Re: [Dovecot] dovecot performance

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Aug 15, 2008 at 03:37:53PM -0300, Sebastien Tandel wrote:

[...]

>> [fork is fast]

> OK, it measures the fork instruction. But fork is using a copy-on-write 
> mechanism ... It means that *none* of the parent's memory pages are copied. 
> Each page is simply *shared* by *all* the child /until/ a modification is 
> made to it.Therefore this test obviously does not take into account time 
> taken when modifying data. And I strongly suspect that dovecot is not only 
> doing read-only access to memory when running. :-/

Yep, but what can you do after pre-forking and before the request comes
in?

Thus I'd expect pre-forking not to save us much which can't be saved by
prudent programming (save mentioned exception of > thousands of connects
per second).

We are now deeply in specula-land, I guess ;-)

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIplsTBcgs9XrR2kYRAlnWAJ9N4no7nCvu9f/psXBpFJdBhYEwMgCZAWfe
EPXLY1QCdx999EXv4q/tbf8=
=7bCz
-END PGP SIGNATURE-

Re: [Dovecot] POP3 dictionary attacks

[Mark Sapiro]

Kenneth Porter wrote:

>--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger
> wrote:
>
>> fail2ban will not work for this as the incoming ip addresses are
>> spoofed.  fail2ban would end up blocking legitimate servers.
>
>How do you spoof a source address on a TCP connection? I was unaware that
>was possible. How would replies know how to get back to the spoofing host?
>At best, you can spoof another host on your own routed segment. Unless you
>have control of the routing tables on the connecting routers, of course.

Exactly. These days, IP spoofing is most useful to hide the identity of
the perpetrator of a DoS attack. It certainly is not applicable to a
dictionary attack on POP3 or other logins since with a spoofed IP, the
perpetrator will never see the response to determine if the login
attempt was successful.

-- 
Mark Sapiro <[EMAIL PROTECTED]>The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

Re: [Dovecot] dovecot: Fatal: Time just moved backwards by 3603 seconds.

[Daniel L. Miller]

Stephen Feyrer wrote:

Daniel L. Miller wrote:

Stephen Feyrer wrote:

 Hi Everyone. 

Ooops I just broke my dovecot install.

I've looked through the mailing list archives and not found anything 
relevant.



When I try to connect to my mail server I get this message.
"Could not connect to mail server chen.home.org; connection was 
refused"



The last message in /var/log/mail.err is:-

Aug 13 21:02:27 chen dovecot: Fatal: Time just moved backwards by 
3603 seconds. This might cause a lot of problems, so I'll just kill 
myself now. http://wiki.dovecot.org/TimeMovedBackwards



It seems this is my own fault.  Time on my system is a little wonky 
so I reset the time and then I found out I'd broken Dovecot.  I 
didn't realise that doing this would have an impact on dovecot.  I 
read the web page and to be honest I'm not confident about hacking 
source code.


I've reinstalled dovecot which worked except it hasn't solved my 
time travel problem.


By the way since my first install of dovecot the config file seems 
to have changed a little but since I've tried to migrate my settings 
over the new file and been met with the same problem I don't think 
it's that.


Is it possible to get dovecot working again?
What happens when you try to start Dovecot again?  Not re-install - 
just start it.




I just did this to show you.

# /etc/init.d/dovecot restart
 * Stopping dovecot ...[ ok ]
 * Starting dovecot ...[ ok ]

And then this...


And then this again...
 # /etc/init.d/dovecot restart
 * Stopping dovecot ... [ ok ]
 * Starting dovecot ...
Warning: Last died with error (see error log for more information): 
Time just moved backwards by 106 seconds. This might cause a lot of 
problems, so I'll just kill myself now. 
http://wiki.dovecot.org/TimeMovedBackwards[ ok ]


I've not seen this before in a restart.

That was followed by...
# /etc/init.d/dovecot restart
 * Stopping dovecot ...[ ok ]
 * Starting dovecot ...[ ok ]


--
Regards

Stephen.
Whoa!  OK - so I'm seeing sometimes it works fine, and sometimes it 
reports this problem?  You started off with a 3306 second jump (an hour 
off) to a 106 second jump (almost two minutes).  Something is REALLY 
whacked with your clock!


Umdo you have a UPS?  If not - get one!
Are you running running an ntp server?  I'm assuming not.  It's time to 
start.


--
Daniel

[Dovecot] Problem with squirrelmail and dovecot 1.1

[Gerhard Wiesinger]

Hello!

I'm running squirrelmail 1.4.8 (I know this is not the latest version) and 
know I'm having troubles with:

1.) Folder list view
2.) Save to sent or Drafts folder.

Configuration worked well. I think it has to do with the upgrade from 
dovecot 1.0 to 1.1 and the LIST command. Thunderbird/alpine work well.


Commands from rawlog are:
A002 LIST "" "~/Mail/Drafts"
A002 OK List completed.

or

A002 LIST "" "~/Mail/sent"
A003 CREATE "~/Mail/sent"
A002 OK List completed.
A003 NO Mailbox exists.

Has something changed in the folder behaviour of dovecot from 1.0 to 1.1?

If you need more information please let me know it.

Any ideas?

Thnx.

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Dovecot] POP3 dictionary attacks

[Dean Brooks]

On Fri, Aug 15, 2008 at 06:43:30PM -0300, Eduardo M KALINOWSKI wrote:
> Charles Marcus wrote:
> > Dictionary attacks are a fact of life these days.
> >
> > Just install some kind of blocking on your firewall (fail2ban is a good
> > one), and let it take care of the worst of it..
> 
> I wonder what  they want by cracking a POP3 server. Read the user's
> mails? It's true POP3 passwords are almost always equal to SMTP ones
> (which is useful for spamming), but then why not try to crack the SMTP
> server directly?

One reason is so that they can get SMTP AUTH information and then sell
the username/password pairs to spammers.

Open relays are much more rare nowadays, so having a legitimate
pre-existing account that can be used for outbound spam is worth much
more than opening a new hotmail or gmail account.  Especially through
smaller ISPs that may not have adequate outbound mail rate-limits in
place.

A single hijacked mail account through a small ISP without rate-limits
can be used to send an incredible amount of spam before it's caught.

--
Dean Brooks
[EMAIL PROTECTED]

Re: [Dovecot] POP3 dictionary attacks

[Kenneth Porter]

--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger 
<[EMAIL PROTECTED]> wrote:



fail2ban will not work for this as the incoming ip addresses are
spoofed.  fail2ban would end up blocking legitimate servers.


How do you spoof a source address on a TCP connection? I was unaware that 
was possible. How would replies know how to get back to the spoofing host? 
At best, you can spoof another host on your own routed segment. Unless you 
have control of the routing tables on the connecting routers, of course.

Re: [Dovecot] dovecot: Fatal: Time just moved backwards by 3603 seconds.

[Stephen Feyrer]

Daniel L. Miller wrote:

Stephen Feyrer wrote:

 Hi Everyone. 

Ooops I just broke my dovecot install.

I've looked through the mailing list archives and not found anything 
relevant.



When I try to connect to my mail server I get this message.
"Could not connect to mail server chen.home.org; connection was refused"


The last message in /var/log/mail.err is:-

Aug 13 21:02:27 chen dovecot: Fatal: Time just moved backwards by 3603 
seconds. This might cause a lot of problems, so I'll just kill myself 
now. http://wiki.dovecot.org/TimeMovedBackwards



It seems this is my own fault.  Time on my system is a little wonky so 
I reset the time and then I found out I'd broken Dovecot.  I didn't 
realise that doing this would have an impact on dovecot.  I read the 
web page and to be honest I'm not confident about hacking source code.


I've reinstalled dovecot which worked except it hasn't solved my time 
travel problem.


By the way since my first install of dovecot the config file seems to 
have changed a little but since I've tried to migrate my settings over 
the new file and been met with the same problem I don't think it's that.


Is it possible to get dovecot working again?
What happens when you try to start Dovecot again?  Not re-install - just 
start it.




I just did this to show you.

# /etc/init.d/dovecot restart
 * Stopping dovecot ...[ ok ]
 * Starting dovecot ...[ ok ]

And then this...

# dovecot -n
# 1.1.1: /etc/dovecot/dovecot.conf
listen: [::]
ssl_ca_file: /etc/ssl.ca/myca.pem
ssl_cert_file: /etc/ssl.ca/newcerts/email.cer
ssl_key_file: /etc/ssl.ca/private/email.key
ssl_cipher_list: ALL:!LOW:!SSLv2
ssl_verify_client_cert: yes
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
mail_location: maildir:~/.maildir
auth default:
  ssl_require_client_cert: yes
  ssl_username_from_cert: yes
  passdb:
driver: pam
args: *
  userdb:
driver: passwd
  socket:
type: listen
client:
  path: /var/run/dovecot/auth-client
  mode: 432
master:
  path: /var/run/dovecot/auth-master
  mode: 384
  user: root
  group: root

And then this again...
 # /etc/init.d/dovecot restart
 * Stopping dovecot ... [ ok ]
 * Starting dovecot ...
Warning: Last died with error (see error log for more information): Time 
just moved backwards by 106 seconds. This might cause a lot of problems, 
so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards 
   [ ok ]


I've not seen this before in a restart.

That was followed by...
# /etc/init.d/dovecot restart
 * Stopping dovecot ...[ ok ]
 * Starting dovecot ...[ ok ]


--
Regards

Stephen.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] POP3 dictionary attacks

[Michael Orlitzky]

Eduardo M KALINOWSKI wrote:

Charles Marcus wrote:

Dictionary attacks are a fact of life these days.

Just install some kind of blocking on your firewall (fail2ban is a good
one), and let it take care of the worst of it..


I wonder what  they want by cracking a POP3 server. Read the user's
mails? It's true POP3 passwords are almost always equal to SMTP ones
(which is useful for spamming), but then why not try to crack the SMTP
server directly?



There may not be anything interesting in the user's inbox initially, but 
there might be after the attacker starts sending password reminders from 
eBay, Paypal, etc.

Re: [Dovecot] POP3 dictionary attacks

[Kenneth Porter]

On Friday, August 15, 2008 5:39 PM -0400 Charles Marcus 
<[EMAIL PROTECTED]> wrote:



Just install some kind of blocking on your firewall (fail2ban is a good
one), and let it take care of the worst of it...


Thanks, researching it now

Looks like an RPM might be available for CentOS 5. There's a HOWTO here for 
configuring it with iptables:

Re: [Dovecot] dovecot: Fatal: Time just moved backwards by 3603 seconds.

[Daniel L. Miller]

Stephen Feyrer wrote:

 Hi Everyone. 

Ooops I just broke my dovecot install.

I've looked through the mailing list archives and not found anything 
relevant.



When I try to connect to my mail server I get this message.
"Could not connect to mail server chen.home.org; connection was refused"


The last message in /var/log/mail.err is:-

Aug 13 21:02:27 chen dovecot: Fatal: Time just moved backwards by 3603 
seconds. This might cause a lot of problems, so I'll just kill myself 
now. http://wiki.dovecot.org/TimeMovedBackwards



It seems this is my own fault.  Time on my system is a little wonky so 
I reset the time and then I found out I'd broken Dovecot.  I didn't 
realise that doing this would have an impact on dovecot.  I read the 
web page and to be honest I'm not confident about hacking source code.


I've reinstalled dovecot which worked except it hasn't solved my time 
travel problem.


By the way since my first install of dovecot the config file seems to 
have changed a little but since I've tried to migrate my settings over 
the new file and been met with the same problem I don't think it's that.


Is it possible to get dovecot working again?
What happens when you try to start Dovecot again?  Not re-install - just 
start it.


--
Daniel

Re: [Dovecot] POP3 dictionary attacks

[Bruce Bodger]

On Aug 15, 2008, at 5:39 PM, Charles Marcus wrote:


You're kidding, right?

Dictionary attacks are a fact of life these days.

Just install some kind of blocking on your firewall (fail2ban is a  
good

one), and let it take care of the worst of it...


fail2ban will not work for this as the incoming ip addresses are  
spoofed.  fail2ban would end up blocking legitimate servers.


B. Bodger

Re: [Dovecot] POP3 dictionary attacks

[Bruce Bodger]

On Aug 15, 2008, at 5:39 PM, Charles Marcus wrote:


You're kidding, right?

Dictionary attacks are a fact of life these days.

Just install some kind of blocking on your firewall (fail2ban is a  
good

one), and let it take care of the worst of it...


fail2ban will not work for this as the incoming ip addresses are  
spoofed.  fail2ban would end up blocking legitimate servers.


B. Bodger

[Dovecot] dovecot: Fatal: Time just moved backwards by 3603 seconds.

