Re: [Dovecot] crash with dovecot 2.2: Panic: Buffer full
Le 18 mars 2013 à 14:47, Timo Sirainen t...@iki.fi a écrit : On Sat, 2013-03-16 at 13:51 +0100, to...@starbridge.org wrote: Hi Timo, I've got a crash with dovecot 2.2 dovecot --version 2.2.rc2 (69c26a9e3be5) It's occured when accessing with imap on a large mailbox (around 50k messages) imap(clean-quarant...@spamguard.fr): Panic: Buffer full (4254 4248, pool none) These should fix it: http://hg.dovecot.org/dovecot-2.2/rev/689dbeadf168 http://hg.dovecot.org/dovecot-2.2/rev/ee7352f46d1e Thx Timo It's ok now Regards Tonio
Re: [Dovecot] dovecot 2 in ubuntu 12.04 or Debian Squeeze
On Mon, 2013-03-18 at 22:56 -0700, pvsuja wrote: Mar 19 09:33:16 mailspace dovecot: imap(suja): Invalid certificate: self signed certificate in certificate chain: /C=IN/ST=Karnataka/O=xxx/OU=YYY CA/CN=mailserver.domain.com/emailAddress=sys...@domain.com Mar 19 09:33:16 mailspace dovecot: imap(suja): Error: ssl = required to ensure things are working, change this to no, if you can get mail then, change it to yes, dont absolute force until you have everything fixed. ssl_ca = /usr/local/etc/dovecot/certs/cacert.pem ssl_cert = /usr/local/etc/dovecot/certs/public_cert.pem ssl_key = /usr/local/etc/dovecot/certs/private_key.pem I guess my SSL certificate configuration is not done properly. How did you generate this? is it really self signed, or is it a CA signed (you can get free certs) If it's CA signed, ensure you created it like this (the order *is* important): cat mail.crt sub.crt ca.crt dovecot.pem *remove ssl_ca = stuff* ssl_cert_file = /path/to/dovecot.pem ssl_key_file = /path/to/mail/mail.key Been lng time since I use self signed, but from memory openssl req -x509 -days 999 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt (and IIRC tou need to ssl_ca = stuff) dovecot wiki should have the correct format for self signed signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Integrating with Drupal SQL db SOLVED
Hi again I have now solved this with a workaround. In short, it involves a Drupal 7 module called HTPasswdSync that intercepts password creation and changes in Drupal, and writes the password in SHA-1 hash format to a file (/etc/apache2/dovecot). I then point Dovecot to use this file as userdb and passdb source. I have written an more in detail explanation that is available at http://www.stos.se/?q=node/12 . The question remains; Will Dovecot ever be compatible with Drupal 7 password hashes? Regards Tobias Rådenholt i...@stos.se wrote 2013-03-11 17:57: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] SMTP Client authentication to remote Postfix/Dovecot
Follow up - Looks like a private VPN is the best solution to tackle this: http://article.gmane.org/gmane.mail.postfix.user/235903 On 18 March 2013 13:08, Christian Benke benkoka...@gmail.com wrote: Hello! This is probably another basic question and i'm not even sure if it's something where Dovecot is involved, but i'll give it a shot. So i've setup Postfix with Dovecot and system-auth on my remote server. So far it looks like everything is working fine and dandy via SASL(PLAIN) and TLS. I'm just not happy about my local SMTP client settings. I'm going to try to work with mutt in the future, so i need a local MTA - i've decided to try it with Postfix. This works so far and i can send mails with mutt. However - my setup relies on smtp_sasl_password_maps for authentication. I'm not too happy to have plaintext-passwords of remote systems lying around on my local filesystem. It doesn't really ease my mind that the file is readable by root only, this doesn't help if my laptop's harddisk gets mounted elsewhere. Are there alternatives or better ways to do SMTP authentication? http://www.postfix.org/SASL_README.html#server_cyrus_comm says: saslauthd can verify the SMTP client credentials by using them to log into an IMAP server So i have my mutt-client which is logged in to the remote Dovecot IMAP. Mutt uses the local MTA to send the mail. Is there some way to tell the local postfix or a local dovecot to authenticate the SMTP-Session via the existing IMAP-login? Or some other way where i at least don't rely on plaintext passwords but secure, encrypted hashes? Sorry if this is a redundant thread, smtp client authentication site:dovecot.org/list' and the likes are not exactly the most rewarding or unique search terms unfortunately. Thanks, Christian -- Central Asia by bike, starting May 2013 - http://poab.org
Re: [Dovecot] Dovecot documentation WAS: Re: Question regarding Postfix and Dovecot
El 19/03/13 05:15, Stan Hoeppner escribió: On 3/18/2013 11:37 AM, Timo Sirainen wrote: So basically you're saying that the major documentation improvement = an index listing/describing all settings. Sure, would be useful, but I don't see having time to write that anytime soon. The time issue is perfectly understandable Timo. My suggestion may not be the gold or platinum improvement to the docs, but I think it would help a lot of people, especially since most using Dovecot are also using Postfix, and since man is the standard UNIX documentation format/interface. I think some similarity/consistency would help quite a bit as many people are so used to this format. Do you have a way to simply dump all the current conf file parameter names from 2.x into a single column text file? I'll sort it and start adding the legal parameter values and writing the parameter definitions from information currently available in source and wiki pages. When I hit the point I can't find reference material for the rest of the parameters, we can dump it to a wiki page or similar so others with the knowledge can jump in and help finish it. Once it's done, myself, or someone else if they already have the experience, can create the man page from this to be included in the source. And you can create an update mechanism/batch process so that updating the 'master' document automatically updates the source man page and other published versions, making documentation updates simple when you add/change parameters. We could do the wiki bazaar style editing from the beginning, but I'd rather not. I'd like to get it started with a framework/layout and style of prose typical of UNIX documentation, for other editors to follow. The definition text prose needs to be consistent all the way through, or readers may be confused by the different writing styles of ~50 different people who may speak different 'dialects' of English or have different writing styles. This consistency is one of the hallmarks of good technical writing. Like I said previously, the one thing I'm able to contribute more than anything at this point is time. And my writing skills aren't completely horrible--I have been published, FWIW, but not recently. But my knowledge of the parameters, and a lot of Dovecot features in general is lacking. So if others are willing to contribute where I fall short, I'd be glad to give this a go and get it started, and hopefully put a decent sized dent in it so there's not so much left for others to do. Obviously you have final review/edit authority, and if you have a particular preference on writing style, etc, I'll certainly honor that. If this is acceptable to you Timo, let me know. If so send me the aforementioned file, any preferences/thoughts you have, and I'll get started on the first draft. Definitely, something like man 5 postconf would be really useful. I would like to collaborate with that, but I think that my English writing skill are not good enough.
Re: [Dovecot] Dovecot - Sieve script loaded but filtering doesn't works ?
Hello Steffen, Thanks for your help, your message has reminds me that I forget the header specification. This new sieve script works for me : require [fileinto]; if allof (header :contains To ab...@info.xx.com) { fileinto INBOX.Test; redirect clement...@xx.net; stop; } Thanks, Clement - Date: Mon, 18 Mar 2013 14:28:17 +0100 (CET) From: Steffen Kaiser skdove...@smail.inf.fh-brs.de To: Dovecot Mailing List dovecot@dovecot.org Subject: Re: [Dovecot] Dovecot - Sieve script loaded but filtering doesn't works ? Message-ID: alpine.deb.2.02.1303181419590.3...@pc-2m63.inf.fh-bonn-rhein-sieg.de Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 18 Mar 2013, Clement PAULET wrote: Dear Clement, This is my script (using for my test) : require fileinto; if address To i...@info.xx.com { fileinto Test; } Works for me in v2.2. Did you verified that the header To really exists in the message and that i...@info.xx.com is part of it? The log you've posted displays the envelope information, which is not necessary the same as the header information. Also, remove the precompiled Sieve script, in order to ensure that the pre-compiled one is really one from the script. You could also decompile it to make sure, it has been created from your test script. You'll find sieve-dump in src/sieve-tools/, if you compile from sources, or maybe in /usr/local/bin.
Re: [Dovecot] Dovecot documentation WAS: Re: Question regarding Postfix and Dovecot
On Tue, 19 Mar 2013 13:36:53 +0100 Joseba Torre articulated: {snip} Definitely, something like man 5 postconf would be really useful. I would like to collaborate with that, but I think that my English writing skill are not good enough. I would be willing to assist in a project like that. If we could get a few knowledgeable people -- including Timo -- I think it would be a truly worthwhile project. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
Re: [Dovecot] Dovecot documentation WAS: Re: Question regarding Postfix and Dovecot
On 19 March 2013 15:20, Jerry je...@seibercom.net wrote: On Tue, 19 Mar 2013 13:36:53 +0100 Joseba Torre articulated: {snip} Definitely, something like man 5 postconf would be really useful. I would like to collaborate with that, but I think that my English writing skill are not good enough. I would be willing to assist in a project like that. If we could get a few knowledgeable people -- including Timo -- I think it would be a truly worthwhile project. I can't code, but I can proof-read/write. And if *I* understand the instructions/config examples you have winning documentation - the ultimate dummy test, so to speak. So, this could be my opportunity to contribute to FOSS. Simon
[Dovecot] dovecot: auth-worker: order of authentication types
Hi all, I'm setting a mailserver using dovecot version: 2.1.7. On the server I have a couple of system users using PAM authentication and a lot of virtual users using SQL authentication. When a virtual user (e.g. da...@virtdomain.de) logs in dovecot tries to authenticate the user via PAM and after failing it uses SQL: Mar 19 11:39:42 orange dovecot: auth-worker(7815): pam(da...@virtdomain.de,ip address): pam_authenticate() failed: Authentication failure (password mismatch?) Mar 19 11:39:42 orange dovecot: auth: passwd(da...@virtdomain.de,ip address,T58IuUTYvgDZbill): unknown user Mar 19 11:39:42 orange dovecot: imap-login: Login: user=da...@virtdomain.de, method=PLAIN, rip=..., lip=..., mpid=7816, TLS Could I set up dovecot authentication so *users that authenticate with only their username (i.e. system users) always and only use PAM authentication *users that authenticate with their e-mail-address always and only use SQL authentication ??? Thanks, david -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Re: [Dovecot] Dovecot documentation WAS: Re: Question regarding Postfix and Dovecot
On Mon, 2013-03-18 at 23:15 -0500, Stan Hoeppner wrote: Do you have a way to simply dump all the current conf file parameter names from 2.x into a single column text file? With doveconf -d you get all the settings and also the defaults. The docs probably should mention the defaults also. I'll sort it and start adding the legal parameter values and writing the parameter definitions from information currently available in source and wiki pages. When I hit the point I can't find reference material for the rest of the parameters, we can dump it to a wiki page or similar so others with the knowledge can jump in and help finish it. Once it's done, myself, or someone else if they already have the experience, can create the man page from this to be included in the source. And you can create an update mechanism/batch process so that updating the 'master' document automatically updates the source man page and other published versions, making documentation updates simple when you add/change parameters. Yes, definitely something that generates all the docs from a single source. There is of course still going to be some duplication with a) example config files and b) the more context-specific wiki pages. I guess once that reference doc is done, the example config could be put to web with all the settings as links to the reference. I think the reference should also have pointers to the more generic wiki pages about the subject, such as ssl_* settings having a pointer to the SSL wiki page. That pointer could be a generic small icon in the HTML/wiki version, not sure about the man version. If this is acceptable to you Timo, let me know. If so send me the aforementioned file, any preferences/thoughts you have, and I'll get started on the first draft. OK.
[Dovecot] v2.2 status update
So, I'm still planning on getting v2.2.0 out Really Soon now. Unfortunately I've had to quickly develop some rather large features still at this stage. I was initially planning on leaving them for v2.3, but they were a requirement for one project and implementing them now to v2.2 was the least amount of trouble for me. (And yes, I'm aware I haven't replied to a lot of emails in this list. There are about 60 unread ones. Hopefully I'll have time to go through them this week.) So, what we have now: * dsync can sync ACLs * dsync can sync Sieve scripts - Slightly unfinished patch for Pigeonhole at http://dovecot.org/patches/2.2/doveadm-sieve-plugin.diff * dsync does the ACL/Sieve syncing by having implemented generic mailbox attribute syncing. (The ACLs/Sieve scripts are transparently mapped into the attribute hierarchy.) ACL plugin also supports now restricting attribute set/get/iteration. IMAP METADATA extension can be implemented using mailbox attributes. The dsync/ACL support was the main reason why I had planned on delaying native IMAP METADATA support until v2.3, but there's really no reason for that anymore. So expect IMAP METADATA support also early in v2.2.x (disabled by default). I'll still need to figure out how to do quota for it. * LDAP values can now have DN pointers to other entries that are queried. (Support for LDAP URLs could probably also be added with little trouble.) The configuration becomes a bit more complex again, but until the whole LDAP configuration is redesigned this will work. Example: user_attrs = \ =user=%{ldap:uid}, \ @mail=%{ldap:mailDN}, \ =uid=%{ldap:uidNumber@mail}, \ =gid=%{ldap:gidNumber@mail}, \ =home=%{ldap:rootPath@mail}/%d/%n