stuff on the user-land.. Since I am not 100% sure that the scheme I understood is indeed what I think I assume the above will need a small correction. Eliezer
Re: [Dovecot] Sieve users script problem.
On 11/11/2012 2:39 AM, Ben Morrow wrote: require ["include"]; include "script1"; include "script2"; and activate that script. >Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: include: >sieve_global_dir is not set; it is currently not possible to include >`:global' scripts. It's not clear to me what's happening here: does that script use the 'include :global' command? If you want that to work you will need to create a system-wide scripts directory and set the sieve_global_dir parameter to point to it. If OTOH you wanted to include a script from the user's sieve/ directory, you need to leave off the :global tag. Ben Thanks, Now I kind of understand it but from the documentation it feels like there is a default and directory which works always.(Or this what I understood) Since its not like that it makes my options limited but stil this can do what I need. I need it to filter mails into sub-directories for my user only so it's fine. Thanks Again, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer ngtech.co.il
[Dovecot] Sieve users script problem.
I am using Dovecot 2.1.9 which seems to solve older bug in sieve. Now I have another problem with users scripts. I want dovecot to run users scripts but it seems to not even see them. Dovecot runs the default sieve script from home dir but wont see the sieve scripts in the sieve subdirectory and some logs: Nov 10 18:35:54 lda(user@domain.local): Debug: Quota root: name=User quota backend=maildir args= Nov 10 18:35:54 lda(user@domain.local): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Nov 10 18:35:54 lda(user@domain.local): Debug: Quota rule: root=User quota mailbox=Trash bytes=+32212254 (3%) messages=0 Nov 10 18:35:54 lda(user@domain.local): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=quota-warning 95 raw mail user Nov 10 18:35:54 lda(user@domain.local): Debug: Quota warning: bytes=214748364 (20%) messages=0 reverse=no command=quota-warning 20 raw mail user Nov 10 18:35:54 lda(user@domain.local): Debug: none: root=, index=, control=, inbox=, alt= Nov 10 18:35:54 lda(user@domain.local): Debug: Destination address: eliezer@domain.local (source: user@hostname) Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: using the following location for user's Sieve script: /home/vmail/domain.local/eliezer/home/.dovecot.sieve Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: opening script /home/vmail/domain.local/eliezer/home/.dovecot.sieve Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: script binary /home/vmail/domain.local/eliezer/home/.dovecot.svbin successfully loaded Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: binary save: not saving binary /home/vmail/domain.local/eliezer/home/.dovecot.svbin, because it is already stored Nov 10 18:35:54 lda(user@domain.local): Debug: sieve: executing script from /home/vmail/domain.local/eliezer/home/.dovecot.svbin Nov 10 18:35:54 lda(user@domain.local): Info: sieve: msgid=: stored mail into mailbox 'INBOX' So it recognizes the home sir but wont look at the sieve sub directory. My dovecot -n output: # 2.1.9: /etc/dovecot/dovecot.conf # OS: Linux 3.3.8-gentoo x86_64 Gentoo Base System release 2.0.3 ext3 auth_mechanisms = plain login dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_uid = 5000 last_valid_uid = 5000 log_path = /var/log/dovecot.log mail_debug = yes mail_gid = 5000 mail_location = maildir:/home/vmail/%d/%n/Maildir/ mail_plugins = " quota" mail_privileged_group = vmail mail_uid = 5000 namespace { inbox = yes list = yes location = prefix = separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+3%% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=20%% quota-warning 20 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +include +vnd.dovecot.debug +imapflags +spamtest +spamtestplus +relational +comparator-i;ascii-numeric } postmaster_address = postmastert@domain.local service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /etc/dovecot/quota-warning.sh user = vmail } ssl_ca =
