Re: [Dovecot] Panic 1.1.4
Hi, So it happens regularly? Can you reproduce it? I can't really see how it's crashing. Could you apply the attached patch, and also compile the lib/*.c and lib-mail/istream-header-filter.c without -O2 so the backtrace will be more usable? (I usually do it by removing -O2 from the subdirs' Makefile and then make clean + make in those subdirs.) reproducing is not easy, it happens on more frequented customer-servers, on my testmachine is not enough traffic but i have a new core ;) same user was affected. i patched dovecot 1.1.4 like you told and compiled it without -O2 Thats what i got: dovecot -n # 1.1.4: /etc/dovecot.conf protocols: imap imaps pop3 pop3s ssl_ca_file: /path/to/*.servername.com.bundle.crt ssl_cert_file: /path/to/*.servername.com.crt ssl_key_file: /path/to/*.servername.com.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: servername.com mailserver ready. login_process_per_connection: no login_processes_count: 1 max_mail_processes: 100 verbose_proctitle: yes mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_cache_min_mail_count: 30 mail_debug: yes lock_method: flock mbox_read_locks: dotlock mbox_very_dirty_syncs: yes mail_drop_priv_before_exec: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): mail_log mail_plugins(imap): mail_log mail_plugins(pop3): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): oe-ns-eoh outlook-no-nuls auth default: verbose: yes passdb: driver: shadow userdb: driver: passwd gdb /usr/libexec/dovecot/imap /home/popuser/username/core GNU gdb 6.4 Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i586-suse-linux...Using host libthread_db library /lib/libthread_db.so.1. Core was generated by `imap [username 78.69.54.113]'. Program terminated with signal 6, Aborted. warning: Can't read pathname for load map: Eingabe-/Ausgabefehler. Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/dovecot/imap/lib20_mail_log_plugin.so...done. Loaded symbols for /usr/lib/dovecot/imap/lib20_mail_log_plugin.so Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libgcc_s.so.1...done. Loaded symbols for /lib/libgcc_s.so.1 #0 0xe410 in __kernel_vsyscall () (gdb) fr 6 #6 0x080eb86d in i_stream_read (stream=0x813eac0) at istream.c:82 82 istream.c: Datei oder Verzeichnis nicht gefunden. in istream.c (gdb) p *stream.parent There is no member named parent. (gdb) p *stream.parent.real_stream There is no member named parent. (gdb) bt full #0 0xe410 in __kernel_vsyscall () No symbol table info available. #1 0xb7ecd7d0 in raise () from /lib/libc.so.6 No symbol table info available. #2 0xb7eceea3 in abort () from /lib/libc.so.6 No symbol table info available. #3 0x080e608f in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:150 backtrace = 0x811eb20 imap [0x80e606d] - imap [0x80e68d8] - imap(i_fatal+0) [0x80e61e7] - imap(i_stream_read+0xdc) [0x80eb86d] - imap(i_stream_read_data+0x4b) [0x80ec07f] - imap(message_parse_header_next+0xfd) [0x80dc... #4 0x080e68d8 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, fmt=0x8111c38 file %s: line %d (%s): assertion failed: (%s), args=0xbfb05e34 .\034\021\bR) at failures.c:430 No locals. #5 0x080e61e7 in i_panic (format=0x8111c38 file %s: line %d (%s): assertion failed: (%s)) at failures.c:197 args = 0xbfb05e34 .\034\021\bR #6 0x080eb86d in i_stream_read (stream=0x813eac0) at istream.c:82 _stream = (struct istream_private *) 0x813ea98 ret = -1 orig_count = 64 __PRETTY_FUNCTION__ = i_stream_read #7 0x080ec07f in i_stream_read_data (stream=0x813eac0, data_r=0xbfb05ee0, size_r=0xbfb05edc, threshold=64) at istream.c:303 ret =
Re: [Dovecot] New userdb backend for checkpassword like programs
Timo Sirainen [EMAIL PROTECTED] writes: On Wed, 2008-10-22 at 16:15 +0200, Sascha Wilde wrote: Timo Sirainen [EMAIL PROTECTED] writes: On Oct 21, 2008, at 5:27 PM, Sascha Wilde wrote: Sascha Wilde [EMAIL PROTECTED] writes: [userdb-checkpassword] The code is now in dovecot-1.2 tree. Thank you, that's great! The only thing I'm missing is the addition to the example.conf I made. (I have to admit it was only a stub, though) http://hg.dovecot.org/dovecot-1.2/rev/4497c58eaca8 adds some other missing changes too. I also decided to change AUTHORIZED=YES to AUTHORIZED=1 initially. I did also think about yes - done or yes - userdb or something similar, but 1 - 2 seemed the best. Ack. There are more than 250LOC in deliver/auth-client.c and I wonder if there is already a higher level api for auth clients? I would have expected something like this in lib-auth, but the stuff in there seems not to be what I'm looking for. Any hints? plugins/expire-tool/auth-client.c has copypasted that code also.. So it would be nice if it was put to lib-auth :) Ok, I'll consider doing so... :) cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpRjIAwWXtSd.pgp Description: PGP signature
[Dovecot] ManageSieve textual fronend wanted
Is there some simple textual frontend to the ManageSieve protocol somewhat easier to use than gnutls-cli? I.e. something to use like managesieve -u ef putscript myscript /tmp/myscript Password: managesieve -u ef setactive myscript Password: simply doing the TLS authentication and length computation for me.
