Re: [Dovecot] Questions about Proxy/Director

[Patrick Westenberg]

Jan-Frode Myklebust schrieb:


We use a clusterfs (so it's not very important which backend server the
user is directed to), and have configured the dovecot director with:

director_mail_servers = 192.168.42.7 192.168.42.8 192.168.42.9 
192.168.42.10 192.168.42.11 192.168.42.28 192.168.42.29
director_servers = 192.168.42.15 192.168.42.17
passdb {
args = proxy=y nopassword=y
driver = static
}

which gives us loadbalancing of new logins, and also failover should a
backend server fail.


That looks nice.

What is your frontend configuration?
How many users do you have that you need that many backend servers?
Are your index stored together with the mails?

Patrick

Re: [Dovecot] How to create home directories for virtual users?

[Olli Räisänen]

Timo Sirainen kirjoitti 2011-11-24 kello 21:29:46:
> 
> It would be better if you used PostfixAdmin's "maildir" field as the
> home directory, and then mail_location=~/Maildir. 

Thank you, Timo! (And thank you, Tom, for the simplification example!) I 
never thought ~/Maildir could refer to anything but UNIX system users! :)

Timo's queries (beneath) work indeed. However, it took quite a while of 
testing, and I wonder if it really would cause some trouble if homedir and 
maildir were kept the same...

Regards,
Olli

> Like the sql queries being:
> 
> password_query = \
>   SELECT username AS user, password, \
> CONCAT('/home/vmail/', maildir) AS userdb_home, \
> CONCAT('*:bytes=', quota) AS userdb_quota_rule \
>   FROM mailbox \
>   WHERE username = '%u' and ACTIVE = '1'
> 
> user_query = \
>   SELECT CONCAT('/home/vmail/', maildir) AS home, \
> CONCAT('*:bytes=', quota) AS quota_rule \
>   FROM mailbox \
>   WHERE username = '%u' AND active = '1'
> 
> I used these in another PostfixAdmin server's install.

Re: [Dovecot] v2.1.rc1 released

[Noel Butler]

On Thu, 2011-11-24 at 21:35 +0100, Miguel Tormo wrote:

> El Jueves, 24 de Noviembre de 2011 20:25:47 Timo Sirainen escribió:
> > I'm not sure if changing /etc/security/limits.conf helps. It's probably
> > only used by PAM when user logs in, so if Dovecot is started in system
> > bootup it's unlikely to have been even read yet. Also I think some OSes
> > override the limits in /etc/init.d/ scripts. Of course, I could be
> > completely wrong in all of the above, I haven't really tested any of
> > it 
> 
> Well actually this is tricky, I'm not sure if it would work after a system 
> boot, but I'm sure it works after a reboot of the service. It is also true 
> what you say that some OSes override the limits in the /etc/init.d/ scripts, 
> for example issuing an 'ulimit -n 4096' (if using bash) before dropping 
> privileges (that should be inherited, but if privileges are dropped using 
> "su" or something that uses PAM, then the /etc/security/limits.conf file 
> comes into play again).
> 


much simpler way without rebuilding is as Timo suggested, just pick your
value
#!/bin/sh
# Start/stop dovecot.
ulimit -n 16384

...

Be careful, building in kernel based higher limits means /every/ service
and can lead to DoS, this way limits dovecot to 16384, but keeps other
stuff like mysql at 4096, and everything else at 1024, bit safer.





signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] v2.1.rc1 released

[Miguel Tormo]

El Jueves, 24 de Noviembre de 2011 20:25:47 Timo Sirainen escribió:
> I'm not sure if changing /etc/security/limits.conf helps. It's probably
> only used by PAM when user logs in, so if Dovecot is started in system
> bootup it's unlikely to have been even read yet. Also I think some OSes
> override the limits in /etc/init.d/ scripts. Of course, I could be
> completely wrong in all of the above, I haven't really tested any of
> it 

Well actually this is tricky, I'm not sure if it would work after a system 
boot, but I'm sure it works after a reboot of the service. It is also true what 
you say that some OSes override the limits in the /etc/init.d/ scripts, for 
example issuing an 'ulimit -n 4096' (if using bash) before dropping privileges 
(that should be inherited, but if privileges are dropped using "su" or 
something that uses PAM, then the /etc/security/limits.conf file comes into 
play again).

Another permanent way between reboots that I just googled is changing this line 
of includes/linux/fs.h:
#define INR_OPEN 1024   /* Initial setting for nfile rlimits */ 

and recompile the kernel :P.

Re: [Dovecot] How to create home directories for virtual users?

[Tom Hendrikx]

On 24-11-11 20:29, Timo Sirainen wrote:
> On Thu, 2011-11-24 at 21:23 +0200, Olli Räisänen wrote:
>> Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47:
>>>
>>> How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
>>> as mailstore?
>>
>> Well, yes - at least the home directory will be created that way. Still, 
>> PostfixAdmin will not store the path in the maibox table home field. Perhaps 
>> it is enough to include the path in the Dovecot user_query?  
> 
> It would be better if you used PostfixAdmin's "maildir" field as the
> home directory, and then mail_location=~/Maildir. Like the sql queries
> being:
> 
> password_query = \
>   SELECT username AS user, password, \
> CONCAT('/home/vmail/', maildir) AS userdb_home, \
> CONCAT('*:bytes=', quota) AS userdb_quota_rule \
>   FROM mailbox \
>   WHERE username = '%u' and ACTIVE = '1'
> 
> user_query = \
>   SELECT CONCAT('/home/vmail/', maildir) AS home, \
> CONCAT('*:bytes=', quota) AS quota_rule \
>   FROM mailbox \
>   WHERE username = '%u' AND active = '1'
> 
> I used these in another PostfixAdmin server's install.
> 

I even simplified this up to:

# taken from stock dovecot2 config
userdb {
driver = static
args = uid=vmail gid=mail home=/var/spool/vmail/%u
}
mail_location = maildir:~/Maildir

password_query = SELECT username AS user, password FROM mailbox WHERE
username = '%u' AND active = '1'

(no quota's, no special cases for home/mail directory configuration)
--
Tom

Re: [Dovecot] How to create home directories for virtual users?

[Timo Sirainen]

On Thu, 2011-11-24 at 21:23 +0200, Olli Räisänen wrote:
> Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47:
> > 
> > How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
> > as mailstore?
> 
> Well, yes - at least the home directory will be created that way. Still, 
> PostfixAdmin will not store the path in the maibox table home field. Perhaps 
> it is enough to include the path in the Dovecot user_query?  

It would be better if you used PostfixAdmin's "maildir" field as the
home directory, and then mail_location=~/Maildir. Like the sql queries
being:

password_query = \
  SELECT username AS user, password, \
CONCAT('/home/vmail/', maildir) AS userdb_home, \
CONCAT('*:bytes=', quota) AS userdb_quota_rule \
  FROM mailbox \
  WHERE username = '%u' and ACTIVE = '1'

user_query = \
  SELECT CONCAT('/home/vmail/', maildir) AS home, \
CONCAT('*:bytes=', quota) AS quota_rule \
  FROM mailbox \
  WHERE username = '%u' AND active = '1'

I used these in another PostfixAdmin server's install.

Re: [Dovecot] v2.1.rc1 released

[Timo Sirainen]

On Thu, 2011-11-24 at 19:23 +0100, Miguel Tormo wrote:
> The fd limit is the maximum number of concurrently open file descriptors per 
> process.  It can be configured on a per-user basis.
> You can check the actual value running 'ulimit -n'. It can be increased up to 
> the value set in /proc/sys/fs/file-max. You can set it editing 
> /etc/security/limits.conf.

I'm not sure if changing /etc/security/limits.conf helps. It's probably
only used by PAM when user logs in, so if Dovecot is started in system
bootup it's unlikely to have been even read yet. Also I think some OSes
override the limits in /etc/init.d/ scripts. Of course, I could be
completely wrong in all of the above, I haven't really tested any of
it :)

> What the above comment means is that under max load the auth service could 
> need up to 4096 file descriptors open, that's more than the default in most 
> linux systems (1024).

I wonder if there's a good reason for why auth default should be that
high. Probably in earlier times imap/pop3 processes just weren't
disconnecting early enough from auth. So I guess I'll just drop it back
to default and this warning would go away in most systems. I had started
to get a little bit annoyed at that warning myself also.

Re: [Dovecot] How to create home directories for virtual users?

[Olli Räisänen]

Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47:
> 
> How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
> as mailstore?

Well, yes - at least the home directory will be created that way. Still, 
PostfixAdmin will not store the path in the maibox table home field. Perhaps 
it is enough to include the path in the Dovecot user_query?  
 
> Otherwise, postfixadmin has a post-create hook that is able to execute
> arbitrary scripts, creating homedirs should be among the included
> examples.

If you are referring to maildir_name_hook in config.inc.php script, no, 
homedirs are not included (in Postfix Admin version 2.3.4).

Thank you anyway, Tom! I must consider your advice.
Olli

Re: [Dovecot] v2.1.rc1 released

[Luigi Rosa]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Miguel Tormo said the following on 24/11/11 19:23:

> The fd limit is the maximum number of concurrently open file descriptors
> per process.  It can be configured on a per-user basis. You can check the
> actual value running 'ulimit -n'. It can be increased up to the value set
> in /proc/sys/fs/file-max. You can set it editing
> /etc/security/limits.conf. What the above comment means is that under max
> load the auth service could need up to 4096 file descriptors open, that's
> more than the default in most linux systems (1024).
> 
> However, in your case with just a dozen of mailboxes I don't think you'll
> need to change it.

Thank you for the explaination.



Ciao,
luigi

- -- 
/
+--[Luigi Rosa]--
\

A woman was in love with fourteen soldiers. It was clearly platoonic.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7OjRUACgkQ3kWu7Tfl6ZQXAwCgyD6LAUYQX7/x1PIFda5CoFjx
IYsAniqFYvdk6y982XjvWsWc4G5t9zEC
=70Em
-END PGP SIGNATURE-

Re: [Dovecot] v2.1.rc1 released

[Miguel Tormo]

El Jueves, 24 de Noviembre de 2011 19:04:12 Luigi Rosa escribió:
> Timo Sirainen said the following on 24/11/11 01:46:
> 
> > http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc1.tar.gz
> 
> Works as advertised.
> 
> I noticed this warining:
> 
> Warning: fd limit (ulimit -n) is lower than required under max. load (1024 <
> 4096), because of service auth { client_limit }
> 
> What does exactly means?
> 
> 
> The server we are talking about is my home server, a CentOS/64 with a dozen of
> mailboxes.
> 
The fd limit is the maximum number of concurrently open file descriptors per 
process.  It can be configured on a per-user basis.
You can check the actual value running 'ulimit -n'. It can be increased up to 
the value set in /proc/sys/fs/file-max. You can set it editing 
/etc/security/limits.conf.
What the above comment means is that under max load the auth service could need 
up to 4096 file descriptors open, that's more than the default in most linux 
systems (1024).

However, in your case with just a dozen of mailboxes I don't think you'll need 
to change it.

Re: [Dovecot] v2.1.rc1 released

[Luigi Rosa]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Timo Sirainen said the following on 24/11/11 01:46:

> http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc1.tar.gz

Works as advertised.

I noticed this warining:

Warning: fd limit (ulimit -n) is lower than required under max. load (1024 <
4096), because of service auth { client_limit }

What does exactly means?


The server we are talking about is my home server, a CentOS/64 with a dozen of
mailboxes.





Ciao,
luigi

- -- 
/
+--[Luigi Rosa]--
\

Computers make excellent and efficient servants,
but I have no wish to serve under them.
Captain, a starship also runs on loyalty to one man.
And nothing can replace it or him.
--Spock, "The Ultimate Computer"
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7OhxwACgkQ3kWu7Tfl6ZSJ0gCeIaS5ksyVHY3O9qOSCEyWUH2V
By8AoMbUNSHBBc4102vScrozTOOkOeo+
=AZaL
-END PGP SIGNATURE-

Re: [Dovecot] Problem with lmtp proxy

[Miguel Tormo]

El Jueves, 24 de Noviembre de 2011 17:58:40 Timo Sirainen escribió:
> On Thu, 2011-11-24 at 17:11 +0100, Miguel Tormo wrote:
> > I think I'm missing something but I can't find what it is. To summarize: 
> > with lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank 
> > you for your help!
> 
> The problem is:
> 
> > ** cat dovecot-ldap.conf.ext **
> > auth_bind = yes
> 
> auth_bind=yes requires a user authentication, but LMTP of course can't
> authenticate a user. So it fails:
> 
> > dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb 
> > doesn't support credential lookups
> 
> Either try to get auth_bind=no working, or I think you can also set up a
> separate passdb for lmtp:
> 
> protocol lmtp {
>   passdb {
> driver = ldap
> args = some-other-ldap.conf
>   }
> }
> 
> And in this other ldap.conf have auth_bind=no, and possibly return
> password field always as something like "foo".
> 

I just configured your suggestion (set a separate passdb for lmtp with ldap and 
auth_bind = no ) and it works perfectly. Thank you very much!

Re: [Dovecot] Problem with lmtp proxy

[Timo Sirainen]

On Thu, 2011-11-24 at 17:11 +0100, Miguel Tormo wrote:
> I think I'm missing something but I can't find what it is. To summarize: with 
> lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank you for 
> your help!

The problem is:

> ** cat dovecot-ldap.conf.ext **
> auth_bind = yes

auth_bind=yes requires a user authentication, but LMTP of course can't
authenticate a user. So it fails:

> dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb 
> doesn't support credential lookups

Either try to get auth_bind=no working, or I think you can also set up a
separate passdb for lmtp:

protocol lmtp {
  passdb {
driver = ldap
args = some-other-ldap.conf
  }
}

And in this other ldap.conf have auth_bind=no, and possibly return
password field always as something like "foo".

Re: [Dovecot] Problem with lmtp proxy

[Eduardo Casarero]

2011/11/24 Miguel Tormo 

> El Jueves, 24 de Noviembre de 2011 17:11:11 Miguel Tormo escribió:
> > dn = cn=binduser,cn=Users,dc=edicom,dc=es
>
> Obviously this part should be "dn = cn=binduser,cn=Users,dc=domain,dc=com"
> to be coherent with the rest. I replace the real domain and user names
> used, but forgot this part :S.
>
>

Re: [Dovecot] Problem with lmtp proxy

[Miguel Tormo]

El Jueves, 24 de Noviembre de 2011 17:11:11 Miguel Tormo escribió:
> dn = cn=binduser,cn=Users,dc=edicom,dc=es

Obviously this part should be "dn = cn=binduser,cn=Users,dc=domain,dc=com" to 
be coherent with the rest. I replace the real domain and user names used, but 
forgot this part :S.

Re: [Dovecot] How to create home directories for virtual users?

[Tom Hendrikx]

On 24-11-11 10:22, Olli Räisänen wrote:
> Hello,
> 
> I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. 
> Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home 
> directory should not be the same as mail directory. When I create new user 
> accounts with PostfixAdmin the mail directory is not a problem but is there 
> some smart way to create the home directory as well (locating it for instance 
> in '/srv/vmail/%d/%n/home')?
> 

How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
as mailstore?

Otherwise, postfixadmin has a post-create hook that is able to execute
arbitrary scripts, creating homedirs should be among the included examples.

--
Tom

[Dovecot] Problem with lmtp proxy

[Miguel Tormo]

Hello everyone,

I have set up postfix to deliver mails to dovecot (2.0.16) using LMTP. On the 
other hand, I've successfully configured the IMAP proxy setting in dovecot in 
order to be able to distribute mailboxes among different servers. I wanted to 
do the same proxy at LMTP level, but it's not working. If I put lmtp_proxy = 
no, then everything works ok (assuming the mailbox is local), but when I set 
lmtp_proxy = yes then the user is not found when deliverying the message via 
LMTP, so the mail remains in the postfix queue.

Users are validated through active directory. However, this AD hasn't the SFU 
installed, thus its LDAP schema doesn't provide me with the required uid, gid, 
etc. To solve this, I have winbind configured in the system, so I'm doing this:
  - To validate users *and* be able to set the proxy extra fields, I use ldap 
as "passdb" (I believe it's not possible to use proxies with PAM). I'm using 
some LDAP field to store the host that has the user's mailbox.
  - In order to get the user account data that is not available in the AD, I 
use passwd as "userdb".

I know that when using LMTP with proxy, a passdb needs to be configured. I 
assume this is needed for the service to lookup for the appropriate host to 
send the message. So, initially I set ldap as the passdb for LMTP, but just 
because it didn't work I put both ldap and passwd, and even a userdb (passwd), 
but the problems remain the same. Anyway the ldap should be the right one as it 
is there where I have the host information for each user.

I think I'm missing something but I can't find what it is. To summarize: with 
lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank you for 
your help!

This is my current config:

* dovecot -n **
# 2.0.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.37-gentoo-edicom-1104 x86_64 Gentoo Base System release 1.12.14
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
base_dir = /var/run/dovecot/
listen = *
lmtp_proxy = yes
login_trusted_networks = 127.0.0.1
mail_debug = yes
mail_location = maildir:~/maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@domain.com
protocols = imap pop3 sieve lmtp
quota_full_tempfail = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = root
mode = 0600
user = root
  }
}
service imap {
  vsz_limit = 512 M
}
service lmtp {
  inet_listener lmtp {
address = 192.168.0.90
port = 24
  }
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
  }
}
ssl_cert = , 
res_matched: <>
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_free_request (origid 1, 
msgid 1)
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_parse_result
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_msgfree
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_result ld 0x16518d0 msgid 
-1
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg ld 0x16518d0 msgid -1 
(timeout 0 usec)
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg continue ld 0x16518d0 
msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Connections:
dovecot [2011-11-24 15:53:50] [err] auth: Error: * host: domain.com  port: 389  
(default)
dovecot [2011-11-24 15:53:50] [err] auth: Error:   refcnt: 1  status: Connected
dovecot [2011-11-24 15:53:50] [err] auth: Error:   last used: Thu Nov 24 
15:53:50 2011
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Outstanding 
Requests:
dovecot [2011-11-24 15:53:50] [err] auth: Error:Empty
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 request count 0 
(abandoned 0)
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Response Queue:
dovecot [2011-11-24 15:53:50] [err] auth: Error:Empty
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 response count 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList ld 
0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList returns 
ld 0x16518d0 NULL
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_int_select
dovecot [2011-11-24 15:53:50] [info] lmtp(10506): Disconnect from local: Client 
quit (in reset)

Re: [Dovecot] How to create home directories for virtual users?

[Joseba Torre]

El 24/11/11 15:42, Simon Brereton escribió:

On Nov 24, 2011 4:22 AM, "Olli Räisänen"  wrote:


Hello,

I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP.
Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home
directory should not be the same as mail directory. When I create new user
accounts with PostfixAdmin the mail directory is not a problem but is

there

some smart way to create the home directory as well (locating it for

instance

in '/srv/vmail/%d/%n/home')?


Why do you need a home directory for virtual users?


For storing files wich are not mails. Sieve rules, subscription files 
and so on.


Aaaagur.

Re: [Dovecot] How to create home directories for virtual users?

[Timo Sirainen]

On 24.11.2011, at 16.42, Simon Brereton wrote:

>> Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home
> 
> Why do you need a home directory for virtual users?

It says right there in the wiki.

Re: [Dovecot] POP - preventing re-download with server move

[Robert Schetterer]

Am 24.11.2011 15:46, schrieb Trutwin, Joshua:
> Hi,
> 
> Curious if anyone has any good suggestions to handle this.
> 
> I try to get my hosting users to use IMAP but most use Outhouse and
> the IMAP support is somewhat annoying for many so I typically have
> them change their settings when using POP to leave copies on the
> server.  That way when they get the inevitable virus or wanna use
> webmail they have a backup copy and webmail sees their saved mail.
> 
> So now I have to move my sites to a new server and I'm trying to
> avoid having all these messages re-downloaded by POP clients.  Some
> of the sites I've moved with low email usage have just dealt with the
> re-download and cleaned up afterwards.  I have a few other accounts
> though that I'm more concerned about that have massive amounts of
> stored email.
> 
> The mail is stored in Maildirs - a sample file: 1280409166.23580.foo:2,S
> 
> If I move this to server "bar" would renaming the file to
> 1280409166.23580.bar:2,S prevent this somehow?
> 
> Old server uses qmail-pop, new server uses dovecot 2.0.
> 
> Thanks for any tips,
> 
> Josh

perhaps
you can do it i.e like this
use imapsync with diff between the two servers
then block pop3 with firewall for public
on the old one, run a last sync session,
change dns and/or ip etc , users use new server
i think this is the most secured way, i did it like this

the problem
by redownload may stay cause the pop3 clients
have their own list of mail downloaded etc build by i.e with some one hashes
i.e.
http://kb.mozillazine.org/Popstate.dat

and i dont know some way to press them to download anything
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

[Dovecot] POP - preventing re-download with server move

[Trutwin, Joshua]

Hi,

Curious if anyone has any good suggestions to handle this.

I try to get my hosting users to use IMAP but most use Outhouse and
the IMAP support is somewhat annoying for many so I typically have
them change their settings when using POP to leave copies on the
server.  That way when they get the inevitable virus or wanna use
webmail they have a backup copy and webmail sees their saved mail.

So now I have to move my sites to a new server and I'm trying to
avoid having all these messages re-downloaded by POP clients.  Some
of the sites I've moved with low email usage have just dealt with the
re-download and cleaned up afterwards.  I have a few other accounts
though that I'm more concerned about that have massive amounts of
stored email.

The mail is stored in Maildirs - a sample file: 1280409166.23580.foo:2,S

If I move this to server "bar" would renaming the file to
1280409166.23580.bar:2,S prevent this somehow?

Old server uses qmail-pop, new server uses dovecot 2.0.

Thanks for any tips,

Josh

Re: [Dovecot] How to create home directories for virtual users?

[Simon Brereton]

On Nov 24, 2011 4:22 AM, "Olli Räisänen"  wrote:
>
> Hello,
>
> I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP.
> Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home
> directory should not be the same as mail directory. When I create new user
> accounts with PostfixAdmin the mail directory is not a problem but is
there
> some smart way to create the home directory as well (locating it for
instance
> in '/srv/vmail/%d/%n/home')?

Why do you need a home directory for virtual users?

Simon

Re: [Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)

[Jan-Frode Myklebust]

On Thu, Nov 24, 2011 at 02:35:55PM +0100, Patrick Westenberg wrote:
> 
> - What happens if the MTA accepted a message but the backend-server
> fails and is unable to store it?

Your MTA will be notified about the failure trough SMTP/LMTP error
codes, and retry if it was a temp-failure.

> - What about load-balancing and/or failover?
> Maybe all users on backend-server1 are fetching their mails causing
> high load while backend-server2 is idle.
> Is it possible to specify more than one backend-server IPs as I can
> do for the database hosts for userdb queries?

We use a clusterfs (so it's not very important which backend server the
user is directed to), and have configured the dovecot director with:

director_mail_servers = 192.168.42.7 192.168.42.8 192.168.42.9 
192.168.42.10 192.168.42.11 192.168.42.28 192.168.42.29
director_servers = 192.168.42.15 192.168.42.17
passdb {
args = proxy=y nopassword=y
driver = static
}

which gives us loadbalancing of new logins, and also failover should a
backend server fail.

If you want to work with at local index and maildirs on NFS, you'll
need to configure something smarter for selecting backend server.
Maybe use proxy extrafield to specify a host for the user, and point
this at a failover IP that will hang on the preferred server by default,
but fail over to another working server if the preferred server fails..

http://wiki2.dovecot.org/PasswordDatabase/ExtraField


  -jf

Re: [Dovecot] modules directory

[Johannes Berg]

On Thu, 2011-11-24 at 16:15 +0200, Timo Sirainen wrote:
> On 24.11.2011, at 16.13, Johannes Berg wrote:
> 
> >>> Should I install into just $(moduledir)/ now?
> >> 
> >> Yep.
> > 
> > Alright, thanks! Do you remember if that would be compatible with older
> > versions as well, or do those require it being in /imap/?
> 
> What changed was that the default mail_plugin_dir changed from being
> $moduledir/imap to just plain $moduledir. So older versions require it
> being in imap/ by default.

Ok, thanks. I'll find a way to make it depend on the version.

johannes

Re: [Dovecot] modules directory

[Timo Sirainen]

On 24.11.2011, at 16.13, Johannes Berg wrote:

>>> Should I install into just $(moduledir)/ now?
>> 
>> Yep.
> 
> Alright, thanks! Do you remember if that would be compatible with older
> versions as well, or do those require it being in /imap/?

What changed was that the default mail_plugin_dir changed from being 
$moduledir/imap to just plain $moduledir. So older versions require it being in 
imap/ by default.

Re: [Dovecot] modules directory

[Johannes Berg]

On Thu, 2011-11-24 at 16:02 +0200, Timo Sirainen wrote:
> On 24.11.2011, at 15.11, Johannes Berg wrote:
> 
> > I'm a little confused with how plugin loading works in dovecot 2, I
> > can't seem to make it load from $(moduledir)/imap/. Is that intended to
> > work? Just a configuration issue?
> > 
> > Reason I ask is that I ported my antispam plugin (I know there's a fork,
> > but I still like mine better) to dovecot 2 and the default "make
> > install" no longer loads properly with just "mail_plugins = antispam".
> > 
> > So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now,
> > but I still see subdirectories for at least auth.
> 
> There's no /imap/ directory anymore, because it was annoying having to
> create symlinks to most of the plugins. Then with v2.0 there came new
> binaries and it wouldn't have made much sense adding lots of more
> directories with lots of more symlinks..
> 
> > Should I install into just $(moduledir)/ now?
> 
> Yep.

Alright, thanks! Do you remember if that would be compatible with older
versions as well, or do those require it being in /imap/?

johannes

Re: [Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)

[Jan-Frode Myklebust]

On Thu, Nov 24, 2011 at 02:38:43PM +0100, Patrick Westenberg wrote:
> Jan-Frode Myklebust schrieb:
> 
> >MTA -(lmtp)-->  dovecot-director ---(lmtp)--->  backend-server1
> >\---(lmtp)--->  backend-server2
> >
> >
> >IMAP-user  -(imap)-->  dovecot-director --(imap) -->  backend-server1
> >   \--(imap) -->  backend-server2
> 
> In this scenario it should be possible to use a non cluster filesystem
> to store my mails, isn't it?

Yes, that should work fine -- assuming you have acceptable uptime on the
backend server that is hosting the messages. You also need to configure
a user<->backend-server mapping trough proxy extrafield to make sure
that the user lands on the correct server:

http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy


  -jf

Re: [Dovecot] modules directory

[Timo Sirainen]

On 24.11.2011, at 15.11, Johannes Berg wrote:

> I'm a little confused with how plugin loading works in dovecot 2, I
> can't seem to make it load from $(moduledir)/imap/. Is that intended to
> work? Just a configuration issue?
> 
> Reason I ask is that I ported my antispam plugin (I know there's a fork,
> but I still like mine better) to dovecot 2 and the default "make
> install" no longer loads properly with just "mail_plugins = antispam".
> 
> So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now,
> but I still see subdirectories for at least auth.

There's no /imap/ directory anymore, because it was annoying having to create 
symlinks to most of the plugins. Then with v2.0 there came new binaries and it 
wouldn't have made much sense adding lots of more directories with lots of more 
symlinks..

> Should I install into just $(moduledir)/ now?

Yep.

[Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)

[Patrick Westenberg]

Jan-Frode Myklebust schrieb:


MTA -(lmtp)-->  dovecot-director ---(lmtp)--->  backend-server1
\---(lmtp)--->  backend-server2


IMAP-user  -(imap)-->  dovecot-director --(imap) -->  backend-server1
   \--(imap) -->  backend-server2


In this scenario it should be possible to use a non cluster filesystem
to store my mails, isn't it?

Patrick

[Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)

[Patrick Westenberg]

Jan-Frode Myklebust schrieb:


Yes, and in ascii-art this becomes :-)

MTA -(lmtp)-->  dovecot-director ---(lmtp)--->  backend-server1
\---(lmtp)--->  backend-server2


IMAP-user  -(imap)-->  dovecot-director --(imap) -->  backend-server1
   \--(imap) -->  backend-server2


I failed creating a nice ascii view ;-)

However, I have some more questions:

- What happens if the MTA accepted a message but the backend-server 
fails and is unable to store it?


- What about load-balancing and/or failover?
Maybe all users on backend-server1 are fetching their mails causing high 
load while backend-server2 is idle.
Is it possible to specify more than one backend-server IPs as I can do 
for the database hosts for userdb queries?

[Dovecot] modules directory

[Johannes Berg]

Hi!

I'm a little confused with how plugin loading works in dovecot 2, I
can't seem to make it load from $(moduledir)/imap/. Is that intended to
work? Just a configuration issue?

Reason I ask is that I ported my antispam plugin (I know there's a fork,
but I still like mine better) to dovecot 2 and the default "make
install" no longer loads properly with just "mail_plugins = antispam".

So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now,
but I still see subdirectories for at least auth.

Should I install into just $(moduledir)/ now?

johannes

Re: [Dovecot] Indexes to MLC-SSD

[Patrick Westenberg]

On Tue, 22 Nov 2011 11:45:47 +0100, Jan-Frode Myklebust 
 wrote:


Ah, then Timo's reply was right. He suggested you do the 
lmtp-deliveries
to the same server that you would send you imap-user to.  You can do 
this

trough dovecot director and lmtp-proxying.

So instead of:

lmtp:unix:private/dovecot-lmtp

you should use:

lmtp:tcp:1.2.3.4:24

where 1.2.3.4 would be the Dovecot LMTP proxy that proxies to the 
same

machine as you would use for imap for this particular recipient.


I see.
So as far as I understood:

- I set up a new server as LMTP proxy for my two MX 10 to connect to
- the proxy redirects to my backend imap servers which will then store 
the mails on my shared storage and the index files to a local disk
(so I have to enable LMTP additionally to enable this servers to store 
the mails)
- I set up a frontend imap server for my users to connect to which will 
redirect them to the backend servers


Am I right so far?

Patrick

[Dovecot] How to create home directories for virtual users?

[Olli Räisänen]

Hello,

I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. 
Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home 
directory should not be the same as mail directory. When I create new user 
accounts with PostfixAdmin the mail directory is not a problem but is there 
some smart way to create the home directory as well (locating it for instance 
in '/srv/vmail/%d/%n/home')?

Regards,
Olli

Re: [Dovecot] Solaris hardware crypto engines

[Martin Preen]

Timo Sirainen wrote:

On Mon, 2011-11-21 at 23:49 +0100, Martin Preen wrote:


# /usr/sfw/bin/openssl engine
(pkcs11) PKCS #11 engine support


  ENGINE_set_default_RSA(e); ENGINE_set_default_DSA(e);
  ENGINE_set_default_ciphers(e);

in ssl_proxy_init() and inserting ENGINE_cleanup(); in ssl_proxy_deinit()
the crypto device gets used. I'm sure that this is not the whole story since
this only seems to affect the IMAP login.

It should work for POP3 as well, all of the SSL code is shared.

I couldn't find the EncryptUpdate call which has to be changed too
(due to the howto documents). Maybe some other call needs e patch.
But I don't know which.


What EncryptUpdate?.. I've anyway added the engine init/deinit calls in
your email to v2.1 hg. Lets hope it works :) At least it didn't break
when I tried it with "dynamic" value (which is the only engine my
OpenSSL supports).


Probably I'm wrong (I have no experience with SSL programming). I thught
the EncryptUpdate was necessary for the encoding of the SSL data stream.
But maybe there has to be a link between engine initialization and the
SSL contexts ?

Martin

---
Martin Preen, Universität Freiburg, Institut für Informatik
Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany

phone: ++49 761 203-8250  pr...@informatik.uni-freiburg.de
fax: ++49 761 203-8242swt.informatik.uni-freiburg.de/~preen



smime.p7s
Description: S/MIME Cryptographic Signature