Re: [Dovecot] diacritic marks in password
On 06/22/2011 06:39 PM, Timo Sirainen wrote: On Wed, 2011-06-15 at 20:05 +0100, pch0317 wrote: Hi, I have dovecot 2.0.beta6 (on RedHat 6) and my user uses thunderbird 3.1.10 (on Windows XP). I use authentication via LDAP (Windows server 2003 AD). With auth_bind=yes? When user use in password diacritic marks (ą,ć,ę,ł,ń,ó) authentication failed. What can I do? Not much from Dovecot's side, I'm afraid. Hello, I've stumbled across such a limitation myself, but i was using OpenLDAP as ldap backend. I could even bind as the user, with ldapsearch, on the command line. Password data is stored in ldap as a base64 encoded utf-8 string. The problem is that there is a long lasting bug in thunderbird that makes TB _always_ use iso-8859-1 to enconde passwords, making them different from what the ldap backend is expecting. There was once someone that even provided the mozilla team with a patch, but sadly they went on without applying it. Time went by and now, even wanting to do the patching, the code changed so much that there would have to be done a major code rewrite of the patch. You can find out about all this in this bug report thread. https://bugzilla.mozilla.org/show_bug.cgi?id=312593 In our case, we solved the problem by not allowing users to use diacritics in passwords. R's, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
[Dovecot] UIDL and message migration
Hello, I'm in the process of migrating accounts between two dovecot servers. An old server running ancient 1.0.15 and a new server running 1.2.15. Account migration is going to be gradual and so i would like to use imapsync to move messages and subscriptions from one server to the other. The only problem so far is with POP users. After doing an account migration with imapsync, and although both servers share the same pop3_uidl_format = %08Xu%08Xv, the client downloads every message that was already on the server. Any pointers would be very much appreciated. Best Regards, Hugo Monteiro.
Re: [Dovecot] UIDL and message migration
On 06/21/2011 08:52 PM, Javier wrote: Hugo, I have been there too. Check if you are changing the server address in the e-mail client. If you are doing so, most clients check uidls based on this (at least in my tests). If you keep the hostname intact and the uidls are the same, the e-mails won't be downloaded again. You can do this messing with the hosts file in the client computer. To check if the uidls are the same, just launch a telnet session in both POP servers and issue a UIDL command and compare the output. Javier Hello Javier, The hostname is intact since all pop/imap are being routed through a proxy. The problem is that using imapsync, for message migration, the uilds don't stay intact. I was hoping someone would know a tool, similar to imapsync, that would provide such a functionality. Alternately i can always scp/tar the messages from one server to the other, but for migration implementation reasons i would prefer imapsync, or the like. Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
[Dovecot] Dovecot as IMAP proxy to Exchange
Hello list, I'm looking into the possibility to setup dovecot to act as an IMAP proxy to an Exchange server. Things i know beforehand: - I will not be able to use the ldap (Active Directory) user DN for auth binds (but i discovered that i could could use the user userPrincipalName attribute as bind DN. I tested it using ldapsearch and it worked fine.) - I will not be able to perform any unbinded searches. - The Exchange server is unique, so i can setup a static proxy route to the server. Given the above, i'd like to post some questions: 1 - Will i be able to use auth_bind = yes given the restrictions? My first guess is that this might work if i use something like auth_bind_userdn = %...@example.org 2 - Will i be able to specify a static route to the exchange server, not having to rely on that information from the AD itself? Another thing i'd like to know is if NTLM auth can be used while dovecot acts only as proxy. Thanks in advance, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
[Dovecot] login_* options for 1.0.15
Hello all, Although i'm aware that version 1.0.15 is rather old, that's what is used in Lenny, so... Either way, the setup is rather simple, regular dovecot install, with maildirs residing on a local ext3 filesystem accessed through FC to a SAN (2Gbps link). The server has 2 cores (with HT), so almost 4 cores and 3GB of ram. A couple weeks ago we had a major number of account migrations, from POP to IMAP. We started to notice that in times of peaks, specially after lunch hour, dovecot started to get REALLY slow and closing client connections. A restart to the service was enough to get things working again. Firstly i thought about the max fd number per process, but after checking it turned out it was already rather large, 8192 in our case. I cannot observe any concerning I/O load either. Besides upgrading, are there any suggestions? Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] login_* options for 1.0.15
On 10/08/2010 03:02 PM, Hugo Monteiro wrote: Hello all, Although i'm aware that version 1.0.15 is rather old, that's what is used in Lenny, so... Either way, the setup is rather simple, regular dovecot install, with maildirs residing on a local ext3 filesystem accessed through FC to a SAN (2Gbps link). The server has 2 cores (with HT), so almost 4 cores and 3GB of ram. A couple weeks ago we had a major number of account migrations, from POP to IMAP. We started to notice that in times of peaks, specially after lunch hour, dovecot started to get REALLY slow and closing client connections. A restart to the service was enough to get things working again. Firstly i thought about the max fd number per process, but after checking it turned out it was already rather large, 8192 in our case. I cannot observe any concerning I/O load either. Besides upgrading, are there any suggestions? Regards, Hugo Monteiro. I also forgot to mention that apart from a bug, i though that MAYBE the login_* options could influence in this matter, hence the subject of the message. The values i use are: login_process_per_connection = yes login_processes_count = 10 login_max_processes_count = 40 login_process_size = 64 Thanks again. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] login_* options for 1.0.15
On 10/08/2010 03:30 PM, Ron Leach wrote: Hugo Monteiro wrote: Although i'm aware that version 1.0.15 is rather old, that's what is used in Lenny, so... I expect you already know this, but Debian backports for Lenny does include version 1.2.13 for Dovecot http://packages.debian.org/lenny-backports/i386/dovecot-common/download On that page there are instructions - which I guess you already have - for adding the backport repositories to you software upgrade system. If you were minded to download the files directly, you would need the POP and IMAP programs as well; I'd just use the synaptic system, myself. snip Hi Ron, I am aware of backports, yes. But this is not an option right now. Besides upgrading, are there any suggestions? Apologies for not being able to offer any 'real' help for your problem, but just I'd mention 1.2.13 on Debian in case it was helpful. regards, Ron I do appreciate your suggestion, but i will have to exclude almost any other possibilities before going the upgrade path. Best regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] POP3 Problem with SPAM-Mail's over sieve