[Stephen Feyrer]

 Hi Everyone. 

Ooops I just broke my dovecot install.

I've looked through the mailing list archives and not found anything 
relevant.



When I try to connect to my mail server I get this message.
"Could not connect to mail server chen.home.org; connection was refused"


The last message in /var/log/mail.err is:-

Aug 13 21:02:27 chen dovecot: Fatal: Time just moved backwards by 3603 
seconds. This might cause a lot of problems, so I'll just kill myself 
now. http://wiki.dovecot.org/TimeMovedBackwards



It seems this is my own fault.  Time on my system is a little wonky so I 
reset the time and then I found out I'd broken Dovecot.  I didn't 
realise that doing this would have an impact on dovecot.  I read the web 
page and to be honest I'm not confident about hacking source code.


I've reinstalled dovecot which worked except it hasn't solved my time 
travel problem.


By the way since my first install of dovecot the config file seems to 
have changed a little but since I've tried to migrate my settings over 
the new file and been met with the same problem I don't think it's that.


Is it possible to get dovecot working again?


--
Regards

Stephen.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] POP3 dictionary attacks

[Eduardo M KALINOWSKI]

Charles Marcus wrote:
> Dictionary attacks are a fact of life these days.
>
> Just install some kind of blocking on your firewall (fail2ban is a good
> one), and let it take care of the worst of it..

I wonder what  they want by cracking a POP3 server. Read the user's
mails? It's true POP3 passwords are almost always equal to SMTP ones
(which is useful for spamming), but then why not try to crack the SMTP
server directly?

-- 
The bomb will never go off.  I speak as an expert in explosives.
-- Admiral William Leahy, U.S. Atomic Bomb Project

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] POP3 dictionary attacks

[Charles Marcus]

On 8/15/2008, Kenneth Porter ([EMAIL PROTECTED]) wrote:
> I'm seeing strings of failed POP3 login attempts with obvious bogus
> usernames coming from different IP addresses. Today's originated from
> 216.31.146.19 (which resolves to neovisionlabs.com). This looks like
> a botnet attack. I got a similar probe a couple days ago. Is anyone
> else seeing these?

You're kidding, right?

Dictionary attacks are a fact of life these days.

Just install some kind of blocking on your firewall (fail2ban is a good
one), and let it take care of the worst of it...

-- 

Best regards,

Charles

[Dovecot] POP3 dictionary attacks

[Kenneth Porter]

I'm seeing strings of failed POP3 login attempts with obvious bogus 
usernames coming from different IP addresses. Today's originated from 
216.31.146.19 (which resolves to neovisionlabs.com). This looks like a 
botnet attack. I got a similar probe a couple days ago. Is anyone else 
seeing these?


The attack involves trying about 20 different names, about 3-4 seconds 
apart. Here's a few sample log lines:


dovecot: Aug 15 04:15:45 Error: auth-worker(default): 
pam(mike,216.31.146.19): pam_authenticate() failed: User not known to the 
underlying authentication module
dovecot: Aug 15 04:15:49 Error: auth-worker(default): 
pam(alan,216.31.146.19): pam_authenticate() failed: User not known to the 
underlying authentication module
dovecot: Aug 15 04:15:53 Error: auth-worker(default): 
pam(info,216.31.146.19): pam_authenticate() failed: User not known to the 
underlying authentication module
dovecot: Aug 15 04:15:57 Error: auth-worker(default): 
pam(shop,216.31.146.19): pam_authenticate() failed: User not known to the 
underlying authentication module


Timo, can you add the port used in the attempt to the error log entry? (It 
does show up in the info log entry, but that means I need to correlate 
lines in the two log files.)

Re: [Dovecot] SpamAssassin and Maildir with Dovecot

[Gabriel Millerd]

On Fri, Aug 15, 2008 at 11:57 AM, Kenneth Porter <[EMAIL PROTECTED]> wrote:
> A patch has been proposed for SpamAssassin to process Maildir folders of
> spam:
>

Nothing on the disk looks modified by the code change, sa-learn is
just reading from the disk fand altering the sa-storage as instructed
by the learn rule switch.

If you learned and then nuked some headers for example, the file size
would change and that would be an issue if you storage that in the
filename (they wouldn't match) as well as the dovecot index for
imap/pop would be off potentially.

Possibly some active imap sessions might be confused as well.

This patch only really is sensitive to the Maildir structure, it has
been able to handle the mail directories.

-- 
Gabriel Millerd

Re: [Dovecot] dovecot performance

[Giorgenes Gelatti]

The master process exec's the mail process (imap or pop3) after fork.

gpg

2008/8/15 Sebastien Tandel <[EMAIL PROTECTED]>:
> Hi,
>
>
>>> It is well known that preforking is a good pratice if you want to
>>> achieve a higher performance.
>>> When I was asked about it I readily answered: "of course it does". For
>>> my surprise later, i doesn't.
>>
>> With fork latencies in the range of 500 to 1500 microseconds (on Pentium
>> 900 MHz-class hardware!) on most modern kernels[1] I wonder whether this
>> "good practice" isn't on the verge of voodoo ;-)
>
> OK, it measures the fork instruction. But fork is using a copy-on-write
> mechanism ... It means that *none* of the parent's memory pages are copied.
> Each page is simply *shared* by *all* the child /until/ a modification is
> made to it.Therefore this test obviously does not take into account time
> taken when modifying data. And I strongly suspect that dovecot is not only
> doing read-only access to memory when running. :-/
>
> P.S. : I'm not saying though it is mandatory to have such a mechanism in
> dovecot ;)
>
>
> Regards,
> Sebastien
>
>> (Of course, in a http server, where you might expect thousands of
>> connects per second, this is another story -- which is mitigated by HTTP
>> 1.1, when properly streaming several requests per connection).
>>
>> - 
>> [1] , search "The fork benchmark"
>>
>> Regards
>> - -- tomás
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.6 (GNU/Linux)
>>
>> iD8DBQFIpR1XBcgs9XrR2kYRAqPdAJ0dbp+fUW0MpWdNvXa3SUvXP3v3eQCcCsTS
>> hFbhMpoG+OjI4i+za6xNn+4=
>> =SRgx
>> -END PGP SIGNATURE-
>>
>
>

Re: [Dovecot] dovecot performance

[Sebastien Tandel]

Hi,



It is well known that preforking is a good pratice if you want to
achieve a higher performance.
When I was asked about it I readily answered: "of course it does".  
For

my surprise later, i doesn't.


With fork latencies in the range of 500 to 1500 microseconds (on  
Pentium
900 MHz-class hardware!) on most modern kernels[1] I wonder whether  
this

"good practice" isn't on the verge of voodoo ;-)


OK, it measures the fork instruction. But fork is using a copy-on- 
write mechanism ... It means that *none* of the parent's memory pages  
are copied. Each page is simply *shared* by *all* the child /until/ a  
modification is made to it.Therefore this test obviously does not  
take into account time taken when modifying data. And I strongly  
suspect that dovecot is not only doing read-only access to memory  
when running. :-/


P.S. : I'm not saying though it is mandatory to have such a mechanism  
in dovecot ;)



Regards,
Sebastien


(Of course, in a http server, where you might expect thousands of
connects per second, this is another story -- which is mitigated by  
HTTP

1.1, when properly streaming several requests per connection).

- 
[1] , search "The fork benchmark"

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIpR1XBcgs9XrR2kYRAqPdAJ0dbp+fUW0MpWdNvXa3SUvXP3v3eQCcCsTS
hFbhMpoG+OjI4i+za6xNn+4=
=SRgx
-END PGP SIGNATURE-

Re: [Dovecot] Yea[h]

[Jay Levitt]

Chris Wakelin wrote:



Timo Sirainen wrote:

Yea,  ...


I've been meaning to tell you that should be "Yeah" for an informal 
version of "Yes", otherwise it's a very archaic form of "Yes" or 
"Indeed" as in "Yea, though I walk in the valley of the shadow of death"!


As a great man said, "In fact, now that I think of it, I shall RUN through 
the valley of the shadow of death, because you get out of the valley quicker 
that way."




I think that's also true of American/Aussie etc. as well ...


Yep!



Best Wishes,
Chris

[Dovecot] SpamAssassin and Maildir with Dovecot

[Kenneth Porter]

A patch has been proposed for SpamAssassin to process Maildir folders of 
spam:




Is this patch compatible with Dovecot's implementation of Maildir? For 
example, is anything needed to avoid stepping on Dovecot's metadata?

Re: [Dovecot] Migrating mbox to maildir

[Kenneth Porter]

On Thursday, August 14, 2008 3:46 PM -0400 Mike Hobbs <[EMAIL PROTECTED]> 
wrote:



I'd like to use maildir with all my new users, but I'd like to be able to
continue using mbox for my old users and slowly convert them as I get
time.


I did this a week ago for about a dozen users and the system seems more 
responsive.


Timo covered the Dovecot side. You didn't say what delivery agent you're 
using. I use procmail and put this .procmailrc in the home directories of 
the converted users:


# deliver to Maildir
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/

The file should be owned by the user. (I forgot to chown the file for one 
user and mail was delivered to the old /var/spool/mail/user mbox file. 
After I figured it out, I did another conversion with convert-tool to a 
temporary Maildir-new and moved the converted inbox into a new folder under 
his previously-converted ~/Maildir.)


If a user is using procmail for filtering, he'll need to change the 
destination folder lines in his filters. This list could be filtered with a 
rule like this:


:0 :
* ^Sender:.*dovecot
$HOME/Maildir/.Lists.Mail.Dovecot/

Note the trailing slash on delivery lines to indicate that the destination 
is in Maildir format.


To avoid reconfiguring the folder separator on clients, you can add this 
namespace directive to dovecot.conf:


namespace private {
  separator = /
  inbox = yes
}

Re: [Dovecot] Webmail app ... again.

[Eduardo M KALINOWSKI]

Timo Sirainen wrote:
> On Aug 15, 2008, at 2:22 PM, Eduardo M KALINOWSKI wrote:
>> If I understand Dovecot's auth caching, it will save DB lookups (or
>> sequential passwd-file lookups, etc), but it will still need to spawn
>> a new imap process for each connection the webmail does.
>>
>> With imapproxy, the process will be kept running for a couple minutes
>> after the webmail disconnects that connection and will be reused if a
>> new request is made in sequence.
>
>
> Yes, but is it worth it to keep an extra daemon proxying all TCP
> connetions to IMAP server just to save a some imap process creations?

Good question, only benchmarking could tell, and the results would
probably vary between different machines, operating systems and
architectures.

> v2.0 hopefully allows this kind of "wait a couple of minutes before
> dying" natively.

That would be really nice.

-- 
BOFH excuse #52:

Smell from unhygienic janitorial staff wrecked the tape heads

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Webmail app ... again.

[Timo Sirainen]

On Aug 15, 2008, at 2:22 PM, Eduardo M KALINOWSKI wrote:


Timo Sirainen escreveu:
I've heard that imapproxy isn't all that useful with Dovecot once  
auth cache is enabled and set large enough. It'll then just  
basically replace Dovecot's process fork(s) with the overhead of  
its own.


If I understand Dovecot's auth caching, it will save DB lookups (or  
sequential passwd-file lookups, etc), but it will still need to  
spawn a new imap process for each connection the webmail does.


With imapproxy, the process will be kept running for a couple  
minutes after the webmail disconnects that connection and will be  
reused if a new request is made in sequence.



Yes, but is it worth it to keep an extra daemon proxying all TCP  
connetions to IMAP server just to save a some imap process creations?  
With Dovecot v1.0/v1.1 I'm thinking "not really". v1.2 adds a bit more  
state tracking that's a bit more expensive to calculate at startup.  
v2.0 hopefully allows this kind of "wait a couple of minutes before  
dying" natively.




PGP.sig
Description: This is a digitally signed message part

[Dovecot] Simplest (static?) build & config for loopback access?

[FZiegler]

I am installing Dovecot for the sole purpose of maintaining a local mail 
store that I could 1) manage with any client; 2) keep duplicated on 
several machines, using Unison; 3) hopefully, index using Spotlight 
(http://article.gmane.org/gmane.mail.mh-e.user/1308 ...). In particular, 
I have no intention to allow connections from anywhere but localhost.


I've followed the instructions at http://wiki.dovecot.org/HowTo/Rootless 
and it all seems to work quite well, but I'm not sure about 3 things:


1) Initially Dovecot would not respond to Thunderbird ("Could not 
connect to server localhost; the connection was refused"). Eventually, a 
"Trying ::1..." in the telnet log (see below) made me find hidden pref 
"network.dns.disableIPv6" and set it to FALSE. Which solves the problem 
-- but is this really needed, or have I done something wrong?


