Re: [Dovecot] crash with dovecot 2.2: Panic: Buffer full
Le 9 avr. 2013 à 22:56, Timo Sirainen t...@iki.fi a écrit : On 8.4.2013, at 23.26, to...@starbridge.org wrote: imap(clean-quarant...@spamguard.fr): Panic: file istream.c: line 153 (i_stream_read): assertion failed: (_stream-skip != _stream-pos) http://hg.dovecot.org/dovecot-2.2/rev/fbef40826602 should fix this. Thanks Timo Its ok now Regards Tonio
Re: [Dovecot] v2.2.rc7 released
On Wed, 10 Apr 2013 23:46:36 +0300 Timo Sirainen t...@iki.fi wrote: OK, still not quite v2.2.0, but now it's definitely very close. :) Looking forward to the release, thank you! * Running dsync no longer triggers quota warnings. Not sure if you saw my last post about this change.. it works but now maillog always shows these empty error messages after executing the quota script: Apr 11 07:55:08 fumailsynctest1 dovecot: lda(quotatest@munged): msgid=20130411055508.10728.76331@fumailsynctest1.munged: saved mail to INBOX Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: close failed in file object destructor: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Error in sys.excepthook: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Original exception was: -- message transmitted on 100% recycled electrons
Re: [Dovecot] v2.2.rc7 released
On Thu, 11 Apr 2013 08:06:58 +0200 Oli Schacher dove...@lists.wgwh.ch wrote: Error in sys.excepthook: ... and after the first coffee I realize the error is generated by our python quota script and not by dovecot. I wonder why this only showed up since this change... sorry for the noise. -- message transmitted on 100% recycled electrons
[Dovecot] [PATCH proposal] make dsync preserve pop3_uidl_format
Hi there, I ran into an issue yesterday (dovecot 2.0) whereby when we dsync messages from a local machine (sdbox) to a remote (Maildir) which have different pop3_uidl_formats configured, the uidl format is not preserved. There doesn't seem to be any way to force this in the code, although I suspect that Maildir sources with saved pop3 uidls would pass them correctly. Attached is a rough patch against 2.0.21 dsync which will generate the uidls on the client before passing them over to the destination. This only works for %u and %v currently, also because dsync doesn't read the whole config file you need to specify -o pop3_uidl_format=... to dsync. Mark--- dovecot-2.0.21/src/dsync/dsync-worker-local.c 2012-02-12 21:12:34.0 + +++ dovecot-2.0.21.new/src/dsync/dsync-worker-local.c 2013-04-11 09:05:05.0 +0100 @@ -9,6 +9,7 @@ #include istream.h #include settings-parser.h #include mailbox-log.h +#include var-expand.h #include mail-user.h #include mail-namespace.h #include mail-storage.h @@ -1832,7 +1833,16 @@ struct dsync_msg_static_data data; struct mailbox_transaction_context *trans; struct mailbox *box; +char uid_valid_str[MAX_INT_STRLEN]; +char uid_str[MAX_INT_STRLEN]; +struct mailbox_status status; + +struct var_expand_table tab[] = { +{ 'v', NULL, uidvalidity }, +{ 'u', NULL, uid }, +}; + string_t *str = t_str_new(128); i_assert(!worker-reading_mail); if (!dsync_guid_equals(worker-get_mailbox, get-mailbox)) { @@ -1864,7 +1874,19 @@ DSYNC_MSG_GET_RESULT_FAILED, NULL, get-context); } else { worker-reading_mail = TRUE; + if( data.pop3_uidl[0] == '\0' ) { + mailbox_get_status(worker-get_mail-box, STATUS_UIDVALIDITY, status); + i_snprintf(uid_valid_str, sizeof(uid_valid_str), %u, status.uidvalidity); + tab[0].value = uid_valid_str; + i_snprintf(uid_str, sizeof(uid_str), %u, get-uid); + tab[1].value = uid_str; + const struct mail_storage_settings *set = mailbox_get_settings( worker-get_mail-box ); + + var_expand(str, set-pop3_uidl_format, tab); + data.pop3_uidl = str_c( str ); + } else data.pop3_uidl = t_strdup(data.pop3_uidl); + data.input = i_stream_create_limit(data.input, (uoff_t)-1); i_stream_set_destroy_callback(data.input, local_worker_msg_get_done,
[Dovecot] [PATCHES] NetBSD support, authentication buffer size
Hi Here are a few unintegrated patches, just tested against 2.2rc7: 1) NetBSD's getmntinfo uses struct statvfs while other BSD use struct statfs http://ftp.espci.fr/shadow/manu/patch-ak 2) NetBSD 5.x net_getunixcred() support. Build on NetBSD, but not tested (I am testing on NetBSD 6.0): http://ftp.espci.fr/shadow/manu/patch-src_lib_net.c 3) Increase authentication buffer size so that it can cope with unusual authentication scheme. This patch was integrated in dovecot-1.x but did not make its way in dovecot-2.x http://ftp.espci.fr/shadow/manu/patch-src_lib-master_master-auth.h -- Emmanuel Dreyfus m...@netbsd.org
Re: [Dovecot] My old email is not stored
