Re: [Dovecot] SSL/TLS with Outlook client
On 13.11.2007 4:22, Jonathan Bond-Caron wrote: Anyone have any solution to this? I also getting a The target principal name is incorrect. in Outlook 2007 Is this a problem with dovecot? That's probably because you CN doesn't match your server in certificate. Do you using self-signed certificated?
[Dovecot] namespace public folders
Hi list, Here is thing im trying to accomplish. I would like to setup public folders which resposible for delivering mails for some speical addresses like [EMAIL PROTECTED] And it will be perfect if seen status for this folder will be saved per user. I mean if one user read message and set it as read other user should see it still as unread. As I far i know there some limitation in 1.0 tree but not in lates 1.1. My question is can I do such setup with dovecot+postfix. Im really appreciate for simple examples how can i accomplish this kind setup if it possible :)
[Dovecot] Caching?
Any way to minimize the number of sql statements that dovecot do? (and I tried adding userdb prefetch { } but number of sql calls are still the same) Am I doing something wrong or? Regards, BTJ -- --- Bjørn T Johansen [EMAIL PROTECTED] --- Someone wrote: I understand that if you play a Windows CD backwards you hear strange Satanic messages To which someone replied: It's even worse than that; play it forwards and it installs Windows ---
Re: [Dovecot] dovecot.index mtime
M == Matt [EMAIL PROTECTED] writes: M What if the script only touched the dovecot.index if it exists? M That would likely not be too difficult to test for with shell M script. Might be tricky to do in shell without a race. On the other hand maybe a race in this case is not significant. On the other hand it's possible that a running user imap process uses timestamps on the index file to determine whether it needs to update its idea of the content and gratuitously changing it on connect may cause already running processes to do more work that strictly necessary. Haven't looked at the actual code to asses the credibility of this though. On the other hand I've run out of hands now :)
Re: [Dovecot] Caching?
On 13.11.2007, at 13.21, Bjørn T Johansen wrote: Any way to minimize the number of sql statements that dovecot do? (and I tried adding userdb prefetch { } but number of sql calls are still the same) Did you add the userdb_* fields to passdb? Did you put prefetch before userdb sql? Show dovecot -n output? Set auth_debug=yes to see what SQL queries Dovecot actually sends. For actual caching there's also auth_cache_size setting which is 0 by default. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Caching?
On Tue, 13 Nov 2007 15:17:48 +0200 Timo Sirainen [EMAIL PROTECTED] wrote: On 13.11.2007, at 13.21, Bjørn T Johansen wrote: Any way to minimize the number of sql statements that dovecot do? (and I tried adding userdb prefetch { } but number of sql calls are still the same) Did you add the userdb_* fields to passdb? Yes... Did you put prefetchbefore userdb sql? Nope... That might be the reason? Show dovecot -n output? # 1.0.7: /etc/dovecot/dovecot.conf log_path: /lv1/logs/dovecot.log protocols: imap imaps pop3 pop3s listen: [*] disable_plaintext_auth: no login_dir: /usr/var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: maildir:/opt/vmail/%d/%n mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls auth default: mechanisms: plain login digest-md5 cram-md5 user: vmail passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmai Set auth_debug=yes to see what SQL queries Dovecot actually sends. For actual caching there's also auth_cache_size setting which is 0 by default. auth_cache_size is used for only authentication or all sql access? BTJ
Re: [Dovecot] namespace public folders
Hoi, On Tue, Nov 13, 2007 at 02:08:46PM +0300, Nikolay Shopik wrote: My question is can I do such setup with dovecot+postfix. Im really appreciate for simple examples how can i accomplish this kind setup if it possible :) AFAIK the Seen Flag is not maintained on a per user basis. I do the delivery to the public folders via the aliases mechanism and the safecat program http://jeenyus.net/~budney/linux/software/safecat.html which delivers messages from stdin to a Maildir specified on the cmdline. Along with the safecat comes a maildir sh-script that is a wrapper for safecat and makes things shorter. info: |/usr/local/bin/maildir /var/spool/pubfolders/.info contact: |/usr/local/bin/maildir /var/spool/pubfolders/.info sales: |/usr/local/bin/maildir /var/spool/pubfolders/.sales To work around permission problems I have made the safecat programm setuid dovecot user, executable for owner and group and gave it to the group postfix handles aliases deliveries with, e.g.: ---s--x--- 1 dovecotu mail 21024 Oct 19 14:26 /usr/local/bin/safecat HTH, \Maex -- Markus Stumpf
Re: [Dovecot] namespace public folders
On Tue, Nov 13, 2007 at 05:03:37PM +0100, Markus Stumpf wrote: Hoi, On Tue, Nov 13, 2007 at 02:08:46PM +0300, Nikolay Shopik wrote: My question is can I do such setup with dovecot+postfix. Im really appreciate for simple examples how can i accomplish this kind setup if it possible :) AFAIK the Seen Flag is not maintained on a per user basis. Actually it depends. I've found in dovecot 1.0 and 1.1, if you have a dovecot-shared file in the public folder, it forces private flags such as read. The wiki has some information about dovecot-shared. I do the delivery to the public folders via the aliases mechanism and the safecat program http://jeenyus.net/~budney/linux/software/safecat.html which delivers messages from stdin to a Maildir specified on the cmdline. Along with the safecat comes a maildir sh-script that is a wrapper for safecat and makes things shorter. info: |/usr/local/bin/maildir /var/spool/pubfolders/.info contact: |/usr/local/bin/maildir /var/spool/pubfolders/.info sales: |/usr/local/bin/maildir /var/spool/pubfolders/.sales To work around permission problems I have made the safecat programm setuid dovecot user, executable for owner and group and gave it to the group postfix handles aliases deliveries with, e.g.: ---s--x--- 1 dovecotu mail 21024 Oct 19 14:26 /usr/local/bin/safecat HTH, \Maex -- Markus Stumpf
Re: [Dovecot] namespace public folders
13.11.2007 19:30, Adam McDougall пишет: On Tue, Nov 13, 2007 at 05:03:37PM +0100, Markus Stumpf wrote: Hoi, On Tue, Nov 13, 2007 at 02:08:46PM +0300, Nikolay Shopik wrote: My question is can I do such setup with dovecot+postfix. Im really appreciate for simple examples how can i accomplish this kind setup if it possible :) AFAIK the Seen Flag is not maintained on a per user basis. Actually it depends. I've found in dovecot 1.0 and 1.1, if you have a dovecot-shared file in the public folder, it forces private flags such as read. The wiki has some information about dovecot-shared. I do the delivery to the public folders via the aliases mechanism and the safecat program http://jeenyus.net/~budney/linux/software/safecat.html which delivers messages from stdin to a Maildir specified on the cmdline. Along with the safecat comes a maildir sh-script that is a wrapper for safecat and makes things shorter. info: |/usr/local/bin/maildir /var/spool/pubfolders/.info contact: |/usr/local/bin/maildir /var/spool/pubfolders/.info sales: |/usr/local/bin/maildir /var/spool/pubfolders/.sales To work around permission problems I have made the safecat programm setuid dovecot user, executable for owner and group and gave it to the group postfix handles aliases deliveries with, e.g.: ---s--x--- 1 dovecotu mail 21024 Oct 19 14:26 /usr/local/bin/safecat HTH, \Maex -- Markus Stumpf Adam, Thanks for pointing out, sounds promising now! ;)
Re: [Dovecot] SSL/TLS with Outlook client
Nikolay Shopik wrote: On 13.11.2007 4:22, Jonathan Bond-Caron wrote: Anyone have any solution to this? I also getting a The target principal name is incorrect. in Outlook 2007 Is this a problem with dovecot? That's probably because you CN doesn't match your server in certificate. Do you using self-signed certificated? Is there any way around this if you have an IP and lots of A records pointing at it? As I understand it mail clients are going to winge if you use any name other than the one which is in the certificate? My simple research suggests that they don't do a lookup, then a reverse lookup and compare that? It's a problem with vhosted domains... Any suggestions? Ed W
Re: [Dovecot] Using Dovecot as Asterisk PBX voicemail server
--On Monday, November 12, 2007 6:49 PM -0500 Andrew Girling [EMAIL PROTECTED] wrote: One possible solution is that you grant Asterisk access to the mailboxes with as a master user with a (strong) master password. See the wiki for more information: http://wiki.dovecot.org/Authentication/MasterUsers Excellent, that looks like a perfect solution to the problem.
[Dovecot] Enhanced Kerberos support
The recent addition of auth_gssapi_hostname is a welcome addition, but a little more is needed for multi-homed (or multi-domained) sites. SSH recently added this enhancement to address this common need: GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If “yes” then the client must authenticate against the host service on the current hostname. If “no” then the client may authenticate against any service key stored in the machine’s default store. This facility is provided to assist with operation on multi homed machines. The default is “yes”. Note that this option applies only to protocol version 2 GSSAPI connections, and setting it to “no” may only work with recent Kerberos GSSAPI libraries. I've heard that other daemons support multi-names by instead of using gethostname(), obtain the hostname of the interface that the request came in on. Can either approach be looked at for dovecot ? Thanks, -- Richard A Nelson (Rick)cowboy@((linux.)?vnet|us).ibm.com Phone: 1-408-463-5584 Fax: 1-408-463-3873 COBOL Development IBM Silicon Valley Laboratory http://www.ibm.com/software/awdtools/cobol/
Re: [Dovecot] SSL/TLS with Outlook client
Eli Sand wrote: Nikolay Shopik wrote: Usually it works like this. You are configure your mail client to address like this mail.example.com, when mail client establish connection to server and receive certificate it compare CN with current configuration in it. So if you configure connect to mx.example.com but server receive certificate with CN=mail.example.com it should warn you. It doesn't do any PTR lookups. I have experimented with Outlook 2k7 and valid certificates from CACert and I am unable to say that this is for sure how Outlook is behaving. I have tested with a wildcard cert, and names of both the MX record and the A record configured in the mail client. All three of which produced the same ultimate The target principal name is incorrect. Error. The certificate is valid and I do have the root CA certs loaded in Windows correctly. Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] SSL/TLS with Outlook client
Hugo Monteiro wrote: Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Already have and no luck :( My domain is elisand.com and I have tried *.elisand.com, mx1.elisand.com (I believe that's what my MX record is... if not, whatever it is is what I tried) and mail.elisand.com which is the smtp/imap server name I use in Outlook. All three yield the same result :( Eli.
Re: [Dovecot] SSL/TLS with Outlook client
Eli Sand wrote: Hugo Monteiro wrote: Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Already have and no luck :( My domain is elisand.com and I have tried *.elisand.com, mx1.elisand.com (I believe that's what my MX record is... if not, whatever it is is what I tried) and mail.elisand.com which is the smtp/imap server name I use in Outlook. All three yield the same result :( Eli. I have taken the liberty to connect to your server, using openssl, i've seen the following: $ openssl s_client -CApath /usr/share/ca-certificates/cacert.org/ -connect mail.elisand.com:993 CONNECTED(0003) depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] verify return:1 depth=0 /CN=*.elisand.com verify return:1 --- Certificate chain 0 s:/CN=*.elisand.com i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] --- i believe you should change two things. If the name you wish to use on your clients is mail.alisand.com, then the certificate should read CN=mail.elisand.com. Furthermore, it's always a good idea to provide the chaining certificate path on dovecots side. Try using the ssl_ca_file directive on dovecot's configuration. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _
Re: [Dovecot] SSL/TLS with Outlook client
Agree with Hugo most root CA have intermidate certificates which should supplied with your server certificate. Otherwise chain won't work and any client don't trust it. - original message - Subject:Re: [Dovecot] SSL/TLS with Outlook client From: Hugo Monteiro [EMAIL PROTECTED] Date: 14/11/2007 00:14 Eli Sand wrote: Hugo Monteiro wrote: Ah ... wildcard certs .. from what i recall, certs issued like *.example.com were not very well accepted by M$ clients. You should test against non wildcard certs and see how it behaves. Already have and no luck :( My domain is elisand.com and I have tried *.elisand.com, mx1.elisand.com (I believe that's what my MX record is... if not, whatever it is is what I tried) and mail.elisand.com which is the smtp/imap server name I use in Outlook. All three yield the same result :( Eli. I have taken the liberty to connect to your server, using openssl, i've seen the following: $ openssl s_client -CApath /usr/share/ca-certificates/cacert.org/ -connect mail.elisand.com:993 CONNECTED(0003) depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] verify return:1 depth=0 /CN=*.elisand.com verify return:1 --- Certificate chain 0 s:/CN=*.elisand.com i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[EMAIL PROTECTED] --- i believe you should change two things. If the name you wish to use on your clients is mail.alisand.com, then the certificate should read CN=mail.elisand.com. Furthermore, it's always a good idea to provide the chaining certificate path on dovecots side. Try using the ssl_ca_file directive on dovecot's configuration. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _