[Dovecot] ACL, forced INBOX subscription

[Matthias Rieber]

Hi,

I've two accounts 'matthias' and 'mailverwalter'. Mailverwalter want's to
share the Spam folder:

This is the situation in the beginning:

(matthias)
a LIST (SUBSCRIBED) "common." "*"
a OK List completed.
a LIST (SUBSCRIBED) "common.mailverwalter" "*"
a OK List completed.

(mailverwalter)
a GETACL Spam
* ACL "Spam" "mailverwalter" lrwstipekxacd
a OK Getacl completed.
a GETACL INBOX 
* ACL "INBOX" "mailverwalter" lrwstipekxacd
a OK Getacl completed.

So far so good. Mailverwalter sets the list permission:

(mailverwalter)
a SETACL "Spam" "matthias" l
a OK Setacl complete.
a GETACL "Spam"
* ACL "Spam" "matthias" l "mailverwalter" lrwstipekxacd
a OK Getacl completed.
a GETACL "INBOX"
* ACL "INBOX" "mailverwalter" lrwstipekxacd
a OK Getacl completed.

That's ok as well and I want to make sure that the INBOX doesn't have any
other permission.
After that, some listing:

(matthias)
a LIST (SUBSCRIBED) "common." "*"
a OK List completed.
a LIST (SUBSCRIBED) "common.mailverwalter." "*"
a OK List completed.

That's also ok, nothing subscribed.

(matthias)
a LIST "common.mailverwalter." "*"
* LIST (\Noselect \HasChildren) "." "common.mailverwalter"
* LIST (\HasNoChildren) "." "common.mailverwalter.Spam"
a OK List completed.

This normal folder listing seems to be ok, too, and then listing of the
subcribed folders again:

(matthias)
a LIST (SUBSCRIBED) "common.mailverwalter." "*"
* LIST (\Subscribed \NonExistent) "." "common.mailverwalter.INBOX"
a OK List completed.

And then, the INBOX is subscribed and \NonExistent because I don't have
permissions on it. The folder stays subscribed as long as I'm connected to
the server. When I disconnect and do the LIST (SUBSCRIBED) again, the
folder is not subscribed as long I do not 'normal' list it. Happens with
dovecot 1.2.11, haven't tried 2.0 yet. I assume that's not the intended
behaviour. This INBOX folder confuses the Nokia n900 email client a lot,
but it doesn't matter if it can be accessed or not.

Regards,

Matthias

Re: [Dovecot] Problem configuring rawlog with 2.0beta6

[Mark Sapiro]

Mark Sapiro wrote:

> The initial problem I was seeing after upgrade from 2.0beta5 to
> 2.0beta6 was error messages from my Android phone K9 client that
> dovecot was reporting -1 messages in various mailboxes. These
> mailboxes do have the special "Mail System Internal Data" message in
> them.

Just to follow up on this original issue, it appears the client sends an
"examine" for the folder and gets back a perfectly appropriate response
including

 0 EXISTS
 0 RECENT

and then proceeds to log an error about -1 Messages. Thus, this appears
to be strictly a client issue, possibly caused by a client software
update about the same time as the dovecot update.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

[Dovecot] OT Re: Dovecot 1.1.x and 1.2.x differencies

[Noel Butler]

re-sent , this never made it to the list, my anti spam system ate it :)

On Wed, 2010-06-16 at 07:07 -0500, Stan Hoeppner wrote: 

> 
> 
> That's an interesting position/observation given that RHEL, SLES, and CentOS
> (RHEL derivative) have the largest datacenter footprint in the US by far.
> Across both oceans, mainly Europe and South America, SuSE rules pretty much
> everything, from what I've read.
> 

Dunno, I speak from my part of the world where  I've been associated
with over past twenty years
It doesn't surprise me that RedHat have a larger footprint in U.S and
SuSE in EU, being Inc there and having support,
This pretty much means D.C's can employ clueless or first year in the
work force  18 year old's to look after the equipment.
(not attacking that age group, I've met some that run rings around some
doing this for 30 odd years or more



> All the numbers I've seen show Slackware and Gentoo at the very bottom of the
> charts, almost zero penetration.  Debian has far more datacenter penetration



Don't know where you get those figures from, I hope your not going to try use 
distrowatch as example :)


Though debian, like RH, have a reasonable userbase, I've found again
mostly clueless drones who forever flood lists asking how to do A, B or
C
many, if not most debian admins are also scared shitless to use source
code of anything, some I've come across were "shocked" to learn that
source code is available, there little world doesn't evolve outside of
"DEB", I gave out 7 updates for SM project plugin a couple months ago
( as the plugin version is still in beta), one guy replied complaining
it was broken package, guess why, because  DPKG couldnt install it - I,
ROFLMFAO! and this person worked for a multi-national company in the
U.S.

it comes down to how much you care about your customers needs, this isnt
the '80s where using the latest and greatest was generally shied upon,
I've used it exclusively for key daemons since about the mid nineties,
all without a single problem.

I do have issue with auto package updates, as an employer in the mid
nineties was bitten by a botched RH update, that rendered several
servers useless. I guess I was also lucky not to be fried by the
infamous debian openssl destructive patch they pushed out couple years
ago, which also affected other OS's if their cert was generated on a
debian system, using the closest to how the software dev team release
their software, and not butchering/distro-ising it and so, means,  more
often than not, fewer problems.


Now, this is so far OT if you wish to continue with this discussion,
please reply directly, there have been too many threads lately on this
list generate into non-dovecot related noise factors which may impact on
the genuine needy.


<>

Re: [Dovecot] LDA to address extensions

[Martijn de Munnik]

On Jun 17, 2010, at 9:25 PM, Martijn de Munnik wrote:


On Jun 17, 2010, at 1:45 PM, Martijn de Munnik wrote:


Hi List,

I'm trying to make dovecot deliver messages to sam+extens...@example.com 
 to the imap folder 'extension' of the user 'sam'. I've configured  
postfix with these dovecot as LDA:


mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER"  
-d "$USER" -m "$EXTENSION" -a "$RECIPIENT"

recipient_delimiter = +


I've found this thread but it doesn't seem to work for me. 
http://www.mail-archive.com/dovecot@dovecot.org/msg18230.html

I also disabled the sieve plugin but that doesn't make any difference.

Jun 17 21:10:55 deliver(munnik): Info: sieve: msgid=<116e5d96-fb80-4877-af96-eb296c73e...@youngguns.nl 
>: stored mail into mailbox 'INBOX'
Jun 17 21:20:37 deliver(munnik): Info: msgid=<9d6f1f02-f6e0-4260-905e-bcc1ff269...@youngguns.nl 
>: saved mail to INBOX


I've found the problem, it has nothing to do with dovecot. A postfix  
content_filter is messing with my address, when I remove that filter  
deliver is working as expected. Sorry to waste your time ;)






Sam is a local system user so I don't want to use virtual_transport  
(I think). I've read http://wiki.dovecot.org/LDA/Postfix but so far  
without success.


# 1.2.11: /etc/opt/redknot/dovecot.conf
Warning: There is no way to login to this server:  
disable_plaintext_auth=yes, ssl=no, no non-plaintext auth mechanisms.

# OS: SunOS 5.11 sun4v
log_path: /var/log/dovecot.log
ssl: no
login_dir: /opt/redknot/var/run/dovecot/login
login_executable: /opt/redknot/libexec/dovecot/imap-login
login_max_processes_count: 10
max_mail_processes: 10
mail_location: maildir:~/Maildir
lda:
postmaster_address: postmas...@redknot.nl
mail_plugins: sieve
mail_plugin_dir: /opt/redknot/lib/dovecot/lda
sendmail_path: /usr/sbin/sendmail
auth_socket_path: /opt/redknot/var/run/dovecot/auth-master
auth default:
passdb:
 driver: pam
 args: other
userdb:
 driver: passwd
socket:
 type: listen
 master:
   path: /opt/redknot/var/run/dovecot/auth-master
   mode: 384
plugin:
sieve_before: /etc/opt/redknot/sieve/before
sieve_after: /etc/opt/redknot/sieve/after

I know about the warning, this dovecot is only used as LDA, not for  
imap or pop3.


thanks,
Martijn

YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568
YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568

Re: [Dovecot] Ok, I've given up

[Phil Howard]

On Thu, Jun 17, 2010 at 04:46, Chuck McManis  wrote:

> So SMTP hasn't changed much in 30 years ;-) I'd be interested in what you
> consider a 'modern' MTA. I've looked pretty thoroughly at sendmail, postfix,
> and qmail and of the three qmail is fairly reliable. Not sure what makes a
> particular MTA more 'vulnerable' to spam. I don't run an open relay and I
> generally find barracuda central a decent rbl source. Between that and using
> tcpserver to simply not accept connections from zombies spam hasn't really
> been an issue.

I abandoned sendmail many years ago and haven't looked back.  I tried
qmail and postfix, and was a lot happier with postfix.  I overlooked
exim at the time, but from what little I've seen and heard, it should
be up there with postfix, making for a tough choice if you didn't have
anything to bias your choice (like having used one of them already for
a few years).

I prefer to avoid DJB's "the code is the comment" code because it's
too hard to maintain.  Hard to maintain == risk of breaking it, IMHO.
But I do like DJB's CDB concept.


> Provide a system that gives shell and email service to a dozen users, hosts
> perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines.
>
> Preferred OS and what makes it the one you choose?
> Preferred MTA and what makes it the one you choose?
> Name service?
> ssh implementation?
> Hardware?

I'd prefer Slackware or OpenBSD based on the simplicity.  But I
do/have run some things on CentOS, Debian, Fedora, FreeBSD and Ubuntu,
for various reasons where those get me going faster, or have what I
need, including my current mail server on Ubuntu (for a faster "get a
startup started" where needs were not well defined), which will be
migrated to Slackware, maybe in early '11.

Postfix is my 1st choice due to experience, but Exim seems to be a
fine next choice.

My authoritative DNS runs on NSD3, and my caching DNS runs on BIND9.
They are run on different IPs on the same machines (5, later to be 6,
instances of each).  Local hidden zones are on BIND9, but I don't have
to do a split horizon to have it.

OpenSSH.

x86_64 machines because it's COTS.  The mail server is running on a
pair of 500GB drives in RAID1.  Next machine will probably be more
drives and 1TB each.  I'm looking for a RAID controller than can do a
3-way or 4-way mirror.  I also rsync everything to another box every
hour and working on setting up a delta archive from that backup.

Re: [Dovecot] \Noselect on virtual folders

[Timo Sirainen]

I already replied to Matthias on IRC, but here's for everyone:

On Wed, 2010-06-16 at 21:33 +0200, Matthias Rieber wrote:
> a LIST "virtual.spam." "*"
> * LIST (\Noselect \HasNoChildren) "." "virtual.spam."
> * LIST (\HasNoChildren) "." "virtual.spam.unchecked"

This \HasNoChildren was already fixed in v2.0. I don't know how
difficult it would be to fix for v1.2.

> a LIST (SUBSCRIBED) "virtual.spam." "*"
> * LIST (\Subscribed \Noselect) "." "virtual.spam.disagree.spamassassin"
> * LIST (\Subscribed \Noselect) "." "virtual.spam.disagree.dspam"
> * LIST (\Subscribed \Noselect) "." "virtual.spam.unchecked"
> a OK List completed.

