sasl service for other app
can dovecot run as a general sasl service for other apps? such as webdav. Thanks.
how to clean virtual users correctly
Hello I removed the user in static userdb file, and deleted /var/mail/vhosts/$domain/$user dir. when I recreated the user, the system dirs (sent, draft etc) disappeared. Anything wrong here? Thank you. -- Henry R https://openmbox.net/
Re: N-way replication, multiple masters
1 GB data per day is very little volume ,I think dovecot replication, rsync also suitable. Hi Mail replication – honestly, I don’t have any hard metrics for that. I’m anticipating its less than 1 GB per day. Link speed – being AWS inter AZ its 100Mbps-1GBps. I’m conscious if I go inter region the strategy may need to change. Thanks Raymond Raymond Sellars () 在 2021年6月17日星期四 上午11:30:23 [GMT+8] 寫道: #yiv6469694122 #yiv6469694122 -- _filtered {} _filtered {} _filtered {} _filtered {} _filtered {}#yiv6469694122 #yiv6469694122 p.yiv6469694122MsoNormal, #yiv6469694122 li.yiv6469694122MsoNormal, #yiv6469694122 div.yiv6469694122MsoNormal {margin:0cm;font-size:11.0pt;font-family:sans-serif;}#yiv6469694122 a:link, #yiv6469694122 span.yiv6469694122MsoHyperlink {color:blue;text-decoration:underline;}#yiv6469694122 span.yiv6469694122EmailStyle19 {font-family:sans-serif;color:#1F497D;font-weight:normal;font-style:normal;}#yiv6469694122 .yiv6469694122MsoChpDefault {font-size:10.0pt;} _filtered {}#yiv6469694122 div.yiv6469694122WordSection1 {}#yiv6469694122 Hi Mail replication – honestly, I don’t have any hard metrics for that. I’m anticipating its less than 1 GB per day. Link speed – being AWS inter AZ its 100Mbps-1GBps. I’m conscious if I go inter region the strategy may need to change. Thanks Raymond From: Henry Sent: Thursday, 17 June 2021 3:20 PM To: Raymond Sellars Subject: Re: N-way replication, multiple masters How many data for mail replication ? and the link speed? Raymond Sellars () 在 2021年6月17日星期四 上午11:10:23 [GMT+8] 寫道:
Re: Re: nginx configuration to pass x-originating-ip
Hello, Does anyone has a solution about it? Thanks
Re: last login plugins
Dear Aki, For a very busy server ,if using post login script for record last login ,what is the difference between post login script and last login plugins about performance and limitation ? thanks https://wiki.dovecot.org/PostLoginScripting https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ Henry () 在 2021年3月3日星期三 下午06:04:14 [GMT+8] 寫道: oh! cannot see the last_login_key at logging Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Added userdb setting: plugin/quota_rule=*:backend=19922944SMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Effective uid=89, gid=89, home=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota root: name=User quota backend=maildir args=Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota rule: root=User quota mailbox=* bytes=19922944 messages=0Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota grace: root=User quota bytes=1992294 (10%)Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: maildir++: root=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, index=/home/vpopmail/domains/2/6/x/testing.com/email, indexpvt=, control=, inbox=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, alt=Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: quota: quota_over_flag check: quota_over_script unset - skippingMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox INBOX: Mailbox opened because: STATUSMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox INBOX: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Drafts: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Sent: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Trash: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox 寄件備份: Mailbox opened because: SELECT Aki Tuomi () 在 2021年3月3日星期三 下午05:51:55 [GMT+8] 寫道: Can you enable `mail_debug=yes` and see what the last_login_key value is when imap session starts? It should show up on logs. Aki > On 03/03/2021 11:12 Henry wrote: > > > but when I remove the last_login_key at plugins, error log as below > > > > Error: last_login_dict: Failed to write value: dict-server returned failure: > sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com > (reply took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in > locks, async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago, > took 0.000 secs)) > > > > Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8] 寫道: > > > Looks promising, can you try removing "plugin { last_login_key=.. }" from > your configuration file completely and see if it works then? > > Aki > > > > On 03/03/2021 10:17 Henry wrote: > > > > > > Dear Aki > > > > > > Below for output, it is normal? > > > > [root@cnt8-testing dovecot]# doveadm user em...@testing.com > > > > doveadm user em...@testing.com > > field value > > uid 89 > > gid 89 > > home /home/vpopmail/domains/2/6/x/testing.com/email > > mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email > > quota_rule *:bytes=19922944 > > last_login_key last-login/em...@testing.com/testing.com///0 > > > > > > > > > > > > Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8] > > 寫道: > > > > > > Did you try > > > > doveadm user account > > > > to see that last_login_key appears in output in correct form? > > > > Aki > > > > > > On March 2, 2021 2:44:43 PM UTC, Henry wrote: > > > Dear Aki, > > > > > > I try it as your recommend but still no luck, same error > > > > > > Error: Failed to expand plugin setting last_login_key = > > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' > > > > > > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error > > > as below > > > > > > Error: last_login_dict: Failed to write value: dict-server returned > > > failure: sql dict set: Invalid/unmapped key: shared/last-login/ > > > > > >
Re: About TLS variables
Then the information variables can be pass to post-login script? Aki Tuomi () 在 2021年3月4日星期四 下午02:58:44 [GMT+8] 寫道: This information is not passed currently to auth process, so no, it's not currently possible. Aki > On 04/03/2021 08:34 Henry wrote: > > > Hello, > > I found the Variable %c only has TLS, Can it be using "TLSv1, > TLSv1.1,TLSv1.2,TLSv1.3" instead of only TLS like as dovecot logging, this is > really a most meaningful , thanks > > > > Variable%c > Long namesecured > Description“TLS” with established SSL/TLS connections, “TLS handshaking”, or > “TLS [handshaking]: error text” if disconnecting due to TLS error. “secured” > with localhost connections. Otherwise empty. > > > > > >
About TLS variables
Hello, I found the Variable %c only has TLS, Can it be using "TLSv1, TLSv1.1, TLSv1.2, TLSv1.3" instead of only TLS like as dovecot logging, this is really a most meaningful , thanks Variable %cLong name securedDescription “TLS” with established SSL/TLS connections, “TLS handshaking”, or “TLS [handshaking]: error text” if disconnecting due to TLS error. “secured” with localhost connections. Otherwise empty.
