Re: [Dovecot] Suggestions for upgrading dovecot 1.0.7 Redhat EL 5.x
Am 26.02.13 14:48, schrieb Steffen Kaiser: > On Tue, 26 Feb 2013, Götz Reinicke - IT Koordinator wrote: > >> we still have our solid rock dovecot 1.0.7 Redhat el 5.x up and running. > >> We don't need much magic or special setups. > > The configuration has been split up since v1.0, but you can grep through > the files and find the spots easily. Also, if you didn't changed much in > v1.0 (that is how I understand your "don't need much magic or special > setups"), the chances are good, that you'll not change much in v2.1 or > v2.2. I'd review the configfiles and especially the great update documentation from timo. For now we look save. As far as I remember we just adjusted the mailbox path (mail_location) and protocols (imaps/pop3s). And we use ssl certificates. No mysql, sieve or quota etc stuff. > >> However we'd like to think what might be the next step in upgrading our >> setup. Each user one mbox mailbox. About 500 imap/pop3 accounts, 400GB >> data. > >> First of all: to what version is a good step from 1.0? > > I would setup a Dovecot v2.2 server, it's RC2, but Dovecot is usually > more stable than other software ... . > > However, I would install the whole server anew, no automatic upgrade or > whatsoever. That's the point :) currently I don't have the hardware and time to install a new system. So we thought doing a minor upgrade will improve things a bit and we can get rid of one old bug without getting to much trouble by doing a very big step ahead. > >> Dose anyone has any experiences in doing such a "big" step forward? > > I have upgraded a v1.0 to v2.1 now. No big deal from Dovecot. I read something about the index and mailbox/mailstorage formats might have changed a bit and that dovecot is converting/correcting tham on the flight. Did you notice something like that? > >> Can we get a rpm from e.g. atrpms repository? > > Ah, OK, then use the most current version available :-) I build Dovecot > from source. > >> Or should we think of migrating to a total updated Redhat EL 6.x / >> Dovecot 2.0.x system? > > I don't know Redhat, but it seems to be wise to upgrade. What's the > "Known Bug List" or "Known Security Holes" in Redhat EL 5.x? What do you mean by that? BTW it's strange to me that Redhat never updated the main imap server part in there lon tearm supported enterprice distribution ... (RH EL 6 comes with dovecot 2.0 ok ... ) Regards . Götz -- Götz Reinicke - IT-Koordinator - Filmakademie Baden-Württemberg GmbH smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [Dovecot] doveadm search not showing expected results
On Feb 25, 2013, at 01.45, Timo Sirainen wrote: > On 25.2.2013, at 4.50, b...@bitrate.net wrote: > >> i'm running doveadm search: >> >>> doveadm search -A mailbox sent savedbefore 365d >>> >> >> and it's returning no results. >> >> a similar command does return some results: >> >>> doveadm search -A mailbox sent savedbefore 120d | grep -iF 'jdoe' >> jdoe 7b9a8b0b7d37504fe72c55e4fe9a 65 >> jdoe 7b9a8b0b7d37504fe72c55e4fe9a 66 > .. >> >> however, i see many messages in the sent mailbox much older than 365 days: > > Note that Dovecot has 3 timestamps: > > * sent date : The Date: header > * received date : In maildir the file's mtime > * save date : In maildir either in dovecot.index.cache or the file's ctime thanks, this clarifies things for me. ultimately, this question comes in the context of expunging messages older [fsvo older, as per the above metrics] than a certain age. is doveadm expunge [...] generally considered the appropriate method for such a task? presumably via a cron job? -ben
Re: [Dovecot] Deleted / read mails show up as new on remote imap clients
Charles Marcus wrote: > On 2013-02-25 5:02 PM, Daniel Parthey > wrote: > >Charles Marcus wrote: > >>On 2013-02-24 1:23 PM, Daniel Parthey > >> wrote: > >>>protocol imap { imap_client_workarounds = delay-newmail > >>>tb-extra-mailbox-sep } > >>Did you try these one at a time? > >>Meaning, were both required to solve the problem? > >No. I just added tb-extra-mailbox-sep and this did the trick. > >The workaround for delay-newmail had already been set before. > > Ok, thanks... > > >>Also, what version of Thunderbird do either/both of you have? > >10.0.12 > > Ummm... even the ESR is already at 17.0.3... why stuck in the stone age? Debian "testing/unstable" currently ships Icedove 10.0.12-1: http://packages.debian.org/search?keywords=icedove There is 17.0.2-1 in the experimental repositories, but I'd rather not break my systems. This is getting off-topic and does not help to solve the problem. Sorry, we should stop here or continue in private email. Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] Deleted / read mails show up as new on remote imap clients
At 6PM +0100 on 25/02/13 you (Andre Bischof) wrote: > Am 25.02.2013 15:39, schrieb Ben Morrow: > > ... > > > Can you use tcpdump or wireshark to see what TB is actually telling > > the server to do? If you use TLS you will need to put ssl_cipher_list > > = RSA in your dovecot.conf and point wireshark at the key file for the > > server's certificate; make sure you remove that setting afterwards, > > since it's a little less secure. (Specifically, TLS will normally use > > an ephemeral Diffie-Hellman key in addition to the certificate's > > private key, in order to make as little use of the cert key as > > possible. This makes it impossible for a third party (like wireshark) > > to decrypt the conversation, even with access to the private key. > > ssl_cipher_list=RSA disables this.) Ben > > To be honest, I can't. I remember using wireshark (it was named s.th. > else at this time) years ago and that it was very complicated. OK. > If you could be more specific and walk me through I surely try. Hmm, I don't think I can, really; at least, not if you're using SSL. Even if you aren't you would want to at least edit the capture to remove passwords before showing it to anyone, which would require understanding what had been captured. Are you able to get a capture with http://wiki2.dovecot.org/Debugging/Rawlog instead? Ben
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 23:30, schrieb Ben Morrow: > At 10PM +0100 on 26/02/13 you (Reindl Harald) wrote: >> Am 26.02.2013 22:41, schrieb Charles Marcus: >>> >>> Absolutely no idea what you said or meant here... >> >> if it is not the same why are doing GnuTLS and OpenSSL >> finnaly both? HMM - because TLS is SSL3.1 is the reason >> and in fact due development it was indeed called SSL3.1 >> before someone changed the name to TLS > > Even if punctuation is too much to ask, could you at least *try* to > write coherent English sentences? in short for you: TLS === SSL 3.1 could the OP at least read basic documentations is the better question signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Converting a POP3 client to IMAP
Am 26.02.2013 23:29, schrieb Kristen J. Webb: > I think this is close to what I need. > My only problem is that all of the > mail is currently in a Thunderbird > client (we don't leave messages on > our current POP3 server). > > Could I set up each user with a migration > account, so they can drag/drop their > email to get them on the mail > server (in imap or pop3 if needed?) > and then somehow use fetchmail > to process the messages again to their > new real account (sieve & all)? you can drag&drop messages to any IMAP severver or folder in your client, even between different imap servers or from imap to local vice versa signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
At 10PM +0100 on 26/02/13 you (Reindl Harald) wrote: > Am 26.02.2013 22:41, schrieb Charles Marcus: > > > > Absolutely no idea what you said or meant here... > > if it is not the same why are doing GnuTLS and OpenSSL > finnaly both? HMM - because TLS is SSL3.1 is the reason > and in fact due development it was indeed called SSL3.1 > before someone changed the name to TLS Even if punctuation is too much to ask, could you at least *try* to write coherent English sentences? Ben
Re: [Dovecot] Converting a POP3 client to IMAP
Hi Steffen, Thank you so much for your quick reply! I apparently missed it the first time. I think this is close to what I need. My only problem is that all of the mail is currently in a Thunderbird client (we don't leave messages on our current POP3 server). Could I set up each user with a migration account, so they can drag/drop their email to get them on the mail server (in imap or pop3 if needed?) and then somehow use fetchmail to process the messages again to their new real account (sieve & all)? Kris On 2/13/13 12:56 AM, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 12 Feb 2013, Kristen J. Webb wrote: Our current email is outsourced and so we have used POP3 to keep all email on our systems for many years. Is there a best practice for moving mail such that we can take advantage of the hard link feature for all those older copies that are currently in POP3 files? It would also be nice to be able to auto file things. I don't see the sieve filters being activated when I copy mail in Thunderbird. you could use fetchmail to get the messages from the POP3 box and pass them to Dovecot deliver. So you can use Sieve filters (or not, if you turn Sieve off for this). Then let the messages spool to Maildir. Then use fdupes to find duplicates and hardlink them. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBURtHEV3r2wJMiz2NAQLv7wf/afBQrT5EvVzXux4zoPo/ZJTt8upHaueV fQiuIdqmzGSiOgrXpZyxOcL9fsBFOQYuYVzPDyISbOdUj8Pf+9pjTdkDlRDKiOYC IXBWj/7I5x64V1Mpy+4TkSnqA8NSB3Tzu0Rp0xOwTa73QwSqjuVw7oO0oqD4nLWj 5CEvk6laEmEsEO/XrlEcuA9OzK32oztx+CxCnTWPrH30ARL4GfckObFkiPOR57XD JXKVJ+PigvPdsUK7aT1/V8ow4an9cjfsCwr4uxeMprfdHfoyu6ghphVl1iB8wCDi Gt7kDU70hR4eK7wArl9J3RLnsr0Ap5o8EHXl+OqLFkM5NCsKYdqjDQ== =9qoB -END PGP SIGNATURE- -- This message is NOT encrypted Mr. Kristen J. Webb Chief Technology Officer Teradactyl LLC. 2450 Baylor Dr. S.E. Albuquerque, New Mexico 87106 Phone: 1-505-338-6000 Email: kw...@teradactyl.com Web: http://www.teradactyl.com Providers of Scalable Backup Solutions for Unique Data Environments NOTICE TO RECIPIENTS: Any information contained in or attached to this message is intended solely for the use of the intended recipient(s). If you are not the intended recipient of this transmittal, you are hereby notified that you received this transmittal in error, and we request that you please delete and destroy all copies and attachments in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. Regular internet e-mail transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate, and it should not be relied upon as such. If you prefer to communicate with Teradactyl LLC. using secure (i.e., encrypted and/or digitally signed) e-mail transmission, please notify the sender. Otherwise, you will be deemed to have consented to communicate with Teradactyl via regular internet e-mail transmission. Please note that Teradactyl reserves the right to intercept, monitor, and retain all e-mail messages (including secure e-mail messages) sent to or from its systems as permitted by applicable law.
