Re: [Dovecot] replication howto
Hi -- On 15.03.2012 22:05, Timo Sirainen wrote: On 15.3.2012, at 22.48, Michael Grimm wrote: Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail. Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. Root has access to everyone's mail as well. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails. All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule). Regards, Michael
[Dovecot] Accessing maildir snapshots through dovecot
Hi, I'm currently having a fairly simple setup: - users (real, not virtual) - Maildir storage (over NFS) - 1 namespace I'm currently trying to render the storage snapshots available through dovecot (to allow my users to browse their mail history). dovecot.conf: namespace { inbox = yes location = prefix = INBOX. type = private } I did the following modifications: dovecot.conf: namespace snaps-h0 { prefix = INBOX.EmailBackup.h0. hidden = no list = yes inbox = no location = maildir:/home/.snapshot/hourly.0/%u/Maildir:INDEX=/var/tmp/dovecot/indexes/hourly.0/%u:CONTROL=/var/dovecot/control/hourly.0/%u type = private } Problem: I don't see the content of the inbox folder contained in the snapshots (subfolders are perfectly viewed). Do any of you have a clue on how to render it visible ? Thanks Laurent
Re: [Dovecot] bug uni_utf8_str_is_valid(vname)
On Mar 16, 2012, at 2:14 PM, Timo Sirainen wrote: On 16.3.2012, at 11.09, Jernej Porenta wrote: Mar 6 13:37:17 machine dovecot: imap(username): Panic: file mail-storage.c: line 628 (mailbox_alloc): assertion failed: (uni_utf8_str_is_valid(vname)) .. We tried version 2.1.2, which unfortunately does not fix the issue with weird characters. Whenever . LIST * is issued, dovecot crashes: Error: Raw backtrace: /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b54671eb870] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b54671eb8c6] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b54671ead83] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b5466f2a0e5] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b5466f376cc] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b5466f37846] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0(fs_list_iter_init+0x4b1) [0x2b5466f38241] - /opt/dovecot I don't think this is the same Panic as the original one? What is the Panic message now? Mar 19 10:56:35 server dovecot: imap-login: Login: user=user, method=PLAIN, rip=193.2.1.110, lip=193.2.1.83, mpid=14732, secured Mar 19 10:56:40 server dovecot: imap(user): Panic: file mail-storage.c: line 628 (mailbox_alloc): assertion failed: (uni_utf8_str_is_valid(vname)) Mar 19 10:56:40 server dovecot: imap(user): Error: Raw backtrace: /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a91610870] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a916108c6] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a9160fd83] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9134f0e5] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9135c6cc] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9135c846] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0(fs_list_iter_init+0x4b1) [0x2b7a9135d241] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0(mailbox_list_iter_init_multiple+0xec) [0x2b7a9135619c] - dovecot/imap [0x40bbb6] - dovecot/imap(cmd_list_full+0x520) [0x40c1f0] - dovecot/imap(cmd_list+0xb) [0x40c3eb] - dovecot/imap(command_exec+0x37) [0x410497] - dovecot/imap [0x40f4ed] - dovecot/imap [0x40f5a2] - dovecot/imap(client_handle_input+0x3f) [0x40f6ef] - dovecot/imap(client_input+0x62) [0x410072] - /opt Mar 19 10:56:40 server dovecot: imap(user): Fatal: master: service(imap): child 14732 killed with signal 6 (core dumps disabled) It is the same. We will try 2.1.3 today and report the results... Regards, Jernej
Re: [Dovecot] replication howto
Hi, i've a simple question, what do you mean for dovecot director setup? 'i've a doubt. The solution that i'm testing is using 3 mail server in different geoghrapic locations. An user can travel in varius location, and i want his imap mail reside on mail server in every locations. Sò i use you solution about replication. First server (by dns record) that receive mail sync it on the other servers, and when user consult is mail by imap protocol everything is sync on all servers. Do you suggest to use a horizontal structure for it like i explain or is better to have a single node external mail server and customer locations server like slave? Thank's Il 19 marzo 2012 09:35, Michael Grimm trash...@odo.in-berlin.de ha scritto: Hi -- On 15.03.2012 22:05, Timo Sirainen wrote: On 15.3.2012, at 22.48, Michael Grimm wrote: Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail. Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. Root has access to everyone's mail as well. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails. All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule). Regards, Michael -- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail. ** Ing. Matteo Cazzador Email: mcazza...@gmail.com **