Re: last login plugins
oh! cannot see the last_login_key at logging Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Added userdb setting: plugin/quota_rule=*:backend=19922944SMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Effective uid=89, gid=89, home=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota root: name=User quota backend=maildir args=Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota rule: root=User quota mailbox=* bytes=19922944 messages=0Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Quota grace: root=User quota bytes=1992294 (10%)Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: maildir++: root=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, index=/home/vpopmail/domains/2/6/x/testing.com/email, indexpvt=, control=, inbox=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, alt=Mar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: quota: quota_over_flag check: quota_over_script unset - skippingMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox INBOX: Mailbox opened because: STATUSMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox INBOX: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Drafts: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Sent: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox Trash: Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]: imap(em...@testing.com)<650774>: Debug: Mailbox 寄件備份: Mailbox opened because: SELECT Aki Tuomi () 在 2021年3月3日星期三 下午05:51:55 [GMT+8] 寫道: Can you enable `mail_debug=yes` and see what the last_login_key value is when imap session starts? It should show up on logs. Aki > On 03/03/2021 11:12 Henry wrote: > > > but when I remove the last_login_key at plugins, error log as below > > > > Error: last_login_dict: Failed to write value: dict-server returned failure: > sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com > (reply took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in > locks, async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago, > took 0.000 secs)) > > > > Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8] 寫道: > > > Looks promising, can you try removing "plugin { last_login_key=.. }" from > your configuration file completely and see if it works then? > > Aki > > > > On 03/03/2021 10:17 Henry wrote: > > > > > > Dear Aki > > > > > > Below for output, it is normal? > > > > [root@cnt8-testing dovecot]# doveadm user em...@testing.com > > > > doveadm user em...@testing.com > > field value > > uid 89 > > gid 89 > > home /home/vpopmail/domains/2/6/x/testing.com/email > > mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email > > quota_rule *:bytes=19922944 > > last_login_key last-login/em...@testing.com/testing.com///0 > > > > > > > > > > > > Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8] > > 寫道: > > > > > > Did you try > > > > doveadm user account > > > > to see that last_login_key appears in output in correct form? > > > > Aki > > > > > > On March 2, 2021 2:44:43 PM UTC, Henry wrote: > > > Dear Aki, > > > > > > I try it as your recommend but still no luck, same error > > > > > > Error: Failed to expand plugin setting last_login_key = > > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' > > > > > > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error > > > as below > > > > > > Error: last_login_dict: Failed to write value: dict-server returned > > > failure: sql dict set: Invalid/unmapped key: shared/last-login/ > > > > > >
Re: last login plugins
but when I remove the last_login_key at plugins, error log as below Error: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com (reply took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in locks, async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago, took 0.000 secs)) Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8] 寫道: Looks promising, can you try removing "plugin { last_login_key=.. }" from your configuration file completely and see if it works then? Aki > On 03/03/2021 10:17 Henry wrote: > > > Dear Aki > > > Below for output, it is normal? > > [root@cnt8-testing dovecot]# doveadm user em...@testing.com > > doveadm user em...@testing.com > field value > uid 89 > gid 89 > home /home/vpopmail/domains/2/6/x/testing.com/email > mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email > quota_rule *:bytes=19922944 > last_login_key last-login/em...@testing.com/testing.com///0 > > > > > > Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8] 寫道: > > > Did you try > > doveadm user account > > to see that last_login_key appears in output in correct form? > > Aki > > > On March 2, 2021 2:44:43 PM UTC, Henry wrote: > > Dear Aki, > > > > I try it as your recommend but still no luck, same error > > > > Error: Failed to expand plugin setting last_login_key = > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' > > > > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error > > as below > > > > Error: last_login_dict: Failed to write value: dict-server returned > > failure: sql dict set: Invalid/unmapped key: shared/last-login/ > > > >
Re: last login plugins
Dear Aki Below for output, it is normal? [root@cnt8-testing dovecot]# doveadm user em...@testing.com doveadm user email@testing.comfield valueuid 89gid 89home /home/vpopmail/domains/2/6/x/testing.com/emailmail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailquota_rule *:bytes=19922944last_login_key last-login/em...@testing.com/testing.com///0 Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8] 寫道: Did you try doveadm user account to see that last_login_key appears in output in correct form? Aki On March 2, 2021 2:44:43 PM UTC, Henry wrote: Dear Aki, I try it as your recommend but still no luck, same error Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as below Error: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/ There is any error in my configuration? thanks for your help. ## dovecot.confuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } ## dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \ userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home ,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND (pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1)); user_query = \ SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \ 'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name = '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND ('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or '%a'!='993' or !(pw_gid & 8)) # Henry () 在 2021年2月28日星期日 下午05:24:45 [GMT+8] 寫道: Dear Aka Still no luck, same errorError: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as belowError: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/ #dovecot.confuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } # dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \ userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home ,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND (pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1)); user_query = \ SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX
Re: last login plugins
Dear Aki, I try it as your recommend but still no luck, same error Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as below Error: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/ There is any error in my configuration? thanks for your help. ## dovecot.confuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } ## dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \ userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home ,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND (pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1)); user_query = \ SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \ 'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name = '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND ('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or '%a'!='993' or !(pw_gid & 8)) # Henry () 在 2021年2月28日星期日 下午05:24:45 [GMT+8] 寫道: Dear Aka Still no luck, same errorError: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as belowError: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/ #dovecot.confuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } # dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \ userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home ,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND (pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1)); user_query = \ SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \ 'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name = '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND ('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or '%a'!='993' or !(pw_gid & 8)) Aki Tuomi () 在 2021年2月28日星期日 下午04:55:04 [GMT+8] 寫道: You need to put it in the sql query. SELECT ..., 'last-login/%u/%d/%r/
Re: last login plugins
Dear Aka Still no luck, same errorError: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as belowError: last_login_dict: Failed to write value: dict-server returned failure: sql dict set: Invalid/unmapped key: shared/last-login/ #dovecot.confuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf } # dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \ userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home ,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND (pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1)); user_query = \ SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=', REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \ 'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name = '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND ('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or '%a'!='993' or !(pw_gid & 8)) Aki Tuomi () 在 2021年2月28日星期日 下午04:55:04 [GMT+8] 寫道: You need to put it in the sql query. SELECT ..., 'last-login/%u/%d/%r/%l/%a' AS last_login_key Aki On February 28, 2021 8:12:39 AM UTC, Henry wrote: > current config as below: >userdb { driver = prefetch}userdb { args = >/etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = >maildir:User quota > last_login_dict = proxy::lastlogin > last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success >= DUNNO > quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 >Mailbox is full"} >### >If I changed as below no help,still no pass the Variable to >last_loginuserdb { driver = prefetch}userdb { args = >/etc/dovecot/dovecot-sql.conf.ext driver = sql}userdb { driver = >static args = last_login_key=last-login/%u/%d/%r/%l/%a} >###If I changed as below will trouble ,cannot restart dovecotuserdb { >driver = prefetch}userdb { args = >/etc/dovecot/dovecot-sql.conf.ext last_login_key=last-login/%u/%d/%r/%l/%a >driver = sql} > > > > > >Aki Tuomi () 在 2021年2月28日星期日 下午03:56:09 >[GMT+8] 寫道: > > It goes into the arguments section... > >Not having your config, I have to guess, but e.g. > >userdb { > driver = static > args = last_login_key=last-login/%u/%d/%r/%l/%a >} > >And similarly with other drivers, depending what you use. > >Aki > >> On 28/02/2021 09:53 Henry wrote: >> >> >> >> Dear Aka, >> >> If in userdb, set >> >> last_login_key=last-login/%u/%d/%r/%l/%a >> >> then cannot restart dovecot the error below : >> >> master: Error: Error reading configuration: Error in configuration >file /etc/dovecot/dovecot.conf line 45: Unknown setting: userdb { >last_login_key >> >> # >> If in userdb, set >> default_fields = last_login_key = last-login/%u/%d/%r/%l/%a >> Error: >> auth: Fatal: Invalid userdb template last_login_key = >last-login/%u/%d/%r/%l/%a - key must not be empty >> >> >> what is my wrongs about? thanks >> >> >> Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51 >[GMT+8] 寫道: >> >> >> In your userdb, set >> >> last_login_key=last-login/%u/%d/%r/%l/%a >> >> Then it will expand into what you want, and will be imported into >user's environment. >> >> Aki >> >> >> > On 28/02/2021 05:57 Henry wrote: >> > >
Re: last login plugins
