[Dovecot] realtime backup with LDA?
Hello everyone, i was reading the dovecot-lda documentation as i'm using LDA as a delivery agent on my current mailserver configuration. I was curious to know if there are some options for having a message to be delivered to a twin mailbox upon delivery. this twin mailbox would work as a backup archive for recovering emails in case the user accidentally deletes them. so if i have a user which is alice i would create a second mailbox named backup_alice or whatever respecting a predictable schema and then every mail delivered to alice would also be delivered to backup_alice. do you know if this can be done? have any example? i was also planning to use shared folders + ACLS to have backup_alice accessible as a read only mailbox directly from the alice imap account. thanks in advance Francesco
[Dovecot] 2.2.12: Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords-refcount 0)
I upgraded 2.1 - 2.2 something like a week ago because I needed
INDEXPVT. Not sure if this crash started immediately or not, noticed it
today looking at journalctl.
Backtrace http://bpaste.net/raw/181944/ and pasted below.
This seems to crash on every IMAP connection made, so any ideas for a
possible client-level workaround are quite welcome until dovecot code
improves here.
root@server ~ $ dovecot -n
# 2.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.54-vs2.3.3.5+pf64 x86_64 Gentoo Base System release 2.2 ext4
hostname = *hidden*
listen = 192.168.1.2
log_path = /dev/