Well, receiving ALL mails again, might not be too handy, but 14 days is a quite short time. So can i change the pop3 settings so old emails are stored for e.g. 3 months instead of 14 days? And just curious, where can i disable the configuration that pop3 deletes received messages? As has already been explained to you, these POP3 settings are CLIENT SPECIFIC. There is nothing that you can set on the SERVER to enforce it. You can have one client set to leave them on the server for as long as you want, and the second you set up your account as POP on another device and it connects, bam, all your messages are gone (unless you ALWAYS remember to change the setting BEFORE you ever connect to the account). I see now, took some time for me to sink in. Is there any way on the server to disable the pop3 protocol, so all email users cant accidently use pop3 and delete all their old emails? I suppose i would have to do something like the following on the server: - open dovecot.conf - change the first line (currently its protocols = imap imaps pop3 pop3s), and remove pop3 and pop3s - maybe delete/change something in this piece of code in dovecot.conf: protocol pop3 { pop3_uidl_format = %08Xu%08Xv } - restart dovecot (and maybe some other applications?) So is this the right way to disable the pop3 protocol in my mail server? I dont want to crash the mail server by disabling pop3. And about me being the admin of the mailserver, thanks to you guys im going to search for a company that can maintain the server stuff for me (hiring someone is too expensive for now), for they have more experience in servers and know what to do. Do you have any tips about what is important knowledge that an external company must have to properly maintain my server system? (mail server, backup, security etc) And thanks for all your help. -- View this message in context: http://dovecot.2317879.n4.nabble.com/My-old-email-is-not-stored-tp41478p41506.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
Hi, thanks for the answer. Do I understand you right that currently it's not possible to manage both system users and virtual users in a dovecot 2 and lmtp setup? You were talking about adding a generic passdb/userdb { auth_username_format } setting. Are there any plans to do so? What are your recommendations about migrating from dovecot 1.2.15 to dovecot 2 regarding system and virtual users? Should I use LDA instead of LMTP then? Thank you very much, David Timo Sirainen schrieb am 31.03.2013 10:53: On 22.3.2013, at 11.53, David Obando da...@cryptix.de wrote: Timo Sirainen schrieb am 22.03.2013 09:48: Maybe. Depends on your Dovecot version and passdb/userdb configuration. So, doveconf -n output? I use version 2.1.7 from the backports repo on Debian Squeeze. passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } Nope, you can't currently do user@domain auth for sql and user for PAM. You could try using passdb checkpassword instead though, which allows you to script it any way you want. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } Also userdb passwd can't do that. I've thought of adding a generic passdb/userdb { auth_username_format } setting, but that doesn't exist yet. Would be easy to do though.. -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Re: [Dovecot] v2.2.rc7 released
On 11.4.2013, at 9.06, Oli Schacher dove...@lists.wgwh.ch wrote: * Running dsync no longer triggers quota warnings. Not sure if you saw my last post about this change.. it works but now maillog always shows these empty error messages after executing the quota script: Apr 11 07:55:08 fumailsynctest1 dovecot: lda(quotatest@munged): msgid=20130411055508.10728.76331@fumailsynctest1.munged: saved mail to INBOX Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: close failed in file object destructor: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Error in sys.excepthook: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Apr 11 07:55:08 fumailsynctest1 dovecot: quota-warning: Error: Original exception was: Those errors come from your script. I don't see anything in the quota warning change that could have changed a behavior in your script. Maybe your script changed also around the same time?
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
On 11.4.2013, at 11.41, Emmanuel Dreyfus m...@netbsd.org wrote: Here are a few unintegrated patches, just tested against 2.2rc7: 1) NetBSD's getmntinfo uses struct statvfs while other BSD use struct statfs http://ftp.espci.fr/shadow/manu/patch-ak 2) NetBSD 5.x net_getunixcred() support. Build on NetBSD, but not tested (I am testing on NetBSD 6.0): http://ftp.espci.fr/shadow/manu/patch-src_lib_net.c OK, I'll add these. 3) Increase authentication buffer size so that it can cope with unusual authentication scheme. This patch was integrated in dovecot-1.x but did not make its way in dovecot-2.x http://ftp.espci.fr/shadow/manu/patch-src_lib-master_master-auth.h By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long? I'm not very interested in supporting that, at least without a good reason.
Re: [Dovecot] Maildirs location migration
On Wed, Apr 10, 2013 at 09:21:40PM +0300, Timo Sirainen wrote: Not if you kick the users out at the correct time: - dsync - switch user to new format - kick users - final dsync It doesn't matter if new connections arrive during the final dsync, because they are using the new format already. dsync merges changes, it doesn't destroy any changes. It doesn't destroy changes but the user may see an incorrect state for a small amount of time, doesn't he ? For instance (using dsync to change Maildir location from file1 to filer2) : . Maildir in source : message tagged as New . initial dsync . user read the message in the source, message is now tagges as Read . switch user to Maildir in destination . kick user . user reconnects and sees, in destination, the message he just read tagged as New as long as the final dsync is not finished ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Groupe Exploitation et Infrastructure
Re: [Dovecot] Maildirs location migration
On 11.4.2013, at 13.07, Thomas Hummel hum...@pasteur.fr wrote: It doesn't matter if new connections arrive during the final dsync, because they are using the new format already. dsync merges changes, it doesn't destroy any changes. It doesn't destroy changes but the user may see an incorrect state for a small amount of time, doesn't he ? For a small amount of time, yes. For instance (using dsync to change Maildir location from file1 to filer2) : . Maildir in source : message tagged as New . initial dsync . user read the message in the source, message is now tagges as Read . switch user to Maildir in destination . kick user . user reconnects and sees, in destination, the message he just read tagged as New as long as the final dsync is not finished ? Which is probably a few seconds, so I don't see this as much of a problem.
Re: [Dovecot] Maildirs location migration
On Thu, Apr 11, 2013 at 01:09:18PM +0300, Timo Sirainen wrote: Which is probably a few seconds, so I don't see this as much of a problem. Ok, thanks. -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Groupe Exploitation et Infrastructure
Re: [Dovecot] Postfix/Dovecot/lmtp with virtual and local users
On Thu, 2013-04-11 at 11:04 +0200, David Obando wrote: Hi, thanks for the answer. Do I understand you right that currently it's not possible to manage both system users and virtual users in a dovecot 2 and lmtp setup? If you have only a single domain, set auth_username_format=%Ln and configure your virtual userdb to work without @domain. Or you could switch to using only virtual users, and have your MTA forward the local users' mails to virtual users. Or you could use userdb checkpassword instead of passwd, which strips away the domain before doing a passwd lookup. You were talking about adding a generic passdb/userdb { auth_username_format } setting. Are there any plans to do so? Sure, but as to when I'll actually implement it, no idea. It's not a big priority right now (although it would probably be pretty quick to implement). What are your recommendations about migrating from dovecot 1.2.15 to dovecot 2 regarding system and virtual users? Should I use LDA instead of LMTP then? That's one possibility too, yes.
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
Timo Sirainen t...@iki.fi wrote: By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long? This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it. You did support in in 1.x and it did not harm anyone... -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
On 11.4.2013, at 14.58, m...@netbsd.org (Emmanuel Dreyfus) wrote: By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long? This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it. The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead. You did support in in 1.x and it did not harm anyone… It does make it easier to waste the (pre-login!) process memory usage.
Re: [Dovecot] Proxying, pertinent values and features, SNI
On 04/04/2013 03:56, Christian Balzer wrote: 2. Despite the fact that it will be trivial for anybody to determine that OEM A is now hosted with us, a SAN SSL makes all the SANs visible in one go, something they probably don't want. But someone smart enough to be able to look at a certificate, is probably also smart enough to be able to go to http://robtex.com and do some reverse IP tests on your IPs... I think the difference is minor - even if you used a whole bunch of IPs, one per customer, if they are near each other, then a few google searches and some use of robtex will quickly show up your customer base Cheers Ed W
[Dovecot] Easy way to make all mailboxes of a user read-only
Hello all, I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: user=username lr and plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 } But that seems to be ignored. What is wrong with this idea, the docs are not really clear about a single acl file with global settings. -- Regards, Stephan
Re: [Dovecot] My old email is not stored
On 2013-04-11 5:00 AM, HylkeB hy...@movinsoftware.nl wrote: I see now, took some time for me to sink in. Is there any way on the server to disable the pop3 protocol, so all email users cant accidently use pop3 and delete all their old emails? I suppose i would have to do something like the following on the server: - open dovecot.conf - change the first line (currently its protocols = imap imaps pop3 pop3s), and remove pop3 and pop3s - maybe delete/change something in this piece of code in dovecot.conf: protocol pop3 { pop3_uidl_format = %08Xu%08Xv } - restart dovecot (and maybe some other applications?) So is this the right way to disable the pop3 protocol in my mail server? I dont want to crash the mail server by disabling pop3. Yes, although I'm pretty sure you don't need to comment out the 'protocol pop3... section stuff as long as you disable the protocol itself (protocols = ...'). What other apps would you have to restart? Dovecot is the mail server. Before you do this, I'd inform/warn everyone, provide instructions for setting up their account as IMAP and wait until they have all done so, then tell them they can manually copy their email back to the server via their new IMAP account. This (waiting on everyone to confirm they have changed over) may not be practical though, depending on how many users you have. And you won't crash the server, but anyone still trying to connect using POP will start complaining loudly... ;) And about me being the admin of the mailserver, thanks to you guys im going to search for a company that can maintain the server stuff for me (hiring someone is too expensive for now), for they have more experience in servers and know what to do. I would strongly recommend Timo's new company. His rates are very reasonable, and who better to admin your server than a company run by the man himself? That is what we did. He converted our old courier-imap server in place (about 350GB of mail for about 70 users) in a very short period of time, and none of our users even noticed. http://www.dovecot.fi/ Do you have any tips about what is important knowledge that an external company must have to properly maintain my server system? (mail server, backup, security etc) Way too broad of a subject... either you know, or you don't, and if you don't, it is up to you to decide if you want to spend the time and effort to learn it yourself (but what about securing things while you're learning?), or pay someone else to do it. And security is an entirely separate subject all its own. I consider myself to be reasonably competent (far from expert), but I know my own limitations and feel more comfortable having paid support from Timo's company... I'm also very curious about the upcoming (commercial) Object Storage support that will be available in 2.2 for real time cloud backup and to offload older emails from our local server... but that is another email... -- Best regards, Charles
[Dovecot] Dovecot distribution configuration files source
Where can I find unaltered distribution config files (/etc/dovecot/ and /etc/dovecot/config.d/) for Dovecot 2.1.7? I upgraded from version 1 and had to butcher them to get it working. Now that I understand it better, I'd like to do it right. -- Dave
[Dovecot] Questions about the upcoming Object Storage Plugin for 2.2
Hi Timo, I'm curious and have questions about the new Object Storage Plugin (OSP), and how it can be leveraged by an SMB like us. First, am I reading this right where it could be used as a kind of 'live/realtime backup' solution, where everything is stored *both* locally and in the cloud, with two-way syncing, ie, so local users could access the local server for faster access, and when outside the office, they'd access the cloud based storage and any changes made there are sync'd back to the local server? Or is it intended to be more as an alternative storage for storing older emails in a separate namespace? Or both/either? Second, is SIS fully supported by the OSP? Third - I'm a little confused by the Amazon S3 pricing page, especially on how to try to estimate the costs for usage (bandwidth, etc)... do you have any idea how to go about estimating that? Is there some kind of process we could use on our existing server to measure it over a given period of time that would give us an estimate of what to expect if we decided to switch over? Last - have you established pricing for the OSP? Will it be per user, or per MB/GB, per month (or per year), or just a one-time cost? And/or will you include/bundle it with any/all of your support tiers? Sorry if I'm jumping the gun here... Thanks, really looking forward to the 2.2 release! -- Best regards, Charles
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
On Thu, Apr 11, 2013 at 02:54:01PM +0300, Timo Sirainen wrote: This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it. The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead. pam_saml is not the component that choose the authentication. The webmail does. Squirrelmail does not support PLAIN. You did support in in 1.x and it did not harm anyone? It does make it easier to waste the (pre-login!) process memory usage. Perhaps it could be configurable? -- Emmanuel Dreyfus m...@netbsd.org
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3.
Re: [Dovecot] Dovecot distribution configuration files source
On 11.4.2013, at 15.19, Dave Gattis dave.gat...@suhner.com wrote: Where can I find unaltered distribution config files (/etc/dovecot/ and /etc/dovecot/config.d/) for Dovecot 2.1.7? I upgraded from version 1 and had to butcher them to get it working. Now that I understand it better, I'd like to do it right. Maybe they are in /usr/share/doc/dovecot/example-config/ ? If not, get the source code tarball and see doc/example-config/. The 2.1.7 config is probably identical to 2.1.16 config.
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
Let me explain some more details, that seem important to understand: I cannot use acl files per folder/mailbox because the MTA creates folders dynamically (re-orders mails in folders). So I really would need some idea to tell dovecot to let a certain user access his mailbox/folders read-only, no matter how many. A global acl _file_ would do that, or an acl-file that work for a whole tree of folders. A global acl directory does not help, because I would have to know the names of every single folder/mailbox to create the correct acl-file in the global directory. -- Regards, Stephan
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On Thu, 11 Apr 2013 16:00:22 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3. Oh, that is _bad_. I cannot use fs permissions because the MTA (postfix) must have write permissions (to the directories) to create the mail files... -- Regards, Stephan
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
Am 11.04.2013 15:05, schrieb Stephan von Krawczynski: Let me explain some more details, that seem important to understand: I cannot use acl files per folder/mailbox because the MTA creates folders dynamically (re-orders mails in folders) why does the MTA that? normally the MTA should only decide reject or accept a message and deliver it via LMTP to the LDA which can then filter via Sieve or whatever and from this moment on any dynamically created folder would be created in the dovecot world signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On Thu, 11 Apr 2013 15:08:31 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 11.04.2013 15:05, schrieb Stephan von Krawczynski: Let me explain some more details, that seem important to understand: I cannot use acl files per folder/mailbox because the MTA creates folders dynamically (re-orders mails in folders) why does the MTA that? normally the MTA should only decide reject or accept a message and deliver it via LMTP to the LDA which can then filter via Sieve or whatever and from this moment on any dynamically created folder would be created in the dovecot world I cannot further explain the background, you have to believe that there is a good reason for this implementation. It is no standard mail service. -- Regards, Stephan
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On 11.4.2013, at 16.07, Stephan von Krawczynski sk...@ithnet.com wrote: On Thu, 11 Apr 2013 16:00:22 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3. Oh, that is _bad_. I cannot use fs permissions because the MTA (postfix) must have write permissions (to the directories) to create the mail files... The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly.