There were several bugs related to this. Fixed in v2.0. Probably too
much trouble to backport to v1.2.

http://hg.dovecot.org/dovecot-2.0/rev/3128f592ef5c
http://hg.dovecot.org/dovecot-2.0/rev/7330bb240c75

Re: [Dovecot] Ok, I've given up

[Charles Marcus]

On 2010-06-17 3:33 PM, Chuck McManis wrote:
> Its just a FreeBSD 8.0 system with a Marvell 8 port SATA card and  a couple
> of TB of of SATA drives.

Thanks for the response... now I just have to find the time... ;)

-- 

Best regards,

Charles

Re: [Dovecot] Ok, I've given up

[Chuck McManis]

On Thu, Jun 17, 2010 at 9:26 AM, Charles Marcus
wrote:

> On 2010-06-17 11:52 AM, Chuck McManis wrote:
> > but I've been evaluating a ZFS based file server as well to see if it
> > can get the same level of reliability.
>
> Care to share which one? Or just a FreeBSD based one of your own making?
>

Its just a FreeBSD 8.0 system with a Marvell 8 port SATA card and  a couple
of TB of of SATA drives. I configured ZFS pretty much with all the default
knobs. One of my SATA "drives" is actually outside the box so that I can
turn it off to introduce a "failed drive" to the system to evaluate error
handling and recovery.

I've been considering NexentaStor Comunity Edition. The boss doesn't
> like spending money, and we don't really *need* anything super fancy,
> but I really like what I hear about ZFS...
>

For most NAS stuff so far it seems pretty reasonable. Its both not as space
efficient and better than the NetApp in terms of total available space
becaus the NetApp box lops off like 65GB of every drive in a combination of
'right sizing' and reserving space. ZFS uses the whole drive but has
ginormously fat metadata blocks that it mirrors a lot. The Netapp box out
performs it in terms of both bulk transfers and IOPs  but I've done
practically no tuning on the ZFS system.

--Chuck


>
> --
>
> Best regards,
>
> Charles
>

Re: [Dovecot] LDA to address extensions

[Martijn de Munnik]

On Jun 17, 2010, at 1:45 PM, Martijn de Munnik wrote:


Hi List,

I'm trying to make dovecot deliver messages to sam+extens...@example.com 
 to the imap folder 'extension' of the user 'sam'. I've configured  
postfix with these dovecot as LDA:


mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER" - 
d "$USER" -m "$EXTENSION" -a "$RECIPIENT"

recipient_delimiter = +


I've found this thread but it doesn't seem to work for me. 
http://www.mail-archive.com/dovecot@dovecot.org/msg18230.html

I also disabled the sieve plugin but that doesn't make any difference.

Jun 17 21:10:55 deliver(munnik): Info: sieve: msgid=<116e5d96-fb80-4877-af96-eb296c73e...@youngguns.nl 
>: stored mail into mailbox 'INBOX'
Jun 17 21:20:37 deliver(munnik): Info: msgid=<9d6f1f02-f6e0-4260-905e-bcc1ff269...@youngguns.nl 
>: saved mail to INBOX




Sam is a local system user so I don't want to use virtual_transport  
(I think). I've read http://wiki.dovecot.org/LDA/Postfix but so far  
without success.


# 1.2.11: /etc/opt/redknot/dovecot.conf
Warning: There is no way to login to this server:  
disable_plaintext_auth=yes, ssl=no, no non-plaintext auth mechanisms.

# OS: SunOS 5.11 sun4v
log_path: /var/log/dovecot.log
ssl: no
login_dir: /opt/redknot/var/run/dovecot/login
login_executable: /opt/redknot/libexec/dovecot/imap-login
login_max_processes_count: 10
max_mail_processes: 10
mail_location: maildir:~/Maildir
lda:
postmaster_address: postmas...@redknot.nl
mail_plugins: sieve
mail_plugin_dir: /opt/redknot/lib/dovecot/lda
sendmail_path: /usr/sbin/sendmail
auth_socket_path: /opt/redknot/var/run/dovecot/auth-master
auth default:
passdb:
  driver: pam
  args: other
userdb:
  driver: passwd
socket:
  type: listen
  master:
path: /opt/redknot/var/run/dovecot/auth-master
mode: 384
plugin:
sieve_before: /etc/opt/redknot/sieve/before
sieve_after: /etc/opt/redknot/sieve/after

I know about the warning, this dovecot is only used as LDA, not for  
imap or pop3.


thanks,
Martijn

YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568
YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568

Re: [Dovecot] Ok, I've given up

[Jakob Curdes]

Spammers are working every day to cause more abuse. Postmasters are
trying to stay ahead of them, but we still see that over 90% of all
traffic to port 25/tcp is abuse.

 
Hmm, I would rather estimate it to around 99% on our multi-domain 
mailserver, including the connections we deny at the SMTP level on the 
basis of rules like "deny systems that do not know their hostnames" or 
"deny systems that cannot do a proper SMTP greeting".


Cheers,
Jakob Curdes

[Dovecot] Proxy Access (Manager/Secretary) Best Practices?

[Chris Hobbs]

I've mostly got our dovecot+postfix+SOGo+openldap open source groupware 
replacement working the way I want it to; we're replacing GroupWise in our 
organization and I'm thrilled to be doing it. I'm supporting about 1,000 active 
staff users (and another 6,000 student accounts). 

I've got e-mail and calendar sharing working, and it does what it says it will 
do, but it is (go figure) different in concept from Proxy access under 
GroupWise. In GroupWise, I can give my secretary proxy access to my account and 
she can read all of my folders, see my calendars, and send e-mail as me. To 
someone that receives an e-mail or appointment request from her while she's 
proxied to me, there's no distinction at all. 

Is there a way to mimic this sort of functionality with the tools I've chosen? 
I've figured out that I can add additional 'mail' attributes to the secretary's 
record, and those addresses are available as drop-down choices in the SOGo web 
interface, but with the secretary's name and not the manager. 

Any advice will be much appreciated. 

And many thanks to the developers involved for writing and making available 
such amazingly good software. Eliminating the license fees we've been paying to 
Novell is allowing me to save a technician that surely would have been 
eliminated in budget cuts this year. 

Chris 

Chris Hobbs
Director, Technology
New Haven Unified School District




--
This message was scanned by ESVA and is believed to be clean.

Re: [Dovecot] Ok, I've given up

[Charles Marcus]

On 2010-06-17 11:52 AM, Chuck McManis wrote:
> but I've been evaluating a ZFS based file server as well to see if it
> can get the same level of reliability.

Care to share which one? Or just a FreeBSD based one of your own making?

I've been considering NexentaStor Comunity Edition. The boss doesn't
like spending money, and we don't really *need* anything super fancy,
but I really like what I hear about ZFS...

-- 

Best regards,

Charles

Re: [Dovecot] Ok, I've given up

[Chuck McManis]

Thanks for the response, some snippage to cut down on list traffic ...

On Thu, Jun 17, 2010 at 7:14 AM, /dev/rob0  wrote:

> > On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0  wrote:
> > >  2a. mutt and alpine are both Unix console-based MUAs which
> > >  understand maildir *and* IMAP. I'm using mutt with IMAP,
> > >  because it has advantages over direct maildir access.
>
> You didn't have any comment on the above; I hope those suggestions
> were useful.
>

Absolutely, I pulled the mutt packages and built it and played around with
it. Its very nice. It will work better than doing a maildir2mbox before
running, thanks for that.


> > So SMTP hasn't changed much in 30 years ;-) I'd be interested in
> > what you consider a 'modern' MTA.
>
> One that supports many/most ESMTP features without patching (so,
> netqmail, "Last modified: Wed Feb 2 23:37:31 EST 2005", can be
> considered "without patching".)
>

I actually have the equivalent of a netqmail++. We had used it at FreeGate
and I became pretty comfortable in the source base so its what I'm familiar
with.


> RFCs 5321 & 5322 were released in 2008. Various ESMTP extensions
> which are in common use came after the end of qmail development.
>

Fair point.


> Spammers are working every day to cause more abuse. Postmasters are
> trying to stay ahead of them, but we still see that over 90% of all
> traffic to port 25/tcp is abuse.
>

Yup. (well 73% in my case but I've got a small domain off in an unused
corner of the universe)

> I've looked pretty thoroughly at sendmail, postfix,
> > and qmail and of the three qmail is fairly reliable.
>
> Perhaps it is. Does it do what you need? You mentioned wanting to
> protect users' passwords. STARTTLS and AUTH are not supported by
> qmail without patching, and I wouldn't be so confident in those
> patches, if I was running qmail.
>

This is true, although as I've said I'm pretty comfortable around Dan's
source code (even if I abhor his coding style).


> Good. You might also want to consider zen.spamhaus.org. I find that
> rejecting non-FQDN HELO names will stop around 25% of all connections
> I get, but perhaps if you've maintained your tcpserver access lists
> well, you're not getting as many of those. If not, you're lucky,
> because here too, qmail has no native ability to perform access
> checks based on the HELO/EHLO name.
>

I've gone back and forth on FQDN bouncing. I used to reject it out of hand
(if you're using tcpserver you can use it to pass along a signal that the IP
and name don't match, and then in qmail you can compare the HELO name with
the $REMOTEHOST value to bounce (or spike) on mismatch)). But enough people
seem to screw this up but be legitimate that I've switching to using it as a
strong signal to the spam classifier as 'likely spam'. I've got the
equivalent of the 'fail2ban' utility which auto-blocks any address which
sends an obvious spam (non-address for example)


> The qmail design of accept-then-bounce is thoroughly discredited. I
> hosted a domain which didn't have email, and 90% of my logs were
> backscattering qmail woodpeckers coming back again and again after
> "554 5.7.1 : Relay access denied ..."
>

I've always considered the accept-then- and the  was pretty
configurable. I just spike (aka send to /dev/null) and ban (update the
tcpserver rules). About 8 years ago I was still helpfully bouncing stuff
until I added up how much b/w I was consuming by sending bounces to folks
who didn't send the email in the first place and stopped doing that. Which
is a long way of saying I agree with you that accept-and-bounce isn't a
useful policy for MTAs


> Software written in the 1990s and no longer maintained, I call
> abandoned.
>

Ok, but generally the patches for qmail have been feature patches, not bug
fixes it seems. I can accept your definition of abandoned as software that
doesn't get changed by the author and there is no official maintainer of a
version.


> [snip]
>


> Sure, who can resist questions like these? :)
>
> > Provide a system that gives shell and email service to a dozen
> > users, hosts perhaps 15 or so mailing lists, provides DNS for 20 -
> > 30 machines.
>
> "Provides DNS for ..." meaning, it is the "nameserver" host for these
> 20-30 clients?
>

Yes, name resolution and a name cache for the folks on the network.


> > Preferred OS and what makes it the one you choose?
>
> Familiarity. Most of my Unix admin time has been done in Slackware
> Linux. I like the simplicity and the ease of management. Any Unix or
> GNU/Linux can do the job ... the admin's personal preference and
> experience is what matters.
>

Fair enough, I tend to land on FreeBSD for server software and Ubuntu/Gentoo
for desktop.

