Re: [Dovecot] v1.1.rc2 released
On Mar 9, 2008, at 4:36 AM, Timo Sirainen wrote: Fixed: http://hg.dovecot.org/dovecot-1.1/rev/85934050fdbd I also did a related http://hg.dovecot.org/dovecot-1.1/rev/ 2bef36355718 change.. I guess I'll release rc3 soon, and a few days after that if everything seems to work yet another v1.0 with the same changes.. I applied the patches (in fact, downloaded the entire new file). Ran 'make clean', './configure --with-ssldir=/System/Library/OpenSSL --with-ssl=openssl --with-notify=kqueue', 'make', 'sudo make install' ...and still get... G518X2:~/Temp/dovecot-1.1.rc2 root# dovecot -F Fsetregid(65534,6) failed with euid=0: Operation not permitted Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /usr/local/etc/dovecot.conf
Re: [Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11
On Sun, 2008-03-09 at 03:50 -0400, Adam McDougall wrote: Mar 8 17:02:17 boomhauer dovecot: auth-worker(default): BUG: PASSV had missing parameters Thanks, I kept trying to figure out what caused this and then started wondering about password escaping and found the security hole. I still hadn't figured out what caused this though, until I realized that passwords can have linefeeds as well which can cause this. Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 This still shouldn't happen though. I didn't try to reproduce this yet. It's anyway quite difficult to get core dumps out of login processes. I'm not sure if FreeBSD lets you do that in some special way, but there are at least two things in the way: 1. Kernel thinks it's a setuid program, and setuid programs don't core dump. 2. It's chrooted to a non-writable directory. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.rc2 released
On Mar 9, 2008, at 1:18 PM, Bruce Bodger wrote: On Mar 9, 2008, at 4:36 AM, Timo Sirainen wrote: Fixed: http://hg.dovecot.org/dovecot-1.1/rev/85934050fdbd I also did a related http://hg.dovecot.org/dovecot-1.1/rev/2bef36355718 change.. I guess I'll release rc3 soon, and a few days after that if everything seems to work yet another v1.0 with the same changes.. I applied the patches (in fact, downloaded the entire new file). Ran 'make clean', './configure --with-ssldir=/System/Library/OpenSSL --with- ssl=openssl --with-notify=kqueue', 'make', 'sudo make install' ...and still get... G518X2:~/Temp/dovecot-1.1.rc2 root# dovecot -F Fsetregid(65534,6) failed with euid=0: Operation not permitted And this happens with rc3 too? It's working in my Leopard at least.. I don't see why setregid() would fail since it's still running as root (euid=0). Maybe this is a Tiger-problem that's been fixed since. Try switching mail_drop_priv_before_exec setting? It might help, or maybe not. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] v1.1.rc2 released
On Mar 9, 2008, at 7:46 AM, Timo Sirainen wrote: G518X2:~/Temp/dovecot-1.1.rc2 root# dovecot -F Fsetregid(65534,6) failed with euid=0: Operation not permitted And this happens with rc3 too? It's working in my Leopard at least.. I don't see why setregid() would fail since it's still running as root (euid=0). Maybe this is a Tiger-problem that's been fixed since. Try switching mail_drop_priv_before_exec setting? It might help, or maybe not. Just compiled and installed rc3. Tried with and without mail_drop_priv_before_exec setting. Still get... G518X2:~/Temp/dovecot-1.1.rc3 root# dovecot -F Fsetregid(65534,6) failed with euid=0: Operation not permitted Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /usr/local/etc/dovecot.conf Relevant portion of dovecot.conf: # Group to enable temporarily for privileged operations. Currently this is # used only for creating mbox dotlock files when creation fails for INBOX. # Typically this is set to mail to give access to /var/mail. mail_privileged_group = mail # Grant access to these supplementary groups for mail processes. Typically # these are used to set up access to shared mailboxes. Note that it may be # dangerous to set these if users can create symlinks (e.g. if mail group is # set here, ln -s /var/mail ~/mail/var could allow a user to delete others' # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). #mail_access_groups = mail B. Bodger New York, NY
Re: [Dovecot] v1.1.rc2 released
On Sun, 2008-03-09 at 08:03 -0400, Bruce Bodger wrote: Try switching mail_drop_priv_before_exec setting? It might help, or maybe not. Just compiled and installed rc3. Tried with and without mail_drop_priv_before_exec setting. Still get... G518X2:~/Temp/dovecot-1.1.rc3 root# dovecot -F Fsetregid(65534,6) failed with euid=0: Operation not permitted Could it be that 65534 is the problem? I remember there was before some problems with that. What happens if you temporarily try without mail_plugins? dump-capability isn't run then and Dovecot starts, but does this same error happen when a user logs in? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.1.rc2 released
