Re: [Dovecot] Services not starting in 2.1 (or 2.2)
Tommy Wareing skrev den 2013-07-10 14:09: [snip] Otherwise, you'd probably get much better help on the QNAP forums... I'm trying there as well. But trying to identify an active, relevant sub-forum is an interesting challenge in its own right :) Fingers crossed! yes qnap qpkg have btw xmail, dont know if its based on dovecot, but its more a maintained package then dovecot in ipkg is, is you running mta aswell in qnap ? wish from my side is that qnap change to gentoo portage, and then let portage maintainers support qnap hardware, its just a wish, just installing gentoo is not a problem, its just loose what software qnap makes :( http://wiki.qnap.com/wiki/Category:XDove is the only dovecot link i could find that is not just ipkg install dovecot :=) i think you have done ipkg update, ipkg upgrade, so this does not help old packages :( i self have a ts-419p+
Re: [Dovecot] Dovecot 2.2.4 : Panic: file pop3-client.c: line 585 (client_default_destroy): assertion failed: (client->cmd == NULL)
Thanks! I'll let you know if the issue disappears. Ken Anderson On 7/9/2013 9:20 PM, Timo Sirainen wrote: > On 5.7.2013, at 21.02, Ken A wrote: > >> This doesn't seem to affect clients, but I'm seeing an occasional pop3 >> error in the log over the last week. >> Any ideas what is causing this? > .. >>> Jul 4 15:04:03 mail dovecot: POP3(user)x.x.x.x: Connection >>> closed top=0/0, retr=0/0, del=0/4582, size=246709805 >> >>> Jul 4 15:04:03 mail dovecot: POP3(user)x.x.x.x: Panic: file >>> pop3-client.c: line 585 (client_default_destroy): assertion failed: >>> (client->cmd == NULL) > > The only reason I can see for this is: > http://hg.dovecot.org/dovecot-2.2/rev/debbcfe5577a > > > -- Ken Anderson Pacific Internet - http://www.pacific.net
Re: [Dovecot] avoid log message when using nagios check
Le 10 juil. 2013 à 21:41, Timo Sirainen a écrit : > On 10.7.2013, at 22.39, Daniel Parthey wrote: > >>> So it would have to disable logging also for the logout message after >>> login.. Can those load balancers be configured to send these kind of >>> extra XCLIENT/ID commands? Is it really worth the effort that it really >>> works in enough systems? >> >> No. It does simple TCP connects, doesn't know about IMAP at all and won't >> send any string, it just checks if the TCP port is available. Would it be a >> problem to remove the log message altogether, at least for trusted IPs or >> make it a warning, not an error. What is so bad with TCP >> connects/disconnects without any IMAP traffic, especially when they >> originate from trusted IPs? > > They are regular info messages, not errors or warnings.. Really, I'm not sure it is the role of Dovecot to bother with such things. As a mail-related software, it is essential to know it will report any potentially useful info. So, if the admin ins't interested in info messages emitted by Dovecot, just filter those messages at the logging system level; no need to have Dovecot implement sophisticated logging policies. If Nagios insists on natively perform incomplete logins, it isn't Dovecot's responsibility to try to filter such log messages on the basis of sophisticated rules: on the contrary, such messages are useful to understand that something is worth a deeper investigation than just asking Dovecot to implement more complexity for more than probably futile reasons. If a device or a surveyor software behaves like an attacker, couldn't be argued that the device or the surveyor software is somehow flawed, instead of asking Dovecot to hide those flaws? Axel
Re: [Dovecot] avoid log message when using nagios check
Am 10.07.2013 21:41, schrieb Timo Sirainen: On 10.7.2013, at 22.39, Daniel Parthey wrote: So it would have to disable logging also for the logout message after login.. Can those load balancers be configured to send these kind of extra XCLIENT/ID commands? Is it really worth the effort that it really works in enough systems? No. It does simple TCP connects, doesn't know about IMAP at all and won't send any string, it just checks if the TCP port is available. Would it be a problem to remove the log message altogether, at least for trusted IPs or make it a warning, not an error. What is so bad with TCP connects/disconnects without any IMAP traffic, especially when they originate from trusted IPs? They are regular info messages, not errors or warnings.. You're right, TCP connections don't seem to be a real problem here. I confused it with the following messages, we get every few minutes in the dovecot-director.log, but I'm not sure of their origin yet, there are some other imap proxies/balancer in front of the director: Jul 10 21:51:46 10.129.3.233 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 21:51:49 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 21:54:46 10.129.3.233 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 21:56:22 10.129.3.233 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 21:57:51 10.129.3.200 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 21:59:23 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:00:48 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:03:47 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:06:51 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:11:14 10.129.3.200 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:12:52 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:15:50 10.129.3.200 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:15:50 10.129.3.233 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:24:51 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:24:53 10.129.3.200 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:35:21 10.129.3.200 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:39:52 10.129.3.213 dovecot: director: Error: read(login connection) failed: Connection reset by peer Jul 10 22:41:22 10.129.3.233 dovecot: director: Error: read(login connection) failed: Connection reset by peer Regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.part...@metaways.de Web:http://www.metaways.de Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel Handelsregister: Amtsgericht Lübeck HRB 4508 AH Geschäftsführung: Hermann Thaele, Lüder-H.Thaele
Re: [Dovecot] avoid log message when using nagios check
On 10.7.2013, at 22.39, Daniel Parthey wrote: >> So it would have to disable logging also for the logout message after >> login.. Can those load balancers be configured to send these kind of >> extra XCLIENT/ID commands? Is it really worth the effort that it really >> works in enough systems? > > No. It does simple TCP connects, doesn't know about IMAP at all and won't > send any string, it just checks if the TCP port is available. Would it be a > problem to remove the log message altogether, at least for trusted IPs or > make it a warning, not an error. What is so bad with TCP connects/disconnects > without any IMAP traffic, especially when they originate from trusted IPs? They are regular info messages, not errors or warnings..