Re: [Dovecot] Problem with sieve. dovecot 2.0.17
On 10/27/2012 11:03 PM, Stephan Bosch wrote: This is most likely a client problem. Have you configured your client to check that folder? Yes unless there there is a special thing I dont know yet about in Thunderbird. Thanks, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer ngtech.co.il
Re: [Dovecot] Problem with sieve. dovecot 2.0.17
On 10/23/2012 9:40 PM, Stephan Bosch wrote: Also, could you provide your full configuration as output from `dovecot -n` ? Regards, Stephan. Thanks Stephan, I just upgraded from 2.0.17 to 2.1.9 and ph 0.3.1 (gentoo) and it seems to work as expected and dont leave any traces in the INBOX with the same script. I dont know the old ph version and since it was resolved i'm ok with it. My only problem is that it will put the file in the folder but will not mark the folder with the new file until I actually check the folder manually. it's not that much hustle but if there is a way to solve it I will be more then happy to hear about it. Thanks, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer ngtech.co.il
[Dovecot] Problem with sieve. dovecot 2.0.17
Since I have lots of filtering rules in thunderbird I was thinking of using sieve instead. I want to filter incoming mail into subdirectories. like "from" store at folder "old". the script is: require ["fileinto", "envelope"]; if envelope :is "from" "elie...@test.dom" { fileinto "old"; } else { # The rest goes into INBOX # default is "implicit keep", we do it explicitly here keep; } the result is that the mail is stored in two folders instead of just one, INBOX and old. the logs shows: Oct 23 17:12:26 lda(elie...@ngtech.co.il): Debug: sieve: executing script from /home/vmail/domain/eliezer/home/.dovecot.svbin Oct 23 17:12:26 lda(elie...@test1.dom): Info: sieve: msgid=<5086b3c9.5030...@test.dom>: stored mail into mailbox 'INBOX' Oct 23 17:12:26 lda(elie...@test1.dom): Info: sieve: msgid=<5086b3c9.5030...@test.dom>: stored mail into mailbox 'old' from unknown reason(or I didnt understood how sieve works?) plugin section from dovecot -n plugin { ... sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +vnd.dovecot.debug +imapflags +relational +comparator-i;ascii-numeric } Thanks, Eliezer
Re: [Dovecot] 76Gb to 146Gb
On 9/24/2012 7:42 PM, Spyros Tsiolis wrote: Hello all, I have a DL360 G4 1U server that does a wonderfull job with dovecot horde, Xmail and OpenLDAP for a company and serving about 40 acouunts. The machine is wonderful. I am very happy with it. However, I am running out of disk space. It has two times 76Gb Drives in RAID1 (disk mirroring) and the capacity has reached 82%. I am starting of getting nervous. Does anyone know of a painless way to migrate the entire contents directly to another pair of 146Gb SCSI RAID1 disks ? I thought of downtime and using clonezilla, but my last experience with it was questionable. I remember having problems declaring disk re-sizing from the smaller capacity drives to the larger ones. CentOS 5.5 Manual install of : Mysql XMail (pop3/smtp) ASSP (anti spam) Apache / LAMP and last but by no means list : Dovecot It really depends on the raid you have. is it software or hardware raid? if it's software raid it will be more then simple to do it while taking one drive out put a new one in and use let say FINNIX linux from cd\dvd\usb and manage the whole partitioning copying etc from another OS while not harming anything in the old HDDs. you will might need to setup a new partitions manually on the new drive but just make a plan try it on some small VM to make sure the steps you are doing are fine for centos 5.5 and go for it. rsync is your friend!! in this case. someone mentioned here Gentoo which one installation of the system can give you very big backgorund on manual partitioning chrooting and other basic stuff that can help you in the process. Regards, Eliezer Any help would be appreciated or any ideas you might have. Regards, spyros "I merely function as a channel that filters music through the chaos of noise" - Vangelis
Re: [Dovecot] Listener not binding to port
