Re: [Dovecot] Authentication failed, failure to login after changed password
Hi Timo, Thanks for your reply. dovecot file is in the right place /etc/pam.d/dovecot and content of this file is following. #%PAM-1.0 @include common-auth @include common-account @include common-session @include common-password All those include file have all required module configuration. I don't why it is not working . It works fine for any new user until he didn't change the password. Please guide how i can solve this issue. Timo Sirainen wrote: On Thu, 2009-08-27 at 06:57 +, Vinit Jain wrote: Aug 26 12:22:00 digibeanz dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=child2 rhost=127.0.0.1 user=child2 http://wiki.dovecot.org/WhyDoesItNotWork My guess is you're missing /etc/pam.d/dovecot vinit...@hotmail.com -- View this message in context: http://www.nabble.com/Authentication-failed%2C-failure-to-login-after-changed-password-tp25167211p25187192.html Sent from the Dovecot mailing list archive at Nabble.com.
[Dovecot] ACL in public folders
# dovecot --version
1.2.1
I'm trying to configure ACLs for public folders. I have:
namespace public {
separator = /
prefix = shared2/
location = maildir:/home/pubfolders2:INDEX=~/Maildir/public2
subscriptions = no
list = children
}
protocol imap {
mail_plugins = acl
}
plugin {
acl = vfile
}
I have /home/pubfolders2/dovecot-acl containing:
user=xyz lrwstiekxa
I've also hardlinked the file to /home/pubfolders2/.info (one of the
public folders: that dir contains cur,tmp,new).
Since enabling ACLs in dovecot.conf, none of the users see the 'shared2'
namespace.
I've clearly misunderstood something. I'm expecting user xyz to be able to
see the public folder.
Grateful for any pointers.
Thanks,
Keith
Re: [Dovecot] ACL in public folders
On Aug 28, 2009, at 8:43 AM, Keith Edmunds wrote: # dovecot --version 1.2.1 .. location = maildir:/home/pubfolders2:INDEX=~/Maildir/public2 .. I have /home/pubfolders2/dovecot-acl containing: The file isn't read by 1.2.1. Upgrade.
Re: [Dovecot] ACL in public folders
I have /home/pubfolders2/dovecot-acl containing: The file isn't read by 1.2.1. Upgrade. Thanks Timo. I think the Wiki is misleading: it says (on page http://wiki.dovecot.org/ACL): Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension... If 1.2.1 doesn't read the dovecot-acl file, how are ACLs configured in that version? Also, which from which version is the dovecot-acl file supported? There's no mention of it being version specific (other than =v1.0) on the Wiki. Thanks, Keith
Re: [Dovecot] ACL in public folders
On Fri, 2009-08-28 at 15:50 +0100, Keith Edmunds wrote: I have /home/pubfolders2/dovecot-acl containing: The file isn't read by 1.2.1. Upgrade. Thanks Timo. I think the Wiki is misleading: it says (on page http://wiki.dovecot.org/ACL): Dovecot v1.0 and v1.1 supports administrator-configured ACL files. v1.2+ supports also IMAP ACL extension... If 1.2.1 doesn't read the dovecot-acl file, how are ACLs configured in that version? I mean 1.2.1 doesn't read default acls from dovecot-acl file in mail root directory. I added that to 1.2.4. With older versions you'd have to put the dovecot-acl file to each maildir separately, or perhaps create a global ACL file named .DEFAULT (which kinda does the same for mailboxes in root directory). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] ACL in public folders
[Sorry, sent to Timo at first attempt]
With older versions you'd have to
put the dovecot-acl file to each maildir separately
Thanks, but it still isn't clear to me. I have (the same, hardlinked)
dovecot-acl file in lots of different places:
# tree /home/pubfolders2/ -a
/home/pubfolders2/
|-- .info
| |-- cur
| |-- dovecot-acl
| |-- dovecot-shared
| |-- new
| | `-- 1251457688.H922394P13547.magenta.tiger-computing.wbp
| `-- tmp
|-- Maildir
| `-- dovecot-acl
`-- dovecot-acl
There isn't a 'maildir' folder as such for the public folders (I created
the one shown above in desperation just to see if Dovecot would look
there). Here's the dovecot.conf:
protocols = imap imaps
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
namespace private {
separator = /
prefix =
inbox = yes
}
namespace public {
separator = /
prefix = shared2/
location = maildir:/home/pubfolders2:INDEX=~/Maildir/public2
subscriptions = no
list = children
}
mail_privileged_group = mail
mail_access_groups = pubfolders2
protocol imap {
mail_plugins = acl
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol managesieve {
}
auth default {
mechanisms = plain
passdb pam {
}
userdb passwd {
}
user = root
}
dict {
}
plugin {
acl = vfile
}
That isn't working, so exactly where should the dovecot-acl file go for it
to work?
Thanks,
Keith
Re: [Dovecot] ACL in public folders
On Fri, 2009-08-28 at 16:28 +0100, Keith Edmunds wrote: [Sorry, sent to Timo at first attempt] With older versions you'd have to put the dovecot-acl file to each maildir separately Thanks, but it still isn't clear to me. I have (the same, hardlinked) dovecot-acl file in lots of different places: # tree /home/pubfolders2/ -a /home/pubfolders2/ Do you have dovecot-acl-list file here? See if deleting it helps? signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot Erros in Logs
I got lots of errors that look like this: Error: write(dnotify pipe) failed: Bad file descriptor I am running dovecot-1.2.4-0_99 on RHEL4 dovecot -n: # 1.2.4: /etc/dovecot.conf # OS: Linux 2.6.9-89.0.3.ELsmp x86_64 Red Hat Enterprise Linux AS release 4 (Nahant Update 8) ext3 log_path: /var/log/dovecot info_log_path: /var/log/dovecot-info login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_process_per_connection: no login_process_size: 1024 login_processes_count: 6 login_max_processes_count: 1024 login_max_connections: 1024 max_mail_processes: 5 verbose_proctitle: yes first_valid_uid: 50 mail_uid: 93 mail_gid: 12 mail_location: maildir:/var/spool/maildirs/%d/%n/Maildir mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_size: 1024 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmas...@example.com auth default: cache_ttl: 43200 cache_negative_ttl: 0 verbose: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf plugin: quota: maildir Any suggestions? Dave
[Dovecot] Question about ACL/flags
Okay, I'm cruising the wiki, and it is at best confusing to me. Maybe someone on the list can help me out quickly? Here is what I have: dovecot 1.1.18, mbox format, currently no acl/namespace/etc. All works great. What I want to be able to do: Have an email account (or folder or mailbox) which can be accessed by several people (say 3) with per-user seen flags. That is, say 3 people all access the mail but each user has their own seen flag for the messages. This would hopefully be done with mbox still, if possible, but I'm willing to try a mixed mbox/maildir setup if required to accomplish the goal. Questions: 1) Can I do this with 1.1.18, or do I need to upgrade? 2) Do I need to set :CONTROL in mail_location, and if so, what should I set it to, and what does this control exactly (more precisely, does this info need to be HA or not, etc) Is this where the seen flag info will be stored (or is that in INDEXES)? 3) Can I do this with mbox only, or do I need maildir, or does it depend on dovecot version? 4) Any additional help you can give me... I basically understand the ideas behind it all, but from the wiki I'm confused exactly what I need to do, and what version I might need. (If the wiki example is for dovecot 1.2+, does that mean it won't work in 1.1, or just that it has to be done differently, etc). Any help (clearing up my obvious confusion) would be appreciated... Step by step directions would be even better! :) -- Eric Rostetter The Department of Physics The University of Texas at Austin This message is provided AS IS without warranty of any kind, either expressed or implied. Use this message at your own risk.
Re: [Dovecot] ACL in public folders
On Fri, 2009-08-28 at 13:43 +0100, Keith Edmunds wrote:
namespace public {
separator = /
prefix = shared2/
location = maildir:/home/pubfolders2:INDEX=~/Maildir/public2
subscriptions = no
list = children
}
..
Since enabling ACLs in dovecot.conf, none of the users see the 'shared2'
namespace.
Does it work if you use list=yes instead of list=children?
signature.asc
Description: This is a digitally signed message part
[Dovecot] [Fwd: Re: Question about ACL/flags]
Your To: field was interesting.. Shouldn't mailman have changed it? Oh
well.
---BeginMessage---
On Thu, 2009-08-27 at 16:28 -0500, Eric Jon Rostetter wrote:
Have an email account (or folder or mailbox) which can be accessed by
several people (say 3) with per-user seen flags. That is, say 3 people
all access the mail but each user has their own seen flag for the messages.
This would hopefully be done with mbox still, if possible, but I'm willing
to try a mixed mbox/maildir setup if required to accomplish the goal.
