[Dovecot] dsync/imapc migration question
Doing an imapc migration with the pop3 migration plugin, using doveadm backup -R. I occasionally get the following output: dsync(u...@domain.tld): Error: imapc(mail01.domain.tld:143): Server disconnected unexpectedly dsync(u...@domain.tld): Error: imapc(mail01.domain.tld:143): Server disconnected unexpectedly dsync(u...@domain.tld): Error: imapc(mail01.domain.tld:143): Server disconnected unexpectedly dsync(u...@domain.tld): Warning: I/O leak: 0xb7648650 (line 1229, fd 10) dsync(u...@domain.tld): Warning: I/O leak: 0xb7648650 (line 1229, fd 11) dsync(u...@domain.tld): Warning: Timeout leak: 0xb76488b0 (line 1316) dsync(u...@domain.tld): Warning: Timeout leak: 0xb76488b0 (line 1316) The source server is really crappy, no need to look at the dovecot side for causes. My question is: is it possible that the migration did complete successfully? Dovecot does seem to continue and it's kind of vague on what went wrong, and did it re-try. This operation can take several hours on large mailboxes so this question is really meaningful in my case. (I'd try with -D but it's really hard to reproduce this on demand). Thanks Gedalya
Re: [Dovecot] Doubt the relationship between NTLM and Kerberos.
On Mon, 1 Jul 2013 09:59:25 -0300 Maria Jose Yañez Dacosta articulated: http://technet.microsoft.com/en-us/library/bb123786%28v=EXCHG.65%29.aspx > Could someone explain to me what role does the Authenticating > Kerberos NTLM in Authenticating NTLM explained in > http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm ? > > Not understand that relationship between NTLM and Kerberos?. > > I have to configure thunderbird with simple password method and leave > the password to be blank or have to use the gssapi? > > Although gssapi not supported by windows right? > > You have to generate a keytab for imap server against AD? I should > create in windows and copy it to linux where I have my imap server? > > I appreciate someone can explain this. > Thank you!. You might try some of these URLs: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378747%28v=vs.85%29.aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa380496%28v=vs.85%29.aspx -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
[Dovecot] Doubt the relationship between NTLM and Kerberos.
Could someone explain to me what role does the Authenticating Kerberos NTLM in Authenticating NTLM explained in http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm ? Not understand that relationship between NTLM and Kerberos?. I have to configure thunderbird with simple password method and leave the password to be blank or have to use the gssapi? Although gssapi not supported by windows right? You have to generate a keytab for imap server against AD? I should create in windows and copy it to linux where I have my imap server? I appreciate someone can explain this. Thank you!. -- Maria José
Re: [Dovecot] Samba4 and user auth
Hi Pavel Thankx for your explanations. Also in my scenario Samba, Postfix and Dovecot are running on the same machine. I will try your config and then see if it works. But again kind regards and thankx to you and all others who came back to me with suggestions how to find the right config. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [1] Am 2013-07-01 13:05, schrieb Pavel Herrmann: > Hi > > On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote: > >> Hi Pavel Thankx for your reply. When you were setting up your ldap query >> what kind of password crypto did you specify plain ntlm gssapi or anything >> else? The password field in your query is userPassword or am I wrong here? > > the password field is hidden (only the user can see it) by default, and not > stored as a unix-friendly value (anything a crypt() would understand) > what I use is auth_bind (which uses user-supplied password to bind to the > LDAP > directory). > > what it means is that on every login there are 2 lookups (first one using > your > "service" DN to find the user DN, second one with your user DN to check the > password) > > that also means that you need a password format that your LDAP can understand > (mostly a plaintext password, or NTLM if your mail server is a Samba domain > member). As long as you only offer IMAP/SSL I dont think plaintext (as in > "auth_mechanisms = plain") is an issue, security wise. > > as far as the service account (the one that is used to look up users) goes, I > am using the default option (setting "dn" and "dnpass" variables), which I > think is a simple bind. it is possible that it only works because Samba4 and > dovecot run on the same machine. > > Pavel Herrmann > I will try it again. --- Mit freundlichem Gruß Carsten Laun-De Lellis > Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 > 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net > http://www.linkedin.com/in/carstenlaundelellis [1][1] Am 2013-07-01 11:24, > schrieb Pavel Herrmann: Hi On Friday 28 June 2013 07:17:39 Carsten Laun-De > Lellis wrote: Hi all I am trying to set up an email Server with a Samba4 AD > as user Directory. Does anybody know a good how-to to setup user auth against > AD ? Or could anyone tell me how to do it? I am having an email Server up and > running with openldap but want to change to Samba4 AD, because of the > openchange Integration. I would appreciate any help on this topic.> I have an > AD/Samba4 auth for dovecot, it works the same as any LDAP would (with > authenticated lookups and auth_bind) I would suggest you try it, and ask if > there are any issues. Pavel Herrmann Links: -- [1] http://www.linkedin.com/in/carstenlaundelellis [1] Links: -- [1] http://www.linkedin.com/in/carstenlaundelellis
Re: [Dovecot] namespace delivery question
Otherwise asking: can I set sieve filter per namespace? I mean, one which is only for the public namespace. Thanks again, László Király > Thank you everyone for your help, it works. > > I have now one more question: > > If I send mail to: i...@domain.com , cc: l.kir...@domain.com, I get > two emails to i...@domain.com, because of sieve_before executes this > script for all the mailboxes. > > How can I persuade dovecot to deliver the mail all the > adresses (to, cc, bcc)? > > Thanks again, > László Király > > -- Original Message --- > From: Daniel Parthey > To: k...@madalbal.hu,dovecot@dovecot.org > Sent: Sun, 30 Jun 2013 16:38:21 +0200 > Subject: Re: [Dovecot] namespace delivery question > > > Add the :create flag to your SIEVE rule in order to automatically > > create mailboxes if nonexistent. > > > > require "fileinto"; > > > > if address :is ["To","CC"] "i...@domain.com" > > { > > fileinto :create "public/info"; > > } > > > > Regards > > Daniel > --- End of Original Message --- --- End of Original Message ---
Re: [Dovecot] Samba4 and user auth
Hi On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote: > Hi Pavel > > Thankx for your reply. > > When you were setting up your ldap query what kind of password crypto > did you specify plain ntlm gssapi or anything else? The password field > in your query is userPassword or am I wrong here? the password field is hidden (only the user can see it) by default, and not stored as a unix-friendly value (anything a crypt() would understand) what I use is auth_bind (which uses user-supplied password to bind to the LDAP directory). what it means is that on every login there are 2 lookups (first one using your "service" DN to find the user DN, second one with your user DN to check the password) that also means that you need a password format that your LDAP can understand (mostly a plaintext password, or NTLM if your mail server is a Samba domain member). As long as you only offer IMAP/SSL I dont think plaintext (as in "auth_mechanisms = plain") is an issue, security wise. as far as the service account (the one that is used to look up users) goes, I am using the default option (setting "dn" and "dnpass" variables), which I think is a simple bind. it is possible that it only works because Samba4 and dovecot run on the same machine. Pavel Herrmann > > I will try it again. > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [1] > > Am 2013-07-01 11:24, schrieb Pavel Herrmann: > > Hi > > > > On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote: > >> Hi all I am trying to set up an email Server with a Samba4 AD as user > >> Directory. Does anybody know a good how-to to setup user auth against AD > >> ? Or could anyone tell me how to do it? I am having an email Server up > >> and running with openldap but want to change to Samba4 AD, because of > >> the openchange Integration. I would appreciate any help on this topic.> > > I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would > > (with authenticated lookups and auth_bind) > > > > I would suggest you try it, and ask if there are any issues. > > > > Pavel Herrmann > > Links: > -- > [1] http://www.linkedin.com/in/carstenlaundelellis
Re: [Dovecot] namespace delivery question
Thank you everyone for your help, it works. I have now one more question: If I send mail to: i...@domain.com , cc: l.kir...@domain.com, I get two emails to i...@domain.com, because of sieve_before executes this script for all the mailboxes. How can I persuade dovecot to deliver the mail all the adresses (to, cc, bcc)? Thanks again, László Király -- Original Message --- From: Daniel Parthey To: k...@madalbal.hu,dovecot@dovecot.org Sent: Sun, 30 Jun 2013 16:38:21 +0200 Subject: Re: [Dovecot] namespace delivery question > Add the :create flag to your SIEVE rule in order to automatically > create mailboxes if nonexistent. > > require "fileinto"; > > if address :is ["To","CC"] "i...@domain.com" > { > fileinto :create "public/info"; > } > > Regards > Daniel --- End of Original Message ---
Re: [Dovecot] Server shutting down
On 1 July 2013 11:32, Thomas Leuxner wrote: > * Simon B 2013.07.01 10:41: > >> /var/log/mail.log.1:42896:Jun 30 17:27:34 mail dovecot: imap: Server >> shutting down. in=1764 out=4027 > > What does the preceding line for the master process say? > > Jun 29 11:39:24 spectre dovecot: master: Warning: Killed with signal 15 (by > pid=11676 uid=0 code=kill) > Jun 29 11:39:24 spectre dovecot: imap: Server shutting down. in=556 out=11739 > Jun 29 11:39:24 spectre dovecot: imap: Server shutting down. in=7534 out=29257 Hi Thomas, The line before was a regular imap login line. As per my original mail nothing was logged with warning in the entire mail.log. I notice now that I don't have any master logging lines too.. root@mail:~# grep -inr dovecot /var/log/mail* | grep '(fatal|error|warning|panic)' root@mail:~# grep -inr dovecot /var/log/mail* | grep '(fatal|error|warning|panic|master)' root@mail:~# I wonder where master is being logged to and how I can redirect that. Simon
Re: [Dovecot] Server shutting down
* Simon B 2013.07.01 10:41: > /var/log/mail.log.1:42896:Jun 30 17:27:34 mail dovecot: imap: Server > shutting down. in=1764 out=4027 What does the preceding line for the master process say? Jun 29 11:39:24 spectre dovecot: master: Warning: Killed with signal 15 (by pid=11676 uid=0 code=kill) Jun 29 11:39:24 spectre dovecot: imap: Server shutting down. in=556 out=11739 Jun 29 11:39:24 spectre dovecot: imap: Server shutting down. in=7534 out=29257 Regards Thomas signature.asc Description: Digital signature
Re: [Dovecot] Samba4 and user auth
Hi On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote: > Hi all > > I am trying to set up an email Server with a Samba4 AD as user > Directory. > > Does anybody know a good how-to to setup user auth against AD ? Or could > anyone tell me how to do it? > > I am having an email Server up and running with openldap but want to > change to Samba4 AD, because of the openchange Integration. > > I would appreciate any help on this topic. I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would (with authenticated lookups and auth_bind) I would suggest you try it, and ask if there are any issues. Pavel Herrmann
[Dovecot] Server shutting down
Hi I recently moved to Debian Wheezy and installed dovecot from apt-get. root@mail:~# dpkg -l | grep dovecot ii dovecot-common 1:2.1.7-7 all Transitional package for dovecot ii dovecot-core 1:2.1.7-7 amd64secure mail server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-gssapi 1:2.1.7-7 amd64GSSAPI authentication support for Dovecot ii dovecot-imapd 1:2.1.7-7 amd64secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-ldap 1:2.1.7-7 amd64LDAP support for Dovecot ii dovecot-managesieved 1:2.1.7-7 amd64secure ManageSieve server for Dovecot ii dovecot-mysql 1:2.1.7-7 amd64MySQL support for Dovecot ii dovecot-pgsql 1:2.1.7-7 amd64PostgreSQL support for Dovecot ii dovecot-pop3d 1:2.1.7-7 amd64secure POP3 server that supports mbox, maildir, dbox and mdbox mailboxes ii dovecot-sieve 1:2.1.7-7 amd64sieve filters support for Dovecot ii dovecot-sqlite 1:2.1.7-7 amd64SQLite support for Dovecot Having previously been on 1.2 on Debian Squeeze the upgrade went flawlessly (and automatically, as I'd already placed the 1.2 dovecot.conf file before installing 2.1.7). And I've been very happy. However, yesterday the server just just shutdown. /var/log/mail.log.1:42890:Jun 30 17:27:04 mail dovecot: imap: Server shutting down. in=14 out=648 /var/log/mail.log.1:42891:Jun 30 17:27:04 mail dovecot: imap: Server shutting down. in=14 out=648 /var/log/mail.log.1:42893:Jun 30 17:27:04 mail dovecot: imap: Server shutting down. in=14 out=648 /var/log/mail.log.1:42895:Jun 30 17:27:34 mail dovecot: imap: Server shutting down. in=739 out=2081 /var/log/mail.log.1:42896:Jun 30 17:27:34 mail dovecot: imap: Server shutting down. in=1764 out=4027 There's no error|panic|warning|fatal messages in any of the logs. root@mail:~# grep -in dovecot /var/log/syslog | grep '(fatal|error|warning|panic)' root@mail:~# grep -in dovecot /var/log/messages | grep '(fatal|error|warning|panic)' root@mail:~# grep -in dovecot /var/log/daemon.log | grep '(fatal|error|warning|panic)' root@mail:~# grep -inr dovecot /var/log/mail* | grep '(fatal|error|warning|panic)' Although everything should log to mail.log if I set up rsyslog properly. The timestamp is not correlated to any of my cron jobs. How can I find out what caused this? Of course with Dovecot shut down Postfix refused to send mail as there was no auth service available. Simon