Re: [Dovecot] avoid log message when using nagios check
Timo Sirainen schrieb: >On 10.7.2013, at 21.48, Kelsey Cummings wrote: > >>> This is fine for the nagios checks, but we are facing similar >>> problems with our loadbalancer, which is just doing TCP Healthchecks >>> on the IMAP/POP3/SIEVE ports, so being able to disable the warning >>> for trusted networks would be really helpful. >> >> Same here. We use LVS with surealived and LUA scripting to do a >complete login/logout cycle as part of the health check. Even the >ancient Alteon's had similar functionality (and supported common >protocols like pop and imap out of the box.) > >So it would have to disable logging also for the logout message after >login.. Can those load balancers be configured to send these kind of >extra XCLIENT/ID commands? Is it really worth the effort that it really >works in enough systems? No. It does simple TCP connects, doesn't know about IMAP at all and won't send any string, it just checks if the TCP port is available. Would it be a problem to remove the log message altogether, at least for trusted IPs or make it a warning, not an error. What is so bad with TCP connects/disconnects without any IMAP traffic, especially when they originate from trusted IPs?
Re: [Dovecot] How to manipulate attachments with LDA?
On 2013-07-09 16:44, Robert Schetterer wrote: at my last tests , i was able to execute procmail with sieve, it should do some stuff to attachments http://blog.lundscape.com/2009/10/extract-email-attachments-with-procmail-and-munpack/ but perhaps you wanna use more postfix stuff look at http://www.developertoolshed.com/how-to/141/ This posfix detaching looks promising. Thanks a lot.
Re: [Dovecot] avoid log message when using nagios check
On 10.7.2013, at 21.48, Kelsey Cummings wrote: >> This is fine for the nagios checks, but we are facing similar >> problems with our loadbalancer, which is just doing TCP Healthchecks >> on the IMAP/POP3/SIEVE ports, so being able to disable the warning >> for trusted networks would be really helpful. > > Same here. We use LVS with surealived and LUA scripting to do a complete > login/logout cycle as part of the health check. Even the ancient Alteon's > had similar functionality (and supported common protocols like pop and imap > out of the box.) So it would have to disable logging also for the logout message after login.. Can those load balancers be configured to send these kind of extra XCLIENT/ID commands? Is it really worth the effort that it really works in enough systems?
Re: [Dovecot] avoid log message when using nagios check
On 2013-07-10 05:16, Daniel Parthey wrote: Just do a complete login/logout sequence. If you aren't doing a complete login/logout sequence and possibly even pulling down a message you aren't performing an accurate health check to begin with. We don't use nagios but I'd be surprised if those scripts don't optionally take a username and password. This is fine for the nagios checks, but we are facing similar problems with our loadbalancer, which is just doing TCP Healthchecks on the IMAP/POP3/SIEVE ports, so being able to disable the warning for trusted networks would be really helpful. Same here. We use LVS with surealived and LUA scripting to do a complete login/logout cycle as part of the health check. Even the ancient Alteon's had similar functionality (and supported common protocols like pop and imap out of the box.) -- Kelsey Cummings - k...@corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407
Re: [Dovecot] dsync/imapc migration question
On 07/10/2013 02:49 AM, Timo Sirainen wrote: I think imapc automatically reconnects and retries the command. In any case you should retry if dsync returns non-zero exit code. (The I/O and timeout leaks don't really matter, but they are also finally fixed in v2.2.3+.) Yes, I already adjusted the calling code (massive perl script) to ignore the leak messages, and of course look at the exit code. So, you're saying impac reconnects. I guess there is doing to be an error on top of "Server disconnected unexpectedly" if there was something irrecoverable. So can I just code that in? Or should I look only at the exit code? I'm being paranoid here, I know..
