Re: [Dovecot] Email migration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 28 May 2013, Romer Ventura wrote: So I am currently running dovecot 1.2.11 on Debian 5 for our production email systems. We just deployed some new Debian 7 servers and we will be upgrading to the latest dovecot version. I've been reading the docs, but I wanted to heard some feedback on the import of all my current email into the new installation. We have 320GB worth of email. Any gotchas I should be prepared for? Any complications I should be aware of when importing all these data? Because you upgrade from Dovecot to Dovecot, there should be no trouble, if you keep any UID-related settings from the config. However, I would test it before with at least some users ;-) But see http://wiki2.dovecot.org/Upgrading esp. about doveconf at top of Upgrading Dovecot v1.2 to v2.0 - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaWu5F3r2wJMiz2NAQLVeAf/bYB5dZeWaIKUI9bsA/jqErJ4UARWLaCX DkYf8eOmBPMRgfHkCAtUfbrK8RTrHhdrmY/Cu8i6HIm/ouf1jgP/qGQEiymFzrTZ IzUA2OxA6gJbdb2qPyekUDUeMAc2hUpdN87suV0fSc9Dp4rIJUr4gFnPJMRnU4iz K/PdxKng2revvo+OIPsYqN3wCbWyRzpKbosDE274zLLTABRx6i+wWm1QCiqIE2ms x9b/4+64daXoUmt58nxapjnUJDcWvYip2Py97OUniyc7x9229IP/OlT5tsMJFi6P N239CGtVE9x62bNcGGe51cIEfykpJBflilh2g+mOUbMPhA8mBC6Kcw== =Ein3 -END PGP SIGNATURE-
Re: [Dovecot] imap/pop problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 28 May 2013, MP Netsai wrote: increase logging, see http://wiki2.dovecot.org/Logging then check out the logs and - if required still, because Dovecot's log message usually speak an understandable tongue - post the logs along. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaWvql3r2wJMiz2NAQIKHAf/Zabc0bCGIXDYwZwnzuRPof/r2wDJPQA6 c7SG3R6HUZmSL5dEHYgwwoK/UhS/p8xJ9TZqjAzUPQ/CGWR8zHX5tSS360gQIMrU hNK59cDFXHr+h5RQUkq7D5JPs/k2U0gE6Z1iMPTVTdAILb56KReuINbeYUsqyWOV 1D23NH86gr/7UzPWxVl1CmwQOOSitMqJ7N6fDiB9D+2F1bHN8+5Lu1S/+VohPyw7 croUdMup8+p/lEYYfkBfMRDICm2uCfuKPVAgJKyC/4mknK6vqPyK8YDmE7NXlD9K UhmZye1enW/lvoiybmyyVOg5rjVdgVxcBoFvIqLc97/5uFSrIRrSoQ== =/0+W -END PGP SIGNATURE-
Re: [Dovecot] Dovecot mysql replication
Respectfully, I would disagree, if dovecot offers the capability to use two host='s then you should be able to configure the order, remember, earlier dovecot did this but you claimed it was broken shouldnt have and fixed it, which is why not only myself but another at the time suggested when you were fixing it, to make it a configurable option, it makes little sense to use two hosts otherwise in an ordinary network, where you have nanoseconds response from localhost, but milliseconds, to maybe more if there are network issues when on a second query second database server with network latency. otherwise, might as well delete the second host, I've seen the network lag affect logins, only to disappear once I only change to use only one box, the localhost replicated copy. I ask you reconsider, or, at least put it out there to see how many others agree or disagree with hte feature On Wed, 2013-05-29 at 03:52 +0300, Timo Sirainen wrote: I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). On 29.5.2013, at 2.09, Noel Butler noel.but...@ausics.net wrote: But each additional link added to the chain, is one more point of failure, unless he's replied to OP privately I'm amazed Timo has ignored this, since its been brought up from time to time before, if he no longer plans on doing it, he should just say so, so people can look at complete alternatives, we are a long way passed early 1.2 series. On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: Edwardo Garcia wrote: Yes indeed, so it seem it does not do at all. For now we disable use two hosts, but thiz not optimum for network. You might try to put mysqlproxy in between dovecot and your mysql cluster and have dovecot connect to the failover proxy (or proxies) instead of connecting the database directly. mysqlproxy makes use of the lua scripting language, where you might want to implement the failover or filter mechanisms you need. Regards Daniel signature.asc Description: This is a digitally signed message part
[Dovecot] dsync Panic: Unknown key: send_mail_requests