On Mar 9, 2008, at 8:08 AM, Timo Sirainen wrote: Could it be that 65534 is the problem? I remember there was before some problems with that. What happens if you temporarily try without mail_plugins? dump-capability isn't run then and Dovecot starts, but does this same error happen when a user logs in? Disabled all mail_plugins... had been running mail_plugins = mail_log mail_plugin_dir = /usr/local/lib/dovecot/imap and mail_plugins = cmusieve mail_plugin_dir = /usr/local/lib/dovecot/lda Set mail_privileged_group = mail and #mail_access_groups = mail Appears to start ok but then when user logs in... from mail.log... Mar 9 08:18:48 G518X2 dovecot: Killed with signal 15 Mar 9 08:18:52 G518X2 dovecot: Dovecot v1.1.rc3 starting up Mar 9 08:19:26 G518X2 dovecot: imap-login: Login: user=bb, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 9 08:19:26 G518X2 dovecot: Fatal: IMAP(bb): setregid(501,6) failed with euid=0: Operation not permitted Mar 9 08:19:26 G518X2 dovecot: imap-login: Login: user=bb, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 9 08:19:26 G518X2 dovecot: Fatal: IMAP(bb): setregid(501,6) failed with euid=0: Operation not permitted Mar 9 08:19:26 G518X2 dovecot: imap-login: Login: user=bb, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 9 08:19:26 G518X2 dovecot: Fatal: IMAP(bb): setregid(501,6) failed with euid=0: Operation not permitted
Re: [Dovecot] newbie question dovecot and ldap
Hi, It looks like that this user does not exist: LDAP: binding failed (dn cn=natsciadmin,ou=Special Users,dc=ucmerced,dc=edu): No such object Try to bind with Manager (if you have such user), just to be sure! Regards, Fábio Catunda! Joseph Norris escreveu: Hello, Please let me know how I can troubleshoot this - driving me crazy! I have the following dovecot-ldap.conf file: hosts = ldap.ucmerced.edu dn=cn=natsciadmin,ou=Special Users,dc=ucmerced,dc=edu dnpass= ldap_version = 3 base = ou=People,dc=ucmerced,dc=edu deref = never scope = subtree user_attrs = uid user_filter = ((ou=Natural Sciences)(organizationalStatus=active)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = ((ou=Natural Sciences)(organizationalStatus=active)(uid=%u)) default_pass_scheme = CRYPT I am getting the following errors in my log for my test user: Mar 7 11:09:44 malaga dovecot: auth(default): LDAP: binding failed (dn cn=natsciadmin,ou=Special Users,dc=ucmerced,dc=edu): No such object Mar 7 11:10:26 malaga dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAPsecured lip=169.236.129.236 rip=169.236.128.182 Mar 7 11:10:26 malaga dovecot: auth(default): client out: CONT 1 Mar 7 11:10:26 malaga dovecot: auth(default): client in: CONT 1 AGpub3JyaXMAQSR0cjAxZGtpbGxlcg== Mar 7 11:10:28 malaga dovecot: auth(default): pam(jnorris,169.236.128.182): pam_authenticate() failed: Authentication failure Mar 7 11:10:28 malaga dovecot: auth(default): passwd(jnorris,169.236.128.182): password mismatch Mar 7 11:10:28 malaga dovecot: auth(default): ldap(jnorris,169.236.128.182): pass search: base=ou=People,dc=ucmerced,dc=edu scope=subtree filter=((ou=Natural Sciences)(organizationalStatus=active)(uid=jnorris)) fields=uid,userPassword Mar 7 11:10:28 malaga dovecot: auth(default): LDAP: binding failed (dn cn=natsciadmin,ou=Special Users,dc=ucmerced,dc=edu): No such object Mar 7 11:10:30 malaga dovecot: auth(default): client out: FAIL 1 user=jnorristemp Mar 7 11:10:30 malaga dovecot: auth(default): client in: AUTH 2 PLAIN service=IMAPsecured lip=169.236.129.236 rip=169.236.128.182 resp=AGpub3JyaXMAQSR0cjAxZGtpbGxlcg==
Re: [Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11
Timo Sirainen wrote: On Sun, 2008-03-09 at 03:50 -0400, Adam McDougall wrote: Mar 8 17:02:17 boomhauer dovecot: auth-worker(default): BUG: PASSV had missing parameters Thanks, I kept trying to figure out what caused this and then started wondering about password escaping and found the security hole. I still hadn't figured out what caused this though, until I realized that passwords can have linefeeds as well which can cause this. Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 This still shouldn't happen though. I didn't try to reproduce this yet. It's anyway quite difficult to get core dumps out of login processes. I'm not sure if FreeBSD lets you do that in some special way, but there are at least two things in the way: 1. Kernel thinks it's a setuid program, and setuid programs don't core dump. 2. It's chrooted to a non-writable directory. 1. I could enable this: # sysctl -d kern.sugid_coredump kern.sugid_coredump: Enable coredumping set user/group ID processes 2. And add an absolute path infront of this that is world writable: # sysctl kern.corefile kern.corefile: %N.%P.boomhauer.core Can you think of a way that I could force the issue to be reproduced so I can get away with making these changes on less servers?