Re: [Dovecot] Crashes with 2.2.4 setup that worked perfectly with 2.2.2 (.2.3 also crashes)
On 07/09/2013 10:02 PM, Timo Sirainen wrote: > On 8.7.2013, at 12.31, Trever L. Adams > wrote: > >> I am not sure how to get the symbols necessary, however the following is >> the backtrace (this is Fedora 19 latest everything): >> >> Jul 8 03:23:02 MX dovecot: auth: Fatal: block_alloc(2147483648): Out of >> memory >> [0x7f97a9526ac1] -> /lib64/libldap-2.4.so.2(ldap_int_sasl_open+0x5c) >> [0x7f97a62f058c] -> /lib64/libldap-2.4.so.2(ldap_int_sasl_bind+0x5c9) >> [0x7f97a62f0cd9] -> >> /lib64/libldap-2.4.so.2(ldap_sasl_interactive_bind+0x96) > There's a bug in v2.2.4 with LDAP SASL binds. > http://hg.dovecot.org/dovecot-2.2/rev/2dd27b0e7e49 > > I'll try to get v2.2.5 out this week. Been a bit lazy these few weeks with a > "vacation". :) > > Only some basic testing so far, but I wanted to report that everything seems to be working perfectly. Thank you again, Timo. Trever signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Have an issue with catch-all - Dovecot-lda andPostfix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 10 Jul 2013, Joakim Ohlsson wrote: I run dovecot version 2.1.7 and postfix 2.9.6. I'm using dovecot-lda as local delivery. I use virtual users and need to use catch-all for some of my domains. Where do you use "catch-all" in Postfix or Dovecot? If you must use Dovecot's "catch-all", Postfix is calling the Dovecot LDA for times, so you end up with four copies. You could try to change to Dovecot LMTP, maybe it is detecting the duplication. Can you activate catch-all in Postfix, then Postfix is to detect the duplicate recipients. If I send the mail via Spamassassin I'll just receive one mail to t...@test.org with TO: te...@test.org, test2, te...@test.org, te...@test.org in the header. How do you send a mail via Spamassassin? You know that the "to" header is used in only very rare cases for mail routing, in other words: "to" has nothing to do with mail routing. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUd15nV3r2wJMiz2NAQIIBAf/VGjzKQCGOPyOdh1IjRCL1QPv8thFujt1 8OJJonm06EcxJ2hQGJFK/UK4TK8x4hcgse7Oj3NqsJV6n9u2UAcW1pe73phs5U53 mD0TLN8CsFOxwtP0nxZAYUGHgBriihRit0yUTNe0cdHMBOpCmLtaCe8EAnSSW6hU g+QcpTyrUiSbwSctYZv8ck2rI6Slym1cFHcJ818+rEeIBWz+ijtqNVaJ+jNavi3l f4EuEWL3qne8CkrwYCgSJ3ZYC32Z6niyglsJX3NAcZvRVlKvtV/tXfbnnlQ4i5Fn pkbWR/SzMI7YZISEYy+Vgioa6ulBo084g9mshuZQuw8XbMOZw5VCHg== =i2YG -END PGP SIGNATURE-
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On 2013-07-10 8:09 AM, Tommy Wareing wrote: On Wed, Jul 10, 2013 at 06:33:55AM -0400, Charles Marcus wrote: Otherwise, you'd probably get much better help on the QNAP forums... I'm trying there as well. But trying to identify an active, relevant sub-forum is an interesting challenge in its own right :) Fingers crossed! Cool - please by all means report back if/when you get an answer, as I have a couple of TS-569P's that I was considering trying to install dovecot... -- Best regards, Charles
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On 7/10/2013 9:22 AM, Tommy Wareing wrote: On Wed, Jul 10, 2013 at 08:42:20AM -0400, Tom Talpey wrote: On 7/10/2013 8:09 AM, Tommy Wareing wrote: On Wed, Jul 10, 2013 at 06:33:55AM -0400, Charles Marcus wrote: On 2013-07-10 5:28 AM, Tommy Wareing wrote: I'm trying to install Dovecot onto my QNAP NAS. Did you create the "dovenull" user, which is needed by 2.1+? I ran dovecot 2.1.7 on my stock SS-439 quite successfully, until I completely gave up on the QNAP firmware and reinstalled it with Ubuntu. Yes, I've got dovecot and dovenull users. In fact (just to check), doveconf for 2.0.21 complains if dovenull's not there: doveconf: Error: default_login_user doesn't exist: dovenull doveconf: Fatal: Error in configuration file /opt/etc/dovecot/dovecot.conf: default_login_user doesn't exist: dovenull Interestingly, it doesn't complain about the absence of dovecot. I guess I'd suggest configuring both log_path and info_log_path to point somewhere, and look for additional clues in the output. Maybe a missing home directory or a permissions problem on one of the sockets in /var/run/dovecot, something like that. Remember the QNAP firmware puts a bunch of that stuff in a very small ramdisk. Tom.
