Re: [Dovecot] Postfix - deliver problem.
On Mon, 2010-12-27 at 02:39 -0200, Henrique Fernandes wrote: It seens you are missing an / on auth path or you did it intencionaly ? first_valid_uid: 112 last_valid_uid: 112 first_valid_gid: 8 last_valid_gid: 8 plus, so which is it, 8 or 112? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Postfix - deliver problem.
On Sun, 26 Dec 2010 23:20:57 -0500, Mark Bronstein m...@bronsteinlaw.com wrote: # 1.2.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.17.1.el5.028stab070.7 i686 Debian 5.0.7 simfs mail_location: maildir:/var/mail/domains/%d/%n/Maildir lda: postmaster_address: m...@bronsteinlaw.com mail_plugins: sieve log_path: /var/log/dovecot/dovecot-local-deliver.log log_path: /var/mail/dovecot-local-deliver.log (later you could also consider using /var/vmail instead of /var/mail as there is the possibility of other apps trying to write at the Debian default /var/mail) auth_socket_path: var/run/dovecot/auth-master auth_socket_path: /var/run/dovecot/auth-master auth default: user: vmail user: root (or, less secure, make password files world readable) master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: mail #group: mail M.
Re: [Dovecot] Migrate from Maildir to mdbox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 24.12.2010 um 18:11 schrieb Henrique Fernandes: Gona firt migrate us...@domain1.com # chmod a-w /path/to/thatuserhome/ Now, dovecot can not write any emails there. Will will result in temporary failure, at least in my conf it does. That seems a bit brute and will throw a good amount of log entries for sure. How about this. Implement a header check in Postfix and put the mail for the account to be maintained on HOLD: [ master.cf ] cleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_maintenance $ cat /etc/postfix/header_checks_maintenance /^To:.*u...@domain.tld.*/ HOLD Planned maintenance for account […] All mail matching the regex will be put on hold. This will allow other users to resume operation. Disable new logins for the user by adding 'allow_net= to his record, effectively disallowing all nets. Then kill his open sessions if any: $ doveadm who user $ doveadm kick user Perform the mdbox backup: $ dsync -v -u user backup mdbox:~/mdbox - - adjust userdb entries if required to reflect new 'mail_location' - - clean up/revoke/uncomment 'header_checks_maintenance' and 'allow_net' entries - - requeue/release HELD mails and flush queue $ postsuper -r message … $ postsuper -f Regards Thomas -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk0Yl38ACgkQ+meF/S97aXiijACgnArXmWOhnAkXoEtMJeqg8jjv GGsAn3L43ojC6npaWUFzwJpsir95fghn =SqwN -END PGP SIGNATURE-
Re: [Dovecot] Migrate from Maildir to mdbox
* Thomas Leuxner t...@leuxner.net: Am 24.12.2010 um 18:11 schrieb Henrique Fernandes: Gona firt migrate us...@domain1.com # chmod a-w /path/to/thatuserhome/ Now, dovecot can not write any emails there. Will will result in temporary failure, at least in my conf it does. That seems a bit brute and will throw a good amount of log entries for sure. How about this. Implement a header check in Postfix and put the mail for the account to be maintained on HOLD: [ master.cf ] cleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_maintenance Usually you do this in main.cf $ cat /etc/postfix/header_checks_maintenance /^To:.*u...@domain.tld.*/ HOLD Planned maintenance for account […] And usually one uses check_recipient_access for this, not header_checks -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] Migrate from Maildir to mdbox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.12.2010 um 15:04 schrieb Ralf Hildebrandt: How about this. Implement a header check in Postfix and put the mail for the account to be maintained on HOLD: [ master.cf ] cleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_maintenance Usually you do this in main.cf $ cat /etc/postfix/header_checks_maintenance /^To:.*u...@domain.tld.*/ HOLD Planned maintenance for account […] And usually one uses check_recipient_access for this, not header_checks Aren't the smtp restrictions enforced before accepting the mail? How would one hold something he hasn't got yet? :) Regards Thomas -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk0YtwkACgkQ+meF/S97aXgriQCeLY3NCh/rnCE6/oz4ft8N+/5D aWsAoLIcP+DLbdmiypyeFBogWxZ6JLPS =QdLM -END PGP SIGNATURE-
[Dovecot] Kicking by dovecot as proxy?
I'm using dovecot 2.0 as proxy to make easy the migration from Courier to Dovecot. ¿Is it possible to use doveadm kick on a proxy connection? Example: telnet (login as user1) - dovecot (proxy) (user1) - courier (user1) If I exec doveadm who on dovecot, any user are connected. -- Antonio Pérez-Aranda Alcaide aperezara...@yaco.es Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
Re: [Dovecot] Migrate from Maildir to mdbox
Thomas Leuxner put forth on 12/27/2010 9:55 AM: Am 27.12.2010 um 15:04 schrieb Ralf Hildebrandt: How about this. Implement a header check in Postfix and put the mail for the account to be maintained on HOLD: [ master.cf ] cleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks_maintenance Usually you do this in main.cf $ cat /etc/postfix/header_checks_maintenance /^To:.*u...@domain.tld.*/ HOLD Planned maintenance for account [] And usually one uses check_recipient_access for this, not header_checks Aren't the smtp restrictions enforced before accepting the mail? How would one hold something he hasn't got yet? :) Yes, they are. man 5 access HOLD is a valid action for access tables. In Ralf's example the HOLD action is what is enforced, causing the mail to be accepted queued. -- Stan
Re: [Dovecot] Is this really a user agent issue?