> Preferred MTA and what makes it the one you choose?
>
> I spent my time to become proficient in Postfix. I think Sendmail
> and Exim are also good choices.
>

After your message I went hunting for 'state of the art' MTAs, it seems
sendmail, postfix, qmail, and ex

Re: [Dovecot] Ok, I've given up

[Chuck McManis]

Thanks Timo.
--Chuck


On Thu, Jun 17, 2010 at 4:34 AM, Timo Sirainen  wrote:

> On 17.6.2010, at 6.59, Chuck McManis wrote:
>
> > First, part of this effort was to move off of an APOP infrastructure into
> > something more secure against password eavesdropping. To that end I've
> > configured Dovecot with simply:
> >
> > protocols = pop3
> > service pop3-login {
> >  inet_listener pop3s {
> >port = 995
> >ssl = yes
> >  }
> > }
> >
> > Note that there is NO port = 110 listener and yet Dovecot seems to listen
> > there anyway.
>
> Yes, it's doing that by default. If you want to disable it, use
>
> service pop3-login {
>  inet_listener pop3 {
>port = 0
>   }
> }
>
> > My question, can I be sure that it is not accepting non-SSL
> > based connections?
>
> disable_plaintext_auth = yes is also default, so it won't allow users to
> log in via non-SSL anyway (with 110 port it requires starttls). Of course,
> this might not prevent some clients from trying to send the password anyway.
>
> > Question 2) Is there any way to run dovecot from tcpserver ?
>
> v1.x yes (but there have been some problems), v2.0 no.
>
> > One of the things I like is the program tcpserver. I like it because I
> can
> > simply "not allow" large chunks of the internet to connect at all to
> certain
> > ports.
>
> v2.0 supports tcpwrappers if that helps.

[Dovecot] sharing INBOX not possible?

[Burckhard Schmidt]

Hello,

I like to share the inbox "INBOX" itself to other users and not only 
folders.
But it looks like INBOX is not shareable? I have tried both dbox and 
maildir.
I have used TB, SquirrelMail, Roundcube. TB shoes the shared INBOX 
within the subscription dialog as subscripted but the per user file 
"subsricptions" does not contain an entry. Any other "normal" shared 
folder I can (un-)subscribe and the entry within "subsricptions" will be 
updated.


dovecot 1.2.11
configuration:
mail_access_groups: sysdov
mail_privileged_group: sysdov
mail_uid: sysdov
mail_gid: sysdov
mail_location: 
dbox:~/dbox:INDEX=/addons/index/%u:CONTROL=~/control:LAYOUT=fs

mail_plugins: autocreate  expire acl imap_acl
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: shared
  separator: /
  prefix: FremdeOrdner/%%u/
  location: dbox:%%h/dbox:CONTROL=~/control/FremdeOrdner/%%u:LAYOUT=fs
  list: yes
plugin:
...
acl_shared_dict: file:/addons/acl/shared-folder

user "user2" shares "INBOX" and folder "Drafts" to user "user1".

~user2/dbox/mailboxes/INBOX/dbox-Mails/dovecot-acl: user=user1 eilrwts
~user2/dbox/mailboxes/Drafts/dbox-Mails/dovecot-acl: user=user1 eilrwts
~user2/dbox/dovecot-acl-list:
  1276766257 INBOX
  1276762083 Drafts
/addons/acl/shared-folder:
   shared/shared-boxes/user/user2/user1
   1


Here some imap commands I have used to test it:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
AUTH=PLAIN] Dovecot ready.


1 login user1 
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT 
IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE 
QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL 
RIGHTS=texk] Logged in


1 list "" "*"
* LIST (\HasNoChildren) "/" "Drafts"
* LIST (\HasNoChildren) "/" "Sent"
* LIST (\HasNoChildren) "/" "AutoCleanSpam"
* LIST (\HasNoChildren) "/" "Trash"
* LIST (\HasNoChildren) "/" "INBOX"
* LIST (\Noselect \HasChildren) "/" "FremdeOrdner"
* LIST (\Noselect \HasChildren) "/" "FremdeOrdner/user2"
* LIST (\HasNoChildren) "/" "FremdeOrdner/user2/Drafts"
1 OK List completed.

I'm right missing "FremdeOrdner/user2/INBOX" here? Or should an 
IMAP-Client always try to select an "INBOX" as long as "HasChildren" is 
shown?




1 examine FremdeOrdner/user2/Drafts
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft nonjunk)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 1 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1273601955] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
* OK [HIGHESTMODSEQ 3] Highest
1 OK [READ-ONLY] Select completed.

1 examine FremdeOrdner/user2/INBOX
* OK [CLOSED] Previous mailbox closed.
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 3 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1273601954] UIDs valid
* OK [UIDNEXT 39] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
1 OK [READ-ONLY] Select completed.

1 select FremdeOrdner/user2/INBOX
* OK [CLOSED] Previous mailbox closed.
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] 
Flags permitted.

* 3 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1273601954] UIDs valid
* OK [UIDNEXT 39] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
1 OK [READ-WRITE] Select completed.



Additional question
I have seen the comment for shared folder and dbox:
"You must not try to :INDEX= to have copies of index files."
This is still valid and within version 2.0 also?

Regards

Burckhard Schmidt

Re: [Dovecot] Shared mailboxes errors

[Nikita Koshikov]

On Thu, 17 Jun 2010 14:57:08 +0100
Timo Sirainen wrote:

> On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote:
> 
> > Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: 
> > shared/shared-boxes/anyone/
> 
> I think the wiki sql configuration was written/tested by someone who got
> the same errors, but ignored them.. You need to provide also a mapping
> for this. Maybe something like:
> 
> map {
>   pattern = shared/shared-boxes/anyone/$from
>   table = anyone_shares
>   value_field = dummy
> 
>   fields {
>   from_user = $from
>   }
> }
> 
> or maybe to your existing table (just don't have a user called
> "anyone"):
> 
> map {
>   pattern = shared/shared-boxes/user/anyone/$from
>   table = user_shares
>   value_field = dummy
> 
>   fields {
>   from_user = $from
>   }
> }
> 

Thanks for your reply, Timo.

Is any documentation avail about mapping or can you describe it briefly here ?

Re: [Dovecot] IMAP Address book ?

[Charles Marcus]

On 2010-06-17 7:31 AM, Frank Bonnet wrote:
> Does anyone knows if it is possible to manage a personnal address book
> with Dovecot and IMAP ?
> 
> I mean would it be possible to store it in the IMAP user's space
> and not in the MUA address book in order to always retrieve it
> even changing on machine / MUA ?

If you use Thunderbird, you might try SyncKolab:

https://addons.mozilla.org/en-US/thunderbird/addon/519/

-- 

Best regards,

Charles

Re: [Dovecot] Ok, I've given up

[Charles Marcus]

On 2010-06-17 4:46 AM, Chuck McManis wrote:
> I'd be interested in what you consider a 'modern' MTA.

postfix.

Sendmail is fine (reasonably well maintained), but much more complicated
than postfix.

qmail is basically totally unmaintained for many years.

> Between that and using tcpserver to simply not accept connections
> from zombies spam hasn't really been an issue.

You're using dovecot, so why not use sasl_auth (dovecot-sasl) instead?
That is the modern way.

-- 

Best regards,

Charles

Re: [Dovecot] Ok, I've given up

[/dev/rob0]

On Thu, Jun 17, 2010 at 01:46:19AM -0700, Chuck McManis wrote:
> On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0  wrote:
> 
> > On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote:
> > > In the interest of moving forward on this project
> >
> > I looked back at your other thread and at this one, and, hmmm. I
> > invite you to join us in the new millennium.
> >
> > 1. POP3 sucks.
> >   IMAP can do everything POP3 can do, and many things POP3 cannot.
> >   Check it out, and you will want to give up POP3.
> >
> > 2. mbox sucks, mostly.
> >   Mostly; mbox is slightly better for POP retrieve-and-delete usage,
> >   but there, see #1 above. Maildir gives the administrator, and a
> >   shell user, many options.
> >
> >  2a. mutt and alpine are both Unix console-based MUAs which
> >  understand maildir *and* IMAP. I'm using mutt with IMAP,
> >  because it has advantages over direct maildir access.

You didn't have any comment on the above; I hope those suggestions 
were useful.

> > 3. qmail is dead.
> >   Over ten years without any coordinated development, five years
> >   since the last (only?) netqmail release. Email has changed a lot
> >   in those years, and yes, you can patch qmail to get most of the
> >   functionality of a modern MTA, but IME that was a crapshoot. Why
> >   fight it, when other, well-maintained, featureful MTA choices
> >   exist?
> >  3a. qmail is both much more vulnerable to spam AND by default,
> >  the source of much spam.
> >
> 
> So SMTP hasn't changed much in 30 years ;-) I'd be interested in 
> what you consider a 'modern' MTA.

One that supports many/most ESMTP features without patching (so, 
netqmail, "Last modified: Wed Feb 2 23:37:31 EST 2005", can be 
considered "without patching".)

(Apparently, since DJB released qmail into public domain, no one has 
cared enough to roll up a release which included the patches, FWIW.)

RFCs 5321 & 5322 were released in 2008. Various ESMTP extensions 
which are in common use came after the end of qmail development.

Spammers are working every day to cause more abuse. Postmasters are 
trying to stay ahead of them, but we still see that over 90% of all 
traffic to port 25/tcp is abuse.

> I've looked pretty thoroughly at sendmail, postfix,
> and qmail and of the three qmail is fairly reliable.

Perhaps it is. Does it do what you need? You mentioned wanting to 
protect users' passwords. STARTTLS and AUTH are not supported by 
qmail without patching, and I wouldn't be so confident in those 
patches, if I was running qmail.

> Not sure what makes a particular MTA more 'vulnerable' to spam. I 
> don't run an open relay and I generally find barracuda central a 
> decent rbl source. Between that and using tcpserver to simply not 
> accept connections from zombies spam hasn't really been an issue.

Good. You might also want to consider zen.spamhaus.org. I find that 
rejecting non-FQDN HELO names will stop around 25% of all connections 
I get, but perhaps if you've maintained your tcpserver access lists 
well, you're not getting as many of those. If not, you're lucky, 
because here too, qmail has no native ability to perform access 
checks based on the HELO/EHLO name.

The qmail design of accept-then-bounce is thoroughly discredited. I 
hosted a domain which didn't have email, and 90% of my logs were 
backscattering qmail woodpeckers coming back again and again after 
"554 5.7.1 : Relay access denied ..."

(The domain expired, and gradually my logs quieted down.)

> > > Question 1) Are my user's passwords safe from prying eyes?
> >
> > Not enough information provided to be able to answer that.

(Apparently it was enough information for Timo to answer.)

> > > Question 2) Is there any way to run dovecot from tcpserver ?
> > >
> > > One of the things I like is the program tcpserver. I like it 
> > > because I can simply "not allow" large chunks of the internet 
> >
> > Yeah, Wietse wrote a similar program back in that era too, TCP 
> > wrappers. Similarly, it was abandoned. Most Unix and Unix-like 
> > operating systems have the ability to do packet filtering which 
> > is more powerful and more flexible.
> 
> We have different interpretations of 'abandoned' ;-)

Software written in the 1990s and no longer maintained, I call 
abandoned.

> I looked at using the firewall rules to manage connection rules 
> (love the concept behind fail2ban although I've got an equivalent). 
> But if your system is only exporting 4 ports to the web (SSH, DNS, 
> SMTP, and POP) its actually easier (and thus for me at least less 
> error prone) to manage that on a per-daemon basis.

Easily done with firewall rules per port, too. But, abuse is abuse, 
and generally a host which is abusing you is ONLY going to abuse you, 
so IMO, it might as well (or should) be blocked entirely.

> Out of curiosity, lets say you were given the task I've set for 
> myself which is described thusly:

Sure, who can resist questions like these? :)

> Provide a

Re: [Dovecot] Shared mailboxes errors

[Timo Sirainen]

On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote:

> Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: 
> shared/shared-boxes/anyone/

I think the wiki sql configuration was written/tested by someone who got
the same errors, but ignored them.. You need to provide also a mapping
for this. Maybe something like:

map {
pattern = shared/shared-boxes/anyone/$from
table = anyone_shares
value_field = dummy

fields {
from_user = $from
}
}

or maybe to your existing table (just don't have a user called
"anyone"):

map {
pattern = shared/shared-boxes/user/anyone/$from
table = user_shares
value_field = dummy

fields {
from_user = $from
}
}


> I have no clue why this happening, users don't know about new functionality 
> they just use imap as before. Also dict database begin to fill up by records 
> like:
> 
> select * from user_shares;
> u...@domain.com|ad...@domain.com|1
> 
> But user don't use setacl command.

I think the dict is rebuilt sometimes when ACLs change (or if
dovecot-acl-list file is rebuilt for some other reason). This code isn't
really optimized yet and it might be rebuilding them unnecessarily..

Re: [Dovecot] basic conf error? v1.2.11

[Justin Krejci]

LOL nice!
Thanks for being gentle.

-Original Message-
From: dovecot-bounces+jkrejci=usinternet@dovecot.org
[mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of
Pascal Volk
Sent: Thursday, June 17, 2010 8:45 AM
To: Dovecot Mailing List
Subject: Re: [Dovecot] basic conf error? v1.2.11

On 06/17/2010 03:27 PM Justin Krejci wrote:
> .
> auth_username_chars =
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\
> .
> 
> Any ideas what is wrong here? It seems like the example conf file is not
> correct. Yes the dovecot-sql.conf file exists.

The above line (with non-default values) doesn't end.

This is \
one line^

When your usernames really contain backslashes, don't place it at the
logical end of line.


Regards,
Pascal
-- 
The trapper recommends today: c01dcofe.1016...@localdomain.org

Re: [Dovecot] ZFS Index corruption and Connection reset by peer

[Timo Sirainen]

On Thu, 2010-06-17 at 14:55 +0200, Philippe Chevalier wrote:
> >> Jun 08 15:01:24 IMAP(): Error: close(client out) failed:
> >> Connection reset by peer
> >
> >I've seen this a FEW times. Like 3 in the last six months. seems to have 
> >gone away after updating to 1.2..though maybe I just haven't triggered it 
> >again.
> 
> I have one around every 5 minutes. 
> 
> Jun 17 13:28:33  dovecot: imap-login: net_disconnect() failed: Connection 
> reset by peer
> Jun 17 13:38:33  last message repeated 3 times

Here are fixes:

http://hg.dovecot.org/dovecot-2.0/rev/c24ee1ebb159
http://hg.dovecot.org/dovecot-2.0/rev/b2ffb6846973

Re: [Dovecot] basic conf error? v1.2.11

[Pascal Volk]

On 06/17/2010 03:27 PM Justin Krejci wrote:
> …
> auth_username_chars =
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\
> …
> 
> Any ideas what is wrong here? It seems like the example conf file is not
> correct. Yes the dovecot-sql.conf file exists.

The above line (with non-default values) doesn't end.

This is \
one line^

When your usernames really contain backslashes, don't place it at the
logical end of line.


Regards,
Pascal
-- 
The trapper recommends today: c01dcofe.1016...@localdomain.org

Re: [Dovecot] Dovecot SASL

[Pascal Volk]

On 06/17/2010 02:32 PM Tseveendorj Ochirlantuu wrote:
> disable_plaintext_auth is already set yes in
> /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.
> 
> Today I just upgraded dovecot please see the dovecot -n below.
> 
> # 1.2.9: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap pop3 imaps pop3s managesieve
> ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> ssl_key_file: /etc/ssl/private/ssl-mail.key
> ssl_cipher_list:
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> mail_privileged_group: mail
> mail_location: maildir:~/Maildir
> mbox_write_locks: fcntl dotlock
> mail_executable(default): /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_executable(managesieve): /usr/lib/dovecot/managesieve
> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> imap_client_workarounds(default): outlook-idle delay-newmail
> imap_client_workarounds(imap): outlook-idle delay-newmail
> imap_client_workarounds(pop3):
> imap_client_workarounds(managesieve):
> pop3_client_workarounds(default):
> pop3_client_workarounds(imap):
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> pop3_client_workarounds(managesieve):
> lda:
>   postmaster_address: postmaster
>   mail_plugins: sieve
>   quota_full_tempfail: yes
>   deliver_log_format: msgid=%m: %$
>   rejection_reason: Your message to <%t> was automatically rejected:%n%r
> auth default:
>   mechanisms: plain login
>   passdb:
> driver: pam
>   userdb:
> driver: passwd
>   socket:
> type: listen
> client:
>   path: /var/spool/postfix/private/dovecot-auth
>   mode: 432
>   user: postfix
>   group: postfix
> plugin:
>   sieve: ~/.dovecot.sieve
>   sieve_dir: ~/sieve
> 

By default the disable_plaintext_auth setting is set to yes. dovecot -n
reports only non-default settings. So when you set
disable_plaintext_auth to yes (its default value) in your dovecot.conf
and run `dovecot -n | grep disable_plaintext_auth`, you will see
nothing.

With Dovecot v2.0 you can use `doveconf -N`, to see non-default +
explicit configured default settings.

Back to disable_plaintext_auth: Let me copy and paste from the
dovecot.conf:
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes

You can't use palintext authentication, as long plaintext auth is disabled.


Regards,
Pascal
-- 
The trapper recommends today: c01dcofe.1016...@localdomain.org

[Dovecot] Shared mailboxes errors

[Nikita Koshikov]

Hello list,

I'm implementing shared mailboxes on live system and after enabling acl plugin 
I got errors in my log: 

Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: 
shared/shared-boxes/anyone/

I have no clue why this happening, users don't know about new functionality 
they just use imap as before. Also dict database begin to fill up by records 
like:

select * from user_shares;
u...@domain.com|ad...@domain.com|1

But user don't use setacl command.

Searching for the list gave 
http://www.dovecot.org/list/dovecot/2009-April/038664.html , but question 
seemed still open. So, can someone give point how to fix\avoid this ?


One more question, on live system it's hard to debug dovecot with 
mail_debug=yes for all users, can this option be turn on for individual user? 
or maybe mail_debug stream can be redirected also for individual user ?

dovecot -n 
# 1.2.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-gentoo-r4 i686 Gentoo Base System release 1.12.13 
log_path: /var/log/dovecot/dovecot-error.log
info_log_path: /var/log/dovecot/dovecot.log
protocols: imaps pop3s managesieve
ssl_cert_file: /etc/ssl/dovecot/imaps.crt
ssl_key_file: /etc/ssl/dovecot/imaps.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
login_greeting: Server ready.
login_processes_count(default): 50
login_processes_count(imap): 50
login_processes_count(pop3): 5
login_processes_count(managesieve): 5
login_max_processes_count: 2048
max_mail_processes: 2048
mail_max_userip_connections(default): 25
mail_max_userip_connections(imap): 25
mail_max_userip_connections(pop3): 10
mail_max_userip_connections(managesieve): 10
first_valid_uid: 8
last_valid_uid: 8
first_valid_gid: 12
last_valid_gid: 12
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_plugins(default): quota imap_quota trash expire zlib autocreate virtual 
antispam acl imap_acl
mail_plugins(imap): quota imap_quota trash expire zlib autocreate virtual 
antispam acl imap_acl
mail_plugins(pop3): quota virtual
mail_plugins(managesieve): 
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve
imap_client_workarounds(default): delay-newmail
imap_client_workarounds(imap): delay-newmail
imap_client_workarounds(pop3): 
imap_client_workarounds(managesieve): 
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve): 
namespace:
  type: private
  separator: /
  location: maildir:~/data
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: private
  separator: /
  prefix: Company/
  location: virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++
  hidden: yes
  list: yes
namespace:
  type: shared
  separator: /
  prefix: shared/%%u/
  location: maildir:%%h/data:INDEX=%h/shared/%%u
  list: children
lda:
  postmaster_address: postmas...@domain.com
  hostname: mail.domain.com
  mail_plugins: quota trash expire sieve virtual acl
  quota_full_tempfail: yes
  sendmail_path: /usr/sbin/sendmail
  auth_socket_path: /var/run/dovecot/auth-master
  log_path: /var/log/dovecot/dovecot-deliver.log
  info_log_path: /var/log/dovecot/dovecot-deliver.log
auth default:
  mechanisms: plain login
  default_realm: domain.com
  cache_size: 10240
  cache_negative_ttl: 0
  user: dovecot_auth
  username_format: %Lu
  master_user_separator: *
  worker_max_count: 50
  passdb:
driver: passwd-file
args: /etc/dovecot/passdb/master.pwd
master: yes
  passdb:
driver: passwd-file
args: /etc/dovecot/passdb/users.pwd
  passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
  userdb:
driver: prefetch
  userdb:
driver: passwd-file
args: /etc/dovecot/passdb/users.pwd
  userdb:
driver: ldap
args: /etc/dovecot/dovecot-userdb-ldap.conf
  socket:
type: listen
client:
  path: /var/run/dovecot/auth-client
  mode: 432
  user: mail
  group: dovecot_auth
master:
  path: /var/run/dovecot/auth-master
  mode: 384
  user: mail
  group: mail
plugin:
  quota_warning: storage=90%% /etc/dovecot/plugins/quota_warning.sh 90
  quota: maildir:Mailbox quota
  quota_rule: *:storage=500M
  quota_rule2: Trash:storage=10%%
  acl: vfile:/etc/dovecot/acl:cache_secs=3600
  acl_shared_dict: proxy::acl
  trash: /etc/dovecot/plugins/dovecot-trash.conf
  expire: Trash 30 Spam 30
  expire_dict: proxy::expire
  autocreate: Drafts
  autocreate2: Sent
  autocreate3: Spam
  autocreate4:

[Dovecot] basic conf error? v1.2.11

[Justin Krejci]

I just downloaded 1.2.11 and compiled from source including mysql support
and using default directory locations.

 

I walked thru the included example conf file and tweaked it out and get an
invalid configuration file.

I trimmed out all of the commented sections to make the non-default config
super easy to navigate during troubleshooting.

 

Remaining config which gives an error of "unknown setting: mechanisms" so I
switched it to auth_mechanisms and then get the following when starting
dovecot:

 

Error: Error in configuration file /usr/local/etc/dovecot.conf line 18:
Unknown section type (section changed in /usr/local/etc/dovecot.conf at line
14)

Fatal: Invalid configuration in /usr/local/etc/dovecot.conf

 

 

#

protocols = imap pop3

listen = 

disable_plaintext_auth = no

ssl = no

login_processes_count = 100

login_max_processes_count = 500

login_max_connections = 512

login_greeting = DovecotProxy08 ready.

protocol imap {

}

protocol pop3 {

}

protocol lda {

}   #LINE 14

auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\

auth default {

  mechanisms = plain

  passdb sql {  #LINE 18

args = /usr/local/etc/dovecot-sql.conf

  }

  userdb sql {

args = /usr/local/etc/dovecot-sql.conf

  }

  user = root

}

dict {

}

plugin {

}

#

 

 

 

 

Any ideas what is wrong here? It seems like the example conf file is not
correct. Yes the dovecot-sql.conf file exists.

Re: [Dovecot] Ok, I've given up

[Peter Risdon]

On 17/06/10 14:11, William Blunn wrote:

Peter Risdon wrote:

Tarsnap is worth glancing at:

http://www.tarsnap.com/


They appear to use S3 as their back-end :-)


That's right, thought it might be relevant. It's written by Colin 
Percival, FreeBSD's security officer.




They charge $0.30 / GB.month compared to $0.15 / GB.month for S3, 
which would seem to be within the bounds of reason if they are 
effectively mapping S3 space into something more convenient.


And very secure.



I suppose it depends how much you want to outsource.

Bill



Peter.

Re: [Dovecot] Ok, I've given up

[William Blunn]

Peter Risdon wrote:

Tarsnap is worth glancing at:

http://www.tarsnap.com/


They appear to use S3 as their back-end :-)

They charge $0.30 / GB.month compared to $0.15 / GB.month for S3, which 
would seem to be within the bounds of reason if they are effectively 
mapping S3 space into something more convenient.


I suppose it depends how much you want to outsource.

Bill

Re: [Dovecot] ZFS Index corruption and Connection reset by peer

[Philippe Chevalier]

On Wed, Jun 16, 2010 at 12:23:16PM -0400, Dillon Kass wrote:


I quit using mmap_disable around 7.1-STABLE and haven't had that bug since 
then. I'm running 8.0-R with Maildirs in a compressed ZFS dataset right now 
with no problems. That's pretty odd...I'm pretty sure it was in the 
implementation and had nothing to do with the ZFS version but I assume your 
datasets and pools are all updated to the latest version?


# uname -v
FreeBSD 8.0-STABLE #2: Wed May 12 21:13:40 CEST 2010

# zfs upgrade
This system is currently running ZFS filesystem version 3.

All filesystems are formatted with the current version.

# zpool upgrade
This system is currently running ZFS pool version 14.

All pools are formatted using this version.

I can't really be more up to date than this... 


Only thing is that Maildirs are all on different datasets, since every user has 
his own set.

mmap_disable made the problem completely go away.


Jun 08 15:01:24 IMAP(): Error: close(client out) failed:
Connection reset by peer


I've seen this a FEW times. Like 3 in the last six months. seems to have gone 
away after updating to 1.2..though maybe I just haven't triggered it again.


I have one around every 5 minutes. 


Jun 17 13:28:33  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer
Jun 17 13:38:33  last message repeated 3 times
Jun 17 13:39:42  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer
Jun 17 13:55:33  last message repeated 2 times
Jun 17 14:19:42  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer
Jun 17 14:25:42  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer
Jun 17 14:42:33  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer
Jun 17 14:48:33  dovecot: imap-login: net_disconnect() failed: Connection 
reset by peer

I guess it occurs when users are polling their mailbox, and maybe only with specific clients? 


I have no clue.

P.C.

Re: [Dovecot] Ok, I've given up

[Peter Risdon]

On 17/06/10 13:33, William Blunn wrote:

Ed W wrote:
How are you backing up to S3? Most of the options I have seen have 
some serious issues that limit reliable full backups?  Its been on my 
todo list for some time now to fix the C s3fs implementation that you 
find here: http://code.google.com/p/s3fs/ - code is shocking and 
could easily be fixed up pretty well...


http://s3tools.org/ - seems maintained, but not used it?

Brackup seems excellent, but has only an initial patch to support 
backing up user permissions, so at this stage seems more useful for 
data files than a whole system backup?


Also you have the option of cheap hosting through the likes of say 
Dreamhost or Kimsufi

http://www.kimsufi.co.uk/ks/
£15/month for a single machine with a single 250GB (non backed up) 
disk.  Twice that price can get you multiple TB disks.  Use this plus 
rsync?


Not really sure where the sweet spot is here, but unsure what S3 
really buys us?


I would imagine it would be some variation on dumping databases, 
making tarballs, chopping up into <5GB pieces and then uploading them 
with s3cmd (s3tools.org).


Over and above rented server storage, S3 should provide multi-site 
redundancy (coverage against a plane making an unscheduled landing 
into the data centre).


Tarsnap is worth glancing at:

http://www.tarsnap.com/



Bill

Re: [Dovecot] Ok, I've given up

[William Blunn]

Ed W wrote:
How are you backing up to S3? Most of the options I have seen have 
some serious issues that limit reliable full backups?  Its been on my 
todo list for some time now to fix the C s3fs implementation that you 
find here: http://code.google.com/p/s3fs/ - code is shocking and could 
easily be fixed up pretty well...


http://s3tools.org/ - seems maintained, but not used it?

Brackup seems excellent, but has only an initial patch to support 
backing up user permissions, so at this stage seems more useful for 
data files than a whole system backup?


Also you have the option of cheap hosting through the likes of say 
Dreamhost or Kimsufi

http://www.kimsufi.co.uk/ks/
£15/month for a single machine with a single 250GB (non backed up) 
disk.  Twice that price can get you multiple TB disks.  Use this plus 
rsync?


Not really sure where the sweet spot is here, but unsure what S3 
really buys us?


I would imagine it would be some variation on dumping databases, making 
tarballs, chopping up into <5GB pieces and then uploading them with 
s3cmd (s3tools.org).


Over and above rented server storage, S3 should provide multi-site 
redundancy (coverage against a plane making an unscheduled landing into 
the data centre).


Bill

Re: [Dovecot] Dovecot SASL

[Tseveendorj Ochirlantuu]

On Tue, Jun 15, 2010 at 9:48 PM, Pascal Volk <
user+dove...@localhost.localdomain.org
> wrote:

> On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:
> > Dear Pascal
> >
> > Sorry for forgetting required thing. Please see the dovecot -n follow
> >
> > # 1.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
> > log_timestamp: %Y-%m-%d %H:%M:%S
> > protocols: imap pop3 imaps pop3s managesieve
> > ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> > ssl_key_file: /etc/ssl/private/ssl-mail.key
> > ssl_cipher_list:
> > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> > login_dir: /var/run/dovecot/login
> > login_executable(default): /usr/lib/dovecot/imap-login
> > login_executable(imap): /usr/lib/dovecot/imap-login
> > login_executable(pop3): /usr/lib/dovecot/pop3-login
> > login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> > mail_privileged_group: mail
> > mail_location: maildir:~/Maildir
> > mbox_write_locks: fcntl dotlock
> > mail_executable(default): /usr/lib/dovecot/imap
> > mail_executable(imap): /usr/lib/dovecot/imap
> > mail_executable(pop3): /usr/lib/dovecot/pop3
> > mail_executable(managesieve): /usr/lib/dovecot/managesieve
> > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> > imap_client_workarounds(default): outlook-idle delay-newmail
> > imap_client_workarounds(imap): outlook-idle delay-newmail
> > imap_client_workarounds(pop3):
> > imap_client_workarounds(managesieve):
> > pop3_client_workarounds(default):
> > pop3_client_workarounds(imap):
> > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> > pop3_client_workarounds(managesieve):
> > lda:
> >   postmaster_address: postmaster
> >   mail_plugins: cmusieve
>   
>
> Please read:
>file:///usr/share/doc/dovecot-common/README.Debian
>http://wiki.dovecot.org/Upgrading/1.2
>
> >   quota_full_tempfail: yes
> >   deliver_log_format: msgid=%m: %$
> >   rejection_reason: Your message to <%t> was automatically rejected:%n%r
> > auth default:
> >   mechanisms: plain login
> >   passdb:
> > driver: pam
> >   userdb:
> > driver: passwd
> >   socket:
> > type: listen
> > client:
> >   path: /var/spool/postfix/private/dovecot-auth
> >   mode: 432
> >   user: postfix
> >   group: postfix
> > plugin:
> >   sieve: ~/.dovecot.sieve
> >   sieve_dir: ~/sieve
> >
> > Best regards,
> > Tseveen
> >
> > On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk <
> > user+dove...@localhost.localdomain.org
> 
> >
> >> wrote:
> >>>
> >>> I did not see AUTH in the telnet connection.
> >>>
> >>> EHLO mail.domain.mn
> >>> 250-ns1.domain.mn
> >>> 250-PIPELINING
> >>> 250-SIZE 1024
> >>> 250-VRFY
> >>> 250-ETRN
> >>> 250-STARTTLS
> >> ^^^
> >>> 250-ENHANCEDSTATUSCODES
> >>> 250-8BITMIME
> >>> 250 DSN
> >>>
> >>> How to solvet this ?
> >>
> >>
> >> Either start your SSL-session or allow plaintext auth in your Dovecot
> >> configuration.
>
> Please stop top-posting.
>
> Your `dovecot -n` output doesn't include the disable_plaintext_auth
> setting. So disable_plaintext_auth is configured to its default: yes
>
> When disable_plaintext_auth=yes, you can't authenticate plain or login,
> until you've secured the connection with the STARTTLS command.
>
>
> Regards,
> Pascal
> --
> The trapper recommends today: fabaceae.1016...@localdomain.org
>

disable_plaintext_auth is already set yes in
/etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.

Today I just upgraded dovecot please see the dovecot -n below.

# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s managesieve
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list:
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workaro

Re: [Dovecot] IMAP Address book ?

[Marcio Merlone]

Em 17-06-2010 09:23, Frank Bonnet escreveu:

On 06/17/2010 02:20 PM, Marcio Merlone wrote:

Em 17-06-2010 08:31, Frank Bonnet escreveu:

Does anyone knows if it is possible to manage a personnal address book
with Dovecot and IMAP ?

I mean would it be possible to store it in the IMAP user's space
and not in the MUA address book in order to always retrieve it
even changing on machine / MUA ?

I don't think IMAP was meant for that, but would be reallly nice. Have
you looked for a LDAP based address book?

We use ldap address book but only for company address book
my meanings are for PERSONAL address book


I understood. Some time ago I searched for personal address book on 
LDAP, but could not find anything ready for production use. It is 
possible anyway, setting proper ACL on a DIT to allow write access to 
LDAP by a user.


--
Marcio Merlone

Re: [Dovecot] IMAP Address book ?

[Frank Bonnet]

On 06/17/2010 02:19 PM, Robert Schetterer wrote:

Am 17.06.2010 13:31, schrieb Frank Bonnet:


Hello

Does anyone knows if it is possible to manage a personnal address book
with Dovecot and IMAP ?

I mean would it be possible to store it in the IMAP user's space
and not in the MUA address book in order to always retrieve it
even changing on machine / MUA ?

Thanks




you can do it with the kolab extension and thunderbird



OK thanks I'm gonna test this

Re: [Dovecot] IMAP Address book ?

[Frank Bonnet]

On 06/17/2010 02:20 PM, Marcio Merlone wrote:

Em 17-06-2010 08:31, Frank Bonnet escreveu:

Does anyone knows if it is possible to manage a personnal address book
with Dovecot and IMAP ?

I mean would it be possible to store it in the IMAP user's space
and not in the MUA address book in order to always retrieve it
even changing on machine / MUA ?


I don't think IMAP was meant for that, but would be reallly nice. Have
you looked for a LDAP based address book?



We use ldap address book but only for company address book
my meanings are for PERSONAL address book

Re: [Dovecot] IMAP Address book ?

[Marcio Merlone]

Em 17-06-2010 08:31, Frank Bonnet escreveu:

Does anyone knows if it is possible to manage a personnal address book
with Dovecot and IMAP ?

I mean would it be possible to store it in the IMAP user's space
and not in the MUA address book in order to always retrieve it
even changing on machine / MUA ?


I don't think IMAP was meant for that, but would be reallly nice. Have 
you looked for a LDAP based address book?


--
Marcio Merlone

Re: [Dovecot] IMAP Address book ?

[Robert Schetterer]

Am 17.06.2010 13:31, schrieb Frank Bonnet:
> 
> Hello
> 
> Does anyone knows if it is possible to manage a personnal address book
> with Dovecot and IMAP ?
> 
> I mean would it be possible to store it in the IMAP user's space
> and not in the MUA address book in order to always retrieve it
> even changing on machine / MUA ?
> 
> Thanks
> 
> 
> 
you can do it with the kolab extension and thunderbird

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] Correct folder permissions for maildir....

[Thomas Leuxner]

On Thu, Jun 17, 2010 at 02:11:44PM +0200, Thomas Leuxner wrote:
> Generally speaking it needs to match the group that Postfix uses when
> writing the mbox file. Besides this your Dovecot version is really old and
> almost guarantees other issues arising.
> 
> Regards
> Thomas

My bad, you said maildir. Anyhow have a look at these:

mail_location = maildir:~/maildir
mail_privileged_group = mail

Regards
Thomas

Re: [Dovecot] Ok, I've given up

[Ed W]

On 17/06/2010 12:19, William Blunn wrote:


Rent a virtual machine (e.g. Xen based). This saves you having to make 
capital expenditure on hardware (= keeps the bean counter happy).


I haven't found virtual machines to be especially price efficient when 
you need plenty of storage available?  Do you have a recommendation?


If you treat carefully around the edges of the bulk hosting sites there 
seem to be some reasonable quality options, eg:

http://www.hetzner.de/en/hosting/produkte_rootserver/eq4/
50 Euro/month including 2x 750GB drives



Also it means you can do backups to S3 over the backbone.


How are you backing up to S3? Most of the options I have seen have some 
serious issues that limit reliable full backups?  Its been on my todo 
list for some time now to fix the C s3fs implementation that you find 
here: http://code.google.com/p/s3fs/ - code is shocking and could easily 
be fixed up pretty well...


http://s3tools.org/ - seems maintained, but not used it?

Brackup seems excellent, but has only an initial patch to support 
backing up user permissions, so at this stage seems more useful for data 
files than a whole system backup?


Also you have the option of cheap hosting through the likes of say 
Dreamhost or Kimsufi

http://www.kimsufi.co.uk/ks/
£15/month for a single machine with a single 250GB (non backed up) 
disk.  Twice that price can get you multiple TB disks.  Use this plus rsync?


Not really sure where the sweet spot is here, but unsure what S3 really 
buys us?




I've not generally noticed a problem with uptime these days.


It becomes a challenge doesn't it... I just had to reboot a machine with 
something like 2+ years of uptime in order to upgrade a kernel and it's 
kind of annoying to see the uptime reset!


Cheers

Ed W

Re: [Dovecot] Correct folder permissions for maildir....

[Thomas Leuxner]

On Thu, Jun 17, 2010 at 09:52:46PM +1000, Donovan J. Edye wrote:
> G'Day,
>
> LDA = Local Delivery Agent? Postfix is the MTA with Dovecot providing  
> POP3 and IMAP.
>

Have a look at this Dovecot variable "mail_privileged_group = mail"

http://wiki.dovecot.org/MailboxFormat/mbox

Generally speaking it needs to match the group that Postfix uses when
writing the mbox file. Besides this your Dovecot version is really old and
almost guarantees other issues arising.

Regards
Thomas

Re: [Dovecot] Correct folder permissions for maildir....

[Daniel Petre]

> G'Day,
>
> LDA = Local Delivery Agent? Postfix is the MTA with Dovecot
> providing POP3 and IMAP.

okay then, shouldnt dovecot have rw acces to the folders the mail is
delivered by postfix under the user that MTA runs?


>
> On 17/06/2010 9:35 PM, Daniel Petre wrote:
>> hello,
>> is your dovecot supposed to act as a LDA ?
>>
>>
>>> G'Day,
>>>
>>> I am trying to find a definitive answer to what the directory
>>> permissions should be for my configuration under Centos 5.5. I
>>> see a number of the following error messages in the maillog as
>>> a consequence of permissions errors. After reading the FAQ,
>>> Wiki etc. and browsing the web I am unable to determine just
>>> exactly what the user security settings should be for the
>>> offending folders. If anyone could point me in the right
>>> direction I would appreciate it. Should you require additional
>>> diagnostic information let me know and I will source it.
>>>
>>> The error messages:
>>>
>>> Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz):
>>> mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX)
>>> failed: Permission denied Jun 17 19:53:09 moe dovecot:
>>> POP3(marnie.capitel):
>>> mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX)
>>> failed: Permission denied
>>>
>>>
>>> dovecot -n
>>>
>>> # 1.0.7: /etc/dovecot.conf
>>> protocols: imap pop3 imaps pop3s
>>> listen: 116.212.71.194
>>> ssl_listen: 116.212.71.194
>>> login_dir: /var/run/dovecot/login
>>> login_executable(default): /usr/libexec/dovecot/imap-login
>>> login_executable(imap): /usr/libexec/dovecot/imap-login
>>> login_executable(pop3): /usr/libexec/dovecot/pop3-login
>>> mail_location: mbox:~/mail/:INBOX=/var/mail/%u
>>> mail_executable(default): /usr/libexec/dovecot/imap
>>> mail_executable(imap): /usr/libexec/dovecot/imap
>>> mail_executable(pop3): /usr/libexec/dovecot/pop3
>>> mail_plugin_dir(default): /usr/lib/dovecot/imap
>>> mail_plugin_dir(imap): /usr/lib/dovecot/imap
>>> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
>>> pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap):
>>> %08Xu%08Xv pop3_uidl_format(pop3): %v.%u namespace: type:
>>> private separator: / prefix: #mbox/ location:
>>> mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes
>>> namespace: type: private separator: / location:
>>> maildir:~/Maildir auth default: passdb: driver: pam userdb:
>>> driver: passwd
>>>
>>> ps aux | grep dovecot
>>>
>>> root  3457  0.0  0.0   1880   508 ?Ss   Jun13
>>> 0:20 /usr/sbin/dovecot
>>> root  5650  0.0  0.1   7952  1460 ?S03:28
>>> 0:04 dovecot-auth
>>> dovecot  15591  0.0  0.1   4992  1760 ?S19:26
>>> 0:00 imap-login dovecot  15598  0.0  0.1   4992  1752 ?
>>> S 19:26   0:00 imap-login dovecot  15627  0.0  0.1   4992  1508
>>> ? S19:26   0:00 imap-login dovecot  16596  0.0  0.1   4988
>>> 1748 ?S19:45   0:00 pop3-login dovecot  16615  0.0
>>> 0.1 4988  1744 ?S19:46   0:00 pop3-login dovecot
>>> 16720 0.2  0.1   4988  1500 ?S19:47   0:00 pop3-
>>> login root 16726  0.0  0.0   4000   700 pts/0S+   19:48
>>> 0:00 grep dovecot
--
Daniel Petre,
System Administrator
RCS & RDS, Pitesti
Tel: 0348400426
Mobil: 0770048708
Skype: daniel-petre
Ym: petredaniel

Re: [Dovecot] Correct folder permissions for maildir....

[Donovan J. Edye]

G'Day,

LDA = Local Delivery Agent? Postfix is the MTA with Dovecot providing 
POP3 and IMAP.


On 17/06/2010 9:35 PM, Daniel Petre wrote:

hello,
is your dovecot supposed to act as a LDA ?



G'Day,

I am trying to find a definitive answer to what the directory
permissions should be for my configuration under Centos 5.5. I see
a number of the following error messages in the maillog as a
consequence of permissions errors. After reading the FAQ, Wiki etc.
and browsing the web I am unable to determine just exactly what the
user security settings should be for the offending folders. If
anyone could point me in the right direction I would appreciate it.
Should you require additional diagnostic information let me know
and I will source it.

The error messages:

Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz):
mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX)
failed: Permission denied Jun 17 19:53:09 moe dovecot:
POP3(marnie.capitel):
mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed:
Permission denied


dovecot -n

# 1.0.7: /etc/dovecot.conf
protocols: imap pop3 imaps pop3s
listen: 116.212.71.194
ssl_listen: 116.212.71.194
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: mbox:~/mail/:INBOX=/var/mail/%u
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3):
/usr/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u
namespace: type: private separator: / prefix: #mbox/ location:
mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes namespace:
type: private separator: / location: maildir:~/Maildir auth
default: passdb: driver: pam userdb: driver: passwd

ps aux | grep dovecot

root  3457  0.0  0.0   1880   508 ?Ss   Jun13   0:20
/usr/sbin/dovecot
root  5650  0.0  0.1   7952  1460 ?S03:28   0:04
dovecot-auth
dovecot  15591  0.0  0.1   4992  1760 ?S19:26   0:00
imap-login dovecot  15598  0.0  0.1   4992  1752 ?S
19:26   0:00 imap-login dovecot  15627  0.0  0.1   4992  1508 ?
   S19:26   0:00 imap-login dovecot  16596  0.0  0.1   4988
1748 ?S19:45   0:00 pop3-login dovecot  16615  0.0  0.1
  4988  1744 ?S19:46   0:00 pop3-login dovecot  16720
0.2  0.1   4988  1500 ?S19:47   0:00 pop3-login root
16726  0.0  0.0   4000   700 pts/0S+   19:48   0:00 grep
dovecot

[Dovecot] LDA to address extensions

[Martijn de Munnik]

Hi List,

I'm trying to make dovecot deliver messages to sam+extens...@example.com to the 
imap folder 'extension' of the user 'sam'. I've configured postfix with these 
dovecot as LDA:

mailbox_command = /opt/redknot/libexec/dovecot/deliver -f "$SENDER" -d "$USER" 
-m "$EXTENSION" -a "$RECIPIENT"
recipient_delimiter = +

Sam is a local system user so I don't want to use virtual_transport (I think). 
I've read http://wiki.dovecot.org/LDA/Postfix but so far without success.

# 1.2.11: /etc/opt/redknot/dovecot.conf
Warning: There is no way to login to this server: disable_plaintext_auth=yes, 
ssl=no, no non-plaintext auth mechanisms.
# OS: SunOS 5.11 sun4v  
log_path: /var/log/dovecot.log
ssl: no
login_dir: /opt/redknot/var/run/dovecot/login
login_executable: /opt/redknot/libexec/dovecot/imap-login
login_max_processes_count: 10
max_mail_processes: 10
mail_location: maildir:~/Maildir
lda:
 postmaster_address: postmas...@redknot.nl
 mail_plugins: sieve
 mail_plugin_dir: /opt/redknot/lib/dovecot/lda
 sendmail_path: /usr/sbin/sendmail
 auth_socket_path: /opt/redknot/var/run/dovecot/auth-master
auth default:
 passdb:
   driver: pam
   args: other
 userdb:
   driver: passwd
 socket:
   type: listen
   master:
 path: /opt/redknot/var/run/dovecot/auth-master
 mode: 384
plugin:
 sieve_before: /etc/opt/redknot/sieve/before
 sieve_after: /etc/opt/redknot/sieve/after

I know about the warning, this dovecot is only used as LDA, not for imap or 
pop3.

thanks,
Martijn

YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568
YoungGuns
Kasteleinenkampweg 7b
5222 AX 's-Hertogenbosch
T. 073 623 56 40
F. 073 623 56 39
www.youngguns.nl
KvK 18076568

Re: [Dovecot] OT - Re: Dovecot 1.1.x and 1.2.x differencies

[Ed W]

On 16/06/2010 19:14, Charles Marcus wrote:

On 2010-06-16 1:18 PM, Ed W wrote:
   

It seems like a compromise would be for the likes of Debian/Redhat to
have a clear split between "Apps" and "System" and offer the option to
stay "fresh but tested" on the apps repo, but "stable and mouldy" on the
System repo?
 

Exactly... even gentoo could benefit from this concept, although I'm not
sure how hard it would be to implement...

   


Hmm, well system packages are those defined in your profile.  I guess at 
the simplest you could simply use a wrapper so that "emerge world" runs 
with a different ACCEPT_KEYWORDS to "emerge system"?


Note that if you haven't experimented with running your own custom 
profiles then I would highly recommend it!  I start with the generic 
hardened profiles and then create my own tree in 
/usr/local/portage/profiles and then have sub profiles for different 
server types, eg mail / mysql / www_nginx / www_apache / etc


This allows me to centralise my USE flags and required software 
versions.  I then use copious linux-vservers to run apps at a very 
granular level (pretty much each web site gets it's own vserver) and 
it's highly memory efficient and very simple to update.  The host server 
runs very few apps and I can easily bump services to a different 
physical server very easily.  Figure out how to sync the storage between 
nodes and assuming you have that sorted then high availability becomes 
fairly straightforward case of simply moving the IP addresses between 
nodes and bringing up the vservers on the node of your choice - 
moderately straightforward as HA goes...


linux-vserver comes with a bunch of wrappers around emerge that allow 
you to easily update lots of servers quite quickly.  Very neat.  I 
emerge with "-k --new-use" which forces a build of a package if the use 
flags don't match, but otherwise uses the available binary


Cheers

Ed W

Re: [Dovecot] Correct folder permissions for maildir....

[Daniel Petre]

hello,
is your dovecot supposed to act as a LDA ?


> G'Day,
>
> I am trying to find a definitive answer to what the directory
> permissions should be for my configuration under Centos 5.5. I see
> a number of the following error messages in the maillog as a
> consequence of permissions errors. After reading the FAQ, Wiki etc.
> and browsing the web I am unable to determine just exactly what the
> user security settings should be for the offending folders. If
> anyone could point me in the right direction I would appreciate it.
> Should you require additional diagnostic information let me know
> and I will source it.
>
> The error messages:
>
> Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz):
> mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX)
> failed: Permission denied Jun 17 19:53:09 moe dovecot:
> POP3(marnie.capitel):
> mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed:
> Permission denied
>
>
> dovecot -n
>
> # 1.0.7: /etc/dovecot.conf
> protocols: imap pop3 imaps pop3s
> listen: 116.212.71.194
> ssl_listen: 116.212.71.194
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/libexec/dovecot/imap-login
> login_executable(imap): /usr/libexec/dovecot/imap-login
> login_executable(pop3): /usr/libexec/dovecot/pop3-login
> mail_location: mbox:~/mail/:INBOX=/var/mail/%u
> mail_executable(default): /usr/libexec/dovecot/imap
> mail_executable(imap): /usr/libexec/dovecot/imap
> mail_executable(pop3): /usr/libexec/dovecot/pop3
> mail_plugin_dir(default): /usr/lib/dovecot/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3):
> /usr/lib/dovecot/pop3 pop3_uidl_format(default): %08Xu%08Xv
> pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %v.%u
> namespace: type: private separator: / prefix: #mbox/ location:
> mbox:~/mail:INBOX=/var/mail/%u inbox: yes hidden: yes namespace:
> type: private separator: / location: maildir:~/Maildir auth
> default: passdb: driver: pam userdb: driver: passwd
>
> ps aux | grep dovecot
>
> root  3457  0.0  0.0   1880   508 ?Ss   Jun13   0:20
> /usr/sbin/dovecot
> root  5650  0.0  0.1   7952  1460 ?S03:28   0:04
> dovecot-auth
> dovecot  15591  0.0  0.1   4992  1760 ?S19:26   0:00
> imap-login dovecot  15598  0.0  0.1   4992  1752 ?S
> 19:26   0:00 imap-login dovecot  15627  0.0  0.1   4992  1508 ?
>   S19:26   0:00 imap-login dovecot  16596  0.0  0.1   4988
> 1748 ?S19:45   0:00 pop3-login dovecot  16615  0.0  0.1
>  4988  1744 ?S19:46   0:00 pop3-login dovecot  16720
> 0.2  0.1   4988  1500 ?S19:47   0:00 pop3-login root
> 16726  0.0  0.0   4000   700 pts/0S+   19:48   0:00 grep
> dovecot

Re: [Dovecot] Ok, I've given up

[Timo Sirainen]

On 17.6.2010, at 6.59, Chuck McManis wrote:

> First, part of this effort was to move off of an APOP infrastructure into
> something more secure against password eavesdropping. To that end I've
> configured Dovecot with simply:
> 
> protocols = pop3
> service pop3-login {
>  inet_listener pop3s {
>port = 995
>ssl = yes
>  }
> }
> 
> Note that there is NO port = 110 listener and yet Dovecot seems to listen
> there anyway.

Yes, it's doing that by default. If you want to disable it, use

service pop3-login {
  inet_listener pop3 {
port = 0
  }
}

> My question, can I be sure that it is not accepting non-SSL
> based connections?

disable_plaintext_auth = yes is also default, so it won't allow users to log in 
via non-SSL anyway (with 110 port it requires starttls). Of course, this might 
not prevent some clients from trying to send the password anyway.

> Question 2) Is there any way to run dovecot from tcpserver ?

v1.x yes (but there have been some problems), v2.0 no.

> One of the things I like is the program tcpserver. I like it because I can
> simply "not allow" large chunks of the internet to connect at all to certain
> ports.

v2.0 supports tcpwrappers if that helps.

[Dovecot] IMAP Address book ?

[Frank Bonnet]

Hello

Does anyone knows if it is possible to manage a personnal address book
with Dovecot and IMAP ?

I mean would it be possible to store it in the IMAP user's space
and not in the MUA address book in order to always retrieve it
even changing on machine / MUA ?

Thanks

[Dovecot] Correct folder permissions for maildir....

[Donovan J. Edye]

G'Day,

I am trying to find a definitive answer to what the directory 
permissions should be for my configuration under Centos 5.5. I see a 
number of the following error messages in the maillog as a consequence 
of permissions errors. After reading the FAQ, Wiki etc. and browsing the 
web I am unable to determine just exactly what the user security 
settings should be for the offending folders. If anyone could point me 
in the right direction I would appreciate it. Should you require 
additional diagnostic information let me know and I will source it.


The error messages:

Jun 17 19:50:14 moe dovecot: POP3(carolyn.spyseebiz): 
mkdir_parents(/home/spyseebiz/homes/carolyn/mail/.imap/INBOX) failed: 
Permission denied
Jun 17 19:53:09 moe dovecot: POP3(marnie.capitel): 
mkdir_parents(/home/capitel/homes/marnie/mail/.imap/INBOX) failed: 
Permission denied



dovecot -n

# 1.0.7: /etc/dovecot.conf
protocols: imap pop3 imaps pop3s
listen: 116.212.71.194
ssl_listen: 116.212.71.194
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: mbox:~/mail/:INBOX=/var/mail/%u
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %v.%u
namespace:
  type: private
  separator: /
  prefix: #mbox/
  location: mbox:~/mail:INBOX=/var/mail/%u
  inbox: yes
  hidden: yes
namespace:
  type: private
  separator: /
  location: maildir:~/Maildir
auth default:
  passdb:
driver: pam
  userdb:
driver: passwd

ps aux | grep dovecot

root  3457  0.0  0.0   1880   508 ?Ss   Jun13   0:20 
/usr/sbin/dovecot
root  5650  0.0  0.1   7952  1460 ?S03:28   0:04 
dovecot-auth

dovecot  15591  0.0  0.1   4992  1760 ?S19:26   0:00 imap-login
dovecot  15598  0.0  0.1   4992  1752 ?S19:26   0:00 imap-login
dovecot  15627  0.0  0.1   4992  1508 ?S19:26   0:00 imap-login
dovecot  16596  0.0  0.1   4988  1748 ?S19:45   0:00 pop3-login
dovecot  16615  0.0  0.1   4988  1744 ?S19:46   0:00 pop3-login
dovecot  16720  0.2  0.1   4988  1500 ?S19:47   0:00 pop3-login
root 16726  0.0  0.0   4000   700 pts/0S+   19:48   0:00 grep 
dovecot


--
--Donovan J. Edye
Calico Communications - "All your marketing, communication & web needs."
Home To: daisyndandelion.com.au, natiki.com.au, themarketingcoach.com.au
w: calicom.com.au
t: +61-2-6292-1573
f: +61-2-6292-1592
p: PO Box 165, Erindale Centre, ACT 2903, Australia

Re: [Dovecot] Ok, I've given up

[William Blunn]

Chuck McManis wrote:

Out of curiosity, lets say you were given the task I've set for myself which is 
described thusly:

Provide a system that gives shell and email service to a dozen users, hosts 
perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines.

Preferred OS and what makes it the one you choose?
  


Ubuntu. All the loveliness of Debian but actually usable in the real world.


Preferred MTA and what makes it the one you choose?
  


Exim. http://shearer.org/MTA_Comparison


Name service?
  


Name service?


ssh implementation?
  


Not really a question. But if there must be an answer then OpenSSH from 
the distro, remembering to make sure we have the distro's security 
stream in our package sources.


(If you need more security than this, then you should have the funds to 
do this properly without asking questions on mailing lists. If you need 
more security but aren't attracting that revenue stream, then in the 
wrong game and you need to go home and have are re-think about what you 
want to do to make a living.)



Hardware?
  


Rent a virtual machine (e.g. Xen based). This saves you having to make 
capital expenditure on hardware (= keeps the bean counter happy). Also 
it means you can do backups to S3 over the backbone.



Now I'll confess that in the way back times I helped start a company that
built this exact thing as a hands off appliance for small to medium
businesses, the company was called 'FreeGate.'  When the domain was retired
I believe one of the boxes reported back an uptime of just over 5.5 years
for a 48 user, 150 host domain.
  


I've not generally noticed a problem with uptime these days.

Bill

Re: [Dovecot] Ok, I've given up

[Ed W]

On 17/06/2010 09:46, Chuck McManis wrote:
Out of curiosity, lets say you were given the task I've set for myself 
which

is described thusly:

Provide a system that gives shell and email service to a dozen users, hosts
perhaps 15 or so mailing lists, provides DNS for 20 - 30 machines.

Preferred OS and what makes it the one you choose?
Preferred MTA and what makes it the one you choose?
Name service?
ssh implementation?
Hardware?


This is probably a good "slashdot asks" question... A million replies 
driven by what people are familiar with...


I think you already named all the main software packages, so really bar 
some smaller apps (which definitely will work better for certain more 
niche projects!) you really have:


- Postfix/Sendmail (and perhaps qmail) for smtp
- Dovecot / Cyrus (and perhaps Courier) for imap

I should think that the real point is the management of all of the 
above.  Yes any reasonably competent user here can probably manage a one 
off server, but managing one "for a friend", ie for very little cost 
(perhaps 5 mins a year) will mean a requirement for some management tools


Perhaps someone else can name a bunch of distros which package the above 
up with a nice GUI and make a cool integrated system?  Obviously at the 
larger end you have the Scalix / Open Exchange / SOGO, etc (insert 5 
more here) type systems, but all the ones I know of feel a bit bulky for 
a small office?


Probably the answer for many is to go hosted..?

What I have is a rails app using ActiveScaffold which manages a fairly 
generic database and allows me to very easily manage users across all 
servers in a very simple way.  Very happy to opensource it if someone 
wanted to do some spade work to tidy it up, but really it can be 
re-implemented in a few hours by anyone competent with Rails and I'm 
very happy to share my DB schema which is really the trick


My system uses:

- Dovecot (changed from Courier some years ago, no experience of Cyrus, 
but sounds like a competitor)
- Postfix (never used qmail, used Sendmail in the early 90s and never 
ever ever want to see it again (sorry))

- Spamassassin
- P0f
- Clamav
- Fail2ban + simple iptables rules
- Mysql for database, every main app keys into a single schema
- DNSCache for local dnscache on the servers, but found dnsmasq ample 
for a home office size setup.  DNSmadeeasy.com for domain hosting...



I think without my custom rails app to manage the DB schema it would be 
a complete pain to admin, but all it takes is a basic gui to transform 
such a bag of bits to something useful...


Good luck

Ed W

Re: [Dovecot] Ok, I've given up

[Chuck McManis]

On Thu, Jun 17, 2010 at 12:20 AM, /dev/rob0  wrote:

> On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote:
> > In the interest of moving forward on this project
>
> I looked back at your other thread and at this one, and, hmmm. I
> invite you to join us in the new millennium.
>
> 1. POP3 sucks.
>   IMAP can do everything POP3 can do, and many things POP3 cannot.
>   Check it out, and you will want to give up POP3.
>
> 2. mbox sucks, mostly.
>   Mostly; mbox is slightly better for POP retrieve-and-delete usage,
>   but there, see #1 above. Maildir gives the administrator, and a
>   shell user, many options.
>
>  2a. mutt and alpine are both Unix console-based MUAs which
>  understand maildir *and* IMAP. I'm using mutt with IMAP,
>  because it has advantages over direct maildir access.
>
> 3. qmail is dead.
>   Over ten years without any coordinated development, five years
>   since the last (only?) netqmail release. Email has changed a lot
>   in those years, and yes, you can patch qmail to get most of the
>   functionality of a modern MTA, but IME that was a crapshoot. Why
>   fight it, when other, well-maintained, featureful MTA choices
>   exist?
>  3a. qmail is both much more vulnerable to spam AND by default,
>  the source of much spam.
>

So SMTP hasn't changed much in 30 years ;-) I'd be interested in what you
consider a 'modern' MTA. I've looked pretty thoroughly at sendmail, postfix,
and qmail and of the three qmail is fairly reliable. Not sure what makes a
particular MTA more 'vulnerable' to spam. I don't run an open relay and I
generally find barracuda central a decent rbl source. Between that and using
tcpserver to simply not accept connections from zombies spam hasn't really
been an issue.


>
> > I've given up trying to
> > get Dovecot to support mailboxes, rather I've tweaked around in qmail and
> > had it deliver into a mail directory on a disk, that isn't NFS mounted.
> That
> > got me past the various locking complaints and "operation not supported"
> on
> > home directories that were mounted from the NetApp filer.
> >
> > Going as vanilla as possible I've managed to both send an email that
> qmail
> > delivered and fetch the email with my 3 test clients (Eudora,
> Thunderbird,
> > and Evolution) (I know they are, in a sense, all variations on a theme
> but
> > MUA monoculture seems to be inevitable these days).
> >
> > So a few questions for the other esteemed system operators here if you
> know
> > the answer I'd love to hear it.
> >
> > Question 1) Are my user's passwords safe from prying eyes?
>
> Not enough information provided to be able to answer that.
>
> > First, part of this effort was to move off of an APOP infrastructure into
> > something more secure against password eavesdropping. To that end I've
> > configured Dovecot with simply:
> >
> > protocols = pop3
> > service pop3-login {
> >   inet_listener pop3s {
> > port = 995
> > ssl = yes
> >   }
> > }
> >
> > Note that there is NO port = 110 listener and yet Dovecot seems to listen
>
> You would want to find out WHAT is listening on 110. Tools like
> netstat(8) (8 in Linux, probably section 1 in BSD) are useful.
>

Actually I know its dovecot that opens 110. I see it in netstat and I've got
lsof to tell me that its being held open by the pop3 process:

dovecot   82197 root   15uIPv4   0xc435d4f00t0  TCP
*:pop3 (LISTEN)

I'm not new to system administration mind you, just new to using dovecot.

And looking through tcpdump logs of what the clients send and vs what
dovecot responds, basically it is listening too, and refusing to answer, any
requests on 110. So it seems like we should be able to have it not listen
there. From watching the packets I've managed to convince myself that
dovecot is only allowing SSL connections to go through authentication. But
if there is a vulnerability in its pop3 code I worry about someone getting
squirrelly with the 110 port, hence my desire to just have it not listen
there at all.

> there anyway. My question, can I be sure that it is not accepting non-SSL
> > based connections? Attempts to use plaintext on 110 were rebuffed so that
> > seems to be the case. My intent is that if my user is using this in an
> > airport they won't give away their email password to a bad guy who is
> > sniffing all the packets.
> >
> > Question 2) Is there any way to run dovecot from tcpserver ?
> >
> > One of the things I like is the program tcpserver. I like it because I
> can
> > simply "not allow" large chunks of the internet to connect at all to
> certain
>
> Yeah, Wietse wrote a similar program back in that era too, TCP
> wrappers. Similarly, it was abandoned. Most Unix and Unix-like
> operating systems have the ability to do packet filtering which is
> more powerful and more flexible.
>

We have different interpretations of 'abandoned' ;-) I looked at using the
firewall rules to manage connection rules (love the concept behind fail2ban
al

Re: [Dovecot] BUG Dovecot 1.0.15 and Apples Mail.app

[Thomas Leuxner]

On Thu, Jun 17, 2010 at 09:18:45AM +0200, Gerhard Waldemair wrote:
> Is there anyone using Apple´s Mail.app to collect the mails via IMAP or IMAPS 
> ?
> 
> I found a funny bug in Debian Lennys Dovecot Version. (still v. 1.0.15)
[...]
> 
> Now I have updatet Dovecot from 1.0 to 1.2 from Backports and everything 
> works great now !

Timo,

I guess one solution would be to provide some kind of EOL roadmap on
the website as 1.x series for sure won't receive updates anymore. If so
it could easily stop those questions about way outdated releases in the
future where one could just send the link to that to the OP.

Regards
Thomas

Re: [Dovecot] dovecot vs. Thunderbird

[Bodo Schulz]

Am 15.06.2010 13:11, schrieb Bodo Schulz:
> Hello (and Moin Moin) ;)
> 
> I have currently a straith Problem ...

[...]

I have yesterday compile a old Thunderbird2 Version.
This Version (2.0.0.23) works perfectly.

It is also an Bug in the used Thunderbird3 Version (3.0.4).

Thanks a lot for your help!

We still waiting for an update ...

Greetings from Hamburg,
 Bodo

Re: [Dovecot] Ok, I've given up

[/dev/rob0]

On Wed, Jun 16, 2010 at 10:59:55PM -0700, Chuck McManis wrote:
> In the interest of moving forward on this project

I looked back at your other thread and at this one, and, hmmm. I 
invite you to join us in the new millennium.

1. POP3 sucks.
   IMAP can do everything POP3 can do, and many things POP3 cannot. 
   Check it out, and you will want to give up POP3.

2. mbox sucks, mostly.
   Mostly; mbox is slightly better for POP retrieve-and-delete usage, 
   but there, see #1 above. Maildir gives the administrator, and a 
   shell user, many options.

  2a. mutt and alpine are both Unix console-based MUAs which 
  understand maildir *and* IMAP. I'm using mutt with IMAP,
  because it has advantages over direct maildir access.

3. qmail is dead.
   Over ten years without any coordinated development, five years 
   since the last (only?) netqmail release. Email has changed a lot 
   in those years, and yes, you can patch qmail to get most of the 
   functionality of a modern MTA, but IME that was a crapshoot. Why
   fight it, when other, well-maintained, featureful MTA choices 
   exist?
  3a. qmail is both much more vulnerable to spam AND by default, 
  the source of much spam.

> I've given up trying to
> get Dovecot to support mailboxes, rather I've tweaked around in qmail and
> had it deliver into a mail directory on a disk, that isn't NFS mounted. That
> got me past the various locking complaints and "operation not supported" on
> home directories that were mounted from the NetApp filer.
> 
> Going as vanilla as possible I've managed to both send an email that qmail
> delivered and fetch the email with my 3 test clients (Eudora, Thunderbird,
> and Evolution) (I know they are, in a sense, all variations on a theme but
> MUA monoculture seems to be inevitable these days).
> 
> So a few questions for the other esteemed system operators here if you know
> the answer I'd love to hear it.
> 
> Question 1) Are my user's passwords safe from prying eyes?

Not enough information provided to be able to answer that.

> First, part of this effort was to move off of an APOP infrastructure into
> something more secure against password eavesdropping. To that end I've
> configured Dovecot with simply:
> 
> protocols = pop3
> service pop3-login {
>   inet_listener pop3s {
> port = 995
> ssl = yes
>   }
> }
> 
> Note that there is NO port = 110 listener and yet Dovecot seems to listen

You would want to find out WHAT is listening on 110. Tools like 
netstat(8) (8 in Linux, probably section 1 in BSD) are useful.

> there anyway. My question, can I be sure that it is not accepting non-SSL
> based connections? Attempts to use plaintext on 110 were rebuffed so that
> seems to be the case. My intent is that if my user is using this in an
> airport they won't give away their email password to a bad guy who is
> sniffing all the packets.
> 
> Question 2) Is there any way to run dovecot from tcpserver ?
> 
> One of the things I like is the program tcpserver. I like it because I can
> simply "not allow" large chunks of the internet to connect at all to certain

Yeah, Wietse wrote a similar program back in that era too, TCP 
wrappers. Similarly, it was abandoned. Most Unix and Unix-like 
operating systems have the ability to do packet filtering which is 
more powerful and more flexible.

> ports. (I use this for SSH in particular since all the kids love throwing
> dictionary attacks around). I'd like to give my POP3 ports equivalent
> protection. I also like the logging facilities of the supervise / multilog
> service.
> 
> To use this I'd need Dovecot to accept the connection handed to it, and not
> do the whole setsid daemon thing since tcpserver will start another one if
> needed. I can send the logging out to stderr (thanks!) and get the logging

There's another DJB-ism that I don't care for; syslog(3)/syslogd(8) 
works well. Those TAI64N timestamps are a pain.

> stuff but still wondering about the 'hand you a connection.'
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

[Dovecot] BUG Dovecot 1.0.15 and Apples Mail.app

[Gerhard Waldemair]

Is there anyone using Apple´s Mail.app to collect the mails via IMAP or IMAPS ?

I found a funny bug in Debian Lennys Dovecot Version. (still v. 1.0.15)

When I get my Mails via IMAP or IMAPS and define a Rule in Mail.app to move the 
eMail to s specific folder I will find the mail 2 times in the folder.
After a minute or so the double Mail disappears.

I have tried it with other programs like Thunderbird. There everything works, 
v1.0 too.


Now I have updatet Dovecot from 1.0 to 1.2 from Backports and everything works 
great now !


Regards, Gerhard

PS in Squeeze Dovecot is Version 1.2