Re: [Dovecot] Protocol logging - TLS vs SSL
At 4PM -0500 on 26/02/13 you (Charles Marcus) wrote: > On 2013-02-26 3:59 PM, Ben Morrow wrote: > > At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote: > >> Now the only other question is, again already being contemplated by Timo > >> apparently, why the config file uses SSL... > > Why not? > > Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'? > > >> Timo, what I would suggest is allow the use of ssl in the config file > >> for backwards compat, but change future versions to use TLS... > > > I would be against that idea. > > My turn... why? I'm generally against gratuitous changes for no good reason. > >> I'm curious though... I'm fairly certain that my Android phone > >> differentiates between SSL and TLS, with choices something like: > >> > >> NONE > >> SSL if available > >> SSL Always > >> TLS if available > >> TLS Always > >> > >> And I always choose (chose - from now on I'll choose TLS) 'SSL Always', > >> so shouldn't these connections show 'SSL' instead of TLS, since I'm > >> basically forcing my phone to SSL? > > > I suspect the difference is that the 'SSL' options use imap-over-SSL on > > port 993 while the 'TLS' options use STARTTLS over port 143. > > Don't know how you or Reindl came to that conclusion, because the ports > are specified separately. > > So, I can specify port 993, and TLS. OK. What happens if you do that? Does the client start with an SSL ClientHello, or does it start by waiting for a plain-text OK IMAP response and then issuing CAPABILITY or STARTTLS in plain text? I suspect it does the latter, which will not work with any ordinarily- configured IMAP server (though of course it would be *possible* to configure Dovecot to support that). Ben
Re: [Dovecot] Protocol logging - TLS vs SSL
On Feb 26, 2013, at 4:12 PM, Reindl Harald wrote: > > > Am 26.02.2013 23:03, schrieb Charles Marcus: >> Question: can you use arbitrary ports for secure IMAP/POP/SMTP? I don't >> see why not. You can use arbitrary ports for secure http... > > you still refuse to understand the difference between STARTTLS > and SSL/TLS, we are speaking about 143/993 to not confuse > your ignorance by bliss more as it is already the case > *scribble scribble scribble* Can you two take it off list, for the love of FSM? Interesting that whenever I see dovecot@dovecot.org blowing up my inbox, one or both of you are always involved. -bdh
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 23:03, schrieb Charles Marcus: > Question: can you use arbitrary ports for secure IMAP/POP/SMTP? I don't > see why not. You can use arbitrary ports for secure http... you still refuse to understand the difference between STARTTLS and SSL/TLS, we are speaking about 143/993 to not confuse your ignorance by bliss more as it is already the case postfix example for port 465, YES YOU CAN sue any other of the 65535 BUT if you configure "smtpd_tls_wrappermode=yes" for smtp on port 25 you will never ever receive any ssl/tls encrypted message because it is NOT STARTTLS and and least posfix does not support tsl_wrappermode for smtp AKA outgoing mail http://www.postfix.org/TLS_README.html#client_tls > Although the Postfix SMTP client by itself doesn't support TLS wrapper > mode, it is relatively easy to forward a connection through the stunnel > program if Postfix needs to deliver mail to some legacy system that > doesn't support STARTTLS if you still refuse to understand the difference i fear nobody is able to help you on this world - people can write manpages for you but you have to read them by yur own smtps inet n - n - 20 smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_wrappermode=yes signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2/26/2013 3:38 PM, Charles Marcus wrote: > The native Android mail shows these choices: > > None > SSL > SSL (Accept all certificates) > TLS > TLS (Accept all certificates) This is just a dumbing-down of the terms for the mass market. Many end-user mail clients use these same terms, so at least they have a little consistency. In this case: SSL means wrapper mode TLS (not really SSL unless that's all the server supports) TLS means STARTTLS (can fall back to SSL if that's all the server supports) As you know, there are common ports for wrapper mode and STARTTLS, and they aren't compatible. The SSL/TLS designation, while not technically correct, is a convenient way to tell users which to pick without a long on-screen description. Anyone who's confused by this is trying too hard. It's really all TLS. -- Noel Jones
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:50 PM, Timo Sirainen wrote: Those aren't really about SSL/TLS either. The same choices in slightly better words are: * none * TLS on port 993 if available * TLS on port 993 always * STARTTLS on port 143 if available * STARTTLS on port 143 always Great... I guess its (the confusion) even worse than I thought. Thanks Timo, I'll bow out of this conversation now and just forget I asked the question... -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 4:26 PM, Reindl Harald wrote: Am 26.02.2013 22:19, schrieb Charles Marcus: On 2013-02-26 3:59 PM, Ben Morrow wrote: At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote: Now the only other question is, again already being contemplated by Timo apparently, why the config file uses SSL... Why not? Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'? and you still do not understand that it is the same I meant the new NAME. But obviously you're more interested in picking fights than having a conversation. Timo, what I would suggest is allow the use of ssl in the config file for backwards compat, but change future versions to use TLS... I would be against that idea. My turn... why? because it is a useless change which makes code complexer and more error proof Assuming you meant error-PRONE, that is ridiculous. Postfix does things like this all the time (implementing something new but maintaining the old way for backwards compat). If it is done right, it won't hurt a thing (and I think we all know timo knows how to do things right). And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so shouldn't these connections show 'SSL' instead of TLS, since I'm basically forcing my phone to SSL? I suspect the difference is that the 'SSL' options use imap-over-SSL on port 993 while the 'TLS' options use STARTTLS over port 143. Don't know how you or Reindl came to that conclusion, because the ports are specified separately. because if you would spend 10 seconds of your time with a default tunderbird setup you would see that STARTTLS is 143 and TLS/SSL is 993 because the port switchs with the dropdown change Yes, but again, they are independent, and you can change the port if you like. Question: can you use arbitrary ports for secure IMAP/POP/SMTP? I don't see why not. You can use arbitrary ports for secure http... -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 22:49, schrieb Reindl Harald: > Am 26.02.2013 22:38, schrieb Charles Marcus: >> On 2013-02-26 3:55 PM, Reindl Harald wrote: >>> TLS is practically the next SSL version after SSL 3.0 and internally SSL >>> 3.x, in fact it is only a wording issue >> >> Prove it and i prove it again http://www.freesoft.org/CIE/Topics/121.htm > TLS is documented in RFC 2246 and identifies itself > in the protocol version field as SSL 3.1 if you need more informations please consult google, RFC's and manpages, the dovecot list is simply the wrong place __ SSL Version 3, documented in an IETF draft, provides one of the most commonly available security mechanisms on the Internet. SSL stands for Secure Sockets Layer, though IETF has renamed it TLS (Transport Layer Security). TLS is documented in RFC 2246 and identifies itself in the protocol version field as SSL 3.1 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 22:41, schrieb Charles Marcus: > On 2013-02-26 3:58 PM, Reindl Harald wrote: >> and to make you completly weird >> >> dovecot, postfix and many others are using OpenSSL libraries >> which does oh wonder TLS while GnuTLS can do SSL as well > > Absolutely no idea what you said or meant here... if it is not the same why are doing GnuTLS and OpenSSL finnaly both? HMM - because TLS is SSL3.1 is the reason and in fact due development it was indeed called SSL3.1 before someone changed the name to TLS signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 22:38, schrieb Charles Marcus: > On 2013-02-26 3:55 PM, Reindl Harald wrote: >> TLS is practically the next SSL version after SSL 3.0 and internally SSL >> 3.x, in fact it is only a wording issue > > Prove it. dmaned i have proven it at least a hour ago read the first line of the follwoing link http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant to preclude interoperability between TLS 1.0 and SSL 3.0. " TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security. >> pfff >> >> SSL if available: use port 993 if available, but you may use 143 unecnrypted >> SSL Always: use always port 993 >> TLS if available: use STARTLS on 143 if available, but if not use no >> encryption >> TLS Always: use always STARTTLS on 143 > > pff yourself - in fact, I just visually confirmed... > The native Android mail shows these choices it does not interest rme what you have VISUALLY confirmed there are only two choices: * the client does show you bullshit because it is not his job to explain you the differences and it knows better than you that on 143 he has to use STARTTLS which he can not do on 993 * the client fails with STARTTLS on 993 or TLS/SSL on 143, the same for smpts/pop3s i guess he does the first of the two choices __ in fact 993 is SSL/TLS and NOT STARTTLS in fact 143 is unencrypted or STARTTLS try it out, configure postfix 587/465 the wrong way around and look what happens, or configure postfix to realy to a server via SSL on port 465 with doe snot support STARTLS and look what happens Google: "difference ssl starttls" http://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html here have you a real good explaination WHAT STARTTLS is and yes, in this context there is no difference between pop3/imap3/smtp http://www.postfix.org/CVE-2011-0411.html signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:58 PM, Reindl Harald wrote: and to make you completly weird dovecot, postfix and many others are using OpenSSL libraries which does oh wonder TLS while GnuTLS can do SSL as well Absolutely no idea what you said or meant here... -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:55 PM, Reindl Harald wrote: TLS is practically the next SSL version after SSL 3.0 and internally SSL 3.x, in fact it is only a wording issue Prove it. In fact, there is obviously plenty of confusion about it (based on just a few minutes of googling), but, I'm inclined to agree with you on this point. NONE SSL if available SSL Always TLS if available TLS Always pfff SSL if available: use port 993 if available, but you may use 143 unecnrypted SSL Always: use always port 993 TLS if available: use STARTLS on 143 if available, but if not use no encryption TLS Always: use always STARTTLS on 143 pff yourself - in fact, I just visually confirmed... The native Android mail shows these choices: None SSL SSL (Accept all certificates) TLS TLS (Accept all certificates) and the K-9 mail app shows these: None SSL (if available) SSL (always) TLS (if available) TLS (always) And again, the port is specified in its own box, so is *not* tied to one of these choices. If memory serves, the iPhone is similar (the port is totally separate from the security type). -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 22:19, schrieb Charles Marcus: > On 2013-02-26 3:59 PM, Ben Morrow wrote: >> At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote: >>> Now the only other question is, again already being contemplated by Timo >>> apparently, why the config file uses SSL... >> Why not? > > Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'? and you still do not understand that it is the same >>> Timo, what I would suggest is allow the use of ssl in the config file >>> for backwards compat, but change future versions to use TLS... > >> I would be against that idea. > > My turn... why? because it is a useless change which makes code complexer and more error proof >>> And I always choose (chose - from now on I'll choose TLS) 'SSL Always', >>> so shouldn't these connections show 'SSL' instead of TLS, since I'm >>> basically forcing my phone to SSL? > >> I suspect the difference is that the 'SSL' options use imap-over-SSL on >> port 993 while the 'TLS' options use STARTTLS over port 143. > > Don't know how you or Reindl came to that conclusion, because the ports are > specified separately. because if you would spend 10 seconds of your time with a default tunderbird setup you would see that STARTTLS is 143 and TLS/SSL is 993 because the port switchs with the dropdown change > So, I can specify port 993, and TLS. and if you specify STARTTLS on port 993 it would not work also SSL/TLS without STARTTLS on 143 would not work why? because 143 is STARTTLS (google) and 993 is SSL the same for SMTP STARTTLS: 25 or 587 (submission) SSL/TLS: 465 (deprecated and NOT STARTTLS) > Well, you're obviously right about it being confusing, and that in and of > itself is not a good thing... > Oh well, whatever, it isn't that big a deal... and that is why ANY touching of server source code is not worth signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:59 PM, Ben Morrow wrote: At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote: Now the only other question is, again already being contemplated by Timo apparently, why the config file uses SSL... Why not? Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'? Timo, what I would suggest is allow the use of ssl in the config file for backwards compat, but change future versions to use TLS... I would be against that idea. My turn... why? I'm curious though... I'm fairly certain that my Android phone differentiates between SSL and TLS, with choices something like: NONE SSL if available SSL Always TLS if available TLS Always And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so shouldn't these connections show 'SSL' instead of TLS, since I'm basically forcing my phone to SSL? I suspect the difference is that the 'SSL' options use imap-over-SSL on port 993 while the 'TLS' options use STARTTLS over port 143. Don't know how you or Reindl came to that conclusion, because the ports are specified separately. So, I can specify port 993, and TLS. The IETF caused completely unnecessary confusion by using 'TLS' to refer to two different things: a (backwards-compatible) minor revision of the SSL protocol itself, and a change in the recommended way of using it. Almost all SSL connections nowadays will be using SSL 3.2 or 3.3 (that is, the TLS 1.1 or 1.2 protocol), even imaps and https connections using the old-fashioned approach of using a different port dedicated to SSL connections. In principle there's no reason why an IMAP STARTTLS connection couldn't negotiate SSL 2.0, but that would be a bad idea since SSL 2.0 is known to be insecure. Well, you're obviously right about it being confusing, and that in and of itself is not a good thing... Oh well, whatever, it isn't that big a deal... -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote: > > Now the only other question is, again already being contemplated by Timo > apparently, why the config file uses SSL... Why not? > Timo, what I would suggest is allow the use of ssl in the config file > for backwards compat, but change future versions to use TLS... I would be against that idea. > I'm curious though... I'm fairly certain that my Android phone > differentiates between SSL and TLS, with choices something like: > > NONE > SSL if available > SSL Always > TLS if available > TLS Always > > And I always choose (chose - from now on I'll choose TLS) 'SSL Always', > so shouldn't these connections show 'SSL' instead of TLS, since I'm > basically forcing my phone to SSL? I suspect the difference is that the 'SSL' options use imap-over-SSL on port 993 while the 'TLS' options use STARTTLS over port 143. The IETF caused completely unnecessary confusion by using 'TLS' to refer to two different things: a (backwards-compatible) minor revision of the SSL protocol itself, and a change in the recommended way of using it. Almost all SSL connections nowadays will be using SSL 3.2 or 3.3 (that is, the TLS 1.1 or 1.2 protocol), even imaps and https connections using the old-fashioned approach of using a different port dedicated to SSL connections. In principle there's no reason why an IMAP STARTTLS connection couldn't negotiate SSL 2.0, but that would be a bad idea since SSL 2.0 is known to be insecure. Ben
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 21:55, schrieb Reindl Harald: > to show the ordinary user it is practically the same while STARTTLS > starts with a unencrypted connection to do a handshake > > and I imagine it is because TLS uses >> stronger encryption algorithms (which I just learned) that Dovecot uses it >> when given the choice > > bruahaha > > TLS is practically the next SSL version after SSL 3.0 > and internally SSL 3.x, in fact it is only a wording issue and to make you completly weird dovecot, postfix and many others are using OpenSSL libraries which does oh wonder TLS while GnuTLS can do SSL as well signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 21:46, schrieb Charles Marcus: > On 2013-02-26 3:22 PM, Reindl Harald wrote: >> ah so enlighten us about the big difference you see and what in SSL is not >> "transport layer security" >> http://msdn.microsoft.com/en-us/library/windows/desktop/aa380515%28v=vs.85%29.aspx >> TLS is a standard closely >> related to SSL 3.0, and is sometimes referred to as "SSL 3.1" > > Reindl, you really need to learn how not to be such a total ass you have no idea how i act if i want to be an ass > How precisely do you equate 'not *exactly* the same', and there is a 'big > difference'. > Again, there *is* a technical difference, albeit minor: > http://kb.iu.edu/data/anjv.html not really > Anyway, as usual, Timo is spot on... Thunderbird has the choice of 'SSL/TLS' to show the ordinary user it is practically the same while STARTTLS starts with a unencrypted connection to do a handshake and I imagine it is because TLS uses > stronger encryption algorithms (which I just learned) that Dovecot uses it > when given the choice. bruahaha TLS is practically the next SSL version after SSL 3.0 and internally SSL 3.x, in fact it is only a wording issue > NONE > SSL if available > SSL Always > TLS if available > TLS Always > > And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so > shouldn't these connections show 'SSL' > instead of TLS, since I'm basically forcing my phone to SSL? pfff SSL if available: use port 993 if available, but you may use 143 unecnrypted SSL Always: use always port 993 TLS if available: use STARTLS on 143 if available, but if not use no encryption TLS Always: use always STARTTLS on 143 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
On 26.2.2013, at 22.46, Charles Marcus wrote: > I'm curious though... I'm fairly certain that my Android phone differentiates > between SSL and TLS, with choices something like: > > NONE > SSL if available > SSL Always > TLS if available > TLS Always > > And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so > shouldn't these connections show 'SSL' instead of TLS, since I'm basically > forcing my phone to SSL? Those aren't really about SSL/TLS either. The same choices in slightly better words are: * none * TLS on port 993 if available * TLS on port 993 always * STARTTLS on port 143 if available * STARTTLS on port 143 always
Re: [Dovecot] Protocol logging - TLS vs SSL
At 9PM +0100 on 26/02/13 you (Reindl Harald) wrote: > > TLS is a standard closely related to SSL 3.0, and is sometimes > referred to as "SSL 3.1" More specifically, TLS x.y is just SSL (x+2).(y+1) with a completely unnecessary name and version change. For example, TLS 1.2 internally identifies itself as SSL 3.3. Ben
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:22 PM, Reindl Harald wrote: ah so enlighten us about the big difference you see and what in SSL is not "transport layer security" http://msdn.microsoft.com/en-us/library/windows/desktop/aa380515%28v=vs.85%29.aspx TLS is a standard closely related to SSL 3.0, and is sometimes referred to as "SSL 3.1" Reindl, you really need to learn how not to be such a total ass. How precisely do you equate 'not *exactly* the same', and there is a 'big difference'. Again, there *is* a technical difference, albeit minor: http://kb.iu.edu/data/anjv.html Anyway, as usual, Timo is spot on... Thunderbird has the choice of 'SSL/TLS', and I imagine it is because TLS uses stronger encryption algorithms (which I just learned) that Dovecot uses it when given the choice. Now the only other question is, again already being contemplated by Timo apparently, why the config file uses SSL... Timo, what I would suggest is allow the use of ssl in the config file for backwards compat, but change future versions to use TLS... I'm curious though... I'm fairly certain that my Android phone differentiates between SSL and TLS, with choices something like: NONE SSL if available SSL Always TLS if available TLS Always And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so shouldn't these connections show 'SSL' instead of TLS, since I'm basically forcing my phone to SSL? -- Best regards, */Charles/*
Re: [Dovecot] v2.2.rc2 released
On 26.02.2013, at 20:47, l...@airstreamcomm.net wrote: > On 2/26/13 10:10 AM, Timo Sirainen wrote: >> On 26.2.2013, at 17.58, l...@airstreamcomm.net wrote: >>> Thanks for the information Michael. >> You're missing: >> mail_plugins = notify replication > Thanks Timo that did the trick. Sorry, I did forget about including this information in my other mail :-( Regards, Michael
Re: [Dovecot] v2.2.beta2 released
On 26.2.2013, at 22.20, Michael Grimm wrote: > BUT: It look as if I haven't waited long enough for replication to become > finished, sorry :-( > > Actually, while going through all those files and writing this mail, all > missing messages appeared in my MUA, and I do find in both maillogs: > > @mx1: > | dovecot: dsync-local(test): Error: dsync(vm...@mx2.tld): I/O has stalled, > no activity for 600 seconds > | dovecot: dsync-local(test): Error: Remote command process isn't dying, > killing it > > @mx2: > | dovecot: dsync-local(test): Error: dsync(vm...@mx1.tld): I/O has stalled, > no activity for 600 seconds > | dovecot: dsync-local(test): Error: Remote command process isn't dying, > killing it Ah, this explains the behavior. I had hoped that with the redesign there was practically no way to cause this kind of I/O stalling. > Do you have any idea what I should do next? Send me the last rawlogs just before it stalls, from both servers? They should show what each side thought they sent to the other, and what the other really received, and from that I can hopefully find out more easily why it stalled.
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 21:18, schrieb Charles Marcus: > On 2013-02-26 3:09 PM, Reindl Harald wrote: >> Am 26.02.2013 21:05, schrieb Charles Marcus: >>> Why does it say 'TLS', when it technically (there is a difference after >>> all) should say 'SSL'? >>> Not a big deal, but it is just something I've been meaning to ask >> because it is practically the same? >> http://en.wikipedia.org/wiki/Transport_Layer_Security > > Practically - but not *exactly*, hence my use of the word 'technically'... > Maybe I'm picking nits, but that doesn't change the fact that they are *not* > exactly the same ah so enlighten us about the big difference you see and what in SSL is not "transport layer security" http://msdn.microsoft.com/en-us/library/windows/desktop/aa380515%28v=vs.85%29.aspx TLS is a standard closely related to SSL 3.0, and is sometimes referred to as "SSL 3.1" signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Protocol logging - TLS vs SSL
On 26.2.2013, at 22.18, Charles Marcus wrote: > On 2013-02-26 3:09 PM, Reindl Harald wrote: >> Am 26.02.2013 21:05, schrieb Charles Marcus: >>> Why does it say 'TLS', when it technically (there is a difference after >>> all) should say 'SSL'? >>> Not a big deal, but it is just something I've been meaning to ask >> because it is practically the same? >> http://en.wikipedia.org/wiki/Transport_Layer_Security > > Practically - but not *exactly*, hence my use of the word 'technically'... > > Maybe I'm picking nits, but that doesn't change the fact that they are *not* > exactly the same. Technically you're almost definitely using the TLS protocol (it has nothing to do with ports). http://wiki2.dovecot.org/SSL has some info about Dovecot's naming. (Of course, in Dovecot it's somewhat confusing since the config files use SSL but the logs use TLS.. uhm..)
Re: [Dovecot] v2.2.beta2 released
On 26.02.2013, at 10:55, Timo Sirainen wrote: > I can't reproduce this. Some interesting questions: > > * If you include hostname+counter in the message, what do the mailboxes look > like in the different sides? Did they skip over some numbers or did they both > stop at some specific remote counter and continue the local counters until > the end? (I am down with my tests to 100 messages injected at mx1 and mx2 simultaneously, and this is with Dovecot v2.2.rc1 (ef7eb84d9a3a)) Both inboxes contain all 100 messages injected at its injection site, meaning all 100 messages injected at mx1 show up at mx1's inbox, and all 100 messages injected at mx2 show up at mx2's inbox. The remaining few messages are those replicated, e.g. 22 injected at mx2 can be found in mx1's inbox, and 23 injected at mx1 can be found in mx2's inbox. Thus, replication stops early. > * Is it even trying to run doveadm sync commands at the end? (e.g. make > dsync_remote_cmd execute some wrapper script that logs something) Wrapper script shows 23 invocations at mx1 and mx2, each. > * If the doveadm syncs continue, try saving rawlogs from them to see what > they're doing (-r /tmp/rawlog parameter to doveadm dsync-server). I do have rawlogs, but I am helpless when it comes to their interpretation, though. :-( Perhaps of importance: | mx1> grep @test /tmp/rawlog | grep I: | wc | 22 881650 | mx1> grep @test /tmp/rawlog | grep O: | wc | 1 4 74 | mx2> grep @test /tmp/rawlog | grep I: | wc | 22 881628 | mx2> grep @test /tmp/rawlog | grep O: | wc | 0 0 0 BUT: It look as if I haven't waited long enough for replication to become finished, sorry :-( Actually, while going through all those files and writing this mail, all missing messages appeared in my MUA, and I do find in both maillogs: @mx1: | dovecot: dsync-local(test): Error: dsync(vm...@mx2.tld): I/O has stalled, no activity for 600 seconds | dovecot: dsync-local(test): Error: Remote command process isn't dying, killing it @mx2: | dovecot: dsync-local(test): Error: dsync(vm...@mx1.tld): I/O has stalled, no activity for 600 seconds | dovecot: dsync-local(test): Error: Remote command process isn't dying, killing it And in rawlog I do now find ... | mx1> grep @test /tmp/rawlog | grep I: | wc | 22 881650 | mx1> grep @test /tmp/rawlog | grep O: | wc | 1 4 74 | mx2> grep @test /tmp/rawlog | grep I: | wc | 99 3967326 | mx2> grep @test /tmp/rawlog | grep O: | wc | 78 3125850 ... thus, all mails became replicated after that 600 seconds timeout. But why do I run into timeouts when those mails become injected second by second, but not, if injected without waiting time? Do you have any idea what I should do next? Regards, Michael
Re: [Dovecot] Protocol logging - TLS vs SSL
On 2013-02-26 3:09 PM, Reindl Harald wrote: Am 26.02.2013 21:05, schrieb Charles Marcus: Why does it say 'TLS', when it technically (there is a difference after all) should say 'SSL'? Not a big deal, but it is just something I've been meaning to ask because it is practically the same? http://en.wikipedia.org/wiki/Transport_Layer_Security Practically - but not *exactly*, hence my use of the word 'technically'... Maybe I'm picking nits, but that doesn't change the fact that they are *not* exactly the same. -- Best regards, */Charles/*
Re: [Dovecot] Protocol logging - TLS vs SSL
Am 26.02.2013 21:05, schrieb Charles Marcus: > Why does it say 'TLS', when it technically (there is a difference after all) > should say 'SSL'? > Not a big deal, but it is just something I've been meaning to ask because it is practically the same? http://en.wikipedia.org/wiki/Transport_Layer_Security signature.asc Description: OpenPGP digital signature
[Dovecot] Protocol logging - TLS vs SSL
Hi all, Ok, I have: login_log_format_elements = user=<%u> method=%m rip=%r lport=%{lport} mpid=%e %c session=<%{session}> We only allow inbound IMAP, and only SSL on port 993. Looking at the logs, %c is obviously the encryption type, but... Why does it say 'TLS', when it technically (there is a difference after all) should say 'SSL'? Not a big deal, but it is just something I've been meaning to ask. -- Best regards, */Charles/*
Re: [Dovecot] v2.2.rc2 released
On 2/26/13 10:10 AM, Timo Sirainen wrote: On 26.2.2013, at 17.58, l...@airstreamcomm.net wrote: Thanks for the information Michael. I must be configuring this incorrectly as the replication is not occurring when messages are being delivered via LMTP in my setup. When I restart dovecot the messages are synced immediately, but not on delivery. Here is my config: You're missing: mail_plugins = notify replication Thanks Timo that did the trick. Now say I have two clusters of dovecot servers in disparate data centers, each cluster has four nodes with shared NFS storage. Would I be able to configure dsync replication so that messages hitting any server in either cluster would be replicated accordingly to the remote data center?