[Dovecot] Building Dovecot RHEL RPMs with custom LDAP packages
Hi, We are (still) mainly using CentOS 5 (5.8 x86_64). As CentOS / RHEL 5 standard OpenLDAP packages are rather old (2.3.x), we've been using LTB OpenLDAP packages (http://ltb-project.org/wiki/download#openldap), which get installed in non-standard file system locations. So, I would like to re-build Dovecot packages based on these OpenLDAP libraries, esp. because I see that dovecot RPM packages are built using OpenLDAP v2.3 libraries. I am not much experienced in building RPMs and preparing spec files. In http://dl.atrpms.net/all/dovecot.spec I see: BuildRequires: openldap-devel, cyrus-sasl-devel ... Obsoletes: %{name}-pgsql %{epoch}:%{version}-%{release}, %{name}-mysql %{epoch}:%{version}-%{release}, %{name}-sqlite %{epoch}:%{version}-%{release}, %{name}-ldap %{epoch}:%{version}-%{release}, $ Conflicts: %{name}-pgsql %{epoch}:%{version}-%{release}, %{name}-mysql %{epoch}:%{version}-%{release}, %{name}-sqlite %{epoch}:%{version}-%{release}, %{name}-ldap %{epoch}:%{version}-%{release}, $ So, I can change the former reference (openldap-devel) to: openldap-ltb-debuginfo, cyrus-sasl-devel Question 1: What other changes should we make in order to specify that we will be using LDAP libraries from: /usr/local/openldap/lib64 and include files from: /usr/local/openldap/include (rather than from /usr/lib64 and /usr/include, respectively, which are the standard file paths used in openldap-devel) Question 2: How the Obsoletes and Conflicts lines should be changed? Question 3: It seems to me (by reading the spec file) that the final Dovecot RPM (and the included executables) does not need any LDAP dynamic library in order to run with LDAP support (because I don't see any dependencies on openldap package). Can somebody please confirm? Any other associated info would be appreciated. Thanks, Nick
Re: [Dovecot] replication howto
On Mon, Mar 19, 2012 at 09:35:34AM +0100, Michael Grimm wrote: On 15.03.2012 22:05, Timo Sirainen wrote: On 15.3.2012, at 22.48, Michael Grimm wrote: Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail. Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. Root has access to everyone's mail as well. I think you are missing the point, that being: if all your mail are belong to vmail, somebody set up us the bomb if the vmail account is compromised. (Obviously that's true with a root compromise as well, but that is unavoidable. Effects of a root compromise can be limited with technologies like Apparmor and SELinux, but that is difficult to configure properly and only provides limited benefit: compromised root can do everything real root was allowed to do.) The point is: vmail has added a SECOND vulnerable point from which disaster can ensue. If mailbox ownership is distributed among multiple UID/GID, compromise of any one of those only endangers the mails to which it had access. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails. All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule). Sure, but there too, all your email eggs are in the vmail basket. No, disaster is not imminent nor even likely to ensue, but the fact stands that you and millions of other virtual-only sites do have this additional potential vulnerability. It is well supported in Dovecot to be able to use a unique UID and GID for every virtual mailbox, but management of such a system presents more challenges than the single-vmail-user approach. Consequently the popular virtual frontends don't support it. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
[Dovecot] Problem with sieve
Hello List! I have a tiny-teeny problem with dovecot + sieve: it seems that the LDA doesn't run sieve, and thus doesn't filter my emails. Here's the sieve configuration: plugin { # Used by both the Sieve plugin and the ManageSieve protocol sieve=/var/local/vmail/%n/dovecot.sieve sieve_dir=/var/local/vmail/%n/sieve sieve_extensions = +notify +imapflags } The managesiege: protocol managesieve { # Specify an alternative address:port the daemon must listen on # (default: *:2000) listen = localhost:2000 managesieve_logout_format = bytes ( in=%i : out=%o ) } (this one is working fine, I can edit the filters through roundcube webmail, and the correct file (/var/local/vmail/%n/dovecot.sieve) is edited) the lda part: protocol lda { postmaster_address = f...@bar.com mail_plugins = sieve } I think all is in place to allow dovecot to use sieve... ? One more thing: dovecot --version 1.2.15 Any help will be welcomed :). Thanks in advance ! Cheers, C.
Re: [Dovecot] Problem with sieve
2012/3/19 Cédric Jeanneret cjeanne...@internux.ch Hello List! I have a tiny-teeny problem with dovecot + sieve: it seems that the LDA doesn't run sieve, and thus doesn't filter my emails. Here's the sieve configuration: plugin { # Used by both the Sieve plugin and the ManageSieve protocol sieve=/var/local/vmail/%n/**dovecot.sieve sieve_dir=/var/local/vmail/%n/**sieve sieve_extensions = +notify +imapflags } The managesiege: protocol managesieve { # Specify an alternative address:port the daemon must listen on # (default: *:2000) listen = localhost:2000 managesieve_logout_format = bytes ( in=%i : out=%o ) } (this one is working fine, I can edit the filters through roundcube webmail, and the correct file (/var/local/vmail/%n/dovecot.**sieve) is edited) the lda part: protocol lda { postmaster_address = f...@bar.com mail_plugins = sieve } I think all is in place to allow dovecot to use sieve... ? One more thing: dovecot --version 1.2.15 Any help will be welcomed :). Thanks in advance ! Cheers, C. Have you checked the MTA configuration. Does it use dovecot's LDA ? Antoine
Re: [Dovecot] Building Dovecot RHEL RPMs with custom LDAP packages
On Mon, Mar 19, 2012 at 01:20:22PM +0200, Nikolaos Milas wrote: We are (still) mainly using CentOS 5 (5.8 x86_64). As CentOS / RHEL 5 standard OpenLDAP packages are rather old (2.3.x), we've been using LTB OpenLDAP packages (http://ltb-project.org/wiki/download#openldap), which get installed in non-standard file system locations. ISTM that herein lies the whole problem. Why did you not rpmbuild your OpenLDAP? That would have avoided all further fuss. Another observation I can offer, unwelcome as it may be: your OS choice was not a good one when you want the features of recent software. Perhaps you should rethink that choice. You have invested much effort in this task. So, I would like to re-build Dovecot packages based on these OpenLDAP libraries, esp. because I see that dovecot RPM packages are built using OpenLDAP v2.3 libraries. I am not much experienced in building RPMs and preparing spec files. And that is really more a question for a CentOS forum than here. In http://dl.atrpms.net/all/dovecot.spec I see: BuildRequires: openldap-devel, cyrus-sasl-devel The latter requirement seems curious to me. In what way does Dovecot use Cyrus SASL? -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: [Dovecot] bug uni_utf8_str_is_valid(vname)
On Mar 19, 2012, at 10:58 AM, Jernej Porenta wrote: Mar 19 10:56:35 server dovecot: imap-login: Login: user=user, method=PLAIN, rip=193.2.1.110, lip=193.2.1.83, mpid=14732, secured Mar 19 10:56:40 server dovecot: imap(user): Panic: file mail-storage.c: line 628 (mailbox_alloc): assertion failed: (uni_utf8_str_is_valid(vname)) Mar 19 10:56:40 server dovecot: imap(user): Error: Raw backtrace: /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a91610870] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a916108c6] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot.so.0 [0x2b7a9160fd83] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9134f0e5] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9135c6cc] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0 [0x2b7a9135c846] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0(fs_list_iter_init+0x4b1) [0x2b7a9135d241] - /opt/dovecot-2.1.2/lib/dovecot/libdovecot-storage.so.0(mailbox_list_iter_init_multiple+0xec) [0x2b7a9135619c] - dovecot/imap [0x40bbb6] - dovecot/imap(cmd_list_full+0x520) [0x40c1f0] - dovecot/imap(cmd_list+0xb) [0x40c3eb] - dovecot/imap(command_exec+0x37) [0x410497] - dovecot/imap [0x40f4ed] - dovecot/imap [0x40f5a2] - dovecot/imap(client_handle_input+0x3f) [0x40f6ef] - dovecot/imap(client_input+0x62) [0x410072] - /opt Mar 19 10:56:40 server dovecot: imap(user): Fatal: master: service(imap): child 14732 killed with signal 6 (core dumps disabled) It is the same. We will try 2.1.3 today and report the results... Same thing with 2.1.3 (. LIST *): Mar 19 14:08:59 server dovecot: imap-login: Login: user=username, method=PLAIN, rip=193.2.1.110, lip=193.2.1.83, mpid=28438, secured Mar 19 14:09:04 server dovecot: imap(username): Panic: file mail-storage.c: line 628 (mailbox_alloc): assertion failed: (uni_utf8_str_is_valid(vname)) Mar 19 14:09:04 server dovecot: imap(username): Error: Raw backtrace: /opt/dovecot-2.1.3/lib/dovecot/libdovecot.so.0 [0x2ae071811870] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot.so.0 [0x2ae0718118c6] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot.so.0 [0x2ae071810d83] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot-storage.so.0 [0x2ae0715500c5] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot-storage.so.0 [0x2ae07155d6ac] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot-storage.so.0 [0x2ae07155d826] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot-storage.so.0(fs_list_iter_init+0x4b1) [0x2ae07155e221] - /opt/dovecot-2.1.3/lib/dovecot/libdovecot-storage.so.0(mailbox_list_iter_init_multiple+0xec) [0x2ae07155717c] - dovecot/imap [0x40bbb6] - dovecot/imap(cmd_list_full+0x520) [0x40c1f0] - dovecot/imap(cmd_list+0xb) [0x40c3eb] - dovecot/imap(command_exec+0x37) [0x410497] - dovecot/imap [0x40f4ed] - dovecot/imap [0x40f5a2] - dovecot/imap(client_handle_input+0x3f) [0x40f6ef] - dovecot/imap(client_input+0x62) [0x410072] - /opt Mar 19 14:09:04 server dovecot: imap(username): Fatal: master: service(imap): child 28438 killed with signal 6 (core dumps disabled) The home directory of the username is tar.gzipped here: http://www2.arnes.si/~krklubsls13/username.tar.gz # dovecot -n # 2.1.3: /opt/dovecot-2.1.3/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-274.17.1.el5 x86_64 CentOS release 5.7 (Final) default_login_user = nobody disable_plaintext_auth = no login_greeting = Server ready. login_trusted_networks = x.y.z.p/32 mail_location = mbox:~/:INBOX=%h/.mailbox:INDEX=/opt/dovecot2-indexes/%1u/%u mail_plugins = quota mail_privileged_group = dovecot mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = separator = / type = private } passdb { args = session=yes dovecot driver = pam } plugin { quota = fs } protocols = imap pop3 service imap-login { inet_listener imap { port = 143 } inet_listener imaps { ssl = no } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { ssl = no } } ssl = no userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_max_userip_connections = 15 mail_plugins = quota imap_quota } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } Regards, Jernej
Re: [Dovecot] Building Dovecot RHEL RPMs with custom LDAP packages
On 19/3/2012 2:32 μμ, /dev/rob0 wrote: ISTM that herein lies the whole problem. Why did you not rpmbuild your OpenLDAP? That would have avoided all further fuss. Thanks for the reply. First, how would I rpmbuild my openldap v2.4.x as a standard CentOS 5 package (i.e. replacing native openldap-2.3.43-25)? If I were more experienced, I could have tried to engineer openldap-2.3.43-25.el5.src.rpm to upgrade the system to use 2.4.x... But still, I haven't seen any OpenLDAP packages attempting to do so, probably because of the tight integration of CentOS with some openldap v2.3 libraries. I think it's good that third-party packages (even of the same software) give the ability to not mess with standard system. The same is true for reputable Symas OpenLDAP packages. So, I simply use LTB OpenLDAP, even though it's installed at non-standard locations. (This has an added benefit of easy migration. You can setup any/all of those on the same system and decide which one to enable at any time.) Another observation I can offer, unwelcome as it may be: your OS choice was not a good one when you want the features of recent software. Perhaps you should rethink that choice. You have invested much effort in this task. I like CentOS from many aspects as an enterprise server OS. I wouldn't change it. Yet, it's important to me to be able to build/combine non-standard packages. Even with CentOS 6, I would still continue to use LTB OpenLDAP for a number of reasons. It's true that I've invested much effort in this task, but mostly because my knowledge on this subject is very basic. Note that Dovecot RPM works fine as is (compiled with OpenLDAP 2.3), i.e. there is no real need in re-building it using OpenLDAP 2.4 libs. We just try to make things better (and make our life a bit more difficult) :-) And that is really more a question for a CentOS forum than here. True, but I am hoping that there might be some Dovecot RHEL/CentOS packagers in this list, and that would help resolve issues more effectively, as it is a Dovecot-specific (even if for a package thereof) question. So, any help will be appreciated! The latter requirement seems curious to me. In what way does Dovecot use Cyrus SASL? Hmm, I can't tell. I hope atrpm packager(s), if present on this list, can provide some feedback. Thanks again, Nick
Re: [Dovecot] bug uni_utf8_str_is_valid(vname)
On Mon, 2012-03-19 at 14:27 +0100, Jernej Porenta wrote: Mar 19 10:56:40 server dovecot: imap(user): Panic: file mail-storage.c: line 628 (mailbox_alloc): assertion failed: (uni_utf8_str_is_valid(vname)) It is the same. We will try 2.1.3 today and report the results... The home directory of the username is tar.gzipped here: http://www2.arnes.si/~krklubsls13/username.tar.gz Thanks, fixed: http://hg.dovecot.org/dovecot-2.1/rev/c77fbfce438d
Re: [Dovecot] Accessing maildir snapshots through dovecot
On Mon, 2012-03-19 at 10:06 +0100, Laurent CARON wrote: I did the following modifications: dovecot.conf: namespace snaps-h0 { prefix = INBOX.EmailBackup.h0. hidden = no list = yes inbox = no location = maildir:/home/.snapshot/hourly.0/%u/Maildir:INDEX=/var/tmp/dovecot/indexes/hourly.0/%u:CONTROL=/var/dovecot/control/hourly.0/%u type = private } Problem: I don't see the content of the inbox folder contained in the snapshots (subfolders are perfectly viewed). Do any of you have a clue on how to render it visible ? So the INBOX mails would be in /home/.snapshot/hourly.0/%u/Maildir/{cur| new} directories? The INBOX should be accessible via the INBOX.EmailBackup.h0 folder itself. If it's not, you may need to use a newer Dovecot version.
Re: [Dovecot] Problem managing mbox
On Sat, 2012-03-17 at 20:42 +0100, PSTM wrote: Hello, I have a problem with dovecot. seems that do not erase mail that mail client request to be erased. Are you sure the clients have actually issued the EXPUNGE command, rather than simply marked the mail with \Deleted flag? And I have this errors: Error: Next message unexpectedly corrupted in mbox file Info: mbox code isn't perfect, but if this doesn't happen often it shouldn't matter much. doveconf -n output might have been helpful in giving more suggestions.
Re: [Dovecot] importing plain mboxes to dovecot maildirs
On Sat, 2012-03-17 at 18:29 +0100, Radim Kolar wrote: dsync(admin): Error: Failed to sync mailbox sent-mail-feb-2012: Mailbox GUIDs are not permanent without index files Well, you can work around if by letting it create indexes. Hm. Why exactly can't it create indexes? Do you have some setting disabling them? indexes never existed because these mboxes were never used by dovecot, its not conversion from one format to another, its import. Maybe open bug to add feature dsync import which will not depend on existing indexes? dsync doesn't need existing indexes, it wants to create indexes. If it can't because of e.g. permission issues, you should be able to work around it with: dsync mirror mbox:~/mail:INDEX=/tmp/indexes I might change dsync at some point to work even without permanent mailbox GUIDs, but there are many other more important things to do.
Re: [Dovecot] Accessing maildir snapshots through dovecot
On 19/03/2012 14:57, Timo Sirainen wrote: So the INBOX mails would be in /home/.snapshot/hourly.0/%u/Maildir/{cur| new} directories? The INBOX should be accessible via the INBOX.EmailBackup.h0 folder itself. If it's not, you may need to use a newer Dovecot version. It's not actually. Sorry for the obvoius info I didn't give. I'm currently using dovecot 2.0.7 Regards, Laurent
Re: [Dovecot] Building Dovecot RHEL RPMs with custom LDAP packages
On Mon, Mar 19, 2012 at 03:47:24PM +0200, Nikolaos Milas wrote: On 19/3/2012 2:32 μμ, /dev/rob0 wrote: ISTM that herein lies the whole problem. Why did you not rpmbuild your OpenLDAP? That would have avoided all further fuss. Thanks for the reply. First, how would I rpmbuild my openldap v2.4.x as a standard CentOS 5 package (i.e. replacing native openldap-2.3.43-25)? If I were more experienced, I could have tried to engineer openldap-2.3.43-25.el5.src.rpm to upgrade the system to use That's what I would have tried. 2.4.x... But still, I haven't seen any OpenLDAP packages attempting to do so, probably because of the tight integration of CentOS with some openldap v2.3 libraries. I don't have anything to tell you there, and I note that we are now fully off-topic. :) I think it's good that third-party packages (even of the same software) give the ability to not mess with standard system. The same is true for reputable Symas OpenLDAP packages. So, I simply use LTB OpenLDAP, even though it's installed at non-standard locations. Failing the SRPM translation, why not just install into the CentOS standard locations? ... oops, I typed too fast ... (This has an added benefit of easy migration. You can setup any/all of those on the same system and decide which one to enable at any time.) So you are in fact using both the CentOS OpenLDAP and your own version? This does not sound good at all. :( Another observation I can offer, unwelcome as it may be: your OS choice was not a good one when you want the features of recent software. Perhaps you should rethink that choice. You have invested much effort in this task. I like CentOS from many aspects as an enterprise server OS. I wouldn't change it. I don't doubt that CentOS/RHEL offers many benefits, but my point here is that in this endeavor you are seeing the drawbacks. Yet, it's important to me to be able to build/combine non-standard packages. Even with CentOS 6, I would still continue to use LTB OpenLDAP for a number of reasons. It's true that I've invested much effort in this task, but mostly because my knowledge on this subject is very basic. And there too, the better forum, with more of the skills you need, would be the CentOS one. :) Note that Dovecot RPM works fine as is (compiled with OpenLDAP 2.3), i.e. there is no real need in re-building it using OpenLDAP 2.4 libs. We just try to make things better (and make our life a bit more difficult) :-) And that is really more a question for a CentOS forum than here. True, but I am hoping that there might be some Dovecot RHEL/CentOS packagers in this list, and that would help resolve issues more effectively, as it is a Dovecot-specific (even if for a package thereof) question. So, any help will be appreciated! The latter requirement seems curious to me. In what way does Dovecot use Cyrus SASL? Hmm, I can't tell. I hope atrpm packager(s), if present on this list, can provide some feedback. I was thinking maybe Timo would know. As far as I can tell it doesn't. I do see in configure.in's check for LDAP, a search for sasl.h or sasl/sasl.h, so it appears that Cyrus SASL might be required to build Dovecot's LDAP support. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: [Dovecot] Building Dovecot RHEL RPMs with custom LDAP packages
On 19/3/2012 5:28 μμ, /dev/rob0 wrote: So you are in fact using both the CentOS OpenLDAP and your own version? This does not sound good at all. :( I talked about migration, didn't I? (Helps in test environments too!) And there too, the better forum, with more of the skills you need, would be the CentOS one. :) ... And that is really more a question for a CentOS forum than here. I guess I might have to subscribe to CentOS forum/mailing list... (I haven't needed to yet.) Thanks anyway, Nick
[Dovecot] INBOX cant be created
Inbox does not exists on disk, but following command sequence will not create it. 2 select INBOX 2 NO Mailbox doesn't exist: INBOX 3 create INBOX 3 NO [ALREADYEXISTS] Mailbox already exists: INBOX i think its bug
Re: [Dovecot] Accessing maildir snapshots through dovecot
On 19/03/2012 15:05, Laurent CARON wrote: On 19/03/2012 14:57, Timo Sirainen wrote: So the INBOX mails would be in /home/.snapshot/hourly.0/%u/Maildir/{cur| new} directories? The INBOX should be accessible via the INBOX.EmailBackup.h0 folder itself. If it's not, you may need to use a newer Dovecot version. It's not actually. Sorry for the obvoius info I didn't give. I'm currently using dovecot 2.0.7 Regards, Laurent Upgrading did the trick. Thanks
Re: [Dovecot] INBOX cant be created
doveadm does not works too: sudo doveadm mailbox create -u admin INBOX doveadm(admin): Error: Can't create mailbox INBOX: Permission denied sudo doveadm mailbox create -u admin INBOX.2 (works)
Re: [Dovecot] 2.1: Error: Maildir filename has wrong S value, renamed the file from
I'm having this problem also, with a very very few users. But in my case the email isn't double gzip, just single like normal. Error: read(.../.Deleted Messages/cur/1331840112.M186676P27974.5013:2,) failed: Input/output error (uid=250) All I have to do is rename the file to add back the lost S= part and all is fine. This has happened in the inbox, deleted, and trash folders so far. and always after a change, the S= exists for new emails. It's like it's loosing it on adding the read flag, and mailbox moves But out of millions of emails, only a very few are like this, that I know of, around 6 emails. I manually fixed them, will be looking to see if this issue comes back. Quoting Timo Sirainen t...@iki.fi: On 2.3.2012, at 12.43, Ralf Hildebrandt wrote: Alternatively you can just tell Dovecot not to care about it: maildir_broken_filename_sizes=yes. Although you probably can't do that if you have compressed mails. In the case above that mail was gzipped twice :( Yes, looks like Dovecot can't correctly fix the wrong S size for gzipped mails. I don't know if I should bother fixing it, especially since in your case the doubly-gzipped mails will look corrupted to user..
Re: [Dovecot] INBOX cant be created
doveadm(admin): Error: Can't create mailbox INBOX: Permission denied The INBOX exists but has a wrong owner. Em 19 de março de 2012 13:22, Radim Kolar h...@filez.com escreveu: doveadm does not works too: sudo doveadm mailbox create -u admin INBOX doveadm(admin): Error: Can't create mailbox INBOX: Permission denied sudo doveadm mailbox create -u admin INBOX.2 (works)
Re: [Dovecot] INBOX cant be created
doveadm(admin): Error: Can't create mailbox INBOX: Permission denied The INBOX exists but has a wrong owner. nope ponto# cd /var/mail ponto# mv admin/ admin.X ponto# doveadm mailbox create -u admin INBOX doveadm(admin): Error: Can't create mailbox INBOX: Permission denied but it might be that ordinary user admin cant create directories in /var/mail message from IMAP reply is wrong for sure because mailbox does not exists: ponto# cd /var/mail ponto# mv admin admin.x ponto# telnet localhost imap 3 select inbox 3 NO Mailbox doesn't exist: INBOX 4 create INBOX 4 NO [ALREADYEXISTS] Mailbox already exists: INBOX
Re: [Dovecot] 2.1: Error: Maildir filename has wrong S value, renamed the file from
* Patrick Domack patric...@patrickdk.com: I'm having this problem also, with a very very few users. But in my case the email isn't double gzip, just single like normal. Error: read(.../.Deleted Messages/cur/1331840112.M186676P27974.5013:2,) failed: Input/output error (uid=250) All I have to do is rename the file to add back the lost S= part and all is fine. This has happened in the inbox, deleted, and trash folders so far. and always after a change, the S= exists for new emails. It's like it's loosing it on adding the read flag, and mailbox moves Yes, I'm also seeing it now with mailboxes where no mail is doubly gzipped. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] auth tcp socket, Authentication client gave a PID 7542 of existing connection
On Fri, Mar 16, 2012 at 9:39 PM, Alex Ha alex.han...@gmail.com wrote: On Fri, Mar 16, 2012 at 9:14 PM, Timo Sirainen t...@iki.fi wrote: On 16.3.2012, at 22.00, Alex Ha wrote: dovecot: auth: Error: BUG: Authentication client gave a PID 7542 of existing connection Oh, right, PIDs of course aren't unique when you're using multiple servers. Try if the attached patch fixes your troubles. If it does, I'll commit it to hg. Thanks Timo! I will try the patch and report to you. Hi Timo! I tried the patch with 2.0.19 and the dovecot error messages disappeared. I still get a lot of this postfix warnings: SASL LOGIN authentication failed: Connection lost to authentication server but only for ips which tried a sasl brute force attack. Connection lost to authentication server could this be because of the dovecot auth penalties? so far i did not get any complaints from users. Thanks for your help! Alex
[Dovecot] Using plaintext auth and SSL
I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security You guys, I don't hear any noise. Are you sure you're doing it right? -- My Life With The Thrill Kill Kult
Re: [Dovecot] Using plaintext auth and SSL
On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security You guys, I don't hear any noise. Are you sure you're doing it right? -- My Life With The Thrill Kill Kult
Re: [Dovecot] Using plaintext auth and SSL
On 3/19/2012 4:37 PM, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? I'm pretty sure if you set disable_plain_text_auth = no that you can log in to the appropriate ports with SSL or without. Sorry I sent the first reply to you, wasn't paying attention. -- Knute Johnson
Re: [Dovecot] Using plaintext auth and SSL
On 20/03/2012 01:37, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? there is no connection between the plaintext auth to the ssl\tls layer. you can just change the in the service section of the 10-master.conf file of the imap to no imap at all and use only imaps listener with port for your choose such as 143 or 993 and you will have a only imap over ssl. Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer at ngtech.co.il
Re: [Dovecot] INBOX cant be created
On 19/03/2012 20:23, Radim Kolar wrote: doveadm(admin): Error: Can't create mailbox INBOX: Permission denied The INBOX exists but has a wrong owner. nope ponto# cd /var/mail ponto# mv admin/ admin.X ponto# doveadm mailbox create -u admin INBOX doveadm(admin): Error: Can't create mailbox INBOX: Permission denied get into the maildir folder and use: ls -la to see all the directories and permissions. it might be with a starting . what will make it invisible to regular ls. Regards, Eliezer but it might be that ordinary user admin cant create directories in /var/mail message from IMAP reply is wrong for sure because mailbox does not exists: ponto# cd /var/mail ponto# mv admin admin.x ponto# telnet localhost imap 3 select inbox 3 NO Mailbox doesn't exist: INBOX 4 create INBOX 4 NO [ALREADYEXISTS] Mailbox already exists: INBOX -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer at ngtech.co.il
Re: [Dovecot] Using plaintext auth and SSL
On 20/03/2012 02:16, Eliezer Croitoru wrote: On 20/03/2012 01:37, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? there is no connection between the plaintext auth to the ssl\tls layer. you can just change the in the service section of the 10-master.conf file of the imap to no imap at all and use only imaps listener with port for your choose such as 143 or 993 and you will have a only imap over ssl. one mistake, change the imap service to port 0 and port 143 will be disabled with regular imap service Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer at ngtech.co.il
Re: [Dovecot] Using plaintext auth and SSL
Am 20.03.2012 01:16, schrieb Eliezer Croitoru: On 20/03/2012 01:37, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? there is no connection between the plaintext auth to the ssl\tls layer. you can just change the in the service section of the 10-master.conf file of the imap to no imap at all and use only imaps listener with port for your choose such as 143 or 993 and you will have a only imap over ssl. Because it is going to drive me insane if I don't ask: Is there really no way to archive this with a modern (aka. STARTTLS based) IMAP setup?
Re: [Dovecot] Using plaintext auth and SSL
On 03/19/2012 07:37 PM, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? This is all you have to do: protocol imap { ssl=required } See: http://wiki2.dovecot.org/SSL Globally, you can leave disable_plaintext_auth = no, and leave protocol pop3 {} alone. Your clients will be able to log in to pop3 with any authentication mechanism you have enabled, and imap will be accessible only with SSL/TLS, either over port 143 with STARTTLS or over port 993 with implicit SSL. I actually took the trouble to verify this on my local server before posting, and it turns out the wiki didn't lie.