Re: [Dovecot] Have an issue with catch-all - Dovecot-lda andPostfix
Am 10.07.2013 15:17, schrieb Joakim Ohlsson: > Hi, > > I run dovecot version 2.1.7 and postfix 2.9.6. > I'm using dovecot-lda as local delivery. > I use virtual users and need to use catch-all for some of my domains. > > My problem when using catch-all is that I got a separate email for each > recipient. > As an example: If I send mail to: te...@test.org, test2, te...@test.org, > te...@test.org and have a catch-all which will send this mail to > t...@test.org. > In this example I get 4 mails in my t...@test.org inbox and in TO: field in > the header I have all this four recipients: > TO: te...@test.org, test2, te...@test.org, te...@test.org. looks ok to me, did you expect other ? > > In my dovecot log: > 2013-07-10 13:49:25 lda(t...@test.org): Debug: Destination address: > t...@test.org (source: user@hostname) > 2013-07-10 13:49:25 lda(t...@test.org: Info: > msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX > 2013-07-10 13:49:25 lda(t...@test.org): Info: > msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX > 2013-07-10 13:49:25 lda(t...@test.org): Info: > msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX > 2013-07-10 13:49:25 lda(t...@test.org): Info: > msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX > > > My question is if it's possible to receive just one mail instead of four? perhaps, with some filter or supress doubles etc > > If I send the mail via Spamassassin I'll just receive one mail to > t...@test.org with TO: te...@test.org, test2, te...@test.org, te...@test.org > in the header. > > Thanks in advance > Br > Joakim > > # dovecot -n: > > you should solve your problem in not using catch alls in the first line Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On Wed, Jul 10, 2013 at 08:42:20AM -0400, Tom Talpey wrote: > On 7/10/2013 8:09 AM, Tommy Wareing wrote: > >On Wed, Jul 10, 2013 at 06:33:55AM -0400, Charles Marcus wrote: > >>On 2013-07-10 5:28 AM, Tommy Wareing wrote: > >>>I'm trying to install Dovecot onto my QNAP NAS. > >> > > Did you create the "dovenull" user, which is needed by 2.1+? I ran > dovecot 2.1.7 on my stock SS-439 quite successfully, until I completely > gave up on the QNAP firmware and reinstalled it with Ubuntu. I may end up with a "real" operating system yet. But I've only had the box for a fortnight, so it seems a little early for gutting it so completely ;) Yes, I've got dovecot and dovenull users. In fact (just to check), doveconf for 2.0.21 complains if dovenull's not there: doveconf: Error: default_login_user doesn't exist: dovenull doveconf: Fatal: Error in configuration file /opt/etc/dovecot/dovecot.conf: default_login_user doesn't exist: dovenull Interestingly, it doesn't complain about the absence of dovecot. (I'll put 'em back now ;-) -- Tommy Wareing
[Dovecot] Have an issue with catch-all - Dovecot-lda andPostfix
Hi, I run dovecot version 2.1.7 and postfix 2.9.6. I'm using dovecot-lda as local delivery. I use virtual users and need to use catch-all for some of my domains. My problem when using catch-all is that I got a separate email for each recipient. As an example: If I send mail to: te...@test.org, test2, te...@test.org, te...@test.org and have a catch-all which will send this mail to t...@test.org. In this example I get 4 mails in my t...@test.org inbox and in TO: field in the header I have all this four recipients: TO: te...@test.org, test2, te...@test.org, te...@test.org. In my dovecot log: 2013-07-10 13:49:25 lda(t...@test.org): Debug: Destination address: t...@test.org (source: user@hostname) 2013-07-10 13:49:25 lda(t...@test.org: Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX My question is if it's possible to receive just one mail instead of four? If I send the mail via Spamassassin I'll just receive one mail to t...@test.org with TO: te...@test.org, test2, te...@test.org, te...@test.org in the header. Thanks in advance Br Joakim # dovecot -n:
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On 7/10/2013 8:09 AM, Tommy Wareing wrote: On Wed, Jul 10, 2013 at 06:33:55AM -0400, Charles Marcus wrote: On 2013-07-10 5:28 AM, Tommy Wareing wrote: I'm trying to install Dovecot onto my QNAP NAS. Did you create the "dovenull" user, which is needed by 2.1+? I ran dovecot 2.1.7 on my stock SS-439 quite successfully, until I completely gave up on the QNAP firmware and reinstalled it with Ubuntu. Anyway, try this, which worked for me back on QNAP 3.7.x: /bin/adduser -DHS -g "XDove user" -h /tmp -s /bin/false dovecot /bin/adduser -DHS -g "XDove user" -h /tmp -s /bin/false dovenull Tom.
Re: [Dovecot] DOVECOT 2.2.4 = 501 5.5.4 Unsupported options in LMTP
> Looks like you asked this before and got an answer: > > http://www.dovecot.org/list/dovecot/2013-July/091317.html > > Regards, > > Stephan. > I'm sorry. In this way I subscribe this Mailing lists... I checked the same thing with dspam-3.10.2 and this error disappeared. I will be examine errors dspam-3.10.2. Thank you. 2013/7/10 Timo Sirainen > On 10.7.2013, at 14.31, Stephan Bosch wrote: > > > Op 7/10/2013 1:15 PM, Dmitry Dmitry schreef: > >> Hi, > >> > >> Sorry for my english. > >> My problem: > > > > Looks like you asked this before and got an answer: > > > > http://www.dovecot.org/list/dovecot/2013-July/091317.html > > I also considered today adding support for the SIZE option, but there's > currently no easy way to feed that information to quota plugin to allow it > to reject the message early if user is over quota. And having a no-op > feature seemed kind of pointless. > >
Re: [Dovecot] avoid log message when using nagios check
Am 10.07.2013 10:59, schrieb lluis:
Hello,
I'm using a nagios check to monitor dovecot status, since dovecot v2 I
see those syslog messages on every nagios check:
pop3-login: Aborted login (no auth attempts in 0 secs)
imap-login: Aborted login (no auth attempts in 0 secs)
I tried to avoid those messages sending a logout string:
check_imap -H localhost -e 'OK' -s 'a logout'
check_pop -H localhost -e 'OK' -s 'quit'
but now I get
imap-login: Disconnected (no auth attempts in 0 secs)
pop3-login: Disconnected (no auth attempts in 0 secs)
what can I do to avoid a log message on every nagios check?
Just do a complete login/logout sequence.
I have developed some perl scripts to do so.
This is fine for the nagios checks, but we are facing similar
problems with our loadbalancer, which is just doing TCP Healthchecks
on the IMAP/POP3/SIEVE ports, so being able to disable the warning
for trusted networks would be really helpful.
Regards
Daniel
--
Dipl.-Inf. Daniel Parthey
System Engineer
Metaways Infosystems GmbH
Pickhuben 2, D-20457 Hamburg
E-Mail: d.part...@metaways.de
Web:http://www.metaways.de
Tel:+49 (0)40 317031-537
Fax:+49 (0)40 317031-937
Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel
Handelsregister: Amtsgericht Lübeck HRB 4508 AH
Geschäftsführung: Hermann Thaele, Lüder-H.Thaele
#!/usr/bin/env perl
use strict;
use warnings;
use Getopt::Long;
use Net::IMAP::Simple;
use Time::HiRes;
my $PROGNAME = "check_imap_login";
my $TIMEOUT = 120;
my ($imap,$output,$status,$return);
my $options = {
'globaltimeout' => 180,
'port' => '143',
'timeout' => 30,
'warning' => 30,
'critical' => 30
};
my $ERRORS = {
'OK'=> 0,
'WARNING' => 1,
'CRITICAL' => 2,
'UNKNOWN' => 3,
'DEPENDENT' => 4
};
my $state = 'UNKNOWN';
# close IMAP connection, print result and exit
sub nsexit {
$imap->quit() if ($imap);
my ($msg,$code) = @_;
$code=$state if (!defined $code);
print "IMAP $code: $msg\n" if (defined $msg);
exit $ERRORS->{$code};
}
# Show verbose help screen
sub print_help() {
print "$PROGNAME - (c) 2008-2011 Daniel Parthey \n";
print "This program is licensed under the terms of the GNU GPLv2\n";
print "\n";
print "Checks login to an IMAP email account\n";
print "\n";
print "Usage: \n";
print " $PROGNAME -h host -u user -p password [-P port] [-t secs]\n";
print " $PROGNAME [-h | --help]\n";
print "\n";
print "--help This help text\n";
print " -h|--hostname Hostname or IP address of POP3 server\n";
print " -P|--port Port number of POP3 server (optional)\n";
print " -u|--username Username of POP3 mailbox account\n";
print " -p|--password Password of POP3 mailbox account\n";
print " -t|--timeout Number of seconds until login attempt
times out\n";
print " -w|--warning Warn if login lasts more than number of
seconds\n";
print " -c|--criticalCritical if login lasts more than number
of seconds\n";
exit $ERRORS->{'UNKNOWN'};
};
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print ("ERROR: $0 Time-Out $TIMEOUT s \n");
exit $ERRORS->{'UNKNOWN'};
};
alarm($TIMEOUT);
# Evaluate Command Line Parameters
Getopt::Long::Configure('no_ignore_case');
my $getopt = GetOptions(
'help' => \$options->{'help'},
"h=s" => \$options->{'hostname'}, "hostname=s" => \$options->{'hostname'},
"u=s" => \$options->{'username'}, "username=s" => \$options->{'username'},
"p=s" => \$options->{'password'}, "password=s" => \$options->{'password'},
"P=s" => \$options->{'port'}, "port=s" => \$options->{'port'},
"t=i" => \$options->{'timeout'}, "timeout=i" => \$options->{'timeout'},
"w=i" => \$options->{'warning'}, "warning=i" => \$options->{'warning'},
"c=i" => \$options->{'critical'}, "critical=i" => \$options->{'critical'}
);
if (!$getopt){ print_help() };
if (!$options->{'hostname'}) { print "hostname missing\n"; print_help(); };
if (!$options->{'username'}) { print "username missing\n"; print_help(); };
if (!defined($options->{'password'}))
{
print "password missing\n";
print_help();
}
my $starttime = Time::HiRes::time();
$imap = Net::IMAP::Simple->new(
$options->{'hostname'},
port=> $options->{'port'},
timeout => $options->{'timeout'}
);
if (!defined($imap))
{
nsexit(
"No IMAP banner found on $options->{'hostname'}:$options->{'port'}",
'CRITICAL'
);
}
my $login_success = $imap->login(
$options->{'username'},
$options->{'password'}
);
if (!defined($login_success))
{
nsexit("Login failed for user $options->{'username'}",'CRITICAL');
}
my $msgcount = $imap->select();
if (!defined($msgcount))
{
nsexit("Could not select INBOX: ".$imap->errstr(),'CRITICAL');
}
my $endtime = Time::HiRes::time();
my $duration = $endtime-$starttime;
my $rounded_duration = sprintf("
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On Wed, Jul 10, 2013 at 06:33:55AM -0400, Charles Marcus wrote: > On 2013-07-10 5:28 AM, Tommy Wareing wrote: > >I'm trying to install Dovecot onto my QNAP NAS. > > Which device, and what version of OS? Whoops! Sorry, I was concentrating too much on the specifics of the problem, and not enough on my setup! It's a TS-869L, with version 4.0.1 of the firmware. (So it's running on an Intel Atom CPU, if that's at all relevant) uname -a reports: Linux qnap.mrwolf.afraid.org 3.4.6 #1 SMP Tue Jun 4 20:08:41 CST 2013 x86_64 GNU/Linux and dovecot -n agrees: # OS: Linux 3.4.6 x86_64 ext4 > QNAP NAS devices are notorious for having ancient versions of > critical OS software (like the kernel, glib, OpenSSL, etc)... Yup, I'd already tripped over that quite a lot. I've installed updates from ipkg, but those aren't the most up to date either (dovecot 1.2.0 beta!) I'm happy to check for further updates of "stuff", or supply version numbers, or run other diagnostics, but without knowing the sort of "stuff" I'm looking for, that's probably not helpful. make check, incidentally, passes satisfactorily on all three builds. > If you haven't already, check and see if the new 4.x OS version is > available for your device, and if so, and you aren't already running > it, update it, and try again. Already done. > Otherwise, you'd probably get much better help on the QNAP forums... I'm trying there as well. But trying to identify an active, relevant sub-forum is an interesting challenge in its own right :) Fingers crossed! -- Tommy Wareing
Re: [Dovecot] DOVECOT 2.2.4 = 501 5.5.4 Unsupported options in LMTP
On 10.7.2013, at 14.31, Stephan Bosch wrote: > Op 7/10/2013 1:15 PM, Dmitry Dmitry schreef: >> Hi, >> >> Sorry for my english. >> My problem: > > Looks like you asked this before and got an answer: > > http://www.dovecot.org/list/dovecot/2013-July/091317.html I also considered today adding support for the SIZE option, but there's currently no easy way to feed that information to quota plugin to allow it to reject the message early if user is over quota. And having a no-op feature seemed kind of pointless.
Re: [Dovecot] DOVECOT 2.2.4 = 501 5.5.4 Unsupported options in LMTP
Op 7/10/2013 1:15 PM, Dmitry Dmitry schreef: Hi, Sorry for my english. My problem: Looks like you asked this before and got an answer: http://www.dovecot.org/list/dovecot/2013-July/091317.html Regards, Stephan.
[Dovecot] DOVECOT 2.2.4 = 501 5.5.4 Unsupported options in LMTP
Hi,
Sorry for my english.
My problem:
***
dspam-3.9.0 (dspam-3.10.2 all the time segmentation fault)
dspam.conf
# DeliveryHost/var/run/dovecot/lmtp # same error as IP
DeliveryHost127.0.0.33
DeliveryPort24
DeliveryProto LMTP
ServerHost 192.168.1.34
ServerPort 24
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
***
dovecot-2.2.4
10-master.conf
service lmtp {
# Create inet listener only if you can't use the above UNIX socket
inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
address = 127.0.0.33
port = 24
}
}
quota is not included
***
telnet to dspam LMTP
# telnet 192.168.1.34 24
Trying 192.168.1.34...
Connected to 192.168.1.34.
Escape character is '^]'.
220 DSPAM LMTP 3.9.0 Ready
LHLO test.com
250-localhost.localdomain
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 SIZE
MAIL FROM:
250 2.1.0 OK
RCPT TO:
250 2.1.5 OK
DATA
354 Enter mail, end with "." on a line by itself
1234567
qwertyu
asdfghj
.
530 5.3.0 Fatal: 501 5.5.4 Unsupported options
QUIT
221 2.0.0 OK
Connection closed by foreign host.
***
at the same time tcpflow LMTP
# tcpflow -c -i any host 127.0.0.33
127.000.000.033.00024-127.000.000.001.41663: 220 mail Dovecot ready.
127.000.000.001.41663-127.000.000.033.00024: LHLO localhost
127.000.000.001.41663-127.000.000.033.00024:
127.000.000.033.00024-127.000.000.001.41663: 250-mail
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING
127.000.000.001.41663-127.000.000.033.00024: MAIL FROM:
SIZE=25
127.000.000.001.41663-127.000.000.033.00024:
127.000.000.033.00024-127.000.000.001.41663: 501 5.5.4 Unsupported options
127.000.000.001.41663-127.000.000.033.00024: QUIT
127.000.000.001.41663-127.000.000.033.00024:
127.000.000.033.00024-127.000.000.001.41663: 221 2.0.0 OK
^Ctcpflow[5411]: terminating
***
after telnet to dovecot LMTP
# telnet 127.0.0.33 24
Trying 127.0.0.33...
Connected to 127.0.0.33.
Escape character is '^]'.
220 mail Dovecot ready.
LHLO test.com
250-mail
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING
MAIL FROM:
250 2.1.0 OK
RCPT TO:
250 2.1.5 OK
DATA
354 OK
1234567
qwertyu
asdfghj
.
250 2.0.0 WVKvFEln1VEuFQAAZU03Dg Saved
QUIT
221 2.0.0 OK
How can I persuade dovecot to deliver the mail?
And one more:
telnet to dovecot LMTP
# telnet 127.0.0.33 24
MAIL FROM: t...@test.com
501 5.5.4 Invalid parameters
MAIL FROM:
501 5.5.4 Invalid parameters
MAIL FROM:
250 2.1.0 OK
telnet to dspam LMTP
# telnet 192.168.1.34 24
MAIL FROM: t...@test.com
250 2.1.0 OK
# telnet 192.168.1.34 24
MAIL FROM:
250 2.1.0 OK
Thank you!
Regards,
Dmitry
Re: [Dovecot] Services not starting in 2.1 (or 2.2)
On 2013-07-10 5:28 AM, Tommy Wareing wrote: I'm trying to install Dovecot onto my QNAP NAS. Which device, and what version of OS? QNAP NAS devices are notorious for having ancient versions of critical OS software (like the kernel, glib, OpenSSL, etc)... If you haven't already, check and see if the new 4.x OS version is available for your device, and if so, and you aren't already running it, update it, and try again. Otherwise, you'd probably get much better help on the QNAP forums... -- Best regards, Charles
Re: [Dovecot] Crashes with 2.2.4 setup that worked perfectly with 2.2.2 (.2.3 also crashes)
On 07/09/2013 10:02 PM, Timo Sirainen wrote: > On 8.7.2013, at 12.31, Trever L. Adams > wrote: > >> I am not sure how to get the symbols necessary, however the following is >> the backtrace (this is Fedora 19 latest everything): >> >> Jul 8 03:23:02 MX dovecot: auth: Fatal: block_alloc(2147483648): Out of >> memory >> [0x7f97a9526ac1] -> /lib64/libldap-2.4.so.2(ldap_int_sasl_open+0x5c) >> [0x7f97a62f058c] -> /lib64/libldap-2.4.so.2(ldap_int_sasl_bind+0x5c9) >> [0x7f97a62f0cd9] -> >> /lib64/libldap-2.4.so.2(ldap_sasl_interactive_bind+0x96) > There's a bug in v2.2.4 with LDAP SASL binds. > http://hg.dovecot.org/dovecot-2.2/rev/2dd27b0e7e49 > > I'll try to get v2.2.5 out this week. Been a bit lazy these few weeks with a > "vacation". :) > > Thank you for the information Timo. I hope your "vacation" was great! Thanks again, Trever signature.asc Description: OpenPGP digital signature
[Dovecot] Services not starting in 2.1 (or 2.2)
I'm trying to install Dovecot onto my QNAP NAS. I apologise for this! It means I'm not working in a normal environment, and don't (necessarily) have the normal range of tools available (or the most up to date version of those tools). It seems that 2.0.21 works (at least, as far as I've tested), but 2.1.17 and 2.2.4 won't start up their child services. I've got the source code for all three from http://www.dovecot.org/download.html, and, for experimental purposes, I'm configuring with: ./configure --prefix=/opt The configure script ends by reporting: Install prefix . : /opt File offsets ... : 64bit I/O polling : epoll I/O notifys : inotify SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow checkpassword : -pam -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword nss : -ldap -sql -vpopmail SQL drivers : : -pgsql -mysql -sqlite The dovecot.conf I'm using, at the moment, is the absolute minimal to fire things up: protocols = imap listen = * ssl_cert =
Re: [Dovecot] avoid log message when using nagios check
On 10.7.2013, at 12.44, lluis wrote:
> there is something I can send to silently exit?
No. Attackers would otherwise use that. Although I suppose something could be
added if the source IP is from login_trusted_networks.. Wonder what would be a
good way. I guess the same commands that are used to pass IPs through proxies,
so maybe:
IMAP:
a ID ("x-silent-logout" "y")
b LOGOUT
POP3:
XCLIENT SILENT-LOGOUT
QUIT
But would those work well enough everywhere? Should it be a LOGOUT/QUIT
parameter instead?.. Such parameters could be troublesome though.
Re: [Dovecot] avoid log message when using nagios check
Hi Marcin, filtering in syslog is an option, but then I will not be able to get those messages when are not generated from a nagios check there is something I can send to silently exit? El dc 10 de 07 de 2013 a les 11:15 +0200, en/na Marcin Mirosław va escriure: > W dniu 10.07.2013 10:59, lluis pisze: > > Hello, > > I'm using a nagios check to monitor dovecot status, since dovecot v2 I > > see those syslog messages on every nagios check: > > > > pop3-login: Aborted login (no auth attempts in 0 secs) > > imap-login: Aborted login (no auth attempts in 0 secs) > > > > I tried to avoid those messages sending a logout string: > > > > check_imap -H localhost -e 'OK' -s 'a logout' > > check_pop -H localhost -e 'OK' -s 'quit' > > > > but now I get > > > > imap-login: Disconnected (no auth attempts in 0 secs) > > pop3-login: Disconnected (no auth attempts in 0 secs) > > > > what can I do to avoid a log message on every nagios check? > Hi Lluis! > Maybe just filter it in your syslog? > Marcin
Re: [Dovecot] Ambiguous behavior with prefetch database?
Le 10 juil. 2013 à 04:37, Timo Sirainen a écrit : > Fixed: http://hg.dovecot.org/dovecot-2.2/rev/9091d0f2d971 > > And for LDAP: http://hg.dovecot.org/dovecot-2.2/rev/939aa051e3f1 Hello Timo, Many thanks for having taken the pain to have a look at this. (BTW, when do you sleep?) I've tried the patch for sql, on an otherwise unpatched 2.2.4. And it unfortunately doesn't seem to yield the expected results: I still need the "AS userdb_uid" workaround. May I somehow be useful by trying something else here? Best Regards, Axel
Re: [Dovecot] Dovecot 2.2.4 - Fatal: master: service(imap): child 44562 killed with signal 11
W dniu 10.07.2013 05:56, Timo Sirainen pisze: > After thinking about it enough and not seeing any simple fix for the crash, I > did some larger changes to hg which fix this. There's an easy workaround > though: Explicitly configure a hierarchy separator for the imapc namespaces. Hi Timo, hi all! Thank you, I've applied three patches and now dovecot works without problem. Even more! It looks that "ignore_on_failure = yes" works better now:) Regards, Marcin
Re: [Dovecot] avoid log message when using nagios check
W dniu 10.07.2013 10:59, lluis pisze: > Hello, > I'm using a nagios check to monitor dovecot status, since dovecot v2 I > see those syslog messages on every nagios check: > > pop3-login: Aborted login (no auth attempts in 0 secs) > imap-login: Aborted login (no auth attempts in 0 secs) > > I tried to avoid those messages sending a logout string: > > check_imap -H localhost -e 'OK' -s 'a logout' > check_pop -H localhost -e 'OK' -s 'quit' > > but now I get > > imap-login: Disconnected (no auth attempts in 0 secs) > pop3-login: Disconnected (no auth attempts in 0 secs) > > what can I do to avoid a log message on every nagios check? Hi Lluis! Maybe just filter it in your syslog? Marcin
[Dovecot] avoid log message when using nagios check
Hello, I'm using a nagios check to monitor dovecot status, since dovecot v2 I see those syslog messages on every nagios check: pop3-login: Aborted login (no auth attempts in 0 secs) imap-login: Aborted login (no auth attempts in 0 secs) I tried to avoid those messages sending a logout string: check_imap -H localhost -e 'OK' -s 'a logout' check_pop -H localhost -e 'OK' -s 'quit' but now I get imap-login: Disconnected (no auth attempts in 0 secs) pop3-login: Disconnected (no auth attempts in 0 secs) what can I do to avoid a log message on every nagios check? thanks! Lluís
Re: [Dovecot] Dovecot SLOW in imaptest without any apparent reason
On 28.6.2013, at 13.28, FABIO FERRARI wrote: > I'm migrating a mail server from a centos 5 cluster architecture to a > centos 6 cluster architecture. The new cluster involves faster machines > then the old cluster, and a virtual machine. > I use dovecot-2.0.9-5.el6.x86_64, while the old cluster uses > dovecot-2.0.1-1_118.el5. Since both are v2.0.x there aren't any big differences in how they work. > Tha mail server uses mysql for the users database, and a local ldap for > authentication. .. > ./imaptest user=XXX pass=XXX secs=120 seed=123 mbox=./dovecot-crlf Test if the difference is in authentication or non-authentication: auth: imaptest user=XX pass=XX secs=120 seed=123 - select=0 non-auth: imaptest user=XX pass=XX secs=120 seed=123 logout=0 My guess is that it's authentication related.