current config as below: userdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota = maildir:User quota last_login_dict = proxy::lastlogin last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full"} ### If I changed as below no help,still no pass the Variable to last_loginuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql}userdb { driver = static args = last_login_key=last-login/%u/%d/%r/%l/%a} ###If I changed as below will trouble ,cannot restart dovecotuserdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext last_login_key=last-login/%u/%d/%r/%l/%a driver = sql} Aki Tuomi () 在 2021年2月28日星期日 下午03:56:09 [GMT+8] 寫道: It goes into the arguments section... Not having your config, I have to guess, but e.g. userdb { driver = static args = last_login_key=last-login/%u/%d/%r/%l/%a } And similarly with other drivers, depending what you use. Aki > On 28/02/2021 09:53 Henry wrote: > > > > Dear Aka, > > If in userdb, set > > last_login_key=last-login/%u/%d/%r/%l/%a > > then cannot restart dovecot the error below : > > master: Error: Error reading configuration: Error in configuration file > /etc/dovecot/dovecot.conf line 45: Unknown setting: userdb { last_login_key > > # > If in userdb, set > default_fields = last_login_key = last-login/%u/%d/%r/%l/%a > Error: > auth: Fatal: Invalid userdb template last_login_key = > last-login/%u/%d/%r/%l/%a - key must not be empty > > > what is my wrongs about? thanks > > > Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51 [GMT+8] > 寫道: > > > In your userdb, set > > last_login_key=last-login/%u/%d/%r/%l/%a > > Then it will expand into what you want, and will be imported into user's > environment. > > Aki > > > > On 28/02/2021 05:57 Henry wrote: > > > > > > like capture local_port, I using %a will got below error > > > > Error: Failed to expand plugin setting last_login_key = > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' > > > > > > If I using any of $local_port ,'$local_port', "$local_port", `$local_port` > > > > I got the database update as $local_port ,'$local_port', "$local_port", > > `$local_port` at the field column record. > > > > > > > > Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道: > > > > > > I already try using other variables , I found it only support "Mail service > > user variables", no support "Login variables" and "Authentication variables" > > > > below the error when I try to using "Login variables" and "Authentication > > variables" > > > > Error: Failed to expand plugin setting last_login_key = > > 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k' > > Error: Failed to expand plugin setting last_login_key = > > 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b' > > Error: Failed to expand plugin setting last_login_key = > > 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m' > > > > I using centos 8 and dovecot-2.3.13-2.x86_64, > > > > > > thanks > > > > Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8] > > 寫道: > > > > > > last_login supports some of the variables. > > > > > > Mail service and mail user variables are supported. > > > > You can try export the auth variables as userdb variables and use > > $variablename. > > > > Aki > > > > > > On 27 February 2021 7.29.10 EET, Henry wrote: > > > > > >Anyone know then last_login plugins do support standard auth variables > > >in var-expand?like %k %a variables. > > >I need logging other fields such as port 143 or 993, and tls 1.1 or tls > > >1.3, client hostname, > > >any patch for this? thanks > > > > > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > > > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道: > > > > > >but I need logging other fields such as port 143 or 993, and tls 1.1 or > > >tls 1.3, client hostname, what should I do it ? > > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > > > > > >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 > > >[GMT+8] 寫道: > > > > > > > > >> On 18/02/2021 08:57 Henry wrote: > > >> > > >> > > >> > > >> > > >> Anyone kwon the last-login plugins can using Authentication variables > > >such as %m mechanism, %a local_port . > > >> we want to record this in DB, thanks > > > > > >You can use this syntax to add further fields for last_login plugin. > > > > > > map { > > > pattern = shared/last-login/$user/$domain > > > table = last_login > > > value_field = last_login > > > value_type = uint > > > > > > fields { > > > username = $user > > > domain = $domain > > > rip = $rip > > > } > > >} > > > > > >Aki > > > > > > > > > -- > > Sent from my Android device with K-9 Mail. Please excuse my brevity. > >
Re: last login plugins
Dear Aka, If in userdb, set last_login_key=last-login/%u/%d/%r/%l/%a then cannot restart dovecot the error below : master: Error: Error reading configuration: Error in configuration file /etc/dovecot/dovecot.conf line 45: Unknown setting: userdb { last_login_key # If in userdb, set default_fields = last_login_key = last-login/%u/%d/%r/%l/%aError:auth: Fatal: Invalid userdb template last_login_key = last-login/%u/%d/%r/%l/%a - key must not be empty what is my wrongs about? thanks Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51 [GMT+8] 寫道: In your userdb, set last_login_key=last-login/%u/%d/%r/%l/%a Then it will expand into what you want, and will be imported into user's environment. Aki > On 28/02/2021 05:57 Henry wrote: > > > like capture local_port, I using %a will got below error > > Error: Failed to expand plugin setting last_login_key = > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' > > > If I using any of $local_port ,'$local_port', "$local_port", `$local_port` > > I got the database update as $local_port ,'$local_port', "$local_port", > `$local_port` at the field column record. > > > > Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道: > > > I already try using other variables , I found it only support "Mail service > user variables", no support "Login variables" and "Authentication variables" > > below the error when I try to using "Login variables" and "Authentication > variables" > > Error: Failed to expand plugin setting last_login_key = > 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k' > Error: Failed to expand plugin setting last_login_key = > 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b' > Error: Failed to expand plugin setting last_login_key = > 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m' > > I using centos 8 and dovecot-2.3.13-2.x86_64, > > > thanks > > Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8] > 寫道: > > > last_login supports some of the variables. > > > Mail service and mail user variables are supported. > > You can try export the auth variables as userdb variables and use > $variablename. > > Aki > > > On 27 February 2021 7.29.10 EET, Henry wrote: > > > >Anyone know then last_login plugins do support standard auth variables > >in var-expand?like %k %a variables. > >I need logging other fields such as port 143 or 993, and tls 1.1 or tls > >1.3, client hostname, > >any patch for this? thanks > > > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道: > > > >but I need logging other fields such as port 143 or 993, and tls 1.1 or > >tls 1.3, client hostname, what should I do it ? > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > > > >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 > >[GMT+8] 寫道: > > > > > >> On 18/02/2021 08:57 Henry wrote: > >> > >> > >> > >> > >> Anyone kwon the last-login plugins can using Authentication variables > >such as %m mechanism, %a local_port . > >> we want to record this in DB, thanks > > > >You can use this syntax to add further fields for last_login plugin. > > > > map { > > pattern = shared/last-login/$user/$domain > > table = last_login > > value_field = last_login > > value_type = uint > > > > fields { > > username = $user > > domain = $domain > > rip = $rip > > } > >} > > > >Aki > > > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. >
Re: last login plugins
like capture local_port, I using %a will got below error Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a' If I using any of $local_port ,'$local_port', "$local_port", `$local_port` I got the database update as $local_port ,'$local_port', "$local_port", `$local_port` at the field column record. Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道: I already try using other variables , I found it only support "Mail service user variables", no support "Login variables" and "Authentication variables" below the error when I try to using "Login variables" and "Authentication variables" Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k' Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m' I using centos 8 and dovecot-2.3.13-2.x86_64, thanks Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8] 寫道: last_login supports some of the variables. Mail service and mail user variables are supported. You can try export the auth variables as userdb variables and use $variablename. Aki On 27 February 2021 7.29.10 EET, Henry wrote: > >Anyone know then last_login plugins do support standard auth variables >in var-expand?like %k %a variables. >I need logging other fields such as port 143 or 993, and tls 1.1 or tls >1.3, client hostname, >any patch for this? thanks > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道: > >but I need logging other fields such as port 143 or 993, and tls 1.1 or >tls 1.3, client hostname, what should I do it ? >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 >[GMT+8] 寫道: > > >> On 18/02/2021 08:57 Henry wrote: >> >> >> >> >> Anyone kwon the last-login plugins can using Authentication variables >such as %m mechanism, %a local_port . >> we want to record this in DB, thanks > >You can use this syntax to add further fields for last_login plugin. > > map { > pattern = shared/last-login/$user/$domain > table = last_login > value_field = last_login > value_type = uint > > fields { > username = $user > domain = $domain > rip = $rip > } >} > >Aki > -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: last login plugins
I already try using other variables , I found it only support "Mail service user variables", no support "Login variables" and "Authentication variables" below the error when I try to using "Login variables" and "Authentication variables" Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k' Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'Error: Failed to expand plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m' I using centos 8 and dovecot-2.3.13-2.x86_64, thanks Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8] 寫道: last_login supports some of the variables. Mail service and mail user variables are supported. You can try export the auth variables as userdb variables and use $variablename. Aki On 27 February 2021 7.29.10 EET, Henry wrote: > >Anyone know then last_login plugins do support standard auth variables >in var-expand?like %k %a variables. >I need logging other fields such as port 143 or 993, and tls 1.1 or tls >1.3, client hostname, >any patch for this? thanks > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道: > >but I need logging other fields such as port 143 or 993, and tls 1.1 or >tls 1.3, client hostname, what should I do it ? >https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 >[GMT+8] 寫道: > > >> On 18/02/2021 08:57 Henry wrote: >> >> >> >> >> Anyone kwon the last-login plugins can using Authentication variables >such as %m mechanism, %a local_port . >> we want to record this in DB, thanks > >You can use this syntax to add further fields for last_login plugin. > > map { > pattern = shared/last-login/$user/$domain > table = last_login > value_field = last_login > value_type = uint > > fields { > username = $user > domain = $domain > rip = $rip > } >} > >Aki > -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: last login plugins
Anyone know then last_login plugins do support standard auth variables in var-expand?like %k %a variables. I need logging other fields such as port 143 or 993, and tls 1.1 or tls 1.3, client hostname, any patch for this? thanks https://doc.dovecot.org/configuration_manual/config_file/config_variables/ Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道: but I need logging other fields such as port 143 or 993, and tls 1.1 or tls 1.3, client hostname, what should I do it ? https://doc.dovecot.org/configuration_manual/config_file/config_variables/ Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 [GMT+8] 寫道: > On 18/02/2021 08:57 Henry wrote: > > > > > Anyone kwon the last-login plugins can using Authentication variables such as > %m mechanism, %a local_port . > we want to record this in DB, thanks You can use this syntax to add further fields for last_login plugin. map { pattern = shared/last-login/$user/$domain table = last_login value_field = last_login value_type = uint fields { username = $user domain = $domain rip = $rip } } Aki
Re: last login plugins
but I need logging other fields such as port 143 or 993, and tls 1.1 or tls 1.3, client hostname, what should I do it ? https://doc.dovecot.org/configuration_manual/config_file/config_variables/ Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 [GMT+8] 寫道: > On 18/02/2021 08:57 Henry wrote: > > > > > Anyone kwon the last-login plugins can using Authentication variables such as > %m mechanism, %a local_port . > we want to record this in DB, thanks You can use this syntax to add further fields for last_login plugin. map { pattern = shared/last-login/$user/$domain table = last_login value_field = last_login value_type = uint fields { username = $user domain = $domain rip = $rip } } Aki
last login plugins
Anyone kwon the last-login plugins can using Authentication variables such as %m mechanism, %a local_port . we want to record this in DB, thanks
unsubscibe
unsubscribe smime.p7s Description: S/MIME cryptographic signature
unsubcribe
smime.p7s Description: S/MIME cryptographic signature
Re: sieve redirect to foreign email gets “Relay access denied”
On 23-09-2014 12:31, Reindl Harald wrote: > [...] > no reason for that: smtpd_data_restrictions = reject_unauth_pipelining its goood, the reason is to block clients who speak to early like spammers for example. http://www.postfix.org/postconf.5.html#reject_unauth_pipelining "This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries."
