Re: [Dovecot] dovecot, spamassasin and lmtp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Aug 2013, alfdc wrote: My MTA is sendmail. And for sendmail the suggested way to trigger spamassasin is via procmail. But since procmail is gone then see http://wiki.apache.org/spamassassin/IntegratedInMta procmail is just one way. If you know Perl (well), you can control mail message flow with MIMEDefang to every bit. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgCZuV3r2wJMiz2NAQKTQAgAmhoUfkXgakLHZO+bQcJ2dPjFSnSEDcAr t3w0NeqYTWETPmKh55eX6ym9wi8WE6BVqFuIR0FT0a1V6FVxn5G985yruEfTKIFl r733gmdbBvJmHmAwVtMv4e4MTRSBwIljKXl0GbyjMLQlRAaDSJtXvqKgzRdcUbTE +DUJ8H1OM3mZ8znhijog232jEdgwigYB/0gVa68BSc7K0C/l9jIG0VFWSw+5RBWP ChEm/D0HT/8qzTOewD0ltaRAoKG7V1dr4BIDRPkInIJP+WgHTjQVTq5f3YrzZmL2 73tUeWGn6QsnulccmsyoLMTgiWf8SL0j1O9cpD1v7RntsJL+a6AasQ== =zDJu -END PGP SIGNATURE-
Re: [Dovecot] Using ldap and pam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 5 Aug 2013, Bo Lynch wrote:
Having some issues with ldap logins. I am using Centos
5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1
Trying to get this to work with the SoGo interface. First I converted all
my standard system users to ldap using the openldap-tools. This worked
fine, however when a user changes there password they can no longer see
there email. If they change it back to the original password mail can be
seen. This has stumped me for a day or so so I was hoping someone could
shed some light.
What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes
/etc/dovecot.conf
protocols = imap imaps
disable_plaintext_auth = no
mbox_read_locks = fcntl
mbox_write_locks = fcntl
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = postmas...@example.com
}
auth default {
mechanisms = plain login
passdb pam {
}
passdb ldap {
args = /etc/dovecot-ldap.pass
}
You first query PAM then LDAP. If your users are in passwd still, you get
a failed password response.
userdb passwd {
}
You read the user data from passwd? I think you've migrated to LDAP?
user = root
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
/etc/dovecot-ldap.conf
hosts = 127.0.0.1:389
sasl_bind = no
auth_bind = yes
auth_bind = no
ldap_version = 3
deref = never
dn = cn=sogo,dc=ameliaschools,dc=com
dnpass=password
base = dc=ameliaschools,dc=com
scope = subtree
pass_attrs = uid=user, userPassword=password
pass_filter = (uid=%u)
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUgCatF3r2wJMiz2NAQIbPwf/dv1WYwiUjLH/EXeWnBhan6ygb33Cw9yg
gluh62cH0hr4yJMCYxvbfWqUS+BjtO01x5kXJuNFQf7EyZ9PjRXv5ElyGr7Q8yHo
t4rpVn4s1tDm5xlxcR7HHCh2XUFlUDmA3vrOmn6CeddFUZgfEXXlhjaI9n35Kg/5
yrO71mDi60jhz5FM3MqFskM8cvgmwP/gWiW1fpsPVHXyQcQ/B//jKCMhGaEAwGOw
1ydN7JOwkYrlOnOEoO2OQ8wKHpH5dLXtYa0lt11DaV0CnLsb9784CYAsFrXvJwud
HU8EKDaWDOnqoaBr76dkl+HvhB04MfmJAapyloJa4Qtm+smnH0Md0g==
=dbUQ
-END PGP SIGNATURE-
Re: [Dovecot] dovecot, spamassasin and lmtp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Aug 2013, Steffen Kaiser wrote: My MTA is sendmail. And for sendmail the suggested way to trigger spamassasin is via procmail. But since procmail is gone then see http://wiki.apache.org/spamassassin/IntegratedInMta procmail is just one way. If you know Perl (well), you can control mail message flow with MIMEDefang to every bit. Ah, for easy per-user scanning you could look at Pigeonhole's execute, filter, or pipe extension: http://wiki2.dovecot.org/Pigeonhole/Sieve/ - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgCc0l3r2wJMiz2NAQI7OQgAn2kiDWel9GX+89vgaEfZD0Un8jRePbFw +YwfIsMGqZL72PtWI1onstuvvsWQAuESwHJa7oo1KfI0WKYn7N9Et51W9J/1RnIC Jjp5pUSiWsHPVfwP4Qo4l+6zHIjTC9IyJZg7oUbnWj5egAjrqwsOpXsSDUmrjwZb VZdHzzjOXSuoQbUCjPKhZvBjX8g6JdBEx9Rw7ge4gVy/tMScedipdzLBI7dnEB0M lTkv2s8/aIRn1/coskh+nW1YUyUrFgRVot4zqXLtVHXIr7fVzktq03Vf0x1qoX3/ IwcBgbLXU85CJEezwFJMx7kaIGUgj986AQubu/PVxBRoelrOvTiazQ== =RT0a -END PGP SIGNATURE-
Re: [Dovecot] INBOX protected foldername?
Hello,
[...]
In higher dovecot versions INBOX seems to be a kind of protected
foldername. dovecot is not offering this folder in folderlist. If i
rename it, the folder is available again.
[...]
Is there an explaination for this behaviour?
The case-insensitive mailbox name INBOX is a special name reserved to
mean the primary mailbox for this user on this server. The
interpretation of all other names is implementation-dependent.
Its not about the INBOX itself in /var/mail, there are some clients like
groupoffice which do their own foldermanagment and create a Folder INBOX on
top-level in mailspace
Hiding user created folders with Name INBOX seems to be based on standard
namespace config in 2.1.x
In dovecot 2.1.7 we have in global:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
}
This seems to be the default and leads to the problem that Folders with Name
INBOX are hidden.
Like suggested in http://wiki2.dovecot.org/Namespaces (Examples Mixed mbox
and Maildir) i changed the standard namespace to:
namespace inbox {
separator = /
prefix = #mbox/
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace mbox {
separator = /
prefix =
location = mbox:~/mail
}
Because we are using mbox, i have to set up the 2nd namespace again with
location = mbox:~/mail.
This works and Folders with Name INBOX are shown again. This namespace
configuration looks a bit strange to me, but works. Is this a recommend way
to do this? I dont want to get surprised by other behaviour.
Thanks,
Hajo
Re: [Dovecot] Expunged message reappeared, giving a new UID
Hello, For what it's worth, still experiencing these symptoms with 2.2.5. Thanks, Simon. On Thu, 2013-08-01 at 15:02 +0100, Simon Fraser wrote: On Thu, 2013-08-01 at 15:09 +0300, Timo Sirainen wrote: On Fri, 2013-07-26 at 11:28 +0100, Simon Fraser wrote: I am running dovecot 2.2.2 with tcp based replication, and experiencing some duplicated emails. `doveconf -n` output is below. Are both of the servers using the same mailbox format? Yes, they are. `doveconf -n | grep mail_location` on both nodes gives: mail_location = maildir:~/mail:INBOX=~/mail/INBOX I've also tried with mdbox. Connect with a mail client, and delete the message - without delayed expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), or Evolution set to immediately delete. Can you reproduce this by disabling automatic replication (e.g. just remove replicator from mail_plugins) and running dsync manually? So basically delete the message, then run: doveadm sync -r rawlog -u user@domain -d If that reproduces it, send the rawlog to me. I can't reproduce it with that, sorry. Message deletion appears to work that way, and the command only produces I/O leak errors: dsync-local(s...@sanger.ac.uk): Warning: I/O leak: 0x7f00e50cc960 (line 341, fd 9) Using mail delivery and imap connections to node 'a' only, I have tried: 1) mail delivered, connecting/deleting/expunging, then sync 2) mail delivered, syncing, connecting/deleting/expunging, not syncing, then checking 3) mail delivered, syncing, connecting/deleting/expunging, syncing None cause the message to reappear. I tried initiating the sync from both nodes, just in case. Leaving the replication plugin enabled causes it to happen, though, so perhaps my timing is off. Other things I have discovered by running 'watch' or a while loop, both grepping the mail_location for my test subject line: A message is visible over imap before being written to mail_location. If I can manage to delete it in this time (there isn't much time!) then the message does not reappear. When the message reappears it gets a different filename (please excuse the grep output on the end): cur/1375364237.M969208P14576.intmail3a,S=2672,W=2731:2,:Subject: dup test is replaced with: cur/1375364242.M782761P838.intmail3b,S=2672,W=2731:2,:Subject: dup test This occurs less than a second after the expunge. There's only a log entry on intmail3a, not 3b: Aug 1 14:37:26 intmail3a dovecot: imap(srf): Warning: /mail/spool/s/srf/mail/INBOX/dovecot-uidlist: Duplicate file entry at line 105: 1375364237.M969208P14576.intmail3a,S=2672,W=2731 (uid 772051 - 772052) I'm happy to run as many diagnostics as required, just let me know what you'd like. Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Re: [Dovecot] v2.2.5 released
Le 6 août 2013 à 00:19, Jim Knuth a écrit : am 05.08.13 22:03 schrieb Timo Sirainen: http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig [...] thank you. Which Pigeonhole (Sieve) must I use? Hello Jim, Unless I'm wrong, the latest one for Dovecot 2.2: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz Axel
Re: [Dovecot] v2.2.5 released
am 06.08.13 11:35 schrieb Axel Luttgens axelluttg...@swing.be: Le 6 août 2013 à 00:19, Jim Knuth a écrit : am 05.08.13 22:03 schrieb Timo Sirainen: http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.5.tar.gz.sig [...] thank you. Which Pigeonhole (Sieve) must I use? Hello Jim, Unless I'm wrong, the latest one for Dovecot 2.2: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz Axel Thanx, Axel. But the question was: Is that the right one? ;) Ok, I will try that. -- Mit freundlichen Grüßen, with kind regards, Jim Knuth - Nur Kinder, Narren und sehr alte Leute können es sich leisten, immer die Wahrheit zu sagen. [Churchill]
[Dovecot] The sign in config files
Hallo experts, what is the meaning of the sign in config files as in ssl_key = /etc/pki/tls/private/dovecot.key ^ | ? --Frank Elsner
Re: [Dovecot] The sign in config files
On 6.8.2013, at 13.28, Frank Elsner fr...@moltke28.b.shuttle.de wrote: what is the meaning of the sign in config files as in ssl_key = /etc/pki/tls/private/dovecot.key ^ | ? Read the value from the specified file. Works for all settings.
Re: [Dovecot] Expunged message reappeared, giving a new UID
On 1.8.2013, at 17.02, Simon Fraser s...@sanger.ac.uk wrote: Connect with a mail client, and delete the message - without delayed expunge. So, for example, mutt (press 'd' then '$' to sync the mailbox), or Evolution set to immediately delete. Can you reproduce this by disabling automatic replication (e.g. just remove replicator from mail_plugins) and running dsync manually? So basically delete the message, then run: doveadm sync -r rawlog -u user@domain -d If that reproduces it, send the rawlog to me. I can't reproduce it with that, sorry. Message deletion appears to work that way, and the command only produces I/O leak errors: Here's another idea: Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. The servers have different hostnames, right?
Re: [Dovecot] Expunged message reappeared, giving a new UID
On 6.8.2013, at 14.30, Timo Sirainen t...@iki.fi wrote: Here's another idea: Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. The servers have different hostnames, right? The more I think about it, the more this makes sense. You seem to have different hostnames, but .. maybe they're not from Dovecot's point of view for some reason? I added a new dovecot --hostdomain parameter to check it: http://hg.dovecot.org/dovecot-2.2/rev/5a3821097f3c
Re: [Dovecot] Using ldap and pam
On Tue, August 6, 2013 2:41 am, Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 5 Aug 2013, Bo Lynch wrote:
Having some issues with ldap logins. I am using Centos
5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1
Trying to get this to work with the SoGo interface. First I converted
all
my standard system users to ldap using the openldap-tools. This worked
fine, however when a user changes there password they can no longer see
there email. If they change it back to the original password mail can be
seen. This has stumped me for a day or so so I was hoping someone could
shed some light.