Re: [Dovecot] Wrong message information reported shortly after delivery
Can you reproduce it without your IMAP client? For example using imaptest (http://imapwiki.org/ImapTest) as the client and running: Hi, Here's some more information on how to easily reproduce the problem. First, I'd like to describe my environment: OS - RHEL4, FS - ext3, dovecot 1.0.12. See dovecot -n at end of message. Messages are delivered via dovecot deliver invoked by postfix. The problem is reproduced when the system is completely idle - no user is logged in, except the test user. I wrote a short python script (attached) that reproduces the problem very easily. The script sends an email via SMTP, then IMAP fetches from inbox to check when message arrives. Once it arrives it checks if the size is zero and reports it. The script ends when dovecot reports a non-zero message size. The script consistently reproduces the problem on every RHEL4 server I tested (weak and strong) and with any file size. The script is run as ./send_fetch_test.py USER PASSWORD FILE [SERVER] FILE - any file. Contents doesn't matter. NOTE - The script initially deletes all messages from inbox just to minimize output. The problem occurs also when other messages exist. Here's a sample output: 2008-03-09 17:00:41.449833 Sent 1011 bytes to [EMAIL PROTECTED] 2008-03-09 17:00:41.472034 No messages in INBOX. Waiting... 2008-03-09 17:00:42.480654 No messages in INBOX. Waiting... 2008-03-09 17:00:43.487617 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:44.494382 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:45.501444 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:46.550623 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:47.593704 Got valid RFC822.SIZE 1509: 1 (FLAGS (\Recent) INTERNALDATE 09-Mar-2008 17:00:41 +0200 RFC822.SIZE 1509 UID 63) For this output I attached also the IMAP network capture and a strace of the imap process. dovecot -n: # 1.0.12: /usr/local/etc/dovecot.conf log_timestamp: “%Y-%m-%d %H:%M:%S ” protocols: imap listen: *:143 ssl_disable: yes disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_process_per_connection: no first_valid_uid: 150 last_valid_uid: 150 dotlock_use_excl: yes fsync_disable: yes maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: yes mail_plugins: quota imap_quota auth default: mechanisms: plain login user: nobody master_user_separator: * passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf passdb: driver: passwd-file args: /usr/local/etc/dovecot.masterusers master: yes userdb: driver: prefetch userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: mail plugin: quota: maildir:storage=1024 I hope this helps, Thanks, Ron Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs send_fetch_test.tgz Description: application/compressed
[Dovecot] Setting individual SSL/TLS settings with OpenLDAP
I am using OpenLDAP to read Dovecot User settings and want to use TLS for user_attrs and pass_attrs queries. So I set tls = yes and it kept failing until I told the OpenLDAP ldap client in /etc/ldap/ldap.conf where the CA certificate can be found. So far so good. Now just in case... could I tell dovecot to read the OpenLDAP client settings from a non default configuration file e.g. /etc/dovecot/ldaprc. I know Cyrus SASL can do this with the ldapdb plugin and I'd be interested if this is possible with Dovecot too. TIA, [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: [Dovecot] suspect valgrind error in mail-index-map.c
On Sun, Mar 9, 2008 at 2:07 AM, Diego Liziero [EMAIL PROTECTED] wrote:
[..]
180 (124 direct, 56 indirect) bytes in 1 blocks are definitely lost in loss
record 3 of 5
[..]
by 0x80B59CB: mail_transaction_log_file_alloc
(mail-transaction-log-file.c:51)
by 0x80B3A86: mail_transaction_log_find_file (mail-transaction-log.c:385)
I think that it's this last line causing the error.
mail-transaction-log.c
343 int mail_transaction_log_find_file(struct mail_transaction_log *log,
344uint32_t file_seq, bool nfs_flush,
345struct mail_transaction_log_file **file_r)
346 {
347 struct mail_transaction_log_file *file;
348 const char *path;
349 int ret;
[..]
