Re: [Dovecot] Proxying, pertinent values and features, SNI
On Thu, 4 Apr 2013 22:21:43 +0300 Timo Sirainen wrote: > On 3.4.2013, at 10.59, Christian Balzer wrote: > > > I'm looking into deploying dovecot as a proxy, currently using > > perdition. Have been using dovecot on the actual servers for years, > > nearly a decade. So far just 1.x, but for the proxy it will have to be > > 2.x (2.1.7 is the current Debian version), as the trigger for this > > change is the need to support multiple SSL certificates. > > > > All that happens on the proxy seems to be handled by the login > > processes, so that is why we're not seeing anything useful in the > > process titles or with doveadm, right? > > And from past comments by Timo I guess that adding such functionality > > isn't on his to-do list at all. > > doveadm proxy list > That will teach me to look at man pages. ^o^ Internal help all the way, man pages are for chums. ^o^ Thanks! > > A configurable capabilities string for POP would be quite welcome, but > > at least nothing is different between the 1.x backends and the 2.x > > proxy in that protocol. > > v2.2 backends actually add some new POP3 capabilities. I guess there > could be such a setting, although it's a bit annoying to develop.. > I guess so, but that will really make it an universally deployable proxy and help people transitioning to dovecot from other environments, too. [snip] > > > I presume to best support all(?) clients out there is to have > > "local_name" sections for SNI first and then "local" sections for IP > > address based certs. It is my understanding that SNI needs to be > > requested by the client, so aside from client bugs (nah, those don't > > exist ^o^) every client should get an appropriate response for TLS. > > Has anybody done a setup like that already? > > If you have separate IPs for each sertificate, you don't need to > support/configure SNI, so local {} blocks are enough. > I know that, the idea was/is to determine how many (connects and clients) do a proper TLS/SNI negotiation if offered. However are these even differently logged by dovecot? I suspect not. Regards, Christian -- Christian BalzerNetwork/Systems Engineer ch...@gol.com Global OnLine Japan/Fusion Communications http://www.gol.com/
Re: [Dovecot] Sync errors trying to sync old mbox inboxes to dovecot
Timo, I tried importing the anonymized file, and there were no errors. So, it's something with the actual data. UTF-8 issues? While I can't send you a raw customer's mailbox, one of the failures is a 'role' account mailbox, with no critical/useful data in it. Here is a link (expires in 30 days) to download the mailbox, it's 107M. https://truck.it/p/HNlzl9hWbO The error I'm getting is dsync(webmail): Error: Sync failed for mbox file /var/opt/migrate/users/webmail/inbox: seq=4482 uid=4482 uid_broken=0 originally needed 10 bytes, now needs 12 bytes The seq and uid are different, depending on the mailbox being migrated. Some of the problem mailboxes only report a single failure, and some report multiple failures (where the seq/uid are different for each failure). For a given mailbox, the seq and uid reported seem to always be consistent. I create a directory called migrate, copy the file in there and name it inbox The command I'm using is Dsync -u webmail mirror mbox:migrate/ Here's my 2.2.rc3 doveconf -n output # 2.2.rc3: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_debug_passwords = yes auth_default_realm = auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log disable_plaintext_auth = no dotlock_use_excl = no lda_mailbox_autocreate = yes lock_method = dotlock log_path = /var/log/dovecot.log mail_access_groups = mail mail_debug = yes mail_fsync = always mail_location = mdbox:~/mail:INDEX=~/index mail_plugins = quota zlib mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_read_locks = dotlock mbox_write_locks = dotlock mdbox_rotate_interval = 1 weeks mdbox_rotate_size = 20 M mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Trash autocreate2 = Junk autocreate3 = Drafts autocreate4 = Sent autocreate5 = INBOX autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Drafts autosubscribe4 = Sent autosubscribe5 = INBOX mail_max_userip_connections = 10 managesieve_max_line_length = 65536 quota = dict:User quota::file:%h/dovecot.quota quota2_rule = Trash:storage=+10%% quota3_rule = Junk:storage=+20%% quota_rule = *:storage=100M:messages=10 recipient_delimiter = + sieve_before = /var/spool/mail/global.sieve/ zlib_save = gz zlib_save_level = 9 } pop3_reuse_xuidl = yes protocols = imap pop3 sieve lmtp service auth { inet_listener auth { port = 113 } unix_listener auth-userdb { user = nobody } } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 10 service_count = 1 } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } ssl = no ssl_cert = mailto:t...@iki.fi] Sent: Sunday, April 07, 2013 4:36 PM To: Michael Smith Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Sync errors trying to sync old mbox inboxes to dovecot On 6.4.2013, at 0.10, Michael Smith wrote: > I am trying to 'dsync mirror' old Qpopper/mbox inboxes to our new > Dovecot/mdbox servers. For most of the several thousand accounts, it works > without issue. But there are a handful of accounts that are generating the > following errors. > > dsync(joe): Error: Sync failed for mbox file > /var/opt/migrate/users/joe/inbox: seq=981 uid=981 uid_broken=0 originally > needed 9 bytes, now needs 11 bytes > > dsync(john): Error: Sync failed for mbox file > /var/opt/migrate/users/john/inbox: seq=115028 uid=115028 uid_broken=0 > originally needed 34 bytes, now needs 35 bytes These are some generic mbox bugs. I think the error goes away if you just repeat the run? > dsync(john): Error: Sync failed for mbox file > /var/opt/migrate/users/john/inbox: seq=114779 uid=114779 uid_broken=0 > originally needed 34 bytes, now needs 35 bytes > dsync(john): Error: Sync failed for mbox file > /var/opt/migrate/users/john/inbox: seq=114778 uid=114778 uid_broken=0 > originally needed 34 bytes, now needs 35 bytes .. or are these all separate dsync runs giving different errors? Anyway, if you can send me an mbox file where I can reproduce this, I could fix it. You can use http://dovecot.org/tools/mbox-anonymize.pl script to replace all the actual data in the mbox file with 'x' chars.
Re: [Dovecot] make check error for Pigeonhole v0.3.4 for Dovecot v2.1.16
On 4/8/2013 8:16 PM, Giam Teck Choon wrote: Hi, When I compile Pigeonhole v0.3.4 with Dovecot v2.1.16 until make check output as below from my rpmbuild output: Test case: ./tests/extensions/mailbox/execute.svtest: 1: Test 'MailboxExists - None exist' SUCCEEDED 2: Test 'MailboxExists - Not all exist' SUCCEEDED 3: Test 'MailboxExists - One exists' SUCCEEDED 4: Test 'MailboxExists - All exist' SUCCEEDED 5: Test ':Create' SUCCEEDED PASS: 5 tests succeeded. Test case: ./tests/extensions/date/basic.svtest: 1: Test 'Defaults' SUCCEEDED 2: Test 'Count' SUCCEEDED 3: Test 'Invalid' SUCCEEDED 4: Test 'Comparison' FAILED: date is invalid: 2009-07-23 FAIL: 1 of 4 tests failed. RPM build errors: make: *** [tests/extensions/date/basic.svtest] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.CIcpqx (%check) Bad exit status from /var/tmp/rpm-tmp.CIcpqx (%check) You're not the first one to notice: http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/bc2126771d00 This is one of those genuine phase-of-the-moon kind of bugs :) Hmm, maybe I should make a new release for this problem already. Regards, Stephan.
Re: [Dovecot] LMTP Setup/Design Help Request
On 08-04-2013 22:39, Matthias Hofer wrote: Hi altogether, I am switching from dbmail 2.2 to dovecot 2.1.7, and I was able to do a successful transition of IMAP. But I had a very hard time with receiving mail, and in the end -- after loads of reading and debugging -- I broke down and failed. This is why I am asking you for your kind help. I only have virtual users and have set mail_uid = dovemail mail_gid = dovemail For authentication, I simply use (for now) a flat file: passdb { driver = passwd-file args = scheme=PLAIN username_format=%u /etc/dovecot/mypasswd.file } # cat /etc/dovecot/mypasswd.file user1:{PLAIN}userpw1 user2:{PLAIN}userpw2 user3:{PLAIN}userpw3 And everything works fine with IMAP. I am completely domain-agnostic here. But I was not able to use this fine setup to receive mails with my postfix. I tried about 13 different configurations, some with considerable changes dovecot-config, the passwd-file or postfix, but I could not find a single variant working. In this situation, I would be very happy if somebody could give me a hint, which would be the prudent way to configure dovecot, LDA/LMTP and postfix based on the setup above. Thank you very much in advance, and have a great time, Matthias Hofer I suppose your postfix is in working state. Note that you do not need dovecot to deliver mail with postfix. But it is a good idea. To deliver using dovecot-lda my postfix main.cf contains mail_spool_directory = /Mail/ mailbox_command = /usr/local/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
Re: [Dovecot] repeating dsync - questions
OK, success: see timings (real nn) below commands. Initial copy of Maildir from live system to test sys (14G of data) rsync -ar --times hoho4:/home/bobgus/Maildir/ /home/bobgus/Maildir real 37m Then 1st 'dsync -R backup maildir:~/Maildir' real 828m Then 2nd rsync to pick up new mail - **don't touch existing files** rsync -ar --times --ignore-existing hoho4:/home/bobgus/Maildir/ /home/bobgus/Maildir real 3m Then 2nd 'dsync -R backup maildir:~/Maildir' real 12m The --ignore-existing option on the 2nd rsync allows dsync to process the additional emails in a reasonable amount of time. The dovecot-uidlist which is modified in the Maildir by dsync is not written over by the 2nd rsync and therefore the 2nd dsync just processes the added messages. (There were no deletes between rsync runs) Thanks much for your hints and comments. Bob G On Mon, 2013-04-08 at 00:53 +0300, Timo Sirainen wrote: > On 8.4.2013, at 0.10, Bob Gustafson wrote: > > >>> I am still on my quest for a quick way to move mail from a live Maildir > >>> system to a 'soon to be live' sdbox system. > >>> > >>> I copy Maildir to new system using: > >>> rsync -ar --times hoho4:/home/bobgus/Maildir/ /home/bobgus/Maildir > >>> > >>> Then I convert from Maildir to sdbox with: > >>> dsync mirror maildir:~/Maildir > >>> > >>> Then I copy more messages from live system using rsync > >> > >> ^^ that is the mistake > > > > I guess I have a basic misunderstanding of what 'dsync mirror' is doing. > > > > My understanding is that going from Maildir to sdbox, dsync does not > > mess with the data in Maildir. The Maildir metadata is in one form and > > the sdbox metadata is in another form (in the sdbox directory). > > dsync does mess with metadata in the maildir. also with dsync mirror (as > opposed to dsync backup) it can also modify the contents. The main problem > here is: > > 1. dsync sees that a folder A in maildir doesn't have a GUID (because dsync > is just about the only tool that uses it right now), and assigns the mailbox > a new GUID > 2. dsync syncs the mailbox to sdbox with that GUID > 3. rsync comes and wipes out the maildir-uidlist that contained the GUID > 4. second dsync sees that folder A in maildir doesn't have a GUID, and > assigns a new GUID to it > - now maildir has folder A with GUID 1, and sdbox has folder A with GUID 2 > - dsync thinks they are two different folders, and duplicates them as A and > A_2. the A_2 gets also copied back to maildir, because you're using dsync > mirror. This is why the second dsync is slow, it's actually doing all the > work again, and actually doing twice the work since it's copying the mails > from sdbox to maildir as well. > > v2.2 dsync is somewhat smarter and can figure out that they are actually the > same folder A and it simply changes the other's GUID instead of duplicating > all data. > > > No new email messages enter the sdbox system to be 'mirrored' to the > > Maildir system. > > > > I thought of using the 'dsync backup' command, but the sentence "Any > > changes done in destination are discarded." seems to indicate that each > > time 'dsync backup' is done, it starts from the beginning. No > > incremental backup (but this is done in 2.2 ?) > > dsync backup is incremental. it just wipes out any changes done at the other > side (if there happens to be any). > > >>> Then I do the 'dsync mirror maildir:~/Maildir' again > >>> > >>> There were only a few messages that were copied over in the 2nd rsync > >>> pass and it went quickly, but the 2nd dsync pass is taking a long time. > >> > >> The second rsync is overwriting all the metadata changes (mailbox GUIDs > >> most importantly) that the first dsync run did. > > > > Why does dsync mess with the Maildir metadata? Won't that just confuse > > the dovecot running on the Maildir system? > > Incremental dsync doesn't work (well) without additional metadata.
[Dovecot] LMTP Setup/Design Help Request
Hi altogether, I am switching from dbmail 2.2 to dovecot 2.1.7, and I was able to do a successful transition of IMAP. But I had a very hard time with receiving mail, and in the end -- after loads of reading and debugging -- I broke down and failed. This is why I am asking you for your kind help. I only have virtual users and have set mail_uid = dovemail mail_gid = dovemail For authentication, I simply use (for now) a flat file: passdb { driver = passwd-file args = scheme=PLAIN username_format=%u /etc/dovecot/mypasswd.file } # cat /etc/dovecot/mypasswd.file user1:{PLAIN}userpw1 user2:{PLAIN}userpw2 user3:{PLAIN}userpw3 And everything works fine with IMAP. I am completely domain-agnostic here. But I was not able to use this fine setup to receive mails with my postfix. I tried about 13 different configurations, some with considerable changes dovecot-config, the passwd-file or postfix, but I could not find a single variant working. In this situation, I would be very happy if somebody could give me a hint, which would be the prudent way to configure dovecot, LDA/LMTP and postfix based on the setup above. Thank you very much in advance, and have a great time, Matthias Hofer
Re: [Dovecot] crash with dovecot 2.2: Panic: Buffer full
Le 07/04/2013 22:56, Timo Sirainen a écrit : > On Sun, 2013-04-07 at 21:47 +0200, to...@starbridge.org wrote: >> since I've upgraded to 2.2.rc5 (c24783148d78), I've got the previous >> error again: >> It's happening on a large mailbox on almost every emails, with Horde 5 >> webmail client (works fine with thunderbird so far) >> Thanks for your help >> >> Apr 7 21:30:58 mx2 dovecot: imap(clean-quarant...@spamguard.fr): Panic: >> Buffer full (8206 > 8192, pool ) > Thanks, this should fix it: > http://hg.dovecot.org/dovecot-2.2/rev/bb25fa35d887 > > Hi Timo, It's ok for this error, but now, on a few email, I've got this: dovecot --version 2.2.rc6 (548e59794f2e) imap(clean-quarant...@spamguard.fr): Panic: file istream.c: line 153 (i_stream_read): assertion failed: (_stream->skip != _stream->pos) Apr 8 22:19:26 mx2 dovecot: imap(clean-quarant...@spamguard.fr): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x60ada) [0x7f692abe1ada] -> /usr/lib/dovecot/libdovecot.so.0(+0x60b1e) [0x7f692abe1b1e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f692aba3415] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read+0x1b9) [0x7f692abea2a9] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read_data+0x3d) [0x7f692abea9dd] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x9b624) [0x7f692aed8624] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_mail_get_binary_stream+0x77) [0x7f692aed8ab7] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_get_binary_stream+0x60) [0x7f692aeb1640] -> /usr/lib/dovecot/libdovecot-storage.so.0(imap_msgpart_open+0x9f) [0x7f692af0db4f] -> dovecot/imap() [0x418f35] -> dovecot/imap() [0x4175dd] -> dovecot/imap(imap_fetch_more+0x34) [0x418534] -> dovecot/imap(cmd_fetch+0x309) [0x40e2c9] -> dovecot/imap(command_exec+0x3c) [0x41621c] -> dovecot/imap() [0x415280] -> dovecot/imap() [0x41533a] -> dovecot/imap(client_handle_input+0x115) [0x4155f5] -> dovecot/imap(client_input+0x72) [0x4159a2] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f692abf14a6] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7) [0x7f692abf22f7] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f692abf0fe8] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f692aba85a3] -> dovecot/imap(main+0x270) [0x40b940] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f692a815ead] -> dovecot/imap() [0x40ba9d] Apr 8 22:19:26 mx2 dovecot: imap(clean-quarant...@spamguard.fr): Fatal: master: service(imap): child 4369 killed with signal 6 (core dumped) #0 0x7f692a829475 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x7f692a82c6f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x7f692abe1ae8 in default_fatal_finish (type=, status=status@entry=0) at failures.c:191 backtrace = 0x62d818 "/usr/lib/dovecot/libdovecot.so.0(+0x60ada) [0x7f692abe1ada] -> /usr/lib/dovecot/libdovecot.so.0(+0x60b1e) [0x7f692abe1b1e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f692aba3415] -> /usr/lib/d"... #3 0x7f692abe1b1e in i_internal_fatal_handler (ctx=0x7fff605d4680, format=, args=) at failures.c:652 status = 0 #4 0x7f692aba3415 in i_panic (format=format@entry=0x7f692ac06e68 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:263 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff605d4770, reg_save_area = 0x7fff605d46b0}} #5 0x7f692abea2a9 in i_stream_read (stream=stream@entry=0x9fa6a0) at istream.c:153 _stream = 0x9fa640 old_size = 0 ret = -2 __FUNCTION__ = "i_stream_read" #6 0x7f692abea9dd in i_stream_read_data (stream=stream@entry=0x9fa6a0, data_r=data_r@entry=0x7fff605d4820, size_r=size_r@entry=0x7fff605d4828, threshold=threshold@entry=0) at istream.c:479 ret = read_more = false __FUNCTION__ = "i_stream_read_data" #7 0x7f692aed8624 in blocks_count_lines (full_input=0x9fa6a0, ctx=0x7fff605d4830) at index-mail-binary.c:319 block_idx = 5 p = size = 0 data = 0x0 ret = cur_block = 0x62d488 block_count = 7 cur_offset = 2755 skip = #8 index_mail_read_binary_to_cache (_mail=_mail@entry=0x66d630, part=part@entry=0x672190, include_hdr=include_hdr@entry=false, binary_r=binary_r@entry=0x7fff605d48e6, converted_r=converted_r@entry=0x7fff605d48e7) at index-mail-binary.c:393 mail = 0x66d630 cache = 0x657b30 ctx = {mail = 0x66d630, input = 0x685c00, has_nuls = false, converted = true, blocks = {arr = {buffer = 0x62d3d8, element_size = 24}, v = 0x62d3d8, v_modifiable = 0x62d3d8}, copy_start_offset = 113072} __FUNCTION__ = "index_mail_read_binary_to_cache" #9 0x7f692aed8ab7 in index_mail_get_binary_stream (_mail=0x66d630, part=0x672190, include_hdr=false, size_r=0x7fff605d49a8, lines_r=, binary_r=0x7fff605d499e,
Re: [Dovecot] dovecot 2 variables
Interesting, but this means that we need to have one tree with all users (where each user have additional attribute containing local ip), instead we now have two separate trees because we use this for other authentication purposes. Thank you for sharing your thoughts Steffen On Mon, Apr 8, 2013 at 2:34 PM, Steffen Kaiser < skdove...@smail.inf.fh-brs.de> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On Sun, 7 Apr 2013, Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple addresses >> but use one dovecot instance and to let users logging without @domain >> part. >> > > If %l is expanded in the LDAP query, you could add an attribute with the > local IP address, e.g.: > > pass_filter = (&(objectClass=mailUser)(|(**mail=%Lu)(&(localPart=%Lu)(** > localIP=%l > > (check if parenthesis are balanced) Same with user_filter > > The idea: > > mailUserLDAPItem && ( nameWithDomain || ( nameWithoutDomain && localIP ) ) > > So the user could login with domain on any local port and without domain > on one or more local interfaces. > > - -- Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUWK5PV3r2wJMiz2NAQKNMA**gAovEJQY0nhBwT0E/**d9tEd6wokF5XlVjpc > 15vvc3zbJ9AaQVMz4LHAx1N4Secx+**BP+**UrJLiPPIegGAPbExA4gjI2oC31sEUc**JB > 8iBtRlbVHLn+**pV0DnlG5FBn0KQgIyX1ml+**AafcFrVOq/PcCTQzdWqO0oyLR6PN8a > SGpArMTweVjMpbhiYdR1fqtc5iYEI2**MefO4OjEG0Xxc2KfqzDZqUSZ1H4+**ftPT9a > oA59e2sc3PRjCrjpeA4UbWNC/**ZEDSJFtt01mX3WZ00HVI/+**gMiPZVY7NTeaCC9W4 > rq0dI2J1O/zP2+**yY40KtuZrSt7Kw4b61LXO8Yp/**fJVpGoZzf6HvuWA== > =/+hu > -END PGP SIGNATURE- >
[Dovecot] How to see folders/subfolders/emails through imap
Hello all, I am trying to do something very simple - at least thats what I thought. I have some fs, it contains folders and subfolders with email files ordered like maildir. Now I try to set up dovecot on top simply to let some imap account watch these email files. But I cannot see any folders at all. I can create new folders and see them, but I cannot create subfolders as subdirs like "folder/subfolder". Instead I get "folder.subfolder" dirs on the fs. I tried to set the separator to "/", but that does not help at all. Is there some easy way to configure dovecot to display: ///new/files... /new/files... /new/files... according to fs layout on some imap-client (like thunderbird)? -- Regards, Stephan
Re: [Dovecot] repeating dsync - questions
My need at the moment is only a *one* time deal. I just need to copy/convert all of the messages over to the new system and new (sdbox) format *once*. Then all of the clients can start from zero to build their caches based on the new mail box (not that many clients). --- I will take a look at the Imap copy process - maybe that would be simpler in the long run. No rsync needed (as long as the source system is not changed by the Imap copy process) Thanks much for your comments and suggestions Bob G On Mon, 2013-04-08 at 13:57 +0300, Timo Sirainen wrote: > On 8.4.2013, at 1.32, Bob Gustafson wrote: > > > Ok, how is this for a scheme: > > > > 1) Initially rsync Maildir to destination system > > 2) Do initial 'dsync backup' from Maildir to sdbox on destination system > > 3) Do a 2nd rsync of new Maildir data from live system to destination > > system, but don't copy the old maildir-uidlist still in the Maildir of > > the live system. > > rsync -ar --times --exclude=dovecot-uidlist > system Maildir> > > > > I could also use the --ignore-existing option > > > > In theory, rsync would not touch the dovecot-uidlist file, would not > > touch the existing message files, but would copy over the new messages > > received during the time 'dsync backup' was doing its previous run. > > > > 4) Do a 2nd 'dsync backup' from the Maildir to the sdbox (which hasn't > > changed since the 1st 'dsync backup') > > Without rsync --delete you may end up with duplicates if message flags had > changed during it. > > There's also another potential problem. Since you don't now update the > dovecot-uidlist, the message UIDs may change. Some clients cache messages by > their UID. These clients may lose messages or show wrong messages to users. > So for example if: > > 0. rsync + dsync is run to sdbox. dovecot-uidlist now says that next_uid=123 > 1. Maildir receives mail A that gets assigned UID 123 > 2. Maildir receives mail B that gets assigned UID 124 > 3. User deletes mail A > 4. rsync is run, which copies the new mail B > 5. dsync is run, which notices a new mail B, and assigns it the a new UID 123 > 6. You switch user to new Dovecot > 7. dbox receives a new mail C, and gets assigned UID 124 > 8. User's client is now pretty much completely confused about what UIDs 123 > and 124 contain. User may see different mails as subject and body. User may > not even see the mail B anymore without a client cache rebuild. > > Yet another possibility would be to use dsync to migrate the mails using IMAP > protocol rather than from Maildir directly: > http://wiki2.dovecot.org/Migration/Dsync >
Re: [Dovecot] dsync replication: quota counted twice
On Mon, 8 Apr 2013 15:14:18 +0300 Timo Sirainen wrote: > > ok, thanks for the clarification. Using two different tables does > > the trick. I'll probably also have to disable the quota-warning > > scripts on one of the servers. Currently, both servers run the > > script when a account goes overquota -> two hate-mails in the > > user's Inbox. > > Ah. Hmm. This should solve it: > http://hg.dovecot.org/dovecot-2.2/rev/54cdc5b6727c > Thanks a lot..this seems to work, only server1 sends a quota warning now. maillog shows an (empty) error, but the script runs anyway: Apr 8 15:16:38 fumailsynctest1 dovecot: quota-warning: Error: close failed in file object destructor: Apr 8 15:16:38 fumailsynctest1 dovecot: quota-warning: Error: Error in sys.excepthook: Apr 8 15:16:38 fumailsynctest1 dovecot: quota-warning: Error: Apr 8 15:16:38 fumailsynctest1 dovecot: quota-warning: Error: Original exception was:
[Dovecot] Dovecot Configuration
Can somebody, please, point me in the right direction in finding a COMPLETE and EXACT definition of the Dovecot configuration hierarchy. In other words what configuration options exist both at the top level but also at each subconfiguration elements (ex. sections etc). While my C is a bit rusty, I can still make sense of source code and with a bit of effort I will figure it out. I have been going through the src/config/all-settings.c but still have large gaps. A hint in the right direction on how the config works might help clarify and speed things up. Thanks Andreas Kasenides
Re: [Dovecot] Problem with fts lucene, on solaris 10
On Monday 08 April 2013, Timo Sirainen wrote: > On 8.4.2013, at 12.19, Pigi wrote: > > > Program received signal SIGSEGV, Segmentation fault. > > 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 > > (gdb) bt full > > #0 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 > > No symbol table info available. > > #1 0xfebd66e4 in realloc () from /lib/libc.so.1 > > No symbol table info available. > > #2 0xff1d9a70 in pool_system_realloc (pool=0xff21576c, mem=0xff21576c, > > old_size=0, new_size=8192) at mempool-system.c:115 > > No locals. > > #3 0xff1cda28 in i_realloc (mem=0x0, old_size=0, new_size=8192) at > > imem.c:14 > > No locals. > > Looks to me like memory corruption, which is just about impossible to debug > if you don't have valgrind or a similar tool (and I don't think Solaris has > any such free tools). Yes, you're right. There aren't ( already packaged ) tool for valgrinding or similar. > Do you happen to get any other crashes where it doesn't crash in malloc code? > You showed previously that it was crashing with SIGBUS somewhere. For what I can see, form dovecot.log I have a couple of error: Apr 08 12:02:18 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:02:18 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:02:18 indexer-worker(): Fatal: master: service(indexer-worker): child 27242 killed with signal 11 (core not dumped) Apr 08 12:02:19 indexer-worker(): Error: lucene index /home//Maildir/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Apr 08 12:03:46 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:03:46 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:03:46 indexer-worker(): Fatal: master: service(indexer-worker): child 27445 killed with signal 10 (core not dumped) Apr 08 12:06:57 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:06:57 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:06:57 indexer-worker(): Fatal: master: service(indexer-worker): child 27761 killed with signal 11 (core not dumped) Apr 08 12:08:33 indexer: Error: Indexer worker disconnected, discarding 1 requests for Here a couple or more of gdb"ed" process, but tied to SEGV ( I almost suspect that when gdbing I always catch a SEGV ) : == First gdb == No symbol table info available. #1 0xfebd6884 in realloc () from /lib/libc.so.1 No symbol table info available. #2 0xfe83d270 in lucene::util::StringReader::init (this=0x8d328, _value=0x2bb288, _length=3958, copyData=true) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Reader.cpp:48 tmp = (TCHAR *) 0x2051e0 length = 3958 #3 0xfe8837f0 in lucene::index::DocumentsWriter::ThreadState::FieldData::invertField (this=0x92df8, field=0x8d238, analyzer=0x2cb60, maxFieldLength=1) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:887 stringValue = (const TCHAR *) 0x2bb288 stringValueLength = 3958 stream = (class lucene::analysis::TokenStream *) 0x0 streamValue = (class lucene::analysis::TokenStream *) 0x8d328 #4 0xfe883a58 in lucene::index::DocumentsWriter::ThreadState::FieldData::processField (this=0x92df8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:798 field = (class lucene::document::Field *) 0x8d238 #5 0xfe883d6c in lucene::index::DocumentsWriter::ThreadState::processDocument (this=0x8c0a8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Array.h:90 i = 6 #6 0xfe87ea00 in lucene::index::DocumentsWriter::updateDocument (this=0x84790, doc=0x8b838, analyzer=0x2cb60, delTerm=0x0) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:946 state = (class lucene::index::DocumentsWriter::ThreadState *) 0x8c0a8 #7 0xfe87eb5c in lucene::index::DocumentsWriter::addDocument (this=0x84790, doc=0x8b838, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:930 No locals. #8 0xfe8b1ea0 in lucene::index::IndexWriter::addDocument (this=0x8cc18, doc=0x8b838, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/IndexWriter.cpp:682 No locals. #9 0xfea18e04 in lucene_index_build_flush (index=0x37ba8) at lucene-wrapper.cc:484 ret = 0 #10 0xfea18f88 in lucene_index_build_more (index=0x37ba8, uid=2995, data=0x185d18 "", size=23, hdr_name=0x8ba60 "Return-Path") at lucene-wrapper.cc:507 id = {4, 0, 0, 0, -4196824, -15011172, 534768, -4196336, 516256, 0, 11560, -20155708, 9, 10, 36,
Re: [Dovecot] dovecot 2 variables
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 7 Apr 2013, Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. If %l is expanded in the LDAP query, you could add an attribute with the local IP address, e.g.: pass_filter = (&(objectClass=mailUser)(|(mail=%Lu)(&(localPart=%Lu)(localIP=%l (check if parenthesis are balanced) Same with user_filter The idea: mailUserLDAPItem && ( nameWithDomain || ( nameWithoutDomain && localIP ) ) So the user could login with domain on any local port and without domain on one or more local interfaces. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUWK5PV3r2wJMiz2NAQKNMAgAovEJQY0nhBwT0E/d9tEd6wokF5XlVjpc 15vvc3zbJ9AaQVMz4LHAx1N4Secx+BP+UrJLiPPIegGAPbExA4gjI2oC31sEUcJB 8iBtRlbVHLn+pV0DnlG5FBn0KQgIyX1ml+AafcFrVOq/PcCTQzdWqO0oyLR6PN8a SGpArMTweVjMpbhiYdR1fqtc5iYEI2MefO4OjEG0Xxc2KfqzDZqUSZ1H4+ftPT9a oA59e2sc3PRjCrjpeA4UbWNC/ZEDSJFtt01mX3WZ00HVI/+gMiPZVY7NTeaCC9W4 rq0dI2J1O/zP2+yY40KtuZrSt7Kw4b61LXO8Yp/fJVpGoZzf6HvuWA== =/+hu -END PGP SIGNATURE-
[Dovecot] "No such file or directory" error setting up dict quota for mdbox
Hi, I've some troubles setting up the dict based quota plugin for mdbox, it always returns a error when lmtp tries to deliver an e-mail: Apr 8 12:40:16 mb07 dovecot: lmtp(3001, asma...@ull.es): Error: fstat(/sharedfs/10.4.1.107/ull.es/54/asmarre/dovecot-quota.lock) failed: No such file or directory Apr 8 12:40:16 mb07 dovecot: lmtp(3001, asma...@ull.es): Error: file dict commit: file_dotlock_open(/sharedfs/ 10.4.1.107/ull.es/54/asmarre/dovecot-quota) failed: No such file or directory Apr 8 12:40:16 mb07 dovecot: lmtp(3001, asma...@ull.es): Error: dict quota: Quota update failed, it's now desynced In fact lmtp does create the dovecot-quota.lock file but it does not update the dovecot-quota file. If I run "doveadm quota recalc -u asmarre" it works and updates the dovecot-quota file. The version of dovecot that I'm using is 2.0.19 and the configuration is: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-32-generic x86_64 Ubuntu 12.04.2 LTS mail_debug = yes mail_location = mdbox:%h mail_plugins = quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dict:User quota::file:%h/dovecot-quota quota_rule = *:storage=1G quota_warning = storage=95%% quota-warning 95 quota_warning2 = storage=85%% quota-warning 85 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmas...@ull.es protocols = " imap lmtp sieve pop3" service lmtp { inet_listener lmtp { port = 24 } } service managesieve-login { inet_listener sieve_deprecated { port = 2000 } } service quota-warning { executable = script /opt/ccti/correo/buzones/quota_warning.sh unix_listener quota-warning { user = dovecot } user = dovecot } ssl_cert =
Re: [Dovecot] dsync replication: quota counted twice
On 8.4.2013, at 14.56, Oli Schacher wrote: > On Mon, 8 Apr 2013 13:15:54 +0300 > Timo Sirainen wrote: > > >> There's no way to make quota work reliably that way. You need to use >> different quota backends. Either two mysql databases (or tables), or >> the other Dovecot could simply be using a dict file quota. >> > > ok, thanks for the clarification. Using two different tables does the > trick. I'll probably also have to disable the quota-warning > scripts on one of the servers. Currently, both servers run the script > when a account goes overquota -> two hate-mails in the user's Inbox. Ah. Hmm. This should solve it: http://hg.dovecot.org/dovecot-2.2/rev/54cdc5b6727c
Re: [Dovecot] dsync replication: quota counted twice
On Mon, 8 Apr 2013 13:15:54 +0300 Timo Sirainen wrote: > There's no way to make quota work reliably that way. You need to use > different quota backends. Either two mysql databases (or tables), or > the other Dovecot could simply be using a dict file quota. > ok, thanks for the clarification. Using two different tables does the trick. I'll probably also have to disable the quota-warning scripts on one of the servers. Currently, both servers run the script when a account goes overquota -> two hate-mails in the user's Inbox.
Re: [Dovecot] dovecot 2 variables
Am 08.04.2013 13:18, schrieb Benny Pedersen: > On 2013-04-07 22:51, Pavel Dimow wrote: > >> Why does dovecot does not expand %l to local ip address? > > what it it does not contain an ip address ?, like "rm -f /" what is your f**ing problem? signature.asc Description: OpenPGP digital signature
Re: [Dovecot] dovecot 2 variables
On 2013-04-07 22:51, Pavel Dimow wrote: Why does dovecot does not expand %l to local ip address? what it it does not contain an ip address ?, like "rm -f /" -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
Re: [Dovecot] repeating dsync - questions
On 8.4.2013, at 1.32, Bob Gustafson wrote: > Ok, how is this for a scheme: > > 1) Initially rsync Maildir to destination system > 2) Do initial 'dsync backup' from Maildir to sdbox on destination system > 3) Do a 2nd rsync of new Maildir data from live system to destination > system, but don't copy the old maildir-uidlist still in the Maildir of > the live system. > rsync -ar --times --exclude=dovecot-uidlist system Maildir> > > I could also use the --ignore-existing option > > In theory, rsync would not touch the dovecot-uidlist file, would not > touch the existing message files, but would copy over the new messages > received during the time 'dsync backup' was doing its previous run. > > 4) Do a 2nd 'dsync backup' from the Maildir to the sdbox (which hasn't > changed since the 1st 'dsync backup') Without rsync --delete you may end up with duplicates if message flags had changed during it. There's also another potential problem. Since you don't now update the dovecot-uidlist, the message UIDs may change. Some clients cache messages by their UID. These clients may lose messages or show wrong messages to users. So for example if: 0. rsync + dsync is run to sdbox. dovecot-uidlist now says that next_uid=123 1. Maildir receives mail A that gets assigned UID 123 2. Maildir receives mail B that gets assigned UID 124 3. User deletes mail A 4. rsync is run, which copies the new mail B 5. dsync is run, which notices a new mail B, and assigns it the a new UID 123 6. You switch user to new Dovecot 7. dbox receives a new mail C, and gets assigned UID 124 8. User's client is now pretty much completely confused about what UIDs 123 and 124 contain. User may see different mails as subject and body. User may not even see the mail B anymore without a client cache rebuild. Yet another possibility would be to use dsync to migrate the mails using IMAP protocol rather than from Maildir directly: http://wiki2.dovecot.org/Migration/Dsync
Re: [Dovecot] checkpassword protocol
On 8.4.2013, at 13.42, Heiko Schlichting wrote: > The checkpassword interface is used in many different ways: > > I found checkpassword the easiest way to implement authentication against > FreeRADIUS. Using a perl script with > >$input = IO::Handle->new_from_fd(3, "r"); > > and > >my $output = IO::Handle->new_from_fd(4, "w"); > > and skipping the checkpassword-reply binary. This works fine on our server > for many years now but every time when I read some related questions on the > list, it seems that a more generic, not so crude interface would be a good > idea for a future version of dovecot. For executing scripts/binaries I think checkpassword will stay the only way. Other than that, you could talk to Dovecot-auth via UNIX socket by using dict-proxy protocol with passdb/userdb dict. Although that way you'd need some way to keep your server running and it's not that easy yet to create a new Dovecot service without using libdovecot.
Re: [Dovecot] ssl_require_crl does not work as expected
On 7.4.2013, at 14.19, dovecot.pk...@dfgh.net wrote: > My impression is that openssl will always try to use CRLs. If > "ssl_require_crl = no" > dovecot will use CRLs but tries to ignore openssl error codes > X509_V_ERR_UNABLE_TO_GET_CRL and X509_V_ERR_CRL_HAS_EXPIRED. > > This is done in ssl_verify_client_cert() in ssl-proxy-openssl.c line 871, > namely > > if (proxy->client_proxy && !proxy->set->ssl_require_crl && > (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL || >ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)) { > /* no CRL given with the CA list. don't worry about it. */ > preverify_ok = 1; > } After thinking enough about this, I kind of see what's happening: The ssl_require_crl setting wasn't intended to do what you want it to do. It was meant for Dovecot proxying code where it needs to act as an SSL client to remote server. So the setting should instead have been named ssl_require_client_crl. For server's client cert checks you should be able to simply generate an empty CRL I think? > I dont know what the proxy-stuff is about so instead of ignoring CRL-related > errors I tried to disable CRL-checking. I therefore commented out two lines > in > ssl_proxy_ctx_verify_client() in ssl-proxy-openssl.c line 1004, namely: > > // X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | > // X509_V_FLAG_CRL_CHECK_ALL); If you remove the "proxy->client_proxy &&" check it should work just as well, I think? > Similar code is contained in iostream-openssl-context.c, > namely in routine ssl_iostream_ctx_verify_remote_cert() Now I'm wondering why this code works as SSL client even though I'm not reading CRLs anywhere.. I guess I should spend some time looking into how exactly CRLs should work.
Re: [Dovecot] checkpassword protocol
Timo wrote: > All the OSes made the environment private 10-15 years ago. I think it's > pretty safe to assume that older multiuser systems won't be running > Dovecot with checkpassword backend. The checkpassword interface is used in many different ways: I found checkpassword the easiest way to implement authentication against FreeRADIUS. Using a perl script with $input = IO::Handle->new_from_fd(3, "r"); and my $output = IO::Handle->new_from_fd(4, "w"); and skipping the checkpassword-reply binary. This works fine on our server for many years now but every time when I read some related questions on the list, it seems that a more generic, not so crude interface would be a good idea for a future version of dovecot. > But .. eh. I guess: http://hg.dovecot.org/dovecot-2.2/rev/9feb2986945c Great. Thank you. Heiko Heiko SchlichtingFreie Universität Berlin heiko.schlicht...@fu-berlin.de Zentraleinrichtung für Datenverarbeitung Telefon +49 30 838-54327 Fabeckstraße 32 Telefax +49 30 838454327 14195 Berlin
Re: [Dovecot] dovecot 2 variables
Thank you Timo, then I guess I will runing two instances of dovecot one for each domain until local 1.2.3.4 { userdb { .. } } becomes ready :) On Mon, Apr 8, 2013 at 12:14 PM, Timo Sirainen wrote: > You could put (%l=1.2.3.4) in the ldap filter. But I guess it still gets > sent to the LDAP server. The best solution would be: > > local 1.2.3.4 { > userdb { > .. > } > } > > But that doesn't work yet. > > With v2.2 you can do multiple queries. So you could have one query to > translate IP address to the domain, and then a second lookup to lookup the > user@domain. http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> > subqueries. > > On 8.4.2013, at 13.07, Pavel Dimow wrote: > > > Well that is not very scalable as we always ask first database no matter > > what. What if I have the same user in both databases (ldap)? > > > > > > On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey < > > daniel.part...@informatik.tu-chemnitz.de> wrote: > > > >> Pavel Dimow wrote: > >>> Just to be clear my goal is to have multiple domains on multiple > >> addresses > >>> but use one dovecot instance and to let users logging without @domain > >> part. > >> > >> You might try to use several passdb/userdb sections with driver ldap, > >> one for each domain: > >> > >> http://wiki2.dovecot.org/Authentication/MultipleDatabases > >> > >> Regards > >> Daniel > >> -- > >> https://plus.google.com/103021802792276734820 > >> > >
Re: [Dovecot] checkpassword protocol
On 8.4.2013, at 10.00, Heiko Schlichting wrote: >> Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but >> I guess it can stay there. Some 10 years ago that might not have been >> such a good idea since there were still some systems where process >> environment variables were readable to all users in the system, but >> I doubt there exist such systems anymore (at least where people would >> want to run Dovecot). > > Very optimistic assumption. Wouldn't it be safer to remove the password > from the environment? Anyone using checkpassword should use FD 3 and 4 for > this purpose. Environment variables and command line arguments are not safe > to transport passwords. All the OSes made the environment private 10-15 years ago. I think it's pretty safe to assume that older multiuser systems won't be running Dovecot with checkpassword backend. But .. eh. I guess: http://hg.dovecot.org/dovecot-2.2/rev/9feb2986945c
Re: [Dovecot] dsync replication: quota counted twice
On 8.4.2013, at 13.05, Oli Schacher wrote: > I enabled quota + warnings in my replication test setup and now > whenever a mail gets delivered the quota is counted twice (probably due > to both servers using the same mysql quota backend) Yes. Dovecot doesn't know that they are the same quota backend. > and quota warnings > are fired too early. After a doveadm quota recalc -u the > quota is correct again. How do I make dovecot only count the quota on > the server where the mail was added originally? There's no way to make quota work reliably that way. You need to use different quota backends. Either two mysql databases (or tables), or the other Dovecot could simply be using a dict file quota.
Re: [Dovecot] dovecot 2 variables
You could put (%l=1.2.3.4) in the ldap filter. But I guess it still gets sent to the LDAP server. The best solution would be: local 1.2.3.4 { userdb { .. } } But that doesn't work yet. With v2.2 you can do multiple queries. So you could have one query to translate IP address to the domain, and then a second lookup to lookup the user@domain. http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb -> subqueries. On 8.4.2013, at 13.07, Pavel Dimow wrote: > Well that is not very scalable as we always ask first database no matter > what. What if I have the same user in both databases (ldap)? > > > On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey < > daniel.part...@informatik.tu-chemnitz.de> wrote: > >> Pavel Dimow wrote: >>> Just to be clear my goal is to have multiple domains on multiple >> addresses >>> but use one dovecot instance and to let users logging without @domain >> part. >> >> You might try to use several passdb/userdb sections with driver ldap, >> one for each domain: >> >> http://wiki2.dovecot.org/Authentication/MultipleDatabases >> >> Regards >> Daniel >> -- >> https://plus.google.com/103021802792276734820 >>
Re: [Dovecot] dovecot 2 variables
Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey < daniel.part...@informatik.tu-chemnitz.de> wrote: > Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple > addresses > > but use one dovecot instance and to let users logging without @domain > part. > > You might try to use several passdb/userdb sections with driver ldap, > one for each domain: > > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > Regards > Daniel > -- > https://plus.google.com/103021802792276734820 >
[Dovecot] dsync replication: quota counted twice
Hi I enabled quota + warnings in my replication test setup and now whenever a mail gets delivered the quota is counted twice (probably due to both servers using the same mysql quota backend) and quota warnings are fired too early. After a doveadm quota recalc -u the quota is correct again. How do I make dovecot only count the quota on the server where the mail was added originally? dovecot -n is the same as in my previous message to the list today http://www.dovecot.org/list/dovecot/2013-April/089558.html (thanks Timo for the hint in this thread btw, changing the permissions made the errors go away) Thanks Oli -- message transmitted on 100% recycled electrons
Re: [Dovecot] Problem with fts lucene, on solaris 10
On 8.4.2013, at 12.19, Pigi wrote: >> gdb /usr/local/libexec/dovecot/imap 16400 .. > I took a sligtly different approach: > gdb /usr/local/dovecot/libexec/dovecot/indexer-worker `ps -ef | grep > indexer-worker | grep -v grep |awk '{print $2}' ` > > thus attaching to indexer-worker, which I think ( but not sure ) it should be > fine. Oh, right, I forgot which process you were gdbing :) > Program received signal SIGSEGV, Segmentation fault. > 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 > (gdb) bt full > #0 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 > No symbol table info available. > #1 0xfebd66e4 in realloc () from /lib/libc.so.1 > No symbol table info available. > #2 0xff1d9a70 in pool_system_realloc (pool=0xff21576c, mem=0xff21576c, > old_size=0, new_size=8192) at mempool-system.c:115 > No locals. > #3 0xff1cda28 in i_realloc (mem=0x0, old_size=0, new_size=8192) at imem.c:14 > No locals. Looks to me like memory corruption, which is just about impossible to debug if you don't have valgrind or a similar tool (and I don't think Solaris has any such free tools). Do you happen to get any other crashes where it doesn't crash in malloc code? You showed previously that it was crashing with SIGBUS somewhere.
Re: [Dovecot] Problem with fts lucene, on solaris 10
On Monday 08 April 2013, Timo Sirainen wrote: > On 8.4.2013, at 11.54, Pigi wrote: > > > gdb is just confused. Try another way if it works: > > gdb /usr/local/libexec/dovecot/imap 16400 > cont > bt full > > Timo, I took a sligtly different approach: gdb /usr/local/dovecot/libexec/dovecot/indexer-worker `ps -ef | grep indexer-worker | grep -v grep |awk '{print $2}' ` thus attaching to indexer-worker, which I think ( but not sure ) it should be fine. Here the result: GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.10"... Attaching to program `/usr/local/dovecot/libexec/dovecot/indexer-worker', process 21672 Reading symbols from /usr/local/dovecot/lib/dovecot/libdovecot-storage.so.0...done. Loaded symbols for /usr/local/dovecot/lib/dovecot/libdovecot-storage.so.0 Reading symbols from /usr/local/dovecot/lib/dovecot/libdovecot.so.0...done. Loaded symbols for /usr/local/dovecot/lib/dovecot/libdovecot.so.0 Reading symbols from /usr/local/openssl-1.0.1e/lib/libssl.so.1.0.0...done. Loaded symbols for /usr/local/openssl-1.0.1e/lib//libssl.so.1.0.0 Reading symbols from /usr/local/openssl-1.0.1e/lib/libcrypto.so.1.0.0...done. Loaded symbols for /usr/local/openssl-1.0.1e/lib//libcrypto.so.1.0.0 Reading symbols from /lib/libdl.so.1... warning: Lowest section in /lib/libdl.so.1 is .hash at 00b4 done. Loaded symbols for /lib/libdl.so.1 Reading symbols from /usr/local/lib/libiconv.so.2...done. Loaded symbols for /usr/local/lib/libiconv.so.2 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libsocket.so.1...done. Loaded symbols for /lib/libsocket.so.1 Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libsendfile.so.1...done. Loaded symbols for /lib/libsendfile.so.1 Reading symbols from /lib/libc.so.1...done. Loaded symbols for /lib/libc.so.1 Reading symbols from /usr/sfw/lib/libgcc_s.so.1...done. Loaded symbols for /usr/sfw/lib/libgcc_s.so.1 Reading symbols from /lib/libaio.so.1...done. Loaded symbols for /lib/libaio.so.1 Reading symbols from /lib/libmd.so.1...done. Loaded symbols for /lib/libmd.so.1 Reading symbols from /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1...done. Loaded symbols for /platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1 Reading symbols from /usr/local/dovecot/lib/dovecot/lib20_fts_plugin.so...done. Loaded symbols for /usr/local/dovecot/lib/dovecot/lib20_fts_plugin.so Reading symbols from /lib/libscf.so.1...done. Loaded symbols for /lib/libscf.so.1 Reading symbols from /lib/libdoor.so.1...done. Loaded symbols for /lib/libdoor.so.1 Reading symbols from /lib/libuutil.so.1...done. Loaded symbols for /lib/libuutil.so.1 Reading symbols from /lib/libgen.so.1...done. Loaded symbols for /lib/libgen.so.1 Reading symbols from /platform/SUNW,Sun-Fire-V240/lib/libmd_psr.so.1...done. Loaded symbols for /platform/SUNW,Sun-Fire-V240/lib/libmd_psr.so.1 Reading symbols from /lib/libmp.so.2...done. Loaded symbols for /lib/libmp.so.2 Reading symbols from /usr/local/dovecot/lib/dovecot/lib21_fts_lucene_plugin.so...done. Loaded symbols for /usr/local/dovecot/lib/dovecot/lib21_fts_lucene_plugin.so Reading symbols from /usr/local/clucene/lib/libclucene-shared.so.1...done. Loaded symbols for /usr/local/clucene/lib//libclucene-shared.so.1 Reading symbols from /usr/local/clucene/lib/libclucene-core.so.1...done. Loaded symbols for /usr/local/clucene/lib//libclucene-core.so.1 Reading symbols from /usr/sfw/lib/libstdc++.so.6...done. Loaded symbols for /usr/sfw/lib/libstdc++.so.6 Reading symbols from /lib/libm.so.2...done. Loaded symbols for /lib/libm.so.2 Reading symbols from /usr/lib/libz.so...done. Loaded symbols for /usr/lib/libz.so Reading symbols from /lib/ld.so.1...done. Loaded symbols for /lib/ld.so.1 sol-thread active. Retry #1: Retry #2: Retry #3: Retry #4: [New LWP1] [New Thread 1 (LWP 1)] Symbols already loaded for /usr/local/dovecot/lib/dovecot/libdovecot-storage.so.0 Symbols already loaded for /usr/local/dovecot/lib/dovecot/libdovecot.so.0 Symbols already loaded for /usr/local/openssl-1.0.1e/lib//libssl.so.1.0.0 Symbols already loaded for /usr/local/openssl-1.0.1e/lib//libcrypto.so.1.0.0 Symbols already loaded for /lib/libdl.so.1 Symbols already loaded for /usr/local/lib/libiconv.so.2 Symbols already loaded for /lib/libnsl.so.1 Symbols already loaded for /lib/libsocket.so.1 Symbols already loaded for /lib/librt.so.1 Symbols already loaded for /lib/libsendfile.so.1 Symbols already loaded for /lib/libc.so.1 Symbols already loaded for /usr/sfw/lib/libgcc_s.so.1 Symbols already loaded for /lib/libaio.so.1 Symbols already loaded for /lib/libmd.so.1 S
Re: [Dovecot] Problem with fts lucene, on solaris 10
On 8.4.2013, at 11.54, Pigi wrote: > I haven't had too much luck with gdb: > > 0xfec4c554 in ?? () > (gdb) cont > Continuing. > > Program received signal SIGSEGV, Segmentation fault. > 0xfebd710c in ?? () > (gdb) bt full > #0 0xfebd710c in ?? () > No symbol table info available. > (gdb) quit > The program is running. Quit anyway (and detach it)? (y or n) y > Detaching from program: , process 16400 gdb is just confused. Try another way if it works: gdb /usr/local/libexec/dovecot/imap 16400 cont bt full
Re: [Dovecot] Problem with fts lucene, on solaris 10
I haven't had too much luck with gdb: 0xfec4c554 in ?? () (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. 0xfebd710c in ?? () (gdb) bt full #0 0xfebd710c in ?? () No symbol table info available. (gdb) quit The program is running. Quit anyway (and detach it)? (y or n) y Detaching from program: , process 16400 That's rather strange, as : root# file /usr/local/dovecot/sbin/dovecot dovecot:ELF 32-bit MSB executable SPARC Version 1, dynamically linked, not stripped root# file /usr/local/clucene/lib/lib* /usr/local/clucene/lib/libclucene-core.so: ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped /usr/local/clucene/lib/libclucene-core.so.1:ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped /usr/local/clucene/lib/libclucene-core.so.2.3.3.4: ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped /usr/local/clucene/lib/libclucene-shared.so:ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped /usr/local/clucene/lib/libclucene-shared.so.1: ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped /usr/local/clucene/lib/libclucene-shared.so.2.3.3.4:ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped root # Thus, every binary, or lib, is not stripped. If I invoke gdb on those binary I can get every simbol: root # gdb /usr/local/dovecot/sbin/dovecot ... SNIP ... (gdb) list 736 "\n", IO_BLOCK_SIZE); 737 } 738 739 int main(int argc, char *argv[]) 740 { 741 struct master_settings *set; 742 const char *error, *doveconf_arg = NULL; 743 failure_callback_t *orig_info_callback, *orig_debug_callback; 744 bool foreground = FALSE, ask_key_pass = FALSE; 745 bool doubleopts[argc]; or even root # gdb /usr/local/clucene/lib/libclucene-core.so ... SNIP ... (gdb) list 1 /*-- 2 * Copyright (C) 2003-2006 Ben van Klinken and the CLucene Team 3 * 4 * Distributable under the terms of either the Apache License (Version 2.0) or 5 * the GNU Lesser General Public License, as specified in the COPYING file. 6 --*/ 7 #include "CLucene/_ApiHeader.h" 8 #include "CLucene/util/Misc.h" 9 10 #include "CLucene/search/Sort.h" (gdb) Should I compile with -g (and in case, how do I pass this flag to cmake ) ? Thanks. Pigi On Sunday 07 April 2013, Timo Sirainen wrote: > On 5.4.2013, at 22.59, Pigi wrote: > > > I'm planning to migrate my courier-imap imap server to dovecot, but I'm > > experiencing a strange issue > > with fts-lucene plugin. > > > > Basically, every time I start a search, the log starts to write: > > > > Apr 05 19:30:53 indexer: Error: Indexer worker disconnected, discarding 1 > > requests for XX > > Apr 05 19:30:53 indexer-worker(X): Fatal: master: > > service(indexer-worker): child 809 killed with signal 11 (core not dumped) > > Apr 05 19:30:53 imap(XX): Error: indexer failed to index mailbox INBOX > > Apr 05 19:30:56 indexer-worker(X): Error: lucene index > > /home/X/Maildir/lucene-indexes: IndexWriter() failed (#1): Lock obtain > > timed out > > > > When trussing the indexer-worker pid I can see it ends with: > > If you can truss it, you can also gdb it, which is much more helpful: > > gdb -p > cont > > bt full > > > 527: siginfo: SIGBUS BUS_ADRALN addr=0x005B50BA > > 527:Received signal #10, SIGBUS [default] > > 527: siginfo: SIGBUS BUS_ADRALN addr=0x005B50BA > > That says it's a SIGBUS, but the Dovecot log said it's a SIGSEGV. Wonder > what's the difference, or maybe you're getting both. Anyway I'd guess this is > a clucene bug related to CPU alignment with Sparc CPU. gdb would confirm and > could help with fixing it. > >
Re: [Dovecot] MOSTLY SOLVED: Re: client limit and STARTTLS
On Sat, 2013-04-06 at 01:09 -0700, David Benfell wrote: > > Are your certificate chains valid? Simply saying "isn't working" is > > almost a requirement for a *sigh* > > log output please, or a better description than "isn't working" ;) > Yes, the certificate chains were screwed up. And you hit the nail on the > head when you pointed to chains. It's a StartSSL cert and I've had > trouble getting this straight from the beginning. > no problems, it's the main culprit for most SSL issues > Thanks! > > Now if we can sort out how to set the client and process limits. I > changed the settings like thus: > > default_process_limit = 1024 > default_client_limit = 4096 > I see Harald has explained this already (I dont use high performance mode, I prefer security, but you wont notice any performance hit anyway, we never have) But if you can't see yourself with that many concurrent users, remove them and stick with defaults, unless you do need to increase them, wich you'll soon learn from your users, worry about it then. > The truth is, I can't imagine having 4096 clients. I mean, it's true, I > like my toys, but. > When you see this, just set a ulimit in dovecots startup script #!/bin/sh # rc.dovecot # Start/stop/restart dovecot. ulimit -n 8192 ...dovecot stuff... Cheers signature.asc Description: This is a digitally signed message part
Re: [Dovecot] v2.2.rc6 released
On 8.4.2013, at 11.22, Oli Schacher wrote: > In my dsync replication test setup I now get Permission denied errors: > > Apr 8 10:04:33 fumailsynctest2 dovecot: dsync-remote(): Error: > net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: Permission > denied > > I haven't noticed them before rc6. Bug or something wrong with my config? dsync is trying to notify the replicator that a user was synced. I could maybe just hide that error message, since it's not a real problem. But keeping the two replicators somewhat updated about what users are synced is better, so you could also change the socket's permissions so that dsync has access to it (http://wiki2.dovecot.org/Replication).
Re: [Dovecot] v2.2.rc6 released
Hi Timo In my dsync replication test setup I now get Permission denied errors: Apr 8 10:04:33 fumailsynctest2 dovecot: dsync-remote(): Error: net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: Permission denied I haven't noticed them before rc6. Bug or something wrong with my config? Thanks Oli # 2.2.rc6: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_master_user_separator = * auth_mechanisms = plain login dict { acl = mysql:/etc/dovecot/dovecot-dict-shares.conf quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } disable_plaintext_auth = no doveadm_password = listen = * login_greeting = Fumail Dovecot ready. mail_max_userip_connections = 50 mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls acl_shared_dict = proxy::acl mail_replica = tcp:1..ch:1337 quota = dict:::proxy::quotadict quota_rule = *:storage=10M:messages=1000 quota_rule2 = Spam:ignore quota_rule3 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = pop3 imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = fumail } unix_listener replication-notify { user = fumail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = fumail mode = 0660 user = fumail } user = root } service dict { unix_listener dict { mode = 0600 user = fumail } } service doveadm { inet_listener { port = 1337 } } service imap { vsz_limit = 2 G } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve { vsz_limit = 2 G } service pop3 { vsz_limit = 2 G } service quota-warning { executable = script /usr/local/bin/quotawarning.py unix_listener quota-warning { mode = 0666 user = fumail } user = fumail } service replicator { process_min_avail = 1 } ssl_cert = .crt ssl_key = .key userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { imap_client_workarounds = mail_plugins = " quota notify replication acl imap_acl quota imap_quota" } protocol pop3 { mail_plugins = " quota notify replication quota" pop3_uidl_format = %08Xu%08Xv } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) } protocol lmtp { deliver_log_format = from=<%f> msgid=%m action=<%$> subject=%s mail_plugins = " quota notify replication sieve quota" postmaster_address = postmaster@ quota_full_tempfail = yes }
Re: [Dovecot] mdbox and folders containing both messages and sub-folders
On 8.4.2013, at 1.51, Rich Wales wrote: > When I use the mdbox format, there are a bunch of LIST and LSUB commands > whose responses mention INBOX.Trash with the \Noselect and \HasChildren > flags (the Trash folder for this particular account happens to contain > subfolders). Before trying to save a message in the Trash folder, the > client did a "SUBSCRIBE INBOX.Trash" (which succeeded) followed by a > "STATUS INBOX.Trash" (which failed with "NO Mailbox doesn't exist"). > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > When I use the Maildir format, the raw log never mentions the \Noselect > flag in connection with the INBOX.Trash folder. Yeah, this is the difference between Dovecot's LAYOUT=fs and LAYOUT=maildir++ backends, which is also exposed to IMAP clients. With maildir++ there are no \Noselect folders possible. Whether that's a good or a bad thing I'm not entirely sure. I've been wondering earlier also if I should change the behavior somewhat, or make it configurable. > So, with the mdbox format, Larch did not CREATE the folder before trying > to SELECT it. And Dovecot was flagging INBOX.Trash with a \Noselect flag > (which was not the case with the Maildir format). I'd say this is a Larch bug. It's relying on some specific way that some IMAP servers work.
Re: [Dovecot] checkpassword protocol
> Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but > I guess it can stay there. Some 10 years ago that might not have been > such a good idea since there were still some systems where process > environment variables were readable to all users in the system, but > I doubt there exist such systems anymore (at least where people would > want to run Dovecot). Very optimistic assumption. Wouldn't it be safer to remove the password from the environment? Anyone using checkpassword should use FD 3 and 4 for this purpose. Environment variables and command line arguments are not safe to transport passwords. Heiko Heiko SchlichtingFreie Universität Berlin heiko.schlicht...@fu-berlin.de Zentraleinrichtung für Datenverarbeitung Telefon +49 30 838-54327 Fabeckstraße 32 Telefax +49 30 838454327 14195 Berlin