you should configure imap\pop3 services as far as i remeber... Regards, Eliezer On 04/04/2012 20:52, Mike Jones! wrote: Hello. Dovecot is not binding or listening on port 993 when I start it. $ sudo netstat -tlnp | grep -c 993 0 Dovecot starts fine and runs without complaints. $ sudo service dovecot restart Restarting IMAP/POP3 mail server: dovecot. $ sudo tail /var/log/mail.log Apr 4 13:42:39 mwjones dovecot: master: Warning: Killed with signal 15 (by pid=16238 uid=0 code=kill) Apr 4 13:42:39 mwjones dovecot: master: Dovecot v2.0.18 starting up (core dumps disabled) $ sudo ps -ef | grep -i [d]ovecot root 16243 1 0 13:42 ?00:00:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf dovecot 16245 16243 0 13:42 ?00:00:00 dovecot/anvil root 16246 16243 0 13:42 ?00:00:00 dovecot/log root 16248 16243 0 13:42 ?00:00:00 dovecot/config Still no listener :( $ sudo netstat -tlnp | grep -c 993 0 Other infos for your scrutiny. $ sudo dovecot --version 2.0.18 $ doveconf -n # 2.0.18: /etc/dovecot/dovecot.conf # OS: Linux 3.2.5-grsec x86_64 Debian wheezy/sid ext4 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes first_valid_uid = 1000 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_location = maildir:/home/vmail/%d/%n/Maildir passdb { args = /home/vmail/%d/etc/passwd driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { service_count = 1 } service ssl-params { type = startup } ssl_cert = -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer ngtech.co.il
Re: [Dovecot] sysconfdir depreacted
On 23/03/2012 12:53, Timo Sirainen wrote: On 23.3.2012, at 12.44, Heiko Schlichting wrote: Timo wrote: So the only way I can think of how to change this is to add another option to optionally remove the dovecot/ suffix from the directory, but is this really worth the trouble? I would appreciate such option too. For large dedicated installations other schemes than /etc/dovecot are common. See http://dovecot.org/list/dovecot/2009-January/036131.html Yes, I was also thinking about that, but it's about removing the dovecot/ suffix from other directories as well. That might be something worth doing (--without-package-suffix or something?). well squid is using another way such as the directory you specify and without the /dovecot (squid) suffix. it's not that important. if you do change the config directory you know where you are putting it. i,m using the /opt/(service name) to install most of my self complied software so idont really care about it. but if the sysconfig directory as a directive it should be the default. Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer ngtech.co.il
Re: [Dovecot] Per-user IMAP enable - is it possible?
On 20/03/2012 08:18, Gedalya wrote: On 3/20/2012 1:43 AM, Gedalya wrote: On 3/20/2012 1:28 AM, Alexander Chekalin wrote: Just wonder if it is possible to enable/disable IMAP4 on Dovecot (2.0.x as far) on per-user basis? The deal is simple: our policy is not to store a lot of mailing on mailserver (the user should store it locally), thus the 'use POP3' approach, but for a vary few users it is permitted to use IMAP4. But users sometimes simple miss the point that some mail clients (e.g. TB) 'prefer' to use IMAP4 first, and afterward I see mailbox full of mailings and no local store of it on user's workstation. Sound too complicated, but setting up two Dovecots is not something I'd love to do as well. Thank you for any ideas, Alexander There would be various ways to do this, the specifics would depend on what kind of passdb you use. If you happen to be using a SQL database, you could do something like this: Add an allow_imap column, and change the password_query in dovecot-sql.conf.ext to something like this: password_query = SELECT password FROM user WHERE username = '%n' AND domain = '%d' \ AND ('%s' != 'imap' or allow_imap=1) This would make the user appear to not exist when trying to log in via IMAP. http://wiki2.dovecot.org/Variables Or like this, might be more appropriate. password_query = SELECT password, if('%s' != 'imap' or allow_imap=1, NULL, 'y') as nologin \ FROM user WHERE username = '%n' AND domain = '%d' http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/NoLogin but this will disallow also pop3... Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer ngtech.co.il
