Re: [Dovecot] So, what about clustering and load balancing?
On 15.2.2010, at 8.13, Stan Hoeppner wrote: Timo Sirainen put forth on 2/14/2010 1:31 PM: On Sun, 2010-02-14 at 01:16 -0600, Stan Hoeppner wrote: If you use maildir format mailboxen, you physically can't run into a write lock contention between the MTA and the imap process because the MTA writes every new email to a new file name. You're ignoring dovecot-uidlist and index files. Apparently I'm missing something. If the MTA is creating files per Maildir specs, If the mails are delivered by MTA or something else than Dovecot delivery agent, then there shouldn't be any locking contention. But normally using Dovecot deliver should give better performance, and that (reads and) writes dovecot-uidlist and dovecot.index* files, which IMAP/POP3 also reads/writes. Also I guess it depends on internals, but I'd think creating new files requires some kind of locking/synchronization for the directory, which is similar to locking contention (it can't respond success to file creation until it's verified that another server hadn't already created it).
[Dovecot] Sieve libexec /usr/lib/dovecot/deliver
Hi, I have installed dovecot(1.2.10) with --libexecdir=/usr/lib . Dovecot sieve(0.1.15) is compiled with --with-dovecot but still uses /usr/libexec/dovecot/deliver instead of /usr/lib/dovecot/deliver. How should be dovecot sieve configured to use /usr/lib/dovecot/deliver thanks in advance Filip # dovecot configuration: ./configure --prefix=/usr --sysconfdir=/etc/dovecot --localstatedir=/var \ --libexecdir=/usr/lib --with-moduledir=/usr/lib/dovecot/modules \ --with-db --with-mysql --with-pgsql --with-sqlite \ --with-ssl=openssl --with-ssldir=/etc/dovecot/ssl \ --with-gssapi --with-ldap=plugin --enable-header-install --with-docs # dovecot sieve configuration: ./configure --prefix=/usr --with-dovecot=/usr/lib/dovecot # /usr/lib/dovecot/dovecot-config: CFLAGS=-std=gnu99 -march=i686 -mtune=generic -O2 -pipe -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 LIBS= -lrt SSL_LIBS=-lssl -lcrypto -ldl -lz STORAGE_LIBS=$(top_builddir)/src/lib-storage/register/libstorage-register.a $(top_builddir)/src/lib-storage/list/libstorage_list.a $(top_builddir)/src/lib-storage/index/cydir/libstorage_cydir.a $(top_builddir)/src/lib-storage/index/dbox/libstorage_dbox.a $(top_builddir)/src/lib-storage/index/maildir/libstorage_maildir.a $(top_builddir)/src/lib-storage/index/mbox/libstorage_mbox.a $(top_builddir)/src/lib-storage/index/raw/libstorage_raw.a $(top_builddir)/src/lib-storage/index/shared/libstorage_shared.a $(top_builddir)/src/lib-storage/index/libstorage_index.a $(top_builddir)/src/lib-storage/libstorage.a $(top_builddir)/src/lib-index/libindex.a $(top_builddir)/src/lib-imap/libimap.a $(top_builddir)/src/lib-mail/libmail.a $(top_builddir)/src/lib-auth/libauth.a $(top_builddir)/src/lib-charset/libcharset.a $(top_builddir)/src/lib/liblib.a LIBICONV= MODULE_LIBS=-export-dynamic -ldl dovecot_incdir=/usr/include/dovecot moduledir=/usr/lib/dovecot/modules CFLAGS=-std=gnu99 -march=i686 -mtune=generic -O2 -pipe -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscri LIBS= -lrt SSL_LIBS=-lssl -lcrypto -ldl -lz STORAGE_LIBS=$(top_builddir)/src/lib-storage/register/libstorage-register.a $(top_builddir)/src/lib-storage/list/libstorage_list.a $(top_ LIBICONV= MODULE_LIBS=-export-dynamic -ldl dovecot_incdir=/usr/include/dovecot moduledir=/usr/lib/dovecot/modules # end of dovecot-config dovecot -n output: # 1.2.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.27-lts i686 ext3 protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/mail.pruda.com/cert.pem ssl_key_file: /etc/ssl/mail.pruda.com/key.pem disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_location: maildir:/home/vmail/%u mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: postmaster_address: postmas...@pruda.com mail_plugins: sieve sieve_global_path: /home/vmail/dovecot-global.sieve sendmail_path: /usr/sbin/sendmail auth default: user: nobody passdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf userdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: sieve: /home/vmail/%u/dovecot.sieve home: /home/vmail/%u
Re: [Dovecot] [RCU] Dovecot managesieve
Well I've looked forward into the wiki and did not found my server have only system users ( no virtual domain ) and the wiki says : System users If you wish you use deliver for all system users on a single domain mail host you can do it by editing mailbox_command parameter in /etc/postfix/main.cf (postconf(5)): That's what I did but then I have this problem with DOTLOCK If I chmod 777 /var/mail directory it works but I do not feel comfortable with that kind of access rights ... On 02/12/10 20:39, Joseph Kolb wrote: Hi Frank, the question is, do you use the LDA of dovecot (LocalDeliveryAgent)? If so, then yes, you must add/modify some stuff in master.cf. This is good described in dovecot wiki :-). Regards, Joseph Am Freitag 12 Februar 2010 15:42:12 schrieben Sie: Hi Joseph Thanks for your answer did you modify something in Postfix main.cf file ? Frank On 02/12/10 11:57, Joseph Kolb wrote: On Fri, 12 Feb 2010 10:13:53 +0100, A.L.E.Ca...@alec.pl wrote: Frank Bonnet wrote: protocol lda { # Address to use when sending rejection mails. postmaster_address = postmas...@esiee.fr In dovecot-1.1 I've got in protocol lda section: mail_plugins = cmusieve Hi Frank, i use also dovecot 1.2.10 and here is my part of dovecot.conf --snip--- protocol imap { ssl_listen = *:993 mail_plugins = quota imap_quota } protocol lda { postmaster_address = postmas...@.xx log_path = /var/log/dovecot-lda.log info_log_path = /var/log/dovecot-info-lda.log mail_plugins = sieve } --snip--- Regards, Joseph ___ List info: http://lists.roundcube.net/users/
Re: [Dovecot] Capability COMPRESS implemented?
Hi Timo Looks like COMPRESS=DEFLATE is valid only after login, which made it much easier to implement. It's now in v2.0 hg. Tested that it seems to work with Thunderbird 3.0.1. http://hg.dovecot.org/dovecot-2.0/rev/29f5567e0a9a protocol imap { mail_plugins = zlib imap_zlib } Oh!! Dur. At long, long last I finally understood what you were telling me when you said you wanted to stop the zlib plugin being file based and move to an iostream! This has been trying to get higher up my todo list to have a closer look at for some time, but I completely misunderstood where/how you had it in mind to implement the compression - your solution seems very neat and clever! Thanks for implementing this - this is very exciting! I'm tied up with deadlines on other projects, but extremely keen to have a performance test as soon as possible - would be very interested to hear results from anyone else on the list who gives this a go - as I say our compression proxy gives quite a noticable speedup on larger mailboxes over a 10Mbit connection here and it *should* give quite a zing to Profimail for symbian phones (who kindly specifically added support for this on request) Cheers! Ed W
Re: [Dovecot] [RCU] Dovecot managesieve
Frank Bonnet put forth on 2/15/2010 3:21 AM: Well I've looked forward into the wiki and did not found my server have only system users ( no virtual domain ) and the wiki says : System users If you wish you use deliver for all system users on a single domain mail host you can do it by editing mailbox_command parameter in /etc/postfix/main.cf (postconf(5)): That's what I did but then I have this problem with DOTLOCK If I chmod 777 /var/mail directory it works but I do not feel comfortable with that kind of access rights ... Hi Frank. As I said in my reply on the postfix-user list, your feeling is right on. You want to avoid 777 rights. Instead set mail_privileged_group=mail in dovecot.conf and I think you''ll be good to go. -- Stan
Re: [Dovecot] [RCU] Dovecot managesieve
On 02/15/10 10:56, Stan Hoeppner wrote: Frank Bonnet put forth on 2/15/2010 3:21 AM: Well I've looked forward into the wiki and did not found my server have only system users ( no virtual domain ) and the wiki says : System users If you wish you use deliver for all system users on a single domain mail host you can do it by editing mailbox_command parameter in /etc/postfix/main.cf (postconf(5)): That's what I did but then I have this problem with DOTLOCK If I chmod 777 /var/mail directory it works but I do not feel comfortable with that kind of access rights ... Hi Frank. As I said in my reply on the postfix-user list, your feeling is right on. You want to avoid 777 rights. Instead set mail_privileged_group=mail in dovecot.conf and I think you''ll be good to go. it's already set ... BTW what kind of locking are you using ? I do not use NFS and all files are located on local disks
[Dovecot] Problem with allow_nets passdb parameter and Postfix
I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I have: smtpd_sasl_type = dovecot It works good, but now I need to allow users to connect by IMAP only from given IP adresses. I've added extra field allow_nets to passdb in Dovecot, and IMAP authentication works fine. But now I can't connect to my SMTP server because when smtpd ask dovecot about user authentification, dovecot always denied it. Even if I try to connect to SMTP from correct IP, listed in allow_nets for user. In dovecot log I have messages about incorrect ip like this: dovecot: 2010-02-15 13:28:51 Info: auth(default): passwd-file(malamut): lookup: user=malamut file=/etc/dovecot/temp.users dovecot: 2010-02-15 13:28:51 Info: auth(default): passdb(malamut): allow_nets check failed: Remote IP not known dovecot: 2010-02-15 13:28:53 Info: auth(default): client out: FAIL 7 user=malamut Problem is clear: smtpd don't send client IP to dovecot authentication socket. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny.
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
Quoting Wilko Bulte, who wrote on Wed, Feb 10, 2010 at 08:36:33PM +0100 .. hi Today I have been in a puzzling fight with 2 dovecot versions that I would like to ask some comments on. The situation is this: - I have a considerable mail archive in mbox format (yes, I know, but that is what I have..). - My mail reader is mutt 1.5.20 by the way. - Some of these mbox files have names like firstname.initial.lastname Note the . seperating the parts of the email-ers name. - On my old system I have dovecot v 1.1.7 which has always worked flawless - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. On a not-previously-existing mbox dovecot 1.2.8 produces the directory hierarchy thing: firstname - initial - lastname - I am using the same dovecot.conf on v.1.1.7 and v.1.2.8 Can anyone tell me if v1.2.8 no longer is able to do what v1.1.7 did? And what I dearly would like to get working :-( And if it can, what should I put in dovecot.conf to make that happen? Really nobody who has any idea? I admit, my Googling did not help either but still :-) I would have imagined someone else on this list might have encountered the issue? Wilko
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
On 10.2.2010, at 21.36, Wilko Bulte wrote: - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. mbox hierarchy separator is typically '/'. The above error message sounds like you've changed the separator to be '.'. Is that intentional? On a not-previously-existing mbox dovecot 1.2.8 produces the directory hierarchy thing: firstname - initial - lastname You mean this is also how it was in 1.1.7?.. If so, it probably worked back then only because of lack of error detection.
[Dovecot] wish now I'd not upgraded...
Upgraded from Debian Dovecot 1.0.15 to Debian Dovecot 1.2.10-1~bpo50+1. I use Postfix local delivery to and Dovecot mbox. As per upgrade directions, I stopped dovecot processes and deleted all dovecot.index.cache files in /home/%user/mail/.imap. Performed upgrade to 1.2.10-1~bpo50+1. Modified new dovecot.conf for my environment. Started dovecot. Problem: Instantly noticed in TB 3.0.1 Win32 that all emails in all folders were marked as unread. Stopped TB, stopped dovecot, deleted *all* files in /home/%user/mail/imap/ so indexes and caches could be rebuilt from scratch. Started dovecot, started TB. Same problem. Then I got ugly, stopped TB and dovecot, deleted all ~.imap/ files *and* deleted *all* TB cache and index files with a time stamp of today. Restarted dovecot, restarted TB. Same damn problem. I sit hit right clicking folder after folder and selecting mark as read, only to see all the emails in the folder go read and then within seconds go back to marked as unread (bold). Opening messages one at a time and moving to the next doesn't even keep them marked as read. WTF is going on? Why won't they stay marked as read? I've got over 25,000 emails in these folders and I get a few hundred list mails a day. I really need to get this read/unread business straightened out. What the heck am I missing? Is this a bug in the Debian backport? Good thing I have no hair or I'd have pulled half of it out by now... -- Stan
Re: [Dovecot] wish now I'd not upgraded...
On 15.2.2010, at 16.14, Stan Hoeppner wrote: Upgraded from Debian Dovecot 1.0.15 to Debian Dovecot 1.2.10-1~bpo50+1. Problem: Instantly noticed in TB 3.0.1 Win32 that all emails in all folders were marked as unread. This is a Thunderbird bug and there have been several threads about this here. Basically the fix is to disable CONDSTORE support in Thunderbird until 3.0.2 is released.
Re: [Dovecot] wish now I'd not upgraded...
On 15.02.2010 17:14, Stan Hoeppner wrote: Upgraded from Debian Dovecot 1.0.15 to Debian Dovecot 1.2.10-1~bpo50+1. I use Postfix local delivery to and Dovecot mbox. As per upgrade directions, I stopped dovecot processes and deleted all dovecot.index.cache files in /home/%user/mail/.imap. Performed upgrade to 1.2.10-1~bpo50+1. Modified new dovecot.conf for my environment. Started dovecot. Problem: Instantly noticed in TB 3.0.1 Win32 that all emails in all folders were marked as unread. Stopped TB, stopped dovecot, deleted *all* files in /home/%user/mail/imap/ so indexes and caches could be rebuilt from scratch. Started dovecot, started TB. Same problem. Then I got ugly, stopped TB and dovecot, deleted all ~.imap/ files *and* deleted *all* TB cache and index files with a time stamp of today. Restarted dovecot, restarted TB. Same damn problem. I sit hit right clicking folder after folder and selecting mark as read, only to see all the emails in the folder go read and then within seconds go back to marked as unread (bold). Opening messages one at a time and moving to the next doesn't even keep them marked as read. WTF is going on? Why won't they stay marked as read? I've got over 25,000 emails in these folders and I get a few hundred list mails a day. I really need to get this read/unread business straightened out. What the heck am I missing? Is this a bug in the Debian backport? Good thing I have no hair or I'd have pulled half of it out by now... It's bug in TB 3.0 with CONDSTORE capability, it's fixed for next version 3.0.2. You can disable it in prefs mail.server.default.use_condstore = false untill 3.0.2 released
Re: [Dovecot] wish now I'd not upgraded...
Em 15/02/2010 12:14, Stan Hoeppner escreveu: WTF is going on? Why won't they stay marked as read? I've got over 25,000 emails in these folders and I get a few hundred list mails a day. I really need to get this read/unread business straightened out. What the heck am I missing? Is this a bug in the Debian backport? Good thing I have no hair or I'd have pulled half of it out by now... before blaming dovecot, you could have checked the mailing list archives and found that's a KNOWN bug on Thunderbird 3 (until 3.0.1) which was already fixed and will be published on TB 3.0.2. if you had searched the archives, you could also have find a workaround for that on thunderbird side. there's also a workaround on the dovecot side but i'll let you learn how to search the archives and find that :) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] wish now I'd not upgraded...
Stan, Quoting Stan Hoeppner s...@hardwarefreak.com: Upgraded from Debian Dovecot 1.0.15 to Debian Dovecot 1.2.10-1~bpo50+1. I use Postfix local delivery to and Dovecot mbox. As per upgrade directions, I stopped dovecot processes and deleted all dovecot.index.cache files in /home/%user/mail/.imap. Performed upgrade to 1.2.10-1~bpo50+1. Modified new dovecot.conf for my environment. Started dovecot. Problem: Instantly noticed in TB 3.0.1 Win32 that all emails in all folders were marked as unread. Stopped TB, stopped dovecot, deleted *all* files in /home/%user/mail/imap/ so indexes and caches could be rebuilt from scratch. Started dovecot, started TB. Same problem. snip Have a look at http://old.nabble.com/Re%3A-Messages-marked-as-unread---Dovecot-1.2.10---Thunderbird-2.0.0.23-p27406947.html - a quick Google search would point me towards the conclusion that it might be worth you having a look at your version of TB and (apparent) problems re read/unread status --Ronald Ronald MacDonald : ron...@rmacd.com 4 1F1 Gillespie Crescent, Edinburgh. EH10 4HT. http://www.rmacd.com/ : (+44) 777 235 1655
Re: [Dovecot] wish now I'd not upgraded...
Timo Sirainen put forth on 2/15/2010 8:18 AM: On 15.2.2010, at 16.14, Stan Hoeppner wrote: Upgraded from Debian Dovecot 1.0.15 to Debian Dovecot 1.2.10-1~bpo50+1. Problem: Instantly noticed in TB 3.0.1 Win32 that all emails in all folders were marked as unread. This is a Thunderbird bug and there have been several threads about this here. Basically the fix is to disable CONDSTORE support in Thunderbird until 3.0.2 is released. I guess I should have paid closer attention to that thread. Since I wasn't seeing that problem with my 3.0.1 I assumed it didn't apply to me. Apparently it just didn't apply to dovecot 1.0.15, but does apply to 1.2.10. Yes? Dovecot 1.0.15 was working pretty much perfectly for me. But, it was so long in the tooth I figured I should upgrade now that a new Debian package was available. Sorry the row. I should have remembered that thread. It was just a week or two ago. -- Stan
Re: [Dovecot] wish now I'd not upgraded...
On 15.2.2010, at 16.51, Stan Hoeppner wrote: This is a Thunderbird bug and there have been several threads about this here. Basically the fix is to disable CONDSTORE support in Thunderbird until 3.0.2 is released. I guess I should have paid closer attention to that thread. Since I wasn't seeing that problem with my 3.0.1 I assumed it didn't apply to me. Apparently it just didn't apply to dovecot 1.0.15, but does apply to 1.2.10. Yes? Rght. v1.2 is the first version to support CONDSTORE extension.
Re: [Dovecot] wish now I'd not upgraded...
Timo Sirainen put forth on 2/15/2010 8:58 AM: On 15.2.2010, at 16.51, Stan Hoeppner wrote: This is a Thunderbird bug and there have been several threads about this here. Basically the fix is to disable CONDSTORE support in Thunderbird until 3.0.2 is released. I guess I should have paid closer attention to that thread. Since I wasn't seeing that problem with my 3.0.1 I assumed it didn't apply to me. Apparently it just didn't apply to dovecot 1.0.15, but does apply to 1.2.10. Yes? Rght. v1.2 is the first version to support CONDSTORE extension. Disabled condstore in about:config and all was instantly correct again after I restarted TB (3.0.1). Thanks for the gentle nudge, instead of a trout slap Timo. :) One last question on this TB condstore bug: Does this affect both mbox and maildir, i.e. it's a pure IMAP protocol handling bug, or is it specific to mbox? -- Stan
Re: [Dovecot] wish now I'd not upgraded...
On 15.2.2010, at 17.15, Stan Hoeppner wrote: One last question on this TB condstore bug: Does this affect both mbox and maildir, i.e. it's a pure IMAP protocol handling bug, or is it specific to mbox? I looked at the patch, and it looked like the code that handled condstore was simply just buggy. It was supposed to have cleared some variables in initialization code, but didn't. (And that's why with Dovecot APIs you can't allocate uninitialized memory, it's always zeroed out. Less work for programmer (me), less potential bugs/security holes.)
Re: [Dovecot] wish now I'd not upgraded...
On 15.2.2010, at 17.23, Timo Sirainen wrote: On 15.2.2010, at 17.15, Stan Hoeppner wrote: One last question on this TB condstore bug: Does this affect both mbox and maildir, i.e. it's a pure IMAP protocol handling bug, or is it specific to mbox? Oh, and: In general, IMAP clients aren't supposed to know what mailbox format the backend is using. The one difference it usually sees between mbox and maildir is that with mbox you can't have a mailbox with messages and child mailboxes (but with some configuration you can get around that too).
Re: [Dovecot] [RCU] Dovecot managesieve
Frank Bonnet put forth on 2/15/2010 4:30 AM: mail_privileged_group=mail in dovecot.conf and I think you''ll be good to go. it's already set ... Hmm BTW what kind of locking are you using ? I do not use NFS and all files are located on local disks I use pretty much the dovecot defaults, with local sata disk, ext2 fs Debian Lenny: mbox_read_locks = fcntl mbox_write_locks = fcntl dotlock mbox_lock_timeout = 300 mbox_dotlock_change_timeout = 120 I'm using the Postfix default lock settings: deliver_lock_attempts = 20 deliver_lock_delay = 1s mailbox_delivery_lock = fcntl, dotlock stale_lock_time = 500s I don't think your problem is a lock issue but a permissions issue, as changing to 777 eliminates the file write error. I'm not sure exactly why that is, but obviously the LDA process isn't running with the right privilege. Either that or the permissions on /var/mail/ aren't correct. But those perms are usually set during operating system install, so I would assume they're correct. I've never used LDA. I'm surprised one of the other experienced OPs or Timo himself hasn't jumped in here. -- Stan
Re: [Dovecot] wish now I'd not upgraded...
Timo Sirainen put forth on 2/15/2010 9:26 AM: On 15.2.2010, at 17.23, Timo Sirainen wrote: On 15.2.2010, at 17.15, Stan Hoeppner wrote: One last question on this TB condstore bug: Does this affect both mbox and maildir, i.e. it's a pure IMAP protocol handling bug, or is it specific to mbox? Oh, and: In general, IMAP clients aren't supposed to know what mailbox format the backend is using. The one difference it usually sees between mbox and maildir is that with mbox you can't have a mailbox with messages and child mailboxes (but with some configuration you can get around that too). Speaking of which, I've tried creating empty imap folders and then creating subfolders in them. TB won't allow me to do this with Dovecot mbox accounts. Shouldn't I be able to do this? I've tried it with and without tb-extra-mailbox-sep enabled. I've read multiple places that tiered mbox imap folders should be possible, as long as the main folder contains no messages, only pointers to other mbox files, or imap sub folders. Is this a TB limitation, a dovecot limitation, or my knowledge limitation? Thanks Timo. -- Stan
Re: [Dovecot] wish now I'd not upgraded...
On 15.2.2010, at 17.52, Stan Hoeppner wrote: Speaking of which, I've tried creating empty imap folders and then creating subfolders in them. TB won't allow me to do this with Dovecot mbox accounts. Shouldn't I be able to do this? I've tried it with and without tb-extra-mailbox-sep enabled. I've read multiple places that tiered mbox imap folders should be possible, as long as the main folder contains no messages, only pointers to other mbox files, or imap sub folders. Is this a TB limitation, a dovecot limitation, or my knowledge limitation? No idea. If you talk IMAP protocol directly, it should go like: a create foo/ creates a foo directory that can hold child mailboxes b create bar creates bar mailbox that can't hold children c create a/d creates a that has a d child mailbox If in doubt, it's usually the client that does something wrong.
[Dovecot] Dovecot+Postfix+Maildir with ActiveDirectory userbase
Luigi Rosa li...@luigirosa.com uttered: Hi, has anyone implemented a mail server with maildir, Postfix and Dovecot using Active Directory ad userbase and password authentication? Do I need Samba to authenticate users? Can I use credential caching just like mysql? Ciao, luigi -- / +--[Luigi Rosa]-- \ Hi Luigi, I am running a Postfix/Dovecot setup that is authenticating against a Windows 2000 domain. It is possible to authenticate several different ways, including Kerberos/Winbind and NTLM via Samba. I used the following article as a guide. It is for FreeBSD, but the configuration instructions apply equally to any Postfix/Dovecot setup. I am running mine on Ubuntu 8.10. http://blog.al-shami.net/index.php/freebsd-postfix-dovecot-and-active-directory/ The above article covers most of the setup, however I have changed a few things for my purposes. In short, I am using LDAP to communicate with the Active Directory server. I am looking up email addresses and aliases from AD in Postfix and using Dovecot as LDA. Postfix uses Dovecot's SASL for authentication, and Dovecot in turn authenticates against AD. My Setup: Postfix and Dovecot running on the same virtual machine on a Dell 2950 with 1x Xeon E5440 on ESXi 4. Maildirs served up by 10x146GB SCSI drives on RAID-10 via direct attached Dell MD-1000. Serving 600+ users, mailbox sizes up to 14GiB with constant heavy searching (no fts yet) and filtering (sieve and IMAP clients). 80,000 messages delivered per week, 95,000 messages rejected, 17,000 spam. 15 minute Load average stays under .50 all day with 4 CPU cores. IMAP clients include Outlook 2007, Thunderbird 2 and 3, in addition to webmail via Group Office (yuck). dovecot-ldap.conf: # Include multiple domain controllers for redundancy, first one is # at the same facility as the Dovecot server. hosts = 10.0.1.12:389 10.0.2.12:389 10.0.3.12:389 # Specify the full DN of a user to authenticate against dn = cn=Internal, ou=People, dc=example, dc=com dnpass = some_secure_password auth_bind = yes ldap_version = 3 base = ou=People, dc=example, dc=com # Specify the base storage for email here user_attrs = sAMAccountName=home=/var/vmail/example.com/%$ # The following user_filter should all be on a single line. # The ugly userAccountControl param means Exclude disabled users user_filter = ((sAMAccountName=%Ln)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = ((sAMAccountName=%Ln)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) For the Postfix side of things, the article explains how to set Postfix to use Dovecot's SASL for authentication. It also specifies separate confs for Postfix to lookup users and aliases from. For my purposes, I decided not to modify the AD schema, and to instead utilize an unused field to store aliases in. This field had to be able to store multiple values in a way that I could query easily via LDAP. I chose the IP Phone field for this purpose. In the AD GUI it is easily accessible, and allows for multiple values to be stored. Note its usage in the queries that follow. /etc/postfix/ldap-users.cf: # Same list of DCs as in dovecot-ldap.conf server_host = ldap://10.0.1.12:389 ldap://10.0.2.12:389 ldap://10.0.3.12:389 search_base = dc=example, dc=com bind = yes bind_dn = EXAMPLE\internal bind_pw = a_secure_password # Use this lookup for email addresses matching the following domains # corresponds with virtal_mailbox_domains in main.cf domain = example.com, examplelegacy.com, exmple.com # The following query has been modified a bit from the above article. # First, the userAccountControl param specifies the exclusion of # disabled users. # The other change is from objectClass to objectCategory. query_filter = (((objectCategory=person)(sAMAccountName=%u))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = sAMAccountName version = 3 # I was having trouble with referrals not resolving properly due to a # misconfigured domain controller. I turned this option off and have # not had a problem since. chase_referrals = no result_format=example.com/%s/ debuglevel = 0 timeout = 30 /etc/postfix/ldap-aliases.cf: # Same list of DCs as in dovecot-ldap.conf server_host = ldap://10.0.1.12:389 ldap://10.0.2.12:389 ldap://10.0.3.12:389 search_base = dc=example, dc=com bind = yes bind_dn = EXAMPLE\internal bind_pw = a_secure_password domain = example.com, examplelegacy.com, exmple.com # This query looks up aliases from the otherIPPhone field. query_filter = (((objectCategory=person)(|(otherIPPhone=%u)(sAMAccountName=%u)))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute = sAMAccountName version = 3 chase_referrals = no result_format...@example.com debuglevel = 0 timeout = 30 The objectCategory replacement for objectClass is a *huge* performance increase. objectClass is not indexed in Active Directory, forcing a lot of CPU cycles to be wasted for every lookup. The
Re: [Dovecot] wish now I'd not upgraded...
Well, the issue is, with mbox, you can decide if the name you create: a) can hold child mailboxes, or messages or b) messages, and no mailboxes it makes more sense when you think about them as directories and files. WIth mbox a mailbox is a file. So: ~/mailbox/inbox ~/mailbox/foo/ ~mailbox/foo/bar in such setup inbox is a file and of course you can't create ~/mailbox/inbox/children files or directories. but ~/mailbox/foo/ is a directory, so you can create files or directories under it. But the foo itself is a directory, not an mbox file. So with mbox the important thing is to either add nor not add the '/' trailing character to created mailbox names. (And to think that with BikINI they thought this was a good feature of IMAP, not a bad one..) On 15.2.2010, at 18.21, Stewart Dean wrote: Well, I had the same problem and a colleague pointed me to this cockeyed black-is-white TB config setting: Under Account Settings, Server Settings, Server Settings, Advanced, *UN*click Server supports folders that contain sub-folders and messages. Then you can create sub-folders. Doesn't make any sense at allbut then it's Monday and the Red Queen is everywhere spreading the joys of enhanced entropy... Stan Hoeppner wrote: Speaking of which, I've tried creating empty imap folders and then creating subfolders in them. TB won't allow me to do this with Dovecot mbox accounts. Shouldn't I be able to do this? I've tried it with and without tb-extra-mailbox-sep enabled. I've read multiple places that tiered mbox imap folders should be possible, as long as the main folder contains no messages, only pointers to other mbox files, or imap sub folders. Is this a TB limitation, a dovecot limitation, or my knowledge limitation? Thanks Timo. -- Once upon a time, the Internet was a friendly, neighbors-helping-neighbors small town, and no one locked their doors. Now it's like an apartment in Bed-Stuy: you need three heavy duty pick-proof locks, one of those braces that goes from the lock to the floor, and bars on the windows Stewart Dean, Unix System Admin, Bard College, New York 12504 sd...@bard.edu voice: 845-758-7475, fax: 845-758-7035
Re: [Dovecot] salted passwords
Em 14/02/2010 04:53, to...@tuxteam.de escreveu: No, just let Dovecot's algorithm do the generation (and later checking) of the password? (I might be misunderstanding your problem, though). unfortunelly i cant do that. I have my own accounts admin system, written in PHP, which does mail management (creating accounts, changing passwords) ... so i'm afraid i'll have to know exactly how to generate them in a way dovecot is able to handle too. from sources on src/auth i can find some interesting informations: /* format: SHA1 hashsalt */ and #define SSHA256_SALT_LEN 4 so the salt really seems to be 4-byte (which in fact are 8 when watching in hexadecimal), the exact difference on dovecotpw non-salted and salted generated passwords. So it would be enough to generate the password, SHA256 salted, and store the salt as the last 8 hexadecimal digits ? SHA256 hash is 64-characteres in hexadecimal, which can be base64 encoded for being stored shorter. SHA256 salt is 8-characters in hexadecimal, which should be added to the end of the SHA256 hash so stored password would be: {SSHA256.hex}GENERATEDSALTEDHASH+GENERATEDSALT or having the GENERATEDSALTEDHASH+GENERATEDSALT base64 encoded and stored as: {SSHA256.b64}BASE64ENCODEDGENERATEDSALTEDHASH+GENERATEDSALT is that OK ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Dovecot+Postfix+Maildir with ActiveDirectory userbase
Wayne Thursby put forth on 2/15/2010 10:24 AM: My Setup: Postfix and Dovecot running on the same virtual machine on a Dell 2950 with 1x Xeon E5440 on ESXi 4. Maildirs served up by 10x146GB SCSI drives on RAID-10 via direct attached Dell MD-1000. Interesting setup Wayne. Serving 600+ users, mailbox sizes up to 14GiB with constant heavy searching (no fts yet) and filtering (sieve and IMAP clients). 80,000 messages delivered per week, 95,000 messages rejected, 17,000 spam. 15 minute Load average stays under .50 all day with 4 CPU cores. How many CPUs are listed in /proc/cpuinfo under that Ubuntu VM? ESX by default only exposes one CPU(core) to a VM guest OS. Any chance you didn't tweak the VM config and that your Ubuntu guest is only running on time slices of a single core? Your results are even more impressive if that's the case. Also, are you seeing the classic system clock drift of ESX guests, and if so, is it causing problems with smtp and imap? -- Stan
Re: [Dovecot] wish now I'd not upgraded...
Timo Sirainen put forth on 2/15/2010 11:19 AM: Well, the issue is, with mbox, you can decide if the name you create: a) can hold child mailboxes, or messages or b) messages, and no mailboxes it makes more sense when you think about them as directories and files. WIth mbox a mailbox is a file. So: The problem was not that I lack understanding of mbox imap sub folder implementation (read a lot about it trying to fix this), but that I incorrectly long ago read or instead of and in the TB check box description, and hadn't thoroughly re-read the description recently. :( The important thing is that discussing it here and getting feedback from you wonderful folks helped me find the problem and fix it. :) -- Stan
Re: [Dovecot] dovecot and firstname.initial.lastname mbox format archive
Quoting Timo Sirainen, who wrote on Mon, Feb 15, 2010 at 03:23:09PM +0200 .. On 10.2.2010, at 21.36, Wilko Bulte wrote: Hello Timo, - On my new system I have dovecot v 1.2.8 which refuses to handle these dot-seperated files. I get the somewhat familiar Mailbox doesn't allow inferior mailboxes. mbox hierarchy separator is typically '/'. The above error message sounds like you've changed the separator to be '.'. Is that intentional? I have attached the dovecot -n from my dovecot 1.2.8 which does not want to accept firstname.initial.lastname. This is the dovecot128.conf file. I have also attached the dovecot -n from my dovecot 1.1.7 (running on another system) which works OK with firstname.initial.lastname Both versions work OK as long as there are no . in the name of the mbox file to be created/written. Only 1.1.7 works with . in the filename of the mbox file. On a not-previously-existing mbox dovecot 1.2.8 produces the directory hierarchy thing: firstname - initial - lastname You mean this is also how it was in 1.1.7?.. If so, it probably worked back then only because of lack of error detection. No, on 1.1.7 I never used/saw firstname - inital - lastname inboxes. I only saw firstname.initial.lastname mbox files, no directory hierarchy was created. Appreciate your insight! Thanks! Wilko # 1.1.7: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.2-STABLE i386 protocols: imaps imap ssl_key_file: /etc/ssl/private/dovecot.prkey ssl_parameters_regenerate: 10 verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_processes_count: 2 login_max_processes_count: 3 max_mail_processes: 32 verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: mbox:~/mail/:INBOX=/var/mail/%u mail_process_size: 64 imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep auth default: passdb: driver: pam userdb: driver: passwd # 1.2.8: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-STABLE amd64 protocols: imaps imap ssl_cert_file: /etc/ssl/private/dovecot.pem ssl_key_file: /etc/ssl/private/dovecot.prkey login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_processes_count: 2 login_max_processes_count: 3 max_mail_processes: 32 verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: mbox:%h/mail:INBOX=/var/mail/%u mail_process_size: 64 imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep namespace: type: private separator: / inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmas...@example.com sendmail_path: /usr/sbin/sendmail auth default: passdb: driver: pam userdb: driver: passwd
[Dovecot] sieve addflag has stopped working
Dovecot 1.2.10 in Debian, using Dovecot sieve. I have a sieve script, generated by Ingo, that's supposed to mark spam messages as Seen and file them into the Junk folder. In part it reads: require [regex, body, imapflags, fileinto]; if exists X-Spam-Flag { addflag \\Seen; fileinto Junk; removeflag \\Seen; stop; } This has been working correctly for a long time, but since about 2 weeks ago now, the Seen flag isn't being set, although the messages are still being filed into the Junk folder. In two different mail clients, new messages in the Junk folder show up as being unread. Looking at the mail files that hold those messages, the file names don't have an S flag appended, while older messages all have the S and show up as already seen in the mail clients. I don't believe that I've updated dovecot recently, so I'm not sure why the behavior has changed. Note that I do have plugin { sieve_extensions = +imapflags } in dovecot.conf. I know that imapflags is deprecated, but it is still supposed to be supported. Unfortunately ingo1 doesn't support imap4flags yet (http://bugs.horde.org/ticket/8784). I'm trying to find log information that might indicate an error, but I'm not finding much. /var/log/exim4/mainlog just says: 2010-02-15 14:22:14 1Nh6WK-000200-8z x...@xxx.xxx: deliver_pipe transport output: deliver(andrex): Info: sieve: msgid=ad58db2a42700ec0e5c924c8882d4...@yourmailnews.net: stored mail into mailbox 'Junk' The wiki says that there should be a log file ~/.dovecot.sieve.log, but there isn't one, which I guess means there are no error messages. Output of dovecot -a is below. Any ideas why the Seen flag isn't being set any more? Thanks, Andrew. # dovecot -a # 1.2.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26 x86_64 Debian squeeze/sid base_dir: /var/run/dovecot log_path: info_log_path: log_timestamp: %Y-%m-%d %H:%M:%S syslog_facility: mail protocols: imap imaps managesieve listen(default): localhost listen(imap): localhost listen(managesieve): localhost:2000 ssl_listen: imap ssl: yes ssl_ca_file: ssl_cert_file: /etc/dovecot/helium-imaps.cert.pem ssl_key_file: /etc/dovecot/helium-imaps.key.pem ssl_key_password: ssl_parameters_regenerate: 0 ssl_cipher_list: ssl_cert_username_field: commonName ssl_verify_client_cert: no disable_plaintext_auth: yes verbose_ssl: no shutdown_clients: yes nfs_check: yes version_ignore: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_user: dovecot login_greeting: Dovecot ready. login_log_format_elements: user=%u method=%m rip=%r lip=%l %c login_log_format: %$: %s login_process_per_connection: yes login_chroot: yes login_trusted_networks: login_process_size: 64 login_processes_count: 3 login_max_processes_count: 128 login_max_connections: 256 valid_chroot_dirs: mail_chroot: max_mail_processes: 512 mail_max_userip_connections: 10 verbose_proctitle: no first_valid_uid: 500 last_valid_uid: 0 first_valid_gid: 1 last_valid_gid: 0 mail_access_groups: mail_privileged_group: mail mail_uid: mail_gid: mail_location: maildir:~/.mail mail_cache_fields: mail_never_cache_fields: imap.envelope mail_cache_min_mail_count: 0
Re: [Dovecot] sieve addflag has stopped working
Andrew Schulman wrote: plugin { sieve_extensions = +imapflags } in dovecot.conf. I know that imapflags is deprecated, but it is still supposed to be supported. Unfortunately ingo1 doesn't support imap4flags yet (http://bugs.horde.org/ticket/8784). This is a known problem and it has been fixed in the repository: http://hg.rename-it.nl/dovecot-1.2-sieve/rev/a890258aa5a9 This bug was actually present for quite some time. It was however shadowed by another bug that was fixed in the latest release, exposing this one. You can apply the above change as a patch to fix the issue during the time that there is no new release. Regards, Stephan.
Re: [Dovecot] sieve addflag has stopped working
Andrew Schulman wrote: plugin { sieve_extensions = +imapflags } in dovecot.conf. I know that imapflags is deprecated, but it is still supposed to be supported. Unfortunately ingo1 doesn't support imap4flags yet (http://bugs.horde.org/ticket/8784). This is a known problem and it has been fixed in the repository: http://hg.rename-it.nl/dovecot-1.2-sieve/rev/a890258aa5a9 This bug was actually present for quite some time. It was however shadowed by another bug that was fixed in the latest release, exposing this one. That's kind of funny. You can apply the above change as a patch to fix the issue during the time that there is no new release. OK, thanks. I'll file a bug report with Debian and see if they'll release a patched version. Thanks, Andrew.
[Dovecot] Special user
Not sure what to call this - I'm actually working out the details as I type this. I want to have a valid username/password for an account for sending purposes - but when receiving this is an alias that broadcasts to several users. Example: accountspaya...@mydomain.com - is an alias for j...@mydomain.com, j...@mydomain.com, and j...@mydomain.com. However - any mails sent (from a particular client software) should all only show accountspayable as the sender. How would I implement this? I'm asking here because Dovecot serves as the authentication mechanism for my SMTP server (Postfix) via LDAP lookups. -- Daniel
[Dovecot] dovecot-sieve vacation vs qmail-ldap
Helloo, We are using dovectot lda with qmail-ldap, dovecot 1.2.10, sieve 0.1.15 lda is executed as exec /var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -s preline adds Delivered-To: header, everything works fine except vacation Feb 9 16:07:16 thebe dovecot: deliver(lazy): sieve: msgid=unspecified: discarding vacation response for message implicitly delivered to l...@thebe.org Feb 9 16:07:16 thebe dovecot: deliver(lazy): sieve: msgid=unspecified: stored mail into mailbox 'INBOX' thebe.org is the hostname of the machine, oryginal recipient address has other domain .dovecot.sieve file looks like this require [vacation]; #autoresponder vacation :days 1 :subject Auto Reply / Odpowiedz automatyczna a; I did experiments with :addresses [*] without any luck. deliver only gets user and HOME directory form env variables provided by qmail, so it's unaware of the target email address. How to fix it ? I was thinking about deliver extracting target address from Delivered-To: header added by qmail's preline, or use DTLINE env variable, whitch qmail populates with Delivered-To header.
Re: [Dovecot] Dovecot+Postfix+Maildir with ActiveDirectory userbase
Wayne Thursby put forth on 2/15/2010 10:24 AM: My Setup: Postfix and Dovecot running on the same virtual machine on a Dell 2950 with 1x Xeon E5440 on ESXi 4. Maildirs served up by 10x146GB SCSI drives on RAID-10 via direct attached Dell MD-1000. Interesting setup Wayne. The same ESXi/RAID combo are also running several other VMs using 7 of its 8GB of RAM. Serving 600+ users, mailbox sizes up to 14GiB with constant heavy searching (no fts yet) and filtering (sieve and IMAP clients). 80,000 messages delivered per week, 95,000 messages rejected, 17,000 spam. 15 minute Load average stays under .50 all day with 4 CPU cores. How many CPUs are listed in /proc/cpuinfo under that Ubuntu VM? ESX by default only exposes one CPU(core) to a VM guest OS. Any chance you didn't tweak the VM config and that your Ubuntu guest is only running on time slices of a single core? Your results are even more impressive if that's the case. Sorry if it's less impressive, but I've certainly configured the VM for 4 cores. The cores are shared equally between all VMs, I've done no prioritization because I've not had any performance issues related to resource contention. Having 10x15k RPM spindles to seek across, and 512MB of cache on the controller, means I can give Postfix/Amavis/Dovecot 3GB of RAM to use, and 1GB of it is always used for cache, without ever dipping into swap. I get occasional spikes to 30ms of disk latency, but it stays below 5ms for most of the workday. Also, are you seeing the classic system clock drift of ESX guests, and if so, is it causing problems with smtp and imap? Not at all, that's what the VMware tools are for. The ESXi host is configured to use our NTP server inside the VPN, and the VMware tools package synchronizes the guest clock with the host. I ran into this on our webmail client as well, then I discovered how easy it really is to install the VMware tools on Ubuntu, so it's no longer a problem. Don't want to stray off topic, so I'll start a new thread, but I'm now attempting to bring High Availability to the mix, and could use some suggestions. -- Wayne Thursby System Administrator Physicians Group, LLC
[Dovecot] Highly Performance and Availability
Hello everyone, I am currently running Dovecot as a high performance solution to a particular kind of problem. My userbase is small, but it murders email servers. The volume is moderate, but message retention requirements are stringent, to put it nicely. Many users receive a high volume of email traffic, but want to keep every message, and *search* them. This produces mail accounts up to 14+GiB. After seeing the failures of my predecessors, I transitioned to Postfix/Dovecot and haven't looked back. Things are running nicely with the below setup. Postfix and Dovecot running on the same virtual machine on a Dell 2950 with 1x Xeon E5440 on ESXi 4. Maildirs served up by 10x146GB 15k RPM SAS drives on RAID-10 via direct attached Dell MD-1000. We are transitioning other services to high availability, and I'm wondering exactly how to provide some kind of near-realtime failover for my Postfix/Dovecot machine. The MD-1000 provides nothing in the way of iSCSI, but it *does* have two SAS connections available, only one of which is in use. I have been looking at the Dell EqualLogic stuff and it seems to provide what we need. I can get most of the information I need from the rep, but I wonder if anyone has any experience with high performance requirements on these kinds of storage. I'd like to continue running my current hardware as the primary mail server, but provide some kind of failover using the SAN. The primary usage of the SAN will be to make our 2TB document store highly available. I'm wondering what kind of options I might have in the way of piggybacking some email failover on this kind of hardware without sacrificing the performance I'm currently enjoying. Is it possible to go with a virtual machine mounted on iSCSI acting as a backup mail server? How would I sync the two, NBD+MD? Any experience doing this with maildirs? I wonder about the performance. Can it be as simple as attaching my MD-1000's second controller to the SAN magic box via SAS and pressing the Easy button? Is it as expensive as running my primary mailserver mounted from the SAN via Fiber Channel? Will that get me under 30ms latency? I welcome any suggestions the group may have. -- Wayne Thursby System Administrator Physicians Group, LLC