[Dovecot] ACL, forced INBOX subscription
Hi, I've two accounts 'matthias' and 'mailverwalter'. Mailverwalter want's to share the Spam folder: This is the situation in the beginning: (matthias) a LIST (SUBSCRIBED) "common." "*" a OK List completed. a LIST (SUBSCRIBED) "common.mailverwalter" "*" a OK List completed. (mailverwalter) a GETACL Spam * ACL "Spam" "mailverwalter" lrwstipekxacd a OK Getacl completed. a GETACL INBOX * ACL "INBOX" "mailverwalter" lrwstipekxacd a OK Getacl completed. So far so good. Mailverwalter sets the list permission: (mailverwalter) a SETACL "Spam" "matthias" l a OK Setacl complete. a GETACL "Spam" * ACL "Spam" "matthias" l "mailverwalter" lrwstipekxacd a OK Getacl completed. a GETACL "INBOX" * ACL "INBOX" "mailverwalter" lrwstipekxacd a OK Getacl completed. That's ok as well and I want to make sure that the INBOX doesn't have any other permission. After that, some listing: (matthias) a LIST (SUBSCRIBED) "common." "*" a OK List completed. a LIST (SUBSCRIBED) "common.mailverwalter." "*" a OK List completed. That's also ok, nothing subscribed. (matthias) a LIST "common.mailverwalter." "*" * LIST (\Noselect \HasChildren) "." "common.mailverwalter" * LIST (\HasNoChildren) "." "common.mailverwalter.Spam" a OK List completed. This normal folder listing seems to be ok, too, and then listing of the subcribed folders again: (matthias) a LIST (SUBSCRIBED) "common.mailverwalter." "*" * LIST (\Subscribed \NonExistent) "." "common.mailverwalter.INBOX" a OK List completed. And then, the INBOX is subscribed and \NonExistent because I don't have permissions on it. The folder stays subscribed as long as I'm connected to the server. When I disconnect and do the LIST (SUBSCRIBED) again, the folder is not subscribed as long I do not 'normal' list it. Happens with dovecot 1.2.11, haven't tried 2.0 yet. I assume that's not the intended behaviour. This INBOX folder confuses the Nokia n900 email client a lot, but it doesn't matter if it can be accessed or not. Regards, Matthias
Re: [Dovecot] Problem configuring rawlog with 2.0beta6
Mark Sapiro wrote: > The initial problem I was seeing after upgrade from 2.0beta5 to > 2.0beta6 was error messages from my Android phone K9 client that > dovecot was reporting -1 messages in various mailboxes. These > mailboxes do have the special "Mail System Internal Data" message in > them. Just to follow up on this original issue, it appears the client sends an "examine" for the folder and gets back a perfectly appropriate response including 0 EXISTS 0 RECENT and then proceeds to log an error about -1 Messages. Thus, this appears to be strictly a client issue, possibly caused by a client software update about the same time as the dovecot update. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan
[Dovecot] OT Re: Dovecot 1.1.x and 1.2.x differencies
re-sent , this never made it to the list, my anti spam system ate it :) On Wed, 2010-06-16 at 07:07 -0500, Stan Hoeppner wrote: > > > That's an interesting position/observation given that RHEL, SLES, and CentOS > (RHEL derivative) have the largest datacenter footprint in the US by far. > Across both oceans, mainly Europe and South America, SuSE rules pretty much > everything, from what I've read. > Dunno, I speak from my part of the world where I've been associated with over past twenty years It doesn't surprise me that RedHat have a larger footprint in U.S and SuSE in EU, being Inc there and having support, This pretty much means D.C's can employ clueless or first year in the work force 18 year old's to look after the equipment. (not attacking that age group, I've met some that run rings around some doing this for 30 odd years or more > All the numbers I've seen show Slackware and Gentoo at the very bottom of the > charts, almost zero penetration. Debian has far more datacenter penetration Don't know where you get those figures from, I hope your not going to try use distrowatch as example :) Though debian, like RH, have a reasonable userbase, I've found again mostly clueless drones who forever flood lists asking how to do A, B or C many, if not most debian admins are also scared shitless to use source code of anything, some I've come across were "shocked" to learn that source code is available, there little world doesn't evolve outside of "DEB", I gave out 7 updates for SM project plugin a couple months ago ( as the plugin version is still in beta), one guy replied complaining it was broken package, guess why, because DPKG couldnt install it - I, ROFLMFAO! and this person worked for a multi-national company in the U.S. it comes down to how much you care about your customers needs, this isnt the '80s where using the latest and greatest was generally shied upon, I've used it exclusively for key daemons since about the mid nineties, all without a single problem. I do have issue with auto package updates, as an employer in the mid nineties was bitten by a botched RH update, that rendered several servers useless. I guess I was also lucky not to be fried by the infamous debian openssl destructive patch they pushed out couple years ago, which also affected other OS's if their cert was generated on a debian system, using the closest to how the software dev team release their software, and not butchering/distro-ising it and so, means, more often than not, fewer problems. Now, this is so far OT if you wish to continue with this discussion, please reply directly, there have been too many threads lately on this list generate into non-dovecot related noise factors which may impact on the genuine needy. <>
Re: [Dovecot] LDA to address extensions
On Jun 17, 2010, at 9:25 PM, Martijn de Munnik wrote: On Jun 17, 2010, at 1:45 PM, Martijn de Munnik wrote: Hi List, I'm trying to make dovecot deliver messages to sam+extens...@example.com to the imap folder 'extension' of the user 'sam'. I've configured postfix with these dovecot as LDA: mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER" -d "$USER" -m "$EXTENSION" -a "$RECIPIENT" recipient_delimiter = + I've found this thread but it doesn't seem to work for me. http://www.mail-archive.com/dovecot@dovecot.org/msg18230.html I also disabled the sieve plugin but that doesn't make any difference. Jun 17 21:10:55 deliver(munnik): Info: sieve: msgid=<116e5d96-fb80-4877-af96-eb296c73e...@youngguns.nl >: stored mail into mailbox 'INBOX' Jun 17 21:20:37 deliver(munnik): Info: msgid=<9d6f1f02-f6e0-4260-905e-bcc1ff269...@youngguns.nl >: saved mail to INBOX I've found the problem, it has nothing to do with dovecot. A postfix content_filter is messing with my address, when I remove that filter deliver is working as expected. Sorry to waste your time ;) Sam is a local system user so I don't want to use virtual_transport (I think). I've read http://wiki.dovecot.org/LDA/Postfix but so far without success. # 1.2.11: /etc/opt/redknot/dovecot.conf Warning: There is no way to login to this server: disable_plaintext_auth=yes, ssl=no, no non-plaintext auth mechanisms. # OS: SunOS 5.11 sun4v log_path: /var/log/dovecot.log ssl: no login_dir: /opt/redknot/var/run/dovecot/login login_executable: /opt/redknot/libexec/dovecot/imap-login login_max_processes_count: 10 max_mail_processes: 10 mail_location: maildir:~/Maildir lda: postmaster_address: postmas...@redknot.nl mail_plugins: sieve mail_plugin_dir: /opt/redknot/lib/dovecot/lda sendmail_path: /usr/sbin/sendmail auth_socket_path: /opt/redknot/var/run/dovecot/auth-master auth default: passdb: driver: pam args: other userdb: driver: passwd socket: type: listen master: path: /opt/redknot/var/run/dovecot/auth-master mode: 384 plugin: sieve_before: /etc/opt/redknot/sieve/before sieve_after: /etc/opt/redknot/sieve/after I know about the warning, this dovecot is only used as LDA, not for imap or pop3. thanks, Martijn YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568 YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: [Dovecot] Ok, I've given up
On Thu, Jun 17, 2010 at 04:46, Chuck McManis wrote: > So SMTP hasn't changed much in 30 years ;-) I'd be interested in what you > consider a 'modern' MTA. I've looked pretty thoroughly at sendmail, postfix, > and qmail and of the three qmail is fairly reliable. Not sure what makes a > particular MTA more 'vulnerable' to spam. I don't run an open relay and I > generally find barracuda central a decent rbl source. Between that and using > tcpserver to simply not accept connections from zombies spam hasn't really > been an issue. I abandoned sendmail many years ago and haven't looked back. I tried qmail and postfix, and was a lot happier with postfix. I overlooked exim at the time, but from what little I've seen and heard, it should be up there with postfix, making for a tough choice if you didn't have anything to bias your choice (like having used one of them already for a few years). I prefer to avoid DJB's "the code is the comment" code because it's too hard to maintain. Hard to maintain == risk of breaking it, IMHO. But I do like DJB's CDB concept. > Provide a system that gives shell and email service to a dozen users, hosts > perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines. > > Preferred OS and what makes it the one you choose? > Preferred MTA and what makes it the one you choose? > Name service? > ssh implementation? > Hardware? I'd prefer Slackware or OpenBSD based on the simplicity. But I do/have run some things on CentOS, Debian, Fedora, FreeBSD and Ubuntu, for various reasons where those get me going faster, or have what I need, including my current mail server on Ubuntu (for a faster "get a startup started" where needs were not well defined), which will be migrated to Slackware, maybe in early '11. Postfix is my 1st choice due to experience, but Exim seems to be a fine next choice. My authoritative DNS runs on NSD3, and my caching DNS runs on BIND9. They are run on different IPs on the same machines (5, later to be 6, instances of each). Local hidden zones are on BIND9, but I don't have to do a split horizon to have it. OpenSSH. x86_64 machines because it's COTS. The mail server is running on a pair of 500GB drives in RAID1. Next machine will probably be more drives and 1TB each. I'm looking for a RAID controller than can do a 3-way or 4-way mirror. I also rsync everything to another box every hour and working on setting up a delta archive from that backup.
Re: [Dovecot] \Noselect on virtual folders
I already replied to Matthias on IRC, but here's for everyone: On Wed, 2010-06-16 at 21:33 +0200, Matthias Rieber wrote: > a LIST "virtual.spam." "*" > * LIST (\Noselect \HasNoChildren) "." "virtual.spam." > * LIST (\HasNoChildren) "." "virtual.spam.unchecked" This \HasNoChildren was already fixed in v2.0. I don't know how difficult it would be to fix for v1.2. > a LIST (SUBSCRIBED) "virtual.spam." "*" > * LIST (\Subscribed \Noselect) "." "virtual.spam.disagree.spamassassin" > * LIST (\Subscribed \Noselect) "." "virtual.spam.disagree.dspam" > * LIST (\Subscribed \Noselect) "." "virtual.spam.unchecked" > a OK List completed. There were several bugs related to this. Fixed in v2.0. Probably too much trouble to backport to v1.2. http://hg.dovecot.org/dovecot-2.0/rev/3128f592ef5c http://hg.dovecot.org/dovecot-2.0/rev/7330bb240c75
Re: [Dovecot] Ok, I've given up
On 2010-06-17 3:33 PM, Chuck McManis wrote: > Its just a FreeBSD 8.0 system with a Marvell 8 port SATA card and a couple > of TB of of SATA drives. Thanks for the response... now I just have to find the time... ;) -- Best regards, Charles
Re: [Dovecot] Ok, I've given up
On Thu, Jun 17, 2010 at 9:26 AM, Charles Marcus wrote: > On 2010-06-17 11:52 AM, Chuck McManis wrote: > > but I've been evaluating a ZFS based file server as well to see if it > > can get the same level of reliability. > > Care to share which one? Or just a FreeBSD based one of your own making? > Its just a FreeBSD 8.0 system with a Marvell 8 port SATA card and a couple of TB of of SATA drives. I configured ZFS pretty much with all the default knobs. One of my SATA "drives" is actually outside the box so that I can turn it off to introduce a "failed drive" to the system to evaluate error handling and recovery. I've been considering NexentaStor Comunity Edition. The boss doesn't > like spending money, and we don't really *need* anything super fancy, > but I really like what I hear about ZFS... > For most NAS stuff so far it seems pretty reasonable. Its both not as space efficient and better than the NetApp in terms of total available space becaus the NetApp box lops off like 65GB of every drive in a combination of 'right sizing' and reserving space. ZFS uses the whole drive but has ginormously fat metadata blocks that it mirrors a lot. The Netapp box out performs it in terms of both bulk transfers and IOPs but I've done practically no tuning on the ZFS system. --Chuck > > -- > > Best regards, > > Charles >
Re: [Dovecot] LDA to address extensions
On Jun 17, 2010, at 1:45 PM, Martijn de Munnik wrote: Hi List, I'm trying to make dovecot deliver messages to sam+extens...@example.com to the imap folder 'extension' of the user 'sam'. I've configured postfix with these dovecot as LDA: mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER" - d "$USER" -m "$EXTENSION" -a "$RECIPIENT" recipient_delimiter = + I've found this thread but it doesn't seem to work for me. http://www.mail-archive.com/dovecot@dovecot.org/msg18230.html I also disabled the sieve plugin but that doesn't make any difference. Jun 17 21:10:55 deliver(munnik): Info: sieve: msgid=<116e5d96-fb80-4877-af96-eb296c73e...@youngguns.nl >: stored mail into mailbox 'INBOX' Jun 17 21:20:37 deliver(munnik): Info: msgid=<9d6f1f02-f6e0-4260-905e-bcc1ff269...@youngguns.nl >: saved mail to INBOX Sam is a local system user so I don't want to use virtual_transport (I think). I've read http://wiki.dovecot.org/LDA/Postfix but so far without success. # 1.2.11: /etc/opt/redknot/dovecot.conf Warning: There is no way to login to this server: disable_plaintext_auth=yes, ssl=no, no non-plaintext auth mechanisms. # OS: SunOS 5.11 sun4v log_path: /var/log/dovecot.log ssl: no login_dir: /opt/redknot/var/run/dovecot/login login_executable: /opt/redknot/libexec/dovecot/imap-login login_max_processes_count: 10 max_mail_processes: 10 mail_location: maildir:~/Maildir lda: postmaster_address: postmas...@redknot.nl mail_plugins: sieve mail_plugin_dir: /opt/redknot/lib/dovecot/lda sendmail_path: /usr/sbin/sendmail auth_socket_path: /opt/redknot/var/run/dovecot/auth-master auth default: passdb: driver: pam args: other userdb: driver: passwd socket: type: listen master: path: /opt/redknot/var/run/dovecot/auth-master mode: 384 plugin: sieve_before: /etc/opt/redknot/sieve/before sieve_after: /etc/opt/redknot/sieve/after I know about the warning, this dovecot is only used as LDA, not for imap or pop3. thanks, Martijn YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568 YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: [Dovecot] Ok, I've given up
Spammers are working every day to cause more abuse. Postmasters are trying to stay ahead of them, but we still see that over 90% of all traffic to port 25/tcp is abuse. Hmm, I would rather estimate it to around 99% on our multi-domain mailserver, including the connections we deny at the SMTP level on the basis of rules like "deny systems that do not know their hostnames" or "deny systems that cannot do a proper SMTP greeting". Cheers, Jakob Curdes
[Dovecot] Proxy Access (Manager/Secretary) Best Practices?
I've mostly got our dovecot+postfix+SOGo+openldap open source groupware replacement working the way I want it to; we're replacing GroupWise in our organization and I'm thrilled to be doing it. I'm supporting about 1,000 active staff users (and another 6,000 student accounts). I've got e-mail and calendar sharing working, and it does what it says it will do, but it is (go figure) different in concept from Proxy access under GroupWise. In GroupWise, I can give my secretary proxy access to my account and she can read all of my folders, see my calendars, and send e-mail as me. To someone that receives an e-mail or appointment request from her while she's proxied to me, there's no distinction at all. Is there a way to mimic this sort of functionality with the tools I've chosen? I've figured out that I can add additional 'mail' attributes to the secretary's record, and those addresses are available as drop-down choices in the SOGo web interface, but with the secretary's name and not the manager. Any advice will be much appreciated. And many thanks to the developers involved for writing and making available such amazingly good software. Eliminating the license fees we've been paying to Novell is allowing me to save a technician that surely would have been eliminated in budget cuts this year. Chris Chris Hobbs Director, Technology New Haven Unified School District -- This message was scanned by ESVA and is believed to be clean.
Re: [Dovecot] Ok, I've given up
On 2010-06-17 11:52 AM, Chuck McManis wrote: > but I've been evaluating a ZFS based file server as well to see if it > can get the same level of reliability. Care to share which one? Or just a FreeBSD based one of your own making? I've been considering NexentaStor Comunity Edition. The boss doesn't like spending money, and we don't really *need* anything super fancy, but I really like what I hear about ZFS... -- Best regards, Charles
Re: [Dovecot] Ok, I've given up
Thanks for the response, some snippage to cut down on list traffic ... On Thu, Jun 17, 2010 at 7:14 AM, /dev/rob0 wrote: > > On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0 wrote: > > > 2a. mutt and alpine are both Unix console-based MUAs which > > > understand maildir *and* IMAP. I'm using mutt with IMAP, > > > because it has advantages over direct maildir access. > > You didn't have any comment on the above; I hope those suggestions > were useful. > Absolutely, I pulled the mutt packages and built it and played around with it. Its very nice. It will work better than doing a maildir2mbox before running, thanks for that. > > So SMTP hasn't changed much in 30 years ;-) I'd be interested in > > what you consider a 'modern' MTA. > > One that supports many/most ESMTP features without patching (so, > netqmail, "Last modified: Wed Feb 2 23:37:31 EST 2005", can be > considered "without patching".) > I actually have the equivalent of a netqmail++. We had used it at FreeGate and I became pretty comfortable in the source base so its what I'm familiar with. > RFCs 5321 & 5322 were released in 2008. Various ESMTP extensions > which are in common use came after the end of qmail development. > Fair point. > Spammers are working every day to cause more abuse. Postmasters are > trying to stay ahead of them, but we still see that over 90% of all > traffic to port 25/tcp is abuse. > Yup. (well 73% in my case but I've got a small domain off in an unused corner of the universe) > I've looked pretty thoroughly at sendmail, postfix, > > and qmail and of the three qmail is fairly reliable. > > Perhaps it is. Does it do what you need? You mentioned wanting to > protect users' passwords. STARTTLS and AUTH are not supported by > qmail without patching, and I wouldn't be so confident in those > patches, if I was running qmail. > This is true, although as I've said I'm pretty comfortable around Dan's source code (even if I abhor his coding style). > Good. You might also want to consider zen.spamhaus.org. I find that > rejecting non-FQDN HELO names will stop around 25% of all connections > I get, but perhaps if you've maintained your tcpserver access lists > well, you're not getting as many of those. If not, you're lucky, > because here too, qmail has no native ability to perform access > checks based on the HELO/EHLO name. > I've gone back and forth on FQDN bouncing. I used to reject it out of hand (if you're using tcpserver you can use it to pass along a signal that the IP and name don't match, and then in qmail you can compare the HELO name with the $REMOTEHOST value to bounce (or spike) on mismatch)). But enough people seem to screw this up but be legitimate that I've switching to using it as a strong signal to the spam classifier as 'likely spam'. I've got the equivalent of the 'fail2ban' utility which auto-blocks any address which sends an obvious spam (non-address for example) > The qmail design of accept-then-bounce is thoroughly discredited. I > hosted a domain which didn't have email, and 90% of my logs were > backscattering qmail woodpeckers coming back again and again after > "554 5.7.1 : Relay access denied ..." > I've always considered the accept-then- and the was pretty configurable. I just spike (aka send to /dev/null) and ban (update the tcpserver rules). About 8 years ago I was still helpfully bouncing stuff until I added up how much b/w I was consuming by sending bounces to folks who didn't send the email in the first place and stopped doing that. Which is a long way of saying I agree with you that accept-and-bounce isn't a useful policy for MTAs > Software written in the 1990s and no longer maintained, I call > abandoned. > Ok, but generally the patches for qmail have been feature patches, not bug fixes it seems. I can accept your definition of abandoned as software that doesn't get changed by the author and there is no official maintainer of a version. > [snip] > > Sure, who can resist questions like these? :) > > > Provide a system that gives shell and email service to a dozen > > users, hosts perhaps 15 or so mailing lists, provides DNS for 20 - > > 30 machines. > > "Provides DNS for ..." meaning, it is the "nameserver" host for these > 20-30 clients? > Yes, name resolution and a name cache for the folks on the network. > > Preferred OS and what makes it the one you choose? > > Familiarity. Most of my Unix admin time has been done in Slackware > Linux. I like the simplicity and the ease of management. Any Unix or > GNU/Linux can do the job ... the admin's personal preference and > experience is what matters. > Fair enough, I tend to land on FreeBSD for server software and Ubuntu/Gentoo for desktop. > Preferred MTA and what makes it the one you choose? > > I spent my time to become proficient in Postfix. I think Sendmail > and Exim are also good choices. > After your message I went hunting for 'state of the art' MTAs, it seems sendmail, postfix, qmail, and ex
Re: [Dovecot] Ok, I've given up
Thanks Timo. --Chuck On Thu, Jun 17, 2010 at 4:34 AM, Timo Sirainen wrote: > On 17.6.2010, at 6.59, Chuck McManis wrote: > > > First, part of this effort was to move off of an APOP infrastructure into > > something more secure against password eavesdropping. To that end I've > > configured Dovecot with simply: > > > > protocols = pop3 > > service pop3-login { > > inet_listener pop3s { > >port = 995 > >ssl = yes > > } > > } > > > > Note that there is NO port = 110 listener and yet Dovecot seems to listen > > there anyway. > > Yes, it's doing that by default. If you want to disable it, use > > service pop3-login { > inet_listener pop3 { >port = 0 > } > } > > > My question, can I be sure that it is not accepting non-SSL > > based connections? > > disable_plaintext_auth = yes is also default, so it won't allow users to > log in via non-SSL anyway (with 110 port it requires starttls). Of course, > this might not prevent some clients from trying to send the password anyway. > > > Question 2) Is there any way to run dovecot from tcpserver ? > > v1.x yes (but there have been some problems), v2.0 no. > > > One of the things I like is the program tcpserver. I like it because I > can > > simply "not allow" large chunks of the internet to connect at all to > certain > > ports. > > v2.0 supports tcpwrappers if that helps.
[Dovecot] sharing INBOX not possible?
Hello, I like to share the inbox "INBOX" itself to other users and not only folders. But it looks like INBOX is not shareable? I have tried both dbox and maildir. I have used TB, SquirrelMail, Roundcube. TB shoes the shared INBOX within the subscription dialog as subscripted but the per user file "subsricptions" does not contain an entry. Any other "normal" shared folder I can (un-)subscribe and the entry within "subsricptions" will be updated. dovecot 1.2.11 configuration: mail_access_groups: sysdov mail_privileged_group: sysdov mail_uid: sysdov mail_gid: sysdov mail_location: dbox:~/dbox:INDEX=/addons/index/%u:CONTROL=~/control:LAYOUT=fs mail_plugins: autocreate expire acl imap_acl namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: FremdeOrdner/%%u/ location: dbox:%%h/dbox:CONTROL=~/control/FremdeOrdner/%%u:LAYOUT=fs list: yes plugin: ... acl_shared_dict: file:/addons/acl/shared-folder user "user2" shares "INBOX" and folder "Drafts" to user "user1". ~user2/dbox/mailboxes/INBOX/dbox-Mails/dovecot-acl: user=user1 eilrwts ~user2/dbox/mailboxes/Drafts/dbox-Mails/dovecot-acl: user=user1 eilrwts ~user2/dbox/dovecot-acl-list: 1276766257 INBOX 1276762083 Drafts /addons/acl/shared-folder: shared/shared-boxes/user/user2/user1 1 Here some imap commands I have used to test it: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. 1 login user1 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in 1 list "" "*" * LIST (\HasNoChildren) "/" "Drafts" * LIST (\HasNoChildren) "/" "Sent" * LIST (\HasNoChildren) "/" "AutoCleanSpam" * LIST (\HasNoChildren) "/" "Trash" * LIST (\HasNoChildren) "/" "INBOX" * LIST (\Noselect \HasChildren) "/" "FremdeOrdner" * LIST (\Noselect \HasChildren) "/" "FremdeOrdner/user2" * LIST (\HasNoChildren) "/" "FremdeOrdner/user2/Drafts" 1 OK List completed. I'm right missing "FremdeOrdner/user2/INBOX" here? Or should an IMAP-Client always try to select an "INBOX" as long as "HasChildren" is shown? 1 examine FremdeOrdner/user2/Drafts * FLAGS (\Answered \Flagged \Deleted \Seen \Draft nonjunk) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 1 EXISTS * 0 RECENT * OK [UNSEEN 1] First unseen. * OK [UIDVALIDITY 1273601955] UIDs valid * OK [UIDNEXT 2] Predicted next UID * OK [HIGHESTMODSEQ 3] Highest 1 OK [READ-ONLY] Select completed. 1 examine FremdeOrdner/user2/INBOX * OK [CLOSED] Previous mailbox closed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 3 EXISTS * 0 RECENT * OK [UIDVALIDITY 1273601954] UIDs valid * OK [UIDNEXT 39] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest 1 OK [READ-ONLY] Select completed. 1 select FremdeOrdner/user2/INBOX * OK [CLOSED] Previous mailbox closed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 3 EXISTS * 0 RECENT * OK [UIDVALIDITY 1273601954] UIDs valid * OK [UIDNEXT 39] Predicted next UID * OK [HIGHESTMODSEQ 1] Highest 1 OK [READ-WRITE] Select completed. Additional question I have seen the comment for shared folder and dbox: "You must not try to :INDEX= to have copies of index files." This is still valid and within version 2.0 also? Regards Burckhard Schmidt
Re: [Dovecot] Shared mailboxes errors
On Thu, 17 Jun 2010 14:57:08 +0100 Timo Sirainen wrote: > On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote: > > > Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: > > shared/shared-boxes/anyone/ > > I think the wiki sql configuration was written/tested by someone who got > the same errors, but ignored them.. You need to provide also a mapping > for this. Maybe something like: > > map { > pattern = shared/shared-boxes/anyone/$from > table = anyone_shares > value_field = dummy > > fields { > from_user = $from > } > } > > or maybe to your existing table (just don't have a user called > "anyone"): > > map { > pattern = shared/shared-boxes/user/anyone/$from > table = user_shares > value_field = dummy > > fields { > from_user = $from > } > } > Thanks for your reply, Timo. Is any documentation avail about mapping or can you describe it briefly here ?
Re: [Dovecot] IMAP Address book ?
On 2010-06-17 7:31 AM, Frank Bonnet wrote: > Does anyone knows if it is possible to manage a personnal address book > with Dovecot and IMAP ? > > I mean would it be possible to store it in the IMAP user's space > and not in the MUA address book in order to always retrieve it > even changing on machine / MUA ? If you use Thunderbird, you might try SyncKolab: https://addons.mozilla.org/en-US/thunderbird/addon/519/ -- Best regards, Charles
Re: [Dovecot] Ok, I've given up
On 2010-06-17 4:46 AM, Chuck McManis wrote: > I'd be interested in what you consider a 'modern' MTA. postfix. Sendmail is fine (reasonably well maintained), but much more complicated than postfix. qmail is basically totally unmaintained for many years. > Between that and using tcpserver to simply not accept connections > from zombies spam hasn't really been an issue. You're using dovecot, so why not use sasl_auth (dovecot-sasl) instead? That is the modern way. -- Best regards, Charles
Re: [Dovecot] Ok, I've given up
On Thu, Jun 17, 2010 at 01:46:19AM -0700, Chuck McManis wrote: > On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0 wrote: > > > On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote: > > > In the interest of moving forward on this project > > > > I looked back at your other thread and at this one, and, hmmm. I > > invite you to join us in the new millennium. > > > > 1. POP3 sucks. > > IMAP can do everything POP3 can do, and many things POP3 cannot. > > Check it out, and you will want to give up POP3. > > > > 2. mbox sucks, mostly. > > Mostly; mbox is slightly better for POP retrieve-and-delete usage, > > but there, see #1 above. Maildir gives the administrator, and a > > shell user, many options. > > > > 2a. mutt and alpine are both Unix console-based MUAs which > > understand maildir *and* IMAP. I'm using mutt with IMAP, > > because it has advantages over direct maildir access. You didn't have any comment on the above; I hope those suggestions were useful. > > 3. qmail is dead. > > Over ten years without any coordinated development, five years > > since the last (only?) netqmail release. Email has changed a lot > > in those years, and yes, you can patch qmail to get most of the > > functionality of a modern MTA, but IME that was a crapshoot. Why > > fight it, when other, well-maintained, featureful MTA choices > > exist? > > 3a. qmail is both much more vulnerable to spam AND by default, > > the source of much spam. > > > > So SMTP hasn't changed much in 30 years ;-) I'd be interested in > what you consider a 'modern' MTA. One that supports many/most ESMTP features without patching (so, netqmail, "Last modified: Wed Feb 2 23:37:31 EST 2005", can be considered "without patching".) (Apparently, since DJB released qmail into public domain, no one has cared enough to roll up a release which included the patches, FWIW.) RFCs 5321 & 5322 were released in 2008. Various ESMTP extensions which are in common use came after the end of qmail development. Spammers are working every day to cause more abuse. Postmasters are trying to stay ahead of them, but we still see that over 90% of all traffic to port 25/tcp is abuse. > I've looked pretty thoroughly at sendmail, postfix, > and qmail and of the three qmail is fairly reliable. Perhaps it is. Does it do what you need? You mentioned wanting to protect users' passwords. STARTTLS and AUTH are not supported by qmail without patching, and I wouldn't be so confident in those patches, if I was running qmail. > Not sure what makes a particular MTA more 'vulnerable' to spam. I > don't run an open relay and I generally find barracuda central a > decent rbl source. Between that and using tcpserver to simply not > accept connections from zombies spam hasn't really been an issue. Good. You might also want to consider zen.spamhaus.org. I find that rejecting non-FQDN HELO names will stop around 25% of all connections I get, but perhaps if you've maintained your tcpserver access lists well, you're not getting as many of those. If not, you're lucky, because here too, qmail has no native ability to perform access checks based on the HELO/EHLO name. The qmail design of accept-then-bounce is thoroughly discredited. I hosted a domain which didn't have email, and 90% of my logs were backscattering qmail woodpeckers coming back again and again after "554 5.7.1 : Relay access denied ..." (The domain expired, and gradually my logs quieted down.) > > > Question 1) Are my user's passwords safe from prying eyes? > > > > Not enough information provided to be able to answer that. (Apparently it was enough information for Timo to answer.) > > > Question 2) Is there any way to run dovecot from tcpserver ? > > > > > > One of the things I like is the program tcpserver. I like it > > > because I can simply "not allow" large chunks of the internet > > > > Yeah, Wietse wrote a similar program back in that era too, TCP > > wrappers. Similarly, it was abandoned. Most Unix and Unix-like > > operating systems have the ability to do packet filtering which > > is more powerful and more flexible. > > We have different interpretations of 'abandoned' ;-) Software written in the 1990s and no longer maintained, I call abandoned. > I looked at using the firewall rules to manage connection rules > (love the concept behind fail2ban although I've got an equivalent). > But if your system is only exporting 4 ports to the web (SSH, DNS, > SMTP, and POP) its actually easier (and thus for me at least less > error prone) to manage that on a per-daemon basis. Easily done with firewall rules per port, too. But, abuse is abuse, and generally a host which is abusing you is ONLY going to abuse you, so IMO, it might as well (or should) be blocked entirely. > Out of curiosity, lets say you were given the task I've set for > myself which is described thusly: Sure, who can resist questions like these? :) > Provide a
Re: [Dovecot] Shared mailboxes errors
On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote: > Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: > shared/shared-boxes/anyone/ I think the wiki sql configuration was written/tested by someone who got the same errors, but ignored them.. You need to provide also a mapping for this. Maybe something like: map { pattern = shared/shared-boxes/anyone/$from table = anyone_shares value_field = dummy fields { from_user = $from } } or maybe to your existing table (just don't have a user called "anyone"): map { pattern = shared/shared-boxes/user/anyone/$from table = user_shares value_field = dummy fields { from_user = $from } } > I have no clue why this happening, users don't know about new functionality > they just use imap as before. Also dict database begin to fill up by records > like: > > select * from user_shares; > u...@domain.com|ad...@domain.com|1 > > But user don't use setacl command. I think the dict is rebuilt sometimes when ACLs change (or if dovecot-acl-list file is rebuilt for some other reason). This code isn't really optimized yet and it might be rebuilding them unnecessarily..
Re: [Dovecot] basic conf error? v1.2.11
LOL nice! Thanks for being gentle. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Pascal Volk Sent: Thursday, June 17, 2010 8:45 AM To: Dovecot Mailing List Subject: Re: [Dovecot] basic conf error? v1.2.11 On 06/17/2010 03:27 PM Justin Krejci wrote: > . > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ > . > > Any ideas what is wrong here? It seems like the example conf file is not > correct. Yes the dovecot-sql.conf file exists. The above line (with non-default values) doesn't end. This is \ one line^ When your usernames really contain backslashes, don't place it at the logical end of line. Regards, Pascal -- The trapper recommends today: c01dcofe.1016...@localdomain.org
Re: [Dovecot] ZFS Index corruption and Connection reset by peer
On Thu, 2010-06-17 at 14:55 +0200, Philippe Chevalier wrote: > >> Jun 08 15:01:24 IMAP(): Error: close(client out) failed: > >> Connection reset by peer > > > >I've seen this a FEW times. Like 3 in the last six months. seems to have > >gone away after updating to 1.2..though maybe I just haven't triggered it > >again. > > I have one around every 5 minutes. > > Jun 17 13:28:33 dovecot: imap-login: net_disconnect() failed: Connection > reset by peer > Jun 17 13:38:33 last message repeated 3 times Here are fixes: http://hg.dovecot.org/dovecot-2.0/rev/c24ee1ebb159 http://hg.dovecot.org/dovecot-2.0/rev/b2ffb6846973
Re: [Dovecot] basic conf error? v1.2.11
On 06/17/2010 03:27 PM Justin Krejci wrote: > … > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ > … > > Any ideas what is wrong here? It seems like the example conf file is not > correct. Yes the dovecot-sql.conf file exists. The above line (with non-default values) doesn't end. This is \ one line^ When your usernames really contain backslashes, don't place it at the logical end of line. Regards, Pascal -- The trapper recommends today: c01dcofe.1016...@localdomain.org
Re: [Dovecot] Dovecot SASL
On 06/17/2010 02:32 PM Tseveendorj Ochirlantuu wrote: > disable_plaintext_auth is already set yes in > /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear. > > Today I just upgraded dovecot please see the dovecot -n below. > > # 1.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap pop3 imaps pop3s managesieve > ssl_cert_file: /etc/ssl/certs/ssl-mail.pem > ssl_key_file: /etc/ssl/private/ssl-mail.key > ssl_cipher_list: > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > login_executable(managesieve): /usr/lib/dovecot/managesieve-login > mail_privileged_group: mail > mail_location: maildir:~/Maildir > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_executable(managesieve): /usr/lib/dovecot/managesieve > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve > imap_client_workarounds(default): outlook-idle delay-newmail > imap_client_workarounds(imap): outlook-idle delay-newmail > imap_client_workarounds(pop3): > imap_client_workarounds(managesieve): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > pop3_client_workarounds(managesieve): > lda: > postmaster_address: postmaster > mail_plugins: sieve > quota_full_tempfail: yes > deliver_log_format: msgid=%m: %$ > rejection_reason: Your message to <%t> was automatically rejected:%n%r > auth default: > mechanisms: plain login > passdb: > driver: pam > userdb: > driver: passwd > socket: > type: listen > client: > path: /var/spool/postfix/private/dovecot-auth > mode: 432 > user: postfix > group: postfix > plugin: > sieve: ~/.dovecot.sieve > sieve_dir: ~/sieve > By default the disable_plaintext_auth setting is set to yes. dovecot -n reports only non-default settings. So when you set disable_plaintext_auth to yes (its default value) in your dovecot.conf and run `dovecot -n | grep disable_plaintext_auth`, you will see nothing. With Dovecot v2.0 you can use `doveconf -N`, to see non-default + explicit configured default settings. Back to disable_plaintext_auth: Let me copy and paste from the dovecot.conf: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes You can't use palintext authentication, as long plaintext auth is disabled. Regards, Pascal -- The trapper recommends today: c01dcofe.1016...@localdomain.org
[Dovecot] Shared mailboxes errors
Hello list, I'm implementing shared mailboxes on live system and after enabling acl plugin I got errors in my log: Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: shared/shared-boxes/anyone/ I have no clue why this happening, users don't know about new functionality they just use imap as before. Also dict database begin to fill up by records like: select * from user_shares; u...@domain.com|ad...@domain.com|1 But user don't use setacl command. Searching for the list gave http://www.dovecot.org/list/dovecot/2009-April/038664.html , but question seemed still open. So, can someone give point how to fix\avoid this ? One more question, on live system it's hard to debug dovecot with mail_debug=yes for all users, can this option be turn on for individual user? or maybe mail_debug stream can be redirected also for individual user ? dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-gentoo-r4 i686 Gentoo Base System release 1.12.13 log_path: /var/log/dovecot/dovecot-error.log info_log_path: /var/log/dovecot/dovecot.log protocols: imaps pop3s managesieve ssl_cert_file: /etc/ssl/dovecot/imaps.crt ssl_key_file: /etc/ssl/dovecot/imaps.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_greeting: Server ready. login_processes_count(default): 50 login_processes_count(imap): 50 login_processes_count(pop3): 5 login_processes_count(managesieve): 5 login_max_processes_count: 2048 max_mail_processes: 2048 mail_max_userip_connections(default): 25 mail_max_userip_connections(imap): 25 mail_max_userip_connections(pop3): 10 mail_max_userip_connections(managesieve): 10 first_valid_uid: 8 last_valid_uid: 8 first_valid_gid: 12 last_valid_gid: 12 mail_drop_priv_before_exec: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota trash expire zlib autocreate virtual antispam acl imap_acl mail_plugins(imap): quota imap_quota trash expire zlib autocreate virtual antispam acl imap_acl mail_plugins(pop3): quota virtual mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: / location: maildir:~/data inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: Company/ location: virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++ hidden: yes list: yes namespace: type: shared separator: / prefix: shared/%%u/ location: maildir:%%h/data:INDEX=%h/shared/%%u list: children lda: postmaster_address: postmas...@domain.com hostname: mail.domain.com mail_plugins: quota trash expire sieve virtual acl quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot/dovecot-deliver.log info_log_path: /var/log/dovecot/dovecot-deliver.log auth default: mechanisms: plain login default_realm: domain.com cache_size: 10240 cache_negative_ttl: 0 user: dovecot_auth username_format: %Lu master_user_separator: * worker_max_count: 50 passdb: driver: passwd-file args: /etc/dovecot/passdb/master.pwd master: yes passdb: driver: passwd-file args: /etc/dovecot/passdb/users.pwd passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: prefetch userdb: driver: passwd-file args: /etc/dovecot/passdb/users.pwd userdb: driver: ldap args: /etc/dovecot/dovecot-userdb-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: mail group: dovecot_auth master: path: /var/run/dovecot/auth-master mode: 384 user: mail group: mail plugin: quota_warning: storage=90%% /etc/dovecot/plugins/quota_warning.sh 90 quota: maildir:Mailbox quota quota_rule: *:storage=500M quota_rule2: Trash:storage=10%% acl: vfile:/etc/dovecot/acl:cache_secs=3600 acl_shared_dict: proxy::acl trash: /etc/dovecot/plugins/dovecot-trash.conf expire: Trash 30 Spam 30 expire_dict: proxy::expire autocreate: Drafts autocreate2: Sent autocreate3: Spam autocreate4:
[Dovecot] basic conf error? v1.2.11
I just downloaded 1.2.11 and compiled from source including mysql support and using default directory locations. I walked thru the included example conf file and tweaked it out and get an invalid configuration file. I trimmed out all of the commented sections to make the non-default config super easy to navigate during troubleshooting. Remaining config which gives an error of "unknown setting: mechanisms" so I switched it to auth_mechanisms and then get the following when starting dovecot: Error: Error in configuration file /usr/local/etc/dovecot.conf line 18: Unknown section type (section changed in /usr/local/etc/dovecot.conf at line 14) Fatal: Invalid configuration in /usr/local/etc/dovecot.conf # protocols = imap pop3 listen = disable_plaintext_auth = no ssl = no login_processes_count = 100 login_max_processes_count = 500 login_max_connections = 512 login_greeting = DovecotProxy08 ready. protocol imap { } protocol pop3 { } protocol lda { } #LINE 14 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ auth default { mechanisms = plain passdb sql { #LINE 18 args = /usr/local/etc/dovecot-sql.conf } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root } dict { } plugin { } # Any ideas what is wrong here? It seems like the example conf file is not correct. Yes the dovecot-sql.conf file exists.
Re: [Dovecot] Ok, I've given up
On 17/06/10 14:11, William Blunn wrote: Peter Risdon wrote: Tarsnap is worth glancing at: http://www.tarsnap.com/ They appear to use S3 as their back-end :-) That's right, thought it might be relevant. It's written by Colin Percival, FreeBSD's security officer. They charge $0.30 / GB.month compared to $0.15 / GB.month for S3, which would seem to be within the bounds of reason if they are effectively mapping S3 space into something more convenient. And very secure. I suppose it depends how much you want to outsource. Bill Peter.
Re: [Dovecot] Ok, I've given up
Peter Risdon wrote: Tarsnap is worth glancing at: http://www.tarsnap.com/ They appear to use S3 as their back-end :-) They charge $0.30 / GB.month compared to $0.15 / GB.month for S3, which would seem to be within the bounds of reason if they are effectively mapping S3 space into something more convenient. I suppose it depends how much you want to outsource. Bill
Re: [Dovecot] ZFS Index corruption and Connection reset by peer
On Wed, Jun 16, 2010 at 12:23:16PM -0400, Dillon Kass wrote: I quit using mmap_disable around 7.1-STABLE and haven't had that bug since then. I'm running 8.0-R with Maildirs in a compressed ZFS dataset right now with no problems. That's pretty odd...I'm pretty sure it was in the implementation and had nothing to do with the ZFS version but I assume your datasets and pools are all updated to the latest version? # uname -v FreeBSD 8.0-STABLE #2: Wed May 12 21:13:40 CEST 2010 # zfs upgrade This system is currently running ZFS filesystem version 3. All filesystems are formatted with the current version. # zpool upgrade This system is currently running ZFS pool version 14. All pools are formatted using this version. I can't really be more up to date than this... Only thing is that Maildirs are all on different datasets, since every user has his own set. mmap_disable made the problem completely go away. Jun 08 15:01:24 IMAP(): Error: close(client out) failed: Connection reset by peer I've seen this a FEW times. Like 3 in the last six months. seems to have gone away after updating to 1.2..though maybe I just haven't triggered it again. I have one around every 5 minutes. Jun 17 13:28:33 dovecot: imap-login: net_disconnect() failed: Connection reset by peer Jun 17 13:38:33 last message repeated 3 times Jun 17 13:39:42 dovecot: imap-login: net_disconnect() failed: Connection reset by peer Jun 17 13:55:33 last message repeated 2 times Jun 17 14:19:42 dovecot: imap-login: net_disconnect() failed: Connection reset by peer Jun 17 14:25:42 dovecot: imap-login: net_disconnect() failed: Connection reset by peer Jun 17 14:42:33 dovecot: imap-login: net_disconnect() failed: Connection reset by peer Jun 17 14:48:33 dovecot: imap-login: net_disconnect() failed: Connection reset by peer I guess it occurs when users are polling their mailbox, and maybe only with specific clients? I have no clue. P.C.
Re: [Dovecot] Ok, I've given up
On 17/06/10 13:33, William Blunn wrote: Ed W wrote: How are you backing up to S3? Most of the options I have seen have some serious issues that limit reliable full backups? Its been on my todo list for some time now to fix the C s3fs implementation that you find here: http://code.google.com/p/s3fs/ - code is shocking and could easily be fixed up pretty well... http://s3tools.org/ - seems maintained, but not used it? Brackup seems excellent, but has only an initial patch to support backing up user permissions, so at this stage seems more useful for data files than a whole system backup? Also you have the option of cheap hosting through the likes of say Dreamhost or Kimsufi http://www.kimsufi.co.uk/ks/ £15/month for a single machine with a single 250GB (non backed up) disk. Twice that price can get you multiple TB disks. Use this plus rsync? Not really sure where the sweet spot is here, but unsure what S3 really buys us? I would imagine it would be some variation on dumping databases, making tarballs, chopping up into <5GB pieces and then uploading them with s3cmd (s3tools.org). Over and above rented server storage, S3 should provide multi-site redundancy (coverage against a plane making an unscheduled landing into the data centre). Tarsnap is worth glancing at: http://www.tarsnap.com/ Bill
Re: [Dovecot] Ok, I've given up
Ed W wrote: How are you backing up to S3? Most of the options I have seen have some serious issues that limit reliable full backups? Its been on my todo list for some time now to fix the C s3fs implementation that you find here: http://code.google.com/p/s3fs/ - code is shocking and could easily be fixed up pretty well... http://s3tools.org/ - seems maintained, but not used it? Brackup seems excellent, but has only an initial patch to support backing up user permissions, so at this stage seems more useful for data files than a whole system backup? Also you have the option of cheap hosting through the likes of say Dreamhost or Kimsufi http://www.kimsufi.co.uk/ks/ £15/month for a single machine with a single 250GB (non backed up) disk. Twice that price can get you multiple TB disks. Use this plus rsync? Not really sure where the sweet spot is here, but unsure what S3 really buys us? I would imagine it would be some variation on dumping databases, making tarballs, chopping up into <5GB pieces and then uploading them with s3cmd (s3tools.org). Over and above rented server storage, S3 should provide multi-site redundancy (coverage against a plane making an unscheduled landing into the data centre). Bill
Re: [Dovecot] Dovecot SASL
On Tue, Jun 15, 2010 at 9:48 PM, Pascal Volk < user+dove...@localhost.localdomain.org > wrote: > On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote: > > Dear Pascal > > > > Sorry for forgetting required thing. Please see the dovecot -n follow > > > > # 1.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS > > log_timestamp: %Y-%m-%d %H:%M:%S > > protocols: imap pop3 imaps pop3s managesieve > > ssl_cert_file: /etc/ssl/certs/ssl-mail.pem > > ssl_key_file: /etc/ssl/private/ssl-mail.key > > ssl_cipher_list: > > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM > > login_dir: /var/run/dovecot/login > > login_executable(default): /usr/lib/dovecot/imap-login > > login_executable(imap): /usr/lib/dovecot/imap-login > > login_executable(pop3): /usr/lib/dovecot/pop3-login > > login_executable(managesieve): /usr/lib/dovecot/managesieve-login > > mail_privileged_group: mail > > mail_location: maildir:~/Maildir > > mbox_write_locks: fcntl dotlock > > mail_executable(default): /usr/lib/dovecot/imap > > mail_executable(imap): /usr/lib/dovecot/imap > > mail_executable(pop3): /usr/lib/dovecot/pop3 > > mail_executable(managesieve): /usr/lib/dovecot/managesieve > > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve > > imap_client_workarounds(default): outlook-idle delay-newmail > > imap_client_workarounds(imap): outlook-idle delay-newmail > > imap_client_workarounds(pop3): > > imap_client_workarounds(managesieve): > > pop3_client_workarounds(default): > > pop3_client_workarounds(imap): > > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > > pop3_client_workarounds(managesieve): > > lda: > > postmaster_address: postmaster > > mail_plugins: cmusieve > > > Please read: >file:///usr/share/doc/dovecot-common/README.Debian >http://wiki.dovecot.org/Upgrading/1.2 > > > quota_full_tempfail: yes > > deliver_log_format: msgid=%m: %$ > > rejection_reason: Your message to <%t> was automatically rejected:%n%r > > auth default: > > mechanisms: plain login > > passdb: > > driver: pam > > userdb: > > driver: passwd > > socket: > > type: listen > > client: > > path: /var/spool/postfix/private/dovecot-auth > > mode: 432 > > user: postfix > > group: postfix > > plugin: > > sieve: ~/.dovecot.sieve > > sieve_dir: ~/sieve > > > > Best regards, > > Tseveen > > > > On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < > > user+dove...@localhost.localdomain.org > > > > >> wrote: > >>> > >>> I did not see AUTH in the telnet connection. > >>> > >>> EHLO mail.domain.mn > >>> 250-ns1.domain.mn > >>> 250-PIPELINING > >>> 250-SIZE 1024 > >>> 250-VRFY > >>> 250-ETRN > >>> 250-STARTTLS > >> ^^^ > >>> 250-ENHANCEDSTATUSCODES > >>> 250-8BITMIME > >>> 250 DSN > >>> > >>> How to solvet this ? > >> > >> > >> Either start your SSL-session or allow plaintext auth in your Dovecot > >> configuration. > > Please stop top-posting. > > Your `dovecot -n` output doesn't include the disable_plaintext_auth > setting. So disable_plaintext_auth is configured to its default: yes > > When disable_plaintext_auth=yes, you can't authenticate plain or login, > until you've secured the connection with the STARTTLS command. > > > Regards, > Pascal > -- > The trapper recommends today: fabaceae.1016...@localdomain.org > disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear. Today I just upgraded dovecot please see the dovecot -n below. # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workaro
Re: [Dovecot] IMAP Address book ?
Em 17-06-2010 09:23, Frank Bonnet escreveu: On 06/17/2010 02:20 PM, Marcio Merlone wrote: Em 17-06-2010 08:31, Frank Bonnet escreveu: Does anyone knows if it is possible to manage a personnal address book with Dovecot and IMAP ? I mean would it be possible to store it in the IMAP user's space and not in the MUA address book in order to always retrieve it even changing on machine / MUA ? I don't think IMAP was meant for that, but would be reallly nice. Have you looked for a LDAP based address book? We use ldap address book but only for company address book my meanings are for PERSONAL address book I understood. Some time ago I searched for personal address book on LDAP, but could not find anything ready for production use. It is possible anyway, setting proper ACL on a DIT to allow write access to LDAP by a user. -- Marcio Merlone
Re: [Dovecot] IMAP Address book ?
On 06/17/2010 02:19 PM, Robert Schetterer wrote: Am 17.06.2010 13:31, schrieb Frank Bonnet: Hello Does anyone knows if it is possible to manage a personnal address book with Dovecot and IMAP ? I mean would it be possible to store it in the IMAP user's space and not in the MUA address book in order to always retrieve it even changing on machine / MUA ? Thanks you can do it with the kolab extension and thunderbird OK thanks I'm gonna test this
Re: [Dovecot] IMAP Address book ?
On 06/17/2010 02:20 PM, Marcio Merlone wrote: Em 17-06-2010 08:31, Frank Bonnet escreveu: Does anyone knows if it is possible to manage a personnal address book with Dovecot and IMAP ? I mean would it be possible to store it in the IMAP user's space and not in the MUA address book in order to always retrieve it even changing on machine / MUA ? I don't think IMAP was meant for that, but would be reallly nice. Have you looked for a LDAP based address book? We use ldap address book but only for company address book my meanings are for PERSONAL address book
Re: [Dovecot] IMAP Address book ?
Em 17-06-2010 08:31, Frank Bonnet escreveu: Does anyone knows if it is possible to manage a personnal address book with Dovecot and IMAP ? I mean would it be possible to store it in the IMAP user's space and not in the MUA address book in order to always retrieve it even changing on machine / MUA ? I don't think IMAP was meant for that, but would be reallly nice. Have you looked for a LDAP based address book? -- Marcio Merlone
Re: [Dovecot] IMAP Address book ?
Am 17.06.2010 13:31, schrieb Frank Bonnet: > > Hello > > Does anyone knows if it is possible to manage a personnal address book > with Dovecot and IMAP ? > > I mean would it be possible to store it in the IMAP user's space > and not in the MUA address book in order to always retrieve it > even changing on machine / MUA ? > > Thanks > > > you can do it with the kolab extension and thunderbird -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Correct folder permissions for maildir....
On Thu, Jun 17, 2010 at 02:11:44PM +0200, Thomas Leuxner wrote: > Generally speaking it needs to match the group that Postfix uses when > writing the mbox file. Besides this your Dovecot version is really old and > almost guarantees other issues arising. > > Regards > Thomas My bad, you said maildir. Anyhow have a look at these: mail_location = maildir:~/maildir mail_privileged_group = mail Regards Thomas
Re: [Dovecot] Ok, I've given up
On 17/06/2010 12:19, William Blunn wrote: Rent a virtual machine (e.g. Xen based). This saves you having to make capital expenditure on hardware (= keeps the bean counter happy). I haven't found virtual machines to be especially price efficient when you need plenty of storage available? Do you have a recommendation? If you treat carefully around the edges of the bulk hosting sites there seem to be some reasonable quality options, eg: http://www.hetzner.de/en/hosting/produkte_rootserver/eq4/ 50 Euro/month including 2x 750GB drives Also it means you can do backups to S3 over the backbone. How are you backing up to S3? Most of the options I have seen have some serious issues that limit reliable full backups? Its been on my todo list for some time now to fix the C s3fs implementation that you find here: http://code.google.com/p/s3fs/ - code is shocking and could easily be fixed up pretty well... http://s3tools.org/ - seems maintained, but not used it? Brackup seems excellent, but has only an initial patch to support backing up user permissions, so at this stage seems more useful for data files than a whole system backup? Also you have the option of cheap hosting through the likes of say Dreamhost or Kimsufi http://www.kimsufi.co.uk/ks/ £15/month for a single machine with a single 250GB (non backed up) disk. Twice that price can get you multiple TB disks. Use this plus rsync? Not really sure where the sweet spot is here, but unsure what S3 really buys us? I've not generally noticed a problem with uptime these days. It becomes a challenge doesn't it... I just had to reboot a machine with something like 2+ years of uptime in order to upgrade a kernel and it's kind of annoying to see the uptime reset! Cheers Ed W
Re: [Dovecot] Correct folder permissions for maildir....
On Thu, Jun 17, 2010 at 09:52:46PM +1000, Donovan J. Edye wrote: > G'Day, > > LDA = Local Delivery Agent? Postfix is the MTA with Dovecot providing > POP3 and IMAP. > Have a look at this Dovecot variable "mail_privileged_group = mail" http://wiki.dovecot.org/MailboxFormat/mbox Generally speaking it needs to match the group that Postfix uses when writing the mbox file. Besides this your Dovecot version is really old and almost guarantees other issues arising. Regards Thomas
Re: [Dovecot] Correct folder permissions for maildir....
> G'Day, > > LDA = Local Delivery Agent? Postfix is the MTA with Dovecot > providing POP3 and IMAP. okay then, shouldnt dovecot have rw acces to the folders the mail is delivered by postfix under the user that MTA runs? > > On 17/06/2010 9:35 PM, Daniel Petre wrote: >> hello, >> is your dovecot supposed to act as a LDA ? >> >> >>> G'Day, >>> >>> I am trying to find a definitive answer to what the directory >>> permissions should be for my configuration under Centos 5.5. I >>> see a number of the following error messages in the maillog as >>> a consequence of permissions errors. After reading the FAQ, >>> Wiki etc. and browsing the web I am unable to determine just >>> exactly what the user security settings should be for the >>> offending folders. If anyone could point me in the right >>> direction I would appreciate it. Should you require additional >>> diagnostic information let me know and I will source it. >>> >>> The error messages: >>> >>> Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz): >>> mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX) >>> failed: Permission denied Jun 17 19:53:09 moe dovecot: >>> POP3(marnie.capitel): >>> mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) >>> failed: Permission denied >>> >>> >>> dovecot -n >>> >>> # 1.0.7: /etc/dovecot.conf >>> protocols: imap pop3 imaps pop3s >>> listen: 116.212.71.194 >>> ssl_listen: 116.212.71.194 >>> login_dir: /var/run/dovecot/login >>> login_executable(default): /usr/libexec/dovecot/imap-login >>> login_executable(imap): /usr/libexec/dovecot/imap-login >>> login_executable(pop3): /usr/libexec/dovecot/pop3-login >>> mail_location: mbox:~/mail/:INBOX=/var/mail/%u >>> mail_executable(default): /usr/libexec/dovecot/imap >>> mail_executable(imap): /usr/libexec/dovecot/imap >>> mail_executable(pop3): /usr/libexec/dovecot/pop3 >>> mail_plugin_dir(default): /usr/lib/dovecot/imap >>> mail_plugin_dir(imap): /usr/lib/dovecot/imap >>> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 >>> pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): >>> %08Xu%08Xv pop3_uidl_format(pop3): %v.%u namespace: type: >>> private separator: / prefix: #mbox/ location: >>> mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes >>> namespace: type: private separator: / location: >>> maildir:~/Maildir auth default: passdb: driver: pam userdb: >>> driver: passwd >>> >>> ps aux | grep dovecot >>> >>> root 3457 0.0 0.0 1880 508 ?Ss Jun13 >>> 0:20 /usr/sbin/dovecot >>> root 5650 0.0 0.1 7952 1460 ?S03:28 >>> 0:04 dovecot-auth >>> dovecot 15591 0.0 0.1 4992 1760 ?S19:26 >>> 0:00 imap-login dovecot 15598 0.0 0.1 4992 1752 ? >>> S 19:26 0:00 imap-login dovecot 15627 0.0 0.1 4992 1508 >>> ? S19:26 0:00 imap-login dovecot 16596 0.0 0.1 4988 >>> 1748 ?S19:45 0:00 pop3-login dovecot 16615 0.0 >>> 0.1 4988 1744 ?S19:46 0:00 pop3-login dovecot >>> 16720 0.2 0.1 4988 1500 ?S19:47 0:00 pop3- >>> login root 16726 0.0 0.0 4000 700 pts/0S+ 19:48 >>> 0:00 grep dovecot -- Daniel Petre, System Administrator RCS & RDS, Pitesti Tel: 0348400426 Mobil: 0770048708 Skype: daniel-petre Ym: petredaniel
Re: [Dovecot] Correct folder permissions for maildir....
G'Day, LDA = Local Delivery Agent? Postfix is the MTA with Dovecot providing POP3 and IMAP. On 17/06/2010 9:35 PM, Daniel Petre wrote: hello, is your dovecot supposed to act as a LDA ? G'Day, I am trying to find a definitive answer to what the directory permissions should be for my configuration under Centos 5.5. I see a number of the following error messages in the maillog as a consequence of permissions errors. After reading the FAQ, Wiki etc. and browsing the web I am unable to determine just exactly what the user security settings should be for the offending folders. If anyone could point me in the right direction I would appreciate it. Should you require additional diagnostic information let me know and I will source it. The error messages: Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz): mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX) failed: Permission denied Jun 17 19:53:09 moe dovecot: POP3(marnie.capitel): mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed: Permission denied dovecot -n # 1.0.7: /etc/dovecot.conf protocols: imap pop3 imaps pop3s listen: 116.212.71.194 ssl_listen: 116.212.71.194 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail/:INBOX=/var/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u namespace: type: private separator: / prefix: #mbox/ location: mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes namespace: type: private separator: / location: maildir:~/Maildir auth default: passdb: driver: pam userdb: driver: passwd ps aux | grep dovecot root 3457 0.0 0.0 1880 508 ?Ss Jun13 0:20 /usr/sbin/dovecot root 5650 0.0 0.1 7952 1460 ?S03:28 0:04 dovecot-auth dovecot 15591 0.0 0.1 4992 1760 ?S19:26 0:00 imap-login dovecot 15598 0.0 0.1 4992 1752 ?S 19:26 0:00 imap-login dovecot 15627 0.0 0.1 4992 1508 ? S19:26 0:00 imap-login dovecot 16596 0.0 0.1 4988 1748 ?S19:45 0:00 pop3-login dovecot 16615 0.0 0.1 4988 1744 ?S19:46 0:00 pop3-login dovecot 16720 0.2 0.1 4988 1500 ?S19:47 0:00 pop3-login root 16726 0.0 0.0 4000 700 pts/0S+ 19:48 0:00 grep dovecot
[Dovecot] LDA to address extensions
Hi List, I'm trying to make dovecot deliver messages to sam+extens...@example.com to the imap folder 'extension' of the user 'sam'. I've configured postfix with these dovecot as LDA: mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER" -d "$USER" -m "$EXTENSION" -a "$RECIPIENT" recipient_delimiter = + Sam is a local system user so I don't want to use virtual_transport (I think). I've read http://wiki.dovecot.org/LDA/Postfix but so far without success. # 1.2.11: /etc/opt/redknot/dovecot.conf Warning: There is no way to login to this server: disable_plaintext_auth=yes, ssl=no, no non-plaintext auth mechanisms. # OS: SunOS 5.11 sun4v log_path: /var/log/dovecot.log ssl: no login_dir: /opt/redknot/var/run/dovecot/login login_executable: /opt/redknot/libexec/dovecot/imap-login login_max_processes_count: 10 max_mail_processes: 10 mail_location: maildir:~/Maildir lda: postmaster_address: postmas...@redknot.nl mail_plugins: sieve mail_plugin_dir: /opt/redknot/lib/dovecot/lda sendmail_path: /usr/sbin/sendmail auth_socket_path: /opt/redknot/var/run/dovecot/auth-master auth default: passdb: driver: pam args: other userdb: driver: passwd socket: type: listen master: path: /opt/redknot/var/run/dovecot/auth-master mode: 384 plugin: sieve_before: /etc/opt/redknot/sieve/before sieve_after: /etc/opt/redknot/sieve/after I know about the warning, this dovecot is only used as LDA, not for imap or pop3. thanks, Martijn YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568 YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: [Dovecot] OT - Re: Dovecot 1.1.x and 1.2.x differencies
On 16/06/2010 19:14, Charles Marcus wrote: On 2010-06-16 1:18 PM, Ed W wrote: It seems like a compromise would be for the likes of Debian/Redhat to have a clear split between "Apps" and "System" and offer the option to stay "fresh but tested" on the apps repo, but "stable and mouldy" on the System repo? Exactly... even gentoo could benefit from this concept, although I'm not sure how hard it would be to implement... Hmm, well system packages are those defined in your profile. I guess at the simplest you could simply use a wrapper so that "emerge world" runs with a different ACCEPT_KEYWORDS to "emerge system"? Note that if you haven't experimented with running your own custom profiles then I would highly recommend it! I start with the generic hardened profiles and then create my own tree in /usr/local/portage/profiles and then have sub profiles for different server types, eg mail / mysql / www_nginx / www_apache / etc This allows me to centralise my USE flags and required software versions. I then use copious linux-vservers to run apps at a very granular level (pretty much each web site gets it's own vserver) and it's highly memory efficient and very simple to update. The host server runs very few apps and I can easily bump services to a different physical server very easily. Figure out how to sync the storage between nodes and assuming you have that sorted then high availability becomes fairly straightforward case of simply moving the IP addresses between nodes and bringing up the vservers on the node of your choice - moderately straightforward as HA goes... linux-vserver comes with a bunch of wrappers around emerge that allow you to easily update lots of servers quite quickly. Very neat. I emerge with "-k --new-use" which forces a build of a package if the use flags don't match, but otherwise uses the available binary Cheers Ed W
Re: [Dovecot] Correct folder permissions for maildir....
hello, is your dovecot supposed to act as a LDA ? > G'Day, > > I am trying to find a definitive answer to what the directory > permissions should be for my configuration under Centos 5.5. I see > a number of the following error messages in the maillog as a > consequence of permissions errors. After reading the FAQ, Wiki etc. > and browsing the web I am unable to determine just exactly what the > user security settings should be for the offending folders. If > anyone could point me in the right direction I would appreciate it. > Should you require additional diagnostic information let me know > and I will source it. > > The error messages: > > Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz): > mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX) > failed: Permission denied Jun 17 19:53:09 moe dovecot: > POP3(marnie.capitel): > mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed: > Permission denied > > > dovecot -n > > # 1.0.7: /etc/dovecot.conf > protocols: imap pop3 imaps pop3s > listen: 116.212.71.194 > ssl_listen: 116.212.71.194 > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > mail_location: mbox:~/mail/:INBOX=/var/mail/%u > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_plugin_dir(default): /usr/lib/dovecot/imap > mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): > /usr/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv > pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u > namespace: type: private separator: / prefix: #mbox/ location: > mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes namespace: > type: private separator: / location: maildir:~/Maildir auth > default: passdb: driver: pam userdb: driver: passwd > > ps aux | grep dovecot > > root 3457 0.0 0.0 1880 508 ?Ss Jun13 0:20 > /usr/sbin/dovecot > root 5650 0.0 0.1 7952 1460 ?S03:28 0:04 > dovecot-auth > dovecot 15591 0.0 0.1 4992 1760 ?S19:26 0:00 > imap-login dovecot 15598 0.0 0.1 4992 1752 ?S > 19:26 0:00 imap-login dovecot 15627 0.0 0.1 4992 1508 ? > S19:26 0:00 imap-login dovecot 16596 0.0 0.1 4988 > 1748 ?S19:45 0:00 pop3-login dovecot 16615 0.0 0.1 > 4988 1744 ?S19:46 0:00 pop3-login dovecot 16720 > 0.2 0.1 4988 1500 ?S19:47 0:00 pop3-login root > 16726 0.0 0.0 4000 700 pts/0S+ 19:48 0:00 grep > dovecot
Re: [Dovecot] Ok, I've given up
On 17.6.2010, at 6.59, Chuck McManis wrote: > First, part of this effort was to move off of an APOP infrastructure into > something more secure against password eavesdropping. To that end I've > configured Dovecot with simply: > > protocols = pop3 > service pop3-login { > inet_listener pop3s { >port = 995 >ssl = yes > } > } > > Note that there is NO port = 110 listener and yet Dovecot seems to listen > there anyway. Yes, it's doing that by default. If you want to disable it, use service pop3-login { inet_listener pop3 { port = 0 } } > My question, can I be sure that it is not accepting non-SSL > based connections? disable_plaintext_auth = yes is also default, so it won't allow users to log in via non-SSL anyway (with 110 port it requires starttls). Of course, this might not prevent some clients from trying to send the password anyway. > Question 2) Is there any way to run dovecot from tcpserver ? v1.x yes (but there have been some problems), v2.0 no. > One of the things I like is the program tcpserver. I like it because I can > simply "not allow" large chunks of the internet to connect at all to certain > ports. v2.0 supports tcpwrappers if that helps.
[Dovecot] IMAP Address book ?
Hello Does anyone knows if it is possible to manage a personnal address book with Dovecot and IMAP ? I mean would it be possible to store it in the IMAP user's space and not in the MUA address book in order to always retrieve it even changing on machine / MUA ? Thanks
[Dovecot] Correct folder permissions for maildir....
G'Day, I am trying to find a definitive answer to what the directory permissions should be for my configuration under Centos 5.5. I see a number of the following error messages in the maillog as a consequence of permissions errors. After reading the FAQ, Wiki etc. and browsing the web I am unable to determine just exactly what the user security settings should be for the offending folders. If anyone could point me in the right direction I would appreciate it. Should you require additional diagnostic information let me know and I will source it. The error messages: Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz): mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX) failed: Permission denied Jun 17 19:53:09 moe dovecot: POP3(marnie.capitel): mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed: Permission denied dovecot -n # 1.0.7: /etc/dovecot.conf protocols: imap pop3 imaps pop3s listen: 116.212.71.194 ssl_listen: 116.212.71.194 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail/:INBOX=/var/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u namespace: type: private separator: / prefix: #mbox/ location: mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes namespace: type: private separator: / location: maildir:~/Maildir auth default: passdb: driver: pam userdb: driver: passwd ps aux | grep dovecot root 3457 0.0 0.0 1880 508 ?Ss Jun13 0:20 /usr/sbin/dovecot root 5650 0.0 0.1 7952 1460 ?S03:28 0:04 dovecot-auth dovecot 15591 0.0 0.1 4992 1760 ?S19:26 0:00 imap-login dovecot 15598 0.0 0.1 4992 1752 ?S19:26 0:00 imap-login dovecot 15627 0.0 0.1 4992 1508 ?S19:26 0:00 imap-login dovecot 16596 0.0 0.1 4988 1748 ?S19:45 0:00 pop3-login dovecot 16615 0.0 0.1 4988 1744 ?S19:46 0:00 pop3-login dovecot 16720 0.2 0.1 4988 1500 ?S19:47 0:00 pop3-login root 16726 0.0 0.0 4000 700 pts/0S+ 19:48 0:00 grep dovecot -- --Donovan J. Edye Calico Communications - "All your marketing, communication & web needs." Home To: daisyndandelion.com.au, natiki.com.au, themarketingcoach.com.au w: calicom.com.au t: +61-2-6292-1573 f: +61-2-6292-1592 p: PO Box 165, Erindale Centre, ACT 2903, Australia
Re: [Dovecot] Ok, I've given up
Chuck McManis wrote: Out of curiosity, lets say you were given the task I've set for myself which is described thusly: Provide a system that gives shell and email service to a dozen users, hosts perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines. Preferred OS and what makes it the one you choose? Ubuntu. All the loveliness of Debian but actually usable in the real world. Preferred MTA and what makes it the one you choose? Exim. http://shearer.org/MTA_Comparison Name service? Name service? ssh implementation? Not really a question. But if there must be an answer then OpenSSH from the distro, remembering to make sure we have the distro's security stream in our package sources. (If you need more security than this, then you should have the funds to do this properly without asking questions on mailing lists. If you need more security but aren't attracting that revenue stream, then in the wrong game and you need to go home and have are re-think about what you want to do to make a living.) Hardware? Rent a virtual machine (e.g. Xen based). This saves you having to make capital expenditure on hardware (= keeps the bean counter happy). Also it means you can do backups to S3 over the backbone. Now I'll confess that in the way back times I helped start a company that built this exact thing as a hands off appliance for small to medium businesses, the company was called 'FreeGate.' When the domain was retired I believe one of the boxes reported back an uptime of just over 5.5 years for a 48 user, 150 host domain. I've not generally noticed a problem with uptime these days. Bill
Re: [Dovecot] Ok, I've given up
On 17/06/2010 09:46, Chuck McManis wrote: Out of curiosity, lets say you were given the task I've set for myself which is described thusly: Provide a system that gives shell and email service to a dozen users, hosts perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines. Preferred OS and what makes it the one you choose? Preferred MTA and what makes it the one you choose? Name service? ssh implementation? Hardware? This is probably a good "slashdot asks" question... A million replies driven by what people are familiar with... I think you already named all the main software packages, so really bar some smaller apps (which definitely will work better for certain more niche projects!) you really have: - Postfix/Sendmail (and perhaps qmail) for smtp - Dovecot / Cyrus (and perhaps Courier) for imap I should think that the real point is the management of all of the above. Yes any reasonably competent user here can probably manage a one off server, but managing one "for a friend", ie for very little cost (perhaps 5 mins a year) will mean a requirement for some management tools Perhaps someone else can name a bunch of distros which package the above up with a nice GUI and make a cool integrated system? Obviously at the larger end you have the Scalix / Open Exchange / SOGO, etc (insert 5 more here) type systems, but all the ones I know of feel a bit bulky for a small office? Probably the answer for many is to go hosted..? What I have is a rails app using ActiveScaffold which manages a fairly generic database and allows me to very easily manage users across all servers in a very simple way. Very happy to opensource it if someone wanted to do some spade work to tidy it up, but really it can be re-implemented in a few hours by anyone competent with Rails and I'm very happy to share my DB schema which is really the trick My system uses: - Dovecot (changed from Courier some years ago, no experience of Cyrus, but sounds like a competitor) - Postfix (never used qmail, used Sendmail in the early 90s and never ever ever want to see it again (sorry)) - Spamassassin - P0f - Clamav - Fail2ban + simple iptables rules - Mysql for database, every main app keys into a single schema - DNSCache for local dnscache on the servers, but found dnsmasq ample for a home office size setup. DNSmadeeasy.com for domain hosting... I think without my custom rails app to manage the DB schema it would be a complete pain to admin, but all it takes is a basic gui to transform such a bag of bits to something useful... Good luck Ed W
Re: [Dovecot] Ok, I've given up
On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0 wrote: > On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote: > > In the interest of moving forward on this project > > I looked back at your other thread and at this one, and, hmmm. I > invite you to join us in the new millennium. > > 1. POP3 sucks. > IMAP can do everything POP3 can do, and many things POP3 cannot. > Check it out, and you will want to give up POP3. > > 2. mbox sucks, mostly. > Mostly; mbox is slightly better for POP retrieve-and-delete usage, > but there, see #1 above. Maildir gives the administrator, and a > shell user, many options. > > 2a. mutt and alpine are both Unix console-based MUAs which > understand maildir *and* IMAP. I'm using mutt with IMAP, > because it has advantages over direct maildir access. > > 3. qmail is dead. > Over ten years without any coordinated development, five years > since the last (only?) netqmail release. Email has changed a lot > in those years, and yes, you can patch qmail to get most of the > functionality of a modern MTA, but IME that was a crapshoot. Why > fight it, when other, well-maintained, featureful MTA choices > exist? > 3a. qmail is both much more vulnerable to spam AND by default, > the source of much spam. > So SMTP hasn't changed much in 30 years ;-) I'd be interested in what you consider a 'modern' MTA. I've looked pretty thoroughly at sendmail, postfix, and qmail and of the three qmail is fairly reliable. Not sure what makes a particular MTA more 'vulnerable' to spam. I don't run an open relay and I generally find barracuda central a decent rbl source. Between that and using tcpserver to simply not accept connections from zombies spam hasn't really been an issue. > > > I've given up trying to > > get Dovecot to support mailboxes, rather I've tweaked around in qmail and > > had it deliver into a mail directory on a disk, that isn't NFS mounted. > That > > got me past the various locking complaints and "operation not supported" > on > > home directories that were mounted from the NetApp filer. > > > > Going as vanilla as possible I've managed to both send an email that > qmail > > delivered and fetch the email with my 3 test clients (Eudora, > Thunderbird, > > and Evolution) (I know they are, in a sense, all variations on a theme > but > > MUA monoculture seems to be inevitable these days). > > > > So a few questions for the other esteemed system operators here if you > know > > the answer I'd love to hear it. > > > > Question 1) Are my user's passwords safe from prying eyes? > > Not enough information provided to be able to answer that. > > > First, part of this effort was to move off of an APOP infrastructure into > > something more secure against password eavesdropping. To that end I've > > configured Dovecot with simply: > > > > protocols = pop3 > > service pop3-login { > > inet_listener pop3s { > > port = 995 > > ssl = yes > > } > > } > > > > Note that there is NO port = 110 listener and yet Dovecot seems to listen > > You would want to find out WHAT is listening on 110. Tools like > netstat(8) (8 in Linux, probably section 1 in BSD) are useful. > Actually I know its dovecot that opens 110. I see it in netstat and I've got lsof to tell me that its being held open by the pop3 process: dovecot 82197 root 15uIPv4 0xc435d4f00t0 TCP *:pop3 (LISTEN) I'm not new to system administration mind you, just new to using dovecot. And looking through tcpdump logs of what the clients send and vs what dovecot responds, basically it is listening too, and refusing to answer, any requests on 110. So it seems like we should be able to have it not listen there. From watching the packets I've managed to convince myself that dovecot is only allowing SSL connections to go through authentication. But if there is a vulnerability in its pop3 code I worry about someone getting squirrelly with the 110 port, hence my desire to just have it not listen there at all. > there anyway. My question, can I be sure that it is not accepting non-SSL > > based connections? Attempts to use plaintext on 110 were rebuffed so that > > seems to be the case. My intent is that if my user is using this in an > > airport they won't give away their email password to a bad guy who is > > sniffing all the packets. > > > > Question 2) Is there any way to run dovecot from tcpserver ? > > > > One of the things I like is the program tcpserver. I like it because I > can > > simply "not allow" large chunks of the internet to connect at all to > certain > > Yeah, Wietse wrote a similar program back in that era too, TCP > wrappers. Similarly, it was abandoned. Most Unix and Unix-like > operating systems have the ability to do packet filtering which is > more powerful and more flexible. > We have different interpretations of 'abandoned' ;-) I looked at using the firewall rules to manage connection rules (love the concept behind fail2ban al
Re: [Dovecot] BUG Dovecot 1.0.15 and Apples Mail.app
On Thu, Jun 17, 2010 at 09:18:45AM +0200, Gerhard Waldemair wrote: > Is there anyone using Apple´s Mail.app to collect the mails via IMAP or IMAPS > ? > > I found a funny bug in Debian Lennys Dovecot Version. (still v. 1.0.15) [...] > > Now I have updatet Dovecot from 1.0 to 1.2 from Backports and everything > works great now ! Timo, I guess one solution would be to provide some kind of EOL roadmap on the website as 1.x series for sure won't receive updates anymore. If so it could easily stop those questions about way outdated releases in the future where one could just send the link to that to the OP. Regards Thomas
Re: [Dovecot] dovecot vs. Thunderbird
Am 15.06.2010 13:11, schrieb Bodo Schulz: > Hello (and Moin Moin) ;) > > I have currently a straith Problem ... [...] I have yesterday compile a old Thunderbird2 Version. This Version (2.0.0.23) works perfectly. It is also an Bug in the used Thunderbird3 Version (3.0.4). Thanks a lot for your help! We still waiting for an update ... Greetings from Hamburg, Bodo
Re: [Dovecot] Ok, I've given up
On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote: > In the interest of moving forward on this project I looked back at your other thread and at this one, and, hmmm. I invite you to join us in the new millennium. 1. POP3 sucks. IMAP can do everything POP3 can do, and many things POP3 cannot. Check it out, and you will want to give up POP3. 2. mbox sucks, mostly. Mostly; mbox is slightly better for POP retrieve-and-delete usage, but there, see #1 above. Maildir gives the administrator, and a shell user, many options. 2a. mutt and alpine are both Unix console-based MUAs which understand maildir *and* IMAP. I'm using mutt with IMAP, because it has advantages over direct maildir access. 3. qmail is dead. Over ten years without any coordinated development, five years since the last (only?) netqmail release. Email has changed a lot in those years, and yes, you can patch qmail to get most of the functionality of a modern MTA, but IME that was a crapshoot. Why fight it, when other, well-maintained, featureful MTA choices exist? 3a. qmail is both much more vulnerable to spam AND by default, the source of much spam. > I've given up trying to > get Dovecot to support mailboxes, rather I've tweaked around in qmail and > had it deliver into a mail directory on a disk, that isn't NFS mounted. That > got me past the various locking complaints and "operation not supported" on > home directories that were mounted from the NetApp filer. > > Going as vanilla as possible I've managed to both send an email that qmail > delivered and fetch the email with my 3 test clients (Eudora, Thunderbird, > and Evolution) (I know they are, in a sense, all variations on a theme but > MUA monoculture seems to be inevitable these days). > > So a few questions for the other esteemed system operators here if you know > the answer I'd love to hear it. > > Question 1) Are my user's passwords safe from prying eyes? Not enough information provided to be able to answer that. > First, part of this effort was to move off of an APOP infrastructure into > something more secure against password eavesdropping. To that end I've > configured Dovecot with simply: > > protocols = pop3 > service pop3-login { > inet_listener pop3s { > port = 995 > ssl = yes > } > } > > Note that there is NO port = 110 listener and yet Dovecot seems to listen You would want to find out WHAT is listening on 110. Tools like netstat(8) (8 in Linux, probably section 1 in BSD) are useful. > there anyway. My question, can I be sure that it is not accepting non-SSL > based connections? Attempts to use plaintext on 110 were rebuffed so that > seems to be the case. My intent is that if my user is using this in an > airport they won't give away their email password to a bad guy who is > sniffing all the packets. > > Question 2) Is there any way to run dovecot from tcpserver ? > > One of the things I like is the program tcpserver. I like it because I can > simply "not allow" large chunks of the internet to connect at all to certain Yeah, Wietse wrote a similar program back in that era too, TCP wrappers. Similarly, it was abandoned. Most Unix and Unix-like operating systems have the ability to do packet filtering which is more powerful and more flexible. > ports. (I use this for SSH in particular since all the kids love throwing > dictionary attacks around). I'd like to give my POP3 ports equivalent > protection. I also like the logging facilities of the supervise / multilog > service. > > To use this I'd need Dovecot to accept the connection handed to it, and not > do the whole setsid daemon thing since tcpserver will start another one if > needed. I can send the logging out to stderr (thanks!) and get the logging There's another DJB-ism that I don't care for; syslog(3)/syslogd(8) works well. Those TAI64N timestamps are a pain. > stuff but still wondering about the 'hand you a connection.' -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
[Dovecot] BUG Dovecot 1.0.15 and Apples Mail.app
Is there anyone using Apple´s Mail.app to collect the mails via IMAP or IMAPS ? I found a funny bug in Debian Lennys Dovecot Version. (still v. 1.0.15) When I get my Mails via IMAP or IMAPS and define a Rule in Mail.app to move the eMail to s specific folder I will find the mail 2 times in the folder. After a minute or so the double Mail disappears. I have tried it with other programs like Thunderbird. There everything works, v1.0 too. Now I have updatet Dovecot from 1.0 to 1.2 from Backports and everything works great now ! Regards, Gerhard PS in Squeeze Dovecot is Version 1.2