Re: [Dovecot] dovecot 1.0 to 1.1 upgrade and filesystem separators
Timo Sirainen wrote:
On Wed, 2008-10-22 at 13:43 +0100, Ian Thurlbeck wrote:
#define MAILDIR_FS_SEP ';'
#define MAILDIR_FS_SEP_S ;
so I can get some mail folder hierarchy and '.'s in
folder names - this all worked perfectly.
Under 1.1.4 the MAILDIR_FS_SEP lines are no longer present.
What is the current practice for doing what I was doing before ?
src/lib-storage/list/mailbox-list-maildir.c
struct mailbox_list maildir_mailbox_list = {
MEMBER(name) MAILBOX_LIST_NAME_MAILDIRPLUSPLUS,
MEMBER(hierarchy_sep) '.',
Change hierarchy_sep to ';'.
That worked perfectly, thanks.
A better long-term plan would be to use listescape plugin:
http://dovecot.org/patches/1.1/listescape-plugin.c
That of course requires that you rename all the existing maildirs.
Ian
--
Ian Thurlbeckhttp://www.stams.strath.ac.uk/
Statistics and Modelling Science, University of Strathclyde
Livingstone Tower, 26 Richmond Street, Glasgow, UK, G1 1XH
Tel: +44 (0)141 548 3667 Fax: +44 (0)141 552 2079
The University of Strathclyde is a charitable body,
registered in Scotland, number SC015263.
Re: [Dovecot] New userdb backend for checkpassword like programs
Timo Sirainen [EMAIL PROTECTED] writes: On Oct 21, 2008, at 5:27 PM, Sascha Wilde wrote: Sascha Wilde [EMAIL PROTECTED] writes: [userdb-checkpassword] [...] The code is now in dovecot-1.2 tree. Unfortunately there is one tiny, but essential change missing: diff -r afdc27e0b665 src/auth/auth.c --- a/src/auth/auth.c Wed Oct 22 21:11:47 2008 +0300 +++ b/src/auth/auth.c Thu Oct 23 13:11:25 2008 +0200 @@ -1,6 +1,7 @@ /* Copyright (c) 2005-2008 Dovecot authors, see the included COPYING file */ #include common.h +#include child-wait.h #include network.h #include buffer.h #include str.h @@ -32,6 +33,8 @@ auth-verbose_debug = getenv(VERBOSE_DEBUG) != NULL || auth-verbose_debug_passwords; auth-verbose = getenv(VERBOSE) != NULL || auth-verbose_debug; + + child_wait_init(); passdb_p = auth-passdbs; masterdb_p = auth-masterdbs; @@ -297,5 +300,6 @@ auth_request_handler_deinit(); passdb_cache_deinit(); + child_wait_deinit(); pool_unref(auth-pool); } cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpK4sCPJFE6A.pgp Description: PGP signature
[Dovecot] dovecot 1.2: SEGV in acl plugin when selecting a shared mailbox
Hi Timo, there is a bug in the acl plugin (in head, _without_ our acl changes), which causes an segfault on selecting a shared folder. * OK [CAPABILITY ...] Dovecot ready. x login [EMAIL PROTECTED] secret x OK [CAPABILITY ...] Logged in y select users/[EMAIL PROTECTED]/INBOX/bla - Peer has closed the GNUTLS connection The dovecot.log shows a segfault: [...] child 4507 (imap) killed with signal 11 This _only_ happens when the shared mailbox wasn't accessed in the same session by any other means like MYRIGHTS or LSUB (when subscribed). After doing one of those selecting works too... If it helps I can generate a gdb backtrace. cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpMC0jO4vex6.pgp Description: PGP signature
Re: [Dovecot] ManageSieve textual fronend wanted
Edgar Fuß wrote: Is there some simple textual frontend to the ManageSieve protocol somewhat easier to use than gnutls-cli? I.e. something to use like managesieve -u ef putscript myscript /tmp/myscript Password: managesieve -u ef setactive myscript Password: simply doing the TLS authentication and length computation for me. Sieve-connect is known to work with dovecot. However, older versions have the TLS bug. Newer versions circumvent this by sending a (previously non-existant) NOOP command. I've tested the debian-testing version (0.59-1) against Dovecot 1.2 and it seems to work fine. If it starts moaning about your snake oil certificate you should modify SSL_verify_mode = 0x00 (line 39 here) at the beginning of the sieve-connect script. I hope this helps. Regards, Stephan.
Re: [Dovecot] ManageSieve textual fronend wanted
On 13:48:40 2008-10-23 Stephan Bosch [EMAIL PROTECTED] wrote: Edgar Fuß wrote: Is there some simple textual frontend to the ManageSieve protocol somewhat easier to use than gnutls-cli? I.e. something to use like managesieve -u ef putscript myscript /tmp/myscript Password: managesieve -u ef setactive myscript Password: simply doing the TLS authentication and length computation for me. Sieve-connect is known to work with dovecot. However, older versions have the TLS bug. Newer versions circumvent this by sending a (previously non-existant) NOOP command. I've tested the debian-testing version (0.59-1) against Dovecot 1.2 and it seems to work fine. If it starts moaning about your snake oil certificate you should modify SSL_verify_mode = 0x00 (line 39 here) at the beginning of the sieve-connect script. I use: http://raa.ruby-lang.org/project/managesieve/ Not sure if it supports TLS but I doubt it would be that hard to add... -- Andraž ruskie Levstik Source Mage GNU/Linux Games grimoire guru Geek/Hacker/Tinker Be sure brain is in gear before engaging mouth. Quis custodiet ipsos custodies. Ryle hira. Key id = F4C1F89C Key fingerprint = 6FF2 8F20 4C9D DB36 B5B6 F134 884D 72CC F4C1 F89C
[Dovecot] Dovecot returns the same UIDL for another message
Hello, I have a serious problem with dovecot and mbox format. dovecot returns the same UIDL for new messages and as result some MUAs don't retrieve new mail. UIDs returned by UIDL command look like 00*1c*49006cec And there is a moment when dovecot stops incrementing marked digits. In other words when new message arrive to mbox, UIDL command returns used UID. I'll show with example: 1. Send some message and try to retrieve UIDL via telnet: # echo test-mailbox-1 | mail -s Test-1 [EMAIL PROTECTED] # telnet pop3.cu.kiev.ua 10110 Trying 193.108.130.4... Connected to emx.itcons.net.ua. Escape character is '^]'. +OK IT Consulting POP3/IMAP Server USER [EMAIL PROTECTED] +OK PASS XXX +OK Logged in. LIST +OK 1 messages: 1 1155 . UIDL +OK 1 001c49006cec . RETR 1 +OK 1155 octets [...] . DELE 1 +OK Marked to be deleted. QUIT +OK Logging out, messages deleted. Connection closed by foreign host. 2. Send another message and try to retrieve UIDL via telnet: # echo test-mailbox-1 | mail -s Test-1 [EMAIL PROTECTED] # telnet pop3.cu.kiev.ua 10110 Trying 193.108.130.4... Connected to emx.itcons.net.ua. Escape character is '^]'. +OK IT Consulting POP3/IMAP Server USER [EMAIL PROTECTED] +OK pass XXX +OK Logged in. UIDL +OK 1 001c49006cec . QUIT +OK Logging out. Connection closed by foreign host. My dovecot's version is 1.1.3. # 1.1.3: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ protocols: pop3 listen: *:10110 ssl_disable: yes disable_plaintext_auth: no shutdown_clients: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/pop3-login login_greeting: IT Consulting POP3/IMAP Server login_processes_count: 64 verbose_proctitle: yes first_valid_uid: 26 last_valid_uid: 26 first_valid_gid: 6 last_valid_gid: 6 mail_privileged_group: mail mail_location: mbox:/var/mail:INBOX=/var/mail/%Ln:INDEX=MEMORY maildir_copy_preserve_filename: yes mail_executable: /usr/local/libexec/dovecot/pop3 mail_plugins: quota mail_plugin_dir: /usr/local/lib/dovecot/pop3 pop3_client_workarounds: outlook-no-nuls oe-ns-eoh auth default: passdb: driver: sql args: /usr/local/etc/dovecot/passdb.sql userdb: driver: sql args: /usr/local/etc/dovecot/mailbox.sql userdb: driver: sql args: /usr/local/etc/dovecot/maildir.sql plugin: quota: maildir -- MINO-RIPE
Re: [Dovecot] Dovecot returns the same UIDL for another message
Alexander Shikoff ha scritto: Hello, I have a serious problem with dovecot and mbox format. dovecot returns the same UIDL for new messages and as result some MUAs don't retrieve new mail. UIDs returned by UIDL command look like 00*1c*49006cec And there is a moment when dovecot stops incrementing marked digits. In other words when new message arrive to mbox, UIDL command returns used UID. I've the same problem and i resolve with a change of the uidl format (yes, all email leave on server must reread from the client) pop3_uidl_format: %m -- Roberto Tagliaferri Responsabile Progettazione Produzione TosNet s.r.l. - Internet Service Provider [EMAIL PROTECTED] www.tosnet.it
Re: [Dovecot] Dovecot returns the same UIDL for another message
On Thu, Oct 23, 2008 at 02:57:04PM +0200, Roberto Tagliaferri - Tosnet srl wrote: Alexander Shikoff ha scritto: Hello, I have a serious problem with dovecot and mbox format. dovecot returns the same UIDL for new messages and as result some MUAs don't retrieve new mail. UIDs returned by UIDL command look like 00*1c*49006cec And there is a moment when dovecot stops incrementing marked digits. In other words when new message arrive to mbox, UIDL command returns used UID. I've the same problem and i resolve with a change of the uidl format (yes, all email leave on server must reread from the client) pop3_uidl_format: %m Yeah, I also know the workarounds. Change uidl format or make MTA to mark all messages with X-UIDL: header and then use it in dovecot with pop3_reuse_xuidl parameter. But any workaround don't remove the bug... 1.0.3 version of Dovecot is free of it. -- MINO-RIPE
Re: [Dovecot] Dovecot returns the same UIDL for another message
On Oct 23, 2008, at 3:46 PM, Alexander Shikoff wrote: My dovecot's version is 1.1.3. .. mail_location: mbox:/var/mail:INBOX=/var/mail/%Ln:INDEX=MEMORY This is buggy, fixed in 1.1.4. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Dovecot returns the same UIDL for another message
Alexander Shikoff ha scritto: Yeah, I also know the workarounds. Change uidl format or make MTA to mark all messages with X-UIDL: header and then use it in dovecot with pop3_reuse_xuidl parameter. But any workaround don't remove the bug... 1.0.3 version of Dovecot is free of it. I use 1.0.9 and work fine, last version has a problem with deleting a message (in the log i've delete=1/1 but the message remain in inbox) -- Roberto Tagliaferri Responsabile Progettazione Produzione TosNet s.r.l. - Internet Service Provider [EMAIL PROTECTED] www.tosnet.it
Re: [Dovecot] logging IMAP username rather than UNIX username
Hi Timo
2008/10/22 Timo Sirainen [EMAIL PROTECTED]:
That means your authentication changes the username.
passdb checkpassword {
args = /var/qmail/bin/qmail-vauth
}
Most likely qmail-vauth changes USER environment to vmail. If you can't
edit qmail-vauth directly, create a wrapper script that unsets the USER
environment before calling Dovecot's checkpassword-reply.
