Re: [Dovecot] LDAP Authentication - Home Directory Creation
Timo Sirainen wrote: > On 2.12.2011, at 1.03, Sven Hartge wrote: >> Timo Sirainen wrote: >>> I hope some day there won't be any problems with Dovecot using >>> multiple UIDs. >> >> Meaning? > There are different problems with multiple UIDs that are more > difficult to solve than with a single UID. How to manage them, how to > handle shared mailboxes, how to create home dirs automatically, > probably other things. There are ways to solve these problems in one > way or another. Ah, yes, shared folders. I remember now, this is why we changed from using real users to a virtual user in the beginning (using Courier), because implementing this feature with real users was real pain in the lower backside. Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] LDAP Authentication - Home Directory Creation
On 2.12.2011, at 1.03, Sven Hartge wrote: > Timo Sirainen wrote: >> On 2.12.2011, at 0.41, Sven Hartge wrote: > >>> Or switch to a virtual setup, where the users don't get real users on >>> the imap server (they can't log in, so they don't need any real user >>> on that server) and every mail is owned by your virtual mail user. > >> Well, it of course makes things easier, but from security point of >> view it's worse.. > > Of course. But using real users only works if every user is a PosixUser > in LDAP (i.e. has a uidNumber and gidNumber). If this is not the case, > then you are forced to use a virtual mail user setup. Currently at least. This could be automated in a few ways.. Like simplest: uid = 1000 + md5sum(username) mod 64000. That won't necessarily be unique of course, but it's still better than mod 1. :) >> I hope some day there won't be any problems with Dovecot using >> multiple UIDs. > > Meaning? There are different problems with multiple UIDs that are more difficult to solve than with a single UID. How to manage them, how to handle shared mailboxes, how to create home dirs automatically, probably other things. There are ways to solve these problems in one way or another.
Re: [Dovecot] LDAP Authentication - Home Directory Creation
Timo Sirainen wrote: > On 2.12.2011, at 0.41, Sven Hartge wrote: >> Or switch to a virtual setup, where the users don't get real users on >> the imap server (they can't log in, so they don't need any real user >> on that server) and every mail is owned by your virtual mail user. > Well, it of course makes things easier, but from security point of > view it's worse.. Of course. But using real users only works if every user is a PosixUser in LDAP (i.e. has a uidNumber and gidNumber). If this is not the case, then you are forced to use a virtual mail user setup. > I hope some day there won't be any problems with Dovecot using > multiple UIDs. Meaning? Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] LDAP Authentication - Home Directory Creation
On 2.12.2011, at 0.41, Sven Hartge wrote: > Or switch to a > virtual setup, where the users don't get real users on the imap server > (they can't log in, so they don't need any real user on that server) and > every mail is owned by your virtual mail user. Well, it of course makes things easier, but from security point of view it's worse.. I hope some day there won't be any problems with Dovecot using multiple UIDs.
Re: [Dovecot] LDAP Authentication - Home Directory Creation
Stephen Bowman wrote: > How does everyone handle this case? > Users are authenticated by LDAP, and do not have accounts on the > IMAP/dovecot server. When a new user is added to LDAP, the home > directory (/home/newuser) needs to be created on the IMAP/dovecot > server so dovecot can create the mail directories inside it > (/home/newuser/mail/). chmod /home to 1777 and let dovecot create the directory. Or switch to a virtual setup, where the users don't get real users on the imap server (they can't log in, so they don't need any real user on that server) and every mail is owned by your virtual mail user. Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] dovecot-lda quota rule
micah anderson writes: > On Wed, 16 Nov 2011 11:09:12 -0500, micah anderson wrote: >> On Tue, 15 Nov 2011 22:27:20 +0200, Timo Sirainen wrote: >> > On Thu, 2011-11-10 at 13:59 -0500, Micah Anderson wrote: >> > > I really like the feature where you can define quota rules with percents >> > > which trigger off of the default values[0] (so you can set the Trash to >> > > allow for 10% more of the user's quota for example). >> > > >> > > What I would really love in dovecot would be for the ability to >> > > configure a quota rule for dovecot-lda. I would like to configure things >> > > so we don't bounce emails for users until they are well over quota, the >> > > IMAP quota plugin is a really great way to notify people that they are >> > > over quota because it fails to write to other folders that should be >> > > enough to get people's attention that they need to deal with things, but >> > > bouncing is harsh. >> > >> > You can give LDA-specific quota settings. Like maybe: >> > >> > protocol lda { >> > plugin { >> > quota_rule2 = INBOX:storage=200% >> > } >> > } > > I just tried doing this, and I started bouncing mail for everyone > because they were over quota (even when they arent), so I am clearly > missing something in how I have it configured. This is what I have: Solved, thanks to tss on irc... My problem was the dovecot-lda invocation was not passing the -d parameter, so no userdb quota rules were being applied. micah
Re: [Dovecot] LDAP Authentication - Home Directory Creation
On 1.12.2011, at 19.26, Stephen Bowman wrote: > How does everyone handle this case? > > Users are authenticated by LDAP, and do not have accounts on the IMAP/dovecot > server. When a new user is added to LDAP, the home directory (/home/newuser) > needs to be created on the IMAP/dovecot server so dovecot can create the mail > directories inside it (/home/newuser/mail/). Dovecot creates the home directory automatically if it has permissions to do it. So I guess in your case the mail user doesn't have permissions to do it and only root can create it?
Re: [Dovecot] LDAP Authentication - Home Directory Creation
On 01-12-11 18:26, Stephen Bowman wrote: > How does everyone handle this case? > > Users are authenticated by LDAP, and do not have accounts on the > IMAP/dovecot server. When a new user is added to LDAP, the home > directory (/home/newuser) needs to be created on the IMAP/dovecot > server so dovecot can create the mail directories inside it > (/home/newuser/mail/). > > Obviously I can come up with a few custom solutions, utilizing cron, > but I feel like there's a cleaner solution out there. How about http://wiki.dovecot.org/PostLoginScripting and something containing 'mkdir -p' ? -- Tom
[Dovecot] LDAP Authentication - Home Directory Creation
How does everyone handle this case? Users are authenticated by LDAP, and do not have accounts on the IMAP/dovecot server. When a new user is added to LDAP, the home directory (/home/newuser) needs to be created on the IMAP/dovecot server so dovecot can create the mail directories inside it (/home/newuser/mail/). Obviously I can come up with a few custom solutions, utilizing cron, but I feel like there's a cleaner solution out there. Thanks!
Re: [Dovecot] MS Exchange IMAP Proxy
Thanks! I'll take a look. Terry - Message from Stan Hoeppner - Date: Wed, 30 Nov 2011 22:44:35 -0600 From: Stan Hoeppner Reply-To: s...@hardwarefreak.com Subject: Re: [Dovecot] MS Exchange IMAP Proxy To: dovecot@dovecot.org On 11/30/2011 2:36 PM, Terry Carmen wrote: I need to make the IMAP interface of an Exchange 2000 server available on the net, however I would like to give it a little protection, and believe Dovecot's IMAP proxy might be appropriate. Does anybody have a *really simple* config that would allow IMAP pass-through to a single Exchange server? The examples I've seen all assume some sort of load balancing, which isn't an issue here, so I'd like to eliminate the need for an unnecessary database server. Does Dovecot do any cleanup of the IMAP commands that would be useful in protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I barking up the wrong tree? If Dovecot isn't helpful for this, can anybody point me to a better resource? Look into the SM IMAP Proxy. It was designed for a different purpose, but may work well for your scenario: http://imapproxy.org/index.html -- Stan - End message from Stan Hoeppner - -- Terry Carmen CNY Support, LLC https://www.cnysupport.com
[Dovecot] v2.1.rc1 missing SnowballAnalyzer.h
While trying to test v.2.1.rc1 with configure \ --with-lucene \ --without-stemmer \ [...] I get the following error: [...] /bin/sh ../../../libtool --tag=CXX --mode=compile i686-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-mail -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/plugins/fts -I../../../src/doveadm -O2 -march=i686 -pipe -c -o lucene-wrapper.lo lucene-wrapper.cc libtool: compile: i686-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-mail -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/plugins/fts -I../../../src/doveadm -O2 -march=i686 -pipe -c lucene-wrapper.cc -fPIC -DPIC -o .libs/lucene-wrapper.o lucene-wrapper.cc:26:30: fatal error: SnowballAnalyzer.h: No such file or directory compilation terminated. make[4]: *** [lucene-wrapper.lo] Error 1 The offending line in lucene-wrapper.cc is: #include "SnowballAnalyzer.h" Sure enough, there is no SnowballAnalyzer.h in the tarball. Looks like a missing a backslash in src/plugins/fts-lucene/Makefile.am: [...] noinst_HEADERS = \ fts-lucene-plugin.h \ lucene-wrapper.h SnowballAnalyzer.h \ SnowballFilter.h -- Eray Aslan
Re: [Dovecot] dsync(root): Fatal: execvp() failed: No such file or directory
On 1.12.2011, at 10.33, Yaroslav Boychuk wrote: > dsync -f -v mirror \ >mbox:$h/mail:INBOX=$h/INBOX \ >maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \ dsync -f -v mirror \ -o mail=mbox:$h/mail:INBOX=$h/INBOX \ maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \
[Dovecot] dsync(root): Fatal: execvp() failed: No such file or directory
Hi everybody, I try to convert mbox to maildir using local locations /root/mail is a dir with mboxes /root/INBOX is mbox file h=/root dsync -f -v mirror \ mbox:$h/mail:INBOX=$h/INBOX \ maildir:$h/Maildir:CONTROL=$h/dovecot:INDEX=$h/dovecot \ as result I have dsync(root): Fatal: execvp(mbox:/root/mail:INBOX=/root/INBOX) failed: No such file or directory dsync-local(root): Error: read() from worker server failed: EOF thank you for any help FreeBSD, dovecot 2.0.15
Re: [Dovecot] MS Exchange IMAP Proxy
Terry Carmen (Mi 30 Nov 2011 21:36:46 CET): > useful in protecting Exchange (from this, > http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I > barking up the wrong tree? > > If Dovecot isn't helpful for this, can anybody point me to a better resource? Some time ago wie used "perdition", but I do not know, if it has sanitizing features beyond just being a proxy for the IMAP protocol. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B signature.asc Description: Digital signature