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On Thu, 11 Apr 2013 16:00:22 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3. And I just checked another thing: Though setting permissions to 400 the owner still can move mails to trash (seems to be a rename?). That is definitely not read-only. -- Regards, Stephan
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On Thu, 11 Apr 2013 16:15:23 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 16.07, Stephan von Krawczynski sk...@ithnet.com wrote: On Thu, 11 Apr 2013 16:00:22 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3. Oh, that is _bad_. I cannot use fs permissions because the MTA (postfix) must have write permissions (to the directories) to create the mail files... The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly. That is not the problem. I can set any type of permission on the mail file itself. Only it does not help because dovecot nevertheless is able to move the mails around or delete them by moving to trash box. -- Regards, Stephan
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On 11.4.2013, at 16.24, Stephan von Krawczynski sk...@ithnet.com wrote: The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly. That is not the problem. I can set any type of permission on the mail file itself. Only it does not help because dovecot nevertheless is able to move the mails around or delete them by moving to trash box. No, the idea was to use two UNIX users: 1) the user that owns the mails and has read-write acces 2) another read-only user that does not own the mails, has only group-read access. can't do anything at all to the mails. The directories need to have similar permissions as well (750).
Re: [Dovecot] v2.2.rc7 released
On Thu, 11 Apr 2013 12:22:50 +0300 Timo Sirainen t...@iki.fi wrote: Those errors come from your script. I don't see anything in the quota warning change that could have changed a behavior in your script. Maybe your script changed also around the same time? yeah, sorry. there was indeed a change at the same time that apparently now triggers a python internal bug when the script is called from dovecot. reproducible with a quota script as simple as: #!/usr/bin/python print hello world this could be the cause: http://bugs.python.org/issue11380 in any case, its not dovecot's fault. so again: sorry for the noise
Re: [Dovecot] Questions about the upcoming Object Storage Plugin for 2.2
On 2013-04-11 8:31 AM, Charles Marcus cmar...@media-brokers.com wrote: Third - I'm a little confused by the Amazon S3 pricing page, Specifically, the 'Request Pricing' shown here: http://aws.amazon.com/s3/pricing/ Also... Would the plugin support the ability to use two different storage 'namespaces', e.g., one for primary email storage (stored on S3's 'Standard' storage tier), and one for 'older or 'archived' emails stored on the much cheaper 'Glacier' system/tier? Probably not that big a deal though, since the cost for a TB of storage at the Standard tier is still only .095/GB/mo, which only comes to $95/mo... wow, this is looking better all the time... -- Best regards, Charles
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
On Thu, 11 Apr 2013 16:35:32 +0300 Timo Sirainen t...@iki.fi wrote: On 11.4.2013, at 16.24, Stephan von Krawczynski sk...@ithnet.com wrote: The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly. That is not the problem. I can set any type of permission on the mail file itself. Only it does not help because dovecot nevertheless is able to move the mails around or delete them by moving to trash box. No, the idea was to use two UNIX users: 1) the user that owns the mails and has read-write acces 2) another read-only user that does not own the mails, has only group-read access. can't do anything at all to the mails. The directories need to have similar permissions as well (750). That's about as complicated as patching the MTA to auto-create the acl file, which I did now. I'd say global acls would be a nice coming feature ;-) -- Regards, Stephan
Re: [Dovecot] Questions about the upcoming Object Storage Plugin for 2.2
On 2013-04-11 9:55 AM, Charles Marcus cmar...@media-brokers.com wrote: Would the plugin support the ability to use two different storage 'namespaces', e.g., one for primary email storage (stored on S3's 'Standard' storage tier), and one for 'older or 'archived' emails stored on the much cheaper 'Glacier' system/tier? Never mind about this, further reading on their Glacier storage reveals it isn't suited to email storage, but could definitely be used with Dovecots new 'Archive' feature for *permanent* email archival... So, the question is would the OSP support this? Mirroring/storing live email to the standard S3 filesystem, and storing permanent email archives to the Glacier system (maybe on some kind of scheduled nightly or weekly basis)? -- Best regards, Charles
Re: [Dovecot] Easy way to make all mailboxes of a user read-only
Am 11.04.2013 15:00, schrieb Timo Sirainen: On 11.4.2013, at 15.07, Stephan von Krawczynski sk...@ithnet.com wrote: I try to configure dovecot to make all imap accesses read-only for a certain user. I thought this would be possible by creating a global acl file (here global-acl) like: Sorry, there is still no default ACLs feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions. This is something that really should be developed though.. But probably not until v2.3. i tested somthing alike setting acl by using sieve external prog but at last it get to complex , so i did another solution layout but you may try by your own Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Problem with fts lucene, on solaris 10
Sorry for top posting, but I have no additional info on this. BTW I need to refresh the question as I have tried squat, and I'm biting the dust with the already known problems ( Corrupted squat uidlist file or Panic: file squat-trie.c: ). Is there some pointer on where/how to find assist on fts-lucene to keep on analisys for this problem on sparc ? T.I.A. Pigi On Monday 08 April 2013, Pigi wrote: On Monday 08 April 2013, Timo Sirainen wrote: On 8.4.2013, at 12.19, Pigi p...@frumar.it wrote: Program received signal SIGSEGV, Segmentation fault. 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 (gdb) bt full #0 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 No symbol table info available. #1 0xfebd66e4 in realloc () from /lib/libc.so.1 No symbol table info available. #2 0xff1d9a70 in pool_system_realloc (pool=0xff21576c, mem=0xff21576c, old_size=0, new_size=8192) at mempool-system.c:115 No locals. #3 0xff1cda28 in i_realloc (mem=0x0, old_size=0, new_size=8192) at imem.c:14 No locals. Looks to me like memory corruption, which is just about impossible to debug if you don't have valgrind or a similar tool (and I don't think Solaris has any such free tools). Yes, you're right. There aren't ( already packaged ) tool for valgrinding or similar. Do you happen to get any other crashes where it doesn't crash in malloc code? You showed previously that it was crashing with SIGBUS somewhere. For what I can see, form dovecot.log I have a couple of error: Apr 08 12:02:18 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:02:18 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:02:18 indexer-worker(): Fatal: master: service(indexer-worker): child 27242 killed with signal 11 (core not dumped) Apr 08 12:02:19 indexer-worker(): Error: lucene index /home//Maildir/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Apr 08 12:03:46 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:03:46 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:03:46 indexer-worker(): Fatal: master: service(indexer-worker): child 27445 killed with signal 10 (core not dumped) Apr 08 12:06:57 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:06:57 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:06:57 indexer-worker(): Fatal: master: service(indexer-worker): child 27761 killed with signal 11 (core not dumped) Apr 08 12:08:33 indexer: Error: Indexer worker disconnected, discarding 1 requests for Here a couple or more of gdbed process, but tied to SEGV ( I almost suspect that when gdbing I always catch a SEGV ) : == First gdb == No symbol table info available. #1 0xfebd6884 in realloc () from /lib/libc.so.1 No symbol table info available. #2 0xfe83d270 in lucene::util::StringReader::init (this=0x8d328, _value=0x2bb288, _length=3958, copyData=true) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Reader.cpp:48 tmp = (TCHAR *) 0x2051e0 length = 3958 #3 0xfe8837f0 in lucene::index::DocumentsWriter::ThreadState::FieldData::invertField (this=0x92df8, field=0x8d238, analyzer=0x2cb60, maxFieldLength=1) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:887 stringValue = (const TCHAR *) 0x2bb288 stringValueLength = 3958 stream = (class lucene::analysis::TokenStream *) 0x0 streamValue = (class lucene::analysis::TokenStream *) 0x8d328 #4 0xfe883a58 in lucene::index::DocumentsWriter::ThreadState::FieldData::processField (this=0x92df8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:798 field = (class lucene::document::Field *) 0x8d238 #5 0xfe883d6c in lucene::index::DocumentsWriter::ThreadState::processDocument (this=0x8c0a8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Array.h:90 i = 6 #6 0xfe87ea00 in lucene::index::DocumentsWriter::updateDocument (this=0x84790, doc=0x8b838, analyzer=0x2cb60, delTerm=0x0) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:946 state = (class lucene::index::DocumentsWriter::ThreadState *) 0x8c0a8 #7 0xfe87eb5c in lucene::index::DocumentsWriter::addDocument (this=0x84790, doc=0x8b838, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:930 No locals. #8 0xfe8b1ea0 in lucene::index::IndexWriter::addDocument (this=0x8cc18, doc=0x8b838,
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
On Thu, Apr 11, 2013 at 12:57:45PM +, Emmanuel Dreyfus wrote: Perhaps [MASTER_AUTH_MAX_DATA_SIZE] could be configurable? I tried to add a configuration option for that, but dovecot design makes a good job at separating master and login structures, hence The Right Way is not obvious. Anu suggestion? -- Emmanuel Dreyfus m...@netbsd.org
Re: [Dovecot] [PATCHES] NetBSD support, authentication buffer size
On Thu, 2013-04-11 at 15:41 +, Emmanuel Dreyfus wrote: On Thu, Apr 11, 2013 at 12:57:45PM +, Emmanuel Dreyfus wrote: Perhaps [MASTER_AUTH_MAX_DATA_SIZE] could be configurable? I tried to add a configuration option for that, but dovecot design makes a good job at separating master and login structures, hence The Right Way is not obvious. Anu suggestion? I don't want to add configuration options that are going to be used by only a couple of people. Squirrelmail already must have special support for pam_saml to work, I suggest changing Squirrelmail to use AUTHENTICATE PLAIN.
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On 5.4.2013, at 18.19, Max Pyziur p...@brama.com wrote: So my question relates to the second part of the configuration examples in the links above: service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } Where does this code get placed (in dovecot.conf or in one of the files in /etc/dovecot/conf.d)? Doesn't really matter. I'd put it into conf.d/10-master.conf which has other services. And regarding $default_login_user, it appears in a comment line in /etc/dovecot/conf.d/10-master.conf Should that line be uncommented? Just leave it uncommented and it'll use the default value (which it has been using so far already). After some delay, I'm returning to this project. I've made the changes per above. I've put in a test ip address in /etc/hosts.deny like so: dovecot: 166.84.1.2 And then I execute the following from 166.84.1.2 to port 110: bash-3.2$ telnet SiteWhereImConfiguringDovecot 110 Trying SiteWhereImConfiguringDovecot... Connected to SiteWhereImConfiguringDovecot. Escape character is '^]'. +OK Dovecot ready. quit +OK Logging out Connection closed by foreign host. If dovecot is configured with tcp wrappers (which it is; built on a CentOS 6 system, installed and configured per instructions), and the firewall has ports 110 and 143 open, but I'm blocking a particular host through /etc/hosts.deny then I should not be able to telnet to either port 110 or 143; both requests should be blocked from the originating IP, no? Much thanks for your help, Max Pyziur p...@brama.com
Re: [Dovecot] Problem with fts lucene, on solaris 10
On 11.4.2013, at 18.29, Pigi p...@frumar.it wrote: Sorry for top posting, but I have no additional info on this. BTW I need to refresh the question as I have tried squat, and I'm biting the dust with the already known problems ( Corrupted squat uidlist file or Panic: file squat-trie.c: ). Is there some pointer on where/how to find assist on fts-lucene to keep on analisys for this problem on sparc ? Sorry, I don't have any good ideas on how to debug this further. I'd use valgrind on Linux to debug it, but Solaris doesn't have valgrind. Then again if there was a generic bug in CLucene it would be visible by running the same tests in Linux+valgrind, but I'm not aware of CLucene having such generic bugs, so it's probably somehow Solaris or Sparc specific. T.I.A. Pigi On Monday 08 April 2013, Pigi wrote: On Monday 08 April 2013, Timo Sirainen wrote: On 8.4.2013, at 12.19, Pigi p...@frumar.it wrote: Program received signal SIGSEGV, Segmentation fault. 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 (gdb) bt full #0 0xfebd65dc in _malloc_unlocked () from /lib/libc.so.1 No symbol table info available. #1 0xfebd66e4 in realloc () from /lib/libc.so.1 No symbol table info available. #2 0xff1d9a70 in pool_system_realloc (pool=0xff21576c, mem=0xff21576c, old_size=0, new_size=8192) at mempool-system.c:115 No locals. #3 0xff1cda28 in i_realloc (mem=0x0, old_size=0, new_size=8192) at imem.c:14 No locals. Looks to me like memory corruption, which is just about impossible to debug if you don't have valgrind or a similar tool (and I don't think Solaris has any such free tools). Yes, you're right. There aren't ( already packaged ) tool for valgrinding or similar. Do you happen to get any other crashes where it doesn't crash in malloc code? You showed previously that it was crashing with SIGBUS somewhere. For what I can see, form dovecot.log I have a couple of error: Apr 08 12:02:18 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:02:18 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:02:18 indexer-worker(): Fatal: master: service(indexer-worker): child 27242 killed with signal 11 (core not dumped) Apr 08 12:02:19 indexer-worker(): Error: lucene index /home//Maildir/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Apr 08 12:03:46 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:03:46 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:03:46 indexer-worker(): Fatal: master: service(indexer-worker): child 27445 killed with signal 10 (core not dumped) Apr 08 12:06:57 indexer: Error: Indexer worker disconnected, discarding 1 requests for Apr 08 12:06:57 imap(): Error: indexer failed to index mailbox INBOX Apr 08 12:06:57 indexer-worker(): Fatal: master: service(indexer-worker): child 27761 killed with signal 11 (core not dumped) Apr 08 12:08:33 indexer: Error: Indexer worker disconnected, discarding 1 requests for Here a couple or more of gdbed process, but tied to SEGV ( I almost suspect that when gdbing I always catch a SEGV ) : == First gdb == No symbol table info available. #1 0xfebd6884 in realloc () from /lib/libc.so.1 No symbol table info available. #2 0xfe83d270 in lucene::util::StringReader::init (this=0x8d328, _value=0x2bb288, _length=3958, copyData=true) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Reader.cpp:48 tmp = (TCHAR *) 0x2051e0 length = 3958 #3 0xfe8837f0 in lucene::index::DocumentsWriter::ThreadState::FieldData::invertField (this=0x92df8, field=0x8d238, analyzer=0x2cb60, maxFieldLength=1) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:887 stringValue = (const TCHAR *) 0x2bb288 stringValueLength = 3958 stream = (class lucene::analysis::TokenStream *) 0x0 streamValue = (class lucene::analysis::TokenStream *) 0x8d328 #4 0xfe883a58 in lucene::index::DocumentsWriter::ThreadState::FieldData::processField (this=0x92df8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriterThreadState.cpp:798 field = (class lucene::document::Field *) 0x8d238 #5 0xfe883d6c in lucene::index::DocumentsWriter::ThreadState::processDocument (this=0x8c0a8, analyzer=0x2cb60) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/util/Array.h:90 i = 6 #6 0xfe87ea00 in lucene::index::DocumentsWriter::updateDocument (this=0x84790, doc=0x8b838, analyzer=0x2cb60, delTerm=0x0) at /extpool/PACKAGES/DOVECOT/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:946 state =
Re: [Dovecot] Questions about the upcoming Object Storage Plugin for 2.2
On 11.4.2013, at 15.31, Charles Marcus cmar...@media-brokers.com wrote: I'm curious and have questions about the new Object Storage Plugin (OSP), and how it can be leveraged by an SMB like us. I'll give some more complete answers and examples and such within a few days.. Or probably better if I write down some scenarios to some web page or something. First, am I reading this right where it could be used as a kind of 'live/realtime backup' solution, where everything is stored *both* locally and in the cloud, with two-way syncing, ie, so local users could access the local server for faster access, and when outside the office, they'd access the cloud based storage and any changes made there are sync'd back to the local server? Or is it intended to be more as an alternative storage for storing older emails in a separate namespace? Or both/either? Currently you have a local cache (e.g. 100 GB total). You can also use dsync replication to replicate it somewhere, either locally or to another server. With dsync I think you can basically run it any way you want. Second, is SIS fully supported by the OSP? Not currently, but could be added. Third - I'm a little confused by the Amazon S3 pricing page, especially on how to try to estimate the costs for usage (bandwidth, etc)... do you have any idea how to go about estimating that? Is there some kind of process we could use on our existing server to measure it over a given period of time that would give us an estimate of what to expect if we decided to switch over? If you have large enough local cache, you're not really doing anything except uploading messages. Also index files are periodically being uploaded for each user (every 5 minutes if they have changed), but they are often also not full index files but smaller diffs for them (although upload bandwidth is free so doesn't really matter either). So ideally there would be no download costs at all, because nothing is downloaded. And the number of requests per user per day .. I haven't really counted, but I'd guess between a few hundred and a thousand. Lets say a thousand, which means with 100 users/year it's $182.50. Last - have you established pricing for the OSP? Will it be per user, or per MB/GB, per month (or per year), or just a one-time cost? And/or will you include/bundle it with any/all of your support tiers? All of the above, I think ;)
Re: [Dovecot] Configuring dovecot to use tcp wrappers
On Thu, 11 Apr 2013, lists-dovecot wrote: [... snip ...] I've put in a test ip address in /etc/hosts.deny like so: dovecot: 166.84.1.2 And then I execute the following from 166.84.1.2 to port 110: bash-3.2$ telnet SiteWhereImConfiguringDovecot 110 Trying SiteWhereImConfiguringDovecot... Connected to SiteWhereImConfiguringDovecot. Escape character is '^]'. +OK Dovecot ready. quit +OK Logging out Connection closed by foreign host. If dovecot is configured with tcp wrappers (which it is; built on a CentOS 6 system, installed and configured per instructions), and the firewall has ports 110 and 143 open, but I'm blocking a particular host through /etc/hosts.deny then I should not be able to telnet to either port 110 or 143; both requests should be blocked from the originating IP, no? Much thanks for your help, Max Pyziur p...@brama.com What are you using as the service name in hosts.deny? I think it should be imap-login:, (that's what I have as an historical/left-over entry) but don't have dovecot configured with wrappers on my current centos system so can't test this to be certain. Also make certain that you don't have anything in your hosts.allow file that would override the hosts.deny entry. I was using dovecot, until you convinced me to do otherwise. Putting pop3 in /etc/hosts.deny with the associated ip seems to work, like so: pop3: 166.84.1.2 or imap imap: 166.84.1.2 (are there any challenges to this?) Given that services such sendmail and sshd respond to sshd: xxx.xxx.xxx.xxx sendmail: xxx.xxx.xxx.xxx I thought that it should be dovecot: xxx.xxx.xxx.xxx As a suggestion, can dovecot binaries for distributions such as CentOS and Fedora be compiled with tcp wrappers by default? - Richard Much thanks. MP p...@brama.com
[Dovecot] Reading dovecot-uidlist by external program (locking)
How to lock dovecot-uidlist file before reading by an external program? [perl script]
Re: [Dovecot] Reading dovecot-uidlist by external program (locking)
On 04/11/2013 10:39 PM, Andrzej A. Filip wrote: How to lock dovecot-uidlist file before reading by an external program? [perl script] I have been too sending happy. http://wiki2.dovecot.org/MailboxFormat/Maildir The dovecot-uidlist file doesn't need to be locked for reading.
[Dovecot] How to prevent delivery to mailboxes over quota at SMTP-time
Hi! I wrote a little something about how to prevent delivery to mailboxes over quota while still being in the SMTP dialogue: http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ (Postfix/Dovecot-2.2) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Configuring dovecot to use tcp wrappers
Max Pyziur p...@brama.com wrote: I've put in a test ip address in /etc/hosts.deny like so: dovecot: 166.84.1.2 Maybe imap: 166.84.1.2 imaps: 166.84.1.2 pop3: 166.84.1.2 pop3s: 166.84.1.2 Joseph Tam jtam.h...@gmail.com