Re: [Dovecot] debug user's message retrieval

[Urban Loesch]

Hi,

perhaps the mail_log plugin can help you.


# mail_log plugin provides more event logging for mail processes.
plugin {
  # Events to log. Also available: flag_change append
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  # Group events within a transaction to one line.
  mail_log_group_events = no
  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
  # size and vsize are available only for expunge and copy events.
  mail_log_fields = uid box msgid size from
}

...

Regards
Urban

Костырев Александр Алексеевич wrote:

I forgot to mention that when I go to user's directory there's no
letters at all.

On Fri, 2011-09-09 at 13:30 +1100, Костырев Александр Алексеевич wrote:

Hi there!

Is there any method to log user's activity with pop3 service?

I'll try to explain situation:

In maillog I saw that my dovecot lmtp saved four letters in user's
mailbox.
After a while I got a call from that user saying that he received
nothing.

Is there any method to log that that user RETR every single letter,
maybe with full names of letter's id or something like that?

Re: [Dovecot] lmtp -- save failed to INBOX: BUG: Unknown internal error

[Jan-Frode Myklebust]

On Thu, Sep 08, 2011 at 04:03:58PM +0300, Timo Sirainen wrote:
 
 So the No such object isn't expected.. Maybe different LDAP servers
 work in different ways?.. Yours appears to give out the difference
 between user doesn't exist and wrong password? Does the attached
 patch change these to unknown user messages?

Yes it does.

Before patch:

Sep  9 08:46:43 popimap2 dovecot: auth: Error: 
ldap(u...@example.co,192.168.11.16): ldap_bind() failed: No such object

after patch:

Sep  9 08:50:50 popimap2 dovecot: auth: 
ldap(u...@example.co,192.168.42.15): unknown user



  -jf

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

On 09/08/2011 03:07 PM, Timo Sirainen wrote:

 On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote:
 
 yes, my virtual users have separate directories for home and mail.
 Their locations are stored in ldap attributes (with random generated
 paths), so a flat scheme like /var/maildr/%%u isn't valid.
 
 Sorry, you're out of luck with that kind of a setup. Only the %%h can
 look up a home directory from LDAP. Maybe some day in future there will
 be other variables that can be looked up.

and how to I might configure dovecot to use the mail directory as a 
subdirectory of the home directory?

this way all lookups for home (with %%h fetched from ldap) will return the 
correct locationand mail will be in (i.e.) ~/mailSubDir

is this configuration possible?

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[Jan-Frode Myklebust]

On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote:
 
 and how to I might configure dovecot to use the mail directory as a 
 subdirectory of the home directory?
 
 this way all lookups for home (with %%h fetched from ldap) will return the 
 correct locationand mail will be in (i.e.) ~/mailSubDir
 
 is this configuration possible?

In the main dovecot.conf:

mail_location = maildir:~/mailSubDir

In the ldap-config:

user_attrs = homeFilter=home



  -jf

Re: [Dovecot] debug user's message retrieval

[Joseba Torre]

On Viernes 09 Septiembre 2011 04:36:13 Костырев Александр Алексеевич escribió:
 I forgot to mention that when I go to user's directory there's no
 letters at all.
 
 On Fri, 2011-09-09 at 13:30 +1100, Костырев Александр Алексеевич wrote:
  Hi there!
  
  Is there any method to log user's activity with pop3 service?
  
  I'll try to explain situation:
  
  In maillog I saw that my dovecot lmtp saved four letters in user's
  mailbox.
  After a while I got a call from that user saying that he received
  nothing.
  
  Is there any method to log that that user RETR every single letter,
  maybe with full names of letter's id or something like that?

The default pop3 log is enough for me:

Sep  9 05:46:37 server1 dovecot: POP3(user1): Disconnected: Logged out 
top=0/0, retr=1/41706, del=1/1, size=41685

This means that user1 received 1 message, deleted 1 message, and total 
downloaded size was 41685. Don't you have a similar line for your user?
-- 
Joseba Torre. Vicegerencia de TICs, área de Explotación

[Dovecot] 2.1: imapc LIST problem / usage question

[Lutz Preßler]

- Forwarded message from SerNet Support Lutz Preßler supp...@sernet.de 
-

From: SerNet Support Lutz Preßler supp...@sernet.de
Subject: 2.1: imapc LIST problem / usage question
To: dovecot@dovecot.org
Date: Fri, 9 Sep 2011 12:00:46 +0200
Organization: SerNet Service Network GmbH

Hello,

2.1.alpha1 (latest Debian auto build on amd64)

As a test, namespace for gmail integration set up by userdb
with
userdb_namespace=gmail userdb_namespace/gmail/list=yes 
userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
userdb_namespace/gmail/prefix=INBOX.gmail. 
userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
userdb_imapc_user=ixx...@gmail.com userdb_imapc_password=x 
userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
userdb_imapc_port=993

(but having the namespace set up in config file makes no difference).

This works in principle. I can e.g.

0 select INBOX.gmail.[Gmail].Alle Nachrichten
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags 
permitted.
* 31 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1] UIDs valid
* OK [UIDNEXT 19689] Predicted next UID
* OK [NOMODSEQ] No permanent modsequences
0 OK [READ-WRITE] Select completed.

and even use the gmail mailboxes within dovecot-virtual files!