Yes, you're spot on! USER is changed. Thanks for the heads-up, I'll
see if writing a wrapper works, without messing with the fact that the
process has to run as the vmail user.
Thanks
Dale
Re: [Dovecot] New userdb backend for checkpassword like programs
Sascha Wilde [EMAIL PROTECTED] writes: Timo Sirainen [EMAIL PROTECTED] writes: On Wed, 2008-10-22 at 16:15 +0200, Sascha Wilde wrote: There are more than 250LOC in deliver/auth-client.c and I wonder if there is already a higher level api for auth clients? I would have expected something like this in lib-auth, but the stuff in there seems not to be what I'm looking for. Any hints? plugins/expire-tool/auth-client.c has copypasted that code also.. So it would be nice if it was put to lib-auth :) Ok, I'll consider doing so... :) Having a first look it turns out to be less straight forward then I hoped it would be. While there are significant amounts of code similar in deliver/auth-client.c and expire/auth-client.c they differ in many aspects: 1.) It seems that some code in deliver/auth-client.c has been revised after it was copied to expire/auth-client.c, this is a small problem as I would expect simply using the newer code to be the right thing[tm]. 2.) The exported interface in the respective auth-client.h files is different. The solution would be to figure out what the right interface would be and change the current code to use it. My problem I'm not sure what the right interface would look like, for my use the one in expire/auth-client.h looks more compelling, what do you think? 3.) The deliver version does more than I need, and most certainly more than it should in the generic case: the most obvious example is that it sets up RESTRICT_* environment and calls restrict_access_by_env(TRUE); which surely is nothing I want to do in my code... My current plan is to take only the code from deliver/auth-client and check which parts I need, factor these out to new file in lib-auth (unfortunately lib-auth/auth-client already exists) and finally ask the author of the expire plugin to change his code so that it uses the new stuff in lib-auth (I doubt that I will have the time to do this on my own). Obviously a god answer on 2. is badly needed... ;-) One final question: All the code saves the gathered user data by setting the environment accordingly (especially HOME, which is the one of interest for my code) -- but in my case I'm requesting the data for foreign user so setting HOME wouldn't be good idea. I see two possible solutions: - Simple and stupid: save HOME, call the client-auth code, read HOME and reset its value to the saved one. - Clean but grows the API: export another function from auth-client, which does not set env-vars but returns the requested data in some struct. Any thoughts on that? cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpwRtB98NPj0.pgp Description: PGP signature
Re: [Dovecot] New userdb backend for checkpassword like programs
On Thu, 2008-10-23 at 13:13 +0200, Sascha Wilde wrote: Timo Sirainen [EMAIL PROTECTED] writes: On Oct 21, 2008, at 5:27 PM, Sascha Wilde wrote: Sascha Wilde [EMAIL PROTECTED] writes: [userdb-checkpassword] [...] The code is now in dovecot-1.2 tree. Unfortunately there is one tiny, but essential change missing: Oh. I guess I should have bothered to test it. :) I added the code to main.c now instead. I'll try merging changes differently the next time. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] New userdb backend for checkpassword like programs
On Thu, 2008-10-23 at 16:18 +0200, Sascha Wilde wrote:
1.) It seems that some code in deliver/auth-client.c has been revised
after it was copied to expire/auth-client.c, this is a small problem
as I would expect simply using the newer code to be the right
thing[tm].
Yes, I haven't really looked at expire/auth-client.c much lately.
2.) The exported interface in the respective auth-client.h files is
different. The solution would be to figure out what the right
interface would be and change the current code to use it. My
problem I'm not sure what the right interface would look like, for
my use the one in expire/auth-client.h looks more compelling, what
do you think?
Perhaps something like:
struct auth_user_reply {
uid_t uid;
gid_t gid;
const char *home, *chroot;
ARRAY_TYPE(const_string) extra_fields;
};
struct auth_connection *auth_connection_init(const char *auth_socket);
void auth_connection_deinit(struct auth_connection *conn);
/* Returns -1 = error, 0 = user not found, 1 = ok */
int auth_connection_lookup(struct auth_connection *conn, const char *user,
struct auth_user_reply *reply_r);
I'm not sure about the struct, but maybe something like that. deliver
would then use the struct to set up environment etc.
3.) The deliver version does more than I need, and most certainly more
than it should in the generic case: the most obvious example is that
it sets up RESTRICT_* environment and calls
restrict_access_by_env(TRUE); which surely is nothing I want to
do in my code...
Right. And in general putting all the stuff to environment directly
isn't that good. With v1.3's config rewrite I'm hoping to get rid of all
this environment usage.
finally ask the author of the expire plugin to change his code
That'd basically be me.
- Clean but grows the API: export another function from auth-client,
which does not set env-vars but returns the requested data in some
struct.