Re: [Dovecot] Dict quota timeout error: Has anything changed in the latest versions?
On 26.2.2013, at 18.40, Alessio Cecchi wrote: >> I don't see any recent changes in this code, so I think it has been broken >> for a long time. Anyway, this fixes it: >> http://hg.dovecot.org/dovecot-2.1/rev/225c64ed0439 >> > > Thanks Timo, > > I don't know if you read my email on ML about 2.2rc, but this bug is present > also on it. > > Remember to fix it ;-) This patch is in 2.2.rc1.
Re: [Dovecot] Dict quota timeout error: Has anything changed in the latest versions?
Il 22/02/2013 12:52, Timo Sirainen ha scritto: On 12.2.2013, at 12.34, Alessio Cecchi wrote: Since dovecot 2.1.10-13 (but perhaps even before) when a new user log in via POP/IMAP or receive an email for the first time dovecot created the entry for the users in the table "quota" of dovecot database with quota usage and number of messages (before of this login/delivery the user has no entry in the quota table of dovecot DB). After the update to 2.1.14 when a new user login or receive an email for the first time dovecot was unable to create (immediately) the entry in quota table and in the log print these errors: Feb 12 11:05:41 pop3(ales...@domain.com): Error: read(/usr/local/dovecot-2.1/var/run/dovecot/dict) failed: Timeout after 30 seconds I don't see any recent changes in this code, so I think it has been broken for a long time. Anyway, this fixes it: http://hg.dovecot.org/dovecot-2.1/rev/225c64ed0439 Thanks Timo, I don't know if you read my email on ML about 2.2rc, but this bug is present also on it. Remember to fix it ;-) -- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: [Dovecot] v2.2.rc2 released
On 26.2.2013, at 17.58, l...@airstreamcomm.net wrote: > Thanks for the information Michael. I must be configuring this incorrectly > as the replication is not occurring when messages are being delivered via > LMTP in my setup. When I restart dovecot the messages are synced > immediately, but not on delivery. > > Here is my config: You're missing: mail_plugins = notify replication
Re: [Dovecot] v2.2.rc2 released
On 2/26/13 12:56 AM, Michael Grimm wrote: On 2013-02-25 22:57, l...@airstreamcomm.net wrote: Trying the dsync replication for the first time, and I am confused as to the intended purpose of the replication service. Is the dsync replication meant to replicate mails immediately upon submission to lmtp/lda and on change via IMAP/POP3, Yes. or is the replication_full_sync_interval the only configurable for determining when the replication will occur? No. Timo, correct me if I am mistaken, but that keyword will tell the replication system when to apply a "dsync -f" aka running in "full sync mode" at latest. Maybe a better question is there any documentation on dsync replication (could not find any)? http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html http://www.dovecot.org/img/dsync-director-replication-ssh.png http://www.dovecot.org/img/dsync-director-replication.png http://www.google.com/url?sa=t&rct=j&q=&source=web&cd=1&cad=rja&ved=0CDMQFjAA&url=http%3A%2F%2Fwww.linuxtag.org%2F2012%2Ffileadmin%2Fwww.linuxtag.org%2Fslides%2FTimo%2520Sirainen%2520-%2520What_s%2520new%2520in%2520Dovecot_.p269.pdf&ei=N1csUcqsLoTJsgbKuYD4CQ&usg=AFQjCNGoN4PBs-8lVYy1Gi_Dor03-n5tfQ&bvm=bv.42965579,d.Yms (Sorry for the long link) HTH, Michael Thanks for the information Michael. I must be configuring this incorrectly as the replication is not occurring when messages are being delivered via LMTP in my setup. When I restart dovecot the messages are synced immediately, but not on delivery. Here is my config: # 2.2.rc2: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_verbose = yes mail_debug = yes mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_replica = remote:vm...@mail2.clustertest.air replication_full_sync_interval = 1 hours } postmaster_address = r...@clustertest.air service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener auth-userdb { mode = 0777 } } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service lmtp { process_min_avail = 20 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service replicator { process_min_avail = 1 } ssl_cert =
[Dovecot] (no subject)
I've run into a problem with `doveadm backup` (2.2 rc2 and 20130226) I did not notice in 2.1.15 doveadm backup [-Dv] -R -u cyrte...@iai.uni-bonn.de -m INBOX imapc: => crashes (signal 6 with acl plugin configured, sig 11 without acl) If this is considered a bug (not just because of the crash but in the meaning of "my configuration should work") it would be great if it could be fixed.;-) If I can provide more detail (log, gdb bt full and doveconf -n follow the next paragraph) or test something I would be happy to to so. As I'm planning dsync replication of the two backends I thought it would be better to start things with the upcoming new dovecot 2.2 (dsync protocol) instead of 2.1.15. (?!) --- first some information about what I'm trying to do --- We want to replace our single cyrus 2.4 server with two backend servers (separate storage and all user mailboxes etc. each) Even if cyrus-to-cyrus should be much easier _and_ time is slipping away I want to take this one opportunity to switch to dovecot if possible. - Thank you very much for your great work on dovecot and all the efforts! - We want the IMAP clients to continue using their folders/messages etc so I want to reproduce the "cyrus structure" we are using for the last 14 years: - own user folders: INBOX and INBOX.subfolder ... - (if possible: other user folders: user.otheruser...) - converting as much as possible of existing data To get the folders/messages into the new dovecot server(s) I'm thinking about some repeated "doveadm mirror / backup -R ... imapc:" runs while the cyrus server is still in use. The first sync run will take several days but a few more and the time will be short enough to do the complete switch-over w/o surprises. Insertion: I played with 2.1.15 and namespaces but maybe I did not understand this well enough: doveadm backup -R -u userx [w or w/o -m INBOX and/or -n INBOX] imapc: => if cyrus userx has permissions on other users mailboxes these folders are also copied. ... copied _into_ the INBOX of (dovecot) userx. I too got the known problems with INBOX.INBOX. paths. I changed dsync-brain.c sources to skip "^user." folders and to cut the additional "INBOX." => seems okay... messages (only the expected) got transferred! --- To see if things still work as with 2.1.15 (no dsync source modification!) I did (as before with 2.1.15): doveadm backup [-Dv] -R -u cyrte...@iai.uni-bonn.de -m INBOX imapc: => but it crashes (signal 6) doveadm(cyrte...@iai.uni-bonn.de): Debug: auth input: cyrte...@iai.uni-bonn.de master_user=cyrte...@iai.uni-bonn.de quota_rule=*:storage=512M uid=13004 gid=13004 home=/m/d/user/iai.uni-bonn.de/cyrtest1 doveadm(cyrte...@iai.uni-bonn.de): Debug: Added userdb setting: plugin/master_user=cyrte...@iai.uni-bonn.de doveadm(cyrte...@iai.uni-bonn.de): Debug: Added userdb setting: plugin/quota_rule=*:storage=512M doveadm(cyrte...@iai.uni-bonn.de): Debug: Effective uid=13004, gid=13004, home=/m/d/user/iai.uni-bonn.de/cyrtest1 doveadm(cyrte...@iai.uni-bonn.de): Debug: Namespace : type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=sdbox:/m/d/imap/mbox/iai.uni-bonn.de/cyrtest1:INDEX=/m/d/imap/meta/iai.uni-bonn.de/cyrtest1:MAILBOXDIR=mailboxes/ doveadm(cyrte...@iai.uni-bonn.de): Debug: fs: root=/m/d/imap/mbox/iai.uni-bonn.de/cyrtest1, index=/m/d/imap/meta/iai.uni-bonn.de/cyrtest1, indexpvt=, control=, inbox=, alt= doveadm(cyrte...@iai.uni-bonn.de): Debug: acl: initializing backend with data: vfile:/m/d/etc/acl:cache_secs=300 doveadm(cyrte...@iai.uni-bonn.de): Debug: acl: acl username = cyrte...@iai.uni-bonn.de doveadm(cyrte...@iai.uni-bonn.de): Debug: acl: owner = 1 doveadm(cyrte...@iai.uni-bonn.de): Debug: acl vfile: Global ACL directory: /m/d/etc/acl doveadm(cyrte...@iai.uni-bonn.de): Debug: acl vfile: reading file /m/d/etc/acl//.DEFAULT doveadm(cyrte...@iai.uni-bonn.de): Debug: acl vfile: file /m/d/imap/mbox/iai.uni-bonn.de/cyrtest1/mailboxes/dovecot-acl not found doveadm(cyrte...@iai.uni-bonn.de): Debug: Namespace : Using permissions from /m/d/imap/mbox/iai.uni-bonn.de/cyrtest1: mode=0700 gid=default doveadm(cyrte...@iai.uni-bonn.de): Debug: acl vfile: file /m/d/etc/acl/INBOX not found doveadm(cyrte...@iai.uni-bonn.de): Debug: acl vfile: file /m/d/imap/mbox/iai.uni-bonn.de/cyrtest1/mailboxes/INBOX/dbox-Mails/dovecot-acl not found dsync(cyrte...@iai.uni-bonn.de): Debug: Effective uid=13004, gid=13004, home=/m/d/user/iai.uni-bonn.de/cyrtest1 dsync(cyrte...@iai.uni-bonn.de): Debug: Namespace : type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=imapc: dsync(cyrte...@iai.uni-bonn.de): Debug: imapc: root=, index=, indexpvt=, control=, inbox=, alt= dsync(cyrte...@iai.uni-bonn.de): Debug:
Re: [Dovecot] Sieve filters on folders, different from INBOX
Am 26.02.2013 15:40, schrieb Valery V. Sedletski: > > > > >> Original Message >> From: Robert Schetterer >> To: dovecot@dovecot.org >> Sent: Вт, Фев 26, 2013, 5:55 PM >> Subject: Re: [Dovecot] Sieve filters on folders, different from INBOX >> >> Am 26.02.2013 14:20, schrieb Valery V. Sedletski: >>> Hi all >>> >>> Is it possible to configure Dovecot's sieve plugin to act on message >>> arrival to folders, other than INBOX? >> >> sieve is invoked by lda or lmtp not "as arrive in inbox" >> >> >>> I wish to move messages fetched by pop3 fetcher to special folder, or sort >> >> if you use i.e getmail and maildir it may possible >> >> look >> >> http://pyropus.ca/software/getmail/getmailrc-examples > > I use mpop with a shell wrapper script. The fetcher is working on IMAP server > side (not on user > side, as usual). So, it is used to pull email from several POP3 servers to > our IMAP server. The mail is > stored in Maildir++ format. Yes, it is possible to configure fetcher to sort > messages to folders by its own means, > but I'd like to implement the mail sorting by means of Sieve filters. The > user can easy configure > filters in webmail interface, then it work with any IMAP client, because it > is done on IMAP server side. > > So, if sieve is invoked by lda, then, probably, I could invoke dovecot-lda > from wrapper script on each mail > after it is fetched? with getmail [destination] type = MDA_external path = /usr/lib/dovecot/deliver But then it will be copied to INBOX... -- Is it possible to specify the other folder to deliver to, > to the deliver program? the sieve filter invoked bx deliver does it, i.e rule if header :contains ... fileinto :create "folder" or whatever > >> >>> outgoing mail to folders, specific >> >> outgoing mail is smtp, with i.e imap copy to sent folder etc >> if you want other folders your imap client should do it >> > > So, I can invoke Sieve interpreter from SMTP server, or process it via > dovecot-lda, like in fetcher case? in general ,i dont think so , there may be some workaround with server bcc_copy and i.e plus adressing with sieve then for "sent" mail > >> >> try i.e >> >> https://addons.mozilla.org/de/thunderbird/addon/send-filter/?src=search >> >> >>> to their recipients. >>> >>> Thanhs in advance, >> >> i guess what you want in gneral ,is more advanced ( new ) handling >> of mail workflow at all, look at list archives for more info on >> some stuff you asked, some may work in the future with new features in >> imap and sieve, but meanwhile you have to workaround >> > > I used such features with my old POP3 client (it was the good old PMMail in > OS/2). But it > worked on POP3 client side, with local folders. It seemed to be not very > advanced, but I just > got a case to implement the same with Dovecot and Exim :) your talking about different things, there is a lot you can do with allready downloaded mail or at "internal" mailservices which may not make sense in "online" mailservers > >>> >>> WBR, >>> valery >>> >>> >>> >> >> >> >> Best Regards >> MfG Robert Schetterer >> >> -- >> [*] sys4 AG >> >> http://sys4.de, +49 (89) 30 90 46 64 >> Franziskanerstraße 15, 81669 München >> >> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer >> Aufsichtsratsvorsitzender: Joerg Heidrich > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Imap-login service count/limits
On Tue, Feb 26, 2013 at 02:04:07PM +0100, Thomas Hummel wrote: > Besides, why would [...] I think I get it, I might have been confused by the term "unlimited" in "the only useful values are 0 (unlimited)" in the sample config file comment. As I see it now : - service_count = 0 : . number of connections is not "unlimited" but limited by client_limit (or default_client_limit) for each imap-login process first and then by process_limit (or default_process_limit) . since only when client_limit is reached a new imap-login is forked (in the limit of process_limit), pre-forking process_min_avail load-balance the work across all CPUs instead of staying on a single CPU until client_limit is reached. - service_count = 1 . client_limit has no effect since 1 connection <-> 1 process . pre-forking process_min_avail avoid the fork-exec overhead/latency Is this correct now ? Thanks -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure
Re: [Dovecot] Sieve filters on folders, different from INBOX
> Original Message >From: Robert Schetterer >To: dovecot@dovecot.org >Sent: Вт, Фев 26, 2013, 5:55 PM >Subject: Re: [Dovecot] Sieve filters on folders, different from INBOX > >Am 26.02.2013 14:20, schrieb Valery V. Sedletski: >> Hi all >> >> Is it possible to configure Dovecot's sieve plugin to act on message >> arrival to folders, other than INBOX? > >sieve is invoked by lda or lmtp not "as arrive in inbox" > > >> I wish to move messages fetched by pop3 fetcher to special folder, or sort > >if you use i.e getmail and maildir it may possible > >look > >http://pyropus.ca/software/getmail/getmailrc-examples I use mpop with a shell wrapper script. The fetcher is working on IMAP server side (not on user side, as usual). So, it is used to pull email from several POP3 servers to our IMAP server. The mail is stored in Maildir++ format. Yes, it is possible to configure fetcher to sort messages to folders by its own means, but I'd like to implement the mail sorting by means of Sieve filters. The user can easy configure filters in webmail interface, then it work with any IMAP client, because it is done on IMAP server side. So, if sieve is invoked by lda, then, probably, I could invoke dovecot-lda from wrapper script on each mail after it is fetched? But then it will be copied to INBOX... -- Is it possible to specify the other folder to deliver to, to the deliver program? > >> outgoing mail to folders, specific > >outgoing mail is smtp, with i.e imap copy to sent folder etc >if you want other folders your imap client should do it > So, I can invoke Sieve interpreter from SMTP server, or process it via dovecot-lda, like in fetcher case? > >try i.e > >https://addons.mozilla.org/de/thunderbird/addon/send-filter/?src=search > > >> to their recipients. >> >> Thanhs in advance, > >i guess what you want in gneral ,is more advanced ( new ) handling >of mail workflow at all, look at list archives for more info on >some stuff you asked, some may work in the future with new features in >imap and sieve, but meanwhile you have to workaround > I used such features with my old POP3 client (it was the good old PMMail in OS/2). But it worked on POP3 client side, with local folders. It seemed to be not very advanced, but I just got a case to implement the same with Dovecot and Exim :) >> >> WBR, >> valery >> >> >> > > > >Best Regards >MfG Robert Schetterer > >-- >[*] sys4 AG > >http://sys4.de, +49 (89) 30 90 46 64 >Franziskanerstraße 15, 81669 München > >Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 >Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer >Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Sieve filters on folders, different from INBOX
Am 26.02.2013 14:20, schrieb Valery V. Sedletski: > Hi all > > Is it possible to configure Dovecot's sieve plugin to act on message > arrival to folders, other than INBOX? sieve is invoked by lda or lmtp not "as arrive in inbox" > I wish to move messages fetched by pop3 fetcher to special folder, or sort if you use i.e getmail and maildir it may possible look http://pyropus.ca/software/getmail/getmailrc-examples > outgoing mail to folders, specific outgoing mail is smtp, with i.e imap copy to sent folder etc if you want other folders your imap client should do it try i.e https://addons.mozilla.org/de/thunderbird/addon/send-filter/?src=search > to their recipients. > > Thanhs in advance, i guess what you want in gneral ,is more advanced ( new ) handling of mail workflow at all, look at list archives for more info on some stuff you asked, some may work in the future with new features in imap and sieve, but meanwhile you have to workaround > > WBR, > valery > > > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Suggestions for upgrading dovecot 1.0.7 Redhat EL 5.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 26 Feb 2013, Götz Reinicke - IT Koordinator wrote: we still have our solid rock dovecot 1.0.7 Redhat el 5.x up and running. We don't need much magic or special setups. The configuration has been split up since v1.0, but you can grep through the files and find the spots easily. Also, if you didn't changed much in v1.0 (that is how I understand your "don't need much magic or special setups"), the chances are good, that you'll not change much in v2.1 or v2.2. However we'd like to think what might be the next step in upgrading our setup. Each user one mbox mailbox. About 500 imap/pop3 accounts, 400GB data. First of all: to what version is a good step from 1.0? I would setup a Dovecot v2.2 server, it's RC2, but Dovecot is usually more stable than other software ... . However, I would install the whole server anew, no automatic upgrade or whatsoever. Dose anyone has any experiences in doing such a "big" step forward? I have upgraded a v1.0 to v2.1 now. No big deal from Dovecot. Can we get a rpm from e.g. atrpms repository? Ah, OK, then use the most current version available :-) I build Dovecot from source. Or should we think of migrating to a total updated Redhat EL 6.x / Dovecot 2.0.x system? I don't know Redhat, but it seems to be wise to upgrade. What's the "Known Bug List" or "Known Security Holes" in Redhat EL 5.x? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUSy9Gl3r2wJMiz2NAQLjEQf+Ju37uRQ7FCM+F9yjS3vOqJIZeFF7HEvZ UvDQjWkb1B7hJcfBOSP/TtsdI2BBiEeUzs1m+1QC4oxiz5Dy3ids1AAl7adhqm1e o83YfpQVIBdITF51myq6PLLD8+AwmaNIcTadURPBOrM+ZpOmCn9k433QVmhR6HL5 3xgIHoqGzEz9TbFnGji5iZ8XrwvypJgP50tASPn6INXywKJ0qOUCd/ZeuupJs4dt tYLdZEOHwUs5L77gvANDn/uXB7Yyho4ovtapEsrCeRhDKriABzkuwySGWuB5OHZ9 bhwqU6/lF8gAr/l1kCjiavht+tMQT/lnNMWdUfMTsUBT3rwm/usVnw== =hL5a -END PGP SIGNATURE-
Re: [Dovecot] lmtp problem with wrong index path
I managed to reproduce the problem, but it required sending 1000 mails with multiple recipients. In every case I checked, the wrong index path is indeed the first RCPT TO's in that session. However it doesn't happen to all other recipients in the session, nor to the same one each time. In any case since the mail get delivered to the correct mbox and you say that the errors are unnecessary we can essentially consider it case closed. I've got another question about the directors though and what you mentioned in your earlier mail that we can set mail_nfs_index=no and mail_nfs_storage=no. I've noticed that our directors point to different backends if the user logins as "user" vs "user@domain" and as a result there are users ending up in more than one server (several of them use just their username in one client and the full user@domain in another and vice versa). Up till now we didn't think much about it because it's not that common. Our directors have the following config : userdb { driver = static args = proxy=y nopassword=y } We tried changing that to ldap with the same config you posted but it doesn't change anything. I presume it can be configured and we're just missing something ? Dimos Alevizos Original Message Subject: Re: [Dovecot] lmtp problem with wrong index path From: Timo Sirainen Date: 26/02/2013 09:17 πμ Here's a guess: Try sending the same mail to two users, so that LMTP gets two RCPT TOs in the same session. You'll probably now see the error? LMTP always delivers the mail to the first user. Then it tries to copy the first mail to the second user, because in some setups this can be done using hard links. With mbox that of course doesn't work, but looks like instead of failing silently it logs an error. So everything is working as it should, except there are these unnecessary errors logged. I'll see about getting rid of them.
[Dovecot] Sieve filters on folders, different from INBOX
Hi all Is it possible to configure Dovecot's sieve plugin to act on message arrival to folders, other than INBOX? I wish to move messages fetched by pop3 fetcher to special folder, or sort outgoing mail to folders, specific to their recipients. Thanhs in advance, WBR, valery
Re: [Dovecot] Imap-login service count/limits
On Tue, Feb 26, 2013 at 11:08:18AM +0100, Thomas Hummel wrote: > -> Does it make sense Sorry, I was unclear. Let me rephrase : from my understanding of the doc, process_min_avail seems to have a slightly different behavior depending of if service_count is 1 or 0. Is it correct ? The doc states that process_min_avail in the case of service_count = 1 is used to avoid latency and in the case of service_count = 0 to make sure not only the one imap-login is used (if below the client_limit threshold). Why would it make no sense to set (service_count=0) process_min_avail > number of cpu ? Because there is no fork/exec of another imap-login latency ? Besides, why would process_limit be reached since service_count=0 means that this one imap-login process handles an unlimited number of connections ? Thanks -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure
Re: [Dovecot] Deleted / read mails show up as new on remote imap clients
On 2013-02-25 5:02 PM, Daniel Parthey wrote: Charles Marcus wrote: On 2013-02-24 1:23 PM, Daniel Parthey wrote: protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep } Did you try these one at a time? Meaning, were both required to solve the problem? No. I just added tb-extra-mailbox-sep and this did the trick. The workaround for delay-newmail had already been set before. Ok, thanks... Also, what version of Thunderbird do either/both of you have? 10.0.12 Ummm... even the ESR is already at 17.0.3... why stuck in the stone age? -- Best regards, */Charles/*
[Dovecot] Can't access to shared mailbox
Hello, I have a user sharing a folder to me (and other users). This has worked for me for a time. And it is still working for some users, but not for me. I'm using thunderbird (17.0.3, ubuntu 12.04 package). My server is dovecot 2.1.9 (it's the same since it works). The user sharing its mailbox is: $ sudo doveadm user t userdb: t home : /home/generica/02/001002 uid : 1002 he is sharing its mailbox "cron". This is its dovecot-acl: root@myotis31:/home/generica/02/001002/Maildir# cat dovecot-acl user= kxeilprwts user= kxeilprwts user= kxeilprwts user= kxeilprwts user= kxeilprwts user= kxeilprwts user= kxeilprwts I can subscribe to this folder: # sudo doveadm mailbox subscribe -u shared.t.cron # sudo doveadm mailbox list -u -s INBOX ... ... shared.t.cron but when I try to access to this folder through thunderbird (what I really do in TB is subscribe/unsubscribe to it, because it is not actually listed in the folder list), I get: Feb 26 13:35:03 myotis32 dovecot: imap(): Error: Couldn't create namespace 'shared.' for user shared: userdb didn't return a home directory, but plugin setting quota used it (%h): dict:User quota::file:%h/Maildir/dovecot.quota With doveadm commands I can access to the shared folder from my user (not the user sharing): $ sudo doveadm search -u mailbox shared.t.cron | wc -l 652 Other users can use this shared folder without any (apparent) problem. I have attached my doveconf -n. Any idea? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337 # 2.1.9: /etc/dovecot/dovecot.conf # OS: Linux 3.2.19um1 x86_64 Ubuntu 12.04.2 LTS auth_cache_size = 20 M auth_cache_ttl = 1 days auth_master_user_separator = * auth_verbose = yes default_process_limit = 1024 disable_plaintext_auth = no log_timestamp = %Y-%m-%d %H:%M:%S login_trusted_networks = 155.54.211.176/28 mail_access_groups = vmail mail_gid = vmail mail_location = maildir:~/Maildir:INDEX=/var/indexes/%2Ln/%Ln mail_plugins = quota zlib lazy_expunge acl mail_privileged_group = mail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mdbox_rotate_size = 20 M namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes list = no location = maildir:~/Maildir/expunged prefix = BORRADOS. separator = . } namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = session=yes cache_key=%Ln dovecot driver = pam } plugin { acl = vfile lazy_expunge = BORRADOS. quota = dict:User quota::file:%h/Maildir/dovecot.quota quota_rule = *:storage=10G quota_rule2 = Trash:storage=+1G sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_redirects = 15 zlib_save = gz zlib_save_level = 6 } postmaster_address = postmas...@um.es protocols = imap pop3 lmtp sieve service anvil { client_limit = 3075 } service auth { client_limit = 4096 unix_listener auth-userdb { mode = 0777 } } service doveadm { inet_listener { port = 24245 } } service imap { process_limit = 5120 process_min_avail = 6 vsz_limit = 512 M } service ipc { unix_listener ipc { user = dovecot } } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 10 vsz_limit = 512 M } service pop3 { process_min_avail = 6 } ssl = no ssl_cert =
[Dovecot] 2.2.rc2: problem with acl_shared_dict
Hello, 2.2.rc2, configuration as before: acl_shared_dict=file:... The contents of this file is used for e.g. LISTing shared mailboxes. But even with file and directory beeing world writable, it's not written into on SETACL commands. Instead, at least sometimes (it seems to make a difference if GETACL is used before in the session) the imap process crashes on SETACL or DELETEACL. Feb 26 00:31:52 host dovecot: imap(13373, user) K64y8ZTWOgB/AAAB: Fatal: master: service(imap): child 13373 killed with signal 11 (core dumps disabled) Anything to do for further debugging? Working correctly with 2.1.15. Greetings, Lutz
[Dovecot] Suggestions for upgrading dovecot 1.0.7 Redhat EL 5.x
Hi, we still have our solid rock dovecot 1.0.7 Redhat el 5.x up and running. We don't need much magic or special setups. However we'd like to think what might be the next step in upgrading our setup. Each user one mbox mailbox. About 500 imap/pop3 accounts, 400GB data. First of all: to what version is a good step from 1.0? Can we get a rpm from e.g. atrpms repository? Dose anyone has any experiences in doing such a "big" step forward? Or should we think of migrating to a total updated Redhat EL 6.x / Dovecot 2.0.x system? Any suggestions and comments are welcome. Regards . G. Reinicke -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [Dovecot] v2.2.beta2 released
On 2013-02-26 10:55, Timo Sirainen wrote: On 25.2.2013, at 17.38, Michael Grimm wrote: Yes. I would expect 400 messages at every inbox, but normally I do end up with around 270 in an inbox, and both inboxes do show slightly different numbers (e.g. 245 and 297). (Looks like stopping.) I can't reproduce this. Some interesting questions: * If you include hostname+counter in the message, what do the mailboxes look like in the different sides? Did they skip over some numbers or did they both stop at some specific remote counter and continue the local counters until the end? * Is it even trying to run doveadm sync commands at the end? (e.g. make dsync_remote_cmd execute some wrapper script that logs something) * If the doveadm syncs continue, try saving rawlogs from them to see what they're doing (-r /tmp/rawlog parameter to doveadm dsync-server). I will investigate this further, but that will take some time. I did repeat this test appr. 10 times, always the same. Restarting both dovecot servers or running "doveadm dsync -d -l 30 -u test -f" leads to an instantaneous appearence of all 400 messages in every inbox. It probably works even without -f parameter? In the meantime I can confirm that it will work without that parameter as well. Thanks and regards, Michael
Re: [Dovecot] Broken foldernames in mbox
On 26.2.2013, at 12.08, Peer Heinlein wrote: > I have a mbox-User with some crazy foldernames: > > -rw--- 1 vmail vmail 19238931 17. Dez 2011 Foo & Co > -rw--- 1 vmail vmail 82415 19. Nov 22:06 Foo &- Co > > Dovecot can't handle that correctly: > > # dovecot mailbox list -u user > Foo & Co > Foo & Co > > dsyncing those folders produces some errors: > > dsync(awad): Error: Mailboxes don't have unique GUIDs: > 228d0731cb186750e915a69b85fa is shared by Foo & Co and Foo & Co I remember looking at that earlier and deciding that it's not really fixable without adding a lot of code complexity. Create a script to fix the mailbox names before running dsync. (doveadm mailbox mutf7 is helpful for checking validity).