But: LIST seems broken:

0 list  *   

* LIST (\HasChildren) . INBOX   

* LIST (\HasNoChildren) . INBOX.privat  

* LIST (\HasChildren) . INBOX.test  

* LIST (\HasNoChildren) . INBOX.test.test2  

* LIST (\HasNoChildren) . INBOX.Trash
* LIST (\HasNoChildren) . INBOX.in2009
[...]
* LIST (\Noselect \HasChildren) . INBOX.gmail
* LIST (\HasNoChildren) . Arbeit
* LIST (\HasNoChildren) . Belege
* LIST (\HasNoChildren) . Privat
* LIST (\HasNoChildren) . Reisen
* LIST (\Noselect \HasNoChildren) . [Gmail]
* LIST (\HasNoChildren) . [Gmail]/Alle Nachrichten
* LIST (\HasNoChildren) . [Gmail]/Entw-APw-rfe
* LIST (\HasNoChildren) . [Gmail]/Gesendet
* LIST (\HasNoChildren) . [Gmail]/Markiert
* LIST (\HasNoChildren) . [Gmail]/Papierkorb
* LIST (\HasNoChildren) . [Gmail]/Spam
* LIST (\HasNoChildren) . [Gmail]/Wichtig
* LIST (\HasChildren) . INBOX.virtual
* LIST (\HasNoChildren) . INBOX.virtual.week
* LIST (\HasNoChildren) . INBOX.virtual.sent
* LIST (\HasNoChildren) . INBOX.virtual.allin
0 OK List completed.

For the Gmail mailboxe the INBOX.gmail prefix is missing and / is used
as separator.

Second question: Is there a way to include multiple imapc instances/
namespaces with e.g. different destinations servers? I don't see how
because imapc_* parameters seem to be global (now), but it would be a very
useful feature.

Greetings,
  Lutz  

Re: [Dovecot] 2.1: imapc LIST problem / usage question

[Timo Sirainen]

On Fri, 2011-09-09 at 12:01 +0200, Lutz Preßler wrote:

 As a test, namespace for gmail integration set up by userdb
 with
 userdb_namespace=gmail userdb_namespace/gmail/list=yes 
 userdb_namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. 
 userdb_namespace/gmail/prefix=INBOX.gmail. 
 userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com 
 userdb_imapc_user=ixx...@gmail.com userdb_imapc_password=x 
 userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs 
 userdb_imapc_port=993
 
 For the Gmail mailboxe the INBOX.gmail prefix is missing and / is used
 as separator.

Fixed in hg.

 Second question: Is there a way to include multiple imapc instances/
 namespaces with e.g. different destinations servers? I don't see how
 because imapc_* parameters seem to be global (now), but it would be a very
 useful feature.

I don't really understand. You're already returning per-user imapc
namespace from userdb. What's missing?

Re: [Dovecot] 2.1: imapc LIST problem / usage question

[Lutz Preßler]

On Fr, 09 Sep 2011, Timo Sirainen wrote:

 On Fri, 2011-09-09 at 12:01 +0200, Lutz Preßler wrote:
[...]
  For the Gmail mailboxe the INBOX.gmail prefix is missing and / is used
  as separator.
 
 Fixed in hg.
Thanks.
 
  Second question: Is there a way to include multiple imapc instances/
  namespaces with e.g. different destinations servers? I don't see how
  because imapc_* parameters seem to be global (now), but it would be a very
  useful feature.
 
 I don't really understand. You're already returning per-user imapc
 namespace from userdb. What's missing?
One local dovecot user, multiple remote IMAP servers included in different
namespaces.

Lutz

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

(I'm sorry for breaking the thread with each mail) 

On 09/09/2011 10:04 AM, Jan-Frode Myklebust wrote:
 On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote:

 and how to I might configure dovecot to use the mail directory as a 
 subdirectory of the home directory?

 this way all lookups for home (with %%h fetched from ldap) will return the 
 correct locationand mail will be in (i.e.) ~/mailSubDir

 is this configuration possible?
 
 In the main dovecot.conf:
 
     mail_location = maildir:~/mailSubDir
 
 In the ldap-config:
 
     user_attrs = homeFilter=home 


and which is the value for the location directive in namespace declaration ??


namespace {
  list = children
  location = maildir:%%h/mailSubDir:INDEX=~/mailSubDIr/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}


with the above conf. no shared folders are seen by tests users and afaik %%h is 
retrieved from ldap.


this is that I had done until now:

# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user001
. OK Create completed.

. setacl INBOX.docs-user001 user002 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.
# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user002 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user002
. OK Create completed.
. setacl INBOX.docs-user002 user001 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.

 # cat /var/maildir/shared-mailboxes 
shared/shared-boxes/user/user002/user001
1
shared/shared-boxes/user/user002/user002
1
shared/shared-boxes/user/user001/user001
1
shared/shared-boxes/user/user001/user002
1

# cat /var/maildir/vol04/4/46/user001/.docs-user001/dovecot-acl 
user=user002 lr

# cat /var/maildir/vol05/4/40/user002/.docs-user002/dovecot-acl
user=user001 lr


# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT 
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in
. namespace
* NAMESPACE ((INBOX. .)) ((shared. .)) NIL
. OK Namespace completed.
. list shared. *
. OK List completed.



  /--/

# grep  ^[^#] /etc/dovecot/dovecot-ldap.conf.ext

uris = ldap://ldap.example.com
dn = cn=testuser,dc=example,dc=com
dnpass = secret
sasl_bind = no
tls = no
auth_bind = yes
ldap_version = 3
base = dc=example,dc=com
deref = never
scope = subtree
user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
user_filter = ((objectClass=CourierMailAccount)(uid=%u))
pass_filter = ((objectClass=CourierMailAccount)(uid=%u))




# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_location = maildir:~/mailSubDir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
}
namespace {
  list = children
  location = maildir:%%h/mailSubDir:INDEX=~/mailSubDir/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/maildir/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp
service lmtp {
  inet_listener lmtp {
    port = 24
  }
  unix_listener lmtp {
    user = vmail
  }
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = acl
}

Re: [Dovecot] Problem with configuring dovecot to take namespaces from database

[Marcin Mirosław]

W dniu 08.09.2011 15:18, Timo Sirainen pisze:


Forget all of that. I just tried a few ways and looks like you can add
more namespaces by returning e.g. these fields (from SQL):

namespace=nsname
namespace/nsname/prefix=prefix/
namespace/nsname/location=maildir:/elsewhere
namespace/nsname/separator=/

Where nsname is some unique name for the namespace. If you want more
than one namespace, I think you can do it by adding another name to
namespace field, e.g.:

namespace=nsname nsname2 nsname3


select  test1 test2 AS namespace works, it gives me two 
namespaces. It's nice. Now i've another problem, how to configure them 
usinq sql. I can't do recursive sql query , sql can't create variable 
number of output columns depended on values in table.

