date:20121020

[Dovecot] Configuring Dovecot & Snarf plugin for the first time

2012-10-20 Thread Jeffrey Ross

I've been using uw-imap for some time on my linux system and have been 
running into issues with it so I've decided to move to Dovecote, so far 
it seems to have solved the issues I've been having however I need/want 
to move the incoming emails out of /var/spool/mail/{user} in the same 
(or similar fashion) that uw-imap did, and I found the snarf plugin.


However whenever I enable the snarf plugin using the example on the wiki 
page my email is not loaded and when I remove my configuration for snarf 
my email re-appears.  Based upon what I can tell the snarf plugin is 
either not loading (but I see it listed in the logs) or simply not 
working (which is probably because its not configured properly).


The system is Fedora 16 (x86_64), the MTA is Exim, and Dovecot is 2.0.21 
(version supplied with Fedora).  I know I'm making a newbie mistake.


Any guidance would be appreciated.

Thanks, Jeff


dovecot -n provides the following:


[root@xyzzy conf.d]# more /tmp/dovecot.changes
# 2.0.21: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.11-1.fc16.x86_64 x86_64 Fedora release 16 (Verne)
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mbox
mail_plugins = " zlib"
mbox_write_locks = fcntl
namespace default {
  inbox = yes
  location =
  prefix =
  separator = /
}
namespace snarf {
  hidden = yes
  list = no
  location = mbox:/run/dovecot/empty:INBOX=/var/spool/mail/%u
  prefix = /snarf
  separator = /
}
passdb {
  driver = pam
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  snarf = = /snarf/INBOX
}
service imap-login {
  inet_listener imap {
address = localhost
  }
}
service pop3-login {
  inet_listener pop3 {
address = localhost
  }
}
ssl_cert = Oct 20 21:29:45 xyzzy dovecot: imap-login: Login: user=, 
method=PLAIN, rip=98.109.156.118, lip=132.238.254.34, mpid=19627, TLS
Oct 20 21:29:45 xyzzy dovecot: imap: Debug: Loading modules from 
directory: /usr/lib64/dovecot
Oct 20 21:29:45 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib05_snarf_plugin.so
Oct 20 21:29:45 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib20_zlib_plugin.so
Oct 20 21:29:45 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib30_imap_zlib_plugin.so
Oct 20 21:29:45 xyzzy dovecot: imap(jeff): Debug: Effective uid=500, 
gid=500, home=/home/jeff
Oct 20 21:29:45 xyzzy dovecot: imap(jeff): Debug: Namespace default: 
type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=mbox:~/mail:INBOX=~/mbox
Oct 20 21:29:45 xyzzy dovecot: imap(jeff): Debug: fs: 
root=/home/jeff/mail, index=, control=, inbox=/home/jeff/mbox, alt=
Oct 20 21:29:45 xyzzy dovecot: imap(jeff): Debug: Namespace snarf: 
type=private, prefix=/snarf, sep=/, inbox=no, hidden=yes, list=no, 
subscriptions=yes 
location=mbox:/run/dovecot/empty:INBOX=/var/spool/mail/jeff
Oct 20 21:29:45 xyzzy dovecot: imap(jeff): Debug: fs: 
root=/run/dovecot/empty, index=, control=, inbox=/var/spool/mail/jeff, alt=
Oct 20 21:29:46 xyzzy dovecot: imap-login: Login: user=, 
method=PLAIN, rip=98.109.156.118, lip=132.238.254.34, mpid=19629, TLS
Oct 20 21:29:46 xyzzy dovecot: imap: Debug: Loading modules from 
directory: /usr/lib64/dovecot
Oct 20 21:29:46 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib05_snarf_plugin.so
Oct 20 21:29:46 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib20_zlib_plugin.so
Oct 20 21:29:46 xyzzy dovecot: imap: Debug: Module loaded: 
/usr/lib64/dovecot/lib30_imap_zlib_plugin.so
Oct 20 21:29:46 xyzzy dovecot: imap(jeff): Debug: Effective uid=500, 
gid=500, home=/home/jeff
Oct 20 21:29:46 xyzzy dovecot: imap(jeff): Debug: Namespace default: 
type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=mbox:~/mail:INBOX=~/mbox
Oct 20 21:29:46 xyzzy dovecot: imap(jeff): Debug: fs: 
root=/home/jeff/mail, index=, control=, inbox=/home/jeff/mbox, alt=
Oct 20 21:29:46 xyzzy dovecot: imap(jeff): Debug: Namespace snarf: 
type=private, prefix=/snarf, sep=/, inbox=no, hidden=yes, list=no, 
subscriptions=yes 
location=mbox:/run/dovecot/empty:INBOX=/var/spool/mail/jeff
Oct 20 21:29:46 xyzzy dovecot: imap(jeff): Debug: fs: 
root=/run/dovecot/empty, index=, control=, inbox=/var/spool/mail/jeff, alt=