Yep.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] mbox to Maildir conversion
on 10-22-2008 9:11 PM Kyle Wheeler spake the following: On Wednesday, October 22 at 11:35 PM, quoth Albert E. Whale: I am currently testing a single user, and have successfully converted the mail messages from mbox to Maildir format, and now I am setting up the procmail tool to place the messages into the correct folder. I have been following the http://wiki.dovecot.org/Migration/MailFormat formula, but now have a question. New Messages are now being placed into the ~user/Maildir/new folder. Procmail understands Maildir natively; you don't have to tell it to put messages into the new folder, you should just tell it to put things into the Maildir folder and end the line with a /, like so: # correct! :0 ~user/Maildir/ # incorrect :0 ~user/Maildir/new/ # also incorrect :0 ~user/Maildir/new If you specify the new directory, you're either telling procmail to treat that directory like an MH folder, which is wrong, or you're telling procmail that the new directory is a Maildir, in which case it will create another new directory within that directory (along with a tmp and cur directories). ~Kyle I have been thinking about converting also. Will the standard auto detect routines work with both types during the conversion, or will I need to deal with namespaces? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Possible header parsing problem
On Wed, 2008-10-22 at 20:59 -0600, Eric Stadtherr wrote: Content-Type: multipart/alternative; boundary==_alternative 006F3A73872574E8_= Is there one space, two spaces or a TAB at the beginning of the second line? I did a little bit of tracing through the parsing code (message-header-parser.c:message_parse_header_next()) and it appeared that the boundary in the Content-Type header was not parsed correctly, evidently because the header line was folded in the middle of the boundary string. RFC 822 appears to allow folding in a quoted string like this (§3.3 quoted-string), so I'm curious whether the parsing is working correctly. Fixed: http://hg.dovecot.org/dovecot-1.1/rev/25b0cf7c62d3 But I'm not sure if I should convert the following TAB to a space. UW-IMAP seems to do that, but RFC just says that the CRLF should be dropped. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot+PostfixAdmin+PostgreSQL on FreeBSD 7
On Thu, 2008-10-23 at 09:35 +0800, Erdenebat Gantumur wrote: Hi dear, Timo When I execute dovecot -F then it doesn't exiting. During this time when try to telnet 110 port it shows Escape character is '^]'. +OK Dovecot ready. ^] telnet quit OK, so Dovecot works. What does it mean? How can I run dovecot just like common way /usr/local/etc/rc.d/dovecot start? When I execute that command it doesn't start. Thank you. The rc.d/dovecot script is broken then. I don't run FreeBSD so I don't really know why. I'd suggest trying to figure out what it does differently than simply running dovecot does. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Possible header parsing problem
On Thu, 23 Oct 2008 19:06:19 +0300, Timo Sirainen [EMAIL PROTECTED] wrote: On Wed, 2008-10-22 at 20:59 -0600, Eric Stadtherr wrote: Content-Type: multipart/alternative; boundary==_alternative 006F3A73872574E8_= Is there one space, two spaces or a TAB at the beginning of the second line? There is one space at the beginning of the continuation line. The parsed full_value basically looks like: [multipart/alternative; boundary==_alternative\n 006F3A73872574E8_=] I did a little bit of tracing through the parsing code (message-header-parser.c:message_parse_header_next()) and it appeared that the boundary in the Content-Type header was not parsed correctly, evidently because the header line was folded in the middle of the boundary string. RFC 822 appears to allow folding in a quoted string like this (§3.3 quoted-string), so I'm curious whether the parsing is working correctly. Fixed: http://hg.dovecot.org/dovecot-1.1/rev/25b0cf7c62d3 But I'm not sure if I should convert the following TAB to a space. UW-IMAP seems to do that, but RFC just says that the CRLF should be dropped. I always prefer strict adherence to the RFC, which says: The process of moving from this folded multiple-line representation of a header field to its single line represen- tation is called unfolding. Unfolding is accomplished by regarding CRLF immediately followed by a LWSP-char as equivalent to the LWSP-char. So, what you did looks good! -- Eric Stadtherr [EMAIL PROTECTED]
[Dovecot] Best configuration of dovecot for limit Outlook problems with IMAP
Hi, in some installation where users using IMAP and Outlook Express I have some problems. Outolook randomly presents problems in messages retrieving, for example: Outlook Express is unable to retrieve the requested message because the server no longer has the message available server response: Fecth Completed or Message could not be displayed error message when I try to view an Outlook Express e-mail message I'm using dovecot 1.1.4 with qmail and vpopmail. This is my dovecot configure options: ./configure --prefix=/usr --sysconfdir=/etc/dovecot --localstatedir=/var --with-ssldir=/etc/ssl and this my dovecot config: # dovecot -n # 1.1.4: /etc/dovecot/dovecot.conf log_path: /var/log/dovecot/dovecot-err.log info_log_path: /var/log/dovecot/dovecot.log ssl_cert_file: /etc/apache2/ssl/comun.crt ssl_key_file: /etc/apache2/ssl/comun.