382 /* see if we have it in log.2 file */
383 path = t_strconcat(log-index-filepath,
384MAIL_TRANSACTION_LOG_SUFFIX.2, NULL);
385 file = mail_transaction_log_file_alloc(log, path);
Here a new mail_transaction_log_file is allocated before getting lost.
Maybe I'm wrong, but, isn't here a path where
mail_transaction_log_file_free(file); should be called before
returning without losing the memory pointed by file?
386 if ((ret = mail_transaction_log_file_open(file, TRUE)) = 0)
387 return ret;
388
389 /* but is it what we expected? */
390 if (file-hdr.file_seq != file_seq)
391 return 0;
392
393 *file_r = file;
394 return 1;
395 }
Regards,
Diego.
[Dovecot] Telephone systems and Dovecot
Hi folks, We're looking to integrate our telephone system with our email system. The telephone system will use IMAP4 to store WAV files in a users mailbox and then retrieve them for playing if necessary. This is usually called unified messaging. The manufacturers are claiming full integration with Microsoft Exchange and Lotus Notes using IMAP4 and a single username and password to access all the users mailboxes. I can see that Dovecot has a master user feature that looks like it will do the job. Has anyone had any experience of using dovecot as a unified message server for a telephone system and has anyone any experience of configuring dovecot so that an MS exchange IMAP4 client using a master user can use dovecot without changing the client? Jon.
Re: [Dovecot] Telephone systems and Dovecot
Words by Jonathan Knight [Sun, Mar 09, 2008 at 08:21:44PM +]: Hi folks, We're looking to integrate our telephone system with our email system. The telephone system will use IMAP4 to store WAV files in a users mailbox and then retrieve them for playing if necessary. This is usually called unified messaging. The manufacturers are claiming full integration with Microsoft Exchange and Lotus Notes using IMAP4 and a single username and password to access all the users mailboxes. I can see that Dovecot has a master user feature that looks like it will do the job. Yes. http://wiki.dovecot.org/Authentication/MasterUsers Has anyone had any experience of using dovecot as a unified message server You mean as part of a unified messaging solution? Yes, by using the master user feature and vfile global ACLs (http://wiki.dovecot.org/ACL) to further control which folders the unified messaging user will be able to write to. for a telephone system and has anyone any experience of configuring dovecot so that an MS exchange IMAP4 client using a master user can use dovecot without changing the client? Sorry, couldn't grok this last past. Isn't MS exchange IMAP4 IMAP? And why would you want to allow the client to login with a master user? Anyway, you can put loginuser*masteruser and masterpassword on the username and password boxes on the client as explained by the documentation. -- Jose Celestino http://www.msversus.org/ ; http://techp.org/petition/show/1 http://www.vinc17.org/noswpat.en.html If you would have your slaves remain docile, teach them hymns. -- Ed Weathers (The Empty Box)
Re: [Dovecot] Automatic Debian repository with packages for Dovecot-1.1 including Sieve and ManageSieve support.
On Sat, 8 Mar 2008, Stephan Bosch wrote: Hello Dovecot users, For those of you who like to live on the edge, there is now a Debian-testing repository available with hourly updates from recent Dovecot-1.1 changes in the Mercurial repositories. It automatically releases a new set of packages if it notices any changes in any of the repositories. The packages are built with dovecot-sieve-1.1 and dovecot-1.1-managesieve included. Currently, it only provides binaries for the i386 architecture and no source packages are available. The small Debian-specific patches that are included in the official Debian packages are currently not included for this repository. Also, the packages are currently not PGP signed. Reasonable enough. (-: I urge you to provide source packages so (a) I can read the debian diff, and (b) I can build them for my amd64 server. -- Asheesh. -- If our behavior is strict, we do not need fun!
Re: [Dovecot] Telephone systems and Dovecot
Sorry, couldn't grok this last past. Isn't MS exchange IMAP4 IMAP? And why would you want to allow the client to login with a master user? Anyway, you can put loginuser*masteruser and masterpassword on the username and password boxes on the client as explained by the documentation. I might not have asked that last question in the clearest way. The telephone systems access MS Exchange and Lotus notes using the IMAP4 interface of Exchange/Notes and a single (presumably master) username and password. The telephone systems then adds voicemail messages (as a WAV attachment to an ordinary message) to the users inbox and, if the user dials in for their voicemail, they can access the INBOX to find the voicemail messages and play those back. From the users perspective they can either get their voicemail by dialing in, or by reading their inbox and playing the WAV files. I was wondering whether anyone had any documentation on the differences between using Dovecot with a master user and using exchange/notes with a master user. In other words if the telephone exchange says it fully support Exchange/Notes how much work should I expect in getting it to work with dovecot? Jon.
Re: [Dovecot] Telephone systems and Dovecot
On Sun, Mar 9, 2008 at 5:52 PM, Jonathan Knight [EMAIL PROTECTED] wrote: I was wondering whether anyone had any documentation on the differences between using Dovecot with a master user and using exchange/notes with a master user. In other words if the telephone exchange says it fully support Exchange/Notes how much work should I expect in getting it to work with dovecot? I would look directly at Exchange IMAP performance (and specify your exchange version). I have never found exchange IMAP to work well for end user clients, either it bangs the server senseless. But if you were to compare MSIMAP to Dovecot you might only need to look for some MSIMAP woes in google, particularly in large email files (large in this case meaning something with an 2mb attachment or so) and moving large folders. But obviously specialize gateways like Blackberry or what not work just fine so this might as well. And obviously its only dealing with a specific client task. -- Gabriel Millerd
Re: [Dovecot] Telephone systems and Dovecot
Words by Jonathan Knight [Sun, Mar 09, 2008 at 10:52:05PM +]: I might not have asked that last question in the clearest way. The telephone systems access MS Exchange and Lotus notes using the IMAP4 interface of Exchange/Notes and a single (presumably master) username and password. The telephone systems then adds voicemail messages (as a WAV attachment to an ordinary message) to the users inbox and, if the user dials in for their voicemail, they can access the INBOX to find the voicemail messages and play those back. From the users perspective they can either get their voicemail by dialing in, or by reading their inbox and playing the WAV files. Ok, so I groked it the first time. That describes exactly the scenario we have with dovecot. But our telephone exchange was make in-house so we don't have that big of a problem with interoperability. And I can't answer your next question... I was wondering whether anyone had any documentation on the differences between using Dovecot with a master user and using exchange/notes with a master user. In other words if the telephone exchange says it fully support Exchange/Notes how much work should I expect in getting it to work with dovecot? -- Jose Celestino http://www.msversus.org/ ; http://techp.org/petition/show/1 http://www.vinc17.org/noswpat.en.html If you would have your slaves remain docile, teach them hymns. -- Ed Weathers (The Empty Box)
Re: [Dovecot] Automatic Debian repository with packages for Dovecot-1.1 including Sieve and ManageSieve support.
Asheesh Laroia wrote: On Sat, 8 Mar 2008, Stephan Bosch wrote: Hello Dovecot users, For those of you who like to live on the edge, there is now a Debian-testing repository available with hourly updates from recent Dovecot-1.1 changes in the Mercurial repositories. It automatically releases a new set of packages if it notices any changes in any of the repositories. The packages are built with dovecot-sieve-1.1 and dovecot-1.1-managesieve included. Currently, it only provides binaries for the i386 architecture and no source packages are available. The small Debian-specific patches that are included in the official Debian packages are currently not included for this repository. Also, the packages are currently not PGP signed. Reasonable enough. (-: I urge you to provide source packages so (a) I can read the debian diff, and (b) I can build them for my amd64 server. Yeah, I know. Currently, my setup is a bit crude with the ./debian directory residing directly in my dovecot hg repository. This does not fair well with building a debian source package, so I'll have to change that to something that at least exports a .orig.tar.gz from the repository. I am very busy this week, but I think I can manage to build this in the coming weekend. Regards, Stephan
Re: [Dovecot] suspect valgrind error in mail-index-map.c
On Sun, 2008-03-09 at 21:16 +0100, Diego Liziero wrote: 385 file = mail_transaction_log_file_alloc(log, path); Here a new mail_transaction_log_file is allocated before getting lost. Maybe I'm wrong, but, isn't here a path where mail_transaction_log_file_free(file); should be called before returning without losing the memory pointed by file? Right. Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/e569788da4e8 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Wrong message information reported shortly after delivery
On Sun, 2008-03-09 at 09:01 -0700, Ron Avriel wrote: Can you reproduce it without your IMAP client? For example using imaptest (http://imapwiki.org/ImapTest) as the client and running: Hi, Here's some more information on how to easily reproduce the problem. First, I'd like to describe my environment: OS - RHEL4, FS - ext3, dovecot 1.0.12. See dovecot -n at end of message. Messages are delivered via dovecot deliver invoked by postfix. The problem is reproduced when the system is completely idle - no user is logged in, except the test user. Thanks, in my previous tests I didn't use quota plugin with deliver which was needed to notice this. The problem is: 1. deliver adds message appended to index file 2. quota plugin runs for a while 3. deliver updates filename-uid mapping in dovecot-uidlist The problem is when: 1.5. imap sees the new message from index file and wants to fetch its size (or something else). But it doesn't find the filename from dovecot-uidlist, so it assumes the message has been expunged and returns a default value for the fetch, in rfc822.size case it returns 0. The fix would be to write dovecot-uidlist before index file. v1.1 actually does this already and this bug isn't reproducible there. But this isn't that easy to fix in v1.0 without changing code more than I'd like to. With v1.0 uidlist updating goes like: 1. Create dovecot-uidlist.lock 2. Write uidlist to the dovecot-uidlist.lock 3. rename() it to dovecot-uidlist This can't be done before index is updated, because the lock would be lost too early. v1.1 does this: 1. Create dovecot-uidlist.lock 2. Write uidlist to dovecot-uidlist.tmp 3. rename() .tmp to dovecot-uidlist 4. Delete dovecot-uidlist.lock Since you're the first one to notice this problem, I think I'd rather not risk breaking v1.0 with this change.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1 master auth not expanding static userdb variables
On Sat, 2008-03-08 at 13:21 -0800, Andrew Roberts wrote: Dovecot is configured with static userdb and args = user=%Lu uid=206 gid=206 home=/var/mailhomes/%Lu, which takes care of making sure the username is lowercase. All of this has been working fine for some time with dovecot-1.0. After upgrading to 1.1_rc2, however, deliver creates a maildir named %Lu and delivers all mail for all users to it. Is the %Lu from home=/var/mailhomes/%Lu user from user=%Lu? Do either of them get expanded correctly? dovecot-auth should already do the %Lu expansion, not deliver/master. Set auth_debug=yes and see what it shows in Master out line? I couldn't reproduce this, %Lu was always expanded. I did find a crash though: http://hg.dovecot.org/dovecot-1.1/rev/2d3b9a6d23f5 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] (no subject)
On Sat, 2008-03-08 at 15:48 +0200, Brent Clark wrote: password_query = SELECT username as user, password, home , uid as Mar 8 15:42:56 eccostorage dovecot: auth-worker(default): sql(bclark, 192.168.111.31): query: SELECT username as user, password, home , uid as userdb_uid, gid as userdb_gid FROM user WHERE username = 'bclark' and domain = 'eccotours.biz' You changed passdb to sql. Mar 8 15:42:56 eccostorage dovecot: auth(default): passwd(bclark, 192.168.111.31): lookup Mar 8 15:42:56 eccostorage dovecot: auth(default): passwd(bclark, 192.168.111.31): unknown user But your userdb is still passwd. Change that to sql as well. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] invoking LDA in .forward
On Sat, 2008-03-08 at 15:42 +0100, Jeremie Bouttier wrote: For people using mostly remote MUAs, it might be interesting to use Dovecot's LDA. I read on http://wiki.dovecot.org/LDA that this is possible using .forward files, however this fails on our system with : file_lock_dotlock() failed with mbox file /var/mail/user: Permission denied (/var/mail is 2775 for root:mail as recently discussed). Is there a possible fix ? I also read that deliver is not designed to be run setuid root, I guess this also applies to being run setgid mail... You could set it setgid mail, but that probably allows your users to write to any files/dirs writable by mail group with some symlinks. How about just setting /var/mail 01777? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Quota problems with IMAP and POP?
