Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Am 08.03.2013 07:08, schrieb pvsuja: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? Mhh, well, communication encryption and password encryption are two different things. If you speak over SSL with your server, it doesn't matter if the password is transmitted in plain. http://wiki.dovecot.org/Authentication/Mechanisms
Re: [Dovecot] Inotify max_user_instances
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Mar 2013, Daniel L. Miller wrote: Maybe I have multiple problems - dunno. I've started seeing the following log lines: Mar 7 07:46:22 bubba dovecot: imap(dmil...@amfes.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances max_user_instances is currently 128. I've tried stopping and restarting dovecot - the message immediately returns. I could just increase max_user_instances - but I'd like to understand what the number SHOULD be and why simply restarting Dovecot doesn't fix it. If this issue is for user vmail this is used by mail services only - and I've only got a few users on my system. see http://stackoverflow.com/questions/0245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: max number of simultaneous users * number of watched mailboxes per users + fixed amount, because you use one _system_ user for all IMAP-users. I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related. Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUTmh3l3r2wJMiz2NAQLrDAgAmeGRMX2i+ZTJcpK4elivCorxYwfuI9uu ZUf0dpGI+KBEGMbaYaBYNiW1PtrGlxLXgpNOAl4nYtMhwzULX46CkU6aefGrGLZy 44DrkyHqqgnKhr3AGnr1Hofq4BZkpuPVx+RAiU5bg1wyYyUh90GEEw+SlonJSg7r rxWB70rfVrWmoY6HbE3CcEg2ZZEFmgKlRHuNBinzfBj8VQbwQ8qL2/HErGY9MIvk etyR1cv1FRYjOq68/G2axPRZO5C+0tmjW4lUeAl1fDIEDR8U3xsRZhGlhdlgxC/c ojxpVvOTrzAw1H+bfqWzX/SmN59H0k+dOh/c1iK+Olc7gh6+PyJ4+w== =cnZt -END PGP SIGNATURE-
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 7 Mar 2013, Nunzio Falcone wrote:
and execute the following telnet session
[root@posta ~]# telnet localhost 25
Trying 127.0.0.1...
220 posta.domain.local ESMTP Postfix
rcpt to:utente2
250 2.1.5 Ok
note the use of login (only utente2)
this is the debug session
Mar 07 23:06:15 auth: Debug: master in: USER1 utente2/maildir/@domain.local
service=lda
Mar 07 23:06:15 auth: Debug: master out: USER 1 utente2/maildir/ uid=500
gid=500 home=/var/vmail/utente2/maildir/
Hmm, utente2 became utente2/maildir/@domain.local again.
I have no experience with postfix, so I would first make sure, postfix
passes the correct values to the Dovecot LDA, by:
create wrapper script:
= START
#!/bin/bash
( date
echo arguments $@
id
/usr/libexec/dovecot/deliver $@
rc=$?
echo rc=$rc
exit $rc
) /tmp/dovecot-lda-wrapper.$$.log 21
END
/etc/postfix/master.cf (relevant)
# Dovecot LDA
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/path/to/wrapper
-f ${sender} -d ${recipient}
see changed argv= argument.
Then check the created log files in /tmp, if the argument of -d does or
does not contain the /maildir/ part.
If it does, you will have to check your postfix installation, when the
recipient string gets changed. Maybe your postfix was configured to
deliver to Maildirs directly before and therefore at some point the
/maildir/ is added.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUTmk9F3r2wJMiz2NAQLpWwgAsg6f+nIjmOmeBsfK9kAwUhkAgOO7HtKu
jmiaqY5DxDo9GRp+8X62y3kBGvVtrKCbJcoRqW4wlBwYvJaBbZqAZU2NS0q3QVV0
Dz63/DjSQsj+eQcMWnuX2Ci0D9JlC/UDA8FD+c2Os86LwIz0zBGET2sdqkUHqYxv
wm6YwK7CBRzlmF98hRHMcj3bnZSpXWDx8+1nygoylUdwzV4rwcflWJ67jnGTs58+
RJfsiVnAzdlWzrwEjwlswOClM5mmRlwU5MVHfOczZMO9Z/XmHXxrISCx9pFKrwjT
+X++0MDEerEqLuc+S8vrobe8XeTlvHzWmdpqd6F6RiEncGuy/21IRg==
=y3pK
-END PGP SIGNATURE-
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40689.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 3/8/2013 1:04 AM, pvsuja wrote: Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? From the template /etc/dovecot/conf.d/10-auth.conf # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes Dem
Re: [Dovecot] Inotify max_user_instances
On 3/8/2013 12:31 AM, Steffen Kaiser wrote: see http://stackoverflow.com/questions/0245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: max number of simultaneous users * number of watched mailboxes per users + fixed amount, because you use one _system_ user for all IMAP-users. Thanks. I actually had this increased previously - but for whatever reason my sysctl.d/60-inotify.conf didn't get applied last reboot. I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related. Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily. Yes and Yes. Could fail2ban be hurting more than it's helping? -- Daniel
[Dovecot] zlib plugin bug?