Re: sieve redirect to foreign email gets “Relay access denied”
On 22-09-2014 23:50, Reindl Harald wrote: [...] you need to provide more informations about your setup and if > possible avoid mask IP addresses - where does the smtpd live, where > is dovecot and how did you configure the relay at all what postfix > version? in case of a recent version -> smtpd_relay_restrictions is > configured? ok here comes the data the sieve rule is simple if header :contains ["subject"] ["redirect"] {redirect "he...@gmail.com"; stop;} first of all the main issue is the sieve "redirect" to a email address on a foreign server. In our case gmail. (sieve is a part of dovecot, and I found no possibility to make sieve more verbose.) I can make postfix verbose but it just say that relay is not permitted. to test sieve and the rule I send a email from he...@live.de (Hotmail) to my account on the server. he...@example.net and expect it to be redirected to he...@gmail.com The only interesting line in the log-file is still NOQUEUE: reject: RCPT from mail.example.net[62.78.xxx.xxx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= it say that sieve is trying to make a email FROM he...@live.de TO he...@gmail.com and send it via mail.example.net. *this is crazzy.* I think that this is the reason why I get the relay not permitted. afaik it should envelope the email using he...@example.net Even I transform my own server in a open relay and send the email like sieve want it to be redirected it will be rejected by the destination server because my server is no authority for gmail. Does somebody know how I can teach sieve to send as envelope ?
Re: sieve redirect to foreign email gets “Relay access denied”
Am 22.09.2014 um 22:19 schrieb Henry Stack: / I have a postfix mail server with sql authentication and I want to implement sieve on it. />/ />/ Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. />/ The problem is the redirect to other servers. />/ I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign />/ destination. # />/ So practically a email coming fromsender at live.de <http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> for the local usertestuser at server.net <http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> should be redirected to />/ destination at gmail.com <http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> when the subject contains "redirect" />/ />/ if header :contains ["subject"] ["redirect"] {redirect />/ "destination at gmail.com <http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>"; stop;} />/ />/ when I test it I get the following log entry />/ />/ /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from />/ mail.server.net[xx.xx.xx.xx]: 554 5.7.1 http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>>: />/ Relay access denied; from=http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>> />/ to=http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>> proto=ESMTP helo= / * you have "mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128" * you masked the IP so likely it's not 127.0.0.1 * just use your local MTA or add the machine to "mynetworks" Thanks for the hint. I tried it, I added the IP to mynetworks and it is still not working, still*Relay access denied;* Henry
sieve redirect to foreign email gets “Relay access denied”
I have a postfix mail server with sql authentication and I want to implement sieve on it. Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. The problem is the redirect to other servers. I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign destination. # So practically a email coming from sen...@live.de for the local user testu...@server.net should be redirected to destinat...@gmail.com when the subject contains "redirect" if header :contains ["subject"] ["redirect"] {redirect "destinat...@gmail.com"; stop;} when I test it I get the following log entry /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from mail.server.net[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=/ How can I tell postfix to let dovecot/sieve relay the email? can somebody give a hint? postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 default_process_limit = 15 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 mydestination = mail.server.net, localhost myhostname = mail.server.net mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot/dovecot.debug.log disable_plaintext_auth = no first_valid_gid = 99 first_valid_uid = 99 hostname = maxi.zp1.net info_log_path = /var/log/mail.info lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = xxx.xxx.xxx.xxx log_path = /var/log/dovecot/dovecot.log login_greeting = Dovecot ready, Sir. mail_debug = yes mail_gid = 99 mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/ mail_plugins = acl mail_uid = 99 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = maildir:/var/mail/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
sieve redirect to foreign email gets “Relay access denied”
I have a postfix mail server with sql authentication and I want to implement sieve on it. Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. The problem is the redirect to other servers. I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign destination. # So practically a email coming from sen...@live.de for the local user testu...@server.net should be redirected to destinat...@gmail.com when the subject contains "redirect" if header :contains ["subject"] ["redirect"] {redirect "destinat...@gmail.com"; stop;} when I test it I get the following log entry /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from mail.server.net[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=/ How can I tell postfix to let dovecot/sieve relay the email? can somebody give a hint? postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 default_process_limit = 15 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 mydestination = mail.server.net, localhost myhostname = mail.server.net mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot/dovecot.debug.log disable_plaintext_auth = no first_valid_gid = 99 first_valid_uid = 99 hostname = maxi.zp1.net info_log_path = /var/log/mail.info lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = xxx.xxx.xxx.xxx log_path = /var/log/dovecot/dovecot.log login_greeting = Dovecot ready, Sir. mail_debug = yes mail_gid = 99 mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/ mail_plugins = acl mail_uid = 99 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = maildir:/var/mail/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
Re: [Dovecot] Problem Authenticating with Master User
Timo, That worked. I appreciate it. Original Message Subject: Re: [Dovecot] Problem Authenticating with Master User From: Timo Sirainen To: Dovecot Mailing List Date: 04/29/2011 03:34 AM On 29.4.2011, at 6.19, Henry Franco wrote: So I removed the passdb's and the pass=yes since it doesn't work with PAM but I'm still not having any luck. Any suggestions? I'm open. Oh, I didn't notice earlier: auth default_with_listener: .. auth default: Don't use two auth {} blocks. That's the one causing this.
Re: [Dovecot] Problem Authenticating with Master User
So I removed the passdb's and the pass=yes since it doesn't work with PAM but I'm still not having any luck. Any suggestions? I'm open. $ telnet mail01.server.com 143 Trying 10.10.10.12... Connected to mail01.server.com. Escape character is '^]'. * OK Dovecot ready. 1 login u...@server.com*master my_password 1 NO Authentication failed. 1 login u...@server.com*master my_password 1 OK Logged in. # dovecot -n # 1.1.20: /etc/dovecot.conf # OS: Linux 2.6.18-8.el5xen x86_64 CentOS release 5.2 (Final) ext3 protocols: imaps imap listen: * ssl_ca_file: /etc/ssl/ca/ca-bundle.crt ssl_cert_file: /etc/ssl/crt/server.crt ssl_key_file: /etc/ssl/key/server.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_processes_count: 64 login_max_processes_count: 2048 valid_chroot_dirs: /home/vmail/domains max_mail_processes: 4096 first_valid_uid: 102 last_valid_uid: 102 first_valid_gid: 102 last_valid_gid: 102 mail_uid: vmail mail_gid: vmail mail_location: maildir:/home/vmail/domains/%d/%n lda: postmaster_address: postmas...@server.com auth_socket_path: /var/run/dovecot-auth-master global_script_path: /home/vmail/domains/server.com/sieve mail_plugins: cmusieve auth default_with_listener: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot-auth-master mode: 384 user: vmail group: vmail auth default: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/dovecot.master master: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf On Apr 28, 2011, at 5:36 PM, Timo Sirainen wrote: > On 29.4.2011, at 0.31, Henry Franco wrote: > >> passdb: >> driver: passwd-file >> args: /etc/dovecot.master >> pass: yes >> master: yes > > pass=yes doesn't work properly with PAM. > >> passdb: >> driver: shadow >> passdb: >> driver: pam >> passdb: >> driver: ldap >> args: /etc/dovecot-ldap.conf > > You also seem to have too many passdbs. You should probably remove either > shadow or pam. >
Re: [Dovecot] Problem Authenticating with Master User
# dovecot -n # 1.1.20: /etc/dovecot.conf # OS: Linux 2.6.18-8.el5xen x86_64 CentOS release 5.2 (Final) ext3 protocols: imaps imap listen: * ssl_ca_file: /etc/ssl/ca/ca-bundle.crt ssl_cert_file: /etc/ssl/crt/server.crt ssl_key_file: /etc/ssl/key/server.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_processes_count: 64 login_max_processes_count: 2048 valid_chroot_dirs: /home/vmail/domains max_mail_processes: 4096 first_valid_uid: 102 last_valid_uid: 102 first_valid_gid: 102 last_valid_gid: 102 mail_uid: vmail mail_gid: vmail mail_location: maildir:/home/vmail/domains/%d/%n lda: postmaster_address: postmas...@server.com auth_socket_path: /var/run/dovecot-auth-master global_script_path: /home/vmail/domains/server.com/sieve mail_plugins: cmusieve auth default_with_listener: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot-auth-master mode: 384 user: vmail group: vmail auth default: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/dovecot.master pass: yes master: yes passdb: driver: shadow passdb: driver: pam passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf-- On Apr 28, 2011, at 5:27 PM, Timo Sirainen wrote: > On 29.4.2011, at 0.25, Henry Franco wrote: > >> The only way I can authenticate successfully is if I try to authenticate >> through telnet twice. Also, imapsync (the tool I need to use to migrate over >> emails from Dovecot to other mail server) won't work because of this. > > dovecot -n output? >
[Dovecot] Problem Authenticating with Master User
Dovecot provides a master login (a master user name and password that can log into all user accounts). I've setup Dovecot as per: http://wiki1.dovecot.org/Authentication/MasterUsers Here's my problem. The only way I can authenticate successfully is if I try to authenticate through telnet twice. Also, imapsync (the tool I need to use to migrate over emails from Dovecot to other mail server) won't work because of this. $ telnet mail01.server.com 143 Trying 10.10.10.12... Connected to mail01.server.com. Escape character is '^]'. * OK Dovecot ready. 1 login u...@server.com*master my_password 1 NO Authentication failed. 1 login u...@server.com*master my_password 1 OK Logged in.
Re: [Dovecot] Particular user post-login hang
On Mon, January 31, 2011 16:06, Timo Sirainen wrote: > On 31.1.2011, at 13.50, Henry C. wrote: > > >>>> Rawlog looks good >>>> >> ... >> >>>> epoll_wait(0x8, 0x806c4f8, 0x6, 0x1b708d >>> >>> Dovecot is just waiting for more commands here. >>> >>> >>> To me everything here points to a client problem. >>> >> >> By client, I presume you're referring to the process which is talking to >> imap (or some other process/intermediary)? > >> From imap process's point of view that would be the IMAP client. Or if it's >> SSL connection then it's imap-login process that's proxying the SSL >> traffic. > >> That'll be the imap-proxy. >> > > Which proxy? Dovecot or something else? up-imapproxy (http://squirrelmail.org/download.php#imap_proxy). However, I tried bypassing the proxy completely and connected directly. It does the same thing. > >> Only problem is everything works flawlessly if I login with a different >> user, using the same software/etc. > > Which client? Squirrelmail - sorry should have mentioned that from the start. What's odd is that this only seems to occur with this one particular login. Everything else I've tested with works fine.
Re: [Dovecot] Particular user post-login hang
> On 31.1.2011, at 13.15, Henry C. wrote: > >> In a nutshell: User authenticates OK, then the imap process hangs. > > imap process, or the client?.. Thanks for the quick feedback. The imap process is waiting on the event poll, so I suppose it's not really hung. Who/what process is talking on the other end? I can then do some more scratching around... > >> Rawlog looks good ... >> epoll_wait(0x8, 0x806c4f8, 0x6, 0x1b708d > > Dovecot is just waiting for more commands here. > > To me everything here points to a client problem. By client, I presume you're referring to the process which is talking to imap (or some other process/intermediary)? That'll be the imap-proxy. Only problem is everything works flawlessly if I login with a different user, using the same software/etc. Thanks
[Dovecot] Particular user post-login hang
.so imap6574 username memREG9,0173806897709 /home2/home/mailusers/username/.imap/INBOX/dovecot.index.log imap6574 username memREG9,0 1980063 35835914 /home2/local/lib/dovecot/libdovecot.so.0.0.0 imap6574 username memREG9,0 4911010 35835915 /home2/local/lib/dovecot/libdovecot-storage.so.0.0.0 imap6574 username memREG3,127274 654816 /lib/libsafe.so.2.0.16 imap6574 username memREG3,199790 654754 /lib/ld-2.3.5.so imap6574 username0w CHR1,3 327760 /dev/null imap6574 username1w CHR1,3 327760 /dev/null imap6574 username2w FIFO0,5 1548069248 pipe imap6574 username3w FIFO0,5 1548064788 pipe imap6574 username4r FIFO0,5 1548414049 pipe imap6574 username5w FIFO0,5 1548069260 pipe imap6574 username6u unix 0xe481b180 1548069218 /usr/local/var/run/dovecot/login/imap imap6574 username7w FIFO0,5 1548414049 pipe imap6574 username8u 0,60 9 unknown inode type imap6574 username9u REG9,0173806897709 /home2/home/mailusers/username/.imap/INBOX/dovecot.index.log imap6574 username 10u IPv4 1548412828 TCP localhost:144->localhost:38067 (ESTABLISHED) imap6574 username 11u REG9,0 2632 30130623 /home2/home/mailusers/username/.imap/INBOX/dovecot.index imap6574 username 12u REG9,0 109568 30130578 /home2/home/mailusers/username/.imap/INBOX/dovecot.index.cache imap6574 username 13u REG 9,0 104724989257043 /home2/var/spool/mail/username Any pointers? Thanks Henry -- CONFIG: --- auth_debug = yes auth_mechanisms = plain login default_login_user = nobody first_valid_uid = 200 listen = * log_path = /var/log/dovecot.log mail_debug = yes mail_location = mbox:~/.:INBOX=/var/mail/%u passdb { driver = shadow } protocols = imap service imap-login { inet_listener imap { port = 144 # 143 is for imap proxy } } ssl = no userdb { driver = passwd }
Re: [Dovecot] Alternate mail_location prefix for homedir
> So I guess by "~/." you mean same as "~/" which is also the same as "~". > The problem with that is, as always, that users can store mails > everywhere in the home directory and there may be other non-mail files > in there messing things up. I understand and agree with your second sentence. The issue though is that if I use '~' or '~/' without the '.' suffix I get the following error: Error: user henry: Initialization failed: Initializing mail storage from mail_location setting failed: No home directory for system user. Can't expand ~ for mail root dir in: ~:INBOX=/var/mail/henry It seems to have a problem expanding '~' or '~/', but not '~/.' Regards Henry
[Dovecot] Alternate mail_location prefix for homedir
Hi, I'm switching from UW-imap to dovecot 2.0.1 and was wondering about the mail_location config: mail_location = mbox:~/.:INBOX=/var/mail/%u Notice '.' in '~/.' above. This seems to resolve the ~/mail problem when switching from UW-imap (ie, no 'mail' prefix). doc/wiki/Migration.UW.txt doesn't mention using '~/.', so I was wondering whether there are any gotchas anyone can think of. Thanks Henry
Re: [Dovecot] SELinux
Am Montag, den 08.06.2009, 12:58 -0700 schrieb Kenneth Porter: > I've temporarily got SELinux set to permissive mode on a fresh install on > CentOS 5. It was blocking Dovecot's access to ~/mail because the files were > labeled file_t. What's the correct way to label these? > restorecon Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Freitag, den 05.06.2009, 09:24 +0200 schrieb Lenthir: > Timo Sirainen pisze: > > On Jun 4, 2009, at 10:01 AM, Lenthir wrote: > >> Trying 127.0.0.1... > >> Connected to localhost. > >> Escape character is '^]'. > >> +OK POP3 [127.0.0.1] server ready > >> user krzys > >> +OK User name accepted, password please > >> pass wew > >> -ERR Bad login / Bledne haslo lub login. > >> Connection closed by foreign host. > > > > That's not Dovecot. > > > > I'm sorry to said that, but this is Dovecot... > Maybe with little modifications, but this is Dovecot :) Could you elaborate what kind of modifications you made? Especially the connection closing is of real interest for me. thanks Henry
Re: [Dovecot] Under POP attack - now to prevent?
Am Freitag, den 05.06.2009, 02:26 -0400 schrieb Timo Sirainen: > On Jun 5, 2009, at 2:07 AM, henry ritzlmayr wrote: > > > Interesting for me is that you are on v1.2RC4. Timo wrote yersterday > > that with v1.2+ after every login failure the delay for the next > > attempt > > should grow. When I take a look at your timestamps this is obviously > > not > > working on your system. > > That's because the client disconnects between attempts. Currently the > delay increase is done only within a single session. > Ok, if thats so please really consider the possibility to disconnect a user if he/she provides the wrong credentials. Otherwise we would have to deal with two kinds of attackers on two places. The ones which don't disconnect themselves would have to be handled by dovecot (growing delay) and the ones which disconnect would have to be handled by firewall/fail2ban etc. I personally prefer (I'm sure you figured that already) a centralized approach on the firewall. Have a nice trip to frisco Henry
Re: [Dovecot] Under POP attack - now to prevent?
