Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Am 08.03.2013 07:08, schrieb pvsuja: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? Mhh, well, communication encryption and password encryption are two different things. If you speak over SSL with your server, it doesn't matter if the password is transmitted in plain. http://wiki.dovecot.org/Authentication/Mechanisms
Re: [Dovecot] Inotify max_user_instances
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Mar 2013, Daniel L. Miller wrote: Maybe I have multiple problems - dunno. I've started seeing the following log lines: Mar 7 07:46:22 bubba dovecot: imap(dmil...@amfes.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances max_user_instances is currently 128. I've tried stopping and restarting dovecot - the message immediately returns. I could just increase max_user_instances - but I'd like to understand what the number SHOULD be and why simply restarting Dovecot doesn't fix it. If this issue is for user vmail this is used by mail services only - and I've only got a few users on my system. see http://stackoverflow.com/questions/0245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: max number of simultaneous users * number of watched mailboxes per users + fixed amount, because you use one _system_ user for all IMAP-users. I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related. Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUTmh3l3r2wJMiz2NAQLrDAgAmeGRMX2i+ZTJcpK4elivCorxYwfuI9uu ZUf0dpGI+KBEGMbaYaBYNiW1PtrGlxLXgpNOAl4nYtMhwzULX46CkU6aefGrGLZy 44DrkyHqqgnKhr3AGnr1Hofq4BZkpuPVx+RAiU5bg1wyYyUh90GEEw+SlonJSg7r rxWB70rfVrWmoY6HbE3CcEg2ZZEFmgKlRHuNBinzfBj8VQbwQ8qL2/HErGY9MIvk etyR1cv1FRYjOq68/G2axPRZO5C+0tmjW4lUeAl1fDIEDR8U3xsRZhGlhdlgxC/c ojxpVvOTrzAw1H+bfqWzX/SmN59H0k+dOh/c1iK+Olc7gh6+PyJ4+w== =cnZt -END PGP SIGNATURE-
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Mar 2013, Nunzio Falcone wrote: and execute the following telnet session [root@posta ~]# telnet localhost 25 Trying 127.0.0.1... 220 posta.domain.local ESMTP Postfix rcpt to:utente2 250 2.1.5 Ok note the use of login (only utente2) this is the debug session Mar 07 23:06:15 auth: Debug: master in: USER1 utente2/maildir/@domain.local service=lda Mar 07 23:06:15 auth: Debug: master out: USER 1 utente2/maildir/ uid=500 gid=500 home=/var/vmail/utente2/maildir/ Hmm, utente2 became utente2/maildir/@domain.local again. I have no experience with postfix, so I would first make sure, postfix passes the correct values to the Dovecot LDA, by: create wrapper script: = START #!/bin/bash ( date echo arguments $@ id /usr/libexec/dovecot/deliver $@ rc=$? echo rc=$rc exit $rc ) /tmp/dovecot-lda-wrapper.$$.log 21 END /etc/postfix/master.cf (relevant) # Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/path/to/wrapper -f ${sender} -d ${recipient} see changed argv= argument. Then check the created log files in /tmp, if the argument of -d does or does not contain the /maildir/ part. If it does, you will have to check your postfix installation, when the recipient string gets changed. Maybe your postfix was configured to deliver to Maildirs directly before and therefore at some point the /maildir/ is added. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUTmk9F3r2wJMiz2NAQLpWwgAsg6f+nIjmOmeBsfK9kAwUhkAgOO7HtKu jmiaqY5DxDo9GRp+8X62y3kBGvVtrKCbJcoRqW4wlBwYvJaBbZqAZU2NS0q3QVV0 Dz63/DjSQsj+eQcMWnuX2Ci0D9JlC/UDA8FD+c2Os86LwIz0zBGET2sdqkUHqYxv wm6YwK7CBRzlmF98hRHMcj3bnZSpXWDx8+1nygoylUdwzV4rwcflWJ67jnGTs58+ RJfsiVnAzdlWzrwEjwlswOClM5mmRlwU5MVHfOczZMO9Z/XmHXxrISCx9pFKrwjT +X++0MDEerEqLuc+S8vrobe8XeTlvHzWmdpqd6F6RiEncGuy/21IRg== =y3pK -END PGP SIGNATURE-
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40689.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 3/8/2013 1:04 AM, pvsuja wrote: Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? From the template /etc/dovecot/conf.d/10-auth.conf # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes Dem
Re: [Dovecot] Inotify max_user_instances
On 3/8/2013 12:31 AM, Steffen Kaiser wrote: see http://stackoverflow.com/questions/0245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: max number of simultaneous users * number of watched mailboxes per users + fixed amount, because you use one _system_ user for all IMAP-users. Thanks. I actually had this increased previously - but for whatever reason my sysctl.d/60-inotify.conf didn't get applied last reboot. I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related. Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily. Yes and Yes. Could fail2ban be hurting more than it's helping? -- Daniel
[Dovecot] zlib plugin bug?
Hi there, got a problem with the zlib plugin, just wanted to test it on a test-mailserver, configured like in the wiki (http://wiki2.dovecot.org/Plugins/Zlib) and restarted the server. I've send an email to a blank maildir++ mailbox, the file is saved as gzip compressed file, but the Z flag is missing in the filename. Is that a bug in the plugin, or in dovecot? Greetings, Jan - --- additional data: find . ./dovecot-uidlist ./dovecot.mailbox.log ./tmp ./cur ./cur/1362746783.M97516P28534.s16,S=1321,W=1352:2,Sa ./maildirsize ./new ./dovecot.index.cache ./dovecot-keywords ./dovecot-uidvalidity.5139a483 ./subscriptions ./dovecot.index.log ./dovecot-uidvalidity ./dovecot-acl-list file ./cur/1362746783.M97516P28534* ./cur/1362746783.M97516P28534.s16,S=1321,W=1352:2,Sa: gzip compressed data, from Unix dpkg -l |grep dove ii debian-dovecot-auto-keyring 2010.01.30 GnuPG archive keys of the Automatic Dovecot Debian repository ii dovecot-common 2:2.2.0~rc2-0~auto+23 Transitional package for dovecot ii dovecot-core2:2.2.0~rc2-0~auto+23 secure mail server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-imapd 2:2.2.0~rc2-0~auto+23 secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-lmtpd 2:2.2.0~rc2-0~auto+23 secure LMTP server for Dovecot ii dovecot-managesieved2:2.2.0~rc2-0~auto+23 secure ManageSieve server for Dovecot ii dovecot-mysql 2:2.2.0~rc2-0~auto+23 MySQL support for Dovecot ii dovecot-pop3d 2:2.2.0~rc2-0~auto+23 secure POP3 server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-sieve 2:2.2.0~rc2-0~auto+23 sieve filters support for Dovecot doveconf -n # 2.2.rc2 (52e5d4186006): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 ext3 auth_debug = yes auth_verbose = yes listen = * mail_debug = yes mail_gid = vmail mail_location = maildir:/var/vmail/%d/%n/Maildir:LAYOUT=fs mail_plugins = quota acl zlib mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_anyone = allow autocreate = Trash autocreate2 = Drafts autocreate3 = Sent autocreate5 = Archives autosubscribe = Trash autosubscribe2 = Drafts autosubscribe3 = Sent quota = maildir:User quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve zlib_save = gz zlib_save_level = 6 } protocols = imap lmtp sieve pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { idle_kill = 1 hours unix_listener dict { group = vmail mode = 0660 } } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 0 } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota acl zlib sieve } protocol lda { mail_plugins = quota acl zlib sieve } protocol imap { mail_plugins = quota acl zlib imap_zlib imap_quota imap_acl autocreate }
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
Il 08/03/2013 09:44, Steffen Kaiser ha scritto: #!/bin/bash ( date echo arguments $@ id /usr/libexec/dovecot/deliver $@ rc=$? echo rc=$rc exit $rc ) /tmp/dovecot-lda-wrapper.$$.log 21 this is output Fri Mar 8 16:39:00 CET 2013 arguments -f domain@domain.local -d utente2/maildir/@nolanitalia.local uid=500(vmail) gid=500(vmail) groups=500(vmail) rc=0 the -d argument contains /maildir!!! what do you think of this? what postfix config to check? Thanx -- *Nunzio Falcone* nunzio.falc...@gmail.com *Cell * +39 320 1167923 *Voip*+39 081 0117933 *Fax * +39 081 0113049
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
Il 08/03/2013 16:58, Nunzio Falcone ha scritto: Il 08/03/2013 09:44, Steffen Kaiser ha scritto: #!/bin/bash ( date echo arguments $@ id /usr/libexec/dovecot/deliver $@ rc=$? echo rc=$rc exit $rc ) /tmp/dovecot-lda-wrapper.$$.log 21 this is output Fri Mar 8 16:39:00 CET 2013 arguments -f domain@domain.local -d utente2/maildir/@nolanitalia.local uid=500(vmail) gid=500(vmail) groups=500(vmail) rc=0 the -d argument contains /maildir!!! what do you think of this? what postfix config to check? *SOLVED* modifyng /etc/postfix/ldap-users.cf (relevant) from query_filter = ((objectclass=person) (mail=%s)) result_attribute = sAMAccountName version = 3 result_format=%s/Maildir/ to query_filter = ((objectclass=person) (mail=%s)) result_attribute = sAMAccountName version = 3 *result_format=%s* ThankU for your support -- *Nunzio Falcone* nunzio.falc...@gmail.com *Cell * +39 320 1167923 *Voip*+39 081 0117933 *Fax * +39 081 0113049