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_greeting: Ready login_process_per_connection: no first_valid_uid: 89 last_valid_uid: 89 first_valid_gid: 89 last_valid_gid: 89 mail_uid: 89 mail_gid: 89 mail_location: maildir:~/Maildir mail_debug: yes mail_plugins: quota imap_quota imap_client_workarounds: outlook-idle delay-newmail namespace: type: private separator: . prefix: INBOX. inbox: yes list: yes subscriptions: yes auth default: verbose: yes debug: yes passdb: driver: checkpassword args: /home/vpopmail/bin/vchkpw userdb: driver: prefetch args: uid=89 gid=89 home=/home/vpopmail/domains/%d/%u plugin: quota: maildir What further changes to the configuration of dovecot could I do? Do you have other suggestions? Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - neo-Socio http://www.lolug.net
[Dovecot] mixed client ssl certs and non cert
How do I setup mixed authentication so that I can have say a couple of machines on my lan only use ssl without client certs, but have all the other machines connecting from remotely required to have ssl certs to connect to imap? This is with Dovecot 1.1.4 on CentOS 5.2 -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
Re: [Dovecot] New userdb backend for checkpassword like programs
Timo Sirainen [EMAIL PROTECTED] writes: On Thu, 2008-10-23 at 13:13 +0200, Sascha Wilde wrote: Timo Sirainen [EMAIL PROTECTED] writes: On Oct 21, 2008, at 5:27 PM, Sascha Wilde wrote: Sascha Wilde [EMAIL PROTECTED] writes: [userdb-checkpassword] [...] The code is now in dovecot-1.2 tree. Unfortunately there is one tiny, but essential change missing: Oh. I guess I should have bothered to test it. :) I added the code to main.c now instead. I'll try merging changes differently the next time. Thanks. v2.1alpha4? ;-) sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpT8zD7nf5gn.pgp Description: PGP signature
Re: [Dovecot] New userdb backend for checkpassword like programs
Timo Sirainen [EMAIL PROTECTED] writes: On Thu, 2008-10-23 at 16:18 +0200, Sascha Wilde wrote: [...] 2.) The exported interface in the respective auth-client.h files is different. The solution would be to figure out what the right interface would be [...] Perhaps something like: [api sketch] Looks good to me. Especially as it solves the put everything in the environment problem in a way I like... :-) I'm not sure about the struct, but maybe something like that. deliver would then use the struct to set up environment etc. 3.) The deliver version does more than I need, and most certainly more than it should in the generic case: the most obvious example is that it sets up RESTRICT_* environment and calls restrict_access_by_env(TRUE); which surely is nothing I want to do in my code... Right. And in general putting all the stuff to environment directly isn't that good. With v1.3's config rewrite I'm hoping to get rid of all this environment usage. Ok, so I'll touch it as few as possible and leave it in the deliver specific files. finally ask the author of the expire plugin to change his code That'd basically be me. :-) cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgpV4lUK2t9Qk.pgp Description: PGP signature
Re: [Dovecot] dovecot 1.2: SEGV in acl plugin when selecting a shared mailbox
On Thu, 2008-10-23 at 13:25 +0200, Sascha Wilde wrote: Hi Timo, there is a bug in the acl plugin (in head, _without_ our acl changes), which causes an segfault on selecting a shared folder. * OK [CAPABILITY ...] Dovecot ready. x login [EMAIL PROTECTED] secret x OK [CAPABILITY ...] Logged in y select users/[EMAIL PROTECTED]/INBOX/bla - Peer has closed the GNUTLS connection Fixed: http://hg.dovecot.org/dovecot-1.2/rev/8553bb4c53ad signature.asc Description: This is a digitally signed message part
Re: [Dovecot] New userdb backend for checkpassword like programs
On Thu, 2008-10-23 at 18:55 +0200, Sascha Wilde wrote: Timo Sirainen [EMAIL PROTECTED] writes: On Thu, 2008-10-23 at 13:13 +0200, Sascha Wilde wrote: Timo Sirainen [EMAIL PROTECTED] writes: On Oct 21, 2008, at 5:27 PM, Sascha Wilde wrote: Sascha Wilde [EMAIL PROTECTED] writes: [userdb-checkpassword] [...] The code is now in dovecot-1.2 tree. Unfortunately there is one tiny, but essential change missing: Oh. I guess I should have bothered to test it. :) I added the code to main.c now instead. I'll try merging changes differently the next time. Thanks. v2.1alpha4? ;-) Nah. checkpassword users are rare. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mixed client ssl certs and non cert
On Thu, 2008-10-23 at 09:54 -0700, Harondel J. Sibble wrote:
How do I setup mixed authentication so that I can have say a couple of
machines on my lan only use ssl without client certs, but have all the other
machines connecting from remotely required to have ssl certs to connect to
imap?
So:
a) If client sent a valid SSL client cert, let it log in.
b) If client didn't send a valid SSL client cert, but it's from a
specific network, let it log in.
Right? It's not possible with v1.1, but I just added code to v1.2 tree
that would make it possible:
http://hg.dovecot.org/dovecot-1.2/rev/d49aa6720fb2
This would allow you to check the client cert status using %k variable.
Then if you used SQL passdb you could construct a query based on it,
e.g. with MySQL:
password_query = select user, password, \
if('%k' = 'valid', NULL, '192.168.0.0/24') as allow_nets \
from users where ...
So allow_nets would be set only if a valid client cert hadn't been sent.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] New userdb backend for checkpassword like programs
Sascha Wilde [EMAIL PROTECTED] writes: Timo Sirainen [EMAIL PROTECTED] writes: On Thu, 2008-10-23 at 16:18 +0200, Sascha Wilde wrote: [...] 2.) The exported interface in the respective auth-client.h files is different. The solution would be to figure out what the right interface would be [...] Perhaps something like: [api sketch] Looks good to me. One more detail: as lib-auth/auth-client.c already exists. Would it be a good idea to put the new stuff in the same file? And in case not, any suggestions what a new file could be named? cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp8LyoUd3L7T.pgp Description: PGP signature
Re: [Dovecot] Released v1.1.5 and v1.2.alpha3
Timo Sirainen wrote: http://dovecot.org/releases/1.1/dovecot-1.1.5.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.5.tar.gz.sig http://dovecot.org/releases/1.2/alpha/dovecot-1.2.alpha3.tar.gz http://dovecot.org/releases/1.2/alpha/dovecot-1.2.alpha3.tar.gz.sig A combined release announcement for a change. :) Largest changes since v1.1.4: * Dovecot prints an informational message about authentication problems at startup. The message goes away after the first successful authentication. This hopefully reduces the number of Why doesn't my authentication work? questions. + Maildir/dbox: Try harder to assign unique UIDVALIDITY values to mailboxes to avoid potential problems when recreating or renaming mailboxes. The UIDVALIDITY is tracked using dovecot-uidvalidity* files in the mail root directory. + Many logging improvements - In some conditions Dovecot could have stopped using existing cache file and never used it again until it was deleted. - pop3 + Maildir: Make sure virtual sizes are always written to dovecot-uidlist. This way if the indexes are lost Dovecot will never do a huge amount of work to recalculate them. - mbox: Fixed listing mailboxes in namespaces with prefix beginning with '~' or '/' (i.e. UW-IMAP compatibility namespaces didn't work). - dict quota: Don't crash when recalculating quota (when quota warnings enabled). - Fixes to handling out of disk space/quota failures. - Blocking passdbs/userdbs (e.g. PAM, MySQL) could have failed lookups sometimes when auth_worker_max_request_count was non-zero. - Fixed compiling with OpenBSD Largest changes since v1.2.alpha2: + Added userdb checkpassword (by Sascha Wilde) + Autocreate plugin: http://wiki.dovecot.org/Plugins/Autocreate + Listescape plugin: http://wiki.dovecot.org/Plugins/Listescape - All the same fixes as for v1.1.5 I was thinking about waiting for Kolab people's work for shared mailbox support to get done, get that code to v1.2 tree and then release v1.2.beta1 with feature freeze. If 1.2 has other features beyond 1.1.5, and is otherwise ready, I would go ahead and release 1.2 now (so we can all beat up on it) and add the shared support to 1.3. -- Daniel
Re: [Dovecot] New userdb backend for checkpassword like programs
On Oct 23, 2008, at 9:15 PM, Sascha Wilde wrote: as lib-auth/auth-client.c already exists. Would it be a good idea to put the new stuff in the same file? And in case not, any suggestions what a new file could be named? Hmm. auth-client.c is about performing authentication as a client. What you're doing is about doing a userdb lookup and connecting to dovecot-auth as a master. So different file, but I'm not really sure about the name. Perhaps auth-master.c and auth_master_init/deinit() auth_master_user_lookup() function? PGP.sig Description: This is a digitally signed message part
[Dovecot] Dovecot dies with PAM error?
Just setup a new server on the weekend with Ubuntu 8.10 beta, and Dovecot 1.1.4. Every now and then, the IMAP server dies, and won't let users authenticate. It happens about once or twice a day. In /var/log/mail.log, you can see dovecot complaining about critial errors: Oct 21 14:46:16 tachikoma dovecot: imap-login: Login: user=jason, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS Oct 21 14:46:16 tachikoma dovecot: IMAP(jason): Disconnected: Logged out bytes=769/9124 Oct 21 14:47:15 tachikoma dovecot: auth-worker(default): pam(jason,127.0.0.1): pam_start() failed: Critical error - immediate abort Oct 21 14:47:17 tachikoma dovecot: imap-login: Disconnected (auth failed, 1 attempts): user=jason, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS If I have a look at /var/log/auth.log, I see: Oct 21 14:47:15 tachikoma dovecot-auth: PAM _pam_init_handlers: error reading /etc/pam.d/dovecot Oct 21 14:47:15 tachikoma dovecot-auth: PAM _pam_init_handlers: [Critical error - immediate abort] Oct 21 14:47:15 tachikoma dovecot-auth: PAM error reading PAM configuration file Oct 21 14:47:15 tachikoma dovecot-auth: PAM pam_start: failed to initialize handlers This sounds ominous. If I try to cat /etc/pam.d/dovecot, though, the file is obviously there: [EMAIL PROTECTED]:/var/log$ cat /etc/pam.d/dovecot #%PAM-1.0 @include common-auth @include common-account @include common-session And restarting dovecot seems to fix the problem. Dovecot WAS running just fine, servicing mail all day long, and then suddenly it won't read the PAM config file, and then it won't let anyone log in until I log in and kill it. Any ideas? My IMAP client is either Thunderbird or Roundcube, if that's relevant.
Re: [Dovecot] Dovecot dies with PAM error?
