[Dovecot] FTS solr issue with second private namespace
Hi all, I have just stumbled over an issue with the FTS plugin of dovecot. For our primary namespace, INBOX and its subfolders, searching works without any problems but in a second namespace, which I have created for old/archived mails, searching of the mail text/body does not work. I can see the search request in the tomcat log but no result is created and the mail client (Thunderbird) keeps displaying the serach message without returning any results. Tomcat6 catalina.out: Dez 02, 2013 11:58:00 AM org.apache.solr.core.SolrCore execute INFO: [] webapp=/solr path=/select params={fl=uid,scoresort=uid+ascq=body:schillerfq=%2Bbox:1b4de60d0a6287522d0c4424cda4+%2Buser:testuserrows=2} hits=0 status=0 QTime=1 I am currently using Dovecot 2.2.9 and do not have any special FTS config: mail_plugins = quota mailbox_alias fts fts_solr plugin { fts = solr fts_solr = break-imap-search url=http://localhost:8080/solr/ fts_autoindex = yes } Thank you for your kind help best regards Andreas
[Dovecot] [CANNOT] Mailbox GUIDs are not permanent without index files when trying to delete folder
Hello, Dovecot 2.0.9 on Red Hat Enterprise Linux Server release 6.4 (Santiago) location is set to : mail_location = mbox:~/mail:INBOX=/var/mail/%u:INDEX=MEMORY Index is set to memory due to permissions problems when using disk index. Everything works, even rename folder, but when trying to delete folder, using any mail client, it fails with: [CANNOT] Mailbox GUIDs are not permanent without index files. Why ? Regards,Nissim Etrog
[Dovecot] imap-login hangs after receiving revoked SSL certificate
Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: - ssl = yes ssl_cert = /etc/ssl/dovecot/dovecot.pem ssl_key = /etc/ssl/dovecot/dovecot.pem ssl_ca = /etc/ssl/ca/ca.pem ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes protocol !smtp { auth_ssl_require_client_cert = yes } - All works fine with valid certificates. But if I submit revoked certificate, dovecot doesn't send error or success messages to mail client, process 'imap-login' eats 100% CPU and completely hangs. Only SIGKILL can terminate it. When dovecot receives revoked certificate, following messages appears in the log: -- Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate: certificate revoked: /O=AP inc./OU=Admins/CN=Alexey Prokopchuk/UID=alexpro Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate: Different CRL scope: /CN=AP inc. root certification authority/O=AP inc./C=UA Dec 2 13:50:39 mail last message repeated 17950 times --- If I'm not mistaken, in case of revoked certificate submission, dovecot must simply answer SSL error or permission denied to client and close connection, but according to log, it tries to check certificate again and again and do it in infinite loop. I can't understand for now - I misconfigured something or it's a bug? Thanks for attention, with best regards, Alexey Prokopchuk (AP8686-RIPE)
Re: [Dovecot] Gettings mails recently moved to a folder
Am Donnerstag, 21. November 2013, 17:28:18 schrieb Pascal Volk: On 11/21/2013 11:11 AM Florian Lindner wrote: Hello, some spam training tools learn the same message over and over again. Since I want to use a daily cronjob to train messages and I do not want to have the same messages trained multiple times, I need to way to get new messages in a folder. Is there a (consolish) way to get a list of messages that were recently moved to a folder? dovecot does not modify mtime, according to RFC 3501. Does `doveadm search -u s...@xgm.de mailbox INBOX SAVEDSINCE 2013-11-21` list the wanted messages? For more details see doveadm-search(1) and doveadm-search-query(7). Not really: % doveadm search -u mailingli...@xgm.de mailbox INBOX SAVEDSINCE 2013-11-21 doveadm(mailingli...@xgm.de): Error: user mailingli...@xgm.de: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/flindner/Mail/mailingli...@xgm.de doveadm(mailingli...@xgm.de): Fatal: User init failed Which seems to be another problem. IMAP and POP3 work fine, but on occasions like that dovecot fails to detect that it is a maildir. Problem may be that in my database home and mail location is identical (and there is no way to change that). Is there a way to tell dovecot that every mailbox is a maildir without modifying the database? Thanks, Florian
Re: [Dovecot] Gettings mails recently moved to a folder
On 2013-12-02 9:24 AM, Florian Lindner mailingli...@xgm.de wrote: Problem may be that in my database home and mail location is identical (and there is no way to change that). Is there a way to tell dovecot that every mailbox is a maildir without modifying the database? There are very good reasons why this is broken... And I highly doubt that it *can't* be changed... you just don't want to go through the pain, right? Personally, I think you should rethink this decision, but if you still 'can't, then learn to live with the pain. -- Best regards, */Charles/*
Re: [Dovecot] shared folder - ACL
On 2013-11-28 10:38 AM, Héctor Moreno Blanco hmor...@gmv.com wrote: When I try to set acl to a folder: a02 setacl inbox.test1 user1 lr a02 BAD Error in IMAP command SETACL: ACLs disabled. In the logs, I can see: dovecot: imap(testing_ddfr): Debug: acl: No acl setting - ACLs are disabled What am I missing? This says it is not activated, in spite of what you copy/pasted from some config file. Never rely on copy/paste from configs... *always* check doveconf -n output. This will *prove* what your active config is - and sometimes it isn't what you think it is (especially with some distros that put things in non-standard places... doveconf -n output is now necessary... -- Best regards, */Charles /* Hello Charles, This is my doveconf -n output. # 2.1.6: /usr/local/dovecot/etc/dovecot/dovecot.conf auth_cache_size = 500 k auth_cache_ttl = 1000 secs disable_plaintext_auth = no first_valid_uid = 501 lock_method = dotlock mail_debug = yes mail_fsync = always mail_gid = vmail mail_location = maildir:%h/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = quota autocreate mail_log notify acl mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mmap_disable = yes namespace { inbox = yes location = prefix = separator = . type = private } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . type = private } namespace { location = maildir:%h/Maildir/_backup prefix = _backup. separator = . type = private } namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared.%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl_anyone = allow acl_shared_dict = file:/etc/dovecot/shared-mailboxes.db autocreate = Spam autosubscribe = Spam mail_log_events = delete expunge copy mailbox_delete mailbox_rename quota = maildir:_backup:ns= quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u sieve = %h/.dovecot.sieve sieve_dir = %h/sieve sieve_extensions = +imapflags +notify } protocols = imap pop3 sieve service anvil { client_limit = 5000 } service auth { client_limit = 9000 unix_listener auth-master { group = vmail mode = 0700 user = vmail } user = root vsz_limit = 1 G } service imap-login { executable = /usr/local/dovecot/libexec/dovecot/imap-login inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } process_limit = 2048 process_min_avail = 20 service_count = 0 user = vmail } service imap { executable = /usr/local/dovecot/libexec/dovecot/imap process_limit = 2048 } service managesieve-login { executable = /usr/local/dovecot/libexec/dovecot/managesieve-login inet_listener sieve { address = * port = 4190 } inet_listener sieve_deprecated { address = * port = 12000 } user = vmail } service managesieve { executable = /usr/local/dovecot/libexec/dovecot/managesieve } service pop3-login { executable = /usr/local/dovecot/libexec/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 } process_limit = 2048 process_min_avail = 20 service_count = 0 user = vmail } service pop3 { executable = /usr/local/dovecot/libexec/dovecot/pop3 process_limit = 2048 } service quota-warning { executable = script /usr/local/dovecot/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0700 user = vmail } } ssl_ca = /etc/ssl/correo.es.ca-bundle ssl_cert = /etc/ssl/correo.crt ssl_key = /etc/ssl/correo.pem ssl_verify_client_cert = yes syslog_facility = local3 userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } valid_chroot_dirs = /buzones/ protocol imap { imap_client_workarounds = mail_plugin_dir = /usr/local/dovecot/lib/dovecot mail_plugins = quota autocreate mail_log notify acl imap_quota imap_acl } protocol pop3 { mail_plugin_dir = /usr/local/dovecot/lib/dovecot mail_plugins = quota autocreate mail_log notify acl pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /usr/local/dovecot/var/run/dovecot/auth-master hostname = buzon3.csic.es mail_plugin_dir = /usr/local/dovecot/lib/dovecot mail_plugins = quota autocreate mail_log notify acl sieve postmaster_address = postmaster@.es quota_full_tempfail = no rejection_reason = Su mensaje para %t fue rechazado automaticamente por nuestro sistema :%n%r rejection_subject = Rechazado: %s sendmail_path = /usr/sbin/exim } protocol sieve {
[Dovecot] Dove LDA vs Exim LDA
Hello All, I have built up my email server with exim + dovecot + clamv/spamassasin. I am using exim as LDA(local delivery agent). I was reading about using dovecot as LDA but I couldn't find why should I use it? Now, I am looking expert advice on Why should I use dovecot LDA ? Is there any benefit in terms of functionality or performance ? Any advice/suggestion/feedbacks welcome. Thanks Shantanu
Re: [Dovecot] Dove LDA vs Exim LDA
On 2013-12-02 10:56 AM, Kumar Shantanu shant...@techblue.co.uk wrote: Now, I am looking expert advice on Why should I use dovecot LDA ? Is there any benefit in terms of functionality or performance ? Any advice/suggestion/feedbacks welcome. Did you bother to read the wiki? http://wiki2.dovecot.org/LDA/ It spells out the benefits pretty well... -- Best regards, */Charles/*
Re: [Dovecot] Dove LDA vs Exim LDA
Am 02.12.2013 16:56, schrieb Kumar Shantanu: Hello All, I have built up my email server with exim + dovecot + clamv/spamassasin. I am using exim as LDA(local delivery agent). I was reading about using dovecot as LDA but I couldn't find why should I use it? Now, I am looking expert advice on Why should I use dovecot LDA ? Is there any benefit in terms of functionality or performance ? Any advice/suggestion/feedbacks welcome. Thanks Shantanu i guess the difference is not dove vs exim lda ( dont know this ), its more about using dove lmtp vs lda ,lmtp should perform better then any lda, search the list archive about it Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] imap-login hangs after receiving revoked SSL certificate
On 2.12.2013, at 15.41, Алексей Прокопчук alex...@homelan.lg.ua wrote: I use dovecot-2.1.16 on Gentoo Linux amd64. All works fine with valid certificates. But if I submit revoked certificate, dovecot doesn't send error or success messages to mail client, process 'imap-login' eats 100% CPU and completely hangs. Only SIGKILL can terminate it. When dovecot receives revoked certificate, following messages appears in the log: -- Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate: certificate revoked: /O=AP inc./OU=Admins/CN=Alexey Prokopchuk/UID=alexpro Dec 2 13:50:26 mail dovecot: imap-login: Invalid certificate: Different CRL scope: /CN=AP inc. root certification authority/O=AP inc./C=UA Dec 2 13:50:39 mail last message repeated 17950 times --- What OpenSSL version are you using? This looks like the same issue: http://rt.openssl.org/Ticket/Display.html?id=3090user=guestpass=guest Where the fix is in: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4b26645c1a71cf9ce489e4f79fc836760b670ffe Not sure if Dovecot should be doing something different here, or maybe working around that bug. I think Postfix has the same problem.
Re: [Dovecot] Gettings mails recently moved to a folder
Am Montag, 2. Dezember 2013, 09:29:54 schrieb Charles Marcus: On 2013-12-02 9:24 AM, Florian Lindner mailingli...@xgm.de wrote: Problem may be that in my database home and mail location is identical (and there is no way to change that). Is there a way to tell dovecot that every mailbox is a maildir without modifying the database? There are very good reasons why this is broken... And I highly doubt that it *can't* be changed... you just don't want to go through the pain, right? Personally, I think you should rethink this decision, but if you still 'can't, then learn to live with the pain. Actually I don't really understand why that is so strictly enforced as a number of dovecot tools (deliver, doveadm) refuse to work while imap is working perfectly without any additional settings or workarounds. My maildir show a number of folders like .*, the usual cur, new, tmp and the dovecot* files. I don't see any possible name clash there, even without stat'ing the entries to test if it's a directory. I just need to disable the mail storage autodetection and set it always maildir. Prefixing the database entry for the mail field with maildir: changes nothing. I've read the warnings about having mail == home but honestly I don't understand. Sorry if I miss the point here, but I'm eager to learn. Kind Regards, Florian
Re: [Dovecot] Gettings mails recently moved to a folder
On 2013-12-02 12:24 PM, Florian Lindner mailingli...@xgm.de wrote: I've read the warnings about having mail == home but honestly I don't understand. Sorry if I miss the point here, but I'm eager to learn. Sorry, I don't understand the gory details of the 'why' myself beyond the obvious - when you tell dovecot where the mail_location is, it expects there to *only* *be* *mail* there. Expecting dovecot to handle every possible circumstance of other possible files that someone might decide to dump in there is unreasonable. Not to mention the possibility of some other software messing with dovecots files. It simply is a really, really bad idea to use a directory that the user has direct access to for their mail location. You don't put postfix's spool directory in home do you? -- Best regards, */Charles/*
[Dovecot] backup mdbox best strategy
Hello, i have to backup (tape library) a mailsystem with about 300.000 Mailboxes on 2 backends. Summary of all mailboxes are 2 TByte. The mailstore is mdbox. Is it save to do a simple filesystem backup (full and incremental) with backupsoftware? What is the prefered strategy to do a backup for desaster recovery (mailsystem crash) and restoring single usermailboxes? Regards, Claus
Re: [Dovecot] Dove LDA vs Exim LDA
** Kumar Shantanu shant...@techblue.co.uk [2013-12-02 15:58]: I have built up my email server with exim + dovecot + clamv/spamassasin. I am using exim as LDA(local delivery agent). I was reading about using dovecot as LDA but I couldn't find why should I use it? Now, I am looking expert advice on Why should I use dovecot LDA ? Is there any benefit in terms of functionality or performance ? Any advice/suggestion/feedbacks welcome. ** end quote [Kumar Shantanu] The main reason I switched was so that I could move from procmail to seive, which is much nicer to configure. As an aside it also fixed an annoyance I had where, with my virtual domain/user setup, a directory was created for each email address that had mail sent to it (which resulted in a collection of directories for random junk spam addresses). At the time I hadn't investigated a fix, and the upgrade to Dovecot 2, with Dovecot as the LDA managing the virtual users fixed this as a side issue :) -- Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/ | 023 9238 0001 = Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
Re: [Dovecot] Dove LDA vs Exim LDA
The main reason I switched was so that I could move from procmail to seive, I am curious if you investigated Exim's sieve script support. Was there some problem you saw with it, or you just didn't look into it?
Re: [Dovecot] Gettings mails recently moved to a folder
Charles Marcus skrev den 2013-12-02 18:44: You don't put postfix's spool directory in home do you? that was unfait i think OP confuse ~ dovecot with HOME env variable, not neaseserly in /home/vmail just remember if useradd vmail make it not share groups with login users should keep it safe to use /home path
Re: [Dovecot] Gettings mails recently moved to a folder
On 2.12.2013, at 16.24, Florian Lindner mailingli...@xgm.de wrote: doveadm(mailingli...@xgm.de): Error: user mailingli...@xgm.de: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/flindner/Mail/mailingli...@xgm.de doveadm(mailingli...@xgm.de): Fatal: User init failed Which seems to be another problem. IMAP and POP3 work fine, but on occasions like that dovecot fails to detect that it is a maildir. If something works fine for imap and pop3, but not for doveadm (for the same user), then the difference is that imap/pop3 sees different settings (e.g. in protocol imap {}).
Re: [Dovecot] Full text search improvements
how [FTS indexing] could be improved for everyone in future For sites which set client_limit 1 it would help performance not to stall for INDEXER_WAIT_MSECS when polling the indexer for input. Currently dovecot unwinds back out to the main command loop repeatedly to allow other clients to use the process but it also stalls the whole process for INDEXER_WAIT_MSECS every time it finds no input from the indexer, which hurts responsiveness for those other clients. This can be avoided by removing the client's I/O from the main ioloop and adding the indexer's instead, or perhaps by leveraging CLIENT_COMMAND_STATE_WAIT_EXTERNAL. Third-party FTS implementations may benefit from having the NOT/AND/OR seq_range_array merging logic in squat_lookup_arg() generalized and made available to all. It would also be helpful if FTS expunge were asynchronous, but this is not critical.
Re: [Dovecot] backup mdbox best strategy
Am 02.12.2013 18:47, schrieb Claus: Hello, i have to backup (tape library) a mailsystem with about 300.000 Mailboxes on 2 backends. Summary of all mailboxes are 2 TByte. The mailstore is mdbox. Is it save to do a simple filesystem backup (full and incremental) with backupsoftware? hm i wouldnt do that with mdbox, cause it does strongly depends to index, but if you use dsync you could convert to maildir at backup, maildir should be fine to store on tape, but with 2 TB this is only good for total desaster archive, i guess it would take long time to restore specially single mailboxes in acceptable time, from tape Better use cheap sata storage raids for frequent backups, and do tape snapshots sometimes. What is the prefered strategy to do a backup for desaster recovery (mailsystem crash) and restoring single usermailboxes? dsync should do fine http://wiki2.dovecot.org/Tools/Dsync but there is no universal answer to this, perhaps filesystem snapshots strategy might better, it depened on your general setup , filesystems , mailstore etc. wait for others report their solutions, and find the one fits best at your place Regards, Claus Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Full text search improvements
On 2.12.2013, at 20.50, Mike Abbott michael.abb...@apple.com wrote: how [FTS indexing] could be improved for everyone in future For sites which set client_limit 1 it would help performance not to stall for INDEXER_WAIT_MSECS when polling the indexer for input. Currently dovecot unwinds back out to the main command loop repeatedly to allow other clients to use the process but it also stalls the whole process for INDEXER_WAIT_MSECS every time it finds no input from the indexer, which hurts responsiveness for those other clients. This can be avoided by removing the client's I/O from the main ioloop and adding the indexer's instead, or perhaps by leveraging CLIENT_COMMAND_STATE_WAIT_EXTERNAL. Gets a bit tricky to implement, at least without changing the lib-storage API. I did have some plans for this earlier where lib-storage could call some callback when there is more data available for search/fetch/mailbox_open/etc functions. Currently I’m thinking that most of the reasons for client_limit1 can be avoided just by moving IMAP IDLE connections to a separate imap-idle process where they wait until they have more work to do. Do you think that would work for you also?
Re: [Dovecot] Full text search improvements
On 12/02/2013 02:41 PM, Timo Sirainen wrote: Currently I’m thinking that most of the reasons for client_limit1 can be avoided just by moving IMAP IDLE connections to a separate imap-idle process where they wait until they have more work to do. Do you think that would work for you also? I was exactly thinking about the same thing.. I wanted to request this feature but I guess I was too shy to write about it :D I think a special IDLE process would be a wonderful idea. I find that otherwise client_limit1 doesn't really work. It gets especially annoying when a client with a large mailbox makes a process grow and it doesn't shrink back, is there some insight about that? And, after service_count is maxed out, you end up having lots of processes waiting for the last 1 or 2 IDLEing clients to quit, so your total number of processes is really much larger than total connections / client_limit.
Re: [Dovecot] Dove LDA vs Exim LDA
** WJCarpenter bill-dove...@carpenter.org [2013-12-02 18:04]: The main reason I switched was so that I could move from procmail to seive, I am curious if you investigated Exim's sieve script support. Was there some problem you saw with it, or you just didn't look into it? ** end quote [WJCarpenter] Good question, and it is a while ago so I can't completely remember. I think it may well have come down to documentation, there seems to be more easy to use stuff out there for the Dovecot implementation (even with Exim). There's tons of in detail stuff on Exim (I know I host a mirror), but it can be a little too in depth sometimes! -- Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/ | 023 9238 0001 = Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
[Dovecot] dovecot.index-Errors with multiple IMAP client access in Dovecot 2.2
Hello list, I hope you can help me! My self-compiled dovecot 2.2.6 (and the two minor versions before, too) throws that errors: Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error: Transaction log /srv/vmail/example.com/martin/Maildir/dovecot.index.log: duplicate transaction log sequence (25) Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error: /srv/vmail/example.com/martin/Maildir/dovecot.index log position went backwards (24,40 25,10028) ... and so on ... duplicate transaction log sequences and backwards gone log positions, and this always, when I use at least two IMAP clients at the same time (better: the two clients are online and logged in at the same time). That happens only with one user (me ;-) ), the other about 15 users on this server are having no problems. What I see: the clients are bothering each other, but I don't know, why. I thought about the used reiserfs filesystem on the server, but there were no problems with 1.2 on the same server. Some words about my client setup: I use Thunderbird and iPhone at the same time, and as a third client on the same Server there is a Thunderbird instance at my company, which runs parallel to the other two. Seems to be weired, but isn't really (IMHO ;-) ). Sometimes there are two TBs at the same mailbox, sometimes only the iPhone and a TB, sometimes all three. This runs quite good for long time with dovecot 1.2 and 2.1.x (the last one at my company in a similary setup with more users and several clients at the same time). Maybe there is an error by using my build configurations (I think, not)? configures --- ./configure \ --prefix=/usr/local \ --with-sql \ --with-ssl \ --with-mysql --- Here are my dovecot.conf (only the changes of defaults) - maybe there is a misconfiguration? dovecot.conf - # 2.2.6: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab101.1 x86_64 Ubuntu 10.04.4 LTS reiserfs auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /usr/local/var/run/dovecot/auth-master default_internal_user = vmail default_login_user = vmail dict { acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext } disable_plaintext_auth = no imap_capability = +NAMESPACE imap_client_workarounds = delay-newmail tb-lsub-flags tb-lsub-flags tb-extra-mailbox-sep listen = * log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = user=%u method=%m rip=%r lip=%l %c mail_access_groups = vmail mail_location = maildir:/srv/vmail/%d/%n/Maildir mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify namespace { list = yes location = maildir:%%Lh/Maildir/:INDEX=%%Lh/shared-idx/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = no list = yes location = maildir:/srv/vmail/public prefix = public/ separator = / subscriptions = no type = public } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Sent Messages { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::acl autocreate = Trash autocreate2 = Spam autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Sent autosubscribe4 = Drafts sieve = ~/.dovecot.sieve sieve_after = /srv/vmail/sieve/after.sieve sieve_before = /srv/vmail/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /srv/vmail/sieve sieve_global_path = /srv/vmail/sieve/globalsieverc } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster@%d protocols = imap pop3 quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user =
Re: [Dovecot] Full text search improvements
Do you think [moving IMAP IDLE connections to a separate imap-idle process] would work for you also? Probably. It always depends on the details. Forking a new imap process every time there's a little input to read or output to send might perform poorly under load. Having a pool of ready imap processes could help that, when the configuration permits (e.g. all mail owned by one uid). It would be interesting to compare client_limit 1 vs. an idle connection aggregator. What's so evil about client_limit 1 besides requiring one uid, the indexer polling I mentioned, and broken fcntl-style file locks? Or is that enough?
Re: [Dovecot] Full text search improvements
On 3.12.2013, at 0.09, Mike Abbott michael.abb...@apple.com wrote: Do you think [moving IMAP IDLE connections to a separate imap-idle process] would work for you also? Probably. It always depends on the details. Forking a new imap process every time there's a little input to read or output to send might perform poorly under load. Having a pool of ready imap processes could help that, when the configuration permits (e.g. all mail owned by one uid). It would be interesting to compare client_limit 1 vs. an idle connection aggregator. I was thinking that you’d have a pool of imap processes waiting and being reused. Some state would be transferred between the imap-idle and imap processes. And it could work also for non-IDLEing idling connections. Then there needs to be some kind of a good balance of figuring out when to move connection to imap-idle to maximize the amount of time it’s there but also to minimize unnecessary CPU-wasting transfers.. Oh, and this would be possible also with multiple UIDs (although imap-idle might have to run as root then). What's so evil about client_limit 1 besides requiring one uid, the indexer polling I mentioned, and broken fcntl-style file locks? Or is that enough? Mainly that there are so many possible reasons for why imap process might block. It’s not possible to make all of them asynchronous. I guess getting rid of the longest waits could help, but I still wouldn’t dare to run that in production.
Re: [Dovecot] imap-login hangs after receiving revoked SSL certificate
Hello again. 02.12.2013 18:19, Timo Sirainen пишет: What OpenSSL version are you using? This looks like the same issue: http://rt.openssl.org/Ticket/Display.html?id=3090user=guestpass=guest Where the fix is in: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4b26645c1a71cf9ce489e4f79fc836760b670ffe Not sure if Dovecot should be doing something different here, or maybe working around that bug. I think Postfix has the same problem. I used openssl version 1.0.1c when wrote first message. Following your advice, I tried to apply patch from fix above on openssl-1.0.1e Now no hangs but dovecot assumes any user certificate as invalid. And very interesting. First dovecot reports that certificate is invalid, and immediately thereafter reports that same certificate is valid. And finally reports client sent an invalid cert. I have own test CA based on EJBCA. Server and all client certificates which I tried to test were issued by this CA. Freshest CRL is embedded into ca.pem file which used as ca certificate in dovecot.conf. Here is the log: -- Dec 3 00:10:25 mail dovecot: imap-login: Invalid certificate: Different CRL scope: /CN=AP inc. root certification authority/O=AP inc./C=UA Dec 3 00:10:25 mail dovecot: imap-login: Invalid certificate: unable to get certificate CRL: /CN=AP inc. root certification authority/O=AP inc./C=UA Dec 3 00:10:25 mail dovecot: imap-login: Valid certificate: /CN=AP inc. root certification authority/O=AP inc./C=UA Dec 3 00:10:25 mail dovecot: imap-login: Valid certificate: /O=AP inc./OU=Admins/CN=Alexey Prokopchuk/UID=alexpro Dec 3 00:10:25 mail dovecot: imap-login: Disconnected (client sent an invalid cert): user=, method=PLAIN, rip=192.168.200.55, lip=192.168.200.1, TLS, session=K6FgcpTsAgDAqMg3 -- Now I'm quite confused: apache works with these certificates as expected: accepts valid and refuses revoked. But with dovecot which yesterday accepts at least one certificate (which I revoked for testing) today rejects all others from same CA. Thanks for attention, with best regards, Alexey Prokopchuk (AP8686-RIPE)