Hi there,
got a problem with the zlib plugin, just wanted to test it on a
test-mailserver, configured like in the wiki
(http://wiki2.dovecot.org/Plugins/Zlib) and restarted the server.
I've send an email to a blank maildir++ mailbox, the file is saved as
gzip compressed file, but the Z flag is missing in the filename.
Is that a bug in the plugin, or in dovecot?
Greetings, Jan
-
--- additional data:
find .
./dovecot-uidlist
./dovecot.mailbox.log
./tmp
./cur
./cur/1362746783.M97516P28534.s16,S=1321,W=1352:2,Sa
./maildirsize
./new
./dovecot.index.cache
./dovecot-keywords
./dovecot-uidvalidity.5139a483
./subscriptions
./dovecot.index.log
./dovecot-uidvalidity
./dovecot-acl-list
file ./cur/1362746783.M97516P28534*
./cur/1362746783.M97516P28534.s16,S=1321,W=1352:2,Sa: gzip compressed
data, from Unix
dpkg -l |grep dove
ii debian-dovecot-auto-keyring 2010.01.30
GnuPG archive keys of the Automatic Dovecot Debian repository
ii dovecot-common 2:2.2.0~rc2-0~auto+23
Transitional package for dovecot
ii dovecot-core2:2.2.0~rc2-0~auto+23
secure mail server that supports mbox, maildir, dbox and mdbox mailboxes
ii dovecot-imapd 2:2.2.0~rc2-0~auto+23
secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes
ii dovecot-lmtpd 2:2.2.0~rc2-0~auto+23
secure LMTP server for Dovecot
ii dovecot-managesieved2:2.2.0~rc2-0~auto+23
secure ManageSieve server for Dovecot
ii dovecot-mysql 2:2.2.0~rc2-0~auto+23
MySQL support for Dovecot
ii dovecot-pop3d 2:2.2.0~rc2-0~auto+23
secure POP3 server that supports mbox, maildir, dbox and mdbox mailboxes
ii dovecot-sieve 2:2.2.0~rc2-0~auto+23
sieve filters support for Dovecot
doveconf -n
# 2.2.rc2 (52e5d4186006): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 ext3
auth_debug = yes
auth_verbose = yes
listen = *
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/var/vmail/%d/%n/Maildir:LAYOUT=fs
mail_plugins = quota acl zlib
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_anyone = allow
autocreate = Trash
autocreate2 = Drafts
autocreate3 = Sent
autocreate5 = Archives
autosubscribe = Trash
autosubscribe2 = Drafts
autosubscribe3 = Sent
quota = maildir:User quota
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
zlib_save = gz
zlib_save_level = 6
}
protocols = imap lmtp sieve pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
}
service dict {
idle_kill = 1 hours
unix_listener dict {
group = vmail
mode = 0660
}
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = quota acl zlib sieve
}
protocol lda {
mail_plugins = quota acl zlib sieve
}
protocol imap {
mail_plugins = quota acl zlib imap_zlib imap_quota imap_acl autocreate
}
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
Il 08/03/2013 09:44, Steffen Kaiser ha scritto: #!/bin/bash ( date echo arguments $@ id /usr/libexec/dovecot/deliver $@ rc=$? echo rc=$rc exit $rc ) /tmp/dovecot-lda-wrapper.$$.log 21 this is output Fri Mar 8 16:39:00 CET 2013 arguments -f domain@domain.local -d utente2/maildir/@nolanitalia.local uid=500(vmail) gid=500(vmail) groups=500(vmail) rc=0 the -d argument contains /maildir!!! what do you think of this? what postfix config to check? Thanx -- *Nunzio Falcone* nunzio.falc...@gmail.com *Cell * +39 320 1167923 *Voip*+39 081 0117933 *Fax * +39 081 0113049
Re: [Dovecot] When dovecot delivery, nested maildir (user/maildir/maildir) is autocreated
Il 08/03/2013 16:58, Nunzio Falcone ha scritto: Il 08/03/2013 09:44, Steffen Kaiser ha scritto: #!/bin/bash ( date echo arguments $@ id /usr/libexec/dovecot/deliver $@ rc=$? echo rc=$rc exit $rc ) /tmp/dovecot-lda-wrapper.$$.log 21 this is output Fri Mar 8 16:39:00 CET 2013 arguments -f domain@domain.local -d utente2/maildir/@nolanitalia.local uid=500(vmail) gid=500(vmail) groups=500(vmail) rc=0 the -d argument contains /maildir!!! what do you think of this? what postfix config to check? *SOLVED* modifyng /etc/postfix/ldap-users.cf (relevant) from query_filter = ((objectclass=person) (mail=%s)) result_attribute = sAMAccountName version = 3 result_format=%s/Maildir/ to query_filter = ((objectclass=person) (mail=%s)) result_attribute = sAMAccountName version = 3 *result_format=%s* ThankU for your support -- *Nunzio Falcone* nunzio.falc...@gmail.com *Cell * +39 320 1167923 *Voip*+39 081 0117933 *Fax * +39 081 0113049