Re: [Dovecot] LDA without lookup as non-root?

2012-10-20 Thread E.B.

>>  3) The interesting part -- I am invoking LDA from Maildrop. See:

>>  http://thread.gmane.org/gmane.mail.imap.dovecot/65473
>>  So
>>  when invoked, Maildrop has already dropped to the destination UID/GID 
>>  and the needed paths are available in the environment.  However, using 
>>  as many permutations of calling LDA as I can think of (based on     
>>  http://wiki2.dovecot.org/LDA ), I always get this:
>> 
>>  (command line usage error. Command output: lda: Fatal: Couldn't lookup 
> our 
>>  username (uid=2500) )
> 
> I could not find anything in the mailing list archives to help me, but I 
> googled 
> and found a link to a source file:
> 
> http://hg.dovecot.org/dovecot-sieve-1.1/raw-rev/7d85833eff96
> 
> I read the source, it looks like it's not exactly a userdb lookup - LDA is 
> trying to get the unix username for the given UID. In my case, UIDs are 
> "virtual" so there isn't a unix username. The source doesn't 
> really use the username that it looks up except in a call 
> "open_logfile."
> 
> Is it possible to avoid this problem? It looks like the answer is no, I have 
> to 
> use -d which also forces a userdb lookup. Maybe this limitation can be 
> removed 
> in the future? Now I suppose I have to go understand the problems of userdb 
> lookup permissions, but I think there are solutions for that.


FWIW, in this scenario, "service auth" in master config has to have its mode 
relaxed to 0606 to make userdb lookups work.  So ANYONE on the machine can see 
all userdb lookups.  I don't have local users here, so it's probably safe 
anyway(?). 

Can anyone explain if there are other security risks of running the auth 
service at 0606?

Re: [Dovecot] still having difficulties with per-user quotas

2012-10-20 Thread Daniel Parthey

David Mehler wrote:
> Thanks for your reply. So with the extending of the query to return a
> default quota rule, do you have an example of that by the way, does
> that mean I only have to put the overrided users in the quota table?

Assuming that quota values are in the dovecot_users table...

# passdb with userdb prefetch and default quota of 1024M for quota=0 rows
# The userdb_ prefix is for prefetch userdb entries in password_query
password_query = SELECT username AS user, \
  password AS password, \
  home AS userdb_home, \
  uid AS userdb_uid, \
  gid AS userdb_gid, \
  CASE quota \
WHEN 0 \
  THEN '*:bytes=1024M:messages=0' \
ELSE \
  CONCAT('*:bytes=', CAST(quota AS CHAR), 'M:messages=', CAST(quota_message 
AS CHAR)) \
  END AS `userdb_quota_rule` \
  FROM dovecot_users \
  WHERE username='%u';

# user_query with default quota of 1024M for quota=0 rows
user_query = SELECT username AS user, \
  home AS home, \
  uid AS uid, \
  gid as gid, \
  CASE quota \
WHEN 0 \
  THEN '*:bytes=1024M:messages=0' \
ELSE \
  CONCAT('*:bytes=', CAST(quota AS CHAR), 'M:messages=', CAST(quota_message 
AS CHAR)) \
  END AS `quota_rule` \
  FROM dovecot_users \
  WHERE username='%u';

Your user_query needs to return a row if the user exists,
otherwise dovecot will assume that the user does not exist
and the mail or user will be rejected.

