Re: [Dovecot] Differences between IPv4 and IPv6 authentication
On 31.10.2010, at 19.49, Tony Meyer wrote: > I have Dovecot listening on both IPv4 and IPv6, and can connect on > both interfaces, but cannot authenticate over IPv6, using exactly the > same credentials as IPv4. I assumed that the same authentication > mechanisms would be used, regardless of the protocol being used - are > there differences somewhere? No. > ~$ telnet server1.teststable.simplyspamfree.com 143 Try 127.0.0.1 vs ::1 > Any insight would be appreciated, thanks! Proxy/firewall/antivirus/etc in the middle? If none of that is helpful, set auth_debug_passwords=yes and see the logs.
[Dovecot] Differences between IPv4 and IPv6 authentication
Hi, I have Dovecot listening on both IPv4 and IPv6, and can connect on both interfaces, but cannot authenticate over IPv6, using exactly the same credentials as IPv4. I assumed that the same authentication mechanisms would be used, regardless of the protocol being used - are there differences somewhere? For example: ~$ telnet server1.teststable.simplyspamfree.com 143 Trying 2a01:4f8:100:12c1:bc:28:b2:34... Connected to server1.teststable.simplyspamfree.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Training System v2.8.30038 ready. 0 login training 0 NO [AUTHENTICATIONFAILED] Authentication failed. 0 logout * BYE Logging out 0 OK Logout completed. ~$ telnet -4 server1.teststable.simplyspamfree.com 143 Trying 188.40.178.56... Connected to server1.teststable.simplyspamfree.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Training System v2.8.30038 ready. 0 login training 0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in 0 logout * BYE Logging out 0 OK Logout completed. Any insight would be appreciated, thanks! Cheers, Tony ~$ dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-bpo.3-amd64 x86_64 Debian 5.0.6 log_path: /var/log/spamexperts/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S listen: *, [::] disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 100 mail_privileged_group: mail fsync_disable: yes mbox_write_locks: fcntl dotlock mail_executable: /home/spamexperts/post-login.sh mail_plugins: acl quota imap_quota expire imap_client_workarounds: delay-newmail auth default: passdb: driver: sql args: /etc/dovecot/dovecot-mysql-maint.conf passdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf userdb: driver: sql args: /etc/dovecot/dovecot-mysql-maint.conf userdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf plugin: quota: maildir acl: vfile:/etc/dovecot/dovecot-acls expire: Caught 30 expire_dict: proxy::expire dict: expire: mysql:/etc/dovecot/dovecot-expire-mysql.conf
Re: [Dovecot] Linux Bootup: Dovecot Failure
Am 31.10.2010 19:04, schrieb Stan Hoeppner: Was ntpd really the problem or were you missing a loopback interface? What is the output of 'cat /etc/network/interfaces'? Do you see: auto lo iface lo inet loopback or something similar? Im Sorry, loopback interface was installed properly and is in /etc/network/interfaces indeed. And it really was something around the ntp service. After purging both ntp and ntpdate I rebooted the system. And voila, the timed out error was gone. ntpd and ntpdate serve two different functions, well, actually the same function but in two different ways. Most Linux distros have both installed automatically. Removing ntpdate won't fix a config problem with ntpd. ntpdate is an interactive (command line) utility. It can be setup to run via cron once or twice a day to sync the time to an ntp server instead of using ntpd. Best practices calls for ntpd however, and recommends against using cron'd ntpdate. The latter puts too much stress on the world's ntp servers when everyone does it that way, since most OPs that did so scheduled syncs at noon and midnight. So the ntp servers would get flooded with millions of requests in a period of a few seconds, twice a day--not good. You really, really need accurate time on a mail server, which means you should have ntpd configured properly and running. On most Linux distros today all you have to do is install the package and the install script takes care of the rest. You may need to configure your pool servers manually. For you those should probably be: 0.de.pool.ntp.org 1.de.pool.ntp.org Just for fun, what is the complete output of (executed on the mail server shell of course): ntpdate -q 0.de.pool.ntp.org This will make a query without changing the local machine time. It will tell us the current error of your clock. I just installed ntpdate for you ;) again and this is the output: # ntpdate -q 0.de.pool.ntp.org server 188.40.77.71, stratum 2, offset 0.000922, delay 0.03386 server 89.238.71.130, stratum 2, offset -0.004381, delay 0.04456 server 131.234.137.24, stratum 1, offset -0.003588, delay 0.03430 31 Oct 19:33:46 ntpdate[1412]: adjust time server 131.234.137.24 offset -0.003588 sec But actually, my first two ntp servers are some local ones. They are run by another SystemOperator and do their job fine. After installing ntpdate, the error "Unexpected first line timed out, nothing received>" reoccured. Purgin it again, removed it... Here is another output (without ntpdate installed): # ntpq -p remote refid st t when poll reach delay offset jitter == +wrzx03.rz.uni-w 131.188.3.2202 u 14 6410.5510.038 0.028 +wrz1003.rz.uni- 131.188.3.2202 u 17 6410.5420.042 0.018 interactive21.d 192.53.103.104 2 u 23 641 16.345 -9.671 0.002 formularfetisch 160.45.10.8 2 u 25 6418.340 -1.062 0.002 valiant.die-com 192.53.103.103 2 u 26 6400.000 0.000 0.002 *netz.smurf.nori 131.234.137.24 2 u 11 6417.356 -5.412 0.241 zit-net2.uni-pa .DCF.1 u 26 6400.000 0.000 0.002 To sum it up: Config with packet ntp installed runs properly and I still think that ntpdate throws the errors. Even system Startup is faster without it. Its 60seconds vs ~18seconds on rc2.d startuptime. If I aint wrong, my system time is still accurate. And the problem is solved, or did I miss something? Greetings, Christopher Metter
Re: [Dovecot] Linux Bootup: Dovecot Failure
Christopher Metter put forth on 10/31/2010 11:46 AM: > Hi again, > > sorry for late response, but I was busy doing other things. > > > Thanks Stan, your tip fingering ntp to be the culprit was right! Was ntpd really the problem or were you missing a loopback interface? What is the output of 'cat /etc/network/interfaces'? Do you see: auto lo iface lo inet loopback or something similar? > After reading different FAQs on ntp and reconfiguring /etc/ntpd.conf, I > just purged ntp AND ntpdate (Don't ask me why both were installed), > rebootet and everything was fine. > After just installing ntp and another reboot everything still was okay > and now I dont have any ntpserver starting ;) > I assume the installation of both ntp and ntpdate was the problem. ntpd and ntpdate serve two different functions, well, actually the same function but in two different ways. Most Linux distros have both installed automatically. Removing ntpdate won't fix a config problem with ntpd. ntpdate is an interactive (command line) utility. It can be setup to run via cron once or twice a day to sync the time to an ntp server instead of using ntpd. Best practices calls for ntpd however, and recommends against using cron'd ntpdate. The latter puts too much stress on the world's ntp servers when everyone does it that way, since most OPs that did so scheduled syncs at noon and midnight. So the ntp servers would get flooded with millions of requests in a period of a few seconds, twice a day--not good. You really, really need accurate time on a mail server, which means you should have ntpd configured properly and running. On most Linux distros today all you have to do is install the package and the install script takes care of the rest. You may need to configure your pool servers manually. For you those should probably be: 0.de.pool.ntp.org 1.de.pool.ntp.org Just for fun, what is the complete output of (executed on the mail server shell of course): ntpdate -q 0.de.pool.ntp.org This will make a query without changing the local machine time. It will tell us the current error of your clock. > Thank you for your help. You are very welcome. Now let's make sure we get your system time sync running properly. :) -- Stan > > > Greetings, > Christopher Metter > > Am 24.10.2010 05:27, schrieb Stan Hoeppner: >> Christopher Metter put forth on 10/23/2010 4:02 PM: >>> Hi there! >>> >>> >>> Im using a dovecot system in combination with postfix(with dovecot lda) >>> and ldap. Till today it ran well, but before switching to live, i did >>> some system updates and at the reboot following message occured: >>> >>> Starting IMAP/POP3 mail server: dovecoUnexpected first line>> timed out, nothing received> >> This is an NTP error--has nothing to do with Dovecot. Apparently you're >> missing a loopback interface (127.0.0.1) or you have a goofy iptables >> setup breaking access to the LBI. If simply the former, create a >> loopback interface and reboot. Problem should be solved. If the >> latter, find the iptables rule causing the problem and eject it. >> >>> (First it says: "Starting IMAP/POP3 mail server: dovecot ", but then >>> something fails and overrides the "t" of dovecot with "Unexpected ") >> Stuff is constantly overwritten on the physical console on Linux boxen >> these days. This is "normal", although unsettling. Parallel daemon >> startup is now the default on most (all?) distros today. This allows >> faster startup, but it also causes errors to be reported "out of order". >> In your case, ntpd was started but it took a few seconds to timeout. >> By that time many other daemons had started up. It just happens that >> ntpd timed out right when Dovecot was loading, so it "appears" the error >> is Dovecot related, when in fact, it is not. >> >> You can eliminate this problem by disabling parallel startup. This will >> fix the "out of order error reporting" but your machine will start up >> much more slowly, especially if have any daemons that always time out. >> ;) I highly recommend you _not_ disable it. >> >> Oh, and btw, fix your ntp configuration to act as a client only, not >> both a client and server, and configure an external time source. Mail >> servers, above all others but maybe DB servers, need the clock to be >> accurate. >>
Re: [Dovecot] sdbox-format and sa-learn(spamassassin)
On 31.10.2010, at 16.40, Ingo Thierack wrote: > is it somehow possible to use sa-learn on sdbox-mailboxes? Use doveadm fetch to extract the mails. http://wiki2.dovecot.org/Tools/Doveadm/Search has example how to go through all messages in a mailbox.
Re: [Dovecot] sdbox-format and sa-learn(spamassassin)
Ingo Thierack put forth on 10/31/2010 11:40 AM: > Hello, > > is it somehow possible to use sa-learn on sdbox-mailboxes? > Maybe i can use dsync to "mirror" the mailboxes(only the spam-subfolder) > to another > location and convert it to mbox or maildir and act then on it with > sa-learn? > > I know the antispam-Plugin, but until now no success, to get it running. > So I think about > an way, to learn via sa-learn on an file which i can process. Why not just create a public namespace and give it a location with type mbox or maildir? Enable ACL, add all your users. Create an IMAP folder in it called SPAM and have all your users put their spam in the shared public SPAM folder. When you think about it for a second, does each user really need their own spam folder? Now simply point sa-learn at this mbox file or maildir directory. -- Stan
Re: [Dovecot] Linux Bootup: Dovecot Failure
Hi again, sorry for late response, but I was busy doing other things. Thanks Stan, your tip fingering ntp to be the culprit was right! After reading different FAQs on ntp and reconfiguring /etc/ntpd.conf, I just purged ntp AND ntpdate (Don't ask me why both were installed), rebootet and everything was fine. After just installing ntp and another reboot everything still was okay and now I dont have any ntpserver starting ;) I assume the installation of both ntp and ntpdate was the problem. Thank you for your help. Greetings, Christopher Metter Am 24.10.2010 05:27, schrieb Stan Hoeppner: Christopher Metter put forth on 10/23/2010 4:02 PM: Hi there! Im using a dovecot system in combination with postfix(with dovecot lda) and ldap. Till today it ran well, but before switching to live, i did some system updates and at the reboot following message occured: Starting IMAP/POP3 mail server: dovecoUnexpected first line This is an NTP error--has nothing to do with Dovecot. Apparently you're missing a loopback interface (127.0.0.1) or you have a goofy iptables setup breaking access to the LBI. If simply the former, create a loopback interface and reboot. Problem should be solved. If the latter, find the iptables rule causing the problem and eject it. (First it says: "Starting IMAP/POP3 mail server: dovecot ", but then something fails and overrides the "t" of dovecot with "Unexpected ") Stuff is constantly overwritten on the physical console on Linux boxen these days. This is "normal", although unsettling. Parallel daemon startup is now the default on most (all?) distros today. This allows faster startup, but it also causes errors to be reported "out of order". In your case, ntpd was started but it took a few seconds to timeout. By that time many other daemons had started up. It just happens that ntpd timed out right when Dovecot was loading, so it "appears" the error is Dovecot related, when in fact, it is not. You can eliminate this problem by disabling parallel startup. This will fix the "out of order error reporting" but your machine will start up much more slowly, especially if have any daemons that always time out. ;) I highly recommend you _not_ disable it. Oh, and btw, fix your ntp configuration to act as a client only, not both a client and server, and configure an external time source. Mail servers, above all others but maybe DB servers, need the clock to be accurate.
[Dovecot] sdbox-format and sa-learn(spamassassin)
Hello, is it somehow possible to use sa-learn on sdbox-mailboxes? Maybe i can use dsync to "mirror" the mailboxes(only the spam-subfolder) to another location and convert it to mbox or maildir and act then on it with sa-learn? I know the antispam-Plugin, but until now no success, to get it running. So I think about an way, to learn via sa-learn on an file which i can process. Regards Ingo