Re: [Dovecot] Samba AD and Dovecot
On Wed, Oct 07, 2009 at 12:57:21AM -0400, Timo Sirainen wrote: > Ccing mailing list, since I'm not all-knowing.. > > On Oct 7, 2009, at 12:49 AM, Trever L. Adams wrote: > > >Timo Sirainen wrote: > >>On Oct 7, 2009, at 12:36 AM, Trever L. Adams wrote: > >>>1) I have seen how to configure for LDAP and Kerberos. AD uses both > >>>together. All user information is in AD/LDAP and authentication is > >>>AD/Kerberos. How can I configure Dovecot to use both appropriately? > >>You could forget about the Kerberos part and just use AD as an LDAP > >>server. > >I really want to use kerberos/SPNEGO everywhere I can for various > >reasons. The LDAP would be for the configuration. > > Do you actually want the IMAP/POP3 clients to use Kerberos? For > plaintext auth I don't see any benefit in Dovecot using Kerberos > rather than LDAP (and it doesn't support that, except via pam_kerberos > or whatever I guess). But for clients to use Kerberos (GSSAPI) and > authenticate against AD while Dovecot is in the middle... I've no > idea. I guess that's possible somehow. There was a thread a month or so ago on how to do GSSAPI with AD and dovecot kerberos. It works great, and I highly recommend it for AD sites. Check the archives, it isn't really too hard. The problem with LDAP is you have to use SSL ldap for security. The overhead is much higher than using native kerberos or samba pam modules. There is also an obnoxios setup procedure on the AD side to get a LDAP SSL cert installed and serious issues with failover to backup domain controllers. For plain text password auth on AD sites, samba's pam_winbind is probably the best choice. Secure, easy to setup and pretty fast. If you have an AD server I also *highly* recommend the dovcot winbind NTLM method. Almost every client in the world will do some level of NTLM hashing and it reduces the risk from plain password exposure. > >No, I will be using the new Samba IDMAP stuff that hashes all the > >parts > >of the windows ID to a 32 bit UID. Anyway to do to this, or will I > >need > >to find another solution (not for mailing, but for directory > >creation)? > > There's no great way to do this.. A couple of kludgy ways. Like chmod > 01777 /var/mail. Or override mail_executable setting to a script that > still runs as root and can create the directory with proper > permissions. http://wiki.dovecot.org/PostLoginScripting Can dovecot use pam_mkhomedir? Jason
Re: [Dovecot] Samba AD and Dovecot
Timo Sirainen wrote: >> I really want to use kerberos/SPNEGO everywhere I can for various >> reasons. The LDAP would be for the configuration. > Do you actually want the IMAP/POP3 clients to use Kerberos? For > plaintext auth I don't see any benefit in Dovecot using Kerberos > rather than LDAP (and it doesn't support that, except via pam_kerberos > or whatever I guess). But for clients to use Kerberos (GSSAPI) and > authenticate against AD while Dovecot is in the middle... I've no > idea. I guess that's possible somehow. You have all of the Kerberos/GSSAPI/SPNEGO stuff done. It is just a matter of can I still have the configuration (for user directories, etc.) done in LDAP? http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28spnego%29 for the SNPEG/Kerberos I am not using this via Plain Text. This is for AD and Kerberos domains. (Yes, I understand that if I want to do straight kerberos, I use http://wiki.dovecot.org/Authentication/Kerberos instead. But instead of userdb static, can it be userdb ldap or some such? > There's no great way to do this.. A couple of kludgy ways. Like chmod > 01777 /var/mail. Or override mail_executable setting to a script that > still runs as root and can create the directory with proper > permissions. http://wiki.dovecot.org/PostLoginScripting Alright, I am going to have to find another way for this part. The other part (Kerberos and LDAP together), I do need. LDAP for configuration, Kerberos (or NTLM in some cases for SPNEGO) for authentication. Trever Adams signature.asc Description: OpenPGP digital signature
[Dovecot] LAYOUT=fs still uses 'dot' prefixes for folders
running latest dovecot HEAD, per, http://wiki.dovecot.org/MailLocation/Maildir i've set LAYOUT=fs, dovecot -n| grep -i layout mail_location: maildir:/data/mail:LAYOUT=fs and expect, maildirs to actually use physical directories, such as: * Maildir/folder/ * Maildir/folder/subfolder/ but, autocre...@login creates folders using "dot" prefixes, e.g., cd /data/mail/Domains/my.domain.com/Accounts/test_account ls -1d .* ./ ../ .Drafts/ .Spam/ .Templates/ .Trash/ &, login via TBird, creating a folder "test", also creates .test/ a bug, or a misconfiguration?
Re: [Dovecot] Samba AD and Dovecot
Ccing mailing list, since I'm not all-knowing.. On Oct 7, 2009, at 12:49 AM, Trever L. Adams wrote: Timo Sirainen wrote: On Oct 7, 2009, at 12:36 AM, Trever L. Adams wrote: 1) I have seen how to configure for LDAP and Kerberos. AD uses both together. All user information is in AD/LDAP and authentication is AD/Kerberos. How can I configure Dovecot to use both appropriately? You could forget about the Kerberos part and just use AD as an LDAP server. I really want to use kerberos/SPNEGO everywhere I can for various reasons. The LDAP would be for the configuration. Do you actually want the IMAP/POP3 clients to use Kerberos? For plaintext auth I don't see any benefit in Dovecot using Kerberos rather than LDAP (and it doesn't support that, except via pam_kerberos or whatever I guess). But for clients to use Kerberos (GSSAPI) and authenticate against AD while Dovecot is in the middle... I've no idea. I guess that's possible somehow. 2) For example if I have a directory /var/mail/domain/user. Can I have Dovecot auto create (with proper permissions) the domain/user part? These would be used for maildir. If you're using the same UNIX UID for all users, there's really nothing you need to do. Dovecot tries to create missing directories automatically. No, I will be using the new Samba IDMAP stuff that hashes all the parts of the windows ID to a 32 bit UID. Anyway to do to this, or will I need to find another solution (not for mailing, but for directory creation)? There's no great way to do this.. A couple of kludgy ways. Like chmod 01777 /var/mail. Or override mail_executable setting to a script that still runs as root and can create the directory with proper permissions. http://wiki.dovecot.org/PostLoginScripting
Re: [Dovecot] Samba AD and Dovecot
On Oct 7, 2009, at 12:36 AM, Trever L. Adams wrote: I haven't seen the answer to this, maybe I am just using the wrong searches. I have two queries related to this: 1) I have seen how to configure for LDAP and Kerberos. AD uses both together. All user information is in AD/LDAP and authentication is AD/Kerberos. How can I configure Dovecot to use both appropriately? You could forget about the Kerberos part and just use AD as an LDAP server. 2) I can cause Samba to create certain directories on login, etc. However, I am needing to do this for Dovecot (and Postfix using Dovecot deliver). I would prefer to use Dovecot functionality for this, not Samba.This is not the autocreate folder/subscribe stuff, at least I think not. For example if I have a directory /var/mail/domain/user. Can I have Dovecot auto create (with proper permissions) the domain/user part? These would be used for maildir. If you're using the same UNIX UID for all users, there's really nothing you need to do. Dovecot tries to create missing directories automatically.
[Dovecot] Samba AD and Dovecot
Hello All, I haven't seen the answer to this, maybe I am just using the wrong searches. I have two queries related to this: 1) I have seen how to configure for LDAP and Kerberos. AD uses both together. All user information is in AD/LDAP and authentication is AD/Kerberos. How can I configure Dovecot to use both appropriately? 2) I can cause Samba to create certain directories on login, etc. However, I am needing to do this for Dovecot (and Postfix using Dovecot deliver). I would prefer to use Dovecot functionality for this, not Samba.This is not the autocreate folder/subscribe stuff, at least I think not. For example if I have a directory /var/mail/domain/user. Can I have Dovecot auto create (with proper permissions) the domain/user part? These would be used for maildir. Thank you, Trever Adams signature.asc Description: OpenPGP digital signature
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
On Tue, Oct 6, 2009 at 8:19 PM, Patrick Domack wrote: > If you want to email a list that normally no traffic, but many people > willing to help with ntp, try timekeep...@fortytwo.ch (not sure if you have > to subscribe to send emails) good reference, and good advice --> http://fortytwo.ch/mailman/pipermail/timekeepers/2009/004773.html we'll see what comes of that, there. thanks
[Dovecot] Fwd: Re: "Time just moved backwards" in Dovecot in a Xen DomU
Dunno, your email provider doesn't want to talk to me, heh, screw them :) They claim i'm on an rbl, no rbl checks verify this. Even tried to submit a request using their website, but it's broken and doesn't work (http://postmaster.ausics.net/pmg.php) - Forwarded message from patric...@patrickdk.com - Date: Tue, 06 Oct 2009 23:31:37 -0400 From: Patrick Domack Subject: Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU To: Noel Butler yes, using a pool server for that isn't good. but atleast it will let us know if it's just an internet path, or ALL internet paths for him that is causing issues, as it should give a good random sampling. I have a few servers in the pool set to gigabit speeds. If people configure their settings correctly, the dsl/cable ones shouldn't get selected very often. And the pool servers aren't the cause of his issues, as he isn't using any pools servers. I think he has a network issue personally. Quoting Noel Butler : On Tue, 2009-10-06 at 23:08 -0400, Patrick Domack wrote: Jitter stops ntp from doing it's job properly. I'm not sure what is causing you jitter to be so bad, but it's caused by the delay amount changing from packet to packet. The delay should stay consistant (like a ping time). If it keeps bouncing all over the place, ntp can't figure out what time it really is, cause it doesn't know how long that packet was on the network. You can safely ignore offset, it is just how much different your clock is from what the other computer is. Try adding some of the pool servers in there, like: server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org this can also be the cause of it all, there is no QA on hosts in pools, I've seen DSL and cable connected hosts in pools causing all sorts of problems for some, I'm lucky enough to be in a position where we have access to atomic servers so I can avoid all that, but most people are not. -- Kind Regards, Noel Butler L.C.P #251002 (http://counter.li.org) This Email, including any attachments, may contain legally privileged information, therefor remains strictly confidential and is protected under Australian Laws and international treaties. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including attachments immediately. Confidentiality and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF or ODF documents are accepted, do not send Microsoft proprietary formatted documents - see http://www.gnu.org/philosophy/no-word-attachments.html - End forwarded message -
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
On Tue, Oct 06, 2009 at 11:59:02AM +0200, Marco Nenciarini wrote: > Timo Sirainen ha scritto: > > > >That's the pty's fd I think, probably from dovecot --exec-mail because > >normally dovecot master process closes them at startup.. > > > >Did you check if two "dovecot" processes were running when this > >happened? > > This morning the problem showed again. > > This is what I was able to discover: > > 1) There was only one master process. > 2) Imap and managesieve login and worker processes were working normally. > 3) There was no pop3/pop3-login. > > After the last time I've modified my root crontab to execute the > expire-tool every minute, trying to trigger the problem in another time > of the day, but the first failure is > > Oct 6 06:26:02 delta01 dovecot: imap-login: Panic: Leaked file fd 5: > dev 0.12 inode 1005 > Oct 6 06:26:02 delta01 dovecot: dovecot: Temporary failure in creating > login processes, slowing down for now > Oct 6 06:26:02 delta01 dovecot: dovecot: child 21216 (login) killed > with signal 6 (core dumps disabled) > > As you can see this time is the login process of an imap connection, so > I can state that the problem is not related to pop3 and nor to expire > plugin. > > Probably the imap connections that I see were there before the problem > was triggered. > > So the only remaining thing in daily log rotation that can be the > trigger of the problem is the heavy cpu/io load due to daily maintenance. > > The last weird thing is that this time I have simply asked dovecot to > reload its configuration and the problem is vanished. > > I hope this is enough to figure out what was happened. > On the other hand, I have not seen a recurrence since my initial report. At this point, dovecot has been running without interruption for over 9 days. I intend to install 1.2.6 tomorrow. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
Hmm, I forgot to respond to this :) I believe it's working for you, cause you last set dom0 to use it's own clock, instead of xen, so now dom0's clock is getting synced via ntp. BUT the ALL of your domU's now, have no time sync. If your clock in your computer is good, then all is fine (except the long and longer it goes without a sync). So basically what you did was just disable ntp for everything but dom0. If you want to email a list that normally no traffic, but many people willing to help with ntp, try timekeep...@fortytwo.ch (not sure if you have to subscribe to send emails) Quoting PGNet Dev : just fwiw, as of 10/06/09 19:03:27 still no errors. apparently, time's moving forward again ... so, it seems the config above works. why some others have NOT seen the same problems, remains for me a bit of a mystery.
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
If you notice in your ntpq dumps you did, you have >400ms of jitter. That is a hell of alot. I dunno if it makes a difference but you used 3 servers from the same edu, and they have 90ms on them, shouldn't matter, if they where the only ones with jitter I would replace them, but all 4 of your entries have high jitter. Jitter stops ntp from doing it's job properly. I'm not sure what is causing you jitter to be so bad, but it's caused by the delay amount changing from packet to packet. The delay should stay consistant (like a ping time). If it keeps bouncing all over the place, ntp can't figure out what time it really is, cause it doesn't know how long that packet was on the network. You can safely ignore offset, it is just how much different your clock is from what the other computer is. Try adding some of the pool servers in there, like: server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org I assume your in the us atleast, if not you could change to eu or something (check www.pool.ntp.org) A few samples from my dom0's (and noticing lots of people changed from st 2/3 up to 1 lately it seems) remote refid st t when poll reach delay offset jitter == *18.26.4.105 .PPS.1 u 813 1024 3777.939 -2.960 0.937 +64.90.182.55.ACTS. 1 u 487 1024 3779.3754.435 0.670 +204.152.184.72 .GPS.1 u 339 1024 377 82.343 -6.345 0.956 -10.1.11.62 206.246.118.250 2 u3 16 3770.1910.965 0.085 10.1.11.69 10.1.11.61 3 u 15 16 3760.1460.448 0.036 remote refid st t when poll reach delay offset jitter == *206.246.118.250 .ACTS. 1 u 642 1024 377 11.6151.992 0.934 +209.51.161.238 .CDMA. 1 u 955 1024 3779.701 -0.562 0.200 -128.105.39.11 128.105.201.11 2 u 665 1024 377 37.122 -2.228 0.634 -10.1.11.61 18.26.4.105 2 u 10 16 3760.184 -0.916 0.247 +10.1.11.69 10.1.11.61 3 u 11 16 3760.215 -0.542 0.023 remote refid st t when poll reach delay offset jitter == +128.59.16.20204.123.2.5 2 u 40 64 3771.873 -0.291 0.092 -198.82.1.203198.82.247.164 2 u 32 64 357 16.517 -3.454 0.300 -128.2.129.2169.10.36.2 3 u 41 64 377 28.6994.447 0.094 -132.236.56.250 129.6.15.29 2 u2 64 3779.290 -2.892 0.295 *10.1.11.61 18.26.4.105 2 u1 16 3770.161 -0.455 0.051 +10.1.11.62 206.246.118.250 2 u5 16 3770.2060.546 0.020 Quoting PGNet Dev : just fwiw, as of 10/06/09 19:03:27 still no errors. apparently, time's moving forward again ... so, it seems the config above works. why some others have NOT seen the same problems, remains for me a bit of a mystery.
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
just fwiw, as of 10/06/09 19:03:27 still no errors. apparently, time's moving forward again ... so, it seems the config above works. why some others have NOT seen the same problems, remains for me a bit of a mystery.
[Dovecot] how to config dovecot for multiple domains, multiple SSL certs, and conditional IP access -- with passwd-file passdb?
at them moment, i've configured dovecot for a flat passwd-file, annd static userdb. from dovecot.conf, ... auth default { mechanisms = plain digest-md5 cram-md5 user = mail ... passdb passwd-file { args = /data/mail/users/imap_user_file } userdb static { args = static uid=mail gid=mail home=/data/mail/store/Domains/%d/Accounts/%n quota=maildir:storage=4096 nice=10 } ... i'd like to configure dovecot to, host multiple domains, each on a separate IP setup a separate SSL cert for each domain respond with a different login_greeting for each domain restrict access to, and access type (e.g., TLS req'd vs noTLS, secure auth OK) of, imap login based with conditional rules based on the guest's IP address. all of these things are currently implemented on the non-dovecot imap server i'm migrating _from_, and i'd like to preserve these capabilities. can any/all of these be accomplished with a passwd-file flatfile lookup? i know i can restrict IP access in passwd-file with 'allow_nets=', but atm i'm unclear how i'd do that for multiple domains, etc. i understand that much can be accomplished with custom SQL queries, but for a small install would _prefer_ to stay flat file. i'm finding bits & pieces of capability in docs, etc -- but, so far, nothing comprehensive/all-inclusive. which makes me wonder a bit -- why not? any comments/advice would be much appreciated. thanks!
[Dovecot] Move messages marked as Spam
Hello I have implemented recently in my work bogofilter to mark messages as Spam or Ham, currently is working perfectly, but I want to move those messages marked as spam to a folder called spam. I installed dovecot-sieve with the intention of using fileinto to accomplish this. my question is: where I put this: require "fileinto"; if header :contains "X-Bogosity" "Spam" { fileinto "Spam"; } so that all messages that come to my users go into the spam folder? and how i handle messages that are marked as "Unsure" X-Bogosity: Unsure Thanks Michel -- Webmail, servicio de correo electronico Casa de las Americas - La Habana, Cuba.
Re: [Dovecot] deliver stopped working
Note to all: If you are running Dovecot on a system where any of the mailboxes are nfs v4 mounted from a RHEL (or derivative) server DO NOT upgrade that server to an unpatched 2.6.18-164 kernel, it is very broken at this time. Not only will Dovecot fail but you're likely to have a myriad of other problems. https://bugzilla.redhat.com/show_bug.cgi?id=523797 https://bugzilla.redhat.com/show_bug.cgi?id=524520 > On Mon, 2009-10-05 at 10:30 -0400, vwc72...@voicenet.com wrote: >> So, it is reproducible. Now, if you take O_EXCL out it works even for the >> user: > .. >> Why I suddenly get the behavior I don't know. Clearly its not deliver, but >> deliver >> tries >> to do something that behaves badly on this system. > > I've no idea. Never heard of O_EXCL failing in that way. You could > always just remove the O_EXCL uses from Dovecot sources, Dovecot doesn't > rely on them. > >
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Tue, Oct 06, 2009 at 09:22:12AM -0400, Timo Sirainen wrote: > On Oct 6, 2009, at 9:00 AM, Bruce Bodger wrote: > >> >> On Oct 6, 2009, at 3:55 AM, Jernej Porenta wrote: >> >>> I am expiriencing compiling issues on Solaris 8 and Solaris 10 boxes >>> with dovecot 1.2.6. On Solaris 8 the compiler is gcc 64bit 3.2.2, on >>> Solaris 10 gcc 3.4.3. >> >> Same type of problem here on OS X 10.5.8 Server. >> >> Command line to configure: ./configure --with-ssldir=/System/ >> Library/OpenSSL --with-ssl=openssl >> >> .. >> Undefined symbols: >> "_SSL_get_current_compression", referenced from: >> _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- >> openssl.o) >> "_SSL_COMP_get_name", referenced from: >> _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- >> openssl.o) > > What OpenSSL version do you have? I thought those compression functions > were new enough that everyone would have them by now.. Just to add another data point - it also failed on RHEL4 (openssl 0.9.7a), but your fix in hg already took care of it, thanks! -- Axel.Thimm at ATrpms.net pgpjpoOMvthI0.pgp Description: PGP signature
Re: [Dovecot] OpenBSD and Dovecot (mysql support)
Le mardi 06 octobre 2009 à 15:13 -0400, Charles Marcus a écrit : > On 10/6/2009, Jean-François SIMON (jfsimon1...@gmail.com) wrote: > >> Please don't guess or ask us to... > >> > >> Output of dovecot -n might be instructive. > > > Now I have this error at launch. Installed flavor is -mysql. > > > > Error: Error in configuration file /etc/dovecot.conf line 1: Unknown > > setting: driver > > > > lign 1 : "driver = mysql" > > Still waiting for output of dovecot -n... It crashes the same way as above. I'll try Timo Sirainen advice.
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 11:32 AM, Axel Luttgens wrote: [...] A bit of oddity I just discovered by viewing source code at http://www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. A SIX YEAR OLD release?! Doing a "openssl version" here on 10.6.1, I get: OpenSSL 0.9.8k 25 Mar 2009 Looks like there's an error in the web page on Apple's OpenSource site. Ahh, whew. That is a relief. -Dave -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] OpenBSD and Dovecot (mysql support)
On Tue, 2009-10-06 at 21:10 +0200, Jean-François SIMON wrote: > Now I have this error at launch. Installed flavor is -mysql. > > Error: Error in configuration file /etc/dovecot.conf line 1: Unknown > setting: driver > > lign 1 : "driver = mysql" Don't put sql settings into dovecot.conf. They should be in dovecot-sql.conf or something. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] OpenBSD and Dovecot (mysql support)
On 10/6/2009, Jean-François SIMON (jfsimon1...@gmail.com) wrote: >> Please don't guess or ask us to... >> >> Output of dovecot -n might be instructive. > Now I have this error at launch. Installed flavor is -mysql. > > Error: Error in configuration file /etc/dovecot.conf line 1: Unknown > setting: driver > > lign 1 : "driver = mysql" Still waiting for output of dovecot -n... -- Best regards, Charles
Re: [Dovecot] OpenBSD and Dovecot (mysql support)
2009/10/3 Charles Marcus > On 10/2/2009, jean-francois (jfsimon1...@gmail.com) wrote: > > Has anyone already built dovecot server to run with with a mysql base ? > > I'd say maybein the thousands... > > > The db worked but the config file is hardly something I could do to work > > properly as it should be, it does even not run saying various errors > > found in dovecot.conf > > Please don't guess or ask us to... > > Output of dovecot -n might be instructive. > > -- > > Best regards, > > Charles > Hello, Now I have this error at launch. Installed flavor is -mysql. Error: Error in configuration file /etc/dovecot.conf line 1: Unknown setting: driver lign 1 : "driver = mysql" Thanks for help JF
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
> The wiki page also suggests clockspeed or chrony if ntpd can't seem to > keep the time correct. Maybe one of those helps. Hmm. The Chrony's web > site seems to be gone, wonder if it has a new one somewhere.. sure, but with the _widespread_ use of ntp(d), this bears investigation. and, unfortunately, at least on opensuse, both http://software.opensuse.org/search?q=chrony http://software.opensuse.org/search?q=clockspeed return empty. which means that a manual intervention -- certainly doable, but hardly 'mainstream' -- will be required. atm, anyway, trying another approach. reading @, http://lists.ntp.isc.org/pipermail/questions/2009-August/024110.html changing, @ Dom0 echo "1" > /proc/sys/xen/independent_wallclock echo "jiffies" > /sys/devices/system/clocksource/clocksource0/current_clocksource @ DomU echo "0" > /proc/sys/xen/independent_wallclock echo "xen" > /sys/devices/system/clocksource/clocksource0/current_clocksource i.e., Dom0 _not_ using xen timekeeping, rather 'traditional' ntpd service, and DomU (running Dovecot) depending on DomU _using_ the xen timesource drivers. then, @ DomU service ntp stop service dovecot-custom restart & watching, tail -f /var/log/dovecot/*log /var/log/messages returns, Oct 06 11:41:53 dovecot: Info: Dovecot v1.2.6 starting up (core dumps disabled) Oct 06 11:41:53 auth(default): Info: passwd-file /data/mail/Data/USERS/imap_user_file: Read 2 users Oct 06 11:41:54 auth(default): Info: new auth connection: pid=18001 Oct 06 11:41:54 auth(default): Info: new auth connection: pid=18003 Oct 06 11:41:54 auth(default): Info: new auth connection: pid=18002 ... with this approach, at least as of Tue Oct 6 12:05:40 PDT 2009 no further errors. a 'new record' at 24 minutes ... encouraging, but will keep an eye on it for awhile.
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
On Tue, 2009-10-06 at 11:24 -0700, PGNet Dev wrote: > and, of course, immediately after hitting 'Send', i see in logs, > > Oct 06 11:22:08 dovecot: Error: Time just moved backwards by 1 > seconds. I'll sleep now until we're back in present. > http://wiki.dovecot.org/TimeMovedBackwards > > Oct 6 11:22:07 mx ntpd[17697]: time reset -2.075483 s > Oct 6 11:22:16 mx ntpd[17697]: synchronized to 128.2.1.21, stratum 2 The wiki page also suggests clockspeed or chrony if ntpd can't seem to keep the time correct. Maybe one of those helps. Hmm. The Chrony's web site seems to be gone, wonder if it has a new one somewhere.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
and, of course, immediately after hitting 'Send', i see in logs, Oct 06 11:22:08 dovecot: Error: Time just moved backwards by 1 seconds. I'll sleep now until we're back in present. http://wiki.dovecot.org/TimeMovedBackwards Oct 6 11:22:07 mx ntpd[17697]: time reset -2.075483 s Oct 6 11:22:16 mx ntpd[17697]: synchronized to 128.2.1.21, stratum 2 :-(
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
progress, i think. thanks to all for comments. referencing, http://www.novell.com/communities/node/8629/time-synchronization-xen-setup http://www.linux.org.za/Lists-Archives/glug-tech-0905/msg00271.html http://www.gossamer-threads.com/lists/linux/kernel/1039416 i've decoupled DomU's time service from Dom0, @ both Dom0 & DomU cat /proc/sys/xen/independent_wallclock 1 checking available kernel clocksources, cat /sys/devices/system/clocksource/clocksource0/available_clocksource xen jiffies @ Dom0's /boot/grum/menu.lst, i've added, module /vmlinuz-xen ... clocksource=jiffies ... and, at DomU's .cfg in Dom0, extra= '... clocksource=jiffies ...' verifying in both Dom0 & DomU, i've cat /sys/devices/system/clocksource/clocksource0/current_clocksource jiffies i've removed any pool servers, specifying local/regional Stratum 2/1 server, instead. both DomU & Dom0 have, atm, cat /etc/ntp.conf restrict default nomodify notrap noquery restrict 127.0.0.1 restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap server ac-ntp0.net.cmu.edu iburst server ac-ntp1.net.cmu.edu iburst server ac-ntp2.net.cmu.edu iburst server clock.sjc.he.net iburst driftfile /var/lib/ntp/drift/ntp.drift logfile /var/log/ntpd/ntp.log statsdir /var/log/ntpd/ # directory for statistics files filegen peerstats file peerstats type day enable filegen loopstats file loopstats type day enable filegen clockstats file clockstats type day enable and ntp is running, ps ax | grep ntp 13012 ?S stratum=2, precision=-8, rootdelay=18.717, rootdispersion=1077.662, peer=35633, refid=216.218.254.202, reftime=ce7605a0.6d9086a4 Tue, Oct 6 2009 11:06:24.427, poll=6, clock=ce7606ac.ba2a0e0c Tue, Oct 6 2009 11:10:52.727, state=2, offset=-119.499, frequency=-37.025, jitter=455.226, noise=42.407, stability=0.040, tai=0 remote refid st t when poll reach delay offset jitter == +AC-NTP0.net.cmu 128.237.148.140 2 u 12 64 37 99.147 -669.34 452.011 +AC-NTP1.net.cmu 128.237.148.132 2 u 13 64 37 95.951 -667.96 454.264 +AC-NTP2.net.cmu 128.237.148.132 2 u5 64 35 89.923 -688.34 496.274 *clock.sjc.he.ne .CDMA. 1 u 15 64 37 15.566 -673.46 455.158 ntpdc -c kerninfo pll offset: -0.09179 s pll frequency:-37.025 ppm maximum error:0.135195 s estimated error: 0.042407 s status: 0001 pll pll time constant:6 precision:1e-06 s frequency tolerance: 500 ppm @ DomU, ntpq -p -c rv assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, version="ntpd 4.2@1.1549-o Fri May 8 08:40:54 UTC 2009 (1)", processor="x86_64", system="Linux/2.6.27.29-0.1-xen", leap=00, -> stratum=3, precision=-8, rootdelay=98.154, rootdispersion=357.033, peer=50391, refid=216.218.254.202, reftime=ce7605c4.85c9d4d7 Tue, Oct 6 2009 11:07:00.522, poll=6, clock=ce7606b2.b01ba2b4 Tue, Oct 6 2009 11:10:58.687, state=2, offset=-102.003, frequency=-2.249, jitter=367.417, noise=36.248, stability=0.409, tai=0 remote refid st t when poll reach delay offset jitter == +AC-NTP0.net.cmu 128.237.148.140 2 u 35 64 17 91.744 -557.29 359.884 +AC-NTP1.net.cmu 128.237.148.140 2 u 37 64 17 96.365 -548.70 355.430 +AC-NTP2.net.cmu 128.237.148.132 2 u 54 64 17 98.517 -509.63 363.221 *clock.sjc.he.ne .CDMA. 1 u 37 64 17 22.907 -553.69 366.781 ntpdc -c kerninfo pll offset: -0.080367 s pll frequency:-2.249 ppm maximum error:0.12257 s estimated error: 0.036248 s status: 0001 pll pll time constant:6 precision:1e-06 s frequency tolerance: 500 ppm with this setup, service dovecot-custom restart
Re: [Dovecot] Binary locations
ummm... I like the idea of an anchor as per Jim Redi /sbin is for the dovecot daemon, /libexec/dovecot is for supporting tools & utilities /lib is for dovecot's (shared) libraries /etc is for config files ...I use /usr/local for that in my installation. Which means that, if upgrades (of the OS) do messy things to the contents of /etc/ or/bin or..., the dovecot stuff is in /usr/local/etc, /usr/local/bin or sbin and is left alone. And, of course, the anchor can be null. Timo Sirainen wrote: Where do you think the following binaries should be installed to? The possible locations are: - bin/ - sbin/ - libexec/dovecot/ (or lib/dovecot/ in most Linux distros) So the binaries are: 1) These probably belong to bin/ or sbin/ or both: - authtest - dovecotpw - doveadm 2) Binaries that you might want to call from mail_executable setting: - rawlog - gdbhelper 3) Index file dumping programs, mostly meant for debugging problems: - idxview - listview - logview - mailboxlogview - threadview 4) Some extra tools that might be useful sometimes: - imap-utf7 : Encode/decode IMAP mailbox names (mUTF-7 <-> UTF-8) - maildirlock : Lock a Maildir, primarily intended for compressing files in maildir And perhaps some of the binaries should be renamed? The authtest actually now looks like a bad name. Maybe it should have been "doveauthtest" or "dovecot-authtest" or ..? -- "One must think like a hero to behave like a merely decent human being." - May Sarton Stewart Dean, Unix System Admin, Bard College, New York 12504 sd...@bard.edu voice: 845-758-7475, fax: 845-758-7035
[Dovecot] Move messages marked as Spam
Hello I have implemented recently in my work bogofilter utility to mark messages as Spam or Ham, currently is working perfectly, but I want to move those messages marked as spam to a folder called spam. I installed dovecot-sieve with the intention of using fileinto to accomplish this. my question is: where I put this: require "fileinto"; if header :contains "X-Bogosity" "Spam" { fileinto "Spam"; } so that all messages that come to my users go into the spam folder? and how i handle messages that are marked as "Unsure" X-Bogosity: Unsure Thanks Michel
Re: [Dovecot] Dovecot 1.2.4 - assertion crash in view_lookup_seq_range
On Tue, 2009-10-06 at 10:33 -0700, Brandon Davidson wrote: > Oct 6 07:33:09 oh-popmap3p dovecot: imap: user=, rip=, > pid=11931: Panic: file mail-index-view.c: line 264 > (view_lookup_seq_range): assertion failed: (first_uid > 0) I think it's this bug fixed in 1.2.5: http://hg.dovecot.org/dovecot-1.2/rev/ff4c1e9f47a4 signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot 1.2.4 - assertion crash in view_lookup_seq_range
Hi all, We have a number of machines running Dovecot 1.2.4 that have been assert crashing occasionally. It looks like it's occurring when the users expunge their mailboxes, but I'm not sure as I can't reproduce it myself. The error in the logs is: Oct 6 07:33:09 oh-popmap3p dovecot: imap: user=, rip=, pid=11931: Panic: file mail-index-view.c: line 264 (view_lookup_seq_range): assertion failed: (first_uid > 0) Oct 6 07:33:09 oh-popmap3p dovecot: imap: user=, rip=, pid=11931: Raw backtrace: imap [0x49e130] -> imap [0x49e193] -> imap [0x49d816] -> imap [0x47e462] -> imap(mail_index_lookup_seq+0x12) [0x47e022] -> imap(mail_index_view_sync_begin+0x36a) [0x47ffba] -> imap(index_mailbox_sync_init+0x7f) [0x45e56f] -> imap(maildir_storage_sync_init+0x100) [0x43cb70] -> imap(imap_sync_init+0x67) [0x428177] -> imap(cmd_sync_delayed+0x174) [0x4283c4] -> imap(client_handle_input+0x19e) [0x420a0e] -> imap(client_input+0x5f) [0x4213ff] -> imap(io_loop_handler_run+0xf8) [0x4a5e98] -> imap(io_loop_run+0x1d) [0x4a4fad] -> imap(main+0x620) [0x428cc0] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x323dc1d994] -> imap [0x4199f9] Oct 6 07:33:09 oh-popmap3p dovecot: dovecot: child 11931 (imap) killed with signal 6 (core dumped) GDB stack information and some additional details are available here: http://uoregon.edu/~brandond/dovecot-1.2.4/stack.txt We are planning to go to 1.2.6 sometime in the next week or two, but I thought I'd try to track this particular error down just in case it's still an issue after the upgrade. -Brad
Re: [Dovecot] dovecot 1.2.5 - can't create auth listener
On Tue, 2009-10-06 at 12:54 -0400, dove...@nro.ca wrote: > My configuration file is pretty basic so maybe someone can point out where > I'm going wrong. I stripped out the few comments and unrelated settings. .. > server a1 { server blocks aren't basic and they've been unsupported almost forever. Where did you even find out about them? I'd rather recommend just using multiple dovecot installations with separate config files. http://wiki.dovecot.org/RunningDovecot#Running_Multiple_Invocations_of_Dovecot v2.0 finally adds proper support for separate certs per IP. signature.asc Description: This is a digitally signed message part
[Dovecot] dovecot 1.2.5 - can't create auth listener
Hi. I have version 1.1.11 working fine with multiple servers. When I upgrade to 1.2.4 or 1.2.5 I keep getting an error 'can't create auth listener' (address in use) I have two ip addresses (lets call them 1.0.0.1 and 1.0.0.2). Each ip address has it's own certificate and set of servers with custom ports. I don't know how the configuration is supposed to work and it was a lot of google and trial and error to get it working. My configuration file is pretty basic so maybe someone can point out where I'm going wrong. I stripped out the few comments and unrelated settings. #listen = * disable_plaintext_auth = no ssl_ca_file = myca.crt protocol lda { postmaster_address = postmas...@example.com } server a1 { protocols = pop3 ssl_cert_file = a1.crt ssl_key_file = a1.key listen = 1.0.0.2:110 1.0.0.2:111 auth default { mechanisms = plain passdb pam { } userdb passwd { }}} server a2 { protocols = pop3s ssl_cert_file = a1.crt ssl_key_file = a1.key listen = 1.0.0.2:995 auth default { mechanisms = plain passdb pam { } userdb passwd { }}} server n1 { protocols = pop3 ssl_cert_file = n1.crt ssl_key_file = n1.key listen = 127.0.0.1:110 127.0.0.1:111 1.0.0.1:110 1.0.0.1:111 auth default { mechanisms = plain passdb pam { } userdb passwd { }}} server n2 { protocols = pop3s ssl_cert_file = n1.crt ssl_key_file = n1.key listen = 127.0.0.1:995 1.0.0.1:995 auth default { mechanisms = plain passdb pam { } userdb passwd { }}} ...and repeat for imap, imaps Thanks, Sean
[Dovecot] compiling issue 1.2.6 - NetBSD
> What OpenSSL version do you have? I thought those compression functions > were new enough that everyone would have them by now.. Same on NetBSD 3.1.0 (which admittedly is unsupported by now) with OpenSSL 0.9.7d. I can pull in a newer version from pkgsrc, of course.
Re: [Dovecot] Binary locations
On 10/6/2009, Timo Sirainen (t...@iki.fi) wrote: > doveadm is supposed to be this featureful thing that can do all kinds of > admin-related stuff. Perhaps one possibility would be to make all of > these its subcommands: +1 -- Best regards, Charles
Re: [Dovecot] Binary locations
On 10/06/2009 05:32 PM Timo Sirainen wrote: > Where do you think the following binaries should be installed to? The > possible locations are: > > - bin/ > - sbin/ > - libexec/dovecot/ (or lib/dovecot/ in most Linux distros) > > So the binaries are: > > 1) These probably belong to bin/ or sbin/ or both: > - authtest > - dovecotpw > - doveadm > > 2) Binaries that you might want to call from mail_executable setting: > - rawlog > - gdbhelper > > 3) Index file dumping programs, mostly meant for debugging problems: > - idxview > - listview > - logview > - mailboxlogview > - threadview > > 4) Some extra tools that might be useful sometimes: > - imap-utf7 : Encode/decode IMAP mailbox names (mUTF-7 <-> UTF-8) > - maildirlock : Lock a Maildir, primarily intended for compressing > files in maildir > > And perhaps some of the binaries should be renamed? The authtest > actually now looks like a bad name. Maybe it should have been > "doveauthtest" or "dovecot-authtest" or ..? under $PREFIX/bin: authtest (or doveauthtest) dovecotpw imap-utf7 maildirlock under $PREFIX/sbin: doveadm doveconf under $PREFIX/libexec/dovecot (or $PREFIX/lib/dovecot): rawlog gdbhelper Hm, all the *view utilities also under $PREFIX/libexec/dovecot Regards, Pascal -- The trapper recommends today: f007ba11.0927...@localdomain.org
Re: [Dovecot] Binary locations
On Tue, 2009-10-06 at 11:32 -0400, Timo Sirainen wrote: > 1) These probably belong to bin/ or sbin/ or both: > - doveadm doveadm is supposed to be this featureful thing that can do all kinds of admin-related stuff. Perhaps one possibility would be to make all of these its subcommands: > - authtest doveadm auth .. > - dovecotpw doveadm pw .. > 3) Index file dumping programs, mostly meant for debugging problems: > - idxview > - listview > - logview > - mailboxlogview > - threadview doveadm dump (automatically detects what type the file is). > 4) Some extra tools that might be useful sometimes: > - imap-utf7 : Encode/decode IMAP mailbox names (mUTF-7 <-> UTF-8) doveadm mutf7 .. > - maildirlock : Lock a Maildir, primarily intended for compressing > files in maildir This could stay separate. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Binary locations
On 6 Oct 2009, at 16:32, Timo Sirainen wrote: Where do you think the following binaries should be installed to? Hi Timo. IMO /sbin is for the dovecot daemon, /libexec/dovecot is for supporting tools & utilities /lib is for dovecot's (shared) libraries /etc is for config files
Re: [Dovecot] Binary locations
On Tue, 2009-10-06 at 11:32 -0400, Timo Sirainen wrote: > 1) These probably belong to bin/ or sbin/ or both: > - authtest .. > And perhaps some of the binaries should be renamed? The authtest > actually now looks like a bad name. Maybe it should have been > "doveauthtest" or "dovecot-authtest" or ..? And if I were forward-looking, maybe dovesasl or dovecot-sasl or dovesasltest or dovecot-sasltest or something. So when in future Dovecot also has SASL client support this could be used to test authentication using all SASL mechanisms. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Marco Nenciarini ha scritto: 2) Imap and managesieve login and worker processes were working normally. I only see this mistake now: the above statement is false, because the subsequent log show an imap-login failure. Sorry for this. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 18:26 +0300, Kerem Erciyes wrote: > Well seems I have a problem. When I enable the imap_acl plugin dovecot will > not start. > > Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: > /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol > "acl_mailbox_right_lookup" Looks like you didn't already have acl plugin enabled, so add it too. Hmm. Maybe these plugins could have a "dependency" setting that complains about missing dependencies or adds them automatically.. > Do you think this is related to mbox instead of maildir setup that we have. > If so, I think I will start by converting to maildirs from mbox and then go > on testing the ACL and Shared Namespace setups. I think that would be a good idea in any case. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] compiling issue 1.2.6 - Solaris
Le 6 oct. 2009 à 17:23, Dave McGuire a écrit : On Oct 6, 2009, at 10:21 AM, Bruce Bodger wrote: [...] A bit of oddity I just discovered by viewing source code at http://www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. A SIX YEAR OLD release?! Doing a "openssl version" here on 10.6.1, I get: OpenSSL 0.9.8k 25 Mar 2009 Looks like there's an error in the web page on Apple's OpenSource site. Axel
[Dovecot] Binary locations
Where do you think the following binaries should be installed to? The possible locations are: - bin/ - sbin/ - libexec/dovecot/ (or lib/dovecot/ in most Linux distros) So the binaries are: 1) These probably belong to bin/ or sbin/ or both: - authtest - dovecotpw - doveadm 2) Binaries that you might want to call from mail_executable setting: - rawlog - gdbhelper 3) Index file dumping programs, mostly meant for debugging problems: - idxview - listview - logview - mailboxlogview - threadview 4) Some extra tools that might be useful sometimes: - imap-utf7 : Encode/decode IMAP mailbox names (mUTF-7 <-> UTF-8) - maildirlock : Lock a Maildir, primarily intended for compressing files in maildir And perhaps some of the binaries should be renamed? The authtest actually now looks like a bad name. Maybe it should have been "doveauthtest" or "dovecot-authtest" or ..? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
Hi, Well seems I have a problem. When I enable the imap_acl plugin dovecot will not start. Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol "acl_mailbox_right_lookup" FCouldn't load required plugins Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /usr/local/etc/dovecot.conf Do you think this is related to mbox instead of maildir setup that we have. If so, I think I will start by converting to maildirs from mbox and then go on testing the ACL and Shared Namespace setups. Regards, Kerem On Tue, Oct 6, 2009 at 5:37 PM, Timo Sirainen wrote: > On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > > I don't think I've ever tried shared mailboxes with mbox format before, > no > > > idea if it even works.. > > > > > > Is there any way to trace ACL commands isssued by the client? Or should > they > > pop up in debug log if ACLs are active? > > http://wiki.dovecot.org/Debugging/Rawlog could be useful. > > -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 10:21 AM, Bruce Bodger wrote: Same type of problem here on OS X 10.5.8 Server. Command line to configure: ./configure --with-ssldir=/System/ Library/OpenSSL --with-ssl=openssl .. Undefined symbols: "_SSL_get_current_compression", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl- proxy-openssl.o) "_SSL_COMP_get_name", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl- proxy-openssl.o) What OpenSSL version do you have? I thought those compression functions were new enough that everyone would have them by now.. bash-3.2# /usr/bin/OpenSSL version OpenSSL 0.9.7l 28 Sep 2006 A bit of oddity I just discovered by viewing source code at http:// www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. A SIX YEAR OLD release?! -- Dave McGuire Port Charlotte, FL
Re: [Dovecot] issues with ACL and Public Namespaces
On Tue, 2009-10-06 at 17:18 +0200, Anton Dollmaier wrote: > Hi Timo, > > > Oh, right, that's because the subscriptions are in the private > > namespace. Hmm. I'll try to get this fixed soon, but if you want to get > > it working now you could use: > > > > namespace public { > >prefix = shared. > >location = > > maildir:/var/mail/vmail/%d/shared:CONTROL=~/shared:INDEX=~/shared > >subscriptions = yes > > } > > Then subscriptions will be handled directly in the public namespace, > therefor all users would have the same folders subscribed, right? No, that's why I added the :CONTROL=~/shared. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v1.2.6 released (managesieve updated)
Timo Sirainen wrote: http://dovecot.org/releases/1.2/dovecot-1.2.6.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.6.tar.gz.sig I've updated the ManageSieve patch: http://www.rename-it.nl/dovecot/1.2/dovecot-1.2.6-managesieve-0.11.9.diff.gz http://www.rename-it.nl/dovecot/1.2/dovecot-1.2.6-managesieve-0.11.9.diff.gz.sig Regards, Stephan
Re: [Dovecot] issues with ACL and Public Namespaces
Hi Timo, Oh, right, that's because the subscriptions are in the private namespace. Hmm. I'll try to get this fixed soon, but if you want to get it working now you could use: namespace public { prefix = shared. location = maildir:/var/mail/vmail/%d/shared:CONTROL=~/shared:INDEX=~/shared subscriptions = yes } Then subscriptions will be handled directly in the public namespace, therefor all users would have the same folders subscribed, right? That would cause permission problems, as not all users are allowed to see every folder. Although there's also a bug related to that where LSUB "" % won't list "shared" and that breaks some clients. That's fixed in v1.2.6. Such commands are actually performed and logged in the rawlog (e.g. 20091005-221025-26325.in), but I don't see any responses back to the client. I'll upgrade to 1.2.6 and check if the problem still occurs.
Re: [Dovecot] issues with ACL and Public Namespaces
On Tue, 2009-10-06 at 16:18 +0200, Anton Dollmaier wrote: > When checking the Folder Subscriptions in RoundCube, Dovecot tries to > find an ACL file for the public folders, but does not check the public > folders, but in the private Maildir: .. > > Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl vfile: file > > /var/mail/vmail/example.com/user6//Maildir/.shared.Transfer/dovecot-acl not > > found > > Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl vfile: file > > /var/mail/vmail/example.com/user6//Maildir/.shared.Transfer.Test1/dovecot-acl > > not found > > Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Disconnected: > > Logged out bytes=73/819 Oh, right, that's because the subscriptions are in the private namespace. Hmm. I'll try to get this fixed soon, but if you want to get it working now you could use: namespace public { prefix = shared. location = maildir:/var/mail/vmail/%d/shared:CONTROL=~/shared:INDEX=~/shared subscriptions = yes } Although there's also a bug related to that where LSUB "" % won't list "shared" and that breaks some clients. That's fixed in v1.2.6. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] how to "hide" mailbox from the IMAP clients
Eduardo M KALINOWSKI wrote: > On Ter, 06 Out 2009, Kostik wrote: >> Hello, everyone! >> >> Is it possible to "hide" mailbox from the IMAP clients, so as to prevent >> any user from subscribing to the some folders? >> >> My storages are "mbox maildir". >> >> For example, to hide the directory where the personal Sieve scripts are >> stored or etc. > > I think you're approaching the problem from a wrong perspective. You > should not "hide" non-mail folders from clients, but you should "hide" > them from the server. If it's not a mail folder, Dovecot should not > treat it as one. > > How to do that depends on your settings, but basically you should not > include the folder with scripts inside the folder with the mailboxes, > but instead store it elsewhere. Yes, you're right! For legacy reasons, my clients have their mailboxes directly in their homedir. That not problem, because they have only imap access to that server. But I am interested to hide some "non-mail" folders. mailbox_location re-design is not possible right now. :( =kostik
Re: [Dovecot] how to "hide" mailbox from the IMAP clients
On Tue, 2009-10-06 at 18:58 +0400, Kostik wrote: > Yes, you're right! For legacy reasons, my clients have their mailboxes > directly in their homedir. That not problem, because they have only imap > access to that server. But I am interested to hide some "non-mail" folders. > > mailbox_location re-design is not possible right now. :( How about redesign for the Sieve script location? You could use for example: sieve_dir = /var/sieve/%u/scripts/ sieve = /var/sieve/%u/active or something. Anyway, are you using mbox or maildir? With maildir you could also do something else, but with mbox there's really no way to hide files. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Tue, 2009-10-06 at 10:55 +0200, Jernej Porenta wrote: > SSL_COMP_get_name > ../login-common/liblogin-common.a(ssl-proxy-openssl.o) > SSL_get_current_compression > ../login-common/liblogin-common.a(ssl-proxy-openssl.o) > ld: fatal: Symbol referencing errors. No output written to imap-login > collect2: ld returned 1 exit status http://hg.dovecot.org/dovecot-1.2/rev/4add5c3f13ea fixes this. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > I don't think I've ever tried shared mailboxes with mbox format before, no > > idea if it even works.. > > > Is there any way to trace ACL commands isssued by the client? Or should they > pop up in debug log if ACLs are active? http://wiki.dovecot.org/Debugging/Rawlog could be useful. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] how to "hide" mailbox from the IMAP clients
Am 06.10.2009 um 16:27 schrieb Kostik: For example, to hide the directory where the personal Sieve scripts are stored or etc. With recent versions the sieve scripts are stored in the home directory per default, rather than the maildir itself. You may wan't to verify this parameter: sieve = ~/.dovecot.sieve Regards Thomas
Re: [Dovecot] how to "hide" mailbox from the IMAP clients
On Ter, 06 Out 2009, Kostik wrote: Hello, everyone! Is it possible to "hide" mailbox from the IMAP clients, so as to prevent any user from subscribing to the some folders? My storages are "mbox maildir". For example, to hide the directory where the personal Sieve scripts are stored or etc. I think you're approaching the problem from a wrong perspective. You should not "hide" non-mail folders from clients, but you should "hide" them from the server. If it's not a mail folder, Dovecot should not treat it as one. How to do that depends on your settings, but basically you should not include the folder with scripts inside the folder with the mailboxes, but instead store it elsewhere. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br
Re: [Dovecot] compiling issue 1.2.6 - Solaris
Christian Schmidt wrote: > Hello Timo, > > Timo Sirainen, 06.10.2009 (d.m.y): > >> What OpenSSL version do you have? I thought those compression functions >> were new enough that everyone would have them by now.. > > I'm experiencing the same problem when buidling dovecot on Solaris 10 > (SPARC). I just updated my OpenSSL to version 0.9.8k, but the error > remains. > > Regards, > Christian Schmidt > Works for me on Solaris 10, gcc 3.4.3, openssl 0.9.8k. What do you have for your configure line? Are you sure you're picking up your compiled library and not the default Solaris one? I've got something like: CFLAGS="-I/usr/local/openssl/include -L/usr/local/openssl/lib \ -g -O2" \ ./configure --prefix=/usr/local/dovecot --with-ssl=openssl Best Wishes, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wake...@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
[Dovecot] how to "hide" mailbox from the IMAP clients
Hello, everyone! Is it possible to "hide" mailbox from the IMAP clients, so as to prevent any user from subscribing to the some folders? My storages are "mbox maildir". For example, to hide the directory where the personal Sieve scripts are stored or etc. =kostik
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 8:26 AM, Bruce Bodger wrote: Same type of problem here on OS X 10.5.8 Server. Command line to configure: ./configure --with-ssldir=/System/ Library/OpenSSL --with-ssl=openssl .. Undefined symbols: "_SSL_get_current_compression", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) "_SSL_COMP_get_name", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) What OpenSSL version do you have? I thought those compression functions were new enough that everyone would have them by now.. bash-3.2# /usr/bin/OpenSSL version OpenSSL 0.9.7l 28 Sep 2006 A bit of oddity I just discovered by viewing source code at http://www.opensource.apple.com/ OS X 10.5.8 - OpenSSL 0.9.7l 28 Sep 2006 OS X 10.6.0 - OpenSSL 0.9.6l 04 Nov 2003 OS X 10.6.1 - OpenSSL 0.9.6l 04 Nov 2003 Looks like they moved back to 0.96l in later versions. B. Bodger
Re: [Dovecot] Debugging IMAP ACLs
Am 06.10.2009 um 16:04 schrieb Kerem Erciyes: a08 login "*" "*" a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in a09 MYRIGHTS a09 BAD Error in IMAP command MYRIGHTS: Unknown command. a10 GETACL "INBOX" a10 BAD Error in IMAP command GETACL: Unknown command. Add 'imap_acl' to the plugins section to activate it: mail_plugins: imap_acl Regards Thomas
[Dovecot] issues with ACL and Public Namespaces
Hi all, after configuring dovecot to serve private and Public Namespaces per domain with ACLs per shared folder, everything worked great: In every shared folder I created a "dovecot-acl"-file with the permissions of every user: user=us...@example.com user=us...@example.com lrwstiea The subscriptions are handled with "subscriptions=no", so every local User can subscribe to shared folders as he likes. As the shared folders are managed via webinterface, the cronjob creating and deleting the folders also changes the subscriptions of every user, adding or removing the public folders as permissions are granted. RoundCube Webmail, Thunderbird and Outlook have no problems accessing and using the public folders, but a customer has problems with his Mac: In Apple Mail the folders are not visible, even when subscriptions are previously set in another mailclient. In RoundCube, I spottet another issue: subscribed public folders are usable in the "Mail"-area, but no public folder is listed in the "Folder"-settings - not even the already subscribed ones. Setting "list=yes" to the public namespace, RC lists only the prefix "shared" as a folder, but no subfolders - "list=children" shows no folder at all. As I checked the rawlog and debug-infos with "mail_debug=yes", I saw the possible cause for my problems: When checking the Folder Subscriptions in RoundCube, Dovecot tries to find an ACL file for the public folders, but does not check the public folders, but in the private Maildir: Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Loading modules from directory: /usr/lib/dovecot/modules/imap Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib01_acl_plugin.so Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_autocreate_plugin.so Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_expire_plugin.so Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Effective uid=249, gid=249, home=/var/mail/vmail/example.com/user6/ Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl: No acl_shared_dict setting - shared mailbox listing is disabled Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota root: name=INBOX backend=dict args=:proxy::quotadict Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota rule: root=INBOX mailbox=* bytes=52428800 messages=0 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota rule: root=INBOX mailbox=Trash bytes=62914560 messages=0 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota warning: bytes=49807360 (95%) messages=0 command=/usr/local/bin/quota-warning.sh 95 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota warning: bytes=41943040 (80%) messages=0 command=/usr/local/bin/quota-warning.sh 80 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota root: name=shared backend=dict args=example.com:ns=shared.:proxy::quotadict Oct 6 15:24:16 ipx02 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Quota rule: root=shared mailbox=* bytes=524288000 messages=0 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): expire: pattern=Trash type=expunge secs=604800 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): expire: pattern=Spam type=expunge secs=2592000 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): dict quota: user=us...@example.com, uri=proxy::quotadict, noenforcing=0 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): dict quota: user=example.com, uri=proxy::quotadict, noenforcing=0 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Namespace: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): maildir: data=~/Maildir Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): maildir++: root=/var/mail/vmail/example.com/user6//Maildir, index=, control=, inbox=/var/mail/vmail/example.com/user6//Maildir Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl: initializing backend with data: vfile Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl: acl username = us...@example.com Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl: owner = 1 Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): acl vfile: Global ACL directory: (null) Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): Namespace: type=public, prefix=shared., sep=., inbox=no, hidden=no, list=yes, subscriptions=no Oct 6 15:24:16 ipx02 dovecot: IMAP(us...@example.com): maildir: data=
Re: [Dovecot] Debugging IMAP ACLs
Hi Timo, On Tue, Oct 6, 2009 at 4:39 PM, Timo Sirainen wrote: > On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote: > > mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u >> > > I don't think I've ever tried shared mailboxes with mbox format before, no > idea if it even works.. Is there any way to trace ACL commands isssued by the client? Or should they pop up in debug log if ACLs are active? I tried via telnet to issue imap acl commands and all I could get to work was NAMESPACE command. I think you are right, and ACLs are not supported with mbox, or there is something wrong with my setup. Yet I can see the namespace defined in the configuration via NAMESPACE command. telnet localhost 143 Trying 127.0.0.1... Connected to localhost Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Kupyazilim IMAPS/POP3S Server - Dovecot ready. a05 CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA STARTTLS AUTH=PLAIN AUTH=LOGIN a05 OK Capability completed. a08 login "*" "*" a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in a09 MYRIGHTS a09 BAD Error in IMAP command MYRIGHTS: Unknown command. a10 GETACL "INBOX" a10 BAD Error in IMAP command GETACL: Unknown command. a11 SETACL Inbox "pr...@***.com" +s a11 BAD Error in IMAP command SETACL: Unknown command. a13 NAMESPACE * NAMESPACE (("" "/")) (("shared/" "/")) NIL a13 OK Namespace completed. > > > namespace: >> type: shared >> separator: / >> prefix: shared/%%u/ >> location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u >> > > This doesn't really look right. Should probably be more like: > > location = > mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/vmail/shared/%%u > > Sorry, my bad at 3:00 AM. It is fixed now. -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] compiling issue 1.2.6 - Solaris
Hello Timo, Timo Sirainen, 06.10.2009 (d.m.y): > What OpenSSL version do you have? I thought those compression functions > were new enough that everyone would have them by now.. I'm experiencing the same problem when buidling dovecot on Solaris 10 (SPARC). I just updated my OpenSSL to version 0.9.8k, but the error remains. Regards, Christian Schmidt -- It is a wise father that knows his own child. -- William Shakespeare, "The Merchant of Venice" signature.asc Description: Digital signature
Re: [Dovecot] compiling issue 1.2.6 - Solaris
Timo Sirainen wrote: On Oct 6, 2009, at 9:00 AM, Bruce Bodger wrote: Undefined symbols: "_SSL_get_current_compression", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy-openssl.o) "_SSL_COMP_get_name", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy-openssl.o) What OpenSSL version do you have? I thought those compression functions were new enough that everyone would have them by now.. Mine is "OpenSSL 0.9.7d" and "OpenSSL 0.9.7i" which might be a little old :), but I had no troubles since that... Anyway, I will build a new one and try to link dovecot with that... thanks you, regards, Jernej
Re: [Dovecot] compiling issue 1.2.6 - Solaris
Timo Sirainen wrote: > On Oct 6, 2009, at 9:00 AM, Bruce Bodger wrote: > >> >> On Oct 6, 2009, at 3:55 AM, Jernej Porenta wrote: >> >>> I am expiriencing compiling issues on Solaris 8 and Solaris 10 boxes >>> with dovecot 1.2.6. On Solaris 8 the compiler is gcc 64bit 3.2.2, on >>> Solaris 10 gcc 3.4.3. >> >> Same type of problem here on OS X 10.5.8 Server. >> >> Command line to configure: ./configure >> --with-ssldir=/System/Library/OpenSSL --with-ssl=openssl >> >> .. >> Undefined symbols: >> "_SSL_get_current_compression", referenced from: >> _ssl_proxy_get_security_string in >> liblogin-common.a(ssl-proxy-openssl.o) >> "_SSL_COMP_get_name", referenced from: >> _ssl_proxy_get_security_string in >> liblogin-common.a(ssl-proxy-openssl.o) > > What OpenSSL version do you have? I thought those compression functions > were new enough that everyone would have them by now.. No problems compiling for me on Solaris 8, gcc 3.4.3, openssl-0.9.8k. Best Wishes, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wake...@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
Re: [Dovecot] Capability info in hello message not complete?
On Thursday 01 October 2009 15:15:09 Timo Sirainen wrote: > On Thu, 2009-10-01 at 14:59 +0200, Michal Hlavinka wrote: > > Hi, > > > > one Fedora user complains about not some troubles after update to dovecot > > 1.2. He suspects wrong capability information given by dovecot 1.2 > > > > In dovecot.conf he uses imap_capability= option. While response to 'A > > CAPABILITY' respects imap_capability value, the capability info in hello > > message does not. > > > > for imap_capability=IMAP4 IMAP4rev1 ACL NAMESPACE CHILDREN SORT QUOTA > > THREAD=ORDEREDSUBJECT UNSELECT IDLE STARTTLS AUTH=PLAIN > > I suppose he's using Dovecot as a proxy? Because Dovecot doesn't support > IMAP4 or THREAD=ORDEREDSUBJECT. yes, dovecot is used as proxy > > > but hello message is: > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > > STARTTLS AUTH=PLAIN] Dovecot ready. > > Hmm. Yeah.. > > > But it seems even when imap_capability is not used capability in hello > > message is not complete: > > .. > > > is this expected? Do you think capability information in hello message > > really can befool clients? > > The capability in greeting message is short on purpose. It's only enough > capabilities to get client logged in. After login Dovecot sends an > updated full capability list to the client. It uses a few different > tricks to get most clients understand the change. > > So the only potential problem I see here is if client understands the > greeting capability and permanently remembers that the server supports > LITERAL+, ID and ENABLE after login but the destination server actually > doesn't. The other capabilities are relevant only before login. I'm not > entirely sure what, if anything, I should do about this. > > I'd anyway like to hear what exactly is the problem and with what > client, preferably with IMAP traffic logs showing what's happening > wrong. forwarded info: The imap-server is dbmail which supports "IMAP4 IMAP4rev1 ACL NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE" and with dovecot version 1.1 it worked fine The problem sue is "LITERAL+" what dbmail does not support. The problem client was apple iphone
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
This reminds me of an odd issue I had also, where mine stepped at a given amount per time too. In the datacenter one server was at limited it to 10mbit half duplex, and I had endless ntp issues. I could only replicate this offsite with the same server using 10mbit and fully saturating the network. Switching to Full duplex almost solved the issue. But the real issue was the time clock chosen by the freebsd kernel in this case, APCI, was unreliable on that motherboard. Switching it to a different timing method fixed the issue (TSC in this case). In freebsd (default): kern.timecounter.choice: TSC(-100) ACPI-safe(1000) i8254(0) dummy(-100) kern.timecounter.hardware: ACPI-safe I am not sure what the commands are in linux. I haven't had ntp go nuts on a linux system so far. Quoting Rob Middleton : On 6/10/2009 12:54 PM, PGNet Dev wrote: looking at my ntp logs around the same time(s). ... 5 Oct 16:41:17 ntpd[5696]: synchronized to 64.125.78.85, stratum 1 5 Oct 16:51:38 ntpd[5696]: time reset -2.140133 s 5 Oct 16:56:40 ntpd[5696]: synchronized to 66.220.9.122, stratum 1 5 Oct 17:01:28 ntpd[5696]: synchronized to 64.125.78.85, stratum 1 5 Oct 17:07:20 ntpd[5696]: time reset -2.137760 s 5 Oct 17:11:49 ntpd[5696]: synchronized to 204.152.184.72, stratum 1 This indicates that ntpd is actually stepping the time 2 seconds into the past approx every 900 seconds. So dovecot is correct that time has moved backwards. You need to stop time moving backwards :-). [so not dovecot's fault, and likely not xen's fault either] I'm no ntp expert, but I wonder if searching for 900s in the ntpd man page might help (caught my eye due to the step every 15 minutes - network congestion and excessive jitter causing stepping)? Otherwise perhaps a problem with a bad hardware driver stalling in the middle of an interrupt occasionally. Sorry - can't provide any further pointers. It is highly dependent on your hardware, kernel & drivers. If you have any other physical servers and they are also having 'time reset' error messages, then the problem is some odd network configuration - partial drop-outs and/or high jitter. Unfortunately -x will not be a solution here as slew cannot possibly correct for a drift as big as 2 in every 900 seconds. You may want to try just a single upstream ntp server as a debugging step (identify it by IP, not by a pool DNS record) and/or use the prefer keyword against your favourite. Cheers, Rob Middleton.
Re: [Dovecot] Debugging IMAP ACLs
On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote: mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u I don't think I've ever tried shared mailboxes with mbox format before, no idea if it even works.. namespace: type: shared separator: / prefix: shared/%%u/ location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u This doesn't really look right. Should probably be more like: location = mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/ vmail/shared/%%u
Re: [Dovecot] Proxy setup & upgrade from 1.0.3 to 1.1.7
That helped, it works again. Thanks! Timo Sirainen schrieb: On Oct 6, 2009, at 5:54 AM, Adrian Wojcicki | Unternehmensberatung Wojcicki wrote: We have a server running dovecot and proxying IMAPS connections to our internal network. This worked so far very good until we upgraded the server to a new SUSE Linux version and with it dovecot from version 1.0.3 to 1.1.7. My guess is that something changed in the way dovecot reads the user file as the configuration stayed the same: .. testuser1:::host= port=143 nodelay=y nologin=y proxy=y .. dovecot: Oct 06 10:37:39 Info: auth(default): passwd-file(testuser1,217.91.33.32): Password mismatch Yes, nowadays you need to add nopassword=y also. http://wiki.dovecot.org/Upgrading/1.1 also mentions other things that could affect you.
Re: [Dovecot] Proxy setup & upgrade from 1.0.3 to 1.1.7
On Oct 6, 2009, at 5:54 AM, Adrian Wojcicki | Unternehmensberatung Wojcicki wrote: We have a server running dovecot and proxying IMAPS connections to our internal network. This worked so far very good until we upgraded the server to a new SUSE Linux version and with it dovecot from version 1.0.3 to 1.1.7. My guess is that something changed in the way dovecot reads the user file as the configuration stayed the same: .. testuser1:::host= port=143 nodelay=y nologin=y proxy=y .. dovecot: Oct 06 10:37:39 Info: auth(default): passwd- file(testuser1,217.91.33.32): Password mismatch Yes, nowadays you need to add nopassword=y also. http://wiki.dovecot.org/Upgrading/1.1 also mentions other things that could affect you.
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
On 6/10/2009 12:54 PM, PGNet Dev wrote: looking at my ntp logs around the same time(s). ... 5 Oct 16:41:17 ntpd[5696]: synchronized to 64.125.78.85, stratum 1 5 Oct 16:51:38 ntpd[5696]: time reset -2.140133 s 5 Oct 16:56:40 ntpd[5696]: synchronized to 66.220.9.122, stratum 1 5 Oct 17:01:28 ntpd[5696]: synchronized to 64.125.78.85, stratum 1 5 Oct 17:07:20 ntpd[5696]: time reset -2.137760 s 5 Oct 17:11:49 ntpd[5696]: synchronized to 204.152.184.72, stratum 1 This indicates that ntpd is actually stepping the time 2 seconds into the past approx every 900 seconds. So dovecot is correct that time has moved backwards. You need to stop time moving backwards :-). [so not dovecot's fault, and likely not xen's fault either] I'm no ntp expert, but I wonder if searching for 900s in the ntpd man page might help (caught my eye due to the step every 15 minutes - network congestion and excessive jitter causing stepping)? Otherwise perhaps a problem with a bad hardware driver stalling in the middle of an interrupt occasionally. Sorry - can't provide any further pointers. It is highly dependent on your hardware, kernel & drivers. If you have any other physical servers and they are also having 'time reset' error messages, then the problem is some odd network configuration - partial drop-outs and/or high jitter. Unfortunately -x will not be a solution here as slew cannot possibly correct for a drift as big as 2 in every 900 seconds. You may want to try just a single upstream ntp server as a debugging step (identify it by IP, not by a pool DNS record) and/or use the prefer keyword against your favourite. Cheers, Rob Middleton.
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 9:00 AM, Bruce Bodger wrote: On Oct 6, 2009, at 3:55 AM, Jernej Porenta wrote: I am expiriencing compiling issues on Solaris 8 and Solaris 10 boxes with dovecot 1.2.6. On Solaris 8 the compiler is gcc 64bit 3.2.2, on Solaris 10 gcc 3.4.3. Same type of problem here on OS X 10.5.8 Server. Command line to configure: ./configure --with-ssldir=/System/ Library/OpenSSL --with-ssl=openssl .. Undefined symbols: "_SSL_get_current_compression", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) "_SSL_COMP_get_name", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) What OpenSSL version do you have? I thought those compression functions were new enough that everyone would have them by now..
Re: [Dovecot] How to calculate auth_cache_size ?
I don't think you need to use anything very scientific. Too high shouldn't hurt, I don't think memory is allocated needlessly. The cache timeout value is probably more performance worthwile. But to calc, I would go with about the number of logins you get per 5 or 10min. I would think any logins over that period of time would probably be the same user. Quoting Frank Bonnet : Hello Is there a way to calculate this parameter for my site which has approx 4000 users authenticating thru NIS ? Thanks a lot
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
Hmm, I have been running dovecot inside xen for almost 3 years now without any time issues. I checked my logs and I have no ntp time reset messages for the last month. I think it's more possible ntp is stepping the time instead of slewing it (http://www.ntp.org/ntpfaq/NTP-s-algo.htm section 5.1.1.4), OR, the ntp servers your using or network connection you have are giving you lots of jitter. I personally try to pick 3 good low jitter, low latency servers and 1 higher latency. Only running ntpd on the dom0 and nothing on the domU's. Hmm, checking the lots on my home machine, even it doesn't have a time reset log message, and it's network can be overloaded for hours at a time. Quoting Thierry DOSTES : Hi, Here comes an extract from Debian Wiki about Xen to allow a domU to keep its own time : (...) your domU is likely using the xen clocksource instead of its own clock ticks. In practice, this seems to be the cause of infrequent lockups under load (and/or problems with suspending). A workaround is to decouple the clock in the domU from the dom0: In your dom0 and domU /etc/sysctl.conf add the line: xen.independent_wallclock=1. On the dom0, edit the configuration file of the domU (e.g. /etc/xen/foobar.cfg and add (or expand) the extra-line: extra="clocksource=jiffies". These settings can be activated without rebooting the domU. After editing the configuration files, issue sysctl -p and echo "jiffies"> /sys/devices/system/clocksource/clocksource0/current_clocksource on the domU prompt. Because the clock won't be relying on the dom0 clock anymore, you probably need to use ntp on the domU to synchronize it properly to the world. Hope this helps. Thierry. PGNet Dev a écrit : hi, On Mon, Oct 5, 2009 at 4:02 PM, Timo Sirainen wrote: And no ntpd in your DomU? nope. service ntp status Checking for network time protocol daemon (NTPD): unused any suggestions as to what/how to fix? If no one here can give you a good answer, I'd try some Xen mailing list. I'm sure a lot of people are running Dovecot in Xen without time problems. If you do find out the problem, please let us know also. i've been poring over the lists ... found nothing yet :-/
Re: [Dovecot] compiling issue 1.2.6 - Solaris
On Oct 6, 2009, at 3:55 AM, Jernej Porenta wrote: I am expiriencing compiling issues on Solaris 8 and Solaris 10 boxes with dovecot 1.2.6. On Solaris 8 the compiler is gcc 64bit 3.2.2, on Solaris 10 gcc 3.4.3. Same type of problem here on OS X 10.5.8 Server. Command line to configure: ./configure --with-ssldir=/System/Library/ OpenSSL --with-ssl=openssl .. Undefined symbols: "_SSL_get_current_compression", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) "_SSL_COMP_get_name", referenced from: _ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy- openssl.o) ld: symbol(s) not found collect2: ld returned 1 exit status make[3]: *** [imap-login] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Please let me know if you need any more information. Thank you, B. Bodger
Re: [Dovecot] Delivery failure about update to 1.2.4 (Debian) (SOLVED)
On Mon, Oct 05, 2009 at 02:53:55PM -0400, William Witteman wrote: >Version: >1.2.4 > >Config: ># 1.2.4: /etc/dovecot/dovecot.conf I have found the problem. I was not looking in the dovecot-deliver.log, and so I was not alerted to the cause of the error. By the way, I love the links to the wiki in the error messages - when I first upgraded and the server didn't come up automatically, it was trivial with the wiki's guidance to change to "ssl=yes". >lda: > log_path: /home/vmail/dovecot-deliver.log Here is my problem line - I noted in the changelog that this was being phased out, but I wasn't seeing the error (because it was in the deliver log) that showed me that it was this that was the problem. > mail_plugins: cmusieve A quick comment and I was good to go. Thanks to all. -- yours, William Witteman
[Dovecot] Debugging IMAP ACLs
Hello, I upgraded my server to 1.2.4 and now I'm trying to implement ACL support to use with Bynari Insight Connector. Starting out with the wiki page on shared namespaces from http://wiki.dovecot.org/SharedMailboxes/Shared I tried to implement shared mailbox support so that my customers can enjoy more exhange-like qualities with outlook. However I am not sure if the ACLs or Shared Namespaces are really working. I sure would like some help debugging ACL requests by clients, and the configuration I did. Thanks, Kerem Here is the run down of my configuration, if I have screwed up somewhere. *dovecot -n* # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.2-STABLE i386 base_dir: /var/run/dovecot/ log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-debug.log protocols: imap imaps pop3 pop3s disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_greeting: Kupyazilim IMAPS/POP3S Server - Dovecot ready. verbose_proctitle: yes first_valid_uid: 100 first_valid_gid: 6 mail_privileged_group: mail mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%u/ location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u list: children lda: postmaster_address: postmas...@kupyazilim.com.tr mail_plugins: quota log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: plain login user: nobody passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: prefetch socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mail master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: mail plugin: acl_shared_dict: proxy::acl dict: quota: maildir:storage=10240:messages=1000 trash: /usr/local/etc/trash.conf acl: mysql:/usr/local/etc/dovecot-dict-sql.conf * cat /usr/local/etc/dovecot-acl.conf * # mail_location copied from dovecot.conf for reference only # # mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u # note: it is %d/%u here but only %u in dovecot-sql.conf # You need to create also a private namespace: namespace private { separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { separator = / prefix = shared/%%u/ #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u subscriptions = no list = children } # Set ACL to SQL Server and Reference sql-dictionary # Table implemented in mysql:/postfix/user_shares plugin { acl_shared_dict = proxy::acl } dict { acl = mysql:/usr/local/etc/dovecot-dict-sql.conf } *cat /usr/local/etc/dovecot-dict-sql.conf * map { pattern = shared/shared-boxes/user/$to/$from table = user_shares value_field = dummy fields { from_user = $from to_user = $to } } -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: That's the pty's fd I think, probably from dovecot --exec-mail because normally dovecot master process closes them at startup.. Did you check if two "dovecot" processes were running when this happened? This morning the problem showed again. This is what I was able to discover: 1) There was only one master process. 2) Imap and managesieve login and worker processes were working normally. 3) There was no pop3/pop3-login. After the last time I've modified my root crontab to execute the expire-tool every minute, trying to trigger the problem in another time of the day, but the first failure is Oct 6 06:26:02 delta01 dovecot: imap-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 6 06:26:02 delta01 dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 6 06:26:02 delta01 dovecot: dovecot: child 21216 (login) killed with signal 6 (core dumps disabled) As you can see this time is the login process of an imap connection, so I can state that the problem is not related to pop3 and nor to expire plugin. Probably the imap connections that I see were there before the problem was triggered. So the only remaining thing in daily log rotation that can be the trigger of the problem is the heavy cpu/io load due to daily maintenance. The last weird thing is that this time I have simply asked dovecot to reload its configuration and the problem is vanished. I hope this is enough to figure out what was happened. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
[Dovecot] Proxy setup & upgrade from 1.0.3 to 1.1.7
Hi guys! I hope somebody can help me with my problem: We have a server running dovecot and proxying IMAPS connections to our internal network. This worked so far very good until we upgraded the server to a new SUSE Linux version and with it dovecot from version 1.0.3 to 1.1.7. My guess is that something changed in the way dovecot reads the user file as the configuration stayed the same: dovecot.conf: base_dir = /var/run/dovecot/ protocols = imaps disable_plaintext_auth = yes ssl_cert_file = / ssl_key_file = / ssl_disable = no ssl_listen = 80.149.64.98:993 log_path = /var/log/dovecot.log login_dir = /var/run/dovecot/login login_process_per_connection = yes login_processes_count = 3 login_greeting = main.xbdx.de IMAP What can we do for you? imap_client_workarounds = tb-extra-mailbox-sep mail_debug = no auth_debug = yes auth_cache_size = 4096 auth_cache_ttl = 7200 auth_worker_max_count = 30 auth default { userdb static { args = uid=5000 gid=5000 } passdb { driver = passwd-file args = /etc/dovecot/dovecot.passdb } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } mechanisms = plain login user = root count = 1 } dovecot.passdb: testuser1:::host= port=143 nodelay=y nologin=y proxy=y testuser2:::host= port=143 nodelay=y nologin=y proxy=y dovecot.log: dovecot: Oct 06 10:37:26 Info: Dovecot v1.1.7 starting up dovecot: Oct 06 10:37:26 Info: auth(default): passwd-file /etc/dovecot/dovecot.passdb: Read 2 users dovecot: Oct 06 10:37:27 Info: auth(default): new auth connection: pid=8135 dovecot: Oct 06 10:37:27 Info: auth(default): new auth connection: pid=8136 dovecot: Oct 06 10:37:27 Info: auth(default): new auth connection: pid=8137 dovecot: Oct 06 10:37:39 Info: auth(default): new auth connection: pid=8139 dovecot: Oct 06 10:37:39 Info: auth(default): client in: AUTH 1 PLAIN service=imapsecured lip=80.149.64.98rip=217.91.33.32 lport=993 rport=61752 resp= dovecot: Oct 06 10:37:39 Info: auth(default): cache(adrian.wojcicki,217.91.33.32): miss dovecot: Oct 06 10:37:39 Info: auth(default): passwd-file(testuser1,217.91.33.32): lookup: user=testuser1 file=/etc/dovecot/dovecot.passdb dovecot: Oct 06 10:37:39 Info: auth(default): passwd-file(testuser1,217.91.33.32): Password mismatch dovecot: Oct 06 10:37:41 Info: auth(default): client out: FAIL 1 user=testuser1host= port=143nologin proxy pass= dovecot: Oct 06 10:37:41 Info: imap-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=217.91.33.32, lip=80.149.64.98, TLS Thanks! Adrian
[Dovecot] compiling issue 1.2.6 - Solaris
Heya, I am expiriencing compiling issues on Solaris 8 and Solaris 10 boxes with dovecot 1.2.6. On Solaris 8 the compiler is gcc 64bit 3.2.2, on Solaris 10 gcc 3.4.3. On both systems the compiling fails with: /bin/bash ../../libtool --tag=CC--mode=link gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -L/opt/gcc-3.1-64bit/lib -R/opt/gcc-3.1-64bit/lib -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/opt/kerberos-heimdal/lib -R/opt/kerberos-heimdal/lib -o imap-login client.o client-authenticate.o imap-proxy.o ../login-common/liblogin-common.a ../lib-imap/libimap.a ../lib-auth/libauth.a ../lib/liblib.a -lssl -lcrypto -ldl -lrt -lnsl -lsocket -lrt libtool: link: gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -o imap-login client.o client-authenticate.o imap-proxy.o -L/opt/gcc-3.1-64bit/lib -L/usr/local/ssl/lib -L/opt/kerberos-heimdal/lib ../login-common/liblogin-common.a ../lib-imap/libimap.a ../lib-auth/libauth.a ../lib/liblib.a -lssl -lcrypto -ldl -lnsl -lsocket -lrt -R/opt/gcc-3.1-64bit/lib -R/usr/local/ssl/lib -R/opt/kerberos-heimdal/lib Undefined first referenced symbol in file SSL_COMP_get_name ../login-common/liblogin-common.a(ssl-proxy-openssl.o) SSL_get_current_compression ../login-common/liblogin-common.a(ssl-proxy-openssl.o) ld: fatal: Symbol referencing errors. No output written to imap-login collect2: ld returned 1 exit status The configure script is the same on both systems: CPPFLAGS='-I/usr/local/ssl/include -I/opt/kerberos-heimdal/include' LDFLAGS='-L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/opt/kerberos-heimdal/lib -R/opt/kerberos-heimdal/lib' ./configure --prefix=/opt/dovecot --with-ssldir=/usr/local/ssl/certs --with-ssl=openssl --without-passwd-file --with-passwd --with-shadow --without-bsdauth --without-static-userdb --without-prefetch-userdb --without-checkpassword --with-gssapi=yes --without-pgsql --without-sql --without-ldap --without-vpopmail --without-sia --enable-header-install Install prefix . : /opt/dovecot File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : yes passdbs : passwd shadow pam : -passwd-file -checkpassword -bsdauth -sia -ldap -sql -vpopmail userdbs : passwd : -static -prefetch -passwd-file -checkpassword -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite Version 1.2.4 compiles with no problems... regards, Jernej
[Dovecot] How to calculate auth_cache_size ?
Hello Is there a way to calculate this parameter for my site which has approx 4000 users authenticating thru NIS ? Thanks a lot
Re: [Dovecot] "Time just moved backwards" in Dovecot in a Xen DomU
Hi, Here comes an extract from Debian Wiki about Xen to allow a domU to keep its own time : (...) your domU is likely using the xen clocksource instead of its own clock ticks. In practice, this seems to be the cause of infrequent lockups under load (and/or problems with suspending). A workaround is to decouple the clock in the domU from the dom0: In your dom0 and domU /etc/sysctl.conf add the line: xen.independent_wallclock=1. On the dom0, edit the configuration file of the domU (e.g. /etc/xen/foobar.cfg and add (or expand) the extra-line: extra="clocksource=jiffies". These settings can be activated without rebooting the domU. After editing the configuration files, issue sysctl -p and echo "jiffies"> /sys/devices/system/clocksource/clocksource0/current_clocksource on the domU prompt. Because the clock won't be relying on the dom0 clock anymore, you probably need to use ntp on the domU to synchronize it properly to the world. Hope this helps. Thierry. PGNet Dev a écrit : hi, On Mon, Oct 5, 2009 at 4:02 PM, Timo Sirainen wrote: And no ntpd in your DomU? nope. service ntp status Checking for network time protocol daemon (NTPD): unused any suggestions as to what/how to fix? If no one here can give you a good answer, I'd try some Xen mailing list. I'm sure a lot of people are running Dovecot in Xen without time problems. If you do find out the problem, please let us know also. i've been poring over the lists ... found nothing yet :-/