Re: [Dovecot] TLS with autosigned certs
Is possible mute this error?
2011/2/14 Antonio Perez-Aranda aperezara...@yaco.es:
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth
attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS
handshaking: SSL_accept() failed: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
I set on config a specific certs for pop3 protocol including key, cert and ca,
protocol pop3 {
ssl_cert = /etc/ssl/pop3d.cert
ssl_key = /etc/ssl/pop3d.key
ssl_ca = /etc/ssl/ca.pem
}
If I check as true confirmed on Thunderbird client, then, the error is
no reported any more.
--
Antonio Pérez-Aranda Alcaide
aperezara...@yaco.es
Yaco Sistemas S.L.
http://www.yaco.es/
C/ Rioja 5, 41001 Sevilla
Teléfono +34 954 50 00 57
Fax +34 954 50 09 29
--
Antonio Pérez-Aranda Alcaide
aperezara...@yaco.es
Yaco Sistemas S.L.
http://www.yaco.es/
C/ Rioja 5, 41001 Sevilla
Teléfono +34 954 50 00 57
Fax +34 954 50 09 29
Re: [Dovecot] TLS with autosigned certs
Am 15.02.2011 09:59, schrieb Antonio Perez-Aranda:
Is possible mute this error?
2011/2/14 Antonio Perez-Aranda aperezara...@yaco.es:
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth
attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS
handshaking: SSL_accept() failed: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
I set on config a specific certs for pop3 protocol including key, cert and
ca,
protocol pop3 {
ssl_cert = /etc/ssl/pop3d.cert
ssl_key = /etc/ssl/pop3d.key
ssl_ca = /etc/ssl/ca.pem
}
If I check as true confirmed on Thunderbird client, then, the error is
no reported any more.
--
Antonio Pérez-Aranda Alcaide
aperezara...@yaco.es
Yaco Sistemas S.L.
http://www.yaco.es/
C/ Rioja 5, 41001 Sevilla
Teléfono +34 954 50 00 57
Fax +34 954 50 09 29
verbose_ssl=no
may help
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
[Dovecot] Recover a deleted message in MDBOX format ?
Hello Every night a backup of all mailboxes is performed to a NFS mounted partition All our mailboxes are now in MDBOX format. I wonder how it would be possible to recover one email accidentally deleted by a user ? It was easy in MBOX format to extract and save it using mutt ( as root ) from the backuped mbox then re-copy it to the user's mbox. Of course I should access to the backup mailboxes space using thunderbird but doing this I need to know every users's passwords, that is unacceptable. for security and privacy reasons. Let users access to the backup space is not possible of course. Is there a tool ? Thanks
Re: [Dovecot] Recover a deleted message in MDBOX format ?
OK I found doveadm after posting ... sorry On 02/15/2011 10:51 AM, Frank Bonnet wrote: Hello Every night a backup of all mailboxes is performed to a NFS mounted partition All our mailboxes are now in MDBOX format. I wonder how it would be possible to recover one email accidentally deleted by a user ? It was easy in MBOX format to extract and save it using mutt ( as root ) from the backuped mbox then re-copy it to the user's mbox. Of course I should access to the backup mailboxes space using thunderbird but doing this I need to know every users's passwords, that is unacceptable. for security and privacy reasons. Let users access to the backup space is not possible of course. Is there a tool ? Thanks
[Dovecot] help with dovecot installation dependencies
I'm on RHES 4.x I downloaded 2 dovecot RPM packages from http://packages.sw.be/dovecot/ dovecot-1.0.13-1.el4.rfx.i386.rpm 13-Nov-2010 22:15 1.8M RHEL4 and CentOS-4 x86 32bit and dovecot-0.99.13-1.2.el4.test.i386.rpm 21-Feb-2005 16:57 693K RHEL4 and CentOS-4 x86 32bit The first rpm fails with error below : # rpm -i ./dovecot-1.0.13-1.el4.rfx.i386.rpm warning: ./dovecot-1.0.13-1.el4.rfx.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 error: Failed dependencies: libmysqlclient.so.14(libmysqlclient_14) is needed by dovecot-1.0.13-1.el4.rfx.i386 I have a hard time trying to locate an rpm that contains libmysqlclient.so.14 have no luck : # rpm -i ./mysql-libs-5.1.42-4.el6.i686.rpm warning: ./mysql-libs-5.1.42-4.el6.i686.rpm: V3 RSA/MD5 signature: NOKEY, key ID f21541eb error: Failed dependencies: libcrypto.so.10 is needed by mysql-libs-5.1.42-4.el6.i686 libssl.so.10 is needed by mysql-libs-5.1.42-4.el6.i686 rpmlib(FileDigests) = 4.6.0-1 is needed by mysql-libs-5.1.42-4.el6.i686 rtld(GNU_HASH) is needed by mysql-libs-5.1.42-4.el6.i686 rpmlib(PayloadIsXz) = 5.2-1 is needed by mysql-libs-5.1.42-4.el6.i686 Then I installed the 2nd dovecot rpm successfully but its filename indicated it's a test version : # rpm -i ./dovecot-0.99.13-1.2.el4.test.i386.rpm warning: ./dovecot-0.99.13-1.2.el4.test.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 # /etc/init.d/dovecot start Starting IMAP daemon (dovecot):[ OK ] Q1: Is the test version rpm of dovecot reliable? It's only half the size of the other rpm (that I was not able to install) Q2: Kindly assist me to resolve the 1st rpm issue : let me know where I can download the dependencies etc Q3: Lastly, kindly point me to a simple doc that tells me how to do basic setup of dovecot create simple mailbox accounts. I'm a complete newbie to dovecot postfix. Have some Linux know-how
Re: [Dovecot] help with dovecot installation dependencies
On Tue, 15 Feb 2011 20:53:07 +0800 sunhux G sun...@gmail.com wrote: Thanks very much Will get the RHES 4 packages tomorrow as not in office now. Just hope they can be rpm installed right away without compiling. yes, they are already compiled Can the 2.0 RHEL5 packages run on RHEL 4.x OS ? No, you need the RHEL4 packages from http://packages.atrpms.net/dist/el4/dovecot/ Regards, Oli
[Dovecot] Auth processes/login processes count
Hello Timo,
I'm running dovecot-1.2.12/Maildir/LDAP-passdb/LDAP-prefetched-userdb and I'm
experiencing random latency (which even seem to make squirrelmail timeout
sometimes) at login without noticing particular load on the server.
LDAP backends are running fine as far as I know so I was investigating maybe
mistuned limits :
Dovecot is configured (for ~3000 users) with
. each login processed in its own process :
#login_process_per_connection = yes
#login_max_connections = 256
. counts as :
#login_processes_count = 3
login_max_processes_count = 1024
auth default {
[...]
count = 5
}
I've got several questions :
1) how can I count more than login_max_processes_count processes ?
# ps aux | egrep -i '(pop3|imap)-login' | wc -l
# 1031
2) could be my auth process count the bottleneck ?
is there a rule of thumb to deduce it from the login process count ?
3) on dovecot login/master/auth design, is my understanding correct ?
- dovecot-1.2.x :
. passdb and userdb lookup are done by the auth process, on behalf of either
the
login process which wants to know if the client's password is correct or of
the
master process which wants to check if it was actually correct and which
wants
to have the userdb info.
. client connection fd is sent to the master which creates the mail process
and
transfers the fd to it.
- dovecot-2.x :
. client connection fd does not go through the master anymore but through a
socket in the login/ directory
. it's the mail process which ask the auth process for the userdb lookup
4) with LDAP backend using {CRYPT} passwords dans with plaintext auth enabled
in dovecot,
is the clear password crypted before comparing it to the LDAP crypted
password
or does dovecot try to simply bind to LDAP with the clear password ?
Thanks
--
Thomas Hummel | Institut Pasteur
hum...@pasteur.fr | Groupe Exploitation et Infrastructure
Re: [Dovecot] Cannot subscribe to shared folders
Am 14.02.2011 14:54, schrieb Lukas Haase:
Hi,
I am unable to subscribe to shared folders with Thunderbird although
everything seems to be correct (dovecot 1.2).
What does not work? I click Subscribe... in Thunderbird. The shared
mailboxes are listed, all with [ ] (no checkbox). Therefore I mark them
[x], click subscribe and OK. However, the folders do not appear in
the folder tree. Furthermore, when I again click Subscribe... the
folders do NOT have the mark [x] any more. This happens on different
computers with *new* profiles.
My configuration is the following (maybe that is the problem?!):
namespace private {
separator = .
prefix =.
inbox = no
list = no
hidden = yes
location = maildir:~/Maildir-root
subscriptions = yes
}
namespace private {
separator = .
prefix = INBOX.
inbox = yes
subscriptions = yes
}
namespace public {
separator = .
prefix = Shared.
location = maildir:/var/mail/shared:INDEX=~/Maildir/shared:LAYOUT=fs
subscriptions = no
}
[...]
In this case the subscriptions for Shared. are saved in
~/Maildir-root/subscriptions.
However, may be that this does NOT work in practice?
It works as soon as I set subscriptions = yes in the public namespace :-(
However, then the subscriptions are saved in the shared folder and the
users overwrite them themselves :-/
Regards,
Luke
[Dovecot] Some questions about mdbox
Hello I am starting testing with dovecot 2.0.9. In my //etc/dovecot/dovecot.conf/ I have the following line: /mail_location = mdbox:/mydomain.org/%2.26Hn/%2.200Hn/%n:INDEX=/mydomain.org/indexes/%2.26Hn/%2.200Hn/%n/ These are my questions (a long mail): *1º How should I restore from backup with mdbox separate indexes?* I have read in dovecot list archive about restoring the full user mailbox to a temp location and then run something like: /doveadm import mdbox:/tmp/restored_mailbox/ savedsince 2011-01-01 / In my schema indexes and mail stores are in separated paths. What (and where!) should I copy to the temp location and how do I restore it? *2º Disaster recovery: indexes mail store mismatch* When creating backups, indexes and mail store are in different paths. My backup takes several hours, so indexes are copied BEFORE mail stores. Is the backup consistent? What would happens if I lose indexes? Can I still recover the messages? Reading the doc it seems I would lose all the message flags and all the messages would be in INBOX, is this right? *3º Performance tuning with mdbox* I have read in dovecot archive about using mdbox_rotate_size mdbox_rotate_interval to balance between a lot of smaill files (like Maildir) or really big files (a variant of mbox). I have tested with a big vaule of mdbox_rotate_size (100 MB) and is a complete disaster for backup:if a user delete a message, then a nightly cronjob purges the mailbox (refcount=0) a new mdbox .m file is created!. So deleting a 1 k message from the mailbox of an user is a new 99 MB file to backup. Any hint about this? I am also using ext4 (rw,noatime,nodiratime,commit=15,data=writeback) and I have read about mdbox_preallocate_space. I will try it, any hint about this setup? This is not still in production, so I have no idea about IOPs and user concurrency, but I have several thousand users. *4º Compression with mdbox* I am reading about compression in mdbox (zlib/bzlib). I am starting with zlib, has anyone experience with bzlib? How much load is bzlib against zlib and how much delay adds to user experience (and space savings vs zlib???) ? *5º Recover a message with refcount=0* Is there any way to recover a message with refcount=0 without using a backup? I am thinking about the following plan: /1º a user gets her mail via pop3 (or delete a message via imap and empties trash) 2º the message is still stored in my mail server, but has refcount=0 3º nightly backup is performed 4º nightly cronjob purges the mailbox (deleting messaged with refcount=0)/ Using this schema the backup is bigger, but If I can recover files with refcount=0 from backup we can give our users a safeguard against accidentaly deleted pop3 mail. Thank you very much for your responsed and sorry for my (awful) english! Maria
[Dovecot] Regenerating mdbox/sis
It's apparent I have some level of corruption in my mailboxes - something to do with the combination of mdbox, sis, and zlib. I should note that I know I have a mix of compressed and raw messages - if that makes any difference in identifying the problems. I think I need to somehow regenerate the mailboxes with issues. Is there a suggestion for how to accomplish this? Should I perhaps use dsync to shift to a temporary mail location and then rename it back? If I DO use dsync in this manner, and I have zlib enabled - will this then compress all the messages in the new mail storage? -- Daniel
Re: [Dovecot] Dovecot can't start with error pop3-login imap-login not supported protocol family
I uninstalled this latest version install another old version : it did not give the earlier errors but it does not have pop3 service: rpm -i ./dovecot-1.0.13-1.el4.rfx.i386.rpm warning: ./dovecot-1.0.13-1.el4.rfx.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 [root@old]# /etc/init.d/dovecot start Starting IMAP daemon (dovecot):[ OK ] [root@old]# telnet localhost 110# to test if POP3 is listening Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection refused On Wed, Feb 16, 2011 at 12:01 PM, sunhux G sun...@gmail.com wrote: I've done the installation (rpm downloaded from the RHES4 link given by Oli below) but dovecot won't start, it gave the error pop3-login imap-login not supported by protocol. I'm sure with a much older version (in my previous post) of dovecot, I'm able to start up dovecot it did not give this error. Thought dovecot is suppose to come with pop3 imap? # rpm -Uvh --force mysqlclient14-4.1.22-1.el4s1.1.i386.rpm warning: mysqlclient14-4.1.22-1.el4s1.1.i386.rpm: V3 DSA signature: NOKEY, key ID 443e1821 Preparing...### [100%] 1:mysqlclient14 ### [100%] /sbin/ldconfig: /usr/lib/libcpqlsptransport.so.0 is not a symbolic link [root@tmp]# rpm -qa | grep -i mysql mysql-4.1.12-3.RHEL4.1 perl-DBD-MySQL-2.9004-3.1 php-mysql-4.3.9-3.8 mysql-server-4.1.12-3.RHEL4.1 mysqlclient14-4.1.22-1.el4s1.1 == it's there now [root@tmp]# rpm -i ./dovecot-2.0.9-1_125.el4.i386.rpm warning: only V3 signatures can be verified, skipping V4 signature warning: only V3 signatures can be verified, skipping V4 signature [root@tmp]# cd /etc [root@etc]# ls -ld rc*/*dove* lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc0.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc1.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc2.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc3.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc4.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc5.d/K01dovecot - ../init.d/dovecot lrwxrwxrwx 1 root root 17 Feb 16 11:37 rc6.d/K01dovecot - ../init.d/dovecot [root@nspplss2 etc]# ls -ld rc*/S*dove* ls: rc*/S*dove*: No such file or directory [root@nspplss2 etc]# pwd /etc [root@etc]# ls rc*/*postf* rc0.d/K30postfix rc2.d/S80postfix rc4.d/S80postfix rc6.d/K30postfix rc1.d/K30postfix rc3.d/S99postfixstart rc5.d/S80postfix [root@etc]# ln -s /etc/init.d/dovecot /etc/rc3.d/S70dovecot [root@etc]# ln -s /etc/init.d/dovecot /etc/rc5.d/S70dovecot [root@]# init.d/dovecot start Starting Dovecot Imap: Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 110) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 995) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 143) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol Fatal: Failed to start listeners [FAILED] [root@etc]# telnet localhost 110 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection refused [root@etc]# rpm -qa | grep dove dovecot-2.0.9-1_125.el4 [root@etc]# chkconfig --list | grep pop3 [root@etc]# chkconfig --list | grep imap On Tue, Feb 15, 2011 at 8:39 PM, Oli Schacher dove...@lists.wgwh.chwrote: On Tue, 15 Feb 2011 18:00:53 +0800 sunhux G sun...@gmail.com wrote: I'm on RHES 4.x I downloaded 2 dovecot RPM packages from http://packages.sw.be/dovecot/ dovecot-1.0.13-1.el4.rfx.i386.rpm 13-Nov-2010 22:15 1.8M RHEL4 and CentOS-4 x86 32bit and dovecot-0.99.13-1.2.el4.test.i386.rpm 21-Feb-2005 16:57 693K RHEL4 and CentOS-4 x86 32bit [...] Q1: Is the test version rpm of dovecot reliable? It's only half the size of the other rpm (that I was not able to install) 0.9 / 1.0 : These versions are way out of date and you will probably have a hard time getting support. I suggest you try the current versions from atrpms.net We have been using the 2.0 RHEL5 packages by Axel Thimm for quite some time now and they work flawlessly. Link for RHEL4 packages: http://packages.atrpms.net/dist/el4/dovecot/ Maybe this fixes Q2 as well ;-) Q3: You'll find lots of examples / tutorials in the dovecot wiki :
Re: [Dovecot] Dovecot can't start with error pop3-login imap-login not supported protocol family
On Wed, 16 Feb 2011 12:01:43 +0800 sunhux G sun...@gmail.com wrote: [root@]# init.d/dovecot start Starting Dovecot Imap: Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 110) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(pop3-login): listen(::, 995) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 143) failed: Address family not supported by protocol Error: socket() failed: Address family not supported by protocol Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol Fatal: Failed to start listeners [FAILED] Sounds like you are trying to listen on IPv6 but IPv6 is not enabled on your box. add this to the top of your dovecot.conf: listen = *