You can't have per-user seen flags with mbox currently. So create a
public namespace with a maildir location and set up dovecot-acl file in
a way that allows only some specific users access to it. So for example:
namespace public {
separator = /
prefix = shared/
location = maildir:/var/mail/shared
subscriptions = no
}
Then create /var/mail/shared/.box1, .box2, etc. If you only need one
shared mailbox and don't want a shared/ (or whatever) prefix, you need
v1.2.
I basically understand the ideas behind it all, but from the wiki I'm
confused exactly what I need to do, and what version I might need. (If
the wiki example is for dovecot 1.2+, does that mean it won't work in
1.1, or just that it has to be done differently, etc).
http://wiki.dovecot.org/SharedMailboxes/Shared is only for v1.2+. Did
you mean that or something else?
signature.asc
Description: This is a digitally signed message part
---End Message---
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Dovecot Erros in Logs
On Fri, 2009-08-28 at 11:47 -0400, David Cunningham wrote: I got lots of errors that look like this: Error: write(dnotify pipe) failed: Bad file descriptor Hmm. Are they all exactly this, or also something else? I don't really see in the code how that could happen. Anyway you could disable using dnotify with configure --with-notify=none signature.asc Description: This is a digitally signed message part
Re: [Dovecot] GSSAPI Authentication Broke with Dovecot 1.1.16 - 1.2.4 Upgrade
On Fri, 2009-08-28 at 15:20 +1000, John Marshall wrote:
This morning I upgraded a dovecot installation from 1.1.16 to 1.2.4 on a
FreeBSD 7.2 server, and then spent 3 hours trying to figure out why
GSSAPI authentication had broken.
It turned out to be a recent change in Dovecot's mech-gssapi.c to do
with checking for NULs in usernames: everything worked fine when I
disabled that test.
What exactly is the username? What does it say with the attached patch?
diff -r aaa1b2c25c14 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c Fri Aug 28 12:57:03 2009 -0400
+++ b/src/auth/mech-gssapi.c Fri Aug 28 13:37:33 2009 -0400
@@ -516,7 +516,8 @@
if (data_has_nuls(name, name_len)) {
auth_request_log_info(auth_request, gssapi,
- authz_name has NULs);
+ authz_name has NULs: %s,
+ binary_to_hex(name, name_len));
return -1;
}
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Crash: imap process, Dovecot 1.2.4, related to ACLs (backtrace included)
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote: Hi, I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called Sent with an ACL of owner lrwstipke. I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely. .. acl: vfile:/etc/dovecot/acl You created a global ACL, right? So /etc/dovecot/acl/Sent? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot Erros in Logs
I had heard/read something online about using inotify instead of dnotify. Any idea what that is about? I have not heard any complaints, nor do I know why this happens. I just notice this and exactly this in the logs. Dave Quoting Timo Sirainen t...@iki.fi: On Fri, 2009-08-28 at 11:47 -0400, David Cunningham wrote: I got lots of errors that look like this: Error: write(dnotify pipe) failed: Bad file descriptor Hmm. Are they all exactly this, or also something else? I don't really see in the code how that could happen. Anyway you could disable using dnotify with configure --with-notify=none
Re: [Dovecot] Crash: imap process, Dovecot 1.2.4, related to ACLs (backtrace included)
On Friday 28 August 2009 19:42:47 Timo Sirainen wrote: On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote: Hi, I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called Sent with an ACL of owner lrwstipke. I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely. .. acl: vfile:/etc/dovecot/acl You created a global ACL, right? So /etc/dovecot/acl/Sent? Exactly right. It contains the line owner lrwstipke. I just now reproduced the crash again. None of the Maildir folders contain anything pertaining to ACLs (no dovecot-acl or dovecot-acl-list files) and the Sent folder is the only one with an ACL set. The log file again shows Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update- rights.global) Anything else I can provide? Andreas -- Andreas Ntaflos Vienna, Austria GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4 signature.asc Description: This is a digitally signed message part.