On Thu, Dec 23, 2010 at 17:08, Willie Gillespie wgillespie+dove...@es2eng.com wrote: Phil Howard wrote: I think this issue has been entirely misunderstood. Have I explained it wrong? I think there's been a bit of confusion here. Everyone is saying similar things in slightly different ways. The IMAP protocol has no way to push to the MUA that a folder (mailbox) has been freshly created. This information must be pulled by the client, ie: LISTing all folders. Given that it appeared to be a request/response class protocol, I was expecting that it had no such push ability. So, say we have an MUA connected and -something- (whether it be deliver or another MUA connected elsewhere) creates a new folder. With IMAP the original MUA has no way of knowing that this just happened. When it tries to create the same folder, the CREATE fails, because the folder already exists. Right. How the MUA handles this situation is up to the MUA. I see a few possibilities: 1) it could ignore the situation and just show an error message to the user* 2) it could do a LIST and get an updated list of folders** 3) it could add the folder to its display*** * Sounds like what your MUA is doing. Yes. ** This could be fine and dandy, but many MUAs use the subscription list (LSUB) instead of showing all the folders (LIST). So just because the MUA now knows the folder exists doesn't mean it will show it to you unless you SUBSCRIBE to it. However, if I am not doing subscriptions, shouldn't it show me ALL folders (per what Charles Marcus said in his message just before yours)? Why would this folder be handled differently if it is showing me all the other folders? *** Whether this means that the MUA auto-SUBSCRIBEs you to the mailbox or not depends on what mode the MUA is running in. It seems like this is what you want your MUA to do instead of #1. No, that is not what I want it to do. What I want it to do is #2 ... and show me ALL the folders, with the new one included from the most recent LIST. It should do LIST as a result of there being an error from CREATE ... to determine if the error was because the folder had been created by other than the MUA. If I were a programmer, #1 would definitely be the easiest to do. Then I wouldn't have to care WHY the CREATE failed, I just show an error message no matter what. But #2 is not really harder. It's another step. I don't think of such logic has harder. To me, hardness of programming is the difficulty level of figuring out what algorithm to use ... e.g. what works and is expected to work. I would do #2. If as a programmer I was trying to make it easier, I'd just not write any of it at all. When I do programming, though, I consider that the effort to meet reasonable human expectations is part of the job/project. If the developer believes humans expect to not be able to get to a folder because it had previously been created by something else, it should at least be informative ... Sorry, you cannot access folders that were created by other than you, without restarting the client. It's just so much simpler, even with the need to do a whole LIST request, to give the human the realistic expectation of seeing the folder show up after a folder creation dialog, regardless if something else created it first. So in answer to the question in the subject, Is this really a user agent issue? Yes. The server is doing nothing wrong according to protocol. I really didn't think it was. But I was wondering if there was some possibility the IMAP protocol had a limitation that completely prevented this (e.g. it wouldn't be in the LIST response, either, or LIST is only allowed once when connecting, or whatever). It appears IMAP is a minimal but reasonable protocol, and provides sufficient means for MUA logic to be reasonable, and Evolution fell short of that. I wanted to be sure that assumption was correct. -- sHiFt HaPpEnS!
[Dovecot] director in large(ish) environments
Hey all, just wondering who here is running the director service in a larger environment. I just switched our whole production setup to the director and am quite pleased with the result. We're doing a peak of about 25000 tot 3 concurrent sessions on 3 servers. But ive shut 1 server down a couple of days ago to see what would happen and 2 servers carried the load easily. (16 CPU, 24GB memory servers). If others are using the director on larger setups maybe we can all post when things do or dont work well. Now to see if the solution is better than the problem :) Cor
Re: [Dovecot] Kicking by dovecot as proxy?
On Mon, 2010-12-27 at 16:58 +0100, Antonio Perez-Aranda wrote: ¿Is it possible to use doveadm kick on a proxy connection? No. No such state is kept anywhere. Maybe some day, but it's a low priority for me. signature.asc Description: This is a digitally signed message part
[Dovecot] Status update
Just in case you're wondering: I should hopefully soon get back to answering all the pending mails and start coding. I moved back to Finland a week ago. I should get my proper internet connection on Wednesday, although this 3.5G isn't too bad either. I couldn't get my old Mac Mini to work properly anymore so I went and bought a new machine. Dovecot recompiles in 43 seconds now. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Kicking by dovecot as proxy?
On Mon, 2010-12-27 at 21:08 +0200, Timo Sirainen wrote: On Mon, 2010-12-27 at 16:58 +0100, Antonio Perez-Aranda wrote: ¿Is it possible to use doveadm kick on a proxy connection? No. No such state is kept anywhere. Maybe some day, but it's a low priority for me. More precisely: Each login process tracks the proxying state internally. There is no global state tracked or any way to talk to login processes. I think the most efficient way to implement this some day would be to add: * admin connection to login processes where you can issue commands such as kick or list users * a login process tracker process, which has a connection to all the login processes and can proxy commands/replies to them (without this each process would have to have its own UNIX socket listener, such as login-admin-pid, which is kind of ugly) * doveadm commands that can talk to login processes via the tracker process signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Migrate from Maildir to mdbox
And usually one uses check_recipient_access for this, not header_checks Aren't the smtp restrictions enforced before accepting the mail? while, not before. They actually lead to mail being accepted or rejected. How would one hold something he hasn't got yet? :) See man 5 access. HOLD optional text... Place the message on the hold queue, where it will sit until someone either deletes it or releases it for delivery. Log the optional text if specified, otherwise log a generic message. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] Migrate from Maildir to mdbox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.12.2010 um 21:06 schrieb Ralf Hildebrandt: See man 5 access. HOLD optional text... Place the message on the hold queue, where it will sit until someone either deletes it or releases it for delivery. Log the optional text if specified, otherwise log a generic message Thanks, working as expected now. Was a bit tricky to adapt in a live system: smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unverified_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_maintenance Recipients are easier set up here compared to pcre, yes :) u...@domain.tld HOLD Planned maintenance […] Regards Thomas -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk0Y9XEACgkQ+meF/S97aXj16QCggpahCYtj03HLmPGGNkQ3/gFu MwYAoJqCYAMC442QPKZfl6kvhvTSfsR3 =ATLD -END PGP SIGNATURE-
Re: [Dovecot] Postfix - deliver problem.
On Mon, 2010-12-27 at 11:03 +, Mark Alan wrote: postmaster_address: m...@bronsteinlaw.com mail_plugins: sieve log_path: /var/log/dovecot/dovecot-local-deliver.log log_path: /var/mail/dovecot-local-deliver.log WTF, there is nothing wrong with his log file location providing he gives that directory write perms to dovecot user, in his case, vmail You shouldn't be putting logs in with mail. auth default: user: vmail user: root UHG! user vmail is more safe signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot - AllowGroups option
Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: AllowGroup ftpgroup sshd have AllowGroups sshgroup And samba have valid users = @smbgroup But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf) Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password? (I know its needed for samba but besides that) /Neergaard
Re: [Dovecot] Migrate from Maildir to mdbox
Well, chmod i guess it is the simpler, do not need to change anyconf. After you give it back permission it will be ok. Not a lot of erros, just gona be erros if get any mails at that time, i suposed will not be that long. And this process will be at some time with litle access. But use whatever works for you! []'sf.rique On Mon, Dec 27, 2010 at 6:22 PM, Thomas Leuxner t...@leuxner.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.12.2010 um 21:06 schrieb Ralf Hildebrandt: See man 5 access. HOLD optional text... Place the message on the hold queue, where it will sit until someone either deletes it or releases it for delivery. Log the optional text if specified, otherwise log a generic message Thanks, working as expected now. Was a bit tricky to adapt in a live system: smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unverified_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_maintenance Recipients are easier set up here compared to pcre, yes :) u...@domain.tld HOLD Planned maintenance […] Regards Thomas -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk0Y9XEACgkQ+meF/S97aXj16QCggpahCYtj03HLmPGGNkQ3/gFu MwYAoJqCYAMC442QPKZfl6kvhvTSfsR3 =ATLD -END PGP SIGNATURE-
Re: [Dovecot] director in large(ish) environments
Can i ask how are you storing your mail ? like, NFS, gfs, ocfs2 etc and with type, like mbox, maildir, sdbox etc.. In my system we are not usign director, using IPVS but having lots of IO wait problems! Thanks! []'sf.rique On Mon, Dec 27, 2010 at 4:45 PM, Cor Bosman c...@xs4all.nl wrote: Hey all, just wondering who here is running the director service in a larger environment. I just switched our whole production setup to the director and am quite pleased with the result. We're doing a peak of about 25000 tot 3 concurrent sessions on 3 servers. But ive shut 1 server down a couple of days ago to see what would happen and 2 servers carried the load easily. (16 CPU, 24GB memory servers). If others are using the director on larger setups maybe we can all post when things do or dont work well. Now to see if the solution is better than the problem :) Cor
[Dovecot] Iphone all imap folders are visibles !
Hello When I use my iphone to read my emails through IMAP I can see ALL folders that are in my email home directory not only those are listed in the .subscriptions file ... This should be a real security problem Anyone have the same problem ? Thanks