2) The Dovecot I built on OS X 10.4 appears to work fine when copied on 
another Mac running 10.5. Now, I'd love to avoid installing developer 
tools on both machines, but I fear this an illusion (some libraries are 
changing under us, e.g. libiconv.2.2.0.dylib --> libiconv.2.4.0.dylib). 
Does this mean I should try a static build? If so, what are the flags 
and how do I go about specifying a minimal set of libraries to include 
for my purposes?


3) Probably offtopic here, but has anyone seen a better way to index 
mail in Spotlight than just as plain text? E.g. to hook up Apple's 
importer (Mail.mdimporter in /System/Library/Spotlight) or Thunderbird's 
(https://bugzilla.mozilla.org/show_bug.cgi?id=290057), which I guess can 
better deal with quoted-printable and other encodings?


Thanks in advance; I include my compilation and config data below.
Francois Z.

--

mini:~ fz$ curl -O http://www.dovecot.org/releases/1.1/dovecot-1.1.2.tar.gz
mini:~ fz$ tar xzf dovecot-1.1.2.tar.gz
mini:~ fz$ cd dovecot-1.1.2
mini:~/dovecot-1.1.2 fz$ ./configure --prefix=$HOME/sw
mini:~/dovecot-1.1.2 fz$ make
mini:~/dovecot-1.1.2 fz$ make install
mini:~ fz$ cd
mini:~ fz$ sw/sbin/dovecot
Warning: fd limit 256 is lower than what Dovecot can use under full load 
(more than 640). Either grow the limit or change 
login_max_processes_count and max_mail_processes settings

mini:~ fz$ telnet localhost 10143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK Dovecot ready.
. login fz 
. OK Logged in.
. list "" *
* LIST (\HasNoChildren) "." "Drafts"
* LIST (\HasNoChildren) "." "Trash"
* LIST (\HasNoChildren) "." "INBOX"
. OK List completed.
. logout
* BYE Logging out
. OK Logout completed.
Connection closed by foreign host.
mini:~ fz$ sw/sbin/dovecot -n
# 1.1.2: /Volumes/Home/FZ/sw/etc/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full load 
(more than 640). Either grow the limit or change 
login_max_processes_count and max_mail_processes settings

log_path: /Volumes/Home/FZ/Library/Logs/Dovecot/error.log
info_log_path: /Volumes/Home/FZ/Library/Logs/Dovecot/info.log
listen: localhost:10143
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /Volumes/Home/FZ/sw/var/run/dovecot/login
login_executable: /Volumes/Home/FZ/sw/libexec/dovecot/imap-login
login_user: fz
login_chroot: no
mail_location: maildir:~/Library/Maildir
auth default:
  user: fz
  passdb:
driver: passwd-file
args: /Volumes/Home/FZ/sw/etc/dovecot.passwd
  userdb:
driver: passwd
mini:~ fz$

Re: [Dovecot] Marking as Read causes Body.Peek on ALL messages - Reasonable?

[Daniel Watts]

Charles Marcus wrote:

On 8/13/2008, Daniel Watts ([EMAIL PROTECTED]) wrote:

The more I use Thunderbird the more I find it totally insane.


Did you file a bug report? I imagine this is something that could use
some fixing, and there is a much higher chance that the TBird devs will
listen than most other clients...

I actually like TBird quite a bit, although some things really bug me
(like the lack of a proper Signature Manager, the inability to tell it
to use the same Server Settings for sending as receiving, etc)...



Bug submitted now. Response pretty quick actually though they say it is 
because I must have either Spam detection or Offline Files on - I have 
neither enabled. Will go back.

Re: [Dovecot] Webmail app ... again.

[Eduardo M KALINOWSKI]

Timo Sirainen escreveu:
I've heard that imapproxy isn't all that useful with Dovecot once auth 
cache is enabled and set large enough. It'll then just basically 
replace Dovecot's process fork(s) with the overhead of its own.


If I understand Dovecot's auth caching, it will save DB lookups (or 
sequential passwd-file lookups, etc), but it will still need to spawn a 
new imap process for each connection the webmail does.


With imapproxy, the process will be kept running for a couple minutes 
after the webmail disconnects that connection and will be reused if a 
new request is made in sequence.