Re: [Dovecot] Using plaintext auth and SSL
On 03/19/2012 07:37 PM, Jeff Simmons wrote: On Monday, March 19, 2012 04:16:46 pm you wrote: On 3/19/2012 4:04 PM, Jeff Simmons wrote: I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot? Turns out you can also use the disable_plaintext_auth = yes directive under protocol imap {}, but as noted by others previously, this is related specifically to plaintext authentication methods, and is not the same as requiring SSL/TLS for the entire session. If my understanding is correct, disable_plaintext_auth means your clients can authenticate with non-plaintext e.g. with CRAM-MD5 and proceed with an unsecured session.
[Dovecot] Dsync Dovecot
Hi guys, I am using dovecot-2.1.0 in centos 5.7, I configured dovecot with postfix in 2 system both system is having same configuration and os. I want to use dsync in mirror mode via ssh but I am not able to do it. When I followed the dsync wiki then I an unable to find the username : *dsync -u username mirror ssh -i id_dsa.dovecot mailu...@example.com dsync -u username* In the above command what will b user name and id_dsa.dovecot I am unable to understand. -- * Thanks Regards * *Jitendra Kumar Bhaskar* Cell:- +91 7306311531 +91 8102997821
Re: [Dovecot] Dsync Dovecot
Hello Jitendra, I'm trying to do the same thing but I hit a wall as the sync seems to be doubling some emails in my case. My issues is still open with Timo (I HOPE!) As you seem to be stuck in an earlier stage here are my advices: 1) add the id_rsa to the .ssh folder to the user that runs the sync to test that this step is ok you should be able to $ ssh mailu...@example.com without being asked for a certificate / password (if you wonder how to achieve this here is a sample tutorial http://jaybyjayfresh.com/2009/02/04/logging-in-without-a-password-certificates-ssh/) 2) username is the user that has the email (if you work in a virtual environment generally is user@domain). 3) the syntax that I found to be working for me is the following: doveadm -Dv sync -u user1@dom1 -f ssh mx1.a doveadm dsync-server -u user1@dom1 To explain a little bit clearer the setup: - you start with 2 server mx1.a and mx2.a. On both servers you have vpopmail as the virtual user management for the virtual domain dom1 - from mx1.a you can ssh vpopmail@mx2.a directly without being prompted for a certificate or password) - user1@dom1 is a virtual user defined both on mx1.a and on mx2.a (which means that you can deliver emails to this user both at mx1.a and mx2.a and you can also read them through imap on both servers). Hope this makes it a little bit more clear. Have fun, Andrei Hi guys, I am using dovecot-2.1.0 in centos 5.7, I configured dovecot with postfix in 2 system both system is having same configuration and os. I want to use dsync in mirror mode via ssh but I am not able to do it. When I followed the dsync wiki then I an unable to find the username : *dsync -u username mirror ssh -i id_dsa.dovecot mailu...@example.com dsync -u username* In the above command what will b user name and id_dsa.dovecot I am unable to understand. -- * Thanks Regards * *Jitendra Kumar Bhaskar* Cell:- +91 7306311531 +91 8102997821
[Dovecot] Per-user IMAP enable - is it possible?
Just wonder if it is possible to enable/disable IMAP4 on Dovecot (2.0.x as far) on per-user basis? The deal is simple: our policy is not to store a lot of mailing on mailserver (the user should store it locally), thus the 'use POP3' approach, but for a vary few users it is permitted to use IMAP4. But users sometimes simple miss the point that some mail clients (e.g. TB) 'prefer' to use IMAP4 first, and afterward I see mailbox full of mailings and no local store of it on user's workstation. Sound too complicated, but setting up two Dovecots is not something I'd love to do as well. Thank you for any ideas, Alexander
Re: [Dovecot] Per-user IMAP enable - is it possible?
On 3/20/2012 1:28 AM, Alexander Chekalin wrote: Just wonder if it is possible to enable/disable IMAP4 on Dovecot (2.0.x as far) on per-user basis? The deal is simple: our policy is not to store a lot of mailing on mailserver (the user should store it locally), thus the 'use POP3' approach, but for a vary few users it is permitted to use IMAP4. But users sometimes simple miss the point that some mail clients (e.g. TB) 'prefer' to use IMAP4 first, and afterward I see mailbox full of mailings and no local store of it on user's workstation. Sound too complicated, but setting up two Dovecots is not something I'd love to do as well. Thank you for any ideas, Alexander There would be various ways to do this, the specifics would depend on what kind of passdb you use. If you happen to be using a SQL database, you could do something like this: Add an allow_imap column, and change the password_query in dovecot-sql.conf.ext to something like this: password_query = SELECT password FROM user WHERE username = '%n' AND domain = '%d' \ AND ('%s' != 'imap' or allow_imap=1) This would make the user appear to not exist when trying to log in via IMAP. http://wiki2.dovecot.org/Variables