Re: [Dovecot] Problem with sieve
On 20/03/2012 11:08, Cedric Jeanneret wrote: I guess it may be easier if I paste my whole config in here: you didnt sent the virtual_transport file content. i will quote from the man pages of the transport: [quote] user@domain transport:nexthop Deliver mail for user@domain through transport to nexthop. [\quote] means you can specify specific transport such as maliman to specific user. but because you are using the virtual maps table\lookup you also must have a vaild ldap user with the same name for the list. Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer ngtech.co.il
Re: [Dovecot] Using plaintext auth and SSL
On 20/03/2012 02:16, Eliezer Croitoru wrote: On 20/03/2012 01:37, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? there is no connection between the plaintext auth to the ssl\tls layer. you can just change the in the service section of the 10-master.conf file of the imap to no imap at all and use only imaps listener with port for your choose such as 143 or 993 and you will have a only imap over ssl. one mistake, change the imap service to port 0 and port 143 will be disabled with regular imap service Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer ngtech.co.il
Re: [Dovecot] INBOX cant be created
On 19/03/2012 20:23, Radim Kolar wrote: doveadm(admin): Error: Can't create mailbox INBOX: Permission denied The INBOX exists but has a wrong owner. nope ponto# cd /var/mail ponto# mv admin/ admin.X ponto# doveadm mailbox create -u admin INBOX doveadm(admin): Error: Can't create mailbox INBOX: Permission denied get into the maildir folder and use: ls -la to see all the directories and permissions. it might be with a starting "." what will make it "invisible" to regular ls. Regards, Eliezer but it might be that ordinary user admin cant create directories in /var/mail message from IMAP reply is wrong for sure because mailbox does not exists: ponto# cd /var/mail ponto# mv admin admin.x ponto# telnet localhost imap 3 select inbox 3 NO Mailbox doesn't exist: INBOX 4 create INBOX 4 NO [ALREADYEXISTS] Mailbox already exists: INBOX -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer ngtech.co.il
Re: [Dovecot] Using plaintext auth and SSL
On 20/03/2012 01:37, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? there is no connection between the plaintext auth to the ssl\tls layer. you can just change the in the service section of the 10-master.conf file of the imap to no imap at all and use only imaps listener with port for your choose such as 143 or 993 and you will have a only imap over ssl. Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer ngtech.co.il
Re: [Dovecot] Desperately need help ! a default dovecot.conf and/or Ubuntu 11.10 postfix/dovecot server configuration issue!
On 02/03/2012 09:33, D Chen wrote: use the command dovecot -n to get dovecot settings output and we can try to help you a bit. Regards, Eliezer When ungraded from Ubuntu 11.04 to 11.10, dovecot can't start successfully with lots of errors i.e. "dovecot: doveconf: Warning: ... 'imaps' protocol is no longer necessary, remove it"... At any rate, I want to setup a postfix(MTA)/dovecot(MDA) servers on Ubuntu 11.10, by following the Postfix installation and configuration instruction in Ubuntu Serverguide, in "1.4 Configuring SASL" section on page 190, after run "sudo apt-get install dovecot-common", it requires to edit the section of "auth default" and the "socket listen" option...,in the /etc/dovecot/dovecot.conf file, BUT my /etc/dovecot/dovecot.conf (only about 4k byes) CAN'T find the "auth default" "socket listen" ! I also checked into the /usr/share/doc/dovecot-common/dovecot/example-config, there is a dovecot.conf, it's also about 4k size, and there is no such "auth default" or "socket listen" words can be found ! where is the default dovecot.conf file I can get a copy ? BTW, there is the dovecot.conf.ucf file (what is this for?) which's about 50k and has the "auth default" and "socket listen" words there ! what is supposed the size for the /etc/dovecot/dovecot.conf ? i'm confused! Thx.