On 05/20/2010 03:25 PM, Michael Niehren wrote: Hi together, i am currently using dovecot 1.2.10 with the sieve-plugin and use a sieve-filter to sort the SPAM-Mail's directly into a Junk-Folder: require fileinto; # rule:[junkfilter] if header :contains X-Spam-Flag YES { fileinto Junk; } My problem is now, if i try to retrieve the Mails via POP3, i did not get the SPAM-Mail's in the Junk-Folder, only the normal ones, that are not filtered over the sieve plugin. Could anyone tell me how to solve that issue ? best regards Michael Hello Michael, I don't know if there are any other new ways of doing this, but a while ago i had that same need. I solved it by creating a wrapper and using NOTE: This is for maildir only mail_executable = /usr/local/bin/pop-wrapper.sh That wrapper basically copies all the messages from the Spam maildir into the Inbox maildir, executing /usr/lib/dovecot/pop3 afterwards. a simplistic approach would be something like #!/bin/sh for i in `/usr/bin/find Maildir/.Spam -type f -iregex .*/new/.* -o -iregex .*/cur/.*` ; do mv $i Maildir/new/ ; done exec /usr/lib/dovecot/pop3 Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] looking for IMAP testing tool
On 05/18/2010 04:33 PM, Phil Howard wrote: On Tue, May 18, 2010 at 10:17, Steffen Kaiserskdove...@smail.inf.fh-brs.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 18 May 2010, Phil Howard wrote: Anyone ever heard of such a tool? Open source would be preferred (better http://search.cpan.org/search?mode=distquery=imap Those all looked like libraries/modules. Any complete commands? Writing Perl code is not an option for me. Once there was small program Timo did. http://www.dovecot.org/list/dovecot/2006-February/011635.html Dunno if it's still around and usable for the current dovecot versions, or even if it was any good to use with other servers. You should ask Timo. R's, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] looking for IMAP testing tool
On 05/18/2010 04:40 PM, Hugo Monteiro wrote: On 05/18/2010 04:33 PM, Phil Howard wrote: On Tue, May 18, 2010 at 10:17, Steffen Kaiserskdove...@smail.inf.fh-brs.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 18 May 2010, Phil Howard wrote: Anyone ever heard of such a tool? Open source would be preferred (better http://search.cpan.org/search?mode=distquery=imap Those all looked like libraries/modules. Any complete commands? Writing Perl code is not an option for me. Once there was small program Timo did. http://www.dovecot.org/list/dovecot/2006-February/011635.html Dunno if it's still around and usable for the current dovecot versions, or even if it was any good to use with other servers. You should ask Timo. R's, Hugo Monteiro. Replying myself in this one. Should have looked a bit further into it. http://imapwiki.org/ImapTest R's, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] Quota monitoring
On 04/22/2010 12:02 PM, Vlamsdoem wrote: On 22/04/10 10:57, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 21 Apr 2010, Vlamsdoem wrote: No only the maximum quota for each user. So, where are your current quota values located? There had been mentioned to use SQL, where you can easily get your quota via SQL. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS9APgb+Vh58GPL/cAQLsMwf8DxGNpPf5/tup6S+QQsVAOBOtgveKGXno 19MYefBMK1OJVzurf6DpFXDW8KkpXTkcX5nGVhpFKexytMyNF4qnRWM6JtIld+8F hJaIcdeH/TL6l1pS3veydF8J8C67RbudcgY441bn4dv6TuIl/pcoJadij7mwiVSP oHKPgXJP5nqkgqmW7tFogeSNpCuOlK/7YX2N/PDArIZgw08V/TsnZjTVOzNkp6u8 p1iLvI0MplJUXD9iThDhe4qwERfydgUslfEDpO1lOIYqVHKPqv9Q4HQx+Q0ZpEwD ooqyJUPpk7TTIdzbCQ65kqAnYAE9SrALsOz6uXzsrKKaRqghBrlcow== =Owfw -END PGP SIGNATURE- The current values of the quota is located in the maildirsize file in each user mailbox directory. I can do a script to parse every maildirsize file but I don't understand the format of this file. I read in the documentation that the first line is the maximum storage limit in bytes, but I don't know what the other lines means. Here is an example of a maildirsize file: 102400S 24140481 824 2580 1 655 1 975 1 975 1 975 1 975 1 1434 1 610 1 3577 1 Regards, http://www.courier-mta.org/imap/README.maildirquota.html Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] Dovecot+LDAP issues
On 03/31/2010 02:59 PM, Daniel Gomes wrote: Dear list members, I am having some problems with a LDAP passdb authentication on Dovecot. Before I forget, the specs: it's a Ubuntu 7.10 server running Dovecot 1.0.5 connecting to 2 different machines running LDAP servers: gold with OpenLDAP 2.4.19 and extra with OpenLDAP 2.4.9 (extra is a replication slave of gold). The initial setup of dovecot was with a MySQL passdb, which is still the first passdb, now followed by my new LDAP passdb, all with a static userdb. Here is my dovecot-ldap.conf (the LDAP passdb) (I switched the domain with example.com for privacy sake): - #Servidor hosts = gold.example.com extra.example.com tls = yes ldap_version = 3 base = ou=people,dc=example,dc=com scope = onelevel #uid/gid user_global_uid = 5000 user_global_gid = 5000 #Bind para ler coisas dn = cn=dovecot,ou=people,dc=example,dc=com dnpass = secret sasl_bind = no sasl_mech = #passdb: usar password lookups para autenticar utilizadores auth_bind = no pass_attrs =userPassword=password #, =userdb_home=/home/vmail/%d/%n pass_filter = ((maildrop=%u)(mailacceptinguser=1)) default_pass_scheme = PLAIN-MD5 - This setup is currently working for some tests users (the others are still being auth'ed with the old MySQL passdb). Unfortunately, I seemed to have run into a big problem on an occasion when dovecot was unable to connect my first server (gold) and hence went to the second one (extra). Backtracking from the logs (starting with dovecot-error.log): Mar 31 13:11:50 bunker dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server Mar 31 13:11:50 bunker dovecot: auth-worker(default): LDAP: ldap_result() failed: Can't contact LDAP server This is when the users stopped being able to login via imap, with the following message being shown on dovecot-info.log: Mar 31 13:13:00 bunker dovecot: auth(default): ldap(u...@domain.com,xxx.xxx.xxx.xxx): unknown user (I know, an auth_debug log would be handy here, but it wasn't activated at the time). I went on to investigate and from the slapd logs I noticed that the second LDAP server (extra) was being contacted for the passdb lookups, thus proving that dovecot considered the gold to be dead (it wasn't, but that's a different matter). Anyway, the problem is that dovecot doesn't seem to be able to retrieve the user information from extra. As the slapd log shows: Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH base=ou=people,dc=example,dc=com scope=1 deref=0 filter=((?=undefined)(?=undefined)) Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SRCH attr=userPassword Mar 31 13:41:37 extra slapd[31473]: conn=4 op=140 SEARCH RESULT tag=101 err=0 nentries=0 text= For some reason, dovecot sends an undefined filter to extra, even though the same filter works without issues with gold (and remember they are clones). I just can't see how this is caused by any of my configurations! Any ideas? Thanks in advance, Hi Daniel, Are you using by any chance the slapo-rwm overlay? There is mention in openldap 2.4.13 changelog that prior versions would rewrite an undefined filter. Have you tried issuing the exact search on both servers, using ldapseach for instance, and see if they both return the same information? Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.ptap...@fct.unl.pt fct.unl.pt:~# _
Re: [Dovecot] HA Dovecot Config?