What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes
/etc/dovecot.conf
protocols = imap imaps
disable_plaintext_auth = no
mbox_read_locks = fcntl
mbox_write_locks = fcntl
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = postmas...@example.com
}
auth default {
mechanisms = plain login
passdb pam {
}
passdb ldap {
args = /etc/dovecot-ldap.pass
}
You first query PAM then LDAP. If your users are in passwd still, you get
a failed password response.
userdb passwd {
}
You read the user data from passwd? I think you've migrated to LDAP?
user = root
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
/etc/dovecot-ldap.conf
hosts = 127.0.0.1:389
sasl_bind = no
auth_bind = yes
auth_bind = no
ldap_version = 3
deref = never
dn = cn=sogo,dc=ameliaschools,dc=com
dnpass=password
base = dc=ameliaschools,dc=com
scope = subtree
pass_attrs = uid=user, userPassword=password
pass_filter = (uid=%u)
Is it possible to have 2 auth methods? Meaning if user and passwd does not
match in pam then go with ldap?
Re: [Dovecot] Expunged message reappeared, giving a new UID
On Tue, 2013-08-06 at 14:30 +0300, Timo Sirainen wrote: Here's another idea: Thank you for still looking into this Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. I disabled the replication on node b, restarted both, and connected to node a to deliver and read mail, and had the same symptoms. Tried it with replication enabled on node b but disabled on node a, and naturally the message didn't get replicated at all, and so didn't reappear. The servers have different hostnames, right? They do. There was a record that pointed to both IP addresses, but I've removed it after reading your suggestion here, and still see the symptoms. I also have a test system which has never had that A record that can show the same symptoms. The more I think about it, the more this makes sense. You seem to have different hostnames, but .. maybe they're not from Dovecot's point of view for some reason? I added a new dovecot --hostdomain parameter to check it: http://hg.dovecot.org/dovecot-2.2/rev/5a3821097f3c root@intmail3a:~# /mail/sbin/dovecot --hostdomain intmail3a.internal.sanger.ac.uk root@intmail3b:~# /mail/sbin/dovecot --hostdomain intmail3b.internal.sanger.ac.uk Each hostname points to 1 IP address, and the only PTR for each IP address is the hostname. No entry in /etc/hosts for either server name. Inspired by this, I have also tried disabling ipv6 on both servers, in case the lack of DNS entries there was causing an issue, but it didn't fix it. Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Re: [Dovecot] Using ldap and pam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 6 Aug 2013, Bo Lynch wrote:
passdb pam {
}
passdb ldap {
args = /etc/dovecot-ldap.pass
}
Is it possible to have 2 auth methods? Meaning if user and passwd does not
match in pam then go with ldap?
as far as I know, if PAM returns no such user, the next passdb is tried.
If PAM returns password mismatch, it chains to next passdb.
BTW: Dovecot also caches passwords, maybe you are hit by it?
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUgD0TV3r2wJMiz2NAQJtgggAqyRK7O1kiACDo5LQLw0jTEIoDreRY4mu
rn3air51MP1+JEhVdLyf7hajiC86L3pTdjJcoxPygHhEph1Aj1QHLXgFebFzPsN9
PNdfolRF1uDAl0E2y4A0+Ko6YeSekg9wprRgoDN8eF3NXpBX3GXIsML69wuZQmCm
MkdtK3Go6knfZKNCMJiSCierE0fj7RLwBnmKaC03mZFmNx4dsQGnJGGId03BPnLK
JAI49NKnmAsxXA+NCGW8ohqtjg/lxxYt7hU1INxdo3fp3Mnw64JRFCem8amlzEbz
jqam7BaVYIVmu4JGyPk250HQVYnFnnPRkMHCEfoaHMvUuCy4DZAm7Q==
=eZUc
-END PGP SIGNATURE-
Re: [Dovecot] v2.2.5 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Knuth said the following on 06/08/2013 12:11: Unless I'm wrong, the latest one for Dovecot 2.2: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz Thanx, Axel. But the question was: Is that the right one? ;) Works like a charm in my installations Ciao, luigi - -- / +--[Luigi Rosa]-- \ Computers make excellent and efficient servants, but I have no wish to serve under them. Captain, a starship also runs on loyalty to one man. And nothing can replace it or him. --Spock, The Ultimate Computer -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlIA9cIACgkQ3kWu7Tfl6ZRLmQCfWQMaPcWtG+sFZEx78QfAeF1Z mg8An3gJ8Zmk6KF6aLdP/Qej/m9qZ6dB =cbJX -END PGP SIGNATURE-
Re: [Dovecot] How to troubleshoot LDA or LMTP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Aug 2013, John Williams wrote: Please forgive me if these are silly questions. I am a normal user, not a system administrator. I am using Dovecot as a kind of IMAP caching proxy, i.e. reading IMAP mail via Gnus + Dovecot + Offlineimap. I am trying to enable sieve functionality. Offlineimap is to replicate two IMAP instances, so it believes that the message had been already delivered (and filtered). Usually one would use fetchmail and stuffs the messages into a local MTA. But then, the message are gone from the upstream server. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgD2UV3r2wJMiz2NAQL63gf7BrTcvMLWubqC/eYIgB88TJCA5l3uNzcV D0mklPNy05PiocFUqwIwTkq/1MNSg0yplO2zTHLLNwUiB9YIX1IBj8ojTN037LcE EYtwNGUR5eBYatw7z9w/uIzkHtJlTf+7jOtpOoqJbD19a0pujUxP5/rCtmLv/6br R0oK0IXHsLIxchA5sftWBSq+JLPcFQEbStWp+WPtJ4QJP3B2UCD7CHjqBMHhbA2g iQRZ8EfHKoc2g96DbGnTQvDNwNv/HaWeU345zMXuguKw2EhbH05/T3JaOm9BSFn1 MoHBkhmiIv2udU+x/ArqGpw0VCY2ssN+sYrJ2FGvj16qIyVGlR5edw== =3l4v -END PGP SIGNATURE-
Re: [Dovecot] Using ldap and pam
On Tue, August 6, 2013 9:04 am, Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 6 Aug 2013, Bo Lynch wrote:
passdb pam {
}
passdb ldap {
args = /etc/dovecot-ldap.pass
}
Is it possible to have 2 auth methods? Meaning if user and passwd does
not
match in pam then go with ldap?
as far as I know, if PAM returns no such user, the next passdb is tried.
If PAM returns password mismatch, it chains to next passdb.
BTW: Dovecot also caches passwords, maybe you are hit by it?
- --
In the logs I am seeing
dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133):
pass search: base=dc=ameliaschools,dc=com scope=subtree
filter=((objectClass=posixAccount)(uid=blynch)) fields=uid, userPassword
dovecot: Aug 06 09:08:45 Info: auth(default): ldap(blynch,69.21.103.133):
result: uid(user)=blynch
dovecot: Aug 06 09:08:46 Info: auth(default): client out: FAIL 1
user=blynch temp
and
dovecot: Aug 06 09:08:48 Error: auth(default): ldap(blynch,69.21.103.133):
No password in reply
Re: [Dovecot] How to troubleshoot LDA or LMTP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Aug 2013, John Williams wrote: dovecot-lda -c config-file -d user mailfile Aha! Piping a message to the process was the step I was not aware of. does offlineimap provides logs to get to know what mails are newly arriving to your local mail storage, in order to not filter the same message twice or re-filter messages, you've moved around manually? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUgD3WF3r2wJMiz2NAQLsuggAk+leb2Hyc3F1B5A55gWd3GTuVmIzz2zH GXskHepwo3BgcdKTae6XY/XNP6tMRnG1UsLzq18HcvA8uCGzB3vKo1iM8fVPsHLV 0DDlYOxBUd8HRuCPB++AA41y66lppPUIqF1be1ILPJ56Jd6nEI2e/YB8vlOyagut 4WhsJK8Ruo+biDG++UFYZERFsI7xzvjawdtMGZto9lzYomZUP5Ig5DsXso28Y1by aRHOWzkMZYvNWGj3JDqxy4ePjzsM97QHKtOOmXNiDvyxwDQ3zMsUB+VBEjDq7z0k n491Hp9fCNyZ4SYtQhjSjeO6J4WKpcFxeaPdLvrB3JUH5moCNNDh9Q== =uBA2 -END PGP SIGNATURE-
Re: [Dovecot] Using ldap and pam
On 6.8.2013, at 16.11, Bo Lynch bly...@ameliaschools.com wrote: dovecot: Aug 06 09:08:48 Error: auth(default): ldap(blynch,69.21.103.133): No password in reply LDAP isn't returning a password field. Probably because the dn doesn't have access to that field. Either give it access, or switch to auth_bind=yes
Re: [Dovecot] Expunged message reappeared, giving a new UID
On 6.8.2013, at 15.59, Simon Fraser s...@sanger.ac.uk wrote: Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. I disabled the replication on node b, restarted both, and connected to node a to deliver and read mail, and had the same symptoms. Weird, I was sure that would have worked. Well, maybe rawlogs would show something interesting. I should probably add a proper option for them, but attached a patch to enable for now. Be sure to mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) diff Description: Binary data
Re: [Dovecot] Expunged message reappeared, giving a new UID
On 6.8.2013, at 16.42, Timo Sirainen t...@iki.fi wrote: On 6.8.2013, at 15.59, Simon Fraser s...@sanger.ac.uk wrote: Try disabling replicator plugin from only one side, so there's not possibility of two dsyncs running at the same time. That should be prevented already by locking though. I disabled the replication on node b, restarted both, and connected to node a to deliver and read mail, and had the same symptoms. Weird, I was sure that would have worked. Well, maybe rawlogs would show something interesting. I should probably add a proper option for them, but attached a patch to enable for now. Be sure to mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) Oh and do it on both the servers and send me all the logs from both servers. Hopefully it contains only the one deletion test case and no extra stuff. :) Also, instead of using IMAP client to delete the mail, try something like: doveadm expunge -u user@domain mailbox INBOX subject testmail Because I was thinking that with IMAP it first sets the \Deleted flag, which triggers replication. Then it immediately does EXPUNGE which deletes the mail locally, but I was thinking that now remote dsync also triggered because of the flag change and notices the the mail is gone and puts it back. But locking should have avoided that. Also disabling replication on the remote side should have avoided that.
Re: [Dovecot] Expunged message reappeared, giving a new UID
On 6.8.2013, at 18.58, Simon Fraser s...@sanger.ac.uk wrote: On Tue, 2013-08-06 at 16:45 +0300, Timo Sirainen wrote: Weird, I was sure that would have worked. Well, maybe rawlogs would show something interesting. I should probably add a proper option for them, but attached a patch to enable for now. Be sure to mkdir /tmp/dsync-rawlogs with enough write permissions (e.g. 0777) I've added that patch and I'm getting: Aug 16:18:48 intmail3a dovecot: doveadm: Error: Don't give mail location with -d parameter Aug 6 16:18:48 intmail3a dovecot: doveadm(srf): Error: Saved sync state is invalid, falling back to full sync: Input too small Presumably it's thinking the -r /tmp/dsync-rawlog is a mail location? I've tried changing its location in the appends, but it doesn't make a difference. Oops, I messed up the parameter order. It was supposed to have -s state but now it had -s -r rawlog state. New patch should work better. diff Description: Binary data
Re: [Dovecot] Postfix aliases with quota-status service
* Timo Sirainen t...@iki.fi 2013.08.06 18:15: Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. signature.asc Description: Digital signature
[Dovecot] Please HELP: how to delete all messages older than X days from the server?
Hello, Would you please help me solve the following case? My (CentOS) server runs dovecot and allows both POP3 and IMAP service. Users are virtual users (no home directories), with messages stored in Maildir directories under /var/spool/mail/vhosts/example.com/username Some of them use mobile devices (without local storage space), so I must allow IMAP access, not just POP3. But the storage on the server must be for a strictly *limited* period of time. As an admin, I'm trying to force each user to: - download *locally* received messages when they arrive at the office - don't let copies of messages on the server (incoming, sent, trash, drafts, etc.) For various reasons, e-mail client configuration is not under my control (I can't rely on client configuration for implementing this). Implementing filesystem quotas is not an option because a. presently, all virtual users share same UID/GID on the server and b. administrative reasons (the full quota situation may occur unexpectedly and this is not tolerable in corporate policy). So I need EITHER: 1. a method of downloading locally *all* messages from the server (incoming, sent, trash, drafts, etc.) to the workstation, when the user consults his/her mailbox from a POP3 desktop client, thus completely *emptying* the user's mailbox on the server OR 2. an automatic, elegant but forceful method of deleting all messages older than X days (incoming, sent, trash, drafts, etc.) I've tried to use a line such as: doveadm expunge -u john@example.com before 4w run as root, from a script in crontab, but for expunge doveadm won't let me skip the -u parameter (to perform the expunge for *all* users). Could you please help? Any sugestion is welcomed. Thanks a lot, Răzvan attachment: razvan_sandu.vcf
Re: [Dovecot] Unlock non existent locks
On Mon, Aug 05, 2013 at 07:38:59PM +0300, Timo Sirainen wrote: The NFS workarounds code is doing some ugly stuff. I thought it would have, but looking at the code it doesn't seem so. But still easier to debug if you first see if the problem is with the NFS workarounds or the lib-index code. With lib-index you could also use lock_method=dotlock to see if that works better (although performance will be slightly worse also then). I just tested mail_nfs_storage and mail_nfs_index both set to no : log messages are still here. They only stop when I stop dovecot. Note : The nfs mount is made through a private network (192.168.3.x). My simple fcntl unlock test, when the isilon mount is made through the same private network behave as dovecot (i.e. make the node log warning about non-existent ressource to unlock), but not when the mount is made through the public network (157.99.x.x). Even when dovecot is down and statd/lockd restarted. I thought about some reverse name lookups but I don't think this is the problem. Something very strange is happening, not matter what nfs workarounds dovecot is making. But it seems to involve this host and only this host... -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Groupe Exploitation et Infrastructure
Re: [Dovecot] Please HELP: how to delete all messages older than X days from the server?
On 08/06/2013 06:31 PM Răzvan Sandu wrote: … Implementing filesystem quotas is not an option because a. presently, all virtual users share same UID/GID on the server and b. administrative reasons (the full quota situation may occur unexpectedly and this is not tolerable in corporate policy). Use Dovecot's quota plugin - which supports different backends. Each user may have a different quota limit. * http://wiki2.dovecot.org/Quota So I need EITHER: 1. a method of downloading locally *all* messages from the server (incoming, sent, trash, drafts, etc.) to the workstation, when the user consults his/her mailbox from a POP3 desktop client, thus completely *emptying* the user's mailbox on the server Usually only the INBOX is visible via POP3 … OR 2. an automatic, elegant but forceful method of deleting all messages older than X days (incoming, sent, trash, drafts, etc.) There is the expire plugin for Dovecot. * http://wiki2.dovecot.org/Plugins/Expire I've tried to use a line such as: doveadm expunge -u john@example.com before 4w run as root, from a script in crontab, but for expunge doveadm won't let me skip the -u parameter (to perform the expunge for *all* users). Could you please help? Any sugestion is welcomed. There is also the -A option, see http://wiki2.dovecot.org/Tools/Doveadm/Expunge#section_options Regards, Pascal -- The trapper recommends today: cafebabe.1321...@localdomain.org
Re: [Dovecot] Postfix aliases with quota-status service
On 6.8.2013, at 19.25, Thomas Leuxner t...@leuxner.net wrote: * Timo Sirainen t...@iki.fi 2013.08.06 18:15: Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed.
Re: [Dovecot] Postfix aliases with quota-status service
* Timo Sirainen t...@iki.fi 2013.08.06 19:42: The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On 6.8.2013, at 20.57, Thomas Leuxner t...@leuxner.net wrote: * Timo Sirainen t...@iki.fi 2013.08.06 19:42: The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: 1) quota at 99% : MAIL FROM:sen...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 250 2.1.0 Ok DATA ... . 250 2.0.0 Ok: queued as 12345 2) quota is now at 103% : MAIL FROM:send...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 554 5.2.2 User is over quota
Re: [Dovecot] v2.2.5 released
am 06.08.13 15:10 schrieb Luigi Rosa li...@luigirosa.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Knuth said the following on 06/08/2013 12:11: Unless I'm wrong, the latest one for Dovecot 2.2: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.1.tar.gz Thanx, Axel. But the question was: Is that the right one? ;) Works like a charm in my installations Ciao, luigi I thank you :) -- Mit freundlichen Grüßen, with kind regards, Jim Knuth - Es hat keinen Sinn, Sorgen in Alkohol ertränken zu wollen, denn Sorgen sind gute Schwimmer. (Robert Musil)
Re: [Dovecot] Postfix aliases with quota-status service
On Tue, Aug 06, 2013 at 09:27:20PM +0300, Timo Sirainen wrote: On 6.8.2013, at 20.57, Thomas Leuxner t...@leuxner.net wrote: * Timo Sirainen t...@iki.fi 2013.08.06 19:42: The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: Another way, in Postfix, is to wait for end-of-DATA. Regardless of SIZE being given, at that point, the actual size is known. Of course as Thomas would probably point out, such a rejection is unsafe, because ANY overquota recipient would cause rejection for EVERY recipient; SMTP cannot have per-recipient results except at RCPT TO:. Personally, I'd much rather allow the last overquota mail, even in cases where the user goes far over the quota. Apparently Thomas intends to have a solid, inflexible quota. In that case I'd suggest going for a lower quota and adding quota_grace. Let quota_grace plus quota be the most you can tolerate in your users' mailboxes. 1) quota at 99% : MAIL FROM:sen...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 250 2.1.0 Ok DATA ... . 250 2.0.0 Ok: queued as 12345 2) quota is now at 103% : MAIL FROM:send...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 554 5.2.2 User is over quota -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: [Dovecot] Postfix aliases with quota-status service
Am 06.08.2013 20:27, schrieb Timo Sirainen: On 6.8.2013, at 20.57, Thomas Leuxner t...@leuxner.net wrote: * Timo Sirainen t...@iki.fi 2013.08.06 19:42: The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: 1) quota at 99% : MAIL FROM:sen...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 250 2.1.0 Ok DATA ... . 250 2.0.0 Ok: queued as 12345 2) quota is now at 103% : MAIL FROM:send...@example.com 250 2.1.0 Ok RCPT TO:t...@dovecot.org 554 5.2.2 User is over quota Thomas is right in general, thats a general problem with mail quota, that was the reason why there wasnt some good solution out for long times, but the dove policy server does i.e reject mail in smtp session if its allready assured that the mailbox is definite ... percent over quota ( configurable by grace parameter ), at that point it does not mater which size the incomming mail has, it will be i.e rejected anyway also it honors ( some kind overides ) other quota setting in i.e lmtp or lda, cause if it wouldnt, a mailbox would never become overquota by rejecting mail before by lmtp/lda settings Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Postfix aliases with quota-status service
* /dev/rob0 r...@gmx.co.uk 2013.08.06 20:49: Personally, I'd much rather allow the last overquota mail, even in cases where the user goes far over the quota. Apparently Thomas intends to have a solid, inflexible quota. The point I'm trying to make is mail being queued by Postfix because it has no means to validate the mail would take the user over quota. In the scenarios I tested with SIZE being part of MAIL FROM the mail gets rejected at SMTPD stage, while without SIZE supplied it will get queued and eventually be rejected by the MDA. AFAIK the whole endeavour was undertaken to avoid queue injection of mails knowing they would bounce. This seems to work when the SMTPD receives enough detail. As to Timo's example: This also seems to work given the quota is *over* the limit incl. grace: $ doveadm quota get -u ph...@trashheap.net Quota name TypeValue Limit % user STORAGE 10914 10240 106 user MESSAGE 5 - 0 Aug 6 20:56:31 spectre postfix/smtpd[27201]: connect from mail-oa0-f44.google.com[209.85.219.44] Aug 6 20:56:32 spectre postfix/smtpd[27201]: Anonymous TLS connection established from mail-oa0-f44.google.com[209.85.219.44]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) Aug 6 20:56:32 spectre postfix/smtpd[27201]: NOQUEUE: reject: RCPT from mail-oa0-f44.google.com[209.85.219.44]: 554 5.2.2 ph...@trashheap.net: Recipient address rejected: Quota exceeded (mailbox for user is full); from=u...@googlemail.com to=ph...@trashheap.net proto=ESMTP helo=mail-oa0-f44.google.com Now everything in between seems to create SMTPD rejections in some cases _or_ queue the mail and let it hit the quota in other cases. That's my whole point... signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
Thomas Leuxner skrev den 2013-08-06 18:25: * Timo Sirainen t...@iki.fi 2013.08.06 18:15: Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. dovecot dict sql qouta, then in postfix smtpd_end_of_data_restricttions check sql qoutas in policy deamons or just simple sql qoury will not solve it ?, correct if sender need to send data first to get sizes it begins to be impraktical since if there is just 1 byte free last sender can still send more then 1 byte, but next sender cant