Re: [Dovecot] GSSAPI Authentication Broke with Dovecot 1.1.16 - 1.2.4 Upgrade
On Fri, 28 Aug 2009, 13:38 -0400, Timo Sirainen wrote: On Fri, 2009-08-28 at 15:20 +1000, John Marshall wrote: This morning I upgraded a dovecot installation from 1.1.16 to 1.2.4 on a FreeBSD 7.2 server, and then spent 3 hours trying to figure out why GSSAPI authentication had broken. It turned out to be a recent change in Dovecot's mech-gssapi.c to do with checking for NULs in usernames: everything worked fine when I disabled that test. What exactly is the username? What does it say with the attached patch? Thank you. It looks like the test is picking up the string terminator. auth(default): gssapi(j...@mby.riverwillow.net.au,192.0.2.168): authz_name has NULs: 6a6f686e404d42592e524956455257494c4c4f572e4e45542e415500 -- John Marshall pgpfs0y0IVgOX.pgp Description: PGP signature
Re: [Dovecot] GSSAPI Authentication Broke with Dovecot 1.1.16 - 1.2.4 Upgrade
On Sat, 2009-08-29 at 06:08 +1000, John Marshall wrote: It turned out to be a recent change in Dovecot's mech-gssapi.c to do with checking for NULs in usernames: everything worked fine when I disabled that test. What exactly is the username? What does it say with the attached patch? Thank you. It looks like the test is picking up the string terminator. OK, I guess this fixes it then? http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] GSSAPI Authentication Broke with Dovecot 1.1.16 - 1.2.4 Upgrade
On Fri, 28 Aug 2009, 16:51 -0400, Timo Sirainen wrote: On Sat, 2009-08-29 at 06:08 +1000, John Marshall wrote: It turned out to be a recent change in Dovecot's mech-gssapi.c to do with checking for NULs in usernames: everything worked fine when I disabled that test. What exactly is the username? What does it say with the attached patch? Thank you. It looks like the test is picking up the string terminator. OK, I guess this fixes it then? http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072 Yes. Thank you! -- John Marshall pgpnBR5DBRCzL.pgp Description: PGP signature
Re: [Dovecot] Quota question.
On Fri 14 Aug 2009 02:51:33 AM CEST, Timo Sirainen wrote You should be able to just delete the user's quota row from SQL and then log in as the user and issue GETQUOTAROOT INBOX command. That should recalculate the quota, and in my tests a few days ago it did. But some other guy said that he couldn't get it to work.. So, let me know if there is a problem. in 1.1.16 i have also a problem with quotas, maildirsize file is not created with new size when mailbox is maked, and if qoutas in sql changes, then the maildirsize file does not follow * QUOTAROOT INBOX storage=1024000 * QUOTA storage=1024000 (STORAGE 860298 2096128) Getquotaroot completed. after mysql changed from 2G to 1G qoutas -- xpoint
Re: [Dovecot] Quota question.
On Fri, 2009-08-28 at 23:43 +0200, Benny Pedersen wrote: On Fri 14 Aug 2009 02:51:33 AM CEST, Timo Sirainen wrote You should be able to just delete the user's quota row from SQL and then log in as the user and issue GETQUOTAROOT INBOX command. That should recalculate the quota, and in my tests a few days ago it did. But some other guy said that he couldn't get it to work.. So, let me know if there is a problem. in 1.1.16 i have also a problem with quotas, maildirsize file is not created with new size when mailbox is maked, and if qoutas in sql changes, then the maildirsize file does not follow That's a completely different problem, you should have just started a new thread instead of replying. Anyway, post your dovecot -n output and dovecot-sql.conf contents. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Quota question.
On Fri, August 28, 2009 23:46, Timo Sirainen wrote:
On Fri, 2009-08-28 at 23:43 +0200, Benny Pedersen wrote:
On Fri 14 Aug 2009 02:51:33 AM CEST, Timo Sirainen wrote
in 1.1.16 i have also a problem with quotas, maildirsize file is not
created with new size when mailbox is maked, and if qoutas in sql
changes, then the maildirsize file does not follow
That's a completely different problem, you should have just started a
new thread instead of replying. Anyway, post your dovecot -n output and
dovecot-sql.conf contents.
okay, did not know that, attached is my dovecot n and sql conf
--
xpoint# 1.1.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.27-gentoo-r8 x86_64 Gentoo Base System release 1.12.11.1 ext3
base_dir: /var/run/dovecot/
protocols: pop3 imap managesieve pop3s imaps
ssl_listen: *
ssl_ca_file: /etc/ssl/certs/ca-certificates.crt
ssl_cert_file: /etc/ssl/private/home_server.pem
ssl_key_file: /etc/ssl/private/home_privatekey.pem
ssl_cipher_list: ALL:!LOW
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
login_greeting_capability(managesieve): no
login_processes_count: 2
login_max_processes_count: 10
first_valid_uid: 125
last_valid_uid: 125
first_valid_gid: 125
last_valid_gid: 125
mail_location: maildir:/home/vmail/%d/%u/.maildir
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/lib64/dovecot/managesieve
imap_client_workarounds(default): outlook-idle
imap_client_workarounds(imap): outlook-idle
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
pop3_lock_session(managesieve): no
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
sieve_storage(default):
sieve_storage(imap):
sieve_storage(pop3):
sieve_storage(managesieve): /home/vmail/%d/%u/.sieve
sieve(default):
sieve(imap):
sieve(pop3):
sieve(managesieve): /home/vmail/%d/%u/.dovecot.sieve
namespace:
type: private
inbox: yes
list: yes
subscriptions: yes
auth default:
mechanisms: plain login
worker_max_count: 4
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 438driver = mysql
connect = host=localhost dbname=dbname user=dbuser password=dbpass
default_pass_scheme = MD5-CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT concat('/home/vmail/', maildir) AS home,
concat('/home/vmail/', maildir) AS maildir, 125 AS uid, 125 AS gid,
concat('maildir:storage=', floor(quota/1024)) AS quota FROM mailbox WHERE
username = '%u'
Re: [Dovecot] Quota question.
On Aug 28, 2009, at 6:00 PM, Benny Pedersen wrote:
On Fri, August 28, 2009 23:46, Timo Sirainen wrote:
On Fri, 2009-08-28 at 23:43 +0200, Benny Pedersen wrote:
On Fri 14 Aug 2009 02:51:33 AM CEST, Timo Sirainen wrote
in 1.1.16 i have also a problem with quotas, maildirsize file is not
created with new size when mailbox is maked, and if qoutas in sql
changes, then the maildirsize file does not follow
That's a completely different problem, you should have just started a
new thread instead of replying. Anyway, post your dovecot -n output
and
dovecot-sql.conf contents.
okay, did not know that, attached is my dovecot n and sql conf
The problem is
user_query = SELECT concat('/home/vmail/', maildir) AS home,
concat('/home/vmail/', maildir) AS maildir, 125 AS uid, 125 AS gid,
concat('maildir:storage=', floor(quota/1024)) AS quota FROM mailbox
WHERE username = '%u'
that you're trying to use v1.0 quota configuration with v1.1. You'll
need in dovecot.conf:
plugin {
quota = maildir
}
and in user_query:
.., concat('*:bytes=', quota) AS quota_rule FROM ..
Re: [Dovecot] Quota question.
On Sat, August 29, 2009 00:04, Timo Sirainen wrote:
On Aug 28, 2009, at 6:00 PM, Benny Pedersen wrote:
.., concat('*:bytes=', quota) AS quota_rule FROM ..
super solved it for me
--
xpoint
[Dovecot] PAM Authentication with OSX Snow Leopard
Hi Apple changed from Linux PAM to OpenPAM and the dovecot pam file (dovecot installed from macports) doesn't work anymore. Installed pam modules are: -r--r--r--1 root wheel 76640 31 Jul 09:15 pam_env.so.2 -r--r--r--1 root wheel 51024 31 Jul 09:15 pam_group.so.2 -r--r--r--1 root wheel 99776 31 Jul 09:15 pam_krb5.so.2 -r--r--r--1 root wheel 51552 31 Jul 09:15 pam_launchd.so.2 -r--r--r--1 root wheel 68800 31 Jul 09:15 pam_mount.so.2 -r--r--r--1 root wheel 50896 31 Jul 09:15 pam_nologin.so.2 -r--r--r--1 root wheel 64272 31 Jul 09:15 pam_opendirectory.so.2 -r--r--r--1 root wheel 51008 31 Jul 09:15 pam_sacl.so.2 -r--r--r--1 root wheel 50608 31 Jul 09:15 pam_self.so.2 -r--r--r--1 root wheel 60448 31 Jul 09:15 pam_serialnumber.so.2 -r--r--r--1 root wheel 50880 31 Jul 09:15 pam_uwtmp.so.2 Does anyone know to get dovecot with this modules work? Nicola
[Dovecot] NTLM failures with an interesting twist
This is a tired old topic but I've at least got an angle on it:
Outlook Express works perfectly with IMAP / SPA for users logged into
our Windows domain; I just give the server address and username, and it
logs in without any password required; beautiful!
auth_ntlm_use_winbind = yes
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth default {
mechanisms = ntlm
userdb static {
args = uid=500 gid=500 home=/var/mail/%u allow_all_users=yes
}
}
Dovecot is the 1.1.13-2~bpo50+1 package from backports.org on Debian
lenny, with winbind 3.2.5
Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
AUTH#0111#011NTLM#011service=imap#011lip=10.6.1.82#011rip=10.6.1.81#011lport=143#011rport=1205
Aug 28 23:49:38 ccimap dovecot: auth(default): client out: CONT#0111#011
Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAABB7IIogIAAgAvBwAHACgFASgKD01SSklHR1NBRA==
Aug 28 23:49:38 ccimap dovecot: auth(default): client out:
CONT#0111#011TlRMTVNTUAACBAAEADAFgominEGMs1Rz3YQAAGYAZgA0QQBEAAIABABBAEQAAQAMAEMAQwBJAE0AQQBQAAQAGgBsAGEAdABlAHIAbwBvAG0AcwAuAGMAbwBtAAMAKABjAGMAaQBtAGEAcAAuAGwAYQB0AGUAcgBvAG8AbQBzAC4AYwBvAG0AAA==
Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAADGAAYAGYYABgAfgQABABIDAAMAEwOAA4AWACWBYKIogUBKAoPQQBEAG0AagBpAGcAZwBzAE0AUgBKAEkARwBHAFMAKYRSdfpULaQAj90Vff2FIU1+Gs/eei8bL8dMJFGZnzSg
Aug 28 23:49:38 ccimap dovecot: auth(default): client out:
OK#0111#011user=mjiggs
Aug 28 23:49:38 ccimap dovecot: auth(default): master in:
REQUEST#0112#0111869#0111
Aug 28 23:49:38 ccimap dovecot: auth(default): passwd(mjiggs,10.6.1.81):
lookup
Aug 28 23:49:38 ccimap dovecot: auth(default): master out:
USER#0112#011mjiggs#011system_user=mjiggs#011uid=10416#011gid=1#011home=/home/AD/mjiggs
Aug 28 23:49:38 ccimap dovecot: imap-login: Login: user=mjiggs,
method=NTLM, rip=10.6.1.81, lip=10.6.1.82
So, Outlook Express works. Great. The worst email client I know and it
works fine with SPA.
Unfortunately Outlook 2007 doesn't work - it prompts me for a password,
and then obviously fails with NT_STATUS_WRONG_PASSWORD..
Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
AUTH#0111#011NTLM#011service=imap#011lip=10.6.1.82#011rip=10.6.1.81#011lport=143#011rport=1162
Aug 28 23:39:40 ccimap dovecot: auth(default): client out: CONT#0111#011
Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAABB4IIogAFASgKDw==
Aug 28 23:39:40 ccimap dovecot: auth(default): client out:
CONT#0111#011TlRMTVNTUAACBAAEADAFgomiAN6hAS8XKA4AAGYAZgA0QQBEAAIABABBAEQAAQAMAEMAQwBJAE0AQQBQAAQAGgBsAGEAdABlAHIAbwBvAG0AcwAuAGMAbwBtAAMAKABjAGMAaQBtAGEAcAAuAGwAYQB0AGUAcgBvAG8AbQBzAC4AYwBvAG0AAA==
Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAADGAAYAGIYABgAegBIDAAMAEgOAA4AVACSBYKIogUBKAoPbQBqAGkAZwBnAHMATQBSAEoASQBHAEcAUwBVhYHxX9PdSQC0rohzeNXOHMxVHQkogW4ytyNC9hcpnCg=
Aug 28 23:39:40 ccimap dovecot: auth(default): winbind(?,10.6.1.81):
user not authenticated: NT_STATUS_WRONG_PASSWORD
Aug 28 23:39:40 ccimap dovecot: auth(default): new auth connection:
pid=1867
Aug 28 23:39:41 ccimap dovecot: auth(default): client out: FAIL#0111
Does anyone have any magic beans for Outlook 2007 (tried both original
release + SP2) ?
Cheers,
Gavin
Re: [Dovecot] NTLM failures with an interesting twist
On Aug 28, 2009, at 7:25 PM, Gavin Hamill wrote: auth_ntlm_use_winbind = yes .. Does anyone have any magic beans for Outlook 2007 (tried both original release + SP2) ? No idea. Have you tried if Dovecot's internal NTLM support logs anything useful (so without winbind)?
Re: [Dovecot] NTLM failures with an interesting twist
On Fri, 2009-08-28 at 19:32 -0400, Timo Sirainen wrote: On Aug 28, 2009, at 7:25 PM, Gavin Hamill wrote: auth_ntlm_use_winbind = yes .. Does anyone have any magic beans for Outlook 2007 (tried both original release + SP2) ? No idea. Have you tried if Dovecot's internal NTLM support logs anything useful (so without winbind)? Today's my first day with Dovecot, so be gentle :) I did notice that winbind was optional but I wasn't able to find a drool-proof walkthrough to set up the internal support. I've had recent good experience with winbind (squid and samba + ntlm auth) so decided to press ahead with it. Is there a Wiki article on using the internal support? Cheers, Gavin,
Re: [Dovecot] NTLM failures with an interesting twist
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2008-May/001388.html This looks to be relevant .. OL2007 sends usern...@emaildomain.com as the username rather than usern...@windows-domain.com. In our setup, the email domain is not the same as the Windows domain name (domainname.com versus ad.domainname.com) so I guess that's why it fails for us, but probably works for other people.. gdh
[Dovecot] Quick and dirty server optimized for IMAP upload speed?
Early next week I need to upload over 100,000 emails to an IMAP server as quickly as possible from an Outlook client. I am looking for any methods I can use to (temporarily?) speed up the rate at which dovecot can accept and store IMAP uploads, whether it be storing on local disk, ram disk, etc. I can setup a temporary server on a laptop for example and once the upload has finished I can use standard file copying methods to transfer the mail to stable, permanent storage. I haven't been able to see over about 7 msgs/sec upload speed from a local folder in any mail client to dovecot (only NFS or ZFS backend tested so far with Maildir). Is there something horribly wrong with the speed I am seeing or are there just tricks I can try? Any tips? I'll be working on it all weekend until I find something satisfactory. It seems like I can upload mails to an Exchange server quicker. I'll setup just about anything that my experience allows me to, I can be very resourceful with adhoc hardware and software. Alternatively I'll take a fast way of converting Exchange email to a tree of local mbox files which I can then run mb2md on. I tried using Thunderbird to Import the mails from Outlook and while it was fast, it messed up the formatting of some of the mails so I don't think I can use that. I tried readpst briefly from libpst but it took a long time to run, took alot of cpu, and was spewing lots of errors so I canceled it. Thanks for any input!
Re: [Dovecot] Quick and dirty server optimized for IMAP upload speed?
On Aug 28, 2009, at 8:38 PM, Adam McDougall wrote: Early next week I need to upload over 100,000 emails to an IMAP server as quickly as possible from an Outlook client. I am looking for any methods I can use to (temporarily?) speed up the rate at which dovecot can accept and store IMAP uploads, whether it be storing on local disk, ram disk, etc. I can setup a temporary server on a laptop for example and once the upload has finished I can use standard file copying methods to transfer the mail to stable, permanent storage. I haven't been able to see over about 7 msgs/sec upload speed from a local folder in any mail client to dovecot (only NFS or ZFS backend tested so far with Maildir). Is there something horribly wrong with the speed I am seeing or are there just tricks I can try? Any tips? I'll be working on it all weekend until I find something satisfactory. It seems like I can upload mails to an Exchange server quicker. I'll setup just about anything that my experience allows me to, I can be very resourceful with adhoc hardware and software. From Dovecot's side the only thing you can do is fsync_disable=yes. The main problem is probably network latency, because Outlook doesn't support MULTIAPPEND extension (and perhaps not even LITERAL+ extension?) Did you already try running Dovecot on the same computer as Outlook (some virtual thingy or maybe it works in cygwin)? Alternatively I'll take a fast way of converting Exchange email to a tree of local mbox files which I can then run mb2md on. If the mails are in Exchange, can't you connect to it using IMAP?
Re: [Dovecot] Quick and dirty server optimized for IMAP upload speed?
Timo Sirainen wrote: On Aug 28, 2009, at 8:38 PM, Adam McDougall wrote: Early next week I need to upload over 100,000 emails to an IMAP server as quickly as possible from an Outlook client. I am looking for any methods I can use to (temporarily?) speed up the rate at which dovecot can accept and store IMAP uploads, whether it be storing on local disk, ram disk, etc. I can setup a temporary server on a laptop for example and once the upload has finished I can use standard file copying methods to transfer the mail to stable, permanent storage. I haven't been able to see over about 7 msgs/sec upload speed from a local folder in any mail client to dovecot (only NFS or ZFS backend tested so far with Maildir). Is there something horribly wrong with the speed I am seeing or are there just tricks I can try? Any tips? I'll be working on it all weekend until I find something satisfactory. It seems like I can upload mails to an Exchange server quicker. I'll setup just about anything that my experience allows me to, I can be very resourceful with adhoc hardware and software. From Dovecot's side the only thing you can do is fsync_disable=yes. The main problem is probably network latency, because Outlook doesn't support MULTIAPPEND extension (and perhaps not even LITERAL+ extension?) Did you already try running Dovecot on the same computer as Outlook (some virtual thingy or maybe it works in cygwin)? I just tried fsync_disable=yes but with NFS and had to turn off mail_nfs_index = yes as well but the speed was the same. Do you think it would be different with a UFS or ZFS backend with fsync_disable? I have not tried running dovecot on the same computer. When you mention dovecot+cygwin I think of the reported issues in the past on the mailing list and don't know if they were resolved. I could try dovecot in virtualbox I suppose (I put it on my list to try). Alternatively I'll take a fast way of converting Exchange email to a tree of local mbox files which I can then run mb2md on. If the mails are in Exchange, can't you connect to it using IMAP? In theory yes, but I don't have access to the actual Exchange server until Monday at the earliest, and the user is using cached exchange mode which in past experience leaves the possibility of local mail which is not actually on the server due to a desync. Unless I am sure it is perfectly in sync, I've seen a second Outlook connect to Exchange using the native protocols and it initiated a massive deletion of mail which we had to toil to recover from obscure cache files on the original client. I don't know if an IMAP connection might trigger the same issue. For performance testing's sake, I'll see if I can upload some mail to our own Exchange server and see how fast an mbox capable mail client can download it. I can do some limited testing in the real environment on Monday but I'm expected to do the real migration on Tuesday unless I have to cancel. Thanks for the ideas.
[Dovecot] IMAP activity after disconnect
Howdy, I'm running Dovecot 1.1.16 on a staging server to do some testing before building a new server and moving a bunch of qmail/vpopmail/courier accounts over. I wanted to test the migration of courier accounts to dovecot with a few clients, so I copied over a few large accounts. All went well with a small account (100+ messages) when accessing the account via POP - no re-downloads after adjusting the uidl format. IMAP looks good as well after running the conversion script and setting the namespace properly. However, one thing I copied over without paying much attention was a non-quota'd spam box that has literally not been checked in at least a year: [r...@nac /var/vmail/xxx.com/spork/Maildir/.Spam]# ls new/| wc -l 70501 Mail.app valiantly tried to sync this, but when I realized just how huge this was, I took the account offline and quit the app. However it seems like Dovecot is still busy doing something in that mailbox: lsof: no pwd entry for UID 5000 imap27515 50007uW VREG 0,95 3372 2968764 /jails/nac.xxx.com/var/vmail/xxx.com/spork/Maildir/.Spam/dovecot.index.log lsof: no pwd entry for UID 5000 imap27515 50008uVREG 0,95 488 3007349 /jails/nac.xxx.com/var/vmail/xxx.com/spork/Maildir/.Spam/dovecot.index lsof: no pwd entry for UID 5000 imap27515 50009uVREG 0,9525195 27064933 /jails/nac.xxx.com/var/vmail/xxx.com/spork/Maildir/.Spam/dovecot-uidlist lsof: no pwd entry for UID 5000 imap27515 5000 10rVDIR 0,95 15171072 2968758 /jails/nac.xxx.com/var/vmail/xxx.com/spork/Maildir/.Spam/new My guess is it's trying to build an index. This process is chewing up 100% of whatever cpu it lands on. Is this expected behavior (not the huge cpu usage, but the imap server continuing to work on the box after the client has logged out)? Are there any config settings I've missed to sort of put a cap on how much cpu/time dovecot will spend on a task like this? So far this has been running for about 20 minutes. I'm going to kill it and manually delete the spam since I'm not familiar enough with gdb to dig in and see just what it's doing (although my guess is indexing). On the upside, I have some serious spam magnet addresses in this test domain, so now I've got a great platform to test my amavis/postfix/policy skills. :) Thanks, Charles ___ Charles Sprickman NetEng/SysAdmin Bway.net - New York's Best Internet - www.bway.net sp...@bway.net - 212.655.9344