On Sat, 2008-03-08 at 20:00 +0100, Nicolas Letellier wrote: Hello, I would like to know if it could be appears problem using POP and IMAP in a mailbox? Is it adviced to use one of the two protocols? There shouldn't be problems using both POP and IMAP. They both use the exact same mailbox handling (and quota) code. Just make sure you remember to add mail_plugins=quota to both imap and pop section. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11
On Sun, 2008-03-09 at 11:48 -0400, Adam McDougall wrote: Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 1. I could enable this: # sysctl -d kern.sugid_coredump kern.sugid_coredump: Enable coredumping set user/group ID processes 2. And add an absolute path infront of this that is world writable: # sysctl kern.corefile kern.corefile: %N.%P.boomhauer.core Interesting. I added these to: http://dovecot.org/bugreport.html Can you think of a way that I could force the issue to be reproduced so I can get away with making these changes on less servers? I think this fixes it: http://hg.dovecot.org/dovecot-1.1/rev/de4881149c0e signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Setting individual SSL/TLS settings with OpenLDAP
On Sun, 2008-03-09 at 20:41 +0100, Patrick Ben Koetter wrote: I am using OpenLDAP to read Dovecot User settings and want to use TLS for user_attrs and pass_attrs queries. So I set tls = yes and it kept failing until I told the OpenLDAP ldap client in /etc/ldap/ldap.conf where the CA certificate can be found. So far so good. Now just in case... could I tell dovecot to read the OpenLDAP client settings from a non default configuration file e.g. /etc/dovecot/ldaprc. I know Cyrus SASL can do this with the ldapdb plugin and I'd be interested if this is possible with Dovecot too. Could you try if this works: http://hg.dovecot.org/dovecot-1.1/rev/8a4ecf4c2ca1 (needs also http://hg.dovecot.org/dovecot-1.1/rev/a61102ad418f to apply cleanly) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11
Timo Sirainen wrote: On Sun, 2008-03-09 at 11:48 -0400, Adam McDougall wrote: Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 1. I could enable this: # sysctl -d kern.sugid_coredump kern.sugid_coredump: Enable coredumping set user/group ID processes 2. And add an absolute path infront of this that is world writable: # sysctl kern.corefile kern.corefile: %N.%P.boomhauer.core Interesting. I added these to: http://dovecot.org/bugreport.html Can you think of a way that I could force the issue to be reproduced so I can get away with making these changes on less servers? I think this fixes it: http://hg.dovecot.org/dovecot-1.1/rev/de4881149c0e Applied to my installation. Do you think the condition was it introduced around rc1, or older?
Re: [Dovecot] 1.1r1: auth-worker(default): BUG: PASSV had missing parameters, sig11
On Sun, 2008-03-09 at 23:39 -0400, Adam McDougall wrote: Timo Sirainen wrote: On Sun, 2008-03-09 at 11:48 -0400, Adam McDougall wrote: Mar 8 17:05:17 boomhauer dovecot: child 72819 (login) killed with signal 11 I think this fixes it: http://hg.dovecot.org/dovecot-1.1/rev/de4881149c0e Applied to my installation. Do you think the condition was it introduced around rc1, or older? The potential for PASSV had missing parameters has been there for a long time. The login process crash was added in beta14 I think. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1 master auth not expanding static userdb variables
Timo Sirainen wrote: On Sat, 2008-03-08 at 13:21 -0800, Andrew Roberts wrote: Dovecot is configured with static userdb and args = user=%Lu uid=206 gid=206 home=/var/mailhomes/%Lu, which takes care of making sure the username is lowercase. All of this has been working fine for some time with dovecot-1.0. After upgrading to 1.1_rc2, however, deliver creates a maildir named %Lu and delivers all mail for all users to it. Is the %Lu from home=/var/mailhomes/%Lu user from user=%Lu? Do either of them get expanded correctly? dovecot-auth should already do the %Lu expansion, not deliver/master. Set auth_debug=yes and see what it shows in Master out line? It looks like dovecot-auth is doing the right thing. Mar 9 21:08:17 milne dovecot: auth(default): master in: USER 1 [EMAIL PROTECTED] service=deliver Mar 9 21:08:17 milne dovecot: auth(default): master out: USER 1 [EMAIL PROTECTED] uid=206 gid=206 home=/var/mail/mailhome/[EMAIL PROTECTED] mail=maildir:/var/mail/[EMAIL PROTECTED] Here's the output of dovecot -n # 1.1.rc3: /etc/dovecot/dovecot.conf protocols: imaps imap managesieve listen(default): 127.0.0.1:143 listen(imap): 127.0.0.1:143 listen(managesieve): 127.0.0.1:2000 ssl_listen(default): *:993 ssl_listen(imap): *:993 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/dovecot/imapd.crt ssl_key_file: /etc/ssl/dovecot/imapd.