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

Re: [Dovecot] LDA without lookup as non-root?

2012-10-20 Thread E.B.


> 1) If LDA is invoked without 

> lookups, is it correct to assume that the "service auth" and 
> "service 
> auth-worker" can be completely removed from dovecot master 
> configuration? (I have tried commenting them out and logging into IMAP, 
> which seems to work, not sure if anyone else needs the auth service)

Any confirmation on this?

> 2)
> If LDA is invoked without lookups, will I be unable to use Dovecot 
> quota plugin? Does it need to have a user lookup to get quota info? 
> (haven't added quota support, need to take this one step at a time)

I'm especially interested if someone can comment on this, since maybe it makes 
my efforts here wasted

> 3) The interesting part -- I am invoking LDA from Maildrop. See:
> http://thread.gmane.org/gmane.mail.imap.dovecot/65473
> So
> when invoked, Maildrop has already dropped to the destination UID/GID 
> and the needed paths are available in the environment.  However, using 
> as many permutations of calling LDA as I can think of (based on     
> http://wiki2.dovecot.org/LDA ), I always get this:
> 
> (command line usage error. Command output: lda: Fatal: Couldn't lookup our 
> username (uid=2500) )

I could not find anything in the mailing list archives to help me, but I 
googled and found a link to a source file:

http://hg.dovecot.org/dovecot-sieve-1.1/raw-rev/7d85833eff96

I read the source, it looks like it's not exactly a userdb lookup - LDA is 
trying to get the unix username for the given UID. In my case, UIDs are 
"virtual" so there isn't a unix username. The source doesn't really use the 
username that it looks up except in a call "open_logfile."

Is it possible to avoid this problem? It looks like the answer is no, I have to 
use -d which also forces a userdb lookup. Maybe this limitation can be removed 
in the future? Now I suppose I have to go understand the problems of userdb 
lookup permissions, but I think there are solutions for that.

Am I on the right understanding   ?

> The
> UID is correct for the target user. If I add "-d $LOGNAME" to my LDA 
> callout, I get permission denied on the userdb lookup, which I guess is 
> another issue to work out if I want to go with lookups. But right now I 
> am trying not to. Why does LDA seem to try for a lookup even when I 
> follow the wiki instructions how to call it without a lookup?
> 
> 3.5)
> Related question, my users have separate homedir and maildir, both 
> paths are looked up by Maildrop. I think I need to call LDA with 
> "HOME=$DEFAULT dovecot-lda -f $FROM". Is this correct?
>

Re: [Dovecot] still having difficulties with per-user quotas

2012-10-20 Thread Daniel Parthey

David Mehler wrote:
> My first issue is from what it is looking like I have to define all my
> users in the quota database not just the ones whose values I want to
> override the global quota declaration in 90-quota.conf. If I just add
> the user@domain to the database the bytes and messages columns have
> zero as default, this means those values override global quota in
> 90-quota.conf and they effectively have unlimited access.

This is expected behavior. If the userdb returns a quota rule,
it overrides the global quota rule. Extend your SQL query to
return a default quota_rule for rows without quota entry.

> My second issue is I have entered a quota of 250 megabytes for a test
> user. This works but he seems to get more space everytime he logs in,
> started out at 250, on the next login it was 255, then 269 on the
> third, and so forth. I've checked the quota table and yes the value in
> the bytes column is increasing.

Please show output of doveconf -n and any external (sql/dict)
includes related to quota or quota_rules.

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

Re: [Dovecot] Dovecot 2 and TCP-Keepalive

2012-10-20 Thread Sven Hartge

Timo Sirainen  wrote:
> On 20.10.2012, at 19.39, Sven Hartge wrote:

>> My question is: does Dovecot2 use TCP-Keepalive on its sockets per
>> default or do I need to enable it some way I have not yet discovered?

> It's the default yes. Of course Linux's default keepalive interval is
> something like 90 minutes, so have you changed that already?..

Yes, I did. For those systems it is set to 15 minutes right now.

>> The manual and wiki only talk about "keepalive" in connection with
>> the IMAP protocol and IDLE and my C-fu is too weak to understand the
>> source code.

> imap_idle_notify_interval (default 2 min) causes Dovecot to send data
> to IDLEing connections, which pretty much makes the TCP keepalive
> irrelevant. For non-IDLE connections Dovecot has a disconnect timeout
> of 30 minutes.

This is fine. As long as the client notices the termination of the
connection, everything should be OK.

Before I switched keepalive on for Perdition, the firewall/NAT would
internally throw away a connection but neither the client or the server
would notice this.

Then if the client tried to do something with this connection, like
select or save a message, the firewall/NAT would send a RST and the
client would then bug the user with a meaningless message like "folder
does not exist" which caused a lot of confusion for the end-user and
created quite the bit of trouble tickets.

This problem mostly happend with an IMAP connection to the "Sent
Messages" folder which normally does not see much changes until the
users writes and sends a mail. Then after the mail was sent via SMTP the
client tries to save the message, gets sent an RST from the firewall/NAT
and presents the user with a wrong and confusing error message. The user
then thinks his mail was not sent and sends it again. This time the
client opens a new connection to select the "Sent Messages" folder and
everything works. But the recipient gets the mail twice.

Again resulting in confusion and trouble tickets to be dealt with.

By switching to TCP keepalive (and reducing the keepalive time to 15
minutes) all those problems were solved and my users (and support staff)
were happy again ;)

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] still having difficulties with per-user quotas

2012-10-20 Thread David Mehler

Hello,

Thank you for your reply. Adding mail_uid and mail_gid fixed it. I now
have quotas going but I don't know if I have them right or just don't
like my setup.

My first issue is from what it is looking like I have to define all my
users in the quota database not just the ones whose values I want to
override the global quota declaration in 90-quota.conf. If I just add
the user@domain to the database the bytes and messages columns have
zero as default, this means those values override global quota in
90-quota.conf and they effectively have unlimited access.

My second issue is I have entered a quota of 250 megabytes for a test
user. This works but he seems to get more space everytime he logs in,
started out at 250, on the next login it was 255, then 269 on the
third, and so forth. I've checked the quota table and yes the value in
the bytes column is increasing.

Thanks for any help.

Dave.

On 10/20/12, Daniel Parthey  wrote:
> David Mehler wrote:
>> Oct 19 15:23:52 imap(xxx): Error: user xxx: Couldn't drop privileges: User
>> is missing UID (see mail_uid setting)
>
> Set the following options in your dovecot.conf:
>
> mail_uid = vmail
> mail_gid = vmail
>
> Also see section "Mail users" at
> http://wiki2.dovecot.org/UserIds
>
> Regards
> Daniel
> --
> https://plus.google.com/103021802792276734820
>

Re: [Dovecot] Dovecot 2 and TCP-Keepalive

2012-10-20 Thread Timo Sirainen

On 20.10.2012, at 19.39, Sven Hartge wrote:

> I am about to migrate a perdition-based IMAP/POP3 proxy to Dovecot.
> 
> Unfortunately some users are behind a firewall/NAT setup which throws
> away seemingly idle TCP connections sooner than the established default
> of 24 hours (more likely after 30 minutes ...) resulting in all kinds of
> weird client behavior.
> 
> And unfortunately² this firewall/NAT setup is outside of my control and
> I have no means of correcting this (in my opinion) flawed configuration.
> 
> Now, with perdition I was able to use the --tcp_keepalive option which
> totally solved the mentioned weird client behavior.
> 
> My question is: does Dovecot2 use TCP-Keepalive on its sockets per
> default or do I need to enable it some way I have not yet discovered?

It's the default yes. Of course Linux's default keepalive interval is something 
like 90 minutes, so have you changed that already?..

> The manual and wiki only talk about "keepalive" in connection with the
> IMAP protocol and IDLE and my C-fu is too weak to understand the source
> code.

imap_idle_notify_interval (default 2 min) causes Dovecot to send data to 
IDLEing connections, which pretty much makes the TCP keepalive irrelevant. For 
non-IDLE connections Dovecot has a disconnect timeout of 30 minutes.

[Dovecot] Dovecot 2 and TCP-Keepalive

2012-10-20 Thread Sven Hartge

Hi!

I am about to migrate a perdition-based IMAP/POP3 proxy to Dovecot.

Unfortunately some users are behind a firewall/NAT setup which throws
away seemingly idle TCP connections sooner than the established default
of 24 hours (more likely after 30 minutes ...) resulting in all kinds of
weird client behavior.

And unfortunately² this firewall/NAT setup is outside of my control and
I have no means of correcting this (in my opinion) flawed configuration.

Now, with perdition I was able to use the --tcp_keepalive option which
totally solved the mentioned weird client behavior.

My question is: does Dovecot2 use TCP-Keepalive on its sockets per
default or do I need to enable it some way I have not yet discovered?

The manual and wiki only talk about "keepalive" in connection with the
IMAP protocol and IDLE and my C-fu is too weak to understand the source
code.

Grüße,
Sven.


-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] trash plugin not doing it's job

2012-10-20 Thread Daniel Parthey

Jan-Frode Myklebust wrote:
> $ cat /etc/dovecot/dovecot-trash.conf.ext
> # Spam mailbox is emptied before Trash
> 1 INBOX.Spam
> # Trash mailbox is emptied before Sent
> 2 INBOX.Trash

Are you sure the Trash Folder of the affected users is located below "INBOX"?
doveadm mailbox list -u user@domain | grep -iE "trash|spam"

Example at http://wiki2.dovecot.org/Plugins/Trash omits "INBOX."
Have you tried INBOX/Trash as mailbox name?

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

Re: [Dovecot] still having difficulties with per-user quotas

2012-10-20 Thread Daniel Parthey

David Mehler wrote:
> Oct 19 15:23:52 imap(xxx): Error: user xxx: Couldn't drop privileges: User is 
> missing UID (see mail_uid setting)

Set the following options in your dovecot.conf:

mail_uid = vmail
mail_gid = vmail

Also see section "Mail users" at
http://wiki2.dovecot.org/UserIds

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

Re: [Dovecot] Dovecot 2 quota limit and actual size (mysql)

2012-10-20 Thread Daniel Parthey

Use LMTP instead of lda. The dovecot lmtp service automatically
cares about updating quota values in mysql database when
mail arrives through the lmtp socket.

Regards
Daniel

wamp wrote:
> Hello,
> Can You explain to me how dovecot-lda knows actual size of virtual user
> directory? I want to keep 
> max size of user directory in mysql - should I also use some kind of script
> to upgrade actual size information in mysql ? 
> 
> I read docs from wiki but still dont know it.
> 
> 
> thanks
> 
> 
> 
> --
> View this message in context: 
> http://dovecot.2317879.n4.nabble.com/Dovecot-2-quota-limit-and-actual-size-mysql-tp38235.html
> Sent from the Dovecot mailing list archive at Nabble.com.
> 

-- 
https://plus.google.com/103021802792276734820

[Dovecot] Configuring Dovecot & Snarf plugin for the first time

Re: [Dovecot] LDA without lookup as non-root?

Re: [Dovecot] still having difficulties with per-user quotas

Re: [Dovecot] LDA without lookup as non-root?

Re: [Dovecot] still having difficulties with per-user quotas

Re: [Dovecot] Dovecot 2 and TCP-Keepalive

Re: [Dovecot] still having difficulties with per-user quotas

Re: [Dovecot] Dovecot 2 and TCP-Keepalive

[Dovecot] Dovecot 2 and TCP-Keepalive

Re: [Dovecot] trash plugin not doing it's job

Re: [Dovecot] still having difficulties with per-user quotas

Re: [Dovecot] Dovecot 2 quota limit and actual size (mysql)

12 matches

Site Navigation

Mail list logo

Footer information