Hi Timo With the current dovecot hg we're getting dsync replication errors Panic: Unknown key: send_mail_requests followed by a crash. This seems to have been introduced somewhere around http://hg.dovecot.org/dovecot-2.2/rev/4883a8e1db13 Log output from latest hg, 2.2.2 (e7c474011934+): May 29 09:30:53 munged03 dovecot: doveadm(l...@example.com): Panic: Unknown key: send_mail_requests May 29 09:30:53 munged03 dovecot: doveadm(l...@example.com): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f7da) [0x7f84f84637da] - /usr/lib64/dovecot/libdovecot.so.0(+0x5f826) [0x7f84f8463826] - /usr/lib64/dovecot/libdovecot.so.0(+0x2006a) [0x7f84f842406a] - dovecot/doveadm-server() [0x42c41b] - dovecot/doveadm-server() [0x42908b] - dovecot/doveadm-server(dsync_brain_master_init+0x1c9) [0x4186f9] - dovecot/doveadm-server() [0x416606] - dovecot/doveadm-server() [0x40c94f] - dovecot/doveadm-server() [0x414b7a] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f84f8472b66] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f84f8473c17] - /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f84f8472b08] - /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f84f8428ae3] - dovecot/doveadm-server(main+0x121) [0x4152c1] - /lib64/libc.so.6(__libc_start_main+0xfd) [0x34de41ecdd] - dovecot/doveadm-server() [0x40c1b9] May 29 09:30:53 munged03 dovecot: doveadm(l...@example.com): Fatal: master: service(doveadm): child 49077 killed with signal 6 (core dumped) dovecot -n is attached Best regards Oli -- message transmitted on 100% recycled electrons # 2.2.2 (e7c474011934+): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_master_user_separator = * auth_mechanisms = plain login dict { acl = mysql:/etc/dovecot/dovecot-dict-shares.conf quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } disable_plaintext_auth = no doveadm_password = munged listen = * login_greeting = munged Dovecot ready. mail_max_userip_connections = 50 mail_plugins = quota notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls acl_shared_dict = proxy::acl mail_replica = tcp:munged04:1337 quota = dict:::proxy::quotadict quota_rule = *:storage=10M:messages=1000 quota_rule2 = Spam:ignore quota_rule3 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = pop3 imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = munged } unix_listener replication-notify { user = munged } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = munged mode = 0660 user = munged } user = root } service dict { unix_listener dict { mode = 0600 user = munged } } service doveadm { inet_listener { port = 1337 } } service imap { vsz_limit = 2 G } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve { vsz_limit = 2 G } service pop3 { vsz_limit = 2 G } service quota-warning { executable = script /usr/local/bin/quotawarning.py unix_listener quota-warning { mode = 0666 user = munged } user = munged } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = /etc/ssl/wildcard.example.com.pem ssl_key = /etc/ssl/wildcard.example.com.pem userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { imap_client_workarounds = mail_plugins = quota notify replication acl imap_acl quota imap_quota } protocol pop3 { mail_plugins = quota notify replication quota pop3_uidl_format = %08Xu%08Xv } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) } protocol lmtp { deliver_log_format = from=%f
Re: [Dovecot] Dovecot mysql replication
so better remove the option to specify more than one host instead let people run over years in troubles until they find out that a logical behavior like for postfix is not given for dovecot's mysql-connections - yes i was one of the who thought hey both works the same way until i realized that dovecot has no fun at reboot the replication slave which was intented only as failover and used regulary *it is* dovecots job if it offers more than one host to handle this in a useful way or not support more than one host, but you can't seriously say it's not dovecots job after having a half-baken support implemented Am 29.05.2013 02:52, schrieb Timo Sirainen: I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). On 29.5.2013, at 2.09, Noel Butler noel.but...@ausics.net wrote: But each additional link added to the chain, is one more point of failure, unless he's replied to OP privately I'm amazed Timo has ignored this, since its been brought up from time to time before, if he no longer plans on doing it, he should just say so, so people can look at complete alternatives, we are a long way passed early 1.2 series. On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: Edwardo Garcia wrote: Yes indeed, so it seem it does not do at all. For now we disable use two hosts, but thiz not optimum for network. You might try to put mysqlproxy in between dovecot and your mysql cluster and have dovecot connect to the failover proxy (or proxies) instead of connecting the database directly. mysqlproxy makes use of the lua scripting language, where you might want to implement the failover or filter mechanisms you need signature.asc Description: OpenPGP digital signature
[Dovecot] Enable IMAP only for certain users/IP
Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM for passdb and a passwd-file for userdb: passdb { driver = pam args = session=yes failure_show_msg=yes max_requests=16 cache_key=%u%r%l dovecot-%s } userdb { driver = passwd-file args = /etc/passwd-dovecot } In /etc/pam.d/ there are two files: dovecot-pop3 dovecot-imap dovecot-pop3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth authsufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail authrequiredpam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote IP address is in imaphosts; if it's true, it returns PAM_SUCCESS and stops the execution of the auth block, else if it's false, PAM executes the next line, verifying the presence of the username in imapusers file; if found, then return PAM_SUCCESS, else fail. If this can work, I've a problem with pam_listfile.so and IP addresses: I want to do something smarter than specifying 2^11 IP addresses instead a /21 or IP/netmask Are there alternatives for doing it better? Thanks. Sincerely, Simone Marx.
Re: [Dovecot] Enable IMAP only for certain users/IP
Am 29.05.2013 10:37, schrieb Simone Marx :: Edinet Srl: Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM for passdb and a passwd-file for userdb: passdb { driver = pam args = session=yes failure_show_msg=yes max_requests=16 cache_key=%u%r%l dovecot-%s } userdb { driver = passwd-file args = /etc/passwd-dovecot } In /etc/pam.d/ there are two files: dovecot-pop3 dovecot-imap dovecot-pop3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth authsufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail authrequiredpam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote IP address is in imaphosts; if it's true, it returns PAM_SUCCESS and stops the execution of the auth block, else if it's false, PAM executes the next line, verifying the presence of the username in imapusers file; if found, then return PAM_SUCCESS, else fail. If this can work, I've a problem with pam_listfile.so and IP addresses: I want to do something smarter than specifying 2^11 IP addresses instead a /21 or IP/netmask Are there alternatives for doing it better? Thanks. Sincerely, Simone Marx. you may have a look at http://wiki.dovecot.org/Authentication/RestrictAccess Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] IMAP QUOTA
Hi, Thanks for replying... Dear Steffen I search about slurp plugin but didn't get it if possible kindly provde me the doc, link etc for the same. Regards, Arun Gupta On Tue, 28 May 2013, Arun Gupta wrote: I configured imap quota on dovecot-2.0 with backend Maildir++, after exceeding user quota the sender receiving bounce mails, Is there any way that after exceeding user quota the mail will deliver somewhere else like user spool area? so that after increasing quota user will get the mails. Check out the slurp plugin and let your MTA deliver mails to, say, /var/mail/uid . You will have no Sieve rules then, I think. However, some sort of quota enforcing you will need there, too. - -- Steffen Kaiser --- This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ---
Re: [Dovecot] dsync Panic: Unknown key: send_mail_requests
On 29.5.2013, at 10.54, Oli Schacher dove...@lists.wgwh.ch wrote: With the current dovecot hg we're getting dsync replication errors Panic: Unknown key: send_mail_requests followed by a crash. This seems to have been introduced somewhere around http://hg.dovecot.org/dovecot-2.2/rev/4883a8e1db13 Thanks, fixed: http://hg.dovecot.org/dovecot-2.2/rev/239e0e2098c1
[Dovecot] Corrupt index file zlib
Hi, I'm getting this error constantly on a couple of folders. No matter what I do it keeps recurring. -- 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Cached message size smaller than expected (2551 8192) 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Maildir filename has wrong S value, renamed the file from /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S to /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Corrupted index cache file /home/archarch.com.au/nj/.***.Builders/dovecot.index.cache: Broken /physical size for mail UID 13 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Cached message size smaller than expected (2551 8284) 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Maildir filename has wrong S value, renamed the file from /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S to /home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595.pygmy,S= /2551:2,S 2013-05-29 14:15:03 imap(nj@***.com.au): Error: Corrupted index cache file /home/archarch.com.au/nj/.***.Builders/dovecot.index.cache: Broken /physical size for mail UID 13 2013-05-29 14:15:03 imap(nj@***.com.au): Error: read(/home/***.com.au/nj/.***.Builders/cur/1369030267.M775209P12595. pygmy,S=2551:2,S) failed: Input/output error (uid=13) --- stuff I've done: - Deleted dovecot* in .Builders/ - run maildir-size-fix.pl -v -r -f- c on .Builders/ - delete and recreate the folder Dovecot 2.1.7 (wheezy) zlib enabled maildir_broken_filename_sizes = yes There are only 6 emails, so it's only building dovecot.index.log, not the cache file --- dovecot-uidlist --- 3 V1317717759 N1 G1b2d4a37936fa551430dc0318918 1 :1369030267.M775209P12595.pygmy,S=8284 2 :1369030564.M957106P12595.pygmy,S=13188 3 :1369030568.M223636P12595.pygmy,S=23270 4 :1369030568.M223637P12595.pygmy,S=10813 5 :1369030568.M223638P12595.pygmy,S=58600 6 :1369030615.M783237P12595.pygmy,S=9677 7 :1369030267.M775209P12595.pygmy,S=2551 8 :1369030564.M957106P12595.pygmy,S=3560 - --- ls cur --- 1369030267.M775209P12595.pygmy,S=8284:2,S 1369030564.M957106P12595.pygmy,S=13188:2,RS 1369030568.M223636P12595.pygmy,S=23270:2,RS 1369030568.M223637P12595.pygmy,S=10813:2,RS 1369030568.M223638P12595.pygmy,S=58600:2,RS 1369030615.M783237P12595.pygmy,S=9677:2,RS It all seems to match... but it continues to break. If I delete the first email file, it breaks on the next one as well. Any thoughts?? I'm thinking I'll probably disable zlib if I can't find a solution... will this mean I have to decompress all the compressed emails? cheers Paul
Re: [Dovecot] IMAP QUOTA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 29 May 2013, Arun Gupta wrote: Dear Steffen I search about slurp plugin but didn't get it if possible kindly provde me the doc, link etc for the same. Um, sorry, slurp is the term UW-Imap uses, in Dovecot: http://wiki2.dovecot.org/Plugins/Snarf - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUaXQSF3r2wJMiz2NAQK+4ggAxfxgkVVu/4YPm/vcAm+/oqPeDOMXrhei iL9SBThzBeP5jtMqaKHLASucFn8s5Rjmwo0uFP2kTUJ+n1P6nRPh69+NhJ0kATLQ 7WSi86loNV0IJ5ZzmYmldFtL0O2tySjDX9qqVXrqwX3b5y0wtUp5RQZpFNDtQCOP LYSNKPzFnriwwcBC3ix4VoF9R9FOSy9PM9HPr2mWecsyYrUhuZ0abX99KwNEqHYm 7gfqUCjlELc+ZlcTfruNZ1Qpj84vFhzl4xiB1XJQ5nISOWRJ0T1x4Re1kjncAOFw DdCswgTsRpQ9UaIoBQpmOodqRFzfPluHBvLNkJYi+WxsL11lrPvmJA== =3pOF -END PGP SIGNATURE-
Re: [Dovecot] Enable IMAP only for certain users/IP
Hi Robert, thank you for your answer. My prevoius mail is based on the wiki page you specified. Also, the allow_nets parameter seems not to do what I want. I want to combime remote IP address check (system wide - common for all users) and single user permission check. The problem is that I would specify for the IP section something similar to: 127.0.0.1 1.2.0.0/21 and not: 127.0.0.1 1.2.0.1 1.2.0.2 1.2.0.3 1.2.0.4 1.2.0.5 . . . 1.2.7.254 Thank you. Sincerely, Simone.
[Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3
Recently I have upgraded my server to Debian 7. Debian have now removed uw-imapd and suggest using dovecot instead. Debian include dovecot version 2.1.7-7. On http://www.debian-administration.org/articles/275 and http://www.debian-administration.org/articles/200 I can read how to setup older version of dovecot with SquirrelMail. They recommend to use uncrypted IMAP when SquirrelMail is on same server. What I would like to support is then imap, imaps, pop3 and pop3s. imaps and pop3s for external users. imap and pop3 only open for localhost, that is SquirrelMail on same machine. With dovecot 1 you could restrict access using imap_listen = localhost How do I make the same restriction with localhost on dovecot 2 ??? Brgds Torben
Re: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3
Am 29.05.2013 12:41, schrieb Torben Schou Jensen: I can read how to setup older version of dovecot with SquirrelMail. They recommend to use uncrypted IMAP when SquirrelMail is on same server. What I would like to support is then imap, imaps, pop3 and pop3s. imaps and pop3s for external users. imap and pop3 only open for localhost, that is SquirrelMail on same machine. With dovecot 1 you could restrict access using imap_listen = localhost How do I make the same restriction with localhost on dovecot 2 ??? if it listens only on localhost how should imaps and pop3s for external users work and additionally these days STARTTLS is recommended which works on the default ports 110/143 why do you not simply *offer* encryption *or* use webmail also with encryption? signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Corrupt index file zlib
Am 29.05.2013 06:34, schrieb Paul Lim: Hi, I'm getting this error constantly on a couple of folders. No matter what I do it keeps recurring. 2.1.7 is old use the recent version then retry fixing Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Enable IMAP only for certain users/IP
Am 29.05.2013 12:08, schrieb Simone Marx :: Edinet Srl: Hi Robert, thank you for your answer. My prevoius mail is based on the wiki page you specified. Also, the allow_nets parameter seems not to do what I want. I want to combime remote IP address check (system wide - common for all users) and single user permission check. The problem is that I would specify for the IP section something similar to: 127.0.0.1 1.2.0.0/21 and not: 127.0.0.1 1.2.0.1 1.2.0.2 1.2.0.3 1.2.0.4 1.2.0.5 . . . 1.2.7.254 Thank you. Sincerely, Simone. what about using some kind of http://wiki2.dovecot.org/PostLoginScripting Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3
On 05/29/2013 01:13 PM, Reindl Harald wrote: Am 29.05.2013 12:41, schrieb Torben Schou Jensen: I can read how to setup older version of dovecot with SquirrelMail. They recommend to use uncrypted IMAP when SquirrelMail is on same server. What I would like to support is then imap, imaps, pop3 and pop3s. imaps and pop3s for external users. imap and pop3 only open for localhost, that is SquirrelMail on same machine. With dovecot 1 you could restrict access using imap_listen = localhost How do I make the same restriction with localhost on dovecot 2 ??? if it listens only on localhost how should imaps and pop3s for external users work and additionally these days STARTTLS is recommended which works on the default ports 110/143 why do you not simply *offer* encryption *or* use webmail also with encryption? You should use imap with starttls (disable_plaintext_auth=yes) for the imap service, then use login_trusted_networks=127.0.0.1/8 to allow webmail logins from localhost without ssl. Webmail doesn't use pop3, so no changes there. If you insist on using imaps and/or pop3s, then these can live alongside the above without problems. -- Tom signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Corrupt index file zlib
Robert Schetterer rs at sys4.de writes: Am 29.05.2013 06:34, schrieb Paul Lim: Hi, I'm getting this error constantly on a couple of folders. No matter what I do it keeps recurring. 2.1.7 is old use the recent version then retry fixing Best Regards MfG Robert Schetterer Hi Robert, I've got 2.1.7-7 installed which is the stable package release for wheezy. I'd prefer not to break from stable releases on my production server. thanks Paul
Re: [Dovecot] Corrupt index file zlib
Am 29.05.2013 14:06, schrieb Paul Lim: Robert Schetterer rs at sys4.de writes: Am 29.05.2013 06:34, schrieb Paul Lim: Hi, I'm getting this error constantly on a couple of folders. No matter what I do it keeps recurring. 2.1.7 is old use the recent version then retry fixing Best Regards MfG Robert Schetterer Hi Robert, I've got 2.1.7-7 installed which is the stable package release for wheezy. I'd prefer not to break from stable releases on my production server. thanks Paul so you might miss bugfixes, current 2.1.x is 2.1.16 in this case you shouldnt share debians meaning of what is stable Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Enable IMAP only for certain users/IP
what about using some kind of http://wiki2.dovecot.org/PostLoginScripting You got it, a script call for post-login does the trick. Thank you, Robert. Sincerely, Simone.
[Dovecot] dsync
Hi Is dovecot dsync considered an alternative to offlineimap (or others) when both distant and local are IMAP dovecot servers ? I used offlineimap for this, but somehow offlineimap got messed up (more than once, but without me able to explain how it happened). So I'm considering dsync for this purpose... Thanks! -- erik
Re: [Dovecot] system account delivery userdb authentication
[Please keep replies on the list.] At 6AM +0200 on 29/05/13 you (Yann Shukor) wrote: Although simpler to set up, I chose to steer clear of the single user representing 'all' because I liked the idea of giving users access to Usermin allowing them to manage their own password and vacation msg (+filtering, ...) and furthermore they could login with their username (domain-less). While it's often convenient to make a distinction between 'system' and 'virtual' users, Dovecot doesn't actually know the difference. It just looks users up in the passdb and userdb you have configured. This means it's perfectly straightforward to do a completely 'virtual user' setup, and then change the passdb to 'pam', which will let the users log in with their ordinary Unix password. To allow users to log in with just a username, all you need to do is make sure the users in the userdb and passdb are listed that way. Userdb passwd and passdb pam naturally are, but there's nothing to stop you using other userdbs if you want to. The only trick here is that if you're using LDA/LMTP then incoming deliveries will (or, at least, usually should) be addressed to a full email address, so you need auth_username_format to trim that back to a username. I don't know anything about Usermin, but if it is trying to set up traditional procmail filtering and vacation(1), you may be in trouble. Or, at least, you may have to give up on using Dovecot to deliver the mail and let Postfix's local(8) and procmail deliver it into maildirs themselves. If you're happy with this, this isn't a problem for Dovecot, but it might be better to go with Sieve filtering instead. Sieve is a newish mail filtering language, designed primarily to be safe (procmail has a nasty habit of letting users run arbitrary programs). Dovecot's LDA has a pretty complete sieve implementation called Pigeonhole (you may need to install it separately), which also supports a protocol called ManageSieve designed for uploading sieve scripts remotely. There are plugins for some webmail systems (and some desktop mail clients, for that matter) which let the user edit their filters in a gooey way; this includes setting up vacation messages. I use Roundcube webmail for this purpose; it also has a perfectly good PAM password- changing plugin. Ben
Re: [Dovecot] Load Balancing and HA
I am actually going through the first stages of implementing your Scenario1. There is small difference: there will also be 2*Postfix relays also on the Dovecot Proxies. This allows placing them in a DMZ such that the real Dovecot/Postfix servers are placed away from the WAN. After much arguing and thinking I decided to go with this option as the most basic and possibly the simplest way to achieve MY goals: 1. fault tolerance of the entire system such that a failure will not impact mail delivery/access. 2. distribute users on at least two Dovecot servers to help when peak times arrive. 3. Ability to expand easily if demand rises 4. No use of custom hardware 5. Both internal (LAN) users and away from office (WAN) users will see the same setup to ease configuration (mostly done by users these days) I should say that other more complicated setups like full blown clusters and distributed file systems have been rejected due to their complexity (and the fact we do not have experience with them). Our user base is around 3-4K of heavy users. Andreas On 29-05-2013 00:23, Romer Ventura wrote: Hello, I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios: Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection) - 2 Dovecot Proxy servers, using a virtual IP to where the clients will connect to from the WAN and LAN - 2 Dovecot+Postfix servers with local cache - 2 NFS servers and synced with dsync (mirror, 1 server writes to its own NFS and changes synced to the other via dsync) Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users. - 2 Dovecot+Postfix server with local cache - 2 NFS servers synced with dsync - Make use of DNS MX record priority to provide access to secondary email server Anyone care to comment? Thanks.
Re: [Dovecot] Dovecot mysql replication
As oringanal poster, I agree with previouz comment, I too feel thiz dovecot responsibile for thiz work handoff, or should delete ability to use two host, people twitter I ask all along thought this how it work too! On Wed, May 29, 2013 at 6:29 PM, Reindl Harald h.rei...@thelounge.netwrote: so better remove the option to specify more than one host instead let people run over years in troubles until they find out that a logical behavior like for postfix is not given for dovecot's mysql-connections - yes i was one of the who thought hey both works the same way until i realized that dovecot has no fun at reboot the replication slave which was intented only as failover and used regulary *it is* dovecots job if it offers more than one host to handle this in a useful way or not support more than one host, but you can't seriously say it's not dovecots job after having a half-baken support implemented Am 29.05.2013 02:52, schrieb Timo Sirainen: I haven't replied to most of the threads recently. Anyway, after thinking about this, I'm thinking this kind of connection fallback handling isn't really Dovecot's job. A load balancer could be configured to do it just as well (whereas LB couldn't do actual load balancing for multiple sql servers, because Dovecot uses long running TCP connections). On 29.5.2013, at 2.09, Noel Butler noel.but...@ausics.net wrote: But each additional link added to the chain, is one more point of failure, unless he's replied to OP privately I'm amazed Timo has ignored this, since its been brought up from time to time before, if he no longer plans on doing it, he should just say so, so people can look at complete alternatives, we are a long way passed early 1.2 series. On Sun, 2013-05-26 at 17:33 +0200, Daniel Parthey wrote: Edwardo Garcia wrote: Yes indeed, so it seem it does not do at all. For now we disable use two hosts, but thiz not optimum for network. You might try to put mysqlproxy in between dovecot and your mysql cluster and have dovecot connect to the failover proxy (or proxies) instead of connecting the database directly. mysqlproxy makes use of the lua scripting language, where you might want to implement the failover or filter mechanisms you need
Re: [Dovecot] Dovecot mysql replication
Am 30.05.2013 03:41, schrieb Edwardo Garcia: As oringanal poster, I agree with previouz comment, I too feel thiz dovecot responsibile for thiz work handoff, or should delete ability to use two host, people twitter I ask all along thought this how it work too! where is the problem, nobody presses you to use it, but i agree there should be more docs on it i.e wiki Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Load Balancing and HA
Am 29.05.2013 22:46, schrieb Andreas Kasenides: I should say that other more complicated setups like full blown clusters and distributed file systems have been rejected due to their complexity (and the fact we do not have experience with them). Our user base is around 3-4K of heavy users. i have no problems with storage ocfs2 on drbd maildir 4000 heavy users behind loadbalancers, its not that much complicated, also setups with nfs have their problems, you have to find a solution which fits best to your needs, tec skills and finance possibilities Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein