Re: [Dovecot] a strange doveadm behavior
I add this to my config file
unix_listener auth-userdb {
mode = 0666
}
and the error is :
fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d
doveadm(dkimproxy): Fatal: seteuid(0) failed: Operation not permitted
work in root
Le mercredi 06 avril 2011 à 19:37 +0200, fakessh @ a écrit :
> hi timo
> very very good job you realize for the community
>
> here I have a very strange problem with doveadm
> I actually use a configuration file parameters in which the parameters
> are placed carefully
>
> My problem appears when I run this command
> doveadm expunge -A mailbox Trash savedbefore 30d
> i post command and result to the terminal
> [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d
> doveadm(fakessh): Error: userdb lookup:
> connect(/var/run/dovecot//auth-userdb) failed: Permission denied
> (euid=514(fakessh) egid=100(users) missing +r
> perm: /var/run/dovecot//auth-userdb, euid is not dir owner)
> doveadm: Error: Failed to iterate through some users
> [root@r13151 ~]$ chmod +r /var/run/dovecot/auth-userdb
> [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d
> doveadm(fakessh): Error: userdb lookup:
> connect(/var/run/dovecot//auth-userdb) failed: Permission denied
> (euid=514(fakessh) egid=100(users) missing +w
> perm: /var/run/dovecot//auth-userdb, euid is not dir owner)
> doveadm: Error: Failed to iterate through some users
> [root@r13151 ~]# chmod og+w /var/run/dovecot/auth-userdb
> [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d
> doveadm(dkimproxy): Fatal: seteuid(0) failed: Operation not permitted
> [fakessh@r13151 ~]$
>
> any kind of discussion would be welcome
>
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une partie de message numériquement signée
Re: [Dovecot] Managing public folder ACL files
Similar to Jan Phillip, we have a small setup where we give permissions
to groups and then I can add or remove users from the groups fairly easily.
On 4/6/2011 4:54 AM, Keith Edmunds wrote:
We have a customer with a large public folder hierarchy. They occasionally
make requests to have the public folder ACLs changed; for example: "please
give user X access to all public folders" (that's nearly 1700 folders).
Worse: "please give user Y access to all sales folders" (there are 1450
sales folders).
So on all your sales folders, you have a few groups:
sales-full-access
sales-read-only
everything-full-access
everything-read-only
Your user X, you would maybe put in the "everything-full-access" group.
User Y would get added to the "sales-full-access" group.
The problem is that there are (naturally) spaces in the folder names,
which makes command line manipulation challenging. We've ended up with
some astonishingly hacky Python scripts that enter each folder starting
with (for example) ".sales" and replacing the dovecot-acl file to try to
fulfil the above requests. One day our script are going to get it wrong,
or requests will become more complex ("give X access all sales/CustA
folders, Y access to all sales/CustB folders, and Z access to all sales
folders). There must be a Better Way.
This part gets a little trickier, but you could still do it with groups.
How do others manage divergent ACLs within large public folder hierarchies?
Again, we have a small setup -- nothing so large as yours... so even my
suggestions may not be the best for you.
Thanks,
Keith
[Dovecot] quota_exceeded_message
Nevertheless, there is this option:
plugin {
quota_exceeded_message = Quota exceeded, please go to
http://www.example.com/over_quota_help for instructions on how to fix
this.
}
If one can write even more text,
with word wrap? As an example:
plugin {
quota_exceeded_message = Quota exceeded, please go to
http://www.example.com/over_quota_help for instructions on how to fix
this.
Please call: +49 between 10:00 - 15:00
}
--
Mit freundlichen Grüßen,
Jim Knuth
P.S.: Bitte HTML-Mails!
Zufallszitat:
Aus der Kriegsschule des Lebens:
Was mich nicht umbringt, macht mich härter.
[Nietzsche]
[Dovecot] a strange doveadm behavior
hi timo very very good job you realize for the community here I have a very strange problem with doveadm I actually use a configuration file parameters in which the parameters are placed carefully My problem appears when I run this command doveadm expunge -A mailbox Trash savedbefore 30d i post command and result to the terminal [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d doveadm(fakessh): Error: userdb lookup: connect(/var/run/dovecot//auth-userdb) failed: Permission denied (euid=514(fakessh) egid=100(users) missing +r perm: /var/run/dovecot//auth-userdb, euid is not dir owner) doveadm: Error: Failed to iterate through some users [root@r13151 ~]$ chmod +r /var/run/dovecot/auth-userdb [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d doveadm(fakessh): Error: userdb lookup: connect(/var/run/dovecot//auth-userdb) failed: Permission denied (euid=514(fakessh) egid=100(users) missing +w perm: /var/run/dovecot//auth-userdb, euid is not dir owner) doveadm: Error: Failed to iterate through some users [root@r13151 ~]# chmod og+w /var/run/dovecot/auth-userdb [fakessh@r13151 ~]$ doveadm expunge -A mailbox Trash savedbefore 30d doveadm(dkimproxy): Fatal: seteuid(0) failed: Operation not permitted [fakessh@r13151 ~]$ any kind of discussion would be welcome -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée
Re: [Dovecot] Change/add mail header via IMAP
Thank! Interesting plugin. It's support what I want, but do not come to me. List tag write in config file, user can't change it via setting RC page. Can't change colors. I add "Тест" tag via Mozilla Thunderbird, I see it in dovecot-keywords file, but plugin don't view it in RC. So I decided to change plugin or write new. 2011/4/5 A.L.E.C : > W dniu 2011-04-05 10:54, Алексей Сундуков pisze: > >> Now I see, I wrong. You right, stored tag in to email header is bad place. > > Take a look at this Roundcube plugin > http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/8207-new-plugin-beta-labels.html > > -- > Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252 > LAN Management System Developer http://lms.org.pl > Roundcube Webmail Developer http://roundcube.net >
[Dovecot] Debug messages
Here's everything after I enabled auth_verbose, auth_debug_passwords and auth_debug. Apr 06 16:20:47 auth(default): Info: new auth connection: pid=27885 Apr 06 16:20:47 auth(default): Info: client in: AUTH1PLAIN service=imapsecuredlip=184.82.40.118rip=193.255.135.1 lport=143rport=52150 Apr 06 16:20:47 auth(default): Info: client out: CONT1 Apr 06 16:20:47 auth(default): Info: client in: CONT1 AGJpbGdpAGJpbGdpOTg3 Apr 06 16:20:47 auth(default): Info: passwd-file(bilgi,193.255.135.1): lookup: user=bilgi file=/etc/dovecot/passwd Apr 06 16:20:47 auth(default): Info: passwd-file(bilgi,193.255.135.1): unknown user Apr 06 16:20:49 auth(default): Info: client out: FAIL1user=bilgi Apr 06 16:20:54 auth(default): Info: client in: AUTH2PLAIN service=imapsecuredlip=184.82.40.118rip=193.255.135.1 lport=143rport=52150resp=AGJpbGdpAGJpbGdpOTg3 Apr 06 16:20:54 auth(default): Info: passwd-file(bilgi,193.255.135.1): lookup: user=bilgi file=/etc/dovecot/passwd Apr 06 16:20:54 auth(default): Info: passwd-file(bilgi,193.255.135.1): unknown user Apr 06 16:20:56 auth(default): Info: client out: FAIL2user=bilgi Apr 06 16:21:06 imap-login: Info: Disconnected (auth failed, 2 attempts): user=, method=PLAIN, rip=193.255.135.1, lip=184.82.40.118, TLS
[Dovecot] Virtual users
Hello, I am using postfix and virtual accounts. So far, I have been able to get postfix to deliver to the correct location, but I don't know how to get dovecot to pick up the mail. My mails are at /srv/vmail/domain/user, below is my dovecot -n output and the relevant error. Can you help me please? Regards, dovecot -n: # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.8.1.el5.028stab070.5 i686 Ubuntu 10.04 LTS log_path: /var/log/dovecot.log protocols: imap listen: *:143 login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_location: mbox:/srv/vmail/%d/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: passwd-file args: /etc/dovecot/passwd userdb: driver: static args: uid=vmail gid=vmail home=/srv/vmail/%d/%u userdb: driver: passwd Log: Apr 06 16:09:32 imap-login: Info: Disconnected (auth failed, 2 attempts): user=, method=PLAIN, rip=193.255.135.1, lip=184.82.40.118, TLS Tolga
Re: [Dovecot] Managing public folder ACL files
Hi Keith, i have the same Problem as you, but in a much smaller variant. Our user_db is in MySQL, so i define acl_groups in user_db and make many group-settings for all situations per public folder. But that could be hard for 1000 folders, so the user must have 1000 group memberships. Okay, some groups could be combined. I think a global public-folder management would be nice, in example via ldap or mysql (or in a file). Dovecot reads this and create mail-folders and acl files for the configuration. Greetings, Jan Phillip Greimann
[Dovecot] shared folder: messages become invisible
Hello,
after dealing with shared folder within version 2.0 rc* I started using
it with a group of users.
user1 shares a folder to user2.
user2 has access to messages of this shared folder.
After a "random" time (minutes up to several days) user2 doesn't see
those messages anymore.
user1 (the owner) hasn't changed anything inside this folder. All
messages are still in place and normal visible for him.
If user1 copies (whit TB) a messages into that folder user2 can see
sometimes all messages again.
But after a "random" time it happens again. user2 sees an empty shared
folder.
Deleting dovecot.index.log and dovecot.index.cache does not help.
I have version 2.0.11 (2.0.10 same problem).
mail_gid = sysdov
mail_uid = sysdov
namespace {
inbox = yes
list = yes
location =
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
list = yes
location =
maildir:%%h/maildir:CONTROL=~/control/FremdeOrdner/%%u:LAYOUT=fs
prefix = FremdeOrdner/%%u/
separator = /
subscriptions = no
type = shared
}
mail_location =
maildir:~/maildir:INDEX=/addons/index/%u:CONTROL=~/control:LAYOUT=fs
I checked in a dialog:
user1:
1 login user1 ...
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND
UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE
QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL
RIGHTS=texk] Logged in
1 list "" "*"
...
* LIST (\HasChildren) "/" "94ssl" #this one is shared to user2
* LIST (\HasNoChildren) "/" "94ssl/ansicht"#this one too
user2:
1 login user2 ...
1 OK [CAPABILITY ...
1 list "" "*"
...
* LIST (\HasChildren) "/" "FremdeOrdner/user1/94ssl"
* LIST (\HasNoChildren) "/" "FremdeOrdner/user1/94ssl/ansicht"
...
user1:
1 examine 94ssl
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 2 EXISTS # 2 messages
* 0 RECENT
* OK [UIDVALIDITY 1301570235] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
* OK [HIGHESTMODSEQ 4] Highest
1 OK [READ-ONLY] Select completed.
1 examine 94ssl/ansicht
* OK [CLOSED] Previous mailbox closed.
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft unknown-0)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 6 EXISTS # 6 messages
* 0 RECENT
* OK [UIDVALIDITY 1301570236] UIDs valid
* OK [UIDNEXT 7] Predicted next UID
* OK [HIGHESTMODSEQ 14] Highest
1 OK [READ-ONLY] Select completed.
user2
1 examine FremdeOrdner/user1/94ssl
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 0 EXISTS # no message, should be 2
* 0 RECENT
* OK [UIDVALIDITY 1301570944] UIDs valid
* OK [UIDNEXT 6] Predicted next UID
* OK [HIGHESTMODSEQ 11] Highest
1 OK [READ-ONLY] Select completed.
1 examine FremdeOrdner/user1/94ssl/ansicht
* OK [CLOSED] Previous mailbox closed.
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk unknown-0)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 0 EXISTS # no message, shold be 6
* 0 RECENT
* OK [UIDVALIDITY 1301570943] UIDs valid
* OK [UIDNEXT 33] Predicted next UID
* OK [HIGHESTMODSEQ 37] Highest
1 OK [READ-ONLY] Select completed.
user1/control/94ssl/dovecot-uidlist:
3 V1301570235 N1 G8406fb358864944d71030cd09d4f
1 :1301570819.M719509P910.suncom2,S=1319,W=1348
2 :1301585261.M338176P881.suncom2,S=23758,W=24220
user1/control/94ssl/ansicht/dovecot-uidlist:
3 V1301570236 N1 G3e8f0f00b862944d6f030cd09d4f
1 :1301570366.M22178P901.suncom2,S=1149,W=1173
2 :1301575917.M12924P1028.suncom2,S=1035,W=1055
3 :1301576897.M502460P1043.suncom2,S=1156,W=1183
4 :1301580697.M399644P1089.suncom2,S=1147,W=1174
5 :1285149220.M287482P15434.suncom2,S=1122,W=1149
6 :1301582382.M287792P1196.suncom2,S=1019,W=1039
user2/control/FremdeOrdner/user1/dovecot-uidvalidity: 4d946580
user2/control/FremdeOrdner/user1/dovecot-uidvalidity.4d946580
user2/control/FremdeOrdner/user1/94ssl/dovecot-uidlist:
3 V1301570944 N6 G9536eb178474944db1030cd09d4f
3 :1301585261.M338176P881.suncom2,S=23758,W=24220
4 :1301570819.M719509P910.suncom2,S=1319,W=1348
user2/control/FremdeOrdner/user1/94ssl/ansicht/dovecot-uidlist:
3 V1301570943 N33 G5efdb6247f65944d88030cd09d4f
21 :1301570366.M22178P901.suncom2,S=1149,W=1173
22 :1301575917.M12924P1028.suncom2,S=1035,W=1055
23 :1301576897.M502460P1043.suncom2,S=1156,W=1183
24 :1301580697.M399644P1089.suncom2,S=1147,W=1174
25 :1301582382.M287792P1196.suncom2,S=1019,W=1039
26 :1285149220.M287482P15434.suncom2,S=1122,W=1149
--
regards --- Burckhard Schmidt
[Dovecot] Managing public folder ACL files
We have a customer with a large public folder hierarchy. They occasionally
make requests to have the public folder ACLs changed; for example: "please
give user X access to all public folders" (that's nearly 1700 folders).
Worse: "please give user Y access to all sales folders" (there are 1450
sales folders).
The problem is that there are (naturally) spaces in the folder names,
which makes command line manipulation challenging. We've ended up with
some astonishingly hacky Python scripts that enter each folder starting
with (for example) ".sales" and replacing the dovecot-acl file to try to
fulfil the above requests. One day our script are going to get it wrong,
or requests will become more complex ("give X access all sales/CustA
folders, Y access to all sales/CustB folders, and Z access to all sales
folders). There must be a Better Way.
How do others manage divergent ACLs within large public folder hierarchies?
Thanks,
Keith
[Dovecot] Dovecot 2.0 config bug with SSL certificate per protocol?
Hi,
yesterday I upgraded Dovecot from 1.2 to 2.0.11. I'd seen that there was
a config file converter to make the upgrade smooth so was expecting it to
be pretty quick and easy. In the end I spent a long time trying to get it
working as it just wouldn't listen on the ssl ports, imaps and pop3s. I am
using per portocol SSL certificates, as I was in version 1.2. The part of
my config is as follows (as generated by doveconf):
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_plugins = fts fts_squat
ssl = yes
ssl_cert = But when I started dovecot it was only listening on the non SSL ports for
IMAP and POP3. I went through many things, adding in a service imap-login
section with the SSL port set via inet_listener and spent ages googling
for how to get it to work. In the end it turns out it was that the global
ssl setting was set to "no", but I hadn't enabled this previously as this
requires that there are global SSL certificates, which I don't have; I
have specific certs for IMAP and for POP3. Also this isn't how dovecot 1.2
worked, there I specificed the protocols (pop3, pop3s, imap, imaps) and
specificed the protocol certs and it worked.
Anyway, I ended up just specifiing my pop3 certs as the global certs, this
is then redefined in the pop3 protcol section etc. The config seems to
work, but to me all this doesn't seem logical and doesn't work like in
dovecot 1.2.
Maybe this is something that can be cleaned up in the next version?
thanks Andy.