On Wed, 2008-10-22 at 18:17 -0400, Jason Walton wrote: Oct 21 14:47:15 tachikoma dovecot-auth: PAM _pam_init_handlers: error reading /etc/pam.d/dovecot Perhaps it's leaking file descriptors and running out of them. Set auth_worker_max_request_count to some non-zero value and it probably gets fixed. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mbox to Maildir conversion
Kyle Wheeler wrote: On Wednesday, October 22 at 11:35 PM, quoth Albert E. Whale: I am currently testing a single user, and have successfully converted the mail messages from mbox to Maildir format, and now I am setting up the procmail tool to place the messages into the correct folder. I have been following the http://wiki.dovecot.org/Migration/MailFormat formula, but now have a question. New Messages are now being placed into the ~user/Maildir/new folder. Procmail understands Maildir natively; you don't have to tell it to put messages into the new folder, you should just tell it to put things into the Maildir folder and end the line with a /, like so: # correct! :0 ~user/Maildir/ # incorrect :0 ~user/Maildir/new/ # also incorrect :0 ~user/Maildir/new If you specify the new directory, you're either telling procmail to treat that directory like an MH folder, which is wrong, or you're telling procmail that the new directory is a Maildir, in which case it will create another new directory within that directory (along with a tmp and cur directories). ~Kyle Thanks Kyle, the Procmailrc script I am using is as follows: more ~health/.procmailrc # Maildir procmail setup SHELL=/bin/sh PATH=$HOME/bin:/usr/bin:/usr/local/bin:/usr/include:/usr/local/sbin:/bin:/sbin: /usr/sbin MAILDIR=$HOME/Maildir/ ORGMAIL=$HOME/Maildir/ DEFAULT=$ORGMAIL LOGFILE=/var/Procmail/log LOGABSTRACT=all VERBOSE=yes :0 $ORGMAIL I believe that this matches your correct example. That is just where Procmail places them. -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ABS Computer Technology, Inc. http://www.ABS-CompTech.com - Email, Internet and Security Consultants SPAMZapper http://www.Spam-Zapper.com - No-JunkMail.com http://www.No-JunkMail.com - *True Spam Elimination*.
[Dovecot] 1.1.5 abort with mal-formed address in header
Hi
An email with a mal-formed address in a header like:
To:([EMAIL PROTECTED]
(Starting with a comment, with no closing ')' ) causes dovecot 1.1.5
to panic and abort.
This is similar to the problem fixed by: http://hg.dovecot.org/
dovecot-1.1/rev/04fdaa2f831e
This patch seems to resolve the problem:
--- dovecot-1.1.5/src/lib-mail/message-address.c.orig 2008-10-23
22:17:10.243827000 +
+++ dovecot-1.1.5/src/lib-mail/message-address.c2008-10-23
22:20:20.050173000 +
@@ -315,7 +315,7 @@
ctx.fill_missing = fill_missing;
ret = rfc822_skip_lwsp(ctx.parser);
- if (ret == 0) {
+ if (ret = 0) {
/* no addresses */
return NULL;
}
Richard Platel
[EMAIL PROTECTED]
Re: [Dovecot] mbox to Maildir conversion
Scott Silva wrote: on 10-23-2008 1:35 PM Neil spake the following: On 23 Oct 2008, at 16:17, Albert E. Whale wrote: Neil wrote: On 22 Oct 2008, at 23:35, Albert E. Whale wrote: I've been running a mbox solution using UW's IMAP server. I've run it for years. Now do to heavy message volumes, I've decided to to take the plunge to convert to the Maildir format. I am currently testing a single user, and have successfully converted the mail messages from mbox to Maildir format, and now I am setting up the procmail tool to place the messages into the correct folder. I have been following the http://wiki.dovecot.org/Migration/MailFormat formula, but now have a question. New Messages are now being placed into the ~user/Maildir/new folder. However, when I attempt to retrieve those messages, Dovecot does not find them. Why not? How are you attempting to retrieve them? I am trying to retrieve them using the POP3 section of Thunderbird. Is Maildir an IMAP format? No, the protocol (IMAP/POP3) is irrelevant. The important part to note (and where I suspect your problem is) is that the folder, as far as your client (Thunderbird) is concerned, is Maildir/, the Maildir/new/ directory is part of Maildir's internal format. That is to say, you should never be putting Maildir/(new|cur|tmp) as a mailbox name into a client, just Maildir/. -N. With Dovecot set up properly, you should be leaving any client settings for directory blank. In thunderbird you shouldn't have to set IMAP server directory. Good, because I am still using the POP3 server. -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ABS Computer Technology, Inc. http://www.ABS-CompTech.com - Email, Internet and Security Consultants SPAMZapper http://www.Spam-Zapper.com - No-JunkMail.com http://www.No-JunkMail.com - *True Spam Elimination*.
Re: [Dovecot] mbox to Maildir conversion
on 10-23-2008 4:31 PM Albert E. Whale spake the following: Scott Silva wrote: on 10-23-2008 1:35 PM Neil spake the following: On 23 Oct 2008, at 16:17, Albert E. Whale wrote: Neil wrote: On 22 Oct 2008, at 23:35, Albert E. Whale wrote: I've been running a mbox solution using UW's IMAP server. I've run it for years. Now do to heavy message volumes, I've decided to to take the plunge to convert to the Maildir format. I am currently testing a single user, and have successfully converted the mail messages from mbox to Maildir format, and now I am setting up the procmail tool to place the messages into the correct folder. I have been following the http://wiki.dovecot.org/Migration/MailFormat formula, but now have a question. New Messages are now being placed into the ~user/Maildir/new folder. However, when I attempt to retrieve those messages, Dovecot does not find them. Why not? How are you attempting to retrieve them? I am trying to retrieve them using the POP3 section of Thunderbird. Is Maildir an IMAP format? No, the protocol (IMAP/POP3) is irrelevant. The important part to note (and where I suspect your problem is) is that the folder, as far as your client (Thunderbird) is concerned, is Maildir/, the Maildir/new/ directory is part of Maildir's internal format. That is to say, you should never be putting Maildir/(new|cur|tmp) as a mailbox name into a client, just Maildir/. -N. With Dovecot set up properly, you should be leaving any client settings for directory blank. In thunderbird you shouldn't have to set IMAP server directory. Good, because I am still using the POP3 server. Sorry. After you get a little way down the thread, you forget some details. Did you post a dovecot -n to see if you have a setting messed up somewhere? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature
