Re: [Dovecot] From Maildir back to smtp
On 23/02/2012 21:41, Marc Perkel wrote: Not sure how this can be done. Right now I'm running a free backup MX record service. People point their high MX records to my servers and if they go down we store the email. When they come back up it's delivered. What I want to do is have a premium service that would allow them to view through IMAP the stored email. In order to do that I would have to deliver the email locally to a dovecot server - to a single account perhaps - and they can view/forward/delete etc. But - when their server comes back online I'd like to gather up all the delivered email stored in Maildir format and run it back into smtp for delivery. I'm thinking it would be possible to use dsync for this? Ideally you would have to have a way to maintain a duplicate of the AUTH database, so that users could use their current passwords for accessing it (this would obviously require the approval and cooperation of whoever you are providing this service to), but this way you could store each users mail individually and provide relatively painless access (since all each user would need to know is the backup host name and their username/password). You'd have to configure a script on your end to: 1. determine a reliable way to differentiate between a temp-fail situation on the primary (in which case you just act as a normal backup MX), or an extended outage (15 minutes? 1 hour? I'd probably let the customer decide this one), which would determine when you start actually taking delivery of their mail to the 'standby' server 2. monitor for when the primary comes back online 3. wait xx interval to make sure the primary stays up (again, I'd let the customer decide this, but with a sane minimum that you define) 4. once the primary stays up for the required interval, dsync a one way 'dump' of the stored mails, being sure to test for success - and this process would obviously have to take into account the possibility of the primary going down again in the middle of the dsync 5. mv successfully restored mails on the backup mx to a temp location for xx 'safety' interval 'just in case' 6. delete the backed-up/stored mail that has been successfully dsync'd after the safety interval has elapsed -- Best regards, Charles
[Dovecot] Apple od/ad authentication problem
Hello all. Im pretty new to dovecot and postfix world. I'm completely stumped. OS X 10.7.3, behind a Cisco asa NAT. When trying to authenticate (ssl or not) via the webmail interface I get this error... NAT IP is the public ip I assigned. It doesn't work for an AD account or an account local to the Mac server. However it DOES work on the internal LAN. Feb 22 18:15:36 mail dovecot[3501]: auth: Error: od (username,natIP): verify plain: lookup failed for user: username Feb 22 18:15:51 mail dovecot[3501]: auth: Error: od[getpwnam_ext](username,natIP): No record for user I figured I'm missing something in the dovecot config. I have followed apple's kb articles for AD webmail authentication and kerberos, and that works internally.
[Dovecot] iPhone and custom imap folders problem
Hi Im using Dovecot 1.0.10 and everything seems work ok except one client He is accessing his mailbox using iPhone There are several custom folders created and mail is directed to them using procmail The problem is iPhone mail app only sees changes in INBOX and when new mail arrives to other folders it will not see it unlers user accesses this particular folder Is there some kind of workaround for this? Im quite sure its iPhones fault as all other email clients are workin perfectly fine.
[Dovecot] Virtual Folders
Hello, I am trying to get virtual folders to work properly, and I can't seem to. I will be as detailed as possible to remove confusion. Thank you in advance. Goal: Essentially, a gmail clone, but one that I can make work on cPanel hosts with roundcube and squirrel mail, etc. By default, cpanel creates user mail dir structure of (maildir++) inbox, drafts, sent, junk, and trash (with no dovecot specific files until first login) I would like to replace all those folders with virtual representations with more capabilities. I would like to achieve the conversation view that gmail has pulled off so well. cPanel, stock, generates the following dovecot -n: (i am still not sure how it negotiates mail_location yet) # 1.2.17: /etc/dovecot.conf # OS: Linux 2.6.18-238.5.1.el5xen x86_64 CentOS release 5.7 (Final) ssl_cert_file: /etc/dovecot/ssl/dovecot.crt ssl_key_file: /etc/dovecot/ssl/dovecot.key ssl_cipher_list: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_process_per_connection: no login_processes_count: 10 login_max_processes_count: 100 login_max_connections: 500 mail_max_userip_connections: 200 maildir_copy_preserve_filename: yes mail_plugins: quota imap_quota namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmas...@example.com auth default: mechanisms: plain login cache_size: 2048 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+% passdb: driver: checkpassword args: /usr/local/cpanel/bin/dovecot-auth userdb: driver: prefetch socket: type: listen client: path: /var/run/dovecot/auth-client mode: 438 plugin: quota: maildir quota_rule: Trash:ignore I started a test box with Debian running the same version of dovecot (1.2.x) and on that system I run into problems every time I make a virtual folder a root folder. I assume it is trying to look up a normal folder instead of the virtual ones and I am confusing it. So I came here because it would be really really neat if I could pull this off. Again, thank you in advance. -cornfeed
Re: [Dovecot] iPhone and custom imap folders problem
On 2012-02-24 9:22 AM, Przemysław.Orzechowski przemek.orzechow...@makolab.pl wrote: Im using Dovecot 1.0.10 Very old - an upgrade would likeley fix your problems... -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax
Re: [Dovecot] Apple od/ad authentication problem
On Fri, Feb 24, 2012 at 08:55:57AM -0500, Troy Shafer wrote: Hello all. Im pretty new to dovecot and postfix world. I'm completely stumped. OS X 10.7.3, behind a Cisco asa NAT. Deactivate the SMTP improvements your ASA helpfully provide. Dennis [..]
[Dovecot] Maildir migration: Courier-imap 4.4.3 to Dovecot 1.2.
Hi all. I am currently gathering information about migration of Maildir/ structures from Courier to Dovecot. What do you think about http://wiki.dovecot.org/Migration/Courier ? For each courier Maildir account I want to use http://www.dovecot.org/tools/courier-dovecot-migrate.pl to produce dovecot-uidlist file mv courierimapsubscribed subscriptions sed sed -i 's/INBOX\.//' subscriptions rm -r courierimaphieracl rm courierimapacl rm courierimapkeywords I want also to leave default pop3_uidl_format (%08Xu%08Xv) in dovecot.conf Should I look into something else? Have I missed something? Best regards, Rafal.
Re: [Dovecot] Apple od/ad authentication problem
Looking over the running config I don't see anything relating to smtp. I'm not using the esmtp inspection either. Am I looking in the wrong place? Would this cause the error I'm getting in mailaccess log? - Troy On Feb 24, 2012, at 10:11 AM, Dennis Guhl d...@dguhl.org wrote: On Fri, Feb 24, 2012 at 08:55:57AM -0500, Troy Shafer wrote: Hello all. Im pretty new to dovecot and postfix world. I'm completely stumped. OS X 10.7.3, behind a Cisco asa NAT. Deactivate the SMTP improvements your ASA helpfully provide. Dennis [..]
[Dovecot] Mail delivery to subfolders via address extension, and prefered lda method
Hi, I want to deliver mails directly to subfolders, based on address extensions. Example: Emails sent to: micha+t...@example.com Should be stored into user micha, folder INBOX.test I was able to reproduce this with exim and dovecot-lda: command = /usr/lib/dovecot/dovecot-lda -e -m INBOX.${substr_1:$local_part_suffix} But I was wondering if I could do this within dovecot, which would enable me to use LMTP instead of dovecot-lda. Which brings me to my second question: Which method is better for dovecot, lda or LMTP? Micha Krause
Re: [Dovecot] iPhone and custom imap folders problem
On 2012-02-24 6:22 AM, Przemysław.Orzechowski wrote: Hi Im using Dovecot 1.0.10 and everything seems work ok except one client He is accessing his mailbox using iPhone There are several custom folders created and mail is directed to them using procmail The problem is iPhone mail app only sees changes in INBOX and when new mail arrives to other folders it will not see it unlers user accesses this particular folder Is there some kind of workaround for this? Im quite sure its iPhones fault as all other email clients are workin perfectly fine. As far as I know, that is a limitation of the iPhone mail client: it only IDLEs on the currently selected folder, and it only checks the currently selected folder for new messages. You will not see new mail for the other folders unless you select them. -Greg signature.asc Description: OpenPGP digital signature
Re: [Dovecot] iPhone and custom imap folders problem
On 24.02.2012 15:47, Charles Marcus wrote: On 2012-02-24 9:22 AM, Przemysław.Orzechowski przemek.orzechow...@makolab.pl wrote: Im using Dovecot 1.0.10 Very old - an upgrade would likeley fix your problems... A client of mine using iPhone1 has the same problem on Dovecot 2.0.15. Only inbox is synced automatically. -- Adam Szpakowski
Re: [Dovecot] How to limit max number of connections for ip address
Hi Timo: My question was because constantly we received brute force attack from some of ip address which uses pop3 service to affect dovecot's login proccess. For example: Error: Temporary failure in creating login processes, slowing down for now pop3-login: Info: Aborted login (auth failed, 1 attempts): user=admin, method=PLAIN, rip=A.B.C.D, Info: Aborted login (auth failed, 1 attempts): user=useradmin, method=PLAIN, rip=A.B.C.D, lip=X.Y.Z.A pop3-login: Info: Aborted login (auth failed, 1 attempts): user=admin123, method=PLAIN, rip=A.B.C.D, lip=X.Y.Z.A pop3-login: Info: Aborted login (auth failed, 1 attempts): user=administrator, method=PLAIN, rip=A.B.C.D, lip=X.Y.Z.A pop3-login: Info: Aborted login (auth failed, 1 attempts): user=adm, method=PLAIN, rip=A.B.C.D, lip=X.Y.Z.A auth(default): Info: shadow(best,A.B.C.D): unknown user dovecot: Error: pipe() failed: Too many open files dovecot: Error: Temporary failure in creating login processes, slowing down for now In the log above from dovecto.log file, we observed a lot of conections from IP address A.B.C.D to our email server with ip address X.Y.Z.A using pop3 login process. Is possible prevent this type of attacks with any dovecot option (maybe limit the number of max connections from one ip address or maybe upgrading my dovecot version)? Thanks for you help and time. Wilberth. El 23/02/2012 05:21 p.m., Timo Sirainen escribió: On 24.2.2012, at 0.33, Wilberth Perez wrote: Does any one , knows if is possible configure dovecot for limit max number of connections for IP address? I would like to prevent future fork-bombing attacks for pop3 and imap login process in my email server. Our dovecot version is : 1.2.10 There is mail_max_userip_connections setting which limits IP+username combination. Typically that should be enough to prevent fork bombing, because users normally don't have more than one account. Or you mean when some IP keeps connecting even without actually loggin in? http://wiki.dovecot.org/LoginProcess has some settings related to this, which should normally be quite helpful if the limits are right. smime.p7s Description: Firma criptográfica S/MIME
Re: [Dovecot] From Maildir back to smtp
On 2/24/2012 4:18 AM, Charles Marcus wrote: On 23/02/2012 21:41, Marc Perkel wrote: Not sure how this can be done. Right now I'm running a free backup MX record service. People point their high MX records to my servers and if they go down we store the email. When they come back up it's delivered. What I want to do is have a premium service that would allow them to view through IMAP the stored email. In order to do that I would have to deliver the email locally to a dovecot server - to a single account perhaps - and they can view/forward/delete etc. But - when their server comes back online I'd like to gather up all the delivered email stored in Maildir format and run it back into smtp for delivery. I'm thinking it would be possible to use dsync for this? Ideally you would have to have a way to maintain a duplicate of the AUTH database, so that users could use their current passwords for accessing it (this would obviously require the approval and cooperation of whoever you are providing this service to), but this way you could store each users mail individually and provide relatively painless access (since all each user would need to know is the backup host name and their username/password). You'd have to configure a script on your end to: 1. determine a reliable way to differentiate between a temp-fail situation on the primary (in which case you just act as a normal backup MX), or an extended outage (15 minutes? 1 hour? I'd probably let the customer decide this one), which would determine when you start actually taking delivery of their mail to the 'standby' server 2. monitor for when the primary comes back online 3. wait xx interval to make sure the primary stays up (again, I'd let the customer decide this, but with a sane minimum that you define) 4. once the primary stays up for the required interval, dsync a one way 'dump' of the stored mails, being sure to test for success - and this process would obviously have to take into account the possibility of the primary going down again in the middle of the dsync 5. mv successfully restored mails on the backup mx to a temp location for xx 'safety' interval 'just in case' 6. delete the backed-up/stored mail that has been successfully dsync'd after the safety interval has elapsed I was wondering if I could just gather up the maildir files, reprocess them into batch SMTP format and run them back into Exim?
Re: [Dovecot] iPhone and custom imap folders problem
Adam Szpakowski a...@3a.pl wrote on 24.2.2012 17:46:02: On 24.02.2012 15:47, Charles Marcus wrote: On 2012-02-24 9:22 AM, Przemysław.Orzechowski przemek.orzechow...@makolab.pl wrote: Im using Dovecot 1.0.10 Very old - an upgrade would likeley fix your problems... A client of mine using iPhone1 has the same problem on Dovecot 2.0.15. Only inbox is synced automatically. -- Adam Szpakowski So the solution is simple go bug Apple. Oh yeah. they say if something isn't implemented on Apple platform or it doesn't work, then you don't need it, because their devs know what's best for their users. Regards, M
[Dovecot] remove messages once downloaded
I need some help with the dovecot configuration. I want to remove downloaded messages from Mail Server once the messages have been successfully downloaded by pop3-clients, even when the clients have been configured to save copy of messages in the Server. thanks, Julio
[Dovecot] dsync 2.0.x versus 2.1.x field report
Hi -- I used to run two mailservers with identical MX priorities (poor man's fail-over approach) with Maildir mail folders accessed by Dovecot. Synchronization has been achieved using unison, mirroring all files except dovecot index files. Once in a while some oddities could be observed, like reappearing of deleted mails, duplicates and such alike. But the all-over performance was quite good. Then I wanted to migrate to mdbox, and I became interested in dsync. I did start with 2.0.16 a couple of month ago, and recently upgraded to 2.0.18. My experience with the 2.0.x dsync version is as follows (synchronization time: every minute): -- As long as mail is not stored in corresponding mailboxes at both servers at the same time, all mailboxes become synchronized perfectly well, and no oddites like reappearing of deleted mails or generation of duplicates can be observed. -- If mail is stored into corresponding mailboxes at both servers simultaneously in between two synching runs, it gets worrying. -- If I do run dsync without '-f' those two mailboxes end up in becoming asynchronous. -- If I do run dsync with '-f' both mailboxes will become synchronized let's say in 95% of all synchronization runs. BUT in 5%, I do experience asynchronicity. Here a 'doveadm force-resync' sometimes works, but not always, what worries me a lot. -- I can see the missing mail in the mdbox storage file using UNIX' little helpers but not with the help of dovecot tools. (Or I was unable to use them properly.) -- Modifying MX priorities in a way, that I do now have a primary and backup mailserver scenario, very much reduced the risk of losing legitimate mail. -- But sometimes I do lose some syslog mail being produced at the same time. Therefore I modified runtimes in way to omit synchronicity. Ok, I could have lived with that, but I was anxious to learn, if 2.1.x dsync would perform better ;-) Here my observations sofar (synchronization time: every minute): -- No losses sofar using 'doveadm sync' with '-f' -- A *lot* of reappearing deleted mails or mails moved from one mailbox to the other. -- Quite often I am unable to delete those mails using client functionality (Mail.app, Roundcube). -- In those cases one needs to stop synchronization, run 'doveadm force-resync', delete all reappearing mail (quite a lot sometimes), empty 'Deleted' folders, and finally run 'doveadm purge'. -- Running of 'doveadm sync' without '-f' doesn't improve the situation. Still I do have to struggle with reappearing mails, and sometimes with appearing duplicates. -- I do have a test setup running for 24 hours now, where I do generate test mails in a 6 minutes interval at both servers. Mails become synchronized perfectly well, irrespectively if '-f' is set or not. This is a major improvement to 2.0x. dsync (sofar). -- But running the synchronization without '-f' still shows a *lot* of reappering mail, though. I do have the feeling that dsync became very much improved with regard to missing mail in synchronization, good. But those reappearing mails make me think about switching back to 2.0.x dsync and live with the drawback of preventing mail to arrive synchronously at both servers. Is someone out there experiencing a similar behaviour with dsync 2.1.x regarding reappearing, thus indelible mail? Regards, Michael
Re: [Dovecot] How to limit max number of connections for ip address
On 2012-02-24 10:07 AM, Wilberth Perez wilberth.pe...@uady.mx wrote: My question was because constantly we received brute force attack from some of ip address which uses pop3 service to affect dovecot's login proccess. This is quickly becoming an FAQ... If this is linux, and these attacks are from the *same* IP address(es) (sounds like that is the case), then your best option is something like fail2ban. If, however, they are from bots that change IP address each time, fail2ban won't be effective... -- Best regards, Charles
Re: [Dovecot] How to achieve proper privilege separation?
It was probably caused by a bug already corrected. And not by dovecot. commit 4fd554e3a097b22c5049fcdc423897477deff5ef Author: Brad Spengler spen...@grsecurity.net Date: Mon Feb 20 09:17:57 2012 -0500 Fix wrong logic on capability checks for switching roles, broke policies Thanks to Richard Kojedzinszky for reporting I'll test it with an updated kernel containing the fix. Thx: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2012.Február 24.(P) 00:28 időpontban Timo Sirainen ezt írta: On 24.2.2012, at 1.26, Timo Sirainen wrote: On 23.2.2012, at 21.56, Tóth Attila wrote: In the mean time I've upgraded to 2.1. I've enabled debug logging and logged in. I suspect that hardening features can be blamed for my problem. After booting a previous kernel the behavior was reverted. OK. BTW. It would be interesting to know if the attached patch causes it to fail with the hardening patches.
[Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5
Greetings, This email is both a request for assistance/help and a heads-up. [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll. After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure. dovecot: imap-login: Disconnected (no auth attempts): rip=a.a.a.a, lip=b.b.b.b, TLS handshaking: Disconnected dovecot: pop3-login: Disconnected (no auth attempts): rip=a.a.a.a, lip=b.b.b.b, TLS handshaking: Disconnected dovecot: pop3-login: Panic: epoll_ctl(add, 6) failed: Invalid argument dovecot: pop3-login: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baa0] - /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baf6] - /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543afb3] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x118) [0x3cb5447708] - /usr/lib64/dovecot/libdovecot.so.0(io_add+0xa5) [0x3cb5446e15] - /usr/lib64/dovecot/libdovecot.so.0(master_service_init_finish+0x1c6) [0x3cb54355a6] - /usr/lib64/dovecot/libdovecot-login.so.0(main+0x136) [0x37a000bdf6] - /lib64/libc.so.6(__libc_start_main+0xf4) [0x3cb301d994] - dovecot/pop3-login(main+0x49) [0x401b99] dovecot: master: Error: service(pop3-login): child 27603 killed with signal 6 (core not dumped - add -D parameter to service pop3-login { executable } dovecot: master: Error: service(pop3-login): command startup failed, throttling dovecot: imap-login: Panic: epoll_ctl(add, 6) failed: Invalid argument dovecot: imap-login: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baa0] - /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baf6] - /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543afb3] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x118) [0x3cb5447708] - /usr/lib64/dovecot/libdovecot.so.0(io_add+0xa5) [0x3cb5446e15] - /usr/lib64/dovecot/libdovecot.so.0(master_service_init_finish+0x1c6) [0x3cb54355a6] - /usr/lib64/dovecot/libdovecot-login.so.0(main+0x136) [0x37a000bdf6] - /lib64/libc.so.6(__libc_start_main+0xf4) [0x3cb301d994] - dovecot/imap-login(main+0x39) [0x402069] dovecot: master: Error: service(imap-login): child 27604 killed with signal 6 (core not dumped - add -D parameter to service imap-login { executable } Once this patch was removed, everything started working again. Is it possible that dovecot is trying to re-add already-added connections to the polling list - which this specific 'patch' prevents? We haven't dug deeper yet, but the error is being thrown from the method io_loop_handle_add in ioloop-epoll.c http://hg.dovecot.org/dovecot-2.0/file/aa8dfa085a99/src/lib/ioloop-epoll.c Thanks Doug
Re: [Dovecot] How to limit max number of connections for ip address
On 24.2.2012, at 17.07, Wilberth Perez wrote: My question was because constantly we received brute force attack from some of ip address which uses pop3 service to affect dovecot's login proccess. For example: dovecot: Error: pipe() failed: Too many open files dovecot: Error: Temporary failure in creating login processes, slowing down for now This is your main problem. Increase ulimit -n so Dovecot won't stop creating login processes (or alternatively decrease the max number of login processes). Newer Dovecot versions warn at startup if the fd limit is too low.
Re: [Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5
On 25.2.2012, at 0.49, Doug Henderson wrote: [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll. After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure. I'd guess this patch is already in new Linux kernel versions, so other people should have seen any problems caused by it? dovecot: pop3-login: Panic: epoll_ctl(add, 6) failed: Invalid argument .. Once this patch was removed, everything started working again. Is it possible that dovecot is trying to re-add already-added connections to the polling list - which this specific 'patch' prevents? It shouldn't be possible .. EPOLL_CTL_ADD is done only once, EPOLL_CTL_MOD is done afterwards. And if the same fd is attempted to be added/modded twice, Dovecot should assert-crash first in ioloop_iolist_add().
Re: [Dovecot] remove messages once downloaded
On 24.2.2012, at 19.44, julio...@fisica.uh.cu wrote: I need some help with the dovecot configuration. I want to remove downloaded messages from Mail Server once the messages have been successfully downloaded by pop3-clients, even when the clients have been configured to save copy of messages in the Server. Not possible.
Re: [Dovecot] Mail delivery to subfolders via address extension, and prefered lda method
On 24.2.2012, at 18.26, Micha Krause wrote: I want to deliver mails directly to subfolders, based on address extensions. .. I was able to reproduce this with exim and dovecot-lda: command = /usr/lib/dovecot/dovecot-lda -e -m INBOX.${substr_1:$local_part_suffix} But I was wondering if I could do this within dovecot, which would enable me to use LMTP instead of dovecot-lda. lmtp_save_to_detail_mailbox = yes Which brings me to my second question: Which method is better for dovecot, lda or LMTP? LMTP is often easier to setup and faster.
Re: [Dovecot] Maildir migration: Courier-imap 4.4.3 to Dovecot 1.2.
On 24.2.2012, at 17.20, Rafał Radecki wrote: I am currently gathering information about migration of Maildir/ structures from Courier to Dovecot. What do you think about http://wiki.dovecot.org/Migration/Courier ? For each courier Maildir account I want to use http://www.dovecot.org/tools/courier-dovecot-migrate.pl to produce dovecot-uidlist file mv courierimapsubscribed subscriptions sed sed -i 's/INBOX\.//' subscriptions The migration script migrates subscriptions, so those shouldn't be necessary. rm -r courierimaphieracl rm courierimapacl You don't mind losing any ACLs? I want also to leave default pop3_uidl_format (%08Xu%08Xv) in dovecot.conf That might cause your POP3 clients to redownload mails (or maybe not, I can't remember exactly how the script works).
[Dovecot] remove messages once downloaded
I need some help with the dovecot configuration. I want to remove downloaded messages from Mail Server once the messages have been successfully downloaded by pop3-clients, even when the clients have been configured to save copy of messages in the Server. timo is quite correct -- consider imap instead, that's why the protocol exists.
[Dovecot] upgrade to dovecot 2.1.1 any question
hi guys hi master of Fu hi Timo I am having problems to migrate to dovecot dovecot 2.0.18 to 2.1.1 I encounter fatal errors. I created it myself rpms available here http://ns.fakessh.eu/rpms/dovecot-2.1.1-1.centme.el5.src.rpm I can not run dovecot with this config file like this http://ns.fakessh.eu/rpms/dovecot-2.1.1-1.centme.el5.src.rpm i run this config ks3 ~]# dovecot -n # 2.0.18: /etc/dovecot/dovecot.conf # OS: Linux 2.6.31.5--rt14-ipv6-32 i686 CentOS release 5.7 (Final) auth_mechanisms = plain login base_dir = /var/run/dovecot/ lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = [::] log_path = /var/log/maillog log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = user=%u method=%m rip=%r lip=%l %c mail_debug = yes mail_location = maildir:~/Maildir mail_max_userip_connections = 30 mail_plugins = quota trash zlib managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest namespace { inbox = yes location = prefix = separator = . } passdb { driver = pam } plugin { antispam_mail_notspam = --ham antispam_mail_sendmail = /usr/bin/sa-learn antispam_mail_sendmail_args = --username=%u antispam_mail_spam = --spam antispam_mail_tmpdir = /tmp antispam_signature = X-Spam-Flag antispam_signature_missing = move antispam_spam = SPAM;Spam;spam;Junk;junk antispam_trash = trash;Trash;Deleted Items;Deleted Messages autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts deleted_to_trash_folder = Trash plugin = $mail_plugins autocreate managesieve sieve quota quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://www.fakessh.eu/over_quota_help.html for instructions on how to fix this. quota_rule = *:storage=10GB quota_rule2 = Trash:storage=+10% quota_rule3 = Spam:storage=+20% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /var/sieve-scripts/roundcube.sieve sieve_dir = ~/sieve sieve_global_path = whatever trash = /etc/dovecot/dovecot-trash.conf.ext zlib_save = bz2 zlib_save_level = 9 } protocols = sieve imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } unix_listener auth-master { mode = 0666 } unix_listener auth-userdb { mode = 0666 } vsz_limit = 64 M } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = * , [::] port = 993 } process_limit = 1 vsz_limit = 64 M } service imap { client_limit = 1024 service_count = 0 } service managesieve-login { inet_listener managesieve-login { address = * , [::] port = 2000 } process_limit = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = * , [::] port = 995 } process_limit = 1 vsz_limit = 64 M } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mail } user = dovecot } ssl_ca = /etc/pki/tls/certs/class3.crt ssl_cert = /etc/pki/tls/certs/ks3.kimsufi.com.cert ssl_key = /etc/pki/tls/private/ks3.kimsufi.com.key ssl_verify_client_cert = yes userdb { driver = passwd } userdb { driver = passwd } version_ignore = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep imap_max_line_length = 64 k mail_plugins = quota trash zlib autocreate quota imap_quota zlib antispam imap_zlib } protocol pop3 { mail_plugins = autocreate quota quota autocreate zlib deleted_to_trash pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol lda { hostname = r13151.ovh.net info_log_path = log_path = mail_plugins = autocreate sieve quota postmaster_address = postmas...@fakessh.eu sendmail_path = /usr/lib/sendmail } protocol sieve { managesieve_implementation_string = dovecot managesieve_logout_format = bytes ( in=%i : out=%o ) managesieve_max_line_length = 65536 } -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting https://lists.fakessh.eu/mailman/ This list is moderated by me, but all applications will be accepted provided they receive a note of presentation signature.asc Description: Ceci est une partie de message numériquement signée
Re: [Dovecot] Apple od/ad authentication problem
The correct answer was in the log file. Behind a NAT you have to set login_trusted_networks = internal/24 externalIP - Troy On Feb 24, 2012, at 10:11 AM, Dennis Guhl d...@dguhl.org wrote: On Fri, Feb 24, 2012 at 08:55:57AM -0500, Troy Shafer wrote: Hello all. Im pretty new to dovecot and postfix world. I'm completely stumped. OS X 10.7.3, behind a Cisco asa NAT. Deactivate the SMTP improvements your ASA helpfully provide. Dennis [..]
Re: [Dovecot] upgrade to dovecot 2.1.1 any question
On 25.2.2012, at 4.42, ml wrote: I am having problems to migrate to dovecot dovecot 2.0.18 to 2.1.1 I encounter fatal errors. And what are the error messages?
Re: [Dovecot] upgrade to dovecot 2.1.1 any question
Le samedi 25 février 2012 à 04:49 +0200, Timo Sirainen a écrit : On 25.2.2012, at 4.42, ml wrote: I am having problems to migrate to dovecot dovecot 2.0.18 to 2.1.1 I encounter fatal errors. And what are the error messages? 2012-02-25 04:29:44imap(fakessh): Fatal: master: service(imap): child 15407 killed with signal 11 (core dumps disabled) my current config ks3 i386]# dovecot -n # 2.0.18: /etc/dovecot/dovecot.conf # OS: Linux 2.6.31.5--rt14-ipv6-32 i686 CentOS release 5.7 (Final) auth_mechanisms = plain login base_dir = /var/run/dovecot/ lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = [::] log_path = /var/log/maillog log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = user=%u method=%m rip=%r lip=%l %c mail_debug = yes mail_location = maildir:~/Maildir mail_max_userip_connections = 30 mail_plugins = quota trash zlib managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest namespace { inbox = yes location = prefix = separator = . } passdb { driver = pam } plugin { antispam_mail_notspam = --ham antispam_mail_sendmail = /usr/bin/sa-learn antispam_mail_sendmail_args = --username=%u antispam_mail_spam = --spam antispam_mail_tmpdir = /tmp antispam_signature = X-Spam-Flag antispam_signature_missing = move antispam_spam = SPAM;Spam;spam;Junk;junk antispam_trash = trash;Trash;Deleted Items;Deleted Messages autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts deleted_to_trash_folder = Trash plugin = $mail_plugins autocreate managesieve sieve quota quota = maildir:User quota quota_exceeded_message = Quota exceeded, please go to http://www.fakessh.eu/over_quota_help.html for instructions on how to fix this. quota_rule = *:storage=10GB quota_rule2 = Trash:storage=+10% quota_rule3 = Spam:storage=+20% quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_before = /var/sieve-scripts/roundcube.sieve sieve_dir = ~/sieve sieve_global_path = whatever trash = /etc/dovecot/dovecot-trash.conf.ext zlib_save = bz2 zlib_save_level = 9 } protocols = sieve imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } unix_listener auth-master { mode = 0666 } unix_listener auth-userdb { mode = 0666 } vsz_limit = 64 M } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = * , [::] port = 993 } process_limit = 128 vsz_limit = 64 M } service imap { client_limit = 1 service_count = 0 } service managesieve-login { inet_listener managesieve-login { address = * , [::] port = 2000 } process_limit = 128 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { address = * , [::] port = 995 } process_limit = 128 vsz_limit = 64 M } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mail } user = dovecot } ssl_ca = /etc/pki/tls/certs/class3.crt ssl_cert = /etc/pki/tls/certs/ks3.kimsufi.com.cert ssl_key = /etc/pki/tls/private/ks3.kimsufi.com.key ssl_verify_client_cert = yes userdb { driver = passwd } userdb { driver = passwd } version_ignore = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep imap_max_line_length = 64 k mail_plugins = quota trash zlib autocreate quota imap_quota zlib antispam imap_zlib } protocol pop3 { mail_plugins = autocreate quota quota autocreate zlib deleted_to_trash pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s } protocol lda { hostname = r13151.ovh.net info_log_path = log_path = mail_plugins = autocreate sieve quota postmaster_address = postmas...@fakessh.eu sendmail_path = /usr/lib/sendmail } protocol sieve { managesieve_implementation_string = dovecot managesieve_logout_format = bytes ( in=%i : out=%o ) managesieve_max_line_length = 65536 } -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting https://lists.fakessh.eu/mailman/ This list is moderated by me, but all applications will be accepted provided they receive a note of presentation signature.asc Description: Ceci est une partie de message numériquement
Re: [Dovecot] upgrade to dovecot 2.1.1 any question
On 25.2.2012, at 5.32, ml wrote: Le samedi 25 février 2012 à 04:49 +0200, Timo Sirainen a écrit : On 25.2.2012, at 4.42, ml wrote: I am having problems to migrate to dovecot dovecot 2.0.18 to 2.1.1 I encounter fatal errors. And what are the error messages? 2012-02-25 04:29:44imap(fakessh): Fatal: master: service(imap): child 15407 killed with signal 11 (core dumps disabled) Try if it starts up without antispam plugin enabled? If not, gdb backtrace would be helpful: http://dovecot.org/bugreport.html
[Dovecot] Proxying improvements in v2.1.2
I just committed a couple of features that will make life easier for some types of proxying setups: 1. IMAP proxying has already for a while supported sending local/remote IP/port to backend server, which can use it for logging and other purposes. I've now implemented this for POP3 as well, although only the remote IP/port is forwarded, not local IP/port. I implemented this also for LMTP in v2.2 tree, but haven't bothered to backport that change. Both POP3 and LMTP uses XCLIENT command that is compatible to Postfix's (XCLIENT ADDR=1.2.3.4 PORT=110). 2. proxy_maybe=yes + host=host.example.com actually works now. As long as host.example.com DNS lookup returns one IP that belongs to the current server the proxying is skipped. 3. auth_proxy_self = 1.2.3.4 setting means that if proxy_maybe=yes and host=1.2.3.4 then Dovecot assumes that this is a local login and won't proxy it, even if 1.2.3.4 isn't the actual local IP. This can be helpful if the host field contains load balancer's IP address instead of the server's. You can add more than one IP (space separated) and of course everything related to this works just as well with hostnames as with IPs (even when hostname expands to multiple IPs).
Re: [Dovecot] upgrade to dovecot 2.1.1 any question
Le samedi 25 février 2012 à 05:45 +0200, Timo Sirainen a écrit : On 25.2.2012, at 5.32, ml wrote: Le samedi 25 février 2012 à 04:49 +0200, Timo Sirainen a écrit : On 25.2.2012, at 4.42, ml wrote: I am having problems to migrate to dovecot dovecot 2.0.18 to 2.1.1 I encounter fatal errors. And what are the error messages? 2012-02-25 04:29:44imap(fakessh): Fatal: master: service(imap): child 15407 killed with signal 11 (core dumps disabled) Try if it starts up without antispam plugin enabled? If not, gdb backtrace would be helpful: http://dovecot.org/bugreport.html I have not succeeded well I got a son of fakessh I attached with gdb-p but bt full no me back stack my poor english -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting https://lists.fakessh.eu/mailman/ This list is moderated by me, but all applications will be accepted provided they receive a note of presentation signature.asc Description: Ceci est une partie de message numériquement signée
Re: [Dovecot] Proxying improvements in v2.1.2
On 25.2.2012, at 5.54, Timo Sirainen wrote: I just committed a couple of features that will make life easier for some types of proxying setups: Oh, and: 4. Added proxy_always=y passdb field. When used with proxy_maybe=y you can create a setup where the connections are proxied to either * when user's host matches locally, director assigns a local backend's host for the connection * when user's host doesn't match locally, Dovecot connects to that host So basically you can have a bunch of Dovecot cluster installations behind different load balancer IPs, and have all of the Dovecot proxies redirect the connection to the proper cluster's load balancer, or if it's for a local cluster then redirect to one of the backends. 5. Currently in v2.2 only, could be backported if needed: Added TTL for the proxy connections, so in case two clusters both think the other one should be handling the connection they won't end up creating thousands of connections to each others until finally failing when login process limits are reached. The hard coded TTL is 5, should be more than enough.
Re: [Dovecot] upgrade to dovecot 2.1.1 any question
On 25.2.2012, at 6.51, ml wrote: Try if it starts up without antispam plugin enabled? If not, gdb backtrace would be helpful: http://dovecot.org/bugreport.html I have not succeeded well I got a son of fakessh I attached with gdb-p but bt full no me back stack Did you try without antispam plugin? My guess is that is the reason it crashes. Or if it still crashes, try disabling all plugins.
[Dovecot] Solr not indexing
What did I do wrong to make this happen? doveadm(dmil...@amfes.com): Debug: fts: Indexes disabled for namespace 'shared/%n/' doveadm -D fts rescan -u dmil...@amfes.com doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib20_fts_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib21_fts_solr_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so doveadm(dmil...@amfes.com): Debug: Added userdb setting: mail=mdbox:/var/mail/amfes.com/dmiller/mdbox doveadm(dmil...@amfes.com): Debug: Added userdb setting: plugin/acl_groups='allshared' doveadm(dmil...@amfes.com): Debug: Effective uid=5000, gid=8, home=/var/mail/amfes.com/dmiller doveadm(dmil...@amfes.com): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/mail/amfes.com/dmiller/mdbox doveadm(dmil...@amfes.com): Debug: fs: root=/var/mail/amfes.com/dmiller/mdbox, index=, control=, inbox=, alt= doveadm(dmil...@amfes.com): Debug: Namespace : Using permissions from /var/mail/amfes.com/dmiller/mdbox: mode=0700 gid=-1 doveadm(dmil...@amfes.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 doveadm(dmil...@amfes.com): Debug: acl: acl username = dmil...@amfes.com doveadm(dmil...@amfes.com): Debug: acl: owner = 1 doveadm(dmil...@amfes.com): Debug: acl vfile: Global ACL directory: /usr/local/etc/dovecot/global-acls doveadm(dmil...@amfes.com): Debug: Namespace : type=shared, prefix=shared/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:/var/mail/%d/%n/mdbox doveadm(dmil...@amfes.com): Debug: shared: root=/usr/local/var/run/dovecot, index=, control=, inbox=, alt= doveadm(dmil...@amfes.com): Debug: fts: Indexes disabled for namespace 'shared/%n/' doveadm(dmil...@amfes.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 doveadm(dmil...@amfes.com): Debug: acl: acl username = dmil...@amfes.com doveadm(dmil...@amfes.com): Debug: acl: owner = 0 doveadm(dmil...@amfes.com): Debug: acl vfile: Global ACL directory: /usr/local/etc/dovecot/global-acls -- Daniel
Re: [Dovecot] Solr not indexing
On 25.2.2012, at 8.09, Daniel L. Miller wrote: What did I do wrong to make this happen? doveadm(dmil...@amfes.com): Debug: fts: Indexes disabled for namespace 'shared/%n/' That's intentional. shared/%n/ namespace has no mails. Anyway, looks like doveadm fts rescan works only for fts-lucene currently..
Re: [Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5
On Feb 24, 2012, at 4:39 PM, Timo Sirainen wrote: On 25.2.2012, at 0.49, Doug Henderson wrote: [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll. After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure. I'd guess this patch is already in new Linux kernel versions, so other people should have seen any problems caused by it? Actually, it was only released a couple of days ago (2/21) by redhat for EL 5.8 see: https://rhn.redhat.com/errata/RHSA-2012-0150.html A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate) Our automated patching (ksplice) installed it at around 10am PST today. Other distributions may vary. dovecot: pop3-login: Panic: epoll_ctl(add, 6) failed: Invalid argument .. Once this patch was removed, everything started working again. Is it possible that dovecot is trying to re-add already-added connections to the polling list - which this specific 'patch' prevents? It shouldn't be possible .. EPOLL_CTL_ADD is done only once, EPOLL_CTL_MOD is done afterwards. And if the same fd is attempted to be added/modded twice, Dovecot should assert-crash first in ioloop_iolist_add(). We haven't spent enough time investigating to be sure, but epoll_ctl was certainly in the thick of it. The only outward evidence (in logs, even with debug turned on) that there was anything wrong with Dovecot at all was the Panic shown for that method. Dovecot may have been an innocent bystander in this case - but something was causing it to fail on inbound IMAP/POP3 connections, and when the patch was removed everything started working again.
Re: [Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5
On 25.2.2012, at 8.32, Doug Henderson wrote: [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll. After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure. I'd guess this patch is already in new Linux kernel versions, so other people should have seen any problems caused by it? Actually, it was only released a couple of days ago (2/21) by redhat for EL 5.8 see: https://rhn.redhat.com/errata/RHSA-2012-0150.html Yes, but CVE-2011-1083 shows it was reported almost a year ago, so I'd think it was fixed in upstream kernel a long time ago. I'm running in my desktop about 2 months old kernel (from git) and I don't see any problems with it. But yeah, maybe Redhat's patches did it differently than upstream kernel and it broke because of that..