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(managesieve): no valid_chroot_dirs: /var/mail first_valid_uid: 206 last_valid_uid: 206 first_valid_gid: 206 last_valid_gid: 206 mail_location: maildir:/var/mail/%Lu maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugins(default): acl mail_plugins(imap): acl mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(managesieve): ~/sieve sieve(default): sieve(imap): sieve(managesieve): ~/.dovecot.sieve namespace: type: private separator: . location: maildir:/var/mail/%Lu inbox: yes list: yes subscriptions: yes namespace: type: public separator: . prefix: shared. location: maildir:/var/mail/shared:CONTROL=/var/mail/mailhome/%Lu/shared:INDEX=/var/mail/mailhome/%Lu/shared list: yes subscriptions: yes auth default: mechanisms: PLAIN LOGIN default_realm: noom.org user: postmaster debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: static args: allow_all_users=yes user=%Lu uid=206 gid=206 home=/var/mail/mailhome/%Lu mail=maildir:/var/mail/%Lu socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/deliver-auth mode: 384 user: vmail group: vmail plugin: acl: vfile
Re: [Dovecot] 1.1 master auth not expanding static userdb variables
On Sun, 2008-03-09 at 21:18 -0700, Andrew Roberts wrote: After upgrading to 1.1_rc2, however, deliver creates a maildir named %Lu and delivers all mail for all users to it. Is the %Lu from home=/var/mailhomes/%Lu user from user=%Lu? Do either of them get expanded correctly? dovecot-auth should already do the %Lu expansion, not deliver/master. Set auth_debug=yes and see what it shows in Master out line? It looks like dovecot-auth is doing the right thing. Mar 9 21:08:17 milne dovecot: auth(default): master in: USER 1 [EMAIL PROTECTED] service=deliver Mar 9 21:08:17 milne dovecot: auth(default): master out: USER 1 [EMAIL PROTECTED] uid=206 gid=206 home=/var/mail/mailhome/[EMAIL PROTECTED] mail=maildir:/var/mail/[EMAIL PROTECTED] ok, so: namespace: type: private separator: . location: maildir:/var/mail/%Lu inbox: yes list: yes subscriptions: yes Do you mean it creates /var/mail/%Lu directory and changing namespace location changes this to e.g. /var/mail/test tries to create that instead of %Lu? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1 master auth not expanding static userdb variables
On Sun, 2008-03-09 at 21:18 -0700, Andrew Roberts wrote: Here's the output of dovecot -n # 1.1.rc3: /etc/dovecot/dovecot.conf BTW: mail_location: maildir:/var/mail/%Lu This is never used, because you specified it in namespace: namespace: type: private separator: . location: maildir:/var/mail/%Lu This is what is always used. userdb: driver: static args: allow_all_users=yes user=%Lu uid=206 gid=206 home=/var/mail/mailhome/%Lu mail=maildir:/var/mail/%Lu mail is also never used here, because although it overrides mail_location, namespace's location overrides mail_location. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] 1.1 master auth not expanding static userdb variables
On Mon, 10 Mar 2008, Timo Sirainen wrote: Do you mean it creates /var/mail/%Lu directory and changing namespace location changes this to e.g. /var/mail/test tries to create that instead of %Lu? That's right. Changing it to /var/mail/%u creates a directory named %u. Same for test. The mail=maildir:/var/mail/%Lu in usrdb args was something I added to see if it made a difference. I've enabled logging in deliver, but am getting only the info mesages that show the correct (expanded) username and say saved mail to INBOX. Andrew
Re: [Dovecot] Quota problems with IMAP and POP?
Timo Sirainen a écrit : On Sat, 2008-03-08 at 20:00 +0100, Nicolas Letellier wrote: Hello, I would like to know if it could be appears problem using POP and IMAP in a mailbox? Is it adviced to use one of the two protocols? There shouldn't be problems using both POP and IMAP. They both use the exact same mailbox handling (and quota) code. Just make sure you remember to add mail_plugins=quota to both imap and pop section. Okay, thanks for the information :-) -Nicolas
Re: [Dovecot] Wrong message information reported shortly after delivery
Thanks, in my previous tests I didn't use quota plugin with deliver which was needed to notice this. The problem is: 1. deliver adds message appended to index file 2. quota plugin runs for a while 3. deliver updates filename-uid mapping in dovecot-uidlist Thanks for the quick answer. Why does it take four seconds (!) from the time dovecot first reports an invalid message information until the correct information is reported? The time is measured for the delivery of a 1KB message to an empty mailbox on a completely idle system. 2008-03-09 17:00:41.449833 Sent 1011 bytes to [EMAIL PROTECTED] 2008-03-09 17:00:41.472034 No messages in INBOX. Waiting... 2008-03-09 17:00:42.480654 No messages in INBOX. Waiting... 2008-03-09 17:00:43.487617 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:44.494382 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:45.501444 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:46.550623 ERROR: Got invalid RFC822.SIZE 0: 1 (FLAGS (\Recent) INTERNALDATE 01-Jan-1970 00:00:00 + RFC822.SIZE 0 UID 63) 2008-03-09 17:00:47.593704 Got valid RFC822.SIZE 1509: 1 (FLAGS (\Recent) INTERNALDATE 09-Mar-2008 17:00:41 +0200 RFC822.SIZE 1509 UID 63) Thanks again, Ron Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
