Re: [Dovecot] Questions about Proxy/Director
Jan-Frode Myklebust schrieb: We use a clusterfs (so it's not very important which backend server the user is directed to), and have configured the dovecot director with: director_mail_servers = 192.168.42.7 192.168.42.8 192.168.42.9 192.168.42.10 192.168.42.11 192.168.42.28 192.168.42.29 director_servers = 192.168.42.15 192.168.42.17 passdb { args = proxy=y nopassword=y driver = static } which gives us loadbalancing of new logins, and also failover should a backend server fail. That looks nice. What is your frontend configuration? How many users do you have that you need that many backend servers? Are your index stored together with the mails? Patrick
Re: [Dovecot] How to create home directories for virtual users?
Timo Sirainen kirjoitti 2011-11-24 kello 21:29:46: > > It would be better if you used PostfixAdmin's "maildir" field as the > home directory, and then mail_location=~/Maildir. Thank you, Timo! (And thank you, Tom, for the simplification example!) I never thought ~/Maildir could refer to anything but UNIX system users! :) Timo's queries (beneath) work indeed. However, it took quite a while of testing, and I wonder if it really would cause some trouble if homedir and maildir were kept the same... Regards, Olli > Like the sql queries being: > > password_query = \ > SELECT username AS user, password, \ > CONCAT('/home/vmail/', maildir) AS userdb_home, \ > CONCAT('*:bytes=', quota) AS userdb_quota_rule \ > FROM mailbox \ > WHERE username = '%u' and ACTIVE = '1' > > user_query = \ > SELECT CONCAT('/home/vmail/', maildir) AS home, \ > CONCAT('*:bytes=', quota) AS quota_rule \ > FROM mailbox \ > WHERE username = '%u' AND active = '1' > > I used these in another PostfixAdmin server's install.
Re: [Dovecot] v2.1.rc1 released
On Thu, 2011-11-24 at 21:35 +0100, Miguel Tormo wrote: > El Jueves, 24 de Noviembre de 2011 20:25:47 Timo Sirainen escribió: > > I'm not sure if changing /etc/security/limits.conf helps. It's probably > > only used by PAM when user logs in, so if Dovecot is started in system > > bootup it's unlikely to have been even read yet. Also I think some OSes > > override the limits in /etc/init.d/ scripts. Of course, I could be > > completely wrong in all of the above, I haven't really tested any of > > it > > Well actually this is tricky, I'm not sure if it would work after a system > boot, but I'm sure it works after a reboot of the service. It is also true > what you say that some OSes override the limits in the /etc/init.d/ scripts, > for example issuing an 'ulimit -n 4096' (if using bash) before dropping > privileges (that should be inherited, but if privileges are dropped using > "su" or something that uses PAM, then the /etc/security/limits.conf file > comes into play again). > much simpler way without rebuilding is as Timo suggested, just pick your value #!/bin/sh # Start/stop dovecot. ulimit -n 16384 ... Be careful, building in kernel based higher limits means /every/ service and can lead to DoS, this way limits dovecot to 16384, but keeps other stuff like mysql at 4096, and everything else at 1024, bit safer. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.1.rc1 released
El Jueves, 24 de Noviembre de 2011 20:25:47 Timo Sirainen escribió: > I'm not sure if changing /etc/security/limits.conf helps. It's probably > only used by PAM when user logs in, so if Dovecot is started in system > bootup it's unlikely to have been even read yet. Also I think some OSes > override the limits in /etc/init.d/ scripts. Of course, I could be > completely wrong in all of the above, I haven't really tested any of > it Well actually this is tricky, I'm not sure if it would work after a system boot, but I'm sure it works after a reboot of the service. It is also true what you say that some OSes override the limits in the /etc/init.d/ scripts, for example issuing an 'ulimit -n 4096' (if using bash) before dropping privileges (that should be inherited, but if privileges are dropped using "su" or something that uses PAM, then the /etc/security/limits.conf file comes into play again). Another permanent way between reboots that I just googled is changing this line of includes/linux/fs.h: #define INR_OPEN 1024 /* Initial setting for nfile rlimits */ and recompile the kernel :P.
Re: [Dovecot] How to create home directories for virtual users?
On 24-11-11 20:29, Timo Sirainen wrote: > On Thu, 2011-11-24 at 21:23 +0200, Olli Räisänen wrote: >> Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47: >>> >>> How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail >>> as mailstore? >> >> Well, yes - at least the home directory will be created that way. Still, >> PostfixAdmin will not store the path in the maibox table home field. Perhaps >> it is enough to include the path in the Dovecot user_query? > > It would be better if you used PostfixAdmin's "maildir" field as the > home directory, and then mail_location=~/Maildir. Like the sql queries > being: > > password_query = \ > SELECT username AS user, password, \ > CONCAT('/home/vmail/', maildir) AS userdb_home, \ > CONCAT('*:bytes=', quota) AS userdb_quota_rule \ > FROM mailbox \ > WHERE username = '%u' and ACTIVE = '1' > > user_query = \ > SELECT CONCAT('/home/vmail/', maildir) AS home, \ > CONCAT('*:bytes=', quota) AS quota_rule \ > FROM mailbox \ > WHERE username = '%u' AND active = '1' > > I used these in another PostfixAdmin server's install. > I even simplified this up to: # taken from stock dovecot2 config userdb { driver = static args = uid=vmail gid=mail home=/var/spool/vmail/%u } mail_location = maildir:~/Maildir password_query = SELECT username AS user, password FROM mailbox WHERE username = '%u' AND active = '1' (no quota's, no special cases for home/mail directory configuration) -- Tom
Re: [Dovecot] How to create home directories for virtual users?
On Thu, 2011-11-24 at 21:23 +0200, Olli Räisänen wrote: > Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47: > > > > How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail > > as mailstore? > > Well, yes - at least the home directory will be created that way. Still, > PostfixAdmin will not store the path in the maibox table home field. Perhaps > it is enough to include the path in the Dovecot user_query? It would be better if you used PostfixAdmin's "maildir" field as the home directory, and then mail_location=~/Maildir. Like the sql queries being: password_query = \ SELECT username AS user, password, \ CONCAT('/home/vmail/', maildir) AS userdb_home, \ CONCAT('*:bytes=', quota) AS userdb_quota_rule \ FROM mailbox \ WHERE username = '%u' and ACTIVE = '1' user_query = \ SELECT CONCAT('/home/vmail/', maildir) AS home, \ CONCAT('*:bytes=', quota) AS quota_rule \ FROM mailbox \ WHERE username = '%u' AND active = '1' I used these in another PostfixAdmin server's install.
Re: [Dovecot] v2.1.rc1 released
On Thu, 2011-11-24 at 19:23 +0100, Miguel Tormo wrote: > The fd limit is the maximum number of concurrently open file descriptors per > process. It can be configured on a per-user basis. > You can check the actual value running 'ulimit -n'. It can be increased up to > the value set in /proc/sys/fs/file-max. You can set it editing > /etc/security/limits.conf. I'm not sure if changing /etc/security/limits.conf helps. It's probably only used by PAM when user logs in, so if Dovecot is started in system bootup it's unlikely to have been even read yet. Also I think some OSes override the limits in /etc/init.d/ scripts. Of course, I could be completely wrong in all of the above, I haven't really tested any of it :) > What the above comment means is that under max load the auth service could > need up to 4096 file descriptors open, that's more than the default in most > linux systems (1024). I wonder if there's a good reason for why auth default should be that high. Probably in earlier times imap/pop3 processes just weren't disconnecting early enough from auth. So I guess I'll just drop it back to default and this warning would go away in most systems. I had started to get a little bit annoyed at that warning myself also.
Re: [Dovecot] How to create home directories for virtual users?
Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47: > > How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail > as mailstore? Well, yes - at least the home directory will be created that way. Still, PostfixAdmin will not store the path in the maibox table home field. Perhaps it is enough to include the path in the Dovecot user_query? > Otherwise, postfixadmin has a post-create hook that is able to execute > arbitrary scripts, creating homedirs should be among the included > examples. If you are referring to maildir_name_hook in config.inc.php script, no, homedirs are not included (in Postfix Admin version 2.3.4). Thank you anyway, Tom! I must consider your advice. Olli
Re: [Dovecot] v2.1.rc1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miguel Tormo said the following on 24/11/11 19:23: > The fd limit is the maximum number of concurrently open file descriptors > per process. It can be configured on a per-user basis. You can check the > actual value running 'ulimit -n'. It can be increased up to the value set > in /proc/sys/fs/file-max. You can set it editing > /etc/security/limits.conf. What the above comment means is that under max > load the auth service could need up to 4096 file descriptors open, that's > more than the default in most linux systems (1024). > > However, in your case with just a dozen of mailboxes I don't think you'll > need to change it. Thank you for the explaination. Ciao, luigi - -- / +--[Luigi Rosa]-- \ A woman was in love with fourteen soldiers. It was clearly platoonic. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7OjRUACgkQ3kWu7Tfl6ZQXAwCgyD6LAUYQX7/x1PIFda5CoFjx IYsAniqFYvdk6y982XjvWsWc4G5t9zEC =70Em -END PGP SIGNATURE-
Re: [Dovecot] v2.1.rc1 released
El Jueves, 24 de Noviembre de 2011 19:04:12 Luigi Rosa escribió: > Timo Sirainen said the following on 24/11/11 01:46: > > > http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc1.tar.gz > > Works as advertised. > > I noticed this warining: > > Warning: fd limit (ulimit -n) is lower than required under max. load (1024 < > 4096), because of service auth { client_limit } > > What does exactly means? > > > The server we are talking about is my home server, a CentOS/64 with a dozen of > mailboxes. > The fd limit is the maximum number of concurrently open file descriptors per process. It can be configured on a per-user basis. You can check the actual value running 'ulimit -n'. It can be increased up to the value set in /proc/sys/fs/file-max. You can set it editing /etc/security/limits.conf. What the above comment means is that under max load the auth service could need up to 4096 file descriptors open, that's more than the default in most linux systems (1024). However, in your case with just a dozen of mailboxes I don't think you'll need to change it.
Re: [Dovecot] v2.1.rc1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo Sirainen said the following on 24/11/11 01:46: > http://dovecot.org/releases/2.1/rc/dovecot-2.1.rc1.tar.gz Works as advertised. I noticed this warining: Warning: fd limit (ulimit -n) is lower than required under max. load (1024 < 4096), because of service auth { client_limit } What does exactly means? The server we are talking about is my home server, a CentOS/64 with a dozen of mailboxes. Ciao, luigi - -- / +--[Luigi Rosa]-- \ Computers make excellent and efficient servants, but I have no wish to serve under them. Captain, a starship also runs on loyalty to one man. And nothing can replace it or him. --Spock, "The Ultimate Computer" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7OhxwACgkQ3kWu7Tfl6ZSJ0gCeIaS5ksyVHY3O9qOSCEyWUH2V By8AoMbUNSHBBc4102vScrozTOOkOeo+ =AZaL -END PGP SIGNATURE-
Re: [Dovecot] Problem with lmtp proxy
El Jueves, 24 de Noviembre de 2011 17:58:40 Timo Sirainen escribió: > On Thu, 2011-11-24 at 17:11 +0100, Miguel Tormo wrote: > > I think I'm missing something but I can't find what it is. To summarize: > > with lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank > > you for your help! > > The problem is: > > > ** cat dovecot-ldap.conf.ext ** > > auth_bind = yes > > auth_bind=yes requires a user authentication, but LMTP of course can't > authenticate a user. So it fails: > > > dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb > > doesn't support credential lookups > > Either try to get auth_bind=no working, or I think you can also set up a > separate passdb for lmtp: > > protocol lmtp { > passdb { > driver = ldap > args = some-other-ldap.conf > } > } > > And in this other ldap.conf have auth_bind=no, and possibly return > password field always as something like "foo". > I just configured your suggestion (set a separate passdb for lmtp with ldap and auth_bind = no ) and it works perfectly. Thank you very much!
Re: [Dovecot] Problem with lmtp proxy
On Thu, 2011-11-24 at 17:11 +0100, Miguel Tormo wrote: > I think I'm missing something but I can't find what it is. To summarize: with > lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank you for > your help! The problem is: > ** cat dovecot-ldap.conf.ext ** > auth_bind = yes auth_bind=yes requires a user authentication, but LMTP of course can't authenticate a user. So it fails: > dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb > doesn't support credential lookups Either try to get auth_bind=no working, or I think you can also set up a separate passdb for lmtp: protocol lmtp { passdb { driver = ldap args = some-other-ldap.conf } } And in this other ldap.conf have auth_bind=no, and possibly return password field always as something like "foo".
Re: [Dovecot] Problem with lmtp proxy
2011/11/24 Miguel Tormo > El Jueves, 24 de Noviembre de 2011 17:11:11 Miguel Tormo escribió: > > dn = cn=binduser,cn=Users,dc=edicom,dc=es > > Obviously this part should be "dn = cn=binduser,cn=Users,dc=domain,dc=com" > to be coherent with the rest. I replace the real domain and user names > used, but forgot this part :S. > >
Re: [Dovecot] Problem with lmtp proxy
El Jueves, 24 de Noviembre de 2011 17:11:11 Miguel Tormo escribió: > dn = cn=binduser,cn=Users,dc=edicom,dc=es Obviously this part should be "dn = cn=binduser,cn=Users,dc=domain,dc=com" to be coherent with the rest. I replace the real domain and user names used, but forgot this part :S.
Re: [Dovecot] How to create home directories for virtual users?
On 24-11-11 10:22, Olli Räisänen wrote: > Hello, > > I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. > Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home > directory should not be the same as mail directory. When I create new user > accounts with PostfixAdmin the mail directory is not a problem but is there > some smart way to create the home directory as well (locating it for instance > in '/srv/vmail/%d/%n/home')? > How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail as mailstore? Otherwise, postfixadmin has a post-create hook that is able to execute arbitrary scripts, creating homedirs should be among the included examples. -- Tom
[Dovecot] Problem with lmtp proxy
Hello everyone, I have set up postfix to deliver mails to dovecot (2.0.16) using LMTP. On the other hand, I've successfully configured the IMAP proxy setting in dovecot in order to be able to distribute mailboxes among different servers. I wanted to do the same proxy at LMTP level, but it's not working. If I put lmtp_proxy = no, then everything works ok (assuming the mailbox is local), but when I set lmtp_proxy = yes then the user is not found when deliverying the message via LMTP, so the mail remains in the postfix queue. Users are validated through active directory. However, this AD hasn't the SFU installed, thus its LDAP schema doesn't provide me with the required uid, gid, etc. To solve this, I have winbind configured in the system, so I'm doing this: - To validate users *and* be able to set the proxy extra fields, I use ldap as "passdb" (I believe it's not possible to use proxies with PAM). I'm using some LDAP field to store the host that has the user's mailbox. - In order to get the user account data that is not available in the AD, I use passwd as "userdb". I know that when using LMTP with proxy, a passdb needs to be configured. I assume this is needed for the service to lookup for the appropriate host to send the message. So, initially I set ldap as the passdb for LMTP, but just because it didn't work I put both ldap and passwd, and even a userdb (passwd), but the problems remain the same. Anyway the ldap should be the right one as it is there where I have the host information for each user. I think I'm missing something but I can't find what it is. To summarize: with lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank you for your help! This is my current config: * dovecot -n ** # 2.0.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.37-gentoo-edicom-1104 x86_64 Gentoo Base System release 1.12.14 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %n auth_verbose = yes base_dir = /var/run/dovecot/ listen = * lmtp_proxy = yes login_trusted_networks = 127.0.0.1 mail_debug = yes mail_location = maildir:~/maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmas...@domain.com protocols = imap pop3 sieve lmtp quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = root mode = 0600 user = root } } service imap { vsz_limit = 512 M } service lmtp { inet_listener lmtp { address = 192.168.0.90 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_cert = , res_matched: <> dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_free_request (origid 1, msgid 1) dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_parse_result dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_msgfree dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_result ld 0x16518d0 msgid -1 dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg ld 0x16518d0 msgid -1 (timeout 0 usec) dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg continue ld 0x16518d0 msgid -1 all 0 dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Connections: dovecot [2011-11-24 15:53:50] [err] auth: Error: * host: domain.com port: 389 (default) dovecot [2011-11-24 15:53:50] [err] auth: Error: refcnt: 1 status: Connected dovecot [2011-11-24 15:53:50] [err] auth: Error: last used: Thu Nov 24 15:53:50 2011 dovecot [2011-11-24 15:53:50] [err] auth: Error: dovecot [2011-11-24 15:53:50] [err] auth: Error: dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Outstanding Requests: dovecot [2011-11-24 15:53:50] [err] auth: Error:Empty dovecot [2011-11-24 15:53:50] [err] auth: Error: ld 0x16518d0 request count 0 (abandoned 0) dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Response Queue: dovecot [2011-11-24 15:53:50] [err] auth: Error:Empty dovecot [2011-11-24 15:53:50] [err] auth: Error: ld 0x16518d0 response count 0 dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList ld 0x16518d0 msgid -1 all 0 dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList returns ld 0x16518d0 NULL dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_int_select dovecot [2011-11-24 15:53:50] [info] lmtp(10506): Disconnect from local: Client quit (in reset)
Re: [Dovecot] How to create home directories for virtual users?
El 24/11/11 15:42, Simon Brereton escribió: On Nov 24, 2011 4:22 AM, "Olli Räisänen" wrote: Hello, I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home directory should not be the same as mail directory. When I create new user accounts with PostfixAdmin the mail directory is not a problem but is there some smart way to create the home directory as well (locating it for instance in '/srv/vmail/%d/%n/home')? Why do you need a home directory for virtual users? For storing files wich are not mails. Sieve rules, subscription files and so on. Aaaagur.
Re: [Dovecot] How to create home directories for virtual users?
On 24.11.2011, at 16.42, Simon Brereton wrote: >> Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home > > Why do you need a home directory for virtual users? It says right there in the wiki.
Re: [Dovecot] POP - preventing re-download with server move
Am 24.11.2011 15:46, schrieb Trutwin, Joshua: > Hi, > > Curious if anyone has any good suggestions to handle this. > > I try to get my hosting users to use IMAP but most use Outhouse and > the IMAP support is somewhat annoying for many so I typically have > them change their settings when using POP to leave copies on the > server. That way when they get the inevitable virus or wanna use > webmail they have a backup copy and webmail sees their saved mail. > > So now I have to move my sites to a new server and I'm trying to > avoid having all these messages re-downloaded by POP clients. Some > of the sites I've moved with low email usage have just dealt with the > re-download and cleaned up afterwards. I have a few other accounts > though that I'm more concerned about that have massive amounts of > stored email. > > The mail is stored in Maildirs - a sample file: 1280409166.23580.foo:2,S > > If I move this to server "bar" would renaming the file to > 1280409166.23580.bar:2,S prevent this somehow? > > Old server uses qmail-pop, new server uses dovecot 2.0. > > Thanks for any tips, > > Josh perhaps you can do it i.e like this use imapsync with diff between the two servers then block pop3 with firewall for public on the old one, run a last sync session, change dns and/or ip etc , users use new server i think this is the most secured way, i did it like this the problem by redownload may stay cause the pop3 clients have their own list of mail downloaded etc build by i.e with some one hashes i.e. http://kb.mozillazine.org/Popstate.dat and i dont know some way to press them to download anything -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
[Dovecot] POP - preventing re-download with server move
Hi, Curious if anyone has any good suggestions to handle this. I try to get my hosting users to use IMAP but most use Outhouse and the IMAP support is somewhat annoying for many so I typically have them change their settings when using POP to leave copies on the server. That way when they get the inevitable virus or wanna use webmail they have a backup copy and webmail sees their saved mail. So now I have to move my sites to a new server and I'm trying to avoid having all these messages re-downloaded by POP clients. Some of the sites I've moved with low email usage have just dealt with the re-download and cleaned up afterwards. I have a few other accounts though that I'm more concerned about that have massive amounts of stored email. The mail is stored in Maildirs - a sample file: 1280409166.23580.foo:2,S If I move this to server "bar" would renaming the file to 1280409166.23580.bar:2,S prevent this somehow? Old server uses qmail-pop, new server uses dovecot 2.0. Thanks for any tips, Josh
Re: [Dovecot] How to create home directories for virtual users?
On Nov 24, 2011 4:22 AM, "Olli Räisänen" wrote: > > Hello, > > I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. > Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home > directory should not be the same as mail directory. When I create new user > accounts with PostfixAdmin the mail directory is not a problem but is there > some smart way to create the home directory as well (locating it for instance > in '/srv/vmail/%d/%n/home')? Why do you need a home directory for virtual users? Simon
Re: [Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)
On Thu, Nov 24, 2011 at 02:35:55PM +0100, Patrick Westenberg wrote: > > - What happens if the MTA accepted a message but the backend-server > fails and is unable to store it? Your MTA will be notified about the failure trough SMTP/LMTP error codes, and retry if it was a temp-failure. > - What about load-balancing and/or failover? > Maybe all users on backend-server1 are fetching their mails causing > high load while backend-server2 is idle. > Is it possible to specify more than one backend-server IPs as I can > do for the database hosts for userdb queries? We use a clusterfs (so it's not very important which backend server the user is directed to), and have configured the dovecot director with: director_mail_servers = 192.168.42.7 192.168.42.8 192.168.42.9 192.168.42.10 192.168.42.11 192.168.42.28 192.168.42.29 director_servers = 192.168.42.15 192.168.42.17 passdb { args = proxy=y nopassword=y driver = static } which gives us loadbalancing of new logins, and also failover should a backend server fail. If you want to work with at local index and maildirs on NFS, you'll need to configure something smarter for selecting backend server. Maybe use proxy extrafield to specify a host for the user, and point this at a failover IP that will hang on the preferred server by default, but fail over to another working server if the preferred server fails.. http://wiki2.dovecot.org/PasswordDatabase/ExtraField -jf
Re: [Dovecot] modules directory
On Thu, 2011-11-24 at 16:15 +0200, Timo Sirainen wrote: > On 24.11.2011, at 16.13, Johannes Berg wrote: > > >>> Should I install into just $(moduledir)/ now? > >> > >> Yep. > > > > Alright, thanks! Do you remember if that would be compatible with older > > versions as well, or do those require it being in /imap/? > > What changed was that the default mail_plugin_dir changed from being > $moduledir/imap to just plain $moduledir. So older versions require it > being in imap/ by default. Ok, thanks. I'll find a way to make it depend on the version. johannes
Re: [Dovecot] modules directory
On 24.11.2011, at 16.13, Johannes Berg wrote: >>> Should I install into just $(moduledir)/ now? >> >> Yep. > > Alright, thanks! Do you remember if that would be compatible with older > versions as well, or do those require it being in /imap/? What changed was that the default mail_plugin_dir changed from being $moduledir/imap to just plain $moduledir. So older versions require it being in imap/ by default.
Re: [Dovecot] modules directory
On Thu, 2011-11-24 at 16:02 +0200, Timo Sirainen wrote: > On 24.11.2011, at 15.11, Johannes Berg wrote: > > > I'm a little confused with how plugin loading works in dovecot 2, I > > can't seem to make it load from $(moduledir)/imap/. Is that intended to > > work? Just a configuration issue? > > > > Reason I ask is that I ported my antispam plugin (I know there's a fork, > > but I still like mine better) to dovecot 2 and the default "make > > install" no longer loads properly with just "mail_plugins = antispam". > > > > So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now, > > but I still see subdirectories for at least auth. > > There's no /imap/ directory anymore, because it was annoying having to > create symlinks to most of the plugins. Then with v2.0 there came new > binaries and it wouldn't have made much sense adding lots of more > directories with lots of more symlinks.. > > > Should I install into just $(moduledir)/ now? > > Yep. Alright, thanks! Do you remember if that would be compatible with older versions as well, or do those require it being in /imap/? johannes
Re: [Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)
On Thu, Nov 24, 2011 at 02:38:43PM +0100, Patrick Westenberg wrote: > Jan-Frode Myklebust schrieb: > > >MTA -(lmtp)--> dovecot-director ---(lmtp)---> backend-server1 > >\---(lmtp)---> backend-server2 > > > > > >IMAP-user -(imap)--> dovecot-director --(imap) --> backend-server1 > > \--(imap) --> backend-server2 > > In this scenario it should be possible to use a non cluster filesystem > to store my mails, isn't it? Yes, that should work fine -- assuming you have acceptable uptime on the backend server that is hosting the messages. You also need to configure a user<->backend-server mapping trough proxy extrafield to make sure that the user lands on the correct server: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy -jf
Re: [Dovecot] modules directory
On 24.11.2011, at 15.11, Johannes Berg wrote: > I'm a little confused with how plugin loading works in dovecot 2, I > can't seem to make it load from $(moduledir)/imap/. Is that intended to > work? Just a configuration issue? > > Reason I ask is that I ported my antispam plugin (I know there's a fork, > but I still like mine better) to dovecot 2 and the default "make > install" no longer loads properly with just "mail_plugins = antispam". > > So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now, > but I still see subdirectories for at least auth. There's no /imap/ directory anymore, because it was annoying having to create symlinks to most of the plugins. Then with v2.0 there came new binaries and it wouldn't have made much sense adding lots of more directories with lots of more symlinks.. > Should I install into just $(moduledir)/ now? Yep.
[Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)
Jan-Frode Myklebust schrieb: MTA -(lmtp)--> dovecot-director ---(lmtp)---> backend-server1 \---(lmtp)---> backend-server2 IMAP-user -(imap)--> dovecot-director --(imap) --> backend-server1 \--(imap) --> backend-server2 In this scenario it should be possible to use a non cluster filesystem to store my mails, isn't it? Patrick
[Dovecot] Questions about Proxy/Director (was: Re: Indexes to MLC-SSD)
Jan-Frode Myklebust schrieb: Yes, and in ascii-art this becomes :-) MTA -(lmtp)--> dovecot-director ---(lmtp)---> backend-server1 \---(lmtp)---> backend-server2 IMAP-user -(imap)--> dovecot-director --(imap) --> backend-server1 \--(imap) --> backend-server2 I failed creating a nice ascii view ;-) However, I have some more questions: - What happens if the MTA accepted a message but the backend-server fails and is unable to store it? - What about load-balancing and/or failover? Maybe all users on backend-server1 are fetching their mails causing high load while backend-server2 is idle. Is it possible to specify more than one backend-server IPs as I can do for the database hosts for userdb queries?
[Dovecot] modules directory
Hi! I'm a little confused with how plugin loading works in dovecot 2, I can't seem to make it load from $(moduledir)/imap/. Is that intended to work? Just a configuration issue? Reason I ask is that I ported my antispam plugin (I know there's a fork, but I still like mine better) to dovecot 2 and the default "make install" no longer loads properly with just "mail_plugins = antispam". So is $(moduledir)/imap/ no longer used? I also notice acl/imap_acl now, but I still see subdirectories for at least auth. Should I install into just $(moduledir)/ now? johannes
Re: [Dovecot] Indexes to MLC-SSD
On Tue, 22 Nov 2011 11:45:47 +0100, Jan-Frode Myklebust wrote: Ah, then Timo's reply was right. He suggested you do the lmtp-deliveries to the same server that you would send you imap-user to. You can do this trough dovecot director and lmtp-proxying. So instead of: lmtp:unix:private/dovecot-lmtp you should use: lmtp:tcp:1.2.3.4:24 where 1.2.3.4 would be the Dovecot LMTP proxy that proxies to the same machine as you would use for imap for this particular recipient. I see. So as far as I understood: - I set up a new server as LMTP proxy for my two MX 10 to connect to - the proxy redirects to my backend imap servers which will then store the mails on my shared storage and the index files to a local disk (so I have to enable LMTP additionally to enable this servers to store the mails) - I set up a frontend imap server for my users to connect to which will redirect them to the backend servers Am I right so far? Patrick
[Dovecot] How to create home directories for virtual users?
Hello, I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home directory should not be the same as mail directory. When I create new user accounts with PostfixAdmin the mail directory is not a problem but is there some smart way to create the home directory as well (locating it for instance in '/srv/vmail/%d/%n/home')? Regards, Olli
Re: [Dovecot] Solaris hardware crypto engines
Timo Sirainen wrote: On Mon, 2011-11-21 at 23:49 +0100, Martin Preen wrote: # /usr/sfw/bin/openssl engine (pkcs11) PKCS #11 engine support ENGINE_set_default_RSA(e); ENGINE_set_default_DSA(e); ENGINE_set_default_ciphers(e); in ssl_proxy_init() and inserting ENGINE_cleanup(); in ssl_proxy_deinit() the crypto device gets used. I'm sure that this is not the whole story since this only seems to affect the IMAP login. It should work for POP3 as well, all of the SSL code is shared. I couldn't find the EncryptUpdate call which has to be changed too (due to the howto documents). Maybe some other call needs e patch. But I don't know which. What EncryptUpdate?.. I've anyway added the engine init/deinit calls in your email to v2.1 hg. Lets hope it works :) At least it didn't break when I tried it with "dynamic" value (which is the only engine my OpenSSL supports). Probably I'm wrong (I have no experience with SSL programming). I thught the EncryptUpdate was necessary for the encoding of the SSL data stream. But maybe there has to be a link between engine initialization and the SSL contexts ? Martin --- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250 pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242swt.informatik.uni-freiburg.de/~preen smime.p7s Description: S/MIME Cryptographic Signature