E.g:
I imagine such table:
--
|user_id | namespace   |  prefix  | location |
--
| 648| test1   | test1.   | mdbox:~/test1/.mdbox |
--
| 648| test2   | test2.   | maildir:~/test2/.maildir |
--
etc...

In query i have to know all namespaces names to mention them in query: 
select ... as namespace/test1/prefix
but i don't know if there is test1 namespace untill i fetch record 
from table.


Ok, maybe could it be possible to do it in other way:

|user_id | namespace_full_definition   |

| 7684   | /name=test1/prefix=test1./location=mdbox:~/test1/.mdbox/
  name=test2/prefix=test2/location=... | 



but this isn't supported by dovecot as i know.
Maybe something like user_namespace query could be usefull? Query 
could be very easy:
select ... namespace_name, namespace_prefix, namespace_location where 
user='somuser' (and table schema like in first example).

Maybe there i other, way to do it by i can't see it now.

Btw, i can see dovecot 2.1 can proxy imap connections. It's a great idea!

Thanks.

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

and for the time that user001 execute the imap 'list' command, this is the log 
trace in dovecot:

Sep  9 13:09:12 imap1 dovecot: imap(user001): Debug: Namespace : type=shared, 
prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no 
location=maildir:%h/mailSubDir:INDEX=~/mailSubDir/shared/%u
Sep  9 13:09:12 imap1 dovecot: imap(user001): Debug: shared: 
root=/var/run/dovecot/, index=, control=, inbox=, alt=
[...]

Sep  9 13:10:44 imap1 dovecot: auth: Debug: master in: USER   1   user002 
service=lib-storage
Sep  9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): user search: 
base=dc=example,dc=com scope=subtree 
filter=((objectClass=CourierMailAccount)(uid=user002)) 
fields=mailbox,homeFilter
Sep  9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): result: 
mailbox(mail=maildir:/var/maildir/%$)=vol05/4/40/user002 
homeFilter(home)=/var/mailfilter/vol05/4/40/user002
Sep  9 13:10:44 imap1 dovecot: auth: Debug: master out: USER  1   user002 
mail=maildir:/var/maildir/vol05/4/40/user002    
home=/var/mailfilter/vol05/4/40/user002 
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: auth input: user002 
mail=maildir:/var/maildir/vol05/4/40/user002 
home=/var/mailfilter/vol05/4/40/user002
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: maildir++: 
root=/var/mailfilter/vol05/4/40/user002/mailSubDir, 
index=/var/mailfilter/vol04/4/46/user001/mailSubDir/shared/user002, control=, 
inbox=/var/mailfilter/vol05/4/40/user002/mailSubDir, alt= 
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: initializing backend 
with data: vfile
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: acl username = user001
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: owner = 0
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl vfile: Global ACL 
directory: (none)
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: Mailbox not in 
dovecot-acl-list: shared.user002.INBOX

[Dovecot] problem migrating from maildir to dbox

[Ramón Frontera]

Hello,
we want to migrate Mail folders from Maildir to dbox without downtime.
We change the mail_location to dbox in 10-mail.conf and restart dovecot.
After that we use dsync -u user mirror maildir:~/Maildir.
The problem is that if INBOX exists the dsync create a new folder with name 
like b5893c0a93ff694e55122dfa3112
Can I migrate to the existing INBOX? or How can I merge the 2 INBOX folders?
Thanks for your help!
Regards,

--
Ramon 

[Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Tobias Hachmer]

Hi list,

currently I use dovecot v1.2.15 with maildir++ mailboxes. (Debian 
Squeeze)
I want to set up a different server with dovecot v2, also maildir++ 
mailboxes. (also Debian Squeeze)


What is the best way to copy the existing mailboxes from the older 
machine running dovecot v1.2.15 to the new naked machine?


Greetz, Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Robert Schetterer]

Am 09.09.2011 15:14, schrieb Tobias Hachmer:
 Hi list,
 
 currently I use dovecot v1.2.15 with maildir++ mailboxes. (Debian Squeeze)
 I want to set up a different server with dovecot v2, also maildir++
 mailboxes. (also Debian Squeeze)
 
 What is the best way to copy the existing mailboxes from the older
 machine running dovecot v1.2.15 to the new naked machine?
 
 Greetz, Tobias

i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] problem migrating from maildir to dbox

[Захаров Роман]

09.09.2011 16:19, Ramón Frontera пишет:

Hello,
we want to migrate Mail folders from Maildir to dbox without downtime.
We change the mail_location to dbox in 10-mail.conf and restart dovecot.
After that we use dsync -u user mirror maildir:~/Maildir.
The problem is that if INBOX exists the dsync create a new folder with name 
like b5893c0a93ff694e55122dfa3112
Can I migrate to the existing INBOX? or How can I merge the 2 INBOX folders?
Thanks for your help!
Regards,

--
Ramon




My transition from maildir to mdbox occurred so:
/Maildir - an old place of mail
/Mailbox - new

mail_location=%h # set home for all users maildir:/Maildir/user_name

script:
for i in `echo select name from user|$sql`
do
   res=$(dsync -u $i backup mdbox:/Mailbox/$i)
   if [ $res -eq 0 ];then
  echo update user set home=\mdbox:/Mailbox/$i\ where 
name=$i|$sql

  echo $i migrated  $log
   fi
done

Re: [Dovecot] problem migrating from maildir to dbox

[Захаров Роман]

09.09.2011 16:19, Ramón Frontera пишет:

Hello,
we want to migrate Mail folders from Maildir to dbox without downtime.
We change the mail_location to dbox in 10-mail.conf and restart dovecot.
After that we use dsync -u user mirror maildir:~/Maildir.
The problem is that if INBOX exists the dsync create a new folder with name 
like b5893c0a93ff694e55122dfa3112
Can I migrate to the existing INBOX? or How can I merge the 2 INBOX folders?
Thanks for your help!
Regards,

--
Ramon




My transition from maildir to mdbox occurred so:
/Maildir - an old place of mail
/Mailbox - new

mail_location=%h # set home for all users maildir:/Maildir/user_name

script:
for i in `echo select name from user|$sql`
do
   res=$(dsync -u $i backup mdbox:/Mailbox/$i)
   if [ $res -eq 0 ];then
  echo update user set home=\mdbox:/Mailbox/$i\ where 
name=$i|$sql

  echo $i migrated  $log
   fi
done

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Tobias Hachmer]

On Fri, 09 Sep 2011 15:22:54 +0200, Robert Schetterer wrote:

Am 09.09.2011 15:14, schrieb Tobias Hachmer:

What is the best way to copy the existing mailboxes from the older
machine running dovecot v1.2.15 to the new naked machine?


i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration


ok, but this tool is not free of charge.
Are there any known problems just copying the mailboxes with scp or 
rsync?


Tobias

[Dovecot] Quota fs (ignore mount)

[Peter Ignatov]

 I set  quota: fs:INBOX:noenforcing:mount=/var/spool/mail, but receive: fs 
 quota add storage dir = /home/pit/mail...
 Why ?

Well .. I'm not entirely sure if the current behavior is good or not, but what 
you need to do to get it working is to add two quota roots. One for 
/home/pit/mail (i.e. without specifying mount=) and another for the INBOX's 
/var/spool/mail.

Don't work... :-(

# dovecot -n
# 1.2.17: /etc/dovecot.conf
# OS: Linux 2.6.18-274.el5.asp121 x86_64 Red Hat Enterprise Linux Server 
release 5.6 (Tikanga)
log_path: /var/log/dovecot.log
protocols: pop3 pop3s
listen: *
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
verbose_proctitle: yes
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
mail_debug: yes
mail_executable: /usr/libexec/dovecot/pop3
mail_plugins: quota
mail_plugin_dir: /usr/lib64/dovecot/pop3
auth default:
  passdb:
driver: pam
  userdb:
driver: passwd
plugin:
  quota: fs:INBOX:noenforcing
  quota2: fs:boxes:noenforcing:mount=/var/spool/mail
  quota_rule: *:storage=10240
  quota_rule2: *:storage=15000


dovecot.log:

Sep 09 16:13:46 pop3-login: Info: Login: user=pit, method=PLAIN, 
rip=192.168.3.10, lip=192.168.6.3, TLS
Sep 09 16:13:46 POP3(pit): Info: Loading modules from directory: 
/usr/lib64/dovecot/pop3
Sep 09 16:13:46 POP3(pit): Info: Module loaded: 
/usr/lib64/dovecot/pop3/lib10_quota_plugin.so
Sep 09 16:13:46 POP3(pit): Info: Effective uid=500, gid=500, home=/home/pit
Sep 09 16:13:46 POP3(pit): Info: Quota root: name=INBOX backend=fs 
args=noenforcing
Sep 09 16:13:46 POP3(pit): Info: Quota rule: root=INBOX mailbox=* 
bytes=10485760 messages=0
Sep 09 16:13:46 POP3(pit): Info: Quota rule: root=INBOX mailbox=* 
bytes=1536 messages=0
Sep 09 16:13:46 POP3(pit): Info: Quota root: name=boxes backend=fs 
args=noenforcing:mount=/var/spool/mail
Sep 09 16:13:46 POP3(pit): Info: mbox: data=~/mail:INBOX=/var/spool/mail/pit
Sep 09 16:13:46 POP3(pit): Info: fs: root=/home/pit/mail, index=, control=, 
inbox=/var/spool/mail/pit
Sep 09 16:13:46 POP3(pit): Info: fs quota add storage dir = /home/pit/mail
Sep 09 16:13:46 POP3(pit): Info: fs quota block device = /dev/cciss/c0d0p3
Sep 09 16:13:46 POP3(pit): Info: fs quota mount point = /
Sep 09 16:13:46 POP3(pit): Info: fs quota mount type = ext3
Sep 09 16:13:46 POP3(pit): Info: Disconnected: Logged out top=0/0, retr=0/0, 
del=0/2, size=1249

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Giulio Casella]

Have you tried dsync (part of dovecot)? I don't know if it works for migration 
to a different (major) version of dovecot, but it's a nice tool. And it works 
also over ssh.


Giulio

Hope this helps.

Il 09/09/2011 15.34, Tobias Hachmer ha scritto:

On Fri, 09 Sep 2011 15:22:54 +0200, Robert Schetterer wrote:

Am 09.09.2011 15:14, schrieb Tobias Hachmer:

What is the best way to copy the existing mailboxes from the older
machine running dovecot v1.2.15 to the new naked machine?


i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration


ok, but this tool is not free of charge.
Are there any known problems just copying the mailboxes with scp or rsync?

Tobias




--
Giulio Casella giulio at dsi.unimi.it
System and network manager
Computer Science Dept. - University of Milano

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Tobias Hachmer]

On Fri, 09 Sep 2011 15:42:57 +0200, Giulio Casella wrote:

Have you tried dsync (part of dovecot)? I don't know if it works for
migration to a different (major) version of dovecot, but it's a nice
tool. And it works also over ssh.


Yeah, I read the sections in the dovecot v2 wiki, but I don't get how 
to use for migration.
As far as I understood it's to keep several dovecot server at a unique 
data bank. An well, can I use it between dovecot v1.2 and v2?


Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Johan Hendriks]

Tobias Hachmer schreef:

Hi list,

currently I use dovecot v1.2.15 with maildir++ mailboxes. (Debian 
Squeeze)
I want to set up a different server with dovecot v2, also maildir++ 
mailboxes. (also Debian Squeeze)


What is the best way to copy the existing mailboxes from the older 
machine running dovecot v1.2.15 to the new naked machine?


Greetz, Tobias

I did the same thing, with no know issues so far.

My old server was running dovecot 1.2.x and i coppied the whole maildir 
structure to the other machine.

Then started Dovecot 2.x and all was fine.

Should be the same as instlling 2.0 over the old 1.2.x version, then it 
uses the old maildir also.


Well test it i would say.
Just do the copy, and try if everything works.
then do it for a final migration.

Gr
Johan Hendriks

Re: [Dovecot] 2.1: imapc LIST problem / usage question

[Lutz Preßler]

On Fr, 09 Sep 2011, Lutz Preßler wrote:

 On Fr, 09 Sep 2011, Timo Sirainen wrote:
 
  On Fri, 2011-09-09 at 12:01 +0200, Lutz Preßler wrote:
 [...]
   For the Gmail mailboxe the INBOX.gmail prefix is missing and / is used
   as separator.
  
  Fixed in hg.
 Thanks.
LIST is now working correctly in my setup, but SUBSCRIBE ist not.
With subscriptions=no, as written (but same behaviour with subscriptions=yes),
SUBSCRIBE INBOX.gmail.INBOX (or others) yields
0 NO [SERVERBUG] Internal error occurred. Refer to server log for more 
information. [2011-09-09 16:39:40]
logging (with mail_debug=yes) only
Sep  9 16:39:40 host dovecot: imap(1143, user): Error: stat((null)) failed: Bad 
address


Lutz

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Giulio Casella]

This is working for me:

root@oldserver # dsync -v -D -u $user backup ssh newserver dsync -u $user

where $user is a username. oldserver and newserver can also have different 
mailbox format (in my case was mbox - maildir)


Regards,
gc

 Messaggio originale 
Oggetto: Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to 
another

Data: Fri, 09 Sep 2011 15:50:49 +0200
Mittente: Tobias Hachmer tob...@hachmer.de
A: dovecot@dovecot.org

On Fri, 09 Sep 2011 15:42:57 +0200, Giulio Casella wrote:

Have you tried dsync (part of dovecot)? I don't know if it works for
migration to a different (major) version of dovecot, but it's a nice
tool. And it works also over ssh.


Yeah, I read the sections in the dovecot v2 wiki, but I don't get how
to use for migration.
As far as I understood it's to keep several dovecot server at a unique
data bank. An well, can I use it between dovecot v1.2 and v2?

Tobias

--
Giulio Casella giulio at dsi.unimi.it
System and network manager
Computer Science Dept. - University of Milano

[Dovecot] How to get rid of sub-folders ?

[Spyros Tsiolis]

Hello,

OK, no answers on my previous e-mail. I'll rephrase it.
How can I get rid of subfolders on a users' tree-like structure on dovecot ?
Which file must I touch ?

TIA,

s.

 

I merely function as a channel that filters 
music through the chaos of noise
- Vangelis

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Tobias Hachmer]

On Fri, 09 Sep 2011 17:16:57 +0200, Giulio Casella wrote:

This is working for me:

root@oldserver # dsync -v -D -u $user backup ssh newserver dsync -u 
$user


where $user is a username. oldserver and newserver can also have
different mailbox format (in my case was mbox - maildir)


Thanks for your replies, I will test first the simple copy of the 
maildirs when the new server is set up.

So thanks a lot.

Greetz, Tobias

[Dovecot] Mails repopping

[Simon Brereton]

HI

I don't know if this is a dovecot issue or a client one.  But as Dovecot is the 
most recent change, I'll start here.

I have a server that's been running Courier for about 6 years and in all that 
time I think I've only ever had 1 issues where an entire mail box was repopped 
by a webmail client.  However, since moving to a new server and dovecot 4 weeks 
ago, I've now had the webmail client repop this account 4 times (there are 
about 230 mails in the account).  

Is there a setting I need to tighten to prevent/remedy this?  I have no idea if 
it's happening on other accounts, but this is one that I see.  The format is 
maildir.  There has been no changes to the webmail client.

Thanks.

Simon

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Robert Schetterer]

Am 09.09.2011 15:34, schrieb Tobias Hachmer:
 On Fri, 09 Sep 2011 15:22:54 +0200, Robert Schetterer wrote:
 Am 09.09.2011 15:14, schrieb Tobias Hachmer:
 What is the best way to copy the existing mailboxes from the older
 machine running dovecot v1.2.15 to the new naked machine?

 i used imapsync in a bash script
 http://ks.lamiral.info/imapsync/
 at a massive migration
 
 ok, but this tool is not free of charge.

? you should donate
but you can use it without too, i.e its part of ubuntu

 Are there any known problems just copying the mailboxes with scp or rsync?

may work too,
with few problems depending on your setup, but its no real way if you
make migration on the fly in my eyes

better setup the new server, do tests, make imapsync
 
 Tobias
 
 
 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Robert Schetterer]

Am 09.09.2011 17:16, schrieb Giulio Casella:
 This is working for me:
 
 root@oldserver # dsync -v -D -u $user backup ssh newserver dsync -u $user
 
 where $user is a username. oldserver and newserver can also have
 different mailbox format (in my case was mbox - maildir)
 
 Regards,
 gc

yes, dsync should work too, but never tested it

 
  Messaggio originale 
 Oggetto: Re: [Dovecot] BestPractice to migrate imap mailbox from one
 machine to another
 Data: Fri, 09 Sep 2011 15:50:49 +0200
 Mittente: Tobias Hachmer tob...@hachmer.de
 A: dovecot@dovecot.org
 
 On Fri, 09 Sep 2011 15:42:57 +0200, Giulio Casella wrote:
 Have you tried dsync (part of dovecot)? I don't know if it works for
 migration to a different (major) version of dovecot, but it's a nice
 tool. And it works also over ssh.
 
 Yeah, I read the sections in the dovecot v2 wiki, but I don't get how
 to use for migration.
 As far as I understood it's to keep several dovecot server at a unique
 data bank. An well, can I use it between dovecot v1.2 and v2?
 
 Tobias
 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another

[Tobias Hachmer]

On Fri, 09 Sep 2011 20:26:59 +0200, Robert Schetterer wrote:

i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration


ok, but this tool is not free of charge.


? you should donate
but you can use it without too, i.e its part of ubuntu


Oh, cool, thanks for the hint. Yes, I will test simple copy, imapsnc 
and dsync.

Thanks a lot.

Tobias

Re: [Dovecot] Mails repopping

[Simon Brereton]

 -Original Message-
 From: Charles Marcus [mailto:cmar...@media-brokers.com]
 Sent: Friday, September 09, 2011 2:51 PM

 On 2011-09-09 1:07 PM, Simon Brereton simon.brere...@buongiorno.com
 wrote:
  I have a server that's been running Courier for about 6 years and
 in
  all that time I think I've only ever had 1 issues where an entire
 mail
  box was repopped by a webmail client.
 
 I don't understand...
 
 Webmail doesn't speak 'pop' (that I've ever heard of)... so how does
 a webmail client 'repop' emails? What webmail is this?

It's Horde webmail.  Webmail does pop.  Yahoo and Gmail do it too.

When I first set up the server, it did it on first login - obviously because 
the server had changed but it's doing it once a week now (and in fact, it did 
it twice today).  It's not fatal, no one will die.  It is a PITA though.

Simon

[Dovecot] quota percents

[Micah Anderson]

I've noticed that http://wiki2.dovecot.org/Quota/Configuration is out of
date, it says:

plugin {
  quota = maildir:User quota
  quota_rule = *:storage=1GB
  # 10% of 1GB = 100MB
  quota_rule2 = Trash:storage=10%%
  # 20% of 1GB = 200MB
  quota_rule3 = Spam:storage=20%%
}

but if you use the '10%%' notation, dovecot complains, and *also* incorrectly:

dovecot: imap(t...@example.net): Warning: quota root mail quota rule 
Trash:bytes=10%: obsolete configuration for rule 'bytes=10%' should be changed 
to 'bytes=+10%'

its incorrect because if you change it to what it suggests ('+10%') it
wont work because that wont be 10% more, rather, it is set to bytes=+10:

dovecot: imap(t...@example.net): Debug: Quota rule: root=mail quota 
mailbox=Trash bytes=+10 messages=0

clearly, that isn't right... so I guess it needs to be changed to
'+10%%', setting that provides:

dovecot: imap(t...@example.net): Debug: Quota rule: root=mail quota mailbox=* 
bytes=2211724 messages=0
dovecot: imap(t...@example.net): Debug: Quota rule: root=mail quota 
mailbox=Trash bytes=+221172 (10%) messages=0

that seems ok, its saying the Trash mailbox is set to have 221172bytes
(215 kilobytes) of quota. So, clearly
http://wiki2.dovecot.org/Quota/Configuration needs to be updated.

However, it doesn't seem to work in practice, because I have a user that
is at 99% of quota, with nothing in the Trash who cannot move a 77KB
message into the Trash without getting the quota_exceeded message and
refusing to move it.

so... how do I get this to work?

thanks!
micah

-- 



pgpJVKcKQpvwj.pgp
Description: PGP signature

[Dovecot] Attacking Dovecot

[Nikos Papadopoulos]

Hello,

 

I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5
and the following configuration:

 

# 1.0.7: /etc/dovecot.conf

protocols: pop3

login_dir: /var/run/dovecot/login

login_executable: /usr/libexec/dovecot/pop3-login

mail_location: mbox:~/mail:INBOX=/var/mail/%u

mail_executable: /usr/libexec/dovecot/pop3

mail_plugin_dir: /usr/lib/dovecot/pop3

pop3_client_workarounds: outlook-no-nuls oe-ns-eoh

auth default:

  passdb:

driver: pam

  userdb:

driver: passwd

 

 

It seems that my mail server is being attacked by someone who tries to
retrieve users' credentials. Please read below an output of logwatch.

 

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user sandra

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user tanya

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user tanya

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user dark

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user dark

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user gibson

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user frank

 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about

user frank

 

 

 

Besides, some of the local users receive spam emails, which seem to be
sent by another local user.

 

Please assist me on how to prevent the aforementioned attack.

 

Best Regards,

 

Nikos

 

[Dovecot] userdb static Quota from LDAP?

[Christian Schmidt]

Hi all,

I just configured Dovecot 2.0.14 for virtual (i.e. non-system-) users:

passdb {
  driver = ldap
  args = /etc/dovecot/conf.d/ldap-passdb.ext
}
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/var/maildir/%u
}

Works fine so far - thanks for this great piece of software, Timo!!!

Now I'd like to add per-user quotas that will also be stored in the
LDAP directory, and I'm not sure how to put things together.
IMHO quota is the only userdb information requested from LDAP, and
I'd like to leave all the other userdb pieces as the are. I changed
the userdb definition to:
userdb {
  driver = ldap
  args = /etc/dovecot/conf.d/ldap-userdb.ext
}

My /etc/dovecot/conf.d/ldap-userdb.ext contains (along other lines):

user_attrs = 
uid=vmail,gid=vmail,home=/var/maildir/%u,mailQuota=quota=quota_rule=*:storage=%$

My quota configuration looks like this:

plugin {
  quota = maildir:Mailbox-Quota
  quota_rule = *:storage=1G
  quota_warning = storage=80%% /usr/local/bin/quotawarn.sh 80 %u
  quota_warning2 = storage=95%% /usr/local/bin/quotawarn.sh 95 %u
}

Using this setup, doveadm quota get -u username doesn't reveal any
quota information (except from the headings). Instead, dovecot logs:
doveadm(username): Fatal: GID 0 isn't permitted

When switching back to userdb static, I receive the correct (but also)
static quota information. 

What am I doing wrong?

Thank you very much,
Christian Schmidt

-- 
question = ( to ) ? be : ! be;
-- Wm. Shakespeare

[Dovecot] Read-only mbox files

[Tim Bishop]

Hi all,

I'm using Dovecot 1.2.16 (I can upgrade to 2.0 if need be) and I'm
having trouble stopping Dovecot from modifying mbox files.

The setup is that my main namespace points at my Maildir mail folders.
In addition to this I have a second namespace that points at some old
archived mbox folders. I rarely need to access these folders, but when I
do Dovecot modifies the files (adding UID headers, etc).

What I'd like to do is make it so that Dovecot can't change these files.
I thought there might be a setting to mark a mail_location as read-only,
but I can't find anything like that. I've looked at ACLs too, but they
seem to be more about user access that what Dovecot can do to files.

I could just do this at the filesystem level, but I'd feel a bit happier
about working with Dovecot rather than trying to work around it.

Does anyone have any suggestions?

Thank you for reading.

Tim.

-- 
Tim Bishop
http://www.bishnet.net/tim/
PGP Key: 0x5AE7D984

Re: [Dovecot] debug user's message retrieval

[Костырев Александр Алексеевич]

It seems like it’s what I looked for.
Many thanks!


--


-Original Message-
From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On 
Behalf Of Urban Loesch
Sent: Friday, September 09, 2011 5:30 PM
To: Dovecot Mailing List
Subject: Re: [Dovecot] debug user's message retrieval

Hi,

perhaps the mail_log plugin can help you.


# mail_log plugin provides more event logging for mail processes.
plugin {
   # Events to log. Also available: flag_change append
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   # Group events within a transaction to one line.
   mail_log_group_events = no
   # Available fields: uid, box, msgid, from, subject, size, vsize, flags
   # size and vsize are available only for expunge and copy events.
   mail_log_fields = uid box msgid size from
}

...

Regards
Urban

Костырев Александр Алексеевич wrote:
 I forgot to mention that when I go to user's directory there's no
 letters at all.
 
 On Fri, 2011-09-09 at 13:30 +1100, Костырев Александр Алексеевич wrote:
 Hi there!

 Is there any method to log user's activity with pop3 service?

 I'll try to explain situation:

 In maillog I saw that my dovecot lmtp saved four letters in user's
 mailbox.
 After a while I got a call from that user saying that he received
 nothing.

 Is there any method to log that that user RETR every single letter,
 maybe with full names of letter's id or something like that?

 

Re: [Dovecot] debug user's message retrieval

[Костырев Александр Алексеевич]

Yep, I do have info like that but I need more cowbell)



-Original Message-
From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On 
Behalf Of Joseba Torre
Sent: Friday, September 09, 2011 7:38 PM
To: dovecot@dovecot.org
Subject: Re: [Dovecot] debug user's message retrieval

On Viernes 09 Septiembre 2011 04:36:13 Костырев Александр Алексеевич escribió:
 I forgot to mention that when I go to user's directory there's no
 letters at all.
 
 On Fri, 2011-09-09 at 13:30 +1100, Костырев Александр Алексеевич wrote:
  Hi there!
  
  Is there any method to log user's activity with pop3 service?
  
  I'll try to explain situation:
  
  In maillog I saw that my dovecot lmtp saved four letters in user's
  mailbox.
  After a while I got a call from that user saying that he received
  nothing.
  
  Is there any method to log that that user RETR every single letter,
  maybe with full names of letter's id or something like that?

The default pop3 log is enough for me:

Sep  9 05:46:37 server1 dovecot: POP3(user1): Disconnected: Logged out 
top=0/0, retr=1/41706, del=1/1, size=41685

This means that user1 received 1 message, deleted 1 message, and total 
downloaded size was 41685. Don't you have a similar line for your user?
-- 
Joseba Torre. Vicegerencia de TICs, área de Explotación

[Dovecot] mysql auth failover failing

[Paul B. Henson]

We are running dovecot to provide authentication for postfix, using two 
mysql servers in a multi-master replication set as the password source:



# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.37-gentoo-r4 x86_64 Gentoo Base System release 2.0.2
auth_mechanisms = plain login digest-md5 cram-md5
auth_verbose = yes
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = none
service auth-worker {
  unix_listener auth-worker {
user = postfix
  }
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  user = postfix
}
ssl = no
userdb {
  driver = passwd
}
---

With an sql config of:

-
driver = mysql
connect = host=mysql-1.unx.csupomona.edu host=mysql-2.unx.csupomona.edu 
dbname=idmgmt user=postfix password=XXX

default_pass_scheme = PLAIN
password_query = X
-

According to the sample SQL configuration file HA / round-robin 
load-balancing is supported by giving multiple host settings, like: 
host=sql1.host.org host=sql2.host.org.


However, as far as I can tell dovecot only connects to the first listed 
host, and processes all queries through it, there does not appear to be 
any load-balancing going on.


That's not necessarily a dealbreaker; however, high-availability does 
not appear to be working either.


If I shutdown the first mysql server, dovecot starts to log connection 
failures:


Sep  9 15:47:34 tweak dovecot: auth: Error: 
mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
waiting for 1 seconds before retry


Sep  9 15:47:39 tweak dovecot: auth: Error: 
mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
waiting for 25 seconds before retry


And postfix starts to fail authentications:

Sep  9 15:47:35 tweak postfix/smtpd[5119]: warning: 
bender.iitsys.csupomona.edu[134.71.250.134]: SASL DIGEST-MD5 
authentication failed: Connection lost to authentication server


Now and again the authentication process dies:

Sep  9 15:47:39 tweak dovecot: auth: Panic: file auth-request-handler.c: 
line 697 (auth_request_handler_flush_failures): assertion failed: 
(auth_request-state == AUTH_REQUEST_STATE_FINISHED)
Sep  9 15:47:39 tweak dovecot: auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x3f71a) [0x7f25822ca71a] - 
/usr/lib64/dovecot/libdovecot.so.0(+0x3f766) [0x7f25822ca766] - 
/usr/lib64/dovecot/libdovecot.so.0(+0x198ca) [0x7f25822a48ca] - 
dovecot/auth() [0x4137f4] - 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0xd4) 
[0x7f25822d5fe4] - 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x5b) 
[0x7f25822d6bcb] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) 
[0x7f25822d5c48] - 
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f25822c3de3] - dovecot/auth(main+0x2be) [0x4179de] - 
/lib64/libc.so.6(__libc_start_main+0xfd) [0x7f2581898bbd] - 
dovecot/auth() [0x40bdc9]
Sep  9 15:47:39 tweak dovecot: master: Error: service(auth): child 4154 
killed with signal 6 (core dumps disabled)


Requests start to pile up:

Sep  9 15:51:46 tweak dovecot: auth: Warning: auth workers: Auth request 
was queued for 25 seconds, 45 left in queue


Lookups time out:

Sep  9 15:57:22 tweak dovecot: auth: Error: auth worker: Aborted 
request: Lookup timed out


This occasionally pops up:

Sep  9 15:58:38 tweak dovecot: auth: Fatal: 
net_connect_unix(auth-worker) failed: Resource temporarily unavailable


And sometimes the auth process gets temporarily disabled:

Sep  9 15:58:57 tweak dovecot: master: Error: service(auth): command 
startup failed, throttling


Resulting in more postfix authentication failures:

Sep  9 15:58:57 tweak postfix/smtpd[6531]: warning: 
bender.iitsys.csupomona.edu[134.71.250.134]: SASL DIGEST-MD5 
authentication failed:
Sep  9 15:59:08 tweak postfix/smtpd[6551]: fatal: no SASL authentication 
mechanisms


To the point where postfix also temporarily throttles smtpd:

Sep  9 15:59:21 tweak postfix/master[6526]: warning: 
/usr/lib64/postfix/smtpd: bad command startup -- throttling


Resulting in a complete unavailability of smtp service, not just 
unavailability of authenticated services.



I don't think all authentications fail during the scenario, but I think 
the majority do. Based on the network traffic, dovecot is almost 
continuously trying to connect to the first listed server. It sometimes 
connects to the second listed server, but when it does, the connection 
does not persist, it goes away almost immediately.



Ideally, I would like no authentications to fail if one of the MySQL 
servers is unavailable. If a few fail just when the server dies, that 
would be undesirable but acceptable as 

Re: [Dovecot] mysql auth failover failing

[Noel Butler]

On Fri, 2011-09-09 at 19:33 -0700, Paul B. Henson wrote:



 default_pass_scheme = PLAIN

Uhg i'll pretend I didnt see that  :)



 
 According to the sample SQL configuration file HA / round-robin 
 load-balancing is supported by giving multiple host settings, like: 
 host=sql1.host.org host=sql2.host.org.
 
 However, as far as I can tell dovecot only connects to the first listed 
 host, and processes all queries through it, there does not appear to be 
 any load-balancing going on.
 



I suspect the wording here is incorrect, its just a failover AFAIK, it
only hits the first entry failing to second if no response.
HA would be like running a mysql slave on all the front ends failing
over to the master on your CRM server etc, which is what I do and
suggest, having just one master server, after all, dovecot and postfix
just need to read, not alter/update/insert etc.


 That's not necessarily a dealbreaker; however, high-availability does 
 not appear to be working either.
 
 If I shutdown the first mysql server, dovecot starts to log connection 
 failures:
 
 Sep  9 15:47:34 tweak dovecot: auth: Error: 
 mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
 Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
 waiting for 1 seconds before retry
 
 Sep  9 15:47:39 tweak dovecot: auth: Error: 
 mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
 Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
 waiting for 25 seconds before retry
 


yep thats correct because it has  gone away but it still uses the
second host immediately, thats just dovecot trying to re-establish its
link with primary

 And postfix starts to fail authentications:
 


err postfix is not dovecot, you need to also add failover in postfix's
sql lookup commands
hosts = unix:/var/run/mysql/mysql.sock 10.10.10.2   (assuming .2 is your
master sql server)



 
 Resulting in a complete unavailability of smtp service, not just 
 unavailability of authenticated services.
 


You could have a higher sec mx smtp box that uses postfix for virtual
transport for cases of if dovecot is unavailable, this of course means
storing partial paths in your mail db, for use only by that one
non-behind-load-balancer separated sec mx, of course this wont solve
users issue of sending unless you have multiple smtp behind a load
balancer, but allows for inbound still, depends on how big your setup
(and budget) is or can be :)

(note: I talk of load balancer as in real hardware device, not as in
pretend LB's as in software)


 Does the example sql config have incorrect 
 information?
 


I suspect so.


attachment: face-smile.png

signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Attacking Dovecot

[Jim]

There isn't enough information presented to assist, you'll want to refer to the 
wiki to increase your logging to get more detail: 
http://wiki.dovecot.org/Logging

What you need is the system IP that's connecting as these users, if it's local, 
you should be able to track that system down easily.  If it's remote, block it 
via a firewall to lock it out.

Regarding the spam emails, they may or may not be coming from this same system, 
once you have more logging, you'll be able to verify that.


Jim

On Sep 9, 2011, at 4:45 PM, Nikos Papadopoulos wrote:

 I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5

 It seems that my mail server is being attacked by someone who tries to
 retrieve users' credentials.

 Besides, some of the local users receive spam emails, which seem to be
 sent by another local user.