[Dovecot] Broken foldernames in mbox
I have a mbox-User with some crazy foldernames: -rw--- 1 vmail vmail 19238931 17. Dez 2011 Foo & Co -rw--- 1 vmail vmail 82415 19. Nov 22:06 Foo &- Co Dovecot can't handle that correctly: # dovecot mailbox list -u user Foo & Co Foo & Co dsyncing those folders produces some errors: dsync(awad): Error: Mailboxes don't have unique GUIDs: 228d0731cb186750e915a69b85fa is shared by Foo & Co and Foo & Co Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
[Dovecot] Imap-login service count/limits
Hello Timo, I'm trying to configure dovecot-2.1.15 master correctly regarding imap-login limits. I want to use service_count=0 and I'm starting with something like this : #default_process_limit = 100 #default_client_limit = 1000 service imap-login { [...] service_count = 0 process_min_avail = 8 vsz_limit = 1024M } -> Does it make sense to set a process_limit if service_count = 0 ? why ? Doesn't service_count = 0 mean that no additionnal imap-login process would be created (except for process_min_avail) ? -> Does it make sense to set process_min_avail <> 0 if service_count = 0 ? why ? and if yes, what's the rule of thumb to find the correct value according to the number of connections estimation ? -> Assuming every client is configured to use STARTTLS and opens by default 5 imap connections, each client would consume 5 of the 1000 default_client_limit, right ? -> is 1024M too high for vsz_limit and may expose to memory leaks ? In other words, what limit should be raised to scale a lot a connections ? Thanks -- Thomas Hummel | Institut Pasteur | Groupe Exploitation et Infrastructure
Re: [Dovecot] v2.2.beta2 released
On 25.2.2013, at 17.38, Michael Grimm wrote: > On 2013-02-25 15:58, Timo Sirainen wrote: >> On 21.2.2013, at 22.12, Michael Grimm wrote: > >>> Whenever I do run those tests with a delay of 1 second between every >>> injection, I do observe, that not all mails injected become visible in my >>> MUAs (Mail.app and Roundcube), immediately. All "get new mail" >>> functionality or MUA restarts fails to fetch those missing messages from >>> both servers. >> So .. what exactly do you mean by this? That in both servers you run >> a script that delivers a mail once per second to the same user? > > Yes. In my tests I do inject 200 messages at every server simultaneously with > a delay of 1 second. > >> And at some point the replication just stops replicating those mails >> to the other server? > > Yes. I would expect 400 messages at every inbox, but normally I do end up > with around 270 in an inbox, and both inboxes do show slightly different > numbers (e.g. 245 and 297). (Looks like stopping.) I can't reproduce this. Some interesting questions: * If you include hostname+counter in the message, what do the mailboxes look like in the different sides? Did they skip over some numbers or did they both stop at some specific remote counter and continue the local counters until the end? * Is it even trying to run doveadm sync commands at the end? (e.g. make dsync_remote_cmd execute some wrapper script that logs something) * If the doveadm syncs continue, try saving rawlogs from them to see what they're doing (-r /tmp/rawlog parameter to doveadm dsync-server). > I did repeat this test appr. 10 times, always the same. Restarting both > dovecot servers or running "doveadm dsync -d -l 30 -u test -f" leads to an > instantaneous appearence of all 400 messages in every inbox. It probably works even without -f parameter?
Re: [Dovecot] dsync can't sync mbox2mdbox two times
Am 26.02.2013 10:14, schrieb Peer Heinlein: Hi, > root@mailstore1:/srv/vmail/cklein# doveadm -v -o mail_plugins=zlib sync > -u cklein mdbox:/srv/vmail/cklein/mdbox > dsync(cklein): Error: Can't rename mailbox inbox to INBOX: Target > mailbox already exists Looks like the sync's working without problems anyway, so the error is the error :-) Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
[Dovecot] dsync can't sync mbox2mdbox two times
Hi, I have a server with Dovecot 2.1.x and I'm trying to convert mbox-storages to mdbox-storages. # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 mail_location = mbox:~/mail During the first run everything's okay, but if I run the migration a second time, the later migration is broken: root@mailstore1:/srv/vmail/cklein# rm -R mdbox/ root@mailstore1:/srv/vmail/cklein# doveadm -v -o mail_plugins=zlib sync -u cklein mdbox:/srv/vmail/cklein/mdbox dsync(cklein): Info: test: only in source (guid=0c323b1a430a7350c859a69b85fa) dsync(cklein): Info: saved-drafts: only in source (guid=a759b2290cda65504c59a69b85fa) dsync(cklein): Info: inbox: only in source (guid=a84828310cda65504d59a69b85fa) dsync(cklein): Info: sent-mail: only in source (guid=a859b2290cda65504c59a69b85fa) dsync(cklein): Info: spam-mail: only in source (guid=a959b2290cda65504c59a69b85fa) dsync(cklein): Info: mail-trash: only in source (guid=aa59b2290cda65504c59a69b85fa) dsync(cklein): Info: Trash: only in source (guid=c0d2c117a78575504964fd7d4449) dsync(cklein): Info: INBOX.test2: only in source (guid=d6c2d20a2bd013511d03a69b85fa) dsync(cklein): Info: huhu: only in source (guid=e310ed050ecf1351c37da69b85fa) root@mailstore1:/srv/vmail/cklein# doveadm -v -o mail_plugins=zlib sync -u cklein mdbox:/srv/vmail/cklein/mdbox dsync(cklein): Error: Can't rename mailbox inbox to INBOX: Target mailbox already exists This is what the mbox-folder of the user looks like: root@mailstore1:/srv/vmail/cklein# ls -la mail/ insgesamt 404 drwx-- 4 vmail vmail 4096 26. Feb 10:09 . drwx-- 5 vmail vmail 4096 18. Feb 23:20 .. -rw--- 1 vmail vmail540 26. Feb 10:09 huhu drwx-- 17 vmail vmail 4096 7. Feb 17:02 .imap -rw--- 1 vmail vmail 97664 26. Feb 10:09 inbox -rw--- 1 vmail vmail540 26. Feb 10:09 INBOX.test2 drwx-- 2 vmail vmail 4096 26. Feb 09:56 mail -rw--- 1 vmail vmail 18842 26. Feb 10:09 mail-trash -rw--- 1 vmail vmail 2768 26. Feb 10:09 saved-drafts -rw--- 1 vmail vmail 239274 26. Feb 10:09 sent-mail -rw--- 1 vmail vmail540 26. Feb 10:09 spam-mail -rw--- 1 vmail vmail 78 7. Feb 16:56 .subscriptions -rw--- 1 vmail vmail598 26. Feb 10:09 test -rw--- 1 vmail vmail540 26. Feb 10:09 Trash And this is what Dovecot can see accessing the mbox-storage: root@mailstore1:/srv/vmail/cklein# doveadm mailbox list -u cklein test mail-trash saved-drafts sent-mail spam-mail Trash huhu INBOX.test2 inbox mail And this is what Dovecot can see accessing the mdbox-storage: root@mailstore1:/srv/vmail/cklein# doveadm -c /etc/dovecot/mdbox-test.conf mailbox list -u cklein sent-mail saved-drafts Trash spam-mail mail-trash mail huhu test INBOX INBOX.test2 Is it a bug renaming the inbox-Folder to uppercases or do I have a mistake in my mbox-structure? Peer -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Re: [Dovecot] 2.2.rc2: quota crash
On Mon, 2013-02-25 at 22:52 +0100, Lutz Preßler wrote: > A0005 GETQUOTAROOT INBOX > imap(4140, lpressl) : Panic: file mail-namespace.c: line 654 > (mail_namespace_find): assertion failed: (ns != NULL) > > GETQUOTAROOT directly after SELECT INBOX (without UID SEARCH) does not. > No crash without imap_quota plugin either, of course... Fixed: http://hg.dovecot.org/dovecot-2.2/rev/c9491a07998b