Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Sven Hartge]

Timo Sirainen  wrote:
> On 2.12.2011, at 1.03, Sven Hartge wrote:
>> Timo Sirainen  wrote:

>>> I hope some day there won't be any problems with Dovecot using
>>> multiple UIDs.
>> 
>> Meaning?

> There are different problems with multiple UIDs that are more
> difficult to solve than with a single UID. How to manage them, how to
> handle shared mailboxes, how to create home dirs automatically,
> probably other things. There are ways to solve these problems in one
> way or another.

Ah, yes, shared folders.

I remember now, this is why we changed from using real users to a
virtual user in the beginning (using Courier), because implementing this
feature with real users was real pain in the lower backside.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Timo Sirainen]

On 2.12.2011, at 1.03, Sven Hartge wrote:

> Timo Sirainen  wrote:
>> On 2.12.2011, at 0.41, Sven Hartge wrote:
> 
>>> Or switch to a virtual setup, where the users don't get real users on
>>> the imap server (they can't log in, so they don't need any real user
>>> on that server) and every mail is owned by your virtual mail user.
> 
>> Well, it of course makes things easier, but from security point of
>> view it's worse.. 
> 
> Of course. But using real users only works if every user is a PosixUser
> in LDAP (i.e. has a uidNumber and gidNumber). If this is not the case,
> then you are forced to use a virtual mail user setup.

Currently at least. This could be automated in a few ways.. Like simplest: uid 
= 1000 + md5sum(username) mod 64000. That won't necessarily be unique of 
course, but it's still better than mod 1. :)

>> I hope some day there won't be any problems with Dovecot using
>> multiple UIDs.
> 
> Meaning?

There are different problems with multiple UIDs that are more difficult to 
solve than with a single UID. How to manage them, how to handle shared 
mailboxes, how to create home dirs automatically, probably other things. There 
are ways to solve these problems in one way or another.

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Sven Hartge]

Timo Sirainen  wrote:
> On 2.12.2011, at 0.41, Sven Hartge wrote:

>> Or switch to a virtual setup, where the users don't get real users on
>> the imap server (they can't log in, so they don't need any real user
>> on that server) and every mail is owned by your virtual mail user.

> Well, it of course makes things easier, but from security point of
> view it's worse.. 

Of course. But using real users only works if every user is a PosixUser
in LDAP (i.e. has a uidNumber and gidNumber). If this is not the case,
then you are forced to use a virtual mail user setup.

> I hope some day there won't be any problems with Dovecot using
> multiple UIDs.

Meaning?

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Timo Sirainen]

On 2.12.2011, at 0.41, Sven Hartge wrote:

> Or switch to a
> virtual setup, where the users don't get real users on the imap server
> (they can't log in, so they don't need any real user on that server) and
> every mail is owned by your virtual mail user.

Well, it of course makes things easier, but from security point of view it's 
worse.. I hope some day there won't be any problems with Dovecot using multiple 
UIDs.

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Sven Hartge]

Stephen Bowman  wrote:

> How does everyone handle this case?

> Users are authenticated by LDAP, and do not have accounts on the
> IMAP/dovecot server.  When a new user is added to LDAP, the home
> directory (/home/newuser) needs to be created on the IMAP/dovecot
> server so dovecot can create the mail directories inside it
> (/home/newuser/mail/).  

chmod /home to 1777 and let dovecot create the directory. Or switch to a
virtual setup, where the users don't get real users on the imap server
(they can't log in, so they don't need any real user on that server) and
every mail is owned by your virtual mail user.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] dovecot-lda quota rule

[Micah Anderson]

micah anderson  writes:

> On Wed, 16 Nov 2011 11:09:12 -0500, micah anderson  wrote:
>> On Tue, 15 Nov 2011 22:27:20 +0200, Timo Sirainen  wrote:
>> > On Thu, 2011-11-10 at 13:59 -0500, Micah Anderson wrote:
>> > > I really like the feature where you can define quota rules with percents
>> > > which trigger off of the default values[0] (so you can set the Trash to
>> > > allow for 10% more of the user's quota for example). 
>> > > 
>> > > What I would really love in dovecot would be for the ability to
>> > > configure a quota rule for dovecot-lda. I would like to configure things
>> > > so we don't bounce emails for users until they are well over quota, the
>> > > IMAP quota plugin is a really great way to notify people that they are
>> > > over quota because it fails to write to other folders that should be
>> > > enough to get people's attention that they need to deal with things, but
>> > > bouncing is harsh.
>> > 
>> > You can give LDA-specific quota settings. Like maybe:
>> > 
>> > protocol lda {
>> >   plugin {
>> > quota_rule2 = INBOX:storage=200%
>> >   }
>> > }
>
> I just tried doing this, and I started bouncing mail for everyone
> because they were over quota (even when they arent), so I am clearly
> missing something in how I have it configured. This is what I have:

Solved, thanks to tss on irc... My problem was the dovecot-lda
invocation was not passing the -d parameter, so no userdb quota rules
were being applied.

micah

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Timo Sirainen]

On 1.12.2011, at 19.26, Stephen Bowman wrote:

> How does everyone handle this case?
> 
> Users are authenticated by LDAP, and do not have accounts on the IMAP/dovecot 
> server.  When a new user is added to LDAP, the home directory (/home/newuser) 
> needs to be created on the IMAP/dovecot server so dovecot can create the mail 
> directories inside it (/home/newuser/mail/).  

Dovecot creates the home directory automatically if it has permissions to do 
it. So I guess in your case the mail user doesn't have permissions to do it and 
only root can create it?

Re: [Dovecot] LDAP Authentication - Home Directory Creation

[Tom Hendrikx]

On 01-12-11 18:26, Stephen Bowman wrote:
> How does everyone handle this case?
> 
> Users are authenticated by LDAP, and do not have accounts on the
> IMAP/dovecot server.  When a new user is added to LDAP, the home
> directory (/home/newuser) needs to be created on the IMAP/dovecot
> server so dovecot can create the mail directories inside it
> (/home/newuser/mail/).
> 
> Obviously I can come up with a few custom solutions, utilizing cron,
> but I feel like there's a cleaner solution out there.

How about http://wiki.dovecot.org/PostLoginScripting and something
containing 'mkdir -p' ?

--
Tom

[Dovecot] LDAP Authentication - Home Directory Creation

[Stephen Bowman]

How does everyone handle this case?

Users are authenticated by LDAP, and do not have accounts on the IMAP/dovecot 
server.  When a new user is added to LDAP, the home directory (/home/newuser) 
needs to be created on the IMAP/dovecot server so dovecot can create the mail 
directories inside it (/home/newuser/mail/).  

Obviously I can come up with a few custom solutions, utilizing cron, but I feel 
like there's a cleaner solution out there.

Thanks!

Re: [Dovecot] MS Exchange IMAP Proxy

[Terry Carmen]

Thanks! I'll take a look.

Terry


- Message from Stan Hoeppner  -
Date: Wed, 30 Nov 2011 22:44:35 -0600
From: Stan Hoeppner 
Reply-To: s...@hardwarefreak.com
 Subject: Re: [Dovecot] MS Exchange IMAP Proxy
  To: dovecot@dovecot.org



On 11/30/2011 2:36 PM, Terry Carmen wrote:

I need to make the IMAP interface of an Exchange 2000 server available
on the net, however I would like to give it a little protection, and
believe Dovecot's IMAP proxy might be appropriate.

Does anybody have a *really simple* config that would allow IMAP
pass-through to a single Exchange server?

The examples I've seen all assume some sort of load balancing, which
isn't an issue here, so I'd like to eliminate the need for an
unnecessary database server.

Does Dovecot do any cleanup of the IMAP commands that would be useful in
protecting Exchange (from this,
http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I
barking up the wrong tree?

If Dovecot isn't helpful for this, can anybody point me to a better
resource?


Look into the SM IMAP Proxy.  It was designed for a different purpose,
but may work well for your scenario:

http://imapproxy.org/index.html

--
Stan



- End message from Stan Hoeppner  -


--
Terry Carmen
CNY Support, LLC
https://www.cnysupport.com

[Dovecot] v2.1.rc1 missing SnowballAnalyzer.h

[Eray Aslan]

While trying to test v.2.1.rc1 with

configure \
--with-lucene \
--without-stemmer \
[...]

I get the following error:
[...]
/bin/sh ../../../libtool --tag=CXX   --mode=compile
i686-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../..  -I../../../src/lib
-I../../../src/lib-mail -I../../../src/lib-index
-I../../../src/lib-storage -I../../../src/plugins/fts
-I../../../src/doveadm   -O2 -march=i686 -pipe -c -o lucene-wrapper.lo
lucene-wrapper.cc
libtool: compile:  i686-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../..
-I../../../src/lib -I../../../src/lib-mail -I../../../src/lib-index
-I../../../src/lib-storage -I../../../src/plugins/fts
-I../../../src/doveadm -O2 -march=i686 -pipe -c lucene-wrapper.cc  -fPIC
-DPIC -o .libs/lucene-wrapper.o
lucene-wrapper.cc:26:30: fatal error: SnowballAnalyzer.h: No such file
or directory
compilation terminated.
make[4]: *** [lucene-wrapper.lo] Error 1

The offending line in lucene-wrapper.cc is:
#include "SnowballAnalyzer.h"

Sure enough, there is no SnowballAnalyzer.h in the tarball.
Looks like a missing a backslash in src/plugins/fts-lucene/Makefile.am:
[...]
noinst_HEADERS = \
fts-lucene-plugin.h \
lucene-wrapper.h
SnowballAnalyzer.h \
SnowballFilter.h


-- 
Eray Aslan

Re: [Dovecot] dsync(root): Fatal: execvp() failed: No such file or directory

[Timo Sirainen]

On 1.12.2011, at 10.33, Yaroslav Boychuk wrote:

> dsync -f -v mirror \
>mbox:$h/mail:INBOX=$h/INBOX \
>maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \

dsync -f -v mirror \
   -o mail=mbox:$h/mail:INBOX=$h/INBOX \
   maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \

[Dovecot] dsync(root): Fatal: execvp() failed: No such file or directory

[Yaroslav Boychuk]

Hi everybody,

I try to convert mbox to maildir using local locations

/root/mail is a dir with mboxes
/root/INBOX is mbox file

h=/root
dsync -f -v mirror \
mbox:$h/mail:INBOX=$h/INBOX \
maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \


as result I have

dsync(root): Fatal: execvp(mbox:/root/mail:INBOX=/root/INBOX) failed: No 
such file or directory

dsync-local(root): Error: read() from worker server failed: EOF

thank you for any help

FreeBSD, dovecot 2.0.15

Re: [Dovecot] MS Exchange IMAP Proxy

[Heiko Schlittermann]

Terry Carmen  (Mi 30 Nov 2011 21:36:46 CET):
> useful in protecting Exchange (from this,
> http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I
> barking up the wrong tree?
> 
> If Dovecot isn't helpful for this, can anybody point me to a better resource?

Some time ago wie used "perdition", but I do not know, if it has
sanitizing features beyond just being a proxy for the IMAP protocol.

-- 
Heiko :: dresden : linux : SCHLITTERMANN.de
GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B


signature.asc
Description: Digital signature