Rick Romero wrote: Quoting Seth Mattinen se...@rollernet.us: Eric Rostetter wrote: For IMAP to be truely HA, you will need shared storage of some sort. You can emulate a SAN with something like DRBD if budget doesn't allow a real SAN (that is what I do). I can vouch for DRBD too. It works quite well. ~Seth Anyone used FileReplicationPro? I'm more interested in low bandwidth, 'cheaper', replication. Rick If data consistency isn't a must, you can always perform timed rsyncs. R's, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] Maildir autocreation
Proskurin Kirill wrote: Pascal Volk wrote: On 10/21/2009 01:08 PM Proskurin Kirill wrote: Hello. Today i found what maildir autocreation stop work. May be after upgrade to 1.2. Here logs: … Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: maildir autodetect: stat(/var/spool/dovecot/domains/fxclub.org/shershov-oa//cur) failed: No such file or directory Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: mbox autodetect: data=/var/spool/dovecot/domains/fxclub.org/shershov-oa/ Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: mbox autodetect: INBOX file: stat(/var/spool/dovecot/domains/fxclub.org/shershov-oa/) failed: No such file or directory Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: mbox autodetect: has .imap/: stat(/var/spool/dovecot/domains/fxclub.org/shershov-oa//.imap) failed: No such file or directory Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: mbox autodetect: has inbox: stat(/var/spool/dovecot/domains/fxclub.org/shershov-oa//inbox) failed: No such file or directory Oct 21 11:01:25 deliver(shershov...@fxclub.org): Info: mbox autodetect: has mbox: stat(/var/spool/dovecot/domains/fxclub.org/shershov-oa//mbox) failed: No such file or directory Oct 21 11:01:25 deliver(shershov...@fxclub.org): Error: mail_location: Ambiguous mail location setting, don't know what to do with it: /var/spool/dovecot/domains/fxclub.org/shershov-oa/ (try prefixing it with mbox: or maildir:) Oct 21 11:01:25 deliver(shershov...@fxclub.org): Fatal: Namespace initialization failed dovecot -n # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.1-RELEASE-p7 i386 ufs base_dir: /var/run/dovecot/ … login_process_size: 128 login_processes_count: 20 login_max_processes_count: 512 mail_location: ??? mail_max_userip_connections(default): 256 mail_max_userip_connections(imap): 256 mail_max_userip_connections(pop3): 20 mail_max_userip_connections(managesieve): 10 … mail_plugins(default): quota imap_quota autocreate mail_log mail_plugins(imap): quota imap_quota autocreate mail_log … plugin: … autocreate: Trash autocreate2: Sent autocreate3: Spam autosubscribe: Trash autosubscribe2: Sent autosubscribe3: Spam Your log excerpt shows excellently how hard Dovecot tries the figure out the mail_location. But that's not all. There is a very useful suggestion: try prefixing it with mbox: or maildir: It looks like your ldap userdb is returning a home field. So set for example mail_location = mailldir:~/Maildir in your dovecot.conf I have in Dovecot.conf: mail_location: maildir:/var/spool/dovecot/domains/%d/%n mail_location = maildir:/var/spool/dovecot/domains/%d/%n Can you see the difference? R's, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] Better APPEND performance
Timo Sirainen wrote: On Wed, 2009-10-07 at 17:53 -0500, Mike Abbott wrote: 1. For every other APPENDed message, dovecot appends the new UID to the list quickly. No problem here, this is fast. 2. For every other other APPENDed message, dovecot scans the entire UID list. This is an O(n) algorithm. Since it happens every n/2 times it causes O(n^2) behavior across n consecutive APPENDs. I'll look at this more closely later, but did you already try maildir_very_dirty_syncs=yes? Does this behavior happen also with it? Hello Timo, Also i have observed this behaviour. Although i think it's not the most urgent matter, it would really be nice if you could speed up massive message imports. In our case, we don't use it that much for migration, but sometimes some POP users like to be able to backup their messages in the IMAP server. Thanks in advance, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] ignors the configure prefix
vwc72...@voicenet.com wrote: 1.2.5 is ignoring the configure -prefix switch. It you install it some place else with the -prefix then I get errors all over the place becuase things are hard coded to use the default and it can't find anything any more like: Fatal: execv(/usr/local/libexec/dovecot/ssl-build-param) failed: No such file or directory and Error: Can't open configuration file /usr/local/etc/dovecot.conf: No such file or directory Fatal: Invalid configuration in /usr/local/etc/dovecot.conf and Starting Dovecot Imap: Error: auth_executable: Can't use /usr/local/libexec/dovecot/dovecot-auth: No such file or directory How do I fix this? Have you tried to build the SRPM available at ftp://download.fedora.redhat.com/pub/fedora/linux/development/source/SRPMS/dovecot-1.2.5-2.fc12.src.rpm ? I do know that these are probably not the words you want to hear now, but i would advise you to test upgrades on a test system, deploying changes to the production server only after you know everything is alright. R's, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] Using account alias as login
Hugo Monteiro wrote: Javier Amor García wrote: Hello, I use dovecot with a LDAP backend for user account and aliases. The aliases are objects of the class couriermailalias. Some users would like to use the alias address as POP/IMAP login instead of the 'true' account. Is this possible?. I am using dovecot version 1.0,10, from ubuntu hardy packages. Thanks for any answer, Javier Hello Javier, I don't use couriermailalias, but i do use the qmailUser objectclass which provides both mail and mailAlternateAddress attributes. As an example, i would say that you can use something like user_filter = ((objectClass=qmailUser)(|(mail=%u)(mailAlternateAddress=%u))) and pass_filter = ((objectClass=qmailUser)((uid=%u)(mailAlternateAddress=%u))) pass_filter = ((objectClass=qmailUser)(|(mail=%u)(mailAlternateAddress=%u))) Hope it helps. Regards, Hugo Monteiro. Sorry for the typo, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] help writeing rule for preventin spam
Charles Marcus wrote: On 1/26/2009 11:51 PM, Sophia Alikhani wrote: Hi I installed qmail-jms1-7.07 + domainkey-patch + simscan + clamav+ dovecot-1.1.7+ vpopmail+ spamassassin I also used Bayes + AWL as database connection in local.cf I don't know how can i stop these type of spam at MTA level (qmail) i wrote a rule in .dovecot.sieve if header :contains [From,To] [%...@mydomain] { discard; stop; } In the real i nedd to stop any mail from a virtual user to him/her self. Again... this is NOT a dovecot problem, it is an MTA (in your case, qmail) problem. You'll need to ask on one of their support lists... I agree with Charles. Though i though about giving you a hint. If you're using jms patch, you might want to look at it's greeting delay and greylist functionalities. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] help writeing rule for preventin spam
Bryan Bradsby wrote: The best place to filter spam is at the first receiving MTA, (qmail in this case), not the IMAP/POP3 server. Probably John Simpson, the author of the qmail patch you're using, can give you some hints on how to tweak your qmail install. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: hugo.monte...@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt ap...@fct.unl.pt ci.fct.unl.pt:~# _
Re: [Dovecot] antispam - Unable to determine the destination user
Romanczyk Guillaume wrote: Claudio Prono a écrit : Try to put in dspam.conf that line: MySQLUIDInSignature on Even if I do not use MySql ? If you don't use MySQL you will need to use the --user parameter to set the corresponding owner of the signature. Then you have another problem. You either run the dspam call as the same _system_ user as what you are providing in the --user parameter, eg. run it as real system user johndoe with --user johndoe, or you are running the dspam call as a generic system user, such as mail or other. In that case you will need to tell dspam to trust that user in dspam.conf - look for the Trust directive. Another way would be to use the recent (CVS) external lookup feature to remap the virtual user to an authorized system user. Either the johndoe if there are real system users, or the generic one. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] Antispam plugin custom behavior?
Kyle Wheeler wrote: Hello, I currently have a setup on my system with what I call magic folders to enable spam filter training. Here's how it works: 1. If you have a false-negative, put the spam into the Spam.Report folder 2. If you have a false-positive (which has all kinds of ugly spamassassin protective markup in it), put the message into the Spam.NotSpam folder Currently what happens is that a cron job comes along every five minutes and processes the messages in those folders. In the case of the NotSpam folder, it strips the message of the spamassassin markup, retrains the bayesian net, and redelivers the message (e.g. via deliver). In the case of the Report folder, the message is used to train the bayesian net (among other things) and then deleted. I'd love to be able to trigger these actions when the mail is moved, rather than have a cron job inspecting the mailboxes. I looked into the antispam plugin (http://johannes.sipsolutions.net/Projects/dovecot-antispam), which seems nice but doesn't appear sufficiently generic for my needs. What would really work is if I could get it set up such that putting a message into either of those directories is turned into piping the message to a script of my choosing (a different one for each folder). Does anyone know a good way of getting my own custom behavior in here, or is my cronjob setup probably the best way? ~Kyle Hello Kyle, Have you tried the plugin using the mailtrain backend? Basically it will forward the message, as attachment, to spam/notspam addresses that you define. That includes the use of a %u variable expansion, if you choose to use retrain addresses like like [EMAIL PROTECTED] or something. I've been pretty happy with with it and it scales a lot better than piping the message into a retrain command, since the mail system itself will handle the load in a more intelligent way. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] Antispam plugin custom behavior?
Kyle Wheeler wrote: On Wednesday, June 11 at 05:51 PM, quoth Juan Asensio Sánchez: The anispam plugin does exactly what you need, and you could forget the cron script. If you use SpamAssassin, you could add a rule to Sieve to move the Spam messages when they arrives to the Spam folder. If a user moves a message from Spam folder to any other folder, then the message is considered a false possitive (when this move is detected you could run sa-learn inmediatly, without the cron script); the other way, when a user moves a message INTO the spam folder you could run again the sa-learn script, but with different parameters. Well, for one thing, this is different behavior than what my users are used to, and I'd rather not have to re-explain how things work and deal with confusion about the difference in behavior. Plus, unless I misunderstand the antispam plugin (quite possible), it doesn't *alter* the message when you remove it from the Spam folder --- because if it did, that could confuse IMAP clients that expect messages not to change when moved. ~Kyle No different behaviour for the end user. Your user could continue to dragdrop messages in/out of the designated Spam folder. The only different, which is not visible to the end user, is that the retrain of false positives is activated by pulling the messages out of the Spam folder, rather than having to specifically put it in a Ham folder. That said, they can continue to use the Ham folder as a placebo. ;) Out of curiosity, why would you need to alter the message when moving it around? Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] Antispam plugin custom behavior?
Kyle Wheeler wrote: On Wednesday, June 11 at 05:01 PM, quoth Hugo Monteiro: Have you tried the plugin using the mailtrain backend? The antispam plugin? No, I haven't... mostly because it looks like no matter which backend I use, I'd have to alter the user-visible interface to my training system (which I don't really want to do), and it still doesn't handle the altered message problem. Basically it will forward the message, as attachment, to spam/notspam addresses that you define. That includes the use of a %u variable expansion, if you choose to use retrain addresses like like [EMAIL PROTECTED] or something. I've been pretty happy with with it and it scales a lot better than piping the message into a retrain command, since the mail system itself will handle the load in a more intelligent way. Hmmm, load is something I hadn't thought about... (the system I'm working with at the moment has plenty of capacity to spare). That's a good point. However, one of the goals here is to make it so that if a user identifies a message that has been mistakenly tagged as spam (and sanitized by SpamAssassin, e.g. via the report_safe setting), they can get the message corrected (and back to its original form) immediately. As it is, they have to put it into the NotSpam folder and wait a couple minutes for the message to reappear in the INBOX (because the cron job only runs every so often). ~Kyle No need to reply to the other message regarding the why. ;) Has for what you're saying .. maybe it could be possible to extend the plugin to remove/add headers.. Though i have no idea on the impact that would have on IMAP clients... Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] auth issues on centos5 with ldap backend
Jurvis LaSalle wrote: On Jun 4, 2008, at 8:54 PM, Timo Sirainen wrote: On Wed, 2008-06-04 at 20:02 -0400, Jurvis LaSalle wrote: Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=127.0.0.1 user=user123 Someone's trying to brute-force in? sorry. i changed that from a valid username at our site to user123. nearly all of the errors are for valid accounts. Are there any valid logins at all then? I'm not sure I understand your question. Here's my observations: when I $ telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. * OK Dovecot ready. 1 login validLDAPaccount X 1 OK Logged in. 2 logout * BYE Logging out 2 OK Logout completed. Connection closed by foreign host. I see in /var/log/secure an error like this: Jun 5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=127.0.0.1 user=validLDAPaccount So the user was logged in, but an error was logged for some reason. OTOH, when I log in using the dovecotadmin account, no error is logged. I've tried changing the order of the passdb sections and removing the dovecotadmin section entirely, but an error is always logged for an LDAP user even though they successfully login. Does that answer your question? Please let me know if I can provide any additional info to figure this out. I'll work on removing PAM from the equation as auth locked up on us again while I was writing this even though I removed the blocking=yes from the passdb:driver:pam section. Thanks, JL Hello, The first time i tried out dovecot, although it preformed quite nicely after the login, i remember having a bit of lag when the client was first logging in. At the time i was using LDAP backend for user authetication. Now i can't recall if i was getting the same type of error you show from your log file, but i do recall that same wait uppon login. My problem was that, by default, dovecot would ALSO check using PAM/passwd backends, before going for the LDAP backend. Right after i eliminated the PAM/passwd passdb definitions ALL dovecot's operations were blazing fast. I'm not saying that's your problem, but it's worth checking. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] mailtrain with dovecot antispam plugin
Johannes Berg wrote: Please don't take mail private. I tend to not reply at all in that case. Can you try this patch? johannes diff --git a/mailtrain.c b/mailtrain.c index dbe770c..75c0fc8 100644 --- a/mailtrain.c +++ b/mailtrain.c @@ -213,7 +213,9 @@ int backend_handle_mail(struct mailbox_transaction_context *t, struct istream *mailstream; struct ostream *outstream; int ret; - char *buf, *firstline; + char *buf; + const unsigned char *beginning; + size_t size; int fd; if (!ast-tmpdir) { @@ -266,15 +268,25 @@ int backend_handle_mail(struct mailbox_transaction_context *t, goto failed_to_copy; } - firstline = i_stream_read_next_line(mailstream); + if (i_stream_read_data(mailstream, beginning, size, 5) 0 || + size 5) { + ret = -1; + mail_storage_set_error(t-box-storage, + Failed to read mail beginning); + goto failed_to_copy; + } - if (strncmp(firstline, From , 5) != 0) - if (o_stream_send_str(outstream, firstline) 0) { + /* From ? skip line */ + if (memcmp(From , beginning, 5) == 0) { + i_stream_read_next_line(mailstream); + } else { + if (o_stream_send_str(outstream, From ) 0) { ret = -1; mail_storage_set_error(t-box-storage, Failed to write line to temp); goto failed_to_copy; } + } if (o_stream_send_istream(outstream, mailstream) 0) { ret = -1; Hello Johannes, sorry taking it off the list. Didn't want to bother the others with my whining.. ;) I've briefly tested the patch you sugested and it seems to work like a charm. Thank you for your interest. Best regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] antispam plugin ehancement
ML wrote: I'm not a developper so I can't do it by myself, but I wonder if it could be possible to use tagSpam and tagNospam DSPAM feature to ehance user's dspam lerning experience. I even don't know if this must be done by DSPAM itself or by dovecot, but let me explain : The feature would be done by a signature replacement into tagSpam and tagNospam text, so the user would simply have to click on the link at end of the mail to learn DSPAM : # dspam.conf tagSpam on tagNonspam on # msgtag.spam If this message was classified SPAM by mistake, please click here : http://example.com/dspam-retrain.cgi?sig={DSPAM_SIG} # msgtag.nonspam If this message should have been classified SPAM, please click here : http://example.com/dspam-retrain.cgi?sig={DSPAM_SIG} I think a click is easier and faster than a forward, what do you think of such an implementation ? Regards, David. If you're using IMAP, you don't need to forward. With the right setup you only have to move messages around from/to the IMAP server Spam folder. If you're using POP, then usually that means forwarding messages. But there are already some plugins/extensions that provide simple Spam/Not Spam buttons, both for M$ Outlook and Thunderbird. Never the less, it would be a nice idea, but i think you're forgetting the technicalities. I assume that such http submission would be authenticated. Do you want to nag your users constantly with authentication popups, and windows opening, so they can retrain? Two possibilities for Outlook Thunderbird are discussed here, on the last paragraph. http://hmonteiro.net/howtos:qmail:qmail_plus_dspam#retraining_with_email_forwarding Cheers, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ signature.asc Description: OpenPGP digital signature
Re: [Dovecot] antispam plugin ehancement
ML wrote: Le 21 avr. 08 à 12:49, Hugo Monteiro a écrit : Never the less, it would be a nice idea, but i think you're forgetting the technicalities. I assume that such http submission would be authenticated. Do you want to nag your users constantly with authentication popups, and windows opening, so they can retrain? Why auth ? there's no auth when forwarding, mail with a known sig is retrain, mail with unknown sig is ignored, so I imagined that a click with valid sig is retrain and a click with unvalid sig is not. Any drawback to this ? Actually that will depend on the way you have the forward retraining set. In my case, using qmail and simscan, i only allow retraining from authenticated smtp sessions. I'm guessing it's something that can be done with other MTAs too. Cheers, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ signature.asc Description: OpenPGP digital signature
[Dovecot] mailtrain with dovecot antispam plugin
Hello all, and Johannes if you're around, I was trying to set up the new antispam plugin with the mailtrain backend, and i was trying to use the sendmail binary that's part of a qmail system. The message wouldn't get sent and i kept getting exit error 100 from the /var/qmail/bin/sendmail binary. To try to figure out what was happening, i mean a fake sendmail program, which is nothing more than a bash script to capture the command call input. The script is rather simple, it just places the calling parameters into a txt file and the stdin into another. code is #!/bin/bash echo $* /tmp/sendmail-parms.txt exec cat0 /tmp/sendmail-msg.txt exit 0 So i tried a retrain and went to see what those txt files had. The parms.txt file was fine apparently, with cat /tmp/sendmail-parms.txt i got -f [EMAIL PROTECTED] [EMAIL PROTECTED] Then i did the same to the message file, with cat /tmp/sendmail-msg.txt, and i got the follwing Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED] Received: (qmail 21616 invoked from network); 19 Apr 2008 16:21:17 - Received: (simscan 1.4.1 ppid 21609 pid 21611 t 0.1451s) (scanners: regex: 1.4.1 attach: 1.4.1 clamav: 0.92.1 /m:46/d:6803); 19 Apr 0108 16:21:17 - Received: from femme-fatal.resnet.costabasto.com (HELO femme-fatal) (192.168.0.20) by hmonteiro.net with SMTP; 19 Apr 2008 16:21:17 - Subject: buy some viagra HURRAY X-DSPAM-Result: Innocent X-DSPAM-Processed: Sat Apr 19 17:21:17 2008 X-DSPAM-Confidence: 0.4945 X-DSPAM-Probability: 0.0330 X-DSPAM-Signature: 480a1bfd216125429498786 viagra sale really HURRAY cheap! only $5! As you can see, there is no new line in the first line. Return-Path and Delivered-To are set in a single line, which makes qmail-inject (which is later used by /var/qmail/bin/sendmail) to abort like this cat /tmp/sendmail-msg.txt | /var/qmail/bin/sendmail -f [EMAIL PROTECTED] [EMAIL PROTECTED] qmail-inject: fatal: unable to parse this line: Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED] Before i go into digging the plugin code i was wondering if i'm not seing things clearly and thinking this is in fact a bug in the plugin code. Thank you all in advance, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ signature.asc Description: OpenPGP digital signature
Re: [Dovecot] mailtrain with dovecot antispam plugin
Hugo Monteiro wrote: Hello all, and Johannes if you're around, I was trying to set up the new antispam plugin with the mailtrain backend, and i was trying to use the sendmail binary that's part of a qmail system. The message wouldn't get sent and i kept getting exit error 100 from the /var/qmail/bin/sendmail binary. To try to figure out what was happening, i mean a fake sendmail program, which is nothing more than a bash script to capture the command call input. The script is rather simple, it just places the calling parameters into a txt file and the stdin into another. code is #!/bin/bash echo $* /tmp/sendmail-parms.txt exec cat0 /tmp/sendmail-msg.txt exit 0 So i tried a retrain and went to see what those txt files had. The parms.txt file was fine apparently, with cat /tmp/sendmail-parms.txt i got -f [EMAIL PROTECTED] [EMAIL PROTECTED] Then i did the same to the message file, with cat /tmp/sendmail-msg.txt, and i got the follwing Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED] Received: (qmail 21616 invoked from network); 19 Apr 2008 16:21:17 - Received: (simscan 1.4.1 ppid 21609 pid 21611 t 0.1451s) (scanners: regex: 1.4.1 attach: 1.4.1 clamav: 0.92.1 /m:46/d:6803); 19 Apr 0108 16:21:17 - Received: from femme-fatal.resnet.costabasto.com (HELO femme-fatal) (192.168.0.20) by hmonteiro.net with SMTP; 19 Apr 2008 16:21:17 - Subject: buy some viagra HURRAY X-DSPAM-Result: Innocent X-DSPAM-Processed: Sat Apr 19 17:21:17 2008 X-DSPAM-Confidence: 0.4945 X-DSPAM-Probability: 0.0330 X-DSPAM-Signature: 480a1bfd216125429498786 viagra sale really HURRAY cheap! only $5! As you can see, there is no new line in the first line. Return-Path and Delivered-To are set in a single line, which makes qmail-inject (which is later used by /var/qmail/bin/sendmail) to abort like this cat /tmp/sendmail-msg.txt | /var/qmail/bin/sendmail -f [EMAIL PROTECTED] [EMAIL PROTECTED] qmail-inject: fatal: unable to parse this line: Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED] Before i go into digging the plugin code i was wondering if i'm not seing things clearly and thinking this is in fact a bug in the plugin code. Thank you all in advance, Hugo Monteiro. I've managed to get it working with the following patch. There may be a better way, deeper in the code, to do it. Timo or Johannes ... any sugestions? --- dovecot-antispam/mailtrain.c2008-04-19 22:20:32.0 +0100 +++ dovecot-antispam-qmail/mailtrain.c 2008-04-19 22:25:45.0 +0100 @@ -274,7 +274,8 @@ mail_storage_set_error(t-box-storage, Failed to write line to temp); goto failed_to_copy; - } + } else + o_stream_send_str(outstream, \n); if (o_stream_send_istream(outstream, mailstream) 0) { ret = -1; Cheers, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ signature.asc Description: OpenPGP digital signature
Re: [Dovecot] ldaps support in dovecot-ldap.conf?
Geert Hendrickx wrote: On Fri, Feb 15, 2008 at 10:11:52AM -0600, Tim Tyler wrote: Dovecot experts, Does Dovecot support ldaps:\\ connections in dovecot-ldap.conf for ldap connections? I can get regular ldap:\\connections to work, but not ldaps:\\ connections. I have even downloaded the latest beta version of dovecot and it still doesn't work. If its not supported, will it be in the near future? Note: We are using Centos 5 and Redhat 5 systems. According to http://wiki.dovecot.org/AuthDatabase/LDAP just set tls=yes in your dovecot-ldap.conf. Geert ldaps:// is not the same as ldap:// with tls support. Also, ldap with tls support is preferred to ldaps, but if you really have to use ldaps, you can always use stunnel to wrap up the connection in SSL. Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] mailbox not acceced
Osvaldo Alvarez Pozo wrote: Hi I wonder how can I know if a mailbox is not beeing consulted. I mean I have severals mailboxs but I know some account are not used. I like to know how to determine wich mail accounts are not beeing used. Is there any way in dovecot to know the las time a user loged in to dovecot? Thanks I'm using dovecot's ability to use pre execution scripts. Basically i have in my imap protocol definition in dovecot.conf an alternate mail_executable protocol imap { ... mail_executable = /usr/local/bin/imap-wrapper.sh ... } And that executable has the following: snip #!/bin/sh # Filesystem based timestamp in user's home directory and protocol used echo imap /var/spool/lastlogin/$UID # Finally execute the imap/pop3 binary. If you use both, you'll need two scripts. exec /usr/lib/dovecot/imap snip I echo the protocol into the file because i have both pop and imap available to my users and this way i can keep track when was the last time they accessed their mailbox (ls -l /var/spool/lastlogin/username) and which protocol they used in that access (cat /var/spool/lastlogin/username). There are inumerous possibilities of course. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] backup strategy
Jochen Kaechelin wrote: what's the prefered way to backup users mail? i use doevcot shipping with debian/etch an maildir. thanx Have you considered Amanda or Bacula? www.amanda.org www.bacula.org Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] mailbox size limit
Bazy wrote: Nikolay Shopik wrote: On 17.11.2007 16:54, Bazy wrote: Hi guys, I was wondering... my Inbox is 1.3GB large, my mailbox size limit is 6GB (6442450941). Other users have 500+ MB in their Inbox. I have about 27GB of mail. I'm running dovecot 1.0.7 now under Fedora 7 with postfix. I have no trouble at all, everything is working perfect. I use ext3 as my file system, and I store mail in maildir format. Will I have any inode, file system, issues? Is anyone storing more then 27GB in maildir format on only one ext3 partition? Here is my dovecot -n output: # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 ssl_cert_file: /etc/postfix/smtpd.cert ssl_key_file: /etc/postfix/smtpd.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_max_processes_count: 512 mail_location: maildir:/home/vmail/%d/%n/ mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): outlook-idle pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot-userdb-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix plugin: quota: maildir:storage=102400 [root:pts/0][~]# cat /etc/dovecot-sql.conf driver = mysql connect = host=/var/lib/mysql/mysql.sock user=mail_admin password= dbname=mail default_pass_scheme = CRYPT password_query = SELECT password FROM users WHERE CONCAT(SUBSTRING_INDEX(email,'@',1)) = '%n' AND CONCAT(SUBSTRING_INDEX(email,'@',-1)) = '%d'; [root:pts/0][~]# cat /etc/dovecot-userdb-sql.conf driver = mysql connect = host=/var/lib/mysql/mysql.sock user=mail_admin password= dbname=mail user_query = SELECT CONCAT(('/home/vmail/'), SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') as home, 5000 as uid, 5000 as gid, CONCAT('maildir:storage=', floor(quota/1024)) as quota FROM users WHERE email = '%u'; Hi, What kind issues you thinking about? I'm storing currently about 40Gb of mails. You mean, run out of number inodes on your partition? Yes, that's what I meant. Run out of inodes on that partition. An excerpt from wikipedias ext3 definition: The maximum number of inodes (and hence the maximum number of files and directories) is set when the file system is created. If /V/ is the volume size in bytes, then the default number of inodes is given by /V//2^13 (or the number of blocks, whichever is less), and the minimum by /V//2^23 . The default was deemed sufficient for most applications. You can read the rest here http://en.wikipedia.org/wiki/Ext3 In my case, i have a 1.2TB filesystem which is currently holding 312GB of mail. According to the values present earlier, i can have up to 1268272861184/8192 (1.2TB/2^13) files/dirs. The magic number in my case is 154818464. As i said, currently i have 312GB of used space on a single filesystem, which holds aprox 16000 user maildirs. The total number of files+folders on that filesystem is 7106571, which represents only 4.59% of the maximum possible number of files/folders. The current occupancy rate is 28%. Using this ratio as sample, i'd say that i'm pretty much safe ... as i'm sure you'll be. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] Is there any way to query a secure imap server for certificate details
Dan Mahoney, System Admin wrote: On Thu, 15 Nov 2007, Stewart Dean wrote: openssl s-client -connect serverip:port Small typo i guess ... it should read s_client and not s-client. :) Cheers, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] SSL/TLS with Outlook client
Eli Sand wrote: Nikolay Shopik wrote: Usually it works like this. You are configure your mail client to address like this mail.example.com, when mail client establish connection to server and receive certificate it compare CN with current configuration in it. So if you configure connect to mx.example.com but server receive certificate with CN=mail.example.com it should warn you. It doesn't do any PTR lookups. I have experimented with Outlook 2k7 and valid certificates from CACert and I am unable to say that this is for sure how Outlook is behaving. I have tested with a wildcard cert, and names of both the MX record and the A record configured in the mail client. All three of which produced the same ultimate The target principal name is incorrect. Error. The certificate is valid and I do have the root CA certs loaded in Windows correctly. Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] SSL/TLS with Outlook client
Eli Sand wrote: Hugo Monteiro wrote: Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Already have and no luck :( My domain is elisand.com and I have tried *.elisand.com, mx1.elisand.com (I believe that's what my MX record is... if not, whatever it is is what I tried) and mail.elisand.com which is the smtp/imap server name I use in Outlook. All three yield the same result :( Eli. I have taken the liberty to connect to your server, using openssl, i've seen the following: $ openssl s_client -CApath /usr/share/ca-certificates/cacert.org/ -connect mail.elisand.com:993 CONNECTED(0003) depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] verify return:1 depth=0 /CN=*.elisand.com verify return:1 --- Certificate chain 0 s:/CN=*.elisand.com i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] --- i believe you should change two things. If the name you wish to use on your clients is mail.alisand.com, then the certificate should read CN=mail.elisand.com. Furthermore, it's always a good idea to provide the chaining certificate path on dovecots side. Try using the ssl_ca_file directive on dovecot's configuration. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] v1.1 plans
Richard Laager wrote: On Tue, 2007-04-17 at 21:46 +0300, Timo Sirainen wrote: I'm planning on keeping v1.1 almost completely compatible with v1.0. There could be some minor configuration file changes, but for most people v1.0's dovecot.conf should work with v1.1. Please, this needs to be Everyone's v1.0 dovecot.conf will work in v1.1. If you're going to change the configuration file format even in some subtle way, please bump the major version. Likewise with plugin support... if you're going to break API or ABI, please bump the major version. It's easy enough to avoid breaking compatibility gratuitously. People do not expect configuration files to need changing between minor releases and they'll be quite upset if things break. Richard I second that. Cheers, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] v1.1 plans
Timo Sirainen wrote: Features that I'm planning on implementing: - Fully supported shared mailboxes and IMAP ACL extension - Replace Squat FTS indexes with my new design - Case-insensitive searches with non-ASCII text as well - Maybe add support for all kinds of IMAP extensions that can be easily supported. LEMONADE extensions especially: CONDSTORE, CATENATE and maybe even URLAUTH if I can figure out how it should work. Hello Timo, one thing i already discussed with you some time ago that would make some difference and open lots of possibilities, in my opinion, would be the ability to have a virtual INBOX that could be composed by a list of folders. That would make a world of difference to those who maintain a mixed service of pop and imap to their users. Just from the top of my head, two great possibilities would be able to 1 - One could use server side filtering (sieve, maildrop, etc) to separate junk from the INBOX to make things look nice for IMAP users, but still allow POP users to retrieve their marked messages and not miss any false positives. 2 - If the list of folders could be a wildcard, allow POP users to retrieve ALL their messages, even if they're also regular IMAP based webmail users. I'm sure other folks would find other ways to use such feature. Best regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] How to integrate dspam and dovecot
Manilal K M wrote: On 03/04/07, Johannes Berg [EMAIL PROTECTED] wrote: On Tue, 2007-04-03 at 12:21 +0530, Manilal K M wrote: Also, I forgot one thing: It's not a plugin for dspam, it's a plugin for dovecot that links dspam to dovecot. I know :) :) It seemed you were a bit confused when you asked if it would be included with dspam. FWIW, I'm using it with dspam 3.6.8 from debian. But I have a per-user setup, if you want a virtual user setup you probably need to do a bit more work since the plugin will actually need to call the dspam binary with a --user argument which requires a plugin modification. I know that some people have done this modification, but I haven't received any patches. If you get it to work a patch would be welcome. johannes Basically my primary objective is to prevent spam and today i got an interesting link to it: http://searchenterpriselinux.techtarget.com/tip/0%2C289483%2Csid39_gci1235770%2C00.html and http://www.oreillynet.com/pub/a/sysadmin/2005/09/15/qpsmtpd.html I think this method is more reliable since I am playing with a production server. I will surely try to contribute to dovecot, but there is a long way to go ... regards Manilal I've had several setups for SPAM/Virus handling in qmail servers, and the best solution so far was a combination of simscan + dspam + clamav. All the other qmail-queue replacements i've tried, including qpsmtpd, where just too expensive regarding system resources. Most solutions involving perl will simply not do, at least for me, on account of perl overhead. Right now i have several production environments, one of which is rather large, and i've been rather happy with the implementation outcome. That setup includes qmail-ldap with some patches for greylisting and greeting delay, simscan with a patch to handle dspam internal quarantine engine, dspam with a patch to allow user checking/address alias mapping, clamav, maildrop for server side filtering and finally dovecot with Johannes dspam plugin. Besides the regular locations for all that software, you might consider taking a look at the set of patches i mentioned. The link is http://pessoa.fct.unl.pt/hmmm/files/anti-spam/ Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
[Dovecot] testing LDAP connections
Hello all, I haven't looked into the source code, but i suspect that LDAP connections, once established, are not tested properly. My scenario is the followind: Dovecot server firewall - LDAP backend What happens is that the firewall has a security feature which basically make de firewall box forget about connections that are idle for more than X period of time. That particular setting is 30 minutes right now. When that happens, neither the LDAP backend or the Dovecot server get any type of notification, and for all they care the connection is alive and well. This is a very common implementation in firewalls nowadays. So my question is, is there any way to make dovecot re-open a new connection if there is a timeout while trying to use a connection already opened? I believe that this could be of great benefit for those who don't have their servers on the same physical network. Thanks in advance, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _