Re: [Dovecot] Postfix+Dovecot SASL+LDAP(AD)
Thanks you very much for help. But I have successfully configured Dovecot
SASL+AD via PAM.
Thanks linuxmail.info :-)
http://www.linuxmail.info/active-directory-dovecot-pam-authentication/
--- Original Message ---
From: Holger Librenz
To: dovecot@dovecot.org
Date: 19 november, 20:06:09
Subject: Re: [Dovecot] Postfix+Dovecot SASL+LDAP(AD)
Hi Vitaliy
The AD configs I know need an administrative authentication before
"normal" login checks can be done.
Use the dn and dnpass configs. dn should contain the administrative
user's DN and dnpass the corresponding password.
Another thing you can have a second look at is the type and format the
AD stores the user informations. Normally the CN field contains the
user's full name not the mail address. The UID is stored in the
"sAMAccountName" field. So you should also map Dovecot's UID field to
the AD UID field with
user_attrs = sAMAccountName=uid
Hope this helps..
Greets,
Holger
Vitaliy Vladimirovich schrieb:
> I have tried configure Postfix with Dovecot SASL to authenticate remote users
> in LDAP (Active Directory).
> Below my dovecot.conf:
>
> protocols = none
> ssl = none
>
> auth default {
> mechanisms = plain login
> passdb ldap {
> args = /usr/local/etc/dovecot-ldap.conf
> }
> userdb ldap {
> args = /usr/local/etc/dovecot-ldap-userdb.conf
> }
>
> }
>
>
> dovecot-ldap.conf
>
> hosts = 10.55.0.2:389
> debug_level = 1
> auth_bind = yes
> auth_bind_userdn = cn=%n,dc=example,dc=gov,dc=ua
> ldap_version = 3
> base = dc=example, dc=gov, dc=ua
> scope = subtree
> ## 10.55.0.2 - Domain Controller
> ##
>
>
> But it does not work:-(
> Where is mistake?
>
> Below log:
>
>
>
> Nov 18 13:02:59 mx postfix/smtpd[12985]: connect from unknown[190.10.190.3]
> Nov 18 13:02:59 mx postfix/smtpd[12985]: setting up TLS connection from
> unknown[190.10.190.3]
> Nov 18 13:02:59 mx postfix/smtpd[12985]: Anonymous TLS connection established
> from unknown[190.10.190.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_simple_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_sasl_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_initial_request
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_server_request
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
>
> Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1
> (timeout 0 usec)
> Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020
> msgid -1 all 1
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
> Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389
> (default)
> Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 2 status: Connected
> Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59
> 2009
> Nov 18 13:02:59 mx dovecot: auth(default):
> Nov 18 13:02:59 mx dovecot: auth(default):
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding
> Requests:
> Nov 18 13:02:59 mx dovecot: auth(default): * msgid 3, origid 3, status
> InProgress
> Nov 18 13:02:59 mx dovecot: auth(default): outstanding referrals 0, parent
> count 0
> Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 1
> (abandoned 0)
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
> Nov 18 13:02:59 mx dovecot: auth(default): Empty
> Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020
> msgid -1 all 1
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld
> 0x11847020 NULL
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid -1
> all 1
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid 3
> message type bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chase_referrals
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: V2 referral chased, mark
> request completed, id = 3
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 0 new
> referrals
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: mark request completed,
> ld 0x11847020 msgid 3
> Nov 18 13:02:59 mx dovecot: auth(default): request done: ld 0x11847020 msgid
> 3
> Nov 18 13:02:59 mx dovecot: auth(default): res_errno: 49, res_error:
> <80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
> 525, vece>, res_matched: <>
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_free_request (origid 3, msgid
> 3)
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
> Nov 18 13:02
[Dovecot] v1.2.8 released
http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though. This affects only v1.2 users, v1.1 and older versions were creating the directory with 0755 permission. If your Dovecot's base_dir isn't in /var/run/dovecot/, you should also make sure that the $prefix/var/ and $prefix/var/run/ (i.e. /usr/local/var/, /usr/local/var/run/ by default) aren't 0777. * Dovecot v1.2.x had been creating base_dir (and its parents if necessary) with 0777 permissions. The base_dir's permissions get changed to 0755 automatically at startup, but you may need to chmod the parent directories manually. - acl: If user has rights from more than one group, merge them instead of choosing one group's rights and ignoring others. - virtual: When using a lot of mailboxes, the virtual mailbox's header could have grown over 32 kB and caused "out of memory" crashes. Also over 64 kB headers couldn't even be updated with existing transaction log records. Added a new record type that gets used with >=64 kB headers. Older Dovecot versions don't understand this header and will log errors if they see it. - FETCH BODYSTRUCTURE didn't return RFC 2231 "key*" fields correctly signature.asc Description: This is a digitally signed message part
Re: [Dovecot] bug when creating /var/run/dovecot?
On Thu, 2009-11-19 at 14:25 -0500, Frank Cusack wrote: > If /var/run/dovecot does not exist when dovecot starts up (e.g. required > when /var/run is a tmpfs/ramfs), it creates it. But it creates it with > the wrong file mode -- the directory is mode 777. Being world writable > means any user could change the name of any file within the directory, > including the login directory, and then create their own new login > directory. Or remove the pid file, or perhaps cause other types of havoc. Interesting. This bug had existed in probably all v1.2 versions, but I noticed and fixed it about an hour before seeing your email. Sometimes it seems like this happens a bit too often, an old bug gets noticed by multiple people very close to each others. :) Anyway, here's the fix: http://hg.dovecot.org/dovecot-1.2/rev/3ebbccdc05e6 (v1.0 and v1.1 were actually also creating it with 0777, but they immediately chmoded it back to 0755. That's why when I removed the chmod code that was only for backwards compatibility it broke.) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Errors in strace
On Thu, 2009-11-19 at 15:27 -0800, Jeffrey Nikoletich wrote:
> I keep getting the following when I do a strace on login processes in
> dovecot. Are there any issues with these errors:
>
> gettimeofday({1258671134, 941478}, {420, 0}) = 0
> accept(4, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
> unavailable)
> epoll_wait(11, {{EPOLLIN, {u32=534434496, u64=534434496}}}, 46, 2147483647) =
> 1
These are normal, unless they happen a huge amount of times in a second.
Basically it means that kernel told there is a new connection, but
another login process managed to accept() it before this one.
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Sieve compilation error
On Thu, 2009-11-19 at 10:48 +0100, Stephan Bosch wrote: > Timo: perhaps we can make the autodetection more robust, what do you > think? :) I think --with-dovecot (and --with-sieve with managesieve) shouldn't be necessary normally. You could look up dovecot-config first from $prefix/lib/dovecot/ and fallback to /usr/lib/dovecot/ (and /usr/lib64/dovecot/?). And I suppose with v2.0 if --without-shared-libs isn't given I should start installing it to $prefix/lib/dovecot/ directory and have it include LIBDOVECOT_*=-ldovecot etc. And a pkg-config file would be nice too I guess.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mailbox count folders issues
On Thu, 2009-11-19 at 18:31 -0500, Timo Sirainen wrote: > On Thu, 2009-11-19 at 09:10 +0200, Nikita Koshikov wrote: > > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: header rewrite: size=32824 > > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: > > mail_index_update_header_ext: ext_id=2 offset=0 size=32824 > > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: log_append_ext_hdr_update: > > size=65536 > > Thanks. Pretty simple fix after all that I missed: > http://hg.dovecot.org/dovecot-1.2/rev/3e1ca490dde0 Except .. although that above patch helps a bit, it still breaks after header size goes to 64k and fixing that requires changing index file format a bit. This should help there: http://hg.dovecot.org/dovecot-1.2/rev/e5d38150be58 signature.asc Description: This is a digitally signed message part
Re: [Dovecot] mailbox count folders issues
On Thu, 2009-11-19 at 09:10 +0200, Nikita Koshikov wrote: > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: header rewrite: size=32824 > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: > mail_index_update_header_ext: ext_id=2 offset=0 size=32824 > Nov 19 08:57:34 IMAP(al...@domain.com): Warning: log_append_ext_hdr_update: > size=65536 Thanks. Pretty simple fix after all that I missed: http://hg.dovecot.org/dovecot-1.2/rev/3e1ca490dde0 signature.asc Description: This is a digitally signed message part
[Dovecot] Errors in strace
I keep getting the following when I do a strace on login processes in dovecot.
Are there any issues with these errors:
gettimeofday({1258671134, 941478}, {420, 0}) = 0
accept(4, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
unavailable)
epoll_wait(11, {{EPOLLIN, {u32=534434496, u64=534434496}}}, 46, 2147483647) = 1
gettimeofday({1258671135, 70395}, {420, 0}) = 0
accept(4, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
unavailable)
epoll_wait(11, {{EPOLLIN, {u32=534434688, u64=534434688}}}, 46, 2147483647) = 1
gettimeofday({1258671135, 167400}, {420, 0}) = 0
accept(6, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
unavailable)
epoll_wait(11, {{EPOLLIN, {u32=534434496, u64=534434496}}}, 46, 2147483647) = 1
gettimeofday({1258671135, 388157}, {420, 0}) = 0
accept(4, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
unavailable)
epoll_wait(11, {{EPOLLIN, {u32=534434496, u64=534434496}}}, 46, 2147483647) = 1
gettimeofday({1258671135, 570056}, {420, 0}) = 0
accept(4, 0x7fff3279b0d0, [28]) = -1 EAGAIN (Resource temporarily
unavailable)
epoll_wait(11, {{EPOLLIN, {u32=534434688, u64=534434688}}}, 46, 2147483647) = 1
gettimeofday({1258671135, 572030}, {420, 0}) = 0
Jeffrey N.
[Dovecot] quota is not ignoring trash
I have debian lenny configured with postfix 2.5.5 and dovecot 1.0.15 with mysql,
every user has a different quota. The problem is that the quota is not ignoring
trash folder, how can I solve this problem? And another question, is there a
possibility to ignore sent folder?.
this is my dovecot.conf
smtp:# dovecot -n
# 1.0.15: /etc/dovecot/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /var/log/mail.log
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: pop3 imap
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_processes_count: 5
login_max_processes_count: 256
login_max_connections: 512
max_mail_processes: 512
first_valid_uid: 5000
last_valid_uid: 5000
first_valid_gid: 5000
mail_access_groups: vmail
mail_privileged_group: vmail
mail_location: maildir:/home/vmail/%d/%n
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): quota imap_quota trash
mail_plugins(imap): quota imap_quota trash
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3): outlook-idle
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: .
prefix: INBOX.
inbox: yes
auth default:
mechanisms: plain login
user: vmail
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: vmail
master:
path: /var/run/dovecot/auth-master
mode: 432
user: vmail
group: vmail
plugin:
quota: maildir:storage=51200:ignore=Trash
trash: /etc/dovecot/dovecot-trash.conf
this is my dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=maildb user=xxx password=yyy
default_pass_scheme = CRYPT
password_query = SELECT email AS user, password FROM users WHERE email = '%u'
user_query = SELECT 'maildir:/home/vmail/%d/%n' AS home, 5000 AS uid, 5000 AS
gid, CONCAT('maildir:storage=', ROUND( quota / 1000 ) ) AS quota FROM users
WHERE email = '%u'
Re: [Dovecot] Dovecot and SATA Backend - filesystems
Quoting John Lyons : I've spent a week looking at the likes of PVFS, GFS, Lustre and a whole host of different systems, including pNFS (NFS 4.1) At the risk of diverting the thread away from the SATA backend, is there any recommendation for a fault tolerant file service. Most people seem to be recommending either GFS or OCFS. I use GFS myself. They are not fault tolerant per se, just cluster-enabled filesystems... That is, they are not distributed filesystems, but shared filesystems. I'm really looking for 3 or 4 boxes to store data/metadata to support 10 Apache and Dovecot servers. If you need to share the filesystem between 3-4 boxes, you either need: 1) A SAN/NAS/etc. 2) Something to act like a SAN/NAS (drbd, etc) 3) Something that exports a filesystem to other hosts (gnbd, nfs, etc). 4) A distributed filesystem... I can't tell you which of the above would be best for you, since it depends on your needs and budget and skill level and risk tolerance and such. The things I don't like are having a single metadata server be a single point of failure. Yes, we certainly want to avoid that, if possible... A replicated SAN would work, and I use a poor man's replicated SAN via DRBD myself, but it is only two nodes... (You could then gnbd the files from those two nodes to additional nodes if you wanted, though, to make it scale to almost any size, budget allowing). The only answer I can give is that this is a very complex issue that needs lots of careful consideration. ;) Regards John -- Eric Rostetter The Department of Physics The University of Texas at Austin This message is provided "AS IS" without warranty of any kind, either expressed or implied. Use this message at your own risk.
[Dovecot] bug when creating /var/run/dovecot?
dovecot-1.2.7 If /var/run/dovecot does not exist when dovecot starts up (e.g. required when /var/run is a tmpfs/ramfs), it creates it. But it creates it with the wrong file mode -- the directory is mode 777. Being world writable means any user could change the name of any file within the directory, including the login directory, and then create their own new login directory. Or remove the pid file, or perhaps cause other types of havoc. Comments? -frank
Re: [Dovecot] Fwd: Re: Dovecot and SATA Backend
If one had a network-based NFS service of the user mail data, that would mean that 1) it would be easy to upgrade servers (data wouldn't move as it would have to if it was owned either by being directly connected to the mail server or connected over iSCSI) True for directly connected storage, but nor for iSCSI. iSCSI storage is remote and would not have to move if the mail server is updated, only if the iSCSI server is replaced. 2) If other servers access the mail data, this is a load on the mail server if again, as above, it owns the disk resource either by direct attach or iSCSI. Again, correct for local storage but not for iSCSI. Better it would seem to me if there was a dedicated NFS network-based server that all clients could get to It's not the best idea to have multiple clients messing independently with your mail spool. We did that until this year, and I'm glad to be done with it... Now all mail access comes via dovecot, and my life is much easier... Comments on that? I don't think you understand iSCSI very well... But your arguments about direct attached versus NFS are solid. -- Eric Rostetter The Department of Physics The University of Texas at Austin This message is provided "AS IS" without warranty of any kind, either expressed or implied. Use this message at your own risk.
Re: [Dovecot] Postfix+Dovecot SASL+LDAP(AD)
Hi Vitaliy
The AD configs I know need an administrative authentication before
"normal" login checks can be done.
Use the dn and dnpass configs. dn should contain the administrative
user's DN and dnpass the corresponding password.
Another thing you can have a second look at is the type and format the
AD stores the user informations. Normally the CN field contains the
user's full name not the mail address. The UID is stored in the
"sAMAccountName" field. So you should also map Dovecot's UID field to
the AD UID field with
user_attrs = sAMAccountName=uid
Hope this helps..
Greets,
Holger
Vitaliy Vladimirovich schrieb:
> I have tried configure Postfix with Dovecot SASL to authenticate remote users
> in LDAP (Active Directory).
> Below my dovecot.conf:
>
> protocols = none
> ssl = none
>
> auth default {
> mechanisms = plain login
> passdb ldap {
> args = /usr/local/etc/dovecot-ldap.conf
> }
> userdb ldap {
> args = /usr/local/etc/dovecot-ldap-userdb.conf
> }
>
> }
>
>
> dovecot-ldap.conf
>
> hosts = 10.55.0.2:389
> debug_level = 1
> auth_bind = yes
> auth_bind_userdn = cn=%n,dc=example,dc=gov,dc=ua
> ldap_version = 3
> base = dc=example, dc=gov, dc=ua
> scope = subtree
> ## 10.55.0.2 - Domain Controller
> ##
>
>
> But it does not work:-(
> Where is mistake?
>
> Below log:
>
>
>
> Nov 18 13:02:59 mx postfix/smtpd[12985]: connect from unknown[190.10.190.3]
> Nov 18 13:02:59 mx postfix/smtpd[12985]: setting up TLS connection from
> unknown[190.10.190.3]
> Nov 18 13:02:59 mx postfix/smtpd[12985]: Anonymous TLS connection established
> from unknown[190.10.190.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_simple_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_sasl_bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_initial_request
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_send_server_request
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
>
> Nov 18 13:02:59 mx dovecot: auth(default): wait4msg ld 0x11847020 msgid -1
> (timeout 0 usec)
> Nov 18 13:02:59 mx dovecot: auth(default): wait4msg continue ld 0x11847020
> msgid -1 all 1
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Connections:
> Nov 18 13:02:59 mx dovecot: auth(default): * host: 10.55.0.2 port: 389
> (default)
> Nov 18 13:02:59 mx dovecot: auth(default): refcnt: 2 status: Connected
> Nov 18 13:02:59 mx dovecot: auth(default): last used: Wed Nov 18 13:02:59
> 2009
> Nov 18 13:02:59 mx dovecot: auth(default):
> Nov 18 13:02:59 mx dovecot: auth(default):
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Outstanding
> Requests:
> Nov 18 13:02:59 mx dovecot: auth(default): * msgid 3, origid 3, status
> InProgress
> Nov 18 13:02:59 mx dovecot: auth(default):outstanding referrals 0, parent
> count 0
> Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 request count 1
> (abandoned 0)
> Nov 18 13:02:59 mx dovecot: auth(default): ** ld 0x11847020 Response Queue:
> Nov 18 13:02:59 mx dovecot: auth(default):Empty
> Nov 18 13:02:59 mx dovecot: auth(default): ld 0x11847020 response count 0
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList ld 0x11847020
> msgid -1 all 1
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chkResponseList returns ld
> 0x11847020 NULL
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_int_select
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid -1
> all 1
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 msgid 3
> message type bind
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_chase_referrals
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: V2 referral chased,
> mark request completed, id = 3
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: ld 0x11847020 0 new
> referrals
> Nov 18 13:02:59 mx dovecot: auth(default): read1msg: mark request completed,
> ld 0x11847020 msgid 3
> Nov 18 13:02:59 mx dovecot: auth(default): request done: ld 0x11847020 msgid
> 3
> Nov 18 13:02:59 mx dovecot: auth(default): res_errno: 49, res_error:
> <80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
> 525, vece>, res_matched: <>
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_free_request (origid 3, msgid
> 3)
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_parse_result
> Nov 18 13:02:59 mx dovecot: auth(default):
> ldap(test_u...@example.org.ua,190.10.190.3): invalid credentials
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_msgfree
> Nov 18 13:02:59 mx dovecot: auth(default): ldap_result ld 0x11847020 msgid -1
>
> Nov 18 13:02:59 mx dovecot: auth(def
[Dovecot] How to remove leading dots from folder names with Layout=FS
We are looking to move to Dovecot from a customized Courier implementation. Our current format is maildir-like. It's basically a filesystem layout...hierarchies are identified by real directories/subdirectories. Our folder names do have a leading dot and for reasons related to other systems, we do not want to change our format at all.The Layout=FS is very close to working for us. The problem we have is the folder names are coming back with the leading dot to the clients. Is there a way through configuration to have the leading dot removed?So, just to clarify, under our maildir home, we have directories (folders) for example: .Trash, .Sent-Mail, etc. Then, any child folders would be resident in the physical subdirectories. Like I said, things appear to work ok, except our List is coming back with .Trash, .Sent-Mail, etcwe would like simply Trash, Sent-Mail, etc.Thanks,...Tony This message is intended solely for the individual(s) to whom it is addressed. If you are not the intended recipient, any dissemination or copying is strictly prohibited. If you believe you received this message in error, please notify the sender and delete from your system. Thank you.
Re: [Dovecot] configurable sieve_max_redirects
Hanns Mattes wrote: Maciej Polewczyński wrote: Yes there is. Didn't do that yet because I didn't expect anyone to need much more any time soon. I'll fix that before the next release. Great. Thank You. Fixed: http://hg.rename-it.nl/dovecot-1.2-sieve/rev/5cad1afbbf0f http://hg.rename-it.nl/dovecot-1.2-sieve/rev/f81856d00b5f Regards, Stephan.
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 19 Nov 2009, Javier Vico Egea wrote:
In that case it works perfect but my problem are all the users using the old
vm-pop3 configuration with XXX!mysecondarydomain.es
Yep, I just wanted confirmation :)
There is currently no way to change this behaviour by configuration, but
src/auth/auth-request.c
contains function auth_request_fix_username():
The default domain is appended, before the character translation takes
place.
if (strchr(username, '@') == NULL &&
request->auth->default_realm != NULL) {
user = p_strconcat(request->pool, username, "@",
request->auth->default_realm, NULL);
} else {
user = p_strdup(request->pool, username);
}
for (p = (unsigned char *)user; *p != '\0'; p++) {
if (request->auth->username_translation[*p & 0xff] != 0)
*p = request->auth->username_translation[*p &
0xff];
if (request->auth->username_chars[*p & 0xff] == 0) {
*error_r = t_strdup_printf(
"Username contains disallowed character: "
"0x%02x", *p);
return NULL;
}
}
=
I would change the first if() into:
=
if (strchr(username, '@') == NULL &&
strchr(username, '!') == NULL &&
request->auth->default_realm != NULL) {
=
Note the strchr() in the second line. The default domain is
not appended, if either an Ad sign or exclamation mark is
present in the username.
Maybe, you ask Timo to have a way to conditionally let replace
a set of characters into '@' before this check.
Regards,
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSwVYSnWSIuGy1ktrAQI/4gf/TFGCcTnIaxWsZiRFi/P0iSr0uyPdFP8+
dQMgAVkYYt/sP7PH28vZbMHHtiBtIb7T3FTiuNclXXZcLrfj3NX3zf8XfNFknd4j
BzcghW+wE+2I9v4O5/WmKRD79herBCGOTnswOMcRk9zPrIL2lEjuDhOFsePQXjTI
IYBybQx+EebAYRUwtVgUc1leQtaD02QtFLLM2EbIbIbNhnYLaOr6+YQs2Ghi6LpL
MAbfsRh00L/AmY5NNXZUPK2UKpTyppBxVMwwv+K12FqABzs6PAdQz8LpdwqrRDOX
7Raze+KD4U9M9imLVgcD8dgdRnl6wGQJnTFiA0kgb0fyEqk/pL/tpg==
=KieQ
-END PGP SIGNATURE-
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
In that case it works perfect but my problem are all the users using the old vm-pop3 configuration with XXX!mysecondarydomain.es Thank you for your interest. -Mensaje original- De: Steffen Kaiser [mailto:skdove...@smail.inf.fh-brs.de] Enviado el: jueves, 19 de noviembre de 2009 14:47 Para: dovecot@dovecot.org CC: dovecot@dovecot.org Asunto: Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Nov 2009, Javier Vico Egea wrote: > auth default: > default_realm: myprincipaldomain.es > username_chars: > abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz01234567890...@! > username_translation: !@ > passdb: >driver: passwd-file >args: /etc/virtual/%d/passwd Hmm, what happens, if you login with: pru...@mysecondarydomain.es ? Note the @ Does it work? > userdb: >driver: static >args: uid=500 gid=500 home=/var/spool/virtual/%d Each use should have an unique home dir, I think. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSwVMWXWSIuGy1ktrAQIRiggArndG34u+zfOU41LXb8Nj6A5UMQ8o1cMv P8Ax+uKXyo9b7kae5N+ZeMkiVVMiALmMr6e7HJeKbTUdl6CFVc+Wa0TBdlpNVEJ0 d49A4IetnfVSWlfu21VR5hpenpsNE2E8JRHQ5Mb0eBaEFneT/VEk2YB7WfsmsvbF pS2gXhnBl1q8x+VtC/y5fyYB/P8urQU8wwdVTb809fLxUuMVDEUC77bHtXBtRHYT C0mF3ZyRmh3vFLwBb6e7VwhWkttbKlAzO7lsfNujEqA0dpjzeA+qOw+A2JmyH6sl ZTFpDWc/jv12+7m+AJB46CsPeKZ8/cfFVITni6G7aBrmGPseIVF3+w== =il6+ -END PGP SIGNATURE-
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Nov 2009, Javier Vico Egea wrote: auth default: default_realm: myprincipaldomain.es username_chars: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz01234567890...@! username_translation: !@ passdb: driver: passwd-file args: /etc/virtual/%d/passwd Hmm, what happens, if you login with: pru...@mysecondarydomain.es ? Note the @ Does it work? userdb: driver: static args: uid=500 gid=500 home=/var/spool/virtual/%d Each use should have an unique home dir, I think. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSwVMWXWSIuGy1ktrAQIRiggArndG34u+zfOU41LXb8Nj6A5UMQ8o1cMv P8Ax+uKXyo9b7kae5N+ZeMkiVVMiALmMr6e7HJeKbTUdl6CFVc+Wa0TBdlpNVEJ0 d49A4IetnfVSWlfu21VR5hpenpsNE2E8JRHQ5Mb0eBaEFneT/VEk2YB7WfsmsvbF pS2gXhnBl1q8x+VtC/y5fyYB/P8urQU8wwdVTb809fLxUuMVDEUC77bHtXBtRHYT C0mF3ZyRmh3vFLwBb6e7VwhWkttbKlAzO7lsfNujEqA0dpjzeA+qOw+A2JmyH6sl ZTFpDWc/jv12+7m+AJB46CsPeKZ8/cfFVITni6G7aBrmGPseIVF3+w== =il6+ -END PGP SIGNATURE-
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
On 11/19/2009, Javier Vico Egea (j.v...@dipualba.es) wrote: > # 1.0.7: /etc/dovecot.conf Not that this is the cause of your problem, but you do need to upgrade...
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
Here is the configuration: # 1.0.7: /etc/dovecot.conf protocols: pop3 listen: *:10100 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login login_greeting: Bienvenido al servidor de correo. login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c domain=%d nombre=%d mail_location: mbox:~/mail:INBOX=/var/spool/virtual/%d/%n mail_debug: yes mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3 auth default: default_realm: myprincipaldomain.es username_chars: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz01234567890...@! username_translation: !@ verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/virtual/%d/passwd userdb: driver: static args: uid=500 gid=500 home=/var/spool/virtual/%d -Mensaje original- De: Steffen Kaiser [mailto:skdove...@smail.inf.fh-brs.de] Enviado el: jueves, 19 de noviembre de 2009 11:35 Para: dovecot@dovecot.org CC: dovecot@dovecot.org Asunto: Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Nov 2009, Vico wrote: What's your configuration, dovecot -n ? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSwUfPXWSIuGy1ktrAQJQdwgAgDXYD2a6/z/UERJDe77DFUVswu2/IEnv v5beC9I+/zXbSQxotLV1EWTXnOcmV/3OjHvqGzYcjWgOZauUCoq5s/kAhQPfptTA bPIvfyUE1I9SrsANzfkse5LfmzE8vXPqVkszSIRBY9sWDZCXL3VuWHufnWb+fRIz /y4nLz6/mo6ETMEK5kwI7B54pXcXINzo55dNJMIQXnl9w40cFTqkhKfCCYXHgx+o f03f/Qpz4DLo7Ap45/xaSWRj1Ve+6APxdhMicVt1rRx2DhrEbaDnNmd8z0tk9wsV 4UxUUyrNjQwYPj/0usu+069/dhzqGUiNshsop+2tYqogdWT6wlfBeQ== =zF+V -END PGP SIGNATURE-
Re: [Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Nov 2009, Vico wrote: What's your configuration, dovecot -n ? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSwUfPXWSIuGy1ktrAQJQdwgAgDXYD2a6/z/UERJDe77DFUVswu2/IEnv v5beC9I+/zXbSQxotLV1EWTXnOcmV/3OjHvqGzYcjWgOZauUCoq5s/kAhQPfptTA bPIvfyUE1I9SrsANzfkse5LfmzE8vXPqVkszSIRBY9sWDZCXL3VuWHufnWb+fRIz /y4nLz6/mo6ETMEK5kwI7B54pXcXINzo55dNJMIQXnl9w40cFTqkhKfCCYXHgx+o f03f/Qpz4DLo7Ap45/xaSWRj1Ve+6APxdhMicVt1rRx2DhrEbaDnNmd8z0tk9wsV 4UxUUyrNjQwYPj/0usu+069/dhzqGUiNshsop+2tYqogdWT6wlfBeQ== =zF+V -END PGP SIGNATURE-
Re: [Dovecot] Sieve compilation error
Stephan Bosch schrieb: > --with-dovecot points to the directory containing the dovecot-config > file. In the default dovecot makefile this is installed in > $prefix/lib/dovecot. In your case it is apparently installed in the > include/dovecot directory which confuses Sieve's configure script, > thinking it is compiling against the sources in stead of the headers only. > Thanks for the pointer, Stephan! I checked again and found another dovecot-config in /usr/lib64/dovecot. If I pass this directory to configure the compilation runs through just fine.
Re: [Dovecot] Sieve compilation error
Oli Schacher wrote: Hi list Trying to get sieve for 1.2 running (dovecot sieve, not cmusieve) I'm running on centos 5.4 64bit, dovecot rpms installed from http://atrpms.net/dist/el5/dovecot/ ( dovecot-1.2.7-0_102.el5.x86_64.rpm and dovecot-devel-1.2.7-0_102.el5.x86_64.rpm ) I pulled the sieve sources ( hg clone http://hg.rename-it.nl/dovecot-1.2-sieve ) autogen.sh ./configure --with-dovecot=/usr/include/dovecot/ --with-dovecot points to the directory containing the dovecot-config file. In the default dovecot makefile this is installed in $prefix/lib/dovecot. In your case it is apparently installed in the include/dovecot directory which confuses Sieve's configure script, thinking it is compiling against the sources in stead of the headers only. In Dovecot Sieve's configure.in: if test -d "$dovecotdir/src"; then # compiling against sources have_dovecot_libs=yes else # compiling against installed headers echo "WARNING: Cannot build Sieve commandline tools without the compiled" echo " Dovecot sources. Compiling against headers will only build" echo " the Sieve plugin." have_dovecot_libs=no fi The directory src exists in your include/dovecot, causing your problem. Any hints? Adjusting configure.in should help. Timo: perhaps we can make the autodetection more robust, what do you think? :) Regards, Stephan
[Dovecot] Combination of default domain and username character translation problem in POP3 server configuration
Hello, I have a mail server running vm-pop3 and I am migrating it to Dovecot. I have a problem configuring Dovecot as a POP3 server only (I'm not interested in IMAP for now). I have two types of domains: one principal domain, whose users don't include the domain in the login process; and secondary domains, whose users include the domain part with the ! separator, instead of @ (i.e. prueba!mysecondarydomain.es). Because of that, I have set the following options in the configuration file: auth_default_realm = myprincipaldomain.es auth_username_translation = !@ The combination of these two parameters produces the following effect when I login with an user of a secondary domain (I have no problem with principal domain authentication): +OK Bienvenido al servidor de correo. user prueba!mysecondarydomain.es +OK pass prueba. -ERR Authentication failed. quit +OK Logging out This is the resulting log: Nov 19 09:58:51 prueba dovecot: auth(default): new auth connection: pid=21953 Nov 19 09:59:04 prueba dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3lip=192.168.1.84rip=192.168.17.13 resp=AHBydWViYSF0b2JhcnJhLmVzAHBydWViYS4= Nov 19 09:59:04 prueba dovecot: auth(default): passwd-file(pru...@mysecondarydomain.es@myprincipaldomain.es,192.168.17. 13): no passwd file: /etc/virtual/mysecondarydomain...@myprincipaldomain.es/passwd Nov 19 09:59:05 prueba dovecot: auth(default): client out: FAIL 1 user=pru...@mysecondarydomain.es@myprincipaldomain.es So, I think the problem is Dovecot tests if the default domain is needed before the character translation is done, so the character ! is not detected as a domain separator, so the default domain is always appended. The question is how I could resolve this problem. I need these two operations to be done because there is a lot of users already working with this configuration. Thank you in advance.
Re: [Dovecot] failed: Permission denied missing +w perm: /home/mail_virtual/2001 (solved)
On Wed, November 18, 2009 19:31, Timo Sirainen wrote: > On Wed, 2009-11-18 at 18:12 +0100, Jürgen Herrmann wrote: >> On Wed, November 18, 2009 17:29, Timo Sirainen wrote: >> > On Wed, 2009-11-18 at 16:17 +0100, Jürgen Herrmann wrote: >> >> 2009-11-18 16:04:24 dovecot: Fatal: chdir(/home/mail_virtual/2001) failed: >> >> Permission denied (euid=2001 egid=2001 stat(/home/mail_virtual/2001) >> >> failed: Permission denied missing +w perm: /home/mail_virtual/2001) >> > >> > so "ls -dln /home/mail_virtual/2001" actually shows that the owner and >> > group is 2001? >> >> app3:~# ls -dln /home/mail_virtual/2001 >> drwx-- 4 2001 2001 4096 18. Nov 13:59 /home/mail_virtual/2001 > > What about /home and /home/mail_virtual's permissions? Is this on NFS or > local filesystem? > > In any case kernel is telling Dovecot that chdir() failed with > permission denied.. > setup was: /mnt is root.root 755 /mnt/nfs-backup1 is a mountpoint for nfs /home/mail_virtual is a symlink -> /mnt/nfs-backup1 /mnt/nfs-backup1 was root.root 705, which caused the problems, setting it to 755 solved those problems. regards, jürgen -- >> XLhost.de - eXperts in Linux hosting ® << XLhost.de GmbH Jürgen Herrmann, Geschäftsführer Boelckestrasse 21, 93051 Regensburg, Germany Geschäftsführer: Volker Geith, Jürgen Herrmann Registriert unter: HRB9918 Umsatzsteuer-Identifikationsnummer: DE245931218 Fon: +49 (0)800 XLHOSTDE [0800 95467833] Fax: +49 (0)800 95467830 WEB: http://www.XLhost.de IRC: #xlh...@irc.quakenet.org
[Dovecot] Sieve compilation error
Hi list Trying to get sieve for 1.2 running (dovecot sieve, not cmusieve) I'm running on centos 5.4 64bit, dovecot rpms installed from http://atrpms.net/dist/el5/dovecot/ ( dovecot-1.2.7-0_102.el5.x86_64.rpm and dovecot-devel-1.2.7-0_102.el5.x86_64.rpm ) I pulled the sieve sources ( hg clone http://hg.rename-it.nl/dovecot-1.2-sieve ) autogen.sh ./configure --with-dovecot=/usr/include/dovecot/ so far so good but make fails: [...] make[4]: Leaving directory `/work/dovecot-1.2-sieve/src/sieve-tools/debug' make[4]: Entering directory `/work/dovecot-1.2-sieve/src/sieve-tools' if gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src/lib-sieve -I../../src/lib-sieve-tool -I./debug -I/usr/include/dovecot -I/usr/include/dovecot/src/lib -I/usr/include/dovecot/src/lib-mail -I/usr/include/dovecot/src/lib-index -I/usr/include/dovecot/src/lib-storage -I/usr/include/dovecot/src/deliver -std=gnu99 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include -MT sievec.o -MD -MP -MF ".deps/sievec.Tpo" -c -o sievec.o sievec.c; \ then mv -f ".deps/sievec.Tpo" ".deps/sievec.Po"; else rm -f ".deps/sievec.Tpo"; exit 1; fi make[4]: *** No rule to make target `/usr/include/dovecot/src/lib-storage/register/libstorage-register.a', needed by `sievec'. Stop. make[4]: Leaving directory `/work/dovecot-1.2-sieve/src/sieve-tools' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/work/dovecot-1.2-sieve/src/sieve-tools' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/work/dovecot-1.2-sieve/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/work/dovecot-1.2-sieve' make: *** [all] Error 2 Any hints? Thanks in advance Oli
