[Dovecot] v1.0.10 released
http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.10.tar.gz.sig v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to have written a proper test suite which can be run before doing any releases.. * Security hole with LDAP+auth cache: If base setting contained %variables they weren't included in auth cache key, which broke caching. This could have caused different users with same passwords to log in as each other. - LDAP: Fixed potential infinite looping when connection to LDAP server was lost and there were queued requests. - mbox: More changes to fix problems caused by v1.0.8 and v1.0.9. - Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions (caused by changes in v1.0.9) - If protocols=none, don't require imap executables to exist signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Group inboxes
On Tue, 2007-12-11 at 23:38 +0300, Денис Квист wrote: > Please help, i want made "Group Inboxes" like in MDaemon > "Group Inboxes: > Customer service organizations often use group inboxes to receive email > requests. Everyone in the customer service group has read and write access > to the collective incoming mailbox. In this manner, anyone in the group can > respond to each incoming email." > > Is it possible? > > Public folder is not work like i want Why not? > namespace private { > prefix = > separator = / > index = yes > } > namespace public { > prefix = office/ > separator = / > location = maildir:/var/spool/mail/vhosts/testdomain.ru/Maildir/info > hidden = no > } Is Maildir/info/ a maildir itself? That's probably why this doesn't work. If you want to access it as "office/info", you'll need to use rename it to Maildir/.info/ and use: location = maildir:/var/spool/mail/vhosts/testdomain.ru/Maildir > dovecot --version > 1.0.rc15 (Debian Etch) This is also a bit old and there could be some related bugs left in it. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Fishing attempt locking up dovecot
On Tue, 2007-12-11 at 15:58 -0700, Patrick Milvich wrote: > Obviously this can act like a dos attack, but the real issue is after > the spammer stops (by virtue of being added to our firewall blacklist, > being caught and shut down by their isp, or otherwise), dovecot > doesn't seem to relinquish the resources, causing "too many files > open" errors for normal usage. I guess there could be problems after you get "too many open files", but you can configure Dovecot so that it never happens. v1.1 warns about this at startup. Basically you just need to make sure that when starting dovecot, ulimit -n is a bit larger than max_mail_processes + login_max_processes_count + auth_worker_max_count (if you're using MySQL). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.beta11 released
On Sun, 2007-12-09 at 16:17 -0500, Dean Brooks wrote: > Since installing v1.1.beta11, I am now getting these errors in our > syslog anytime I move messages between two folders: > > Dec 9 16:12:19 star dovecot: [ID 107833 mail.error] IMAP(dean): Cached > message > offset lost for seq 4 in mbox file /home/dean/Mail/Trash Could you try if latest nightly snapshot has fixed this? http://dovecot.org/nightly/dovecot-latest.tar.gz I'd like to get a usable beta13 release out. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1.beta10 pop3 process hangs with 100% CPU
On Tue, 2007-12-11 at 14:28 +0200, arvids wrote: > Hello, > > we have observed pop3 process which got stuck consuming all available CPU. > It seems that it happened because of some kind of abnormal POP3 connection > termination. Here is strace info for this process: > > 13:36:05.866190 writev(1, [{"508qWWH96If+uVXeH2Zxl/hkn+plVwmI"..., 3975}, > {"HP1oxt+np0o4Xtz27VQBtxx0zWfGuA3r"..., 193}], 2) = -1 EPIPE (Broken pipe) Thanks, fixed: http://hg.dovecot.org/dovecot/rev/4ff39d30aa4a signature.asc Description: This is a digitally signed message part
Re: [Dovecot] How to logoff a session with dovecot?
On Sun, 2007-12-09 at 18:38 +0700, Robin Atwood wrote: > I use dovecot to push email to my SE P1i and it works very well. :) However, > I > have two email accounts set up on the phone, one using my domain for GPRS and > public WiFi and one using my WLAN address for use at home, the idea being I > don't want to pay for GPRS data at home. The trouble is the GPRS account > remains logged on and I get the mail in both inboxes. There is no option in > the email client on the phone to disconnect, so is there any trick to forcing > a disconnect from the mail server? I guess you could do something with post-login scripting (http://wiki.dovecot.org/PostLoginScripting). For example track GPRS vs. non-GPRS connections based on $IP. When non-GPRS connection logs in, kill all imap processes using GPRS IP. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] namespace problem / 1.1beta11
On Fri, 2007-12-28 at 22:31 +, ja nein wrote: > > * NAMESPACE (("INBOX/" ".")) NIL NIL I don't know why I can't reproduce it, but I think this fixes it: http://hg.dovecot.org/dovecot/rev/0a0ff276bc38 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] auth-ldap not resetting connection state after failed bind
On Thu, 2007-12-20 at 13:35 -0500, Brendan wrote: > >> i believe i tracked it down to a couple lines in db_ldap_bind and fixed > >> it - dovecot-auth is reconnecting to ldap in the condition where it was > >> not previously: > >> > > Thanks. http://hg.dovecot.org/dovecot-1.0/rev/8dcc215fbc06 > > > > timo, i think i found another spot where it won't reconnect. > > when ldap_conn_reconnect was getting called, it wasn't completely > reconnecting, and the requests in conn->delayed_requests_tail would > never be processed. I noticed that dovecot-auth went into infinite loop. Fixed v1.0 the same way you did: http://hg.dovecot.org/dovecot-1.0/rev/1a87f8495e07 And rewrote the queuing code for v1.1: http://hg.dovecot.org/dovecot/rev/0dcea80312b0 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] sieve variables
Timo Sirainen wrote: On Mon, 2007-12-24 at 13:09 +0300, Pavel Volkovitskiy wrote: Hello! I wonder if that possible to add support for sieve variables extension in upcoming dovecot 1.1? ( ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-sieve-variables-08.txt ) I just use Cyrus's Sieve implementation and I don't have any plans on adding new features to it myself. If it gets added to Cyrus, I can port the code to Dovecot. Stephan Bosch however is writing his own new Sieve implementation, which I'm hoping will eventually replace Cyrus Sieve. But even then it pretty much depends on Stephan if he wants to implement it. I will not go into too much detail on the current progress, but I am getting closer to a first release. Most extensions that cmusieve supports are now supported by the new implementation as well (with notify as notable exception). Support for the variables extension is under development, but I am not sure whether it will be included in the first release. I am working on the variables extension already to be able to provide full implementations of include and imap4flags, which partly depend on the variables extension. Note that my time to work on this project is regularly interrupted by periods during which I am working on my graduation full-time, so there is really no way to tell or plan when exactly I will produce a first release. It should not take more than a few more months though (I started in October). Regards, Stephan
Re: [Dovecot] FETCH for mailbox INBOX UID 39641 got too little data: 4823 vs 4825
Timo Sirainen wrote: With these changes I can't break it anymore: http://hg.dovecot.org/dovecot-1.0/rev/0713de760c5f http://hg.dovecot.org/dovecot-1.0/rev/fc5f6bbbf4c0 http://hg.dovecot.org/dovecot-1.0/rev/0a4f86976f50 Yes, thanks Timo, it seems to be fixed! -- Sergey Ivanov.
Re: [Dovecot] namespace problem / 1.1beta11
Hi Timo, well, I don't know how I managed it, either :) Here's the output of the log file with mail_debug=yes. Interestingly it prints out the correct namespace in the log file (I did a synchronization of some folders in this period): Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): Loading modules from directory: /opt/dovecot-1.1-beta12/lib/dovecot/imap Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): Module loaded: /opt/dovecot-1.1-beta12/lib/dovecot/imap/lib20_fts_plugin.so Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): Module loaded: /opt/dovecot-1.1-beta12/lib/dovecot/imap/lib21_fts_squat_plugin.so Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): Effective uid=4, gid=4, home=/home/dovecot/mail/smcc.net/[EMAIL PROTECTED] Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): Namespace: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): maildir: data=/home/dovecot/mail/smcc.net/[EMAIL PROTECTED]:INDEX=/home/dovecot/index/smcc.net/[EMAIL PROTECTED] Dec 28 23:24:33 51 dovecot: IMAP([EMAIL PROTECTED]): maildir++: root=/home/dovecot/mail/smcc.net/[EMAIL PROTECTED], index=/home/dovecot/index/smcc.net/[EMAIL PROTECTED], control=, inbox=/home/dovecot/mail/smcc.net/[EMAIL PROTECTED] Dec 28 23:24:33 51 dovecot: imap-login: Login: user=<[EMAIL PROTECTED]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Dec 28 23:24:52 51 dovecot: IMAP([EMAIL PROTECTED]): Disconnected: Logged out bytes=17572/71038 It seems that the output to the client doesn't correspond to the settings dovecot uses internally?! Regards, Sebastian - Ursprüngliche Mail Von: Timo Sirainen <[EMAIL PROTECTED]> An: ja nein <[EMAIL PROTECTED]> CC: Dovecot Mailing List Gesendet: Freitag, den 28. Dezember 2007, 18:45:56 Uhr Betreff: Re: [Dovecot] namespace problem / 1.1beta11 On Sat, 2007-12-22 at 13:48 +, ja nein wrote: > I think I've hit a separator bug: > > This is namespace query of dovecot and source server: > > * NAMESPACE (("INBOX/" ".")) NIL NIL Yes, that does look like a bug, but I've no idea how you managed to cause it. I just tested your namespace configuration and it works fine with me. Also there shouldn't even be any way to cause this configuration for a list=yes namespace: imap(tss)(pid=31754): namespace configuration error: list=yes requires prefix=INBOX/ to end with separator What do logs show with mail_debug=yes? __ Ihr erstes Baby? Holen Sie sich Tipps von anderen Eltern. www.yahoo.de/clever
Re: [Dovecot] dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server
On Fri, 2007-12-28 at 21:19 +0100, Rolf E. Sonneveld wrote: > >> * is there a reason that Dovecot wants to keep the LDAP connection > >> open? > >> > > > > If there are no timeouts, there's not much point in wasting time and > > reconnecting for no reason. > > > > There are all sorts of situations where timeouts will occur: load > balancers, firewalls, etc. Furthermore, keeping connections open will > require extra resources on both client- and server side; in large-scale > environments this can lead to problems. In large scale environments I'd think there won't be much idle time for the connection to ever get disconnected. And you know it is only 1 or 2 connections per Dovecot server. I don't know how much resources a connection takes from LDAP server side, but on client side it's pretty much nothing. It certainly would take a lot more CPU and network usage to disconnect when idling. If enough people ask for a configurable timeout setting with good enough reasons I might add it, but I'm not yet convinced there's any point in having it. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server
Timo Sirainen wrote: On Mon, 2007-12-24 at 10:45 +0100, Rolf E. Sonneveld wrote: Dec 24 07:20:00 hostname dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server .. I've looked through the archives and it seems that this problem is caused by the fact that Dovecot (using the OpenLDAP client libraries?) keeps the LDAP connection open; after (in our case) 15 minutes Active Directory closes the connection and Dovecot signals this in the syslog (and presumably automatically will create a new connection to AD). I'm pretty sure that the OpenLDAP client libraries provide options to use a client-side timeout for LDAP connections. My questions are: * is there a reason that Dovecot wants to keep the LDAP connection open? If there are no timeouts, there's not much point in wasting time and reconnecting for no reason. There are all sorts of situations where timeouts will occur: load balancers, firewalls, etc. Furthermore, keeping connections open will require extra resources on both client- and server side; in large-scale environments this can lead to problems. * Will the new V1.1 version have a config parameter to set the LDAP client timeout or a default timeout value to close the connection? No. * If there's no 'fix' foreseen for V1.1, I'd like to file a request to add such a parameter. How can I file such a request? How about this: http://hg.dovecot.org/dovecot/rev/ae0556fb268d I was very much surprised and pleased to see this! Thanks very much. Yet, IMHO having a configurable timeout with a decent default value would be my preference, given the issues I listed above. Regards, /rolf
Re: [Dovecot] maildir_uidlist_create assertion failure
On Fri, 2007-12-21 at 17:14 +0100, Mateusz Kijowski wrote: > > "Linux 2.6.18: Seems to have intermittent caching issues. The > > same .config with 2.6.20.1 has been tested and appears to work well." > > > > Maybe the problem is with the kernel. I could of course change the > > assert to be a nicer error message, but that wouldn't really solve > > anything. > > I seem to have a similar assertion failure. Well, not really. :) > dovecot: Dec 21 16:43:41 Error: IMAP(test0): file maildir-uidlist.c: line 143 > (maildir_uidlist_lock_touch): assertion failed: (UIDLIST_IS_LOCKED(uidlist)) Thanks, fixed: http://hg.dovecot.org/dovecot-1.0/rev/500a21b449e9 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] sieve variables
On Mon, 2007-12-24 at 13:09 +0300, Pavel Volkovitskiy wrote: > Hello! > > I wonder if that possible to add support for sieve variables extension > in upcoming dovecot 1.1? > ( > ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-sieve-variables-08.txt > > ) I just use Cyrus's Sieve implementation and I don't have any plans on adding new features to it myself. If it gets added to Cyrus, I can port the code to Dovecot. Stephan Bosch however is writing his own new Sieve implementation, which I'm hoping will eventually replace Cyrus Sieve. But even then it pretty much depends on Stephan if he wants to implement it. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] namespace problem / 1.1beta11
On Sat, 2007-12-22 at 13:48 +, ja nein wrote: > I think I've hit a separator bug: > > This is namespace query of dovecot and source server: > > * NAMESPACE (("INBOX/" ".")) NIL NIL Yes, that does look like a bug, but I've no idea how you managed to cause it. I just tested your namespace configuration and it works fine with me. Also there shouldn't even be any way to cause this configuration for a list=yes namespace: imap(tss)(pid=31754): namespace configuration error: list=yes requires prefix=INBOX/ to end with separator What do logs show with mail_debug=yes? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] assertion on deliver (1.1.beta10)
On Fri, 2007-12-21 at 17:14 +, Nuno Lopes wrote: > Hi, it seemed to correct that one but it gave me this one in return ;-): > > file mailbox-tree.c: line 171 (mailbox_tree_iterate_set_next_node): > assertion failed: (len <= ctx->parent_pos) Can you still reproduce it? Could you show what IMAP command breaks this (e.g. rawlog, http://dovecot.org/bugreport.html#sniffing) and also the maildir's mailbox names (ls -a ~/Maildir). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot + Cygwin the 2nd
On Thu, 2007-12-27 at 02:08 +0100, Ronny wrote: > So PROCESS_UID is never set using env_put() till the point where it is > looked for! The code path to set it is in src/master/login-process.c: login_processes_init() -> login_processes_start_missing() timeout -> login_group_start_missings() -> create_login_process() -> fork, login_process_init_env(). Aren't those called? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] cache files corruption
On Fri, 2007-12-28 at 18:24 +0300, Dmitry Pryadko wrote: > Timo Sirainen пишет: > > On 28.12.2007, at 8.48, Dmitry Pryadko wrote: > > > I use NFS storage. > > >>> > >>> Do you use one or more Dovecot servers? > >>> > >>> > >> Two dovecot servers with round-robin pf balancing and NetApp NFS > >> storage over gigabit ethernet > > > > That pretty much explains it then. See http://wiki.dovecot.org/NFS > > > Thanks! It seems that my problem is fixed in v1.1 with mail_nfs_storage > = yes and mail_nfs_index = yes, am I right ? Yep. Although it still would work faster if you could do per-user (or at least per-IP) redirecting instead of randomly directing the connections. IIRC in my stress tests accessing a mailbox from only one server was 2-5 times faster than if it was accessed from two servers simultaneously. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] per user quota
On Sun, 2007-12-23 at 23:36 +0100, Massimo Maioli wrote: > I've added a quota field to the mysql that read dovecot, but i don't > know ho to read this in dovecot-mysql.conf. See http://wiki.dovecot.org/Quota signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server
On Mon, 2007-12-24 at 10:45 +0100, Rolf E. Sonneveld wrote: > Dec 24 07:20:00 hostname dovecot: auth(default): LDAP: ldap_result() > failed: Can't contact LDAP server .. > I've looked through the archives and it seems that this problem is > caused by the fact that Dovecot (using the OpenLDAP client libraries?) > keeps the LDAP connection open; after (in our case) 15 minutes Active > Directory closes the connection and Dovecot signals this in the syslog > (and presumably automatically will create a new connection to AD). > > I'm pretty sure that the OpenLDAP client libraries provide options to > use a client-side timeout for LDAP connections. My questions are: > > * is there a reason that Dovecot wants to keep the LDAP connection open? If there are no timeouts, there's not much point in wasting time and reconnecting for no reason. > * Will the new V1.1 version have a config parameter to set the LDAP > client timeout or a default timeout value to close the connection? No. > * If there's no 'fix' foreseen for V1.1, I'd like to file a request > to add such a parameter. How can I file such a request? How about this: http://hg.dovecot.org/dovecot/rev/ae0556fb268d signature.asc Description: This is a digitally signed message part
Re: [Dovecot] FETCH for mailbox INBOX UID 39641 got too little data: 4823 vs 4825
With these changes I can't break it anymore: http://hg.dovecot.org/dovecot-1.0/rev/0713de760c5f http://hg.dovecot.org/dovecot-1.0/rev/fc5f6bbbf4c0 http://hg.dovecot.org/dovecot-1.0/rev/0a4f86976f50 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] cache files corruption
Timo Sirainen пишет: On 28.12.2007, at 8.48, Dmitry Pryadko wrote: I use NFS storage. Do you use one or more Dovecot servers? Two dovecot servers with round-robin pf balancing and NetApp NFS storage over gigabit ethernet That pretty much explains it then. See http://wiki.dovecot.org/NFS Thanks! It seems that my problem is fixed in v1.1 with mail_nfs_storage = yes and mail_nfs_index = yes, am I right ? -- Dmitry Pryadko http://www.hc.ru smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] cache files corruption
On 28.12.2007, at 8.48, Dmitry Pryadko wrote: I use NFS storage. Do you use one or more Dovecot servers? Two dovecot servers with round-robin pf balancing and NetApp NFS storage over gigabit ethernet That pretty much explains it then. See http://wiki.dovecot.org/NFS PGP.sig Description: This is a digitally signed message part