Am Freitag, den 05.06.2009, 12:04 +1000 schrieb James Brown: > Looks like we are under a dictionary login attack on our POP server: > > Jun 5 11:48:20 mail dovecot[2620]: pop3-login: Aborted login (auth > failed, 1 attempts): user=, method=PLAIN, rip=85.189.169.94, > lip=192.168.1.9 Since the attacker is playing nice you could also limit the maximum connection attempts to the pop3 port in a given timeframe. And if that limit is reached block the ip for a certain amount of time. If you firewall with netfilter, hashlimit is your friend. Interesting for me is that you are on v1.2RC4. Timo wrote yersterday that with v1.2+ after every login failure the delay for the next attempt should grow. When I take a look at your timestamps this is obviously not working on your system. Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 12:23 -0400 schrieb Timo Sirainen: > On Thu, 2009-06-04 at 18:13 +0200, henry ritzlmayr wrote: > > > > Question: > > > > Is there any way to close the connection after the > > > > first wrong user/pass combination. So an attacker would be forced > > > > to reopen it? > > > > > > I think the growing delay is a better idea. > > > > The Idea is good but I guess an option to just disconnect the attacker > > wouldn't hurt in the config file? > > Yes, more settings in config file does hurt. There are way too many of > them already. But passdb could perhaps return "disconnect" field if > authentication failed.. > I am not that familiar with returning extra fields using passdb, but wouldn't this be even more complicated. Since pam for example doesn't even support this and it also depends on the password database ( as read on http://wiki.dovecot.org/PasswordDatabase/ExtraFields )? Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 09:51 -0700 schrieb Mark Sapiro: > On Thu, Jun 04, 2009 at 12:16:00PM +0200, henry ritzlmayr wrote: > > > > The problem: > > If the attacker wouldn't have closed and reopened the connection > > no log would have been generated and he/she would have endless > > tries. Not even an iptables/hashlimit or fail2ban would have kicked in. > > > > How to reproduce: > > telnet dovecot-server pop3 > > user test > > pass test1 > > user test > > pass test2 > > ... > > QUIT > > ->Only the last try gets logged. > > > I see the same thing with Dovecot 1.2.rc4 on CentOS 5, but pam logs every > failed attempt: > > Jun 4 09:37:40 sbh16 dovecot-auth: pam_unix(dovecot:auth): check pass; user > unknown > Jun 4 09:37:40 sbh16 dovecot-auth: pam_unix(dovecot:auth): authentication > failure; logname= uid=0 euid=0 tty=dovecot ruser=zzz rhost=127.0.0.1 > Jun 4 09:38:05 sbh16 dovecot-auth: pam_unix(dovecot:auth): check pass; user > unknown > Jun 4 09:38:05 sbh16 dovecot-auth: pam_unix(dovecot:auth): authentication > failure; logname= uid=0 euid=0 tty=dovecot ruser=mmm rhost=127.0.0.1 > > So, fail2ban will block based on the pam log. > Good to know. We have ldap here, but it certainly would be possible to do the authentication through pam->ldap. thanks Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 18:27 +0200 schrieb Steve: > > The Idea is good but I guess an option to just disconnect the attacker > > wouldn't hurt in the config file? > > > Is that not the wrong approach? I mean: all you wanted is to have a log entry > showing when there was a username/password mismatch when logging in. And you > found out that with normal logging options that log entry only shows up if > the connection get's disconnected. Right? So would it not be better to have > an option to log ANY username/password login mismatch even if the > user/attacker does not disconnect? Right, logging a wrong username/password should always be done. That's one reason why I favor a disconnect. Almost any service logs a disconnect - so does dovecot. > > > This would be much easier to detect/monitor on an upfront firewall/IDS. > > > A disconnect on TCP/IP level is easier to detect/monitor? How? Without > logging or without inspecting the communication channel you are pretty much > lost. Correct me if I am wrong. Any serious firewall those days has the capability to track the amount of connection attempts on any port without knowing whats in the packet. By just delaying the next try within the service the firewall would have to inspect the packets to know whats going on. So by disconnecting an intruder (and forcing him to reconnect) its easy to detect such an attack on the firewall/IDS by just counting the amount of connects in a given timeframe. Within iptables for example this can accomplished with "--hashlimit 5/Minute". Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
> > Question: > > Is there any way to close the connection after the > > first wrong user/pass combination. So an attacker would be forced > > to reopen it? > > I think the growing delay is a better idea. The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? This would be much easier to detect/monitor on an upfront firewall/IDS. I agree that each service should care about its own security but some of us have certain sw/hw in front which also should be able to detect such an attempt. By just delaying the next try I guess it will be tough to detect this upfront. Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 14:53 +0200 schrieb Cédric Laruelle: > Reproduced on 1.1.14 too and really problematic for me Curious question: Why is it so problematic for you? As stated in my original post you only have to set auth_verbose to yes to get it logged. With that you can always block the attacker with a little script (fail2ban,..). Henry > -Message d'origine- > De : dovecot-bounces+laruellec=aiderdonner@dovecot.org > [mailto:dovecot-bounces+laruellec=aiderdonner@dovecot.org] De la part de > Noel Butler > Envoyé : jeudi 4 juin 2009 12:48 > À : henry ritzlmayr > Cc : dovecot@dovecot.org > Objet : Re: [Dovecot] Dovecot under brute force attack - nice attacker > > On Thu, 2009-06-04 at 12:16 +0200, henry ritzlmayr wrote: > > > Hi List, > > > > optimizing the configuration on one of our servers (which was > > hit by a brute force attack on dovecot) showed an odd behavior. > > > > Dovecot Version 1.0.7 (CentOS 5.2) > > > > The short story: > > On one of our servers an attacker did a brute force > > attack on dovecot (pop3). > > Since the attacker closed and reopened the connection > > after every user/password combination the logs showed > > many lines like this: > > dovecot: pop3-login: Aborted login: user=,.. > > > > The problem: > > If the attacker wouldn't have closed and reopened the connection > > no log would have been generated and he/she would have endless > > tries. Not even an iptables/hashlimit or fail2ban would have kicked in. > > > > How to reproduce: > > telnet dovecot-server pop3 > > user test > > pass test1 > > user test > > pass test2 > > ... > > QUIT > > ->Only the last try gets logged. > > > > > > Verified with 1.1.6 as well, nice catch Henry. > > >
[Dovecot] Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted login: user=,.. The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT ->Only the last try gets logged. If I enable auth_verbose every attempt gets logged, but if I read the docs correctly this option should only be used for figuring out why authentication isn't working. Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it? This would be perfect since an easy iptables/hashlimit would avoid such a brute force attack. Any other Ideas? Henry
Re: [Dovecot] Mapping usernames [RESOLVED]
Resolved. For others, this is the simple solution which works for me: /etc/dovecot.conf: auth default { userdb passwd-file { args = /etc/passwd } passdb passwd-file { args = scheme="MD5-CRYPT" /etc/dovecot.passwd } } /etc/dovecot.passwd: b...@vhost.com:$1$yAOjs09l$...::userdb_user=vabc_bob (the encrypted password "$1$yAOjs09l$..." comes from /etc/shadow) /etc/passwd: vabc_bob:x:20838:2362:bob:/home/mailusers/vabc_bob:/sbin/nologin "abc" could also be the domain ("vhost"), but this might be too large for really long domain names. So we rather use a short unique prefix for each domain. Cheers Henry -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.5 (GNU/Linux) mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7 Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM w49UeHQ= =qgmL -END PGP PUBLIC KEY BLOCK-
Re: [Dovecot] Mapping usernames
On Thu 12/02/09 18:36 , Timo Sirainen t...@iki.fi sent: > a...@123.com:. > ...:user=realnamea_abc Thanks Timo, Unfortunately this is still not working. Any further comments would be appreciated. I've tried it two ways:- ATTEMPT 1 /etc/dovecot.conf: auth default { userdb passwd-file { args = /etc/dovecot.passwd } passdb passwd-file { args = scheme=plain-md5 username_format=%u /etc/dovecot.passwd } } /etc/dovecot.passwd: b...@vh1.com:$1$Vh6a...::userdb_user=vh1_bob Error: auth(default): passwd-file(b...@vh1.com,:::127.0.0.1): no passwd file: scheme=plain-md5 username_format=...@vh1.com /etc/dovecot.passwd ATTEMPT 2 /etc/dovecot.conf: auth default { userdb passwd-file { args = /etc/dovecot.passwd } passdb passwd-file { args = /etc/dovecot.passwd } } /etc/dovecot.passwd: b...@vh1.com:{PLAIN-MD5}$1$Vh6a...::userdb_user=vh1_bob Error: auth(default): passwd-file(b...@vh1.com,:::127.0.0.1): unknown user I'm missing something obvious, I'm sure of it. Any pointers appreciated. Thanks -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.5 (GNU/Linux) mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7 Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM w49UeHQ= =qgmL -END PGP PUBLIC KEY BLOCK-
[Dovecot] Mapping usernames
Greets, We're using Dovecot 1.0.7 (which comes with CentOS 5.x). I have successfully configured dovecot to change a username from a...@123.com to realname1_abc for a machine which only has a single domain (using auth_username_format=realname1_%Ln). However, I'm pulling my hair out trying to get dovecot to handle multiple domains (the machine has existing /etc/passwd /etc/shadow and /etc/mail/virtusertable users). On an older machine, I simply hacked the source code to perform a berkeley DB lookup in /etc/mail/virtusertable.db for the realname[a-z0-9]_xx. This time round, though, I'm trying to do this cleanly. I've been reading the docs/wiki/etc but I now can't see the forest for the trees. This is what I've got so far: In /etc/dovecot.conf: ... auth default { userdb passwd-file { args = /etc/dovecot.passwd } passdb passwd-file { args = /etc/shadow #args = /etc/dovecot.passwd } } /etc/dovecot.passwd contains: realnamea_abc:{PLAIN-MD5}$1$Vjkfhaa::userdb_user=...@123.com I've been fiddling around blindly with all kinds of settings in userdb {} above, but I always get the error: "passwd-file(a...@123.com,:::127.0.0.1): unknown user", amongst others. In a nutshell, I want to allow a user to login with a...@123.com, this name must be mapped to a real system user (eg, using /etc/dovecot.passwd), then authenticated against /etc/shadow or the MD5 password in /etc/dovecot.passwd I would appreciate any kind of pointers or advise here. It would have been nice if vpopmail allowed me to call an external perl script where I could perform the username mapping, but alas, this is not possible. Thanks Henry -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.5 (GNU/Linux) mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7 Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM w49UeHQ= =qgmL -END PGP PUBLIC KEY BLOCK-
Re: [Dovecot] Can not Create Maildir using userdb
Dear Tim, Thank you for your clue. And I'm now able to do what I've been dreaming of :D Kind Regards, Henry Yonathan "All successful communication is Hypnosis" - Milton H. Erickson - Original Message - From: Timo Sirainen [mailto:t...@iki.fi] To: Dovecot Mailing List [mailto:dove...@dovecot.org] Subject: Re: [Dovecot] Can not Create Maildir using userdb > On Tue, 2009-01-13 at 10:27 +0700, Henry Yonathan wrote: > > Thank you for your reply. > > So, you mean that both user_query and password_query should have the > > same amount of parameter and the mail parameter from user_query should > > have the exact parameter as userdb_mail from password_query? > > And also I've to turn on userdb prefetch {} > > password_query also needs to return the password. But other than that, > yes. Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia. Kunjungi website http://www.bookoopedia.com. Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet. Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
Re: [Dovecot] Can not Create Maildir using userdb
Thank you for your reply. So, you mean that both user_query and password_query should have the same amount of parameter and the mail parameter from user_query should have the exact parameter as userdb_mail from password_query? And also I've to turn on userdb prefetch {} Kind Regards, Henry From: Timo Sirainen [mailto:t...@iki.fi] To: Dovecot Mailing List [mailto:dove...@dovecot.org] Subject: Re: [Dovecot] Can not Create Maildir using userdb sql > On Jan 12, 2009, at 8:38 PM, Henry Yonathan wrote: > > > password_query = SELECT email AS user, password, CONCAT('/home/vmail/ > > %d/%n/', maildir) AS userdb_home, CONCAT('maildir:/home/vmail/%d/ > > %n/', maildir) AS userdb_mail, 5000 AS userdb_uid, 5000 AS > > userdb_gid FROM view_users WHERE email = '%u'; > > Here you're trying to use prefetch userdb by returning userdb_* > fields. But they're different than here: > > > user_query = SELECT '/home/vmail/%d/%n' AS home, '/home/vmail/%d/%n/ > > Maildir' AS mail, 5000 AS uid, 5000 AS gid, > > CONCAT('maildir:storage=', ROUND(quota/1024)) AS quota FROM > > view_users WHERE email = '%u'; > > They should contain the exact same values. Here userdb_mail isn't > prefixed with "maildir:", which is your main problem. Also here you're > specifying "quota" field but in password_query you're not specifying > userdb_quota at all. > > > passdb: > >driver: sql > >args: /etc/dovecot-sql.conf > > userdb: > >driver: sql > >args: /etc/dovecot-sql.conf > > And finally you're not currently even using prefetch userdb so Dovecot > ignores all the userdb_* fields you're returning in password_query. > For enabling prefetch see http://wiki.dovecot.org/UserDatabase/Prefetch Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia. Kunjungi website http://www.bookoopedia.com. Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet. Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
Re: [Dovecot] Can not Create Maildir using userdb sql
I dont think mail_location:/home/vmail/%d/%n/Maildir should be terminated with an / Because I've try to use the mail_location with userdb static, dovecot still able to create the directory anyway. OK, below are my dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=email user= password= default_pass_scheme = PLAIN-MD5 password_query = SELECT email AS user, password, CONCAT('/home/vmail/%d/%n/', maildir) AS userdb_home, CONCAT('maildir:/home/vmail/%d/%n/', maildir) AS userdb_mail, 5000 AS userdb_uid, 5000 AS userdb_gid FROM view_users WHERE email = '%u'; user_query = SELECT '/home/vmail/%d/%n' AS home, '/home/vmail/%d/%n/Maildir' AS mail, 5000 AS uid, 5000 AS gid, CONCAT('maildir:storage=', ROUND(quota/1024)) AS quota FROM view_users WHERE email = '%u'; Kind Regards, Henry Yonathan "All successful communication is Hypnosis" - Milton H. Erickson Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia. Kunjungi website http://www.bookoopedia.com. Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet. Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
[Dovecot] Can not Create Maildir using userdb sql
Dear all, I've been experiencing this problem and still can't find a solution for this. I want to have a dynamic quota for each virtual user. I've followed instruction from : http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL http://workaround.org/articles/ispmail-etch/ But still can't give what I want. But if I use userdb static, I works fluently. Below are my Dovecot configuration : # 1.0.15: /etc/dovecot.conf base_dir: /var/run/dovecot/ protocols: imap pop3 ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_privileged_group: mail mail_location: maildir:/home/vmail/%d/%n/Maildir mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv namespace: type: private separator: . prefix: INBOX. inbox: yes auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: sql args: /etc/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot-sql.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: quota: maildir:storage=5120 - Below are my dovecot error log deliver(ha...@zlack.net): Nov 19 13:51:27 Info: Loading modules from directory: /usr/lib/dovecot/lda deliver(ha...@zlack.net): Nov 19 13:51:27 Info: Module loaded: /usr/lib/dovecot/lda/lib10_quota_plugin.so deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: ha...@zlack.net deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: home=/home/vmail/zlack.net/harry deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: mail=/home/vmail/zlack.net/harry/Maildir deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: uid=5000 deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: gid=5000 deliver(ha...@zlack.net): Nov 19 13:51:27 Info: auth input: quota=maildir:storage=10240 deliver(ha...@zlack.net): Nov 19 13:51:27 Info: Home dir not found: /home/vmail/zlack.net/harry deliver(ha...@zlack.net): Nov 19 13:51:27 Info: maildir autodetect: stat(/home/vmail/zlack.net/harry/Maildir/cur) failed: No such file or directory deliver(ha...@zlack.net): Nov 19 13:51:27 Info: mbox autodetect: data=/home/vmail/zlack.net/harry/Maildir deliver(ha...@zlack.net): Nov 19 13:51:27 Info: mbox autodetect: INBOX file: stat(/home/vmail/zlack.net/harry/Maildir) failed: No such file or directory deliver(ha...@zlack.net): Nov 19 13:51:27 Info: mbox autodetect: has .imap/: stat(/home/vmail/zlack.net/harry/Maildir/.imap) failed: No such file or directory deliver(ha...@zlack.net): Nov 19 13:51:27 Info: mbox autodetect: has inbox: stat(/home/vmail/zlack.net/harry/Maildir/inbox) failed: No such file or directory deliver(ha...@zlack.net): Nov 19 13:51:27 Info: mbox autodetect: has mbox: stat(/home/vmail/zlack.net/harry/Maildir/mbox) failed: No such file or directory deliver(ha...@zlack.net): Nov 19 13:51:27 Error: Ambiguous mail location setting, don't know what to do with it: /home/vmail/zlack.net/harry/Maildir (try prefixing it with mbox: or maildir:) deliver(ha...@zlack.net): Nov 19 13:51:27 Fatal: Failed to create storage for 'ha...@zlack.net' with mail '/home/vmail/zlack.net/harry/Maildir' Kind Regards, Henry Yonathan "All successful communication is Hypnosis" - Milton H. Erickson Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia. Kunjungi website http://www.bookoopedia.com. Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet. Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
[Dovecot] Multiple network interface question
Hi all, Sorry if this question has been posted before. I have dug through the archives but haven't found any relevant answers to this question. I am running Dovecot on a server that serves a number of (virtual) domains each with a number of (virtual) users. To read mail I am providing a webmail client and have configured HTTPS connections using reverse DNS so that each domain has its own IP address and that each IP address gets mapped to a different virtual host. Each virtual host presents and HTTPS connection particular to their own domain using the SSL certificate for that domain so that each user only sees his or her own domain throughout. Is it possible to configure Dovecot so that mail-clients like Thunderbird or Outlook can connect via the default port using their own domain (maybe also using reverse DNS) and be presented with an SSL connection particular to that domain (i.e. using that domains certificate)? Any comments welcome. Thanks in advance, -Mike
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
> So why is dovecot searching for uid? I am not asking it to; in fact, my > pass_attrs field is empty. Im' no tsure, I was hoping someone else would know why. Is it a hard coded default? > Also, I have switched around my setup to not use auth_bind: > > hosts = ldap.lrtz > dn = cn=varmail,ou=users,dc=lorentz,dc=com > dnpass = *** > ldap_version = 3 > auth_bind = no > pass_attrs = userPassword=password > pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu)) > base = ou=users, dc=%Dd > scope = onelevel > > With this configuration, it becomes inconsistant. Sometimes my client > authenticates, and sometimes my client goes through the same timeout as > below. > I have not had time to run enough trials to prove this, but it seems > like this new configuration works for the first connection made to > dovecot, and then times out on subsequent connections. If I restart > dovecot, then I get one successful connection again, and then the others > fail. > I am not certain on this, however. I seem to remember the first > connection timing out on one run... > > On Wed, 2008-04-16 at 23:20 +0100, Gavin Henry wrote: >> >> >No, it isn't. I have verified the connection with "openssl s_client". >> > Besides, the server is receiving the username "[EMAIL PROTECTED]", so >> > the connection has already been made by this time. >> >What is happening every time is that dovecot sends the correct query >> to >> > OpenLDAP (as noted in the log below), OpenLDAP receives that query >> > (according to its log) and responds with one match, but dovecot never >> > seems to see that response. 180 seconds after the auth fails, dovecot >> > drops the connection with the IMAP client for inactivity. >> > >> >> I've gone back to your first post, and you slapd logs show: >> >> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH >> base="ou=users,dc=lorentz,dc=com" scope=1 deref=0 >> filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))" >> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid >> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 >> err=0 nentries=1 text= >> >> Which shows the correct filter, but the requested attribute to return is >> "uid", which is _not_ in your entry: >> >> # Jack McKinney, users, lorentz.com >> dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com >> objectClass: top >> objectClass: person >> objectClass: organizationalPerson >> objectClass: inetOrgPerson >> cn: Jack McKinney >> givenName: Jack McKinney >> sn: McKinney >> mail: jackmc at lorentz.com >> >> Try the same search again, but using (note uid on end): >> >> ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D >> 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel >> '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid >> >> It should be empty, hence why dovecot isn't getting anything. >> >> >> > -- > Jack McKinney > GPG 1024D/99C6A174 > [EMAIL PROTECTED] YM:lfaatsnat2006 AIM:jackmclorentz > Beware geeks bearing diffs >
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
> No, it isn't. I have verified the connection with "openssl s_client". > Besides, the server is receiving the username "[EMAIL PROTECTED]", so > the connection has already been made by this time. > What is happening every time is that dovecot sends the correct query to > OpenLDAP (as noted in the log below), OpenLDAP receives that query > (according to its log) and responds with one match, but dovecot never > seems to see that response. 180 seconds after the auth fails, dovecot > drops the connection with the IMAP client for inactivity. > I've gone back to your first post, and you slapd logs show: Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base="ou=users,dc=lorentz,dc=com" scope=1 deref=0 filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))" Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Which shows the correct filter, but the requested attribute to return is "uid", which is _not_ in your entry: # Jack McKinney, users, lorentz.com dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Jack McKinney givenName: Jack McKinney sn: McKinney mail: jackmc at lorentz.com Try the same search again, but using (note uid on end): ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid It should be empty, hence why dovecot isn't getting anything.
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
> Apr 3 08:13:21 fourier dovecot: auth(default): new auth connection: > pid=15774 > Apr 3 08:13:30 fourier dovecot: auth(default): client in: > AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=x.x.x.x^Irip=y.y.y.y^Iresp= > Apr 3 08:13:30 fourier dovecot: auth(default): > ldap([EMAIL PROTECTED],y.y.y.y): bind search: base=ou=users, > dc=lorentz,dc=com > filter=(&(objectClass=inetOrgPerson)([EMAIL PROTECTED])) > Apr 3 08:16:30 fourier dovecot: imap-login: Disconnected: Inactivity: > method=PLAIN, rip=y.y.y.y, lip=x.x.x.x, TLS > This isn't a TLS mismatch kidn of thing is it?
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
> My config is almost exactly the same as yours, except that I use static > userdb and I do not have (nor do I understand the need for; see my > previous post) pass_attrs. I tried putting them in matching yours, but > it still fails the same way: OpenLDAP receives the query and (according > to its logs) responds with nentries=1 (i.e., exactly one match, as > expected). However, dovecot never sees the response from OpenLDAP. What do you see in the dovecot logs with auth debug on?
Re: [Dovecot] Shared folders and LDAP?
> On Thu, 2007-07-19 at 10:17 +0100, Gavin Henry wrote: >> >> > On Thu, 2007-07-19 at 07:56 +0100, Gavin Henry wrote: >> >> Dear All, >> >> >> >> Is it possible to store shared folder lists in an LDAP Directory >> along >> >> with your virtual users? >> > >> > You could have LDAP return namespaces. First define a private >> namespace >> > in dovecot.conf, and then return another from LDAP. You'd have to >> return >> > fields like: >> > >> > namespace_2=maildir:/shared/boxes >> > namespace_2_prefix=Shared/ >> > >> > Or you could just configure the second namespace in dovecot.conf as >> well >> > and just override the location with namespace_2. >> >> Sounds all good, but I can't find any info about LDAP lookups for >> namespaces on the wiki. > > This isn't specific to either namespaces or LDAP. You can override any > setting with any userdb (that's documented, > http://wiki.dovecot.org/UserDatabase/ExtraFields). The internal names > for namespace settings aren't documented anywhere though, and they're > going to change in Dovecot v2.0. Ah, ok. Thanks. >> If this is a often requested feature, should we do a dovecot.schema file >> for these kind of things. I'd be willing to develop/discuss one and >> contribute it. > > First I've heard. :) ;-) >
Re: [Dovecot] Shared folders and LDAP?
> On Thu, 2007-07-19 at 07:56 +0100, Gavin Henry wrote: >> Dear All, >> >> Is it possible to store shared folder lists in an LDAP Directory along >> with your virtual users? > > You could have LDAP return namespaces. First define a private namespace > in dovecot.conf, and then return another from LDAP. You'd have to return > fields like: > > namespace_2=maildir:/shared/boxes > namespace_2_prefix=Shared/ > > Or you could just configure the second namespace in dovecot.conf as well > and just override the location with namespace_2. Sounds all good, but I can't find any info about LDAP lookups for namespaces on the wiki. Is this new in 1.0.2? If this is a often requested feature, should we do a dovecot.schema file for these kind of things. I'd be willing to develop/discuss one and contribute it. Gavin. > >
[Dovecot] Shared folders and LDAP?
Dear All, Is it possible to store shared folder lists in an LDAP Directory along with your virtual users? Will check the wiki too. Thanks, Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
[Dovecot] Stop Maildir appending to path
dovecot -n: # /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_listen: 208.xxx.xxx.xxx login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_extra_groups: mail mail_debug: yes auth default: passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: static args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 master: path: /var/run/dovecot/auth-master mode: 384 user: vmail -- dovecot version: 1.0.rc15 -- Debian Etch (Stable) on AMD64
[Dovecot] Stop Maildir appending to path
Dovecot is working perfectly except for one problem. I have local users and virtual users. Local users are ~/Maildir. And virtual users are /home/vmail/domain/user. The problem is, it keeps trying to fetch virtual mail at /home/vmail/domain/user/Maildir. It doesn't exist the user/ dir is the Maildir. To get around this, I have to make symlinks on each virtual email. What should I check? How do I make it stop appending Maildir to my virtual users path? If I set mail_location to the virtual user path, it works fine. But I won't be able to get local mail. So I... have mail_location pointing to local users ~/Maildir while UserDatabase/Extrafields feature will overwrite the path for virtual users. dovecat-sql.conf: password_query = SELECT email as user, password, CONCAT('/home/ vmail/', path) as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM view_users WHERE email='%u';
Re: [Dovecot] LDAP for Virtual Domains
> Is anyone using LDAP along with Dovecot where mail is being accessed > in the form of /var/vmail/${domain}/${user}? I have not figured out > how to extract the domain from LDAP in order to make this work. I > know this is sparse information but maybe there is an easy fix. If > not, I can post more information. > > Bryan > What config have you tried? -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
Re: [Dovecot] v1.0.0 released
> Timo Sirainen wrote: >> http://dovecot.org/releases/dovecot-1.0.0.tar.gz >> http://dovecot.org/releases/dovecot-1.0.0.tar.gz.sig >> >> It took almost 5 years, but it's finally ready. I'm not expecting to >> release v1.0.1 anytime soon, unless someone's been sitting on a major >> bug just waiting for v1.0 to be released. :) >> > Congratulations! Well done! Likewise from me! Well done. > > Gimme a call next time you're in Vegas! > > -- > Daniel > >
Re: [Dovecot] 1.0.rc30 released
> http://dovecot.org/releases/dovecot-1.0.rc30.tar.gz > http://dovecot.org/releases/dovecot-1.0.rc30.tar.gz.sig > > So, this is it. Unless you can find a new and important bug within a > week, this release is the same as v1.0. I'll only update the version > number and NEWS file. Yeah -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/