[Dovecot] realtime backup with LDA?
Hello everyone, i was reading the dovecot-lda documentation as i'm using LDA as a delivery agent on my current mailserver configuration. I was curious to know if there are some options for having a message to be delivered to a twin mailbox upon delivery. this twin mailbox would work as a backup archive for recovering emails in case the user accidentally deletes them. so if i have a user which is alice i would create a second mailbox named backup_alice or whatever respecting a predictable schema and then every mail delivered to alice would also be delivered to backup_alice. do you know if this can be done? have any example? i was also planning to use shared folders + ACLS to have backup_alice accessible as a read only mailbox directly from the alice imap account. thanks in advance Francesco
[Dovecot] 2.2.12: Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords-refcount 0)
I upgraded 2.1 - 2.2 something like a week ago because I needed INDEXPVT. Not sure if this crash started immediately or not, noticed it today looking at journalctl. Backtrace http://bpaste.net/raw/181944/ and pasted below. This seems to crash on every IMAP connection made, so any ideas for a possible client-level workaround are quite welcome until dovecot code improves here. root@server ~ $ dovecot -n # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.4.54-vs2.3.3.5+pf64 x86_64 Gentoo Base System release 2.2 ext4 hostname = *hidden* listen = 192.168.1.2 log_path = /dev/stderr log_timestamp = mail_gid = mail mail_home = /secure/Maildir/%n mail_location = Maildir:/secure/Maildir/%n mail_plugins = acl mail_privileged_group = mail mail_uid = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/secure/Maildir/%%n:INDEXPVT=/secure/Maildir/%n/shared/%%n prefix = Shared.%%n. separator = . subscriptions = no type = shared } namespace { location = maildir:/secure/Maildir/projekt:INDEX=/secure/Maildir/%n/projekt prefix = Projekt. separator = . subscriptions = no type = public } namespace { location = maildir:/secure/Maildir/rss:INDEX=/secure/Maildir/%n/rss prefix = RSS. separator = . subscriptions = no type = public } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/secure/Maildir/shared-mailboxes.db mail_log_events = mailbox_delete sieve = /secure/Maildir/%n/dovecot-sieve sieve_dir = /secure/Maildir/%n/sieve sieve_global_path = /etc/dovecot/sieve/default.sieve } postmaster_address = postmaster protocols = imap lmtp sieve service auth { unix_listener auth-userdb { mode = 0600 user = mail } user = mail } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = /etc/ssl/server.crt ssl_key = /etc/ssl/server.key userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol lda { mail_plugins = acl sieve acl } protocol imap { mail_max_userip_connections = 20 mail_plugins = acl imap_acl } protocol sieve { managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date } #0 0x7f64da799535 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x7f64da79a9b8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x7f64dab76dc5 in default_fatal_finish (type=optimized out, status=status@entry=0) at failures.c:193 backtrace = 0xae54a8 /usr/lib64/dovecot/libdovecot.so.0(+0x6adcf) [0x7f64dab76dcf] - /usr/lib64/dovecot/libdovecot.so.0(+0x6ae2e) [0x7f64dab76e2e] - /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f64dab30d4e] - /usr... #3 0x7f64dab76e2e in i_internal_fatal_handler (ctx=0x7fffb9d88d00, format=optimized out, args=optimized out) at failures.c:657 status = 0 #4 0x7f64dab30d4e in i_panic (format=format@entry=0x7f64dae79848 file %s: line %d (%s): assertion failed: (%s)) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffb9d88df0, reg_save_area = 0x7fffb9d88d30}} #5 0x7f64dae59fbc in mail_index_keywords_unref (_keywords=optimized out) at mail-index.c:380 keywords = optimized out __FUNCTION__ = mail_index_keywords_unref #6 0x7f64dae22657 in mailbox_copy (_ctx=optimized out, mail=mail@entry=0xbcf260) at mail-storage.c:2140 ctx = 0xbd3a80 t = 0xbcd580 keywords = 0xbd4a50 pvt_flags = 0 real_mail = optimized out ret = -1 __FUNCTION__ = mailbox_copy #7 0x7f64dae2270d in mailbox_move (_ctx=optimized out, mail=0xbcf260) at mail-storage.c:2153 ctx = 0xbd3a80 #8 0x0040e72d in fetch_and_copy (copy_count_r=synthetic pointer, src_uidset_r=synthetic pointer, search_args=optimized out, src_trans_r=0x7fffb9d88e88, t=0xbcd580, move=true, client=0xb0de50) at cmd-copy.c:67 search_ctx = 0xbcefe0
Re: [Dovecot] dsync: possible cosmetic bug
Thus wrote Andrei Dobrotsvetov: Hello Everyone, I use dovecot2-2.2.10, FreeBSD 9.2-RELEASE. Same version and OS like me...:) Replication was set up according to: http://wiki2.dovecot.org/Replication, dsync wrapper script is used. It seems that all is worked as desired, but i see the following into log file: doveadm: Error: dsync-remote(XXX@YYY): Info: save: box=INBOX, ... There were no such log records when i tried replication without wrapper script. Forget the wrapper script on that site, it's needless or broken. Call doveadm dsync-server directly from authorized_keys. But synchronisation works then for you? I'm currently having the problem that dsync doesn't synch anything at all... Greetings, Fabiano
[Dovecot] Quota-Status issue
Following this guide: http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I can't seem to get it to work, as soon as I add the smtpd_recipient_restrictions setting to postfix I can no longer send mail at all. I get the message SMTP Error (450): Failed to add recipient postmas...@example.com (4.7.1 : Recipient address rejected: Internal error occurred. Refer to server log for more information.). I googled around and found this command to test the quota-status service: printf recipient=postmaster at example.com\nsize=1234\n\n | nc 127.0.0.1 12340 It seems to always return the quota_status_nouser message. I'm really stumped here. What logs do I need to check for errors and does anyone have any experience with this? I'm running Dovect 2.2.10 with Postfix 2.6.6 Here's my dovecot -n result: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_grace = 10%% quota_rule = *:storage=1G quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = /etc/pki/tls/certs/iRedMail_CA.pem ssl_key = /etc/pki/tls/private/iRedMail.key userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_plugins = quota imap_quota autocreate } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } For my postfix/main.cf I have this relevant setting: smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:, check_policy_service inet:127.0.0.1:10031, check_policy_service inet:127.0.0.1:12340, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
[Dovecot] Detail improvement: %c variable
Hi, although dovecot is great and almost exactly solving my problems and fitting my requirements, there is an odd detail that causes me problems: The %c variable. (See http://wiki2.dovecot.org/Variables ) I'm managing an IMAP server for an association, which is connected to an LDAP server. Users can connect in three ways: IMAPS from the internet, IMAP from local acccounts, and IMAP through a Web-IMAP interface, which is protected through additional one-time-passwords. The web gateway is intended to be used from untrusted computers as well, so the IMAP password entered through the Web site must not be the same as the password used on IMAPS. I have solved this problem by using %s%c as part of the LDAP user_filter. When people connect over IMAPS, this becomes imapsecured (%s=imap, %c=secured), while an unencrypted connect becomes imap (%s=imap, %c=) Unfortunately, this works only, if the web interface and the IMAP server are located on different (virtual) machines. But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes secured on localhost, even if unencrypted. It causes a lot of trouble and headache. Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost). regards Hadmut
Re: [Dovecot] Detail improvement: %c variable
Am 23.02.2014 23:27, schrieb Hadmut Danisch: But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes secured on localhost, even if unencrypted. It causes a lot of trouble and headache what headache? how do you imagine a man-in-the-middle-attack on 127.0.0.1 Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost) to gain exactly what? frankly for practical usage epect debugging even a fallback to no encryption at all on loopback would be sane and for the sake of reduce useless overhead fine signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Detail improvement: %c variable
On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote: what headache? The one I've described. how do you imagine a man-in-the-middle-attack on 127.0.0.1 You're confusing the different attacks. This has nothing to do with a man-in-the-middle. This is against a passive eavesdropper, e.g. someone watching people entering the password at a web interface, or a keylogger on an unreliable computer. Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost) to gain exactly what? to gain different LDAP filter strings for IMAP requests coming from outside encrypted with SSL/TLS and unencrypted IMAP requests on localhost. frankly for practical usage epect debugging even a fallback to no encryption at all on loopback would be sane and for the sake of reduce useless overhead fine It is never a good idea to lower security in favor of easy debugging. That's why I propose a switch to turn this behaviour on and off. Hadmut
Re: [Dovecot] Detail improvement: %c variable
Am 24.02.2014 00:23, schrieb Hadmut Danisch: On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote: what headache? The one I've described. you described nothing relevant you only talk why 127.0.0.1 is treated as secured well because it is by definition, if you don't trust 127.0.0.1 you have lost the game at all how do you imagine a man-in-the-middle-attack on 127.0.0.1 You're confusing the different attacks. This has nothing to do with a man-in-the-middle. This is against a passive eavesdropper, e.g. someone watching people entering the password at a web interface, or a keylogger on an unreliable computer RTFM - these is *logging* and there it does not make a difference in case of security if it was a encrypted connection or one from LOCALHOST where there is no wire at all between client and server These variables work only in Dovecot-auth and *login_log_format_elements* setting %c secured secured string with SSL, TLS and localhost connections. Otherwise empty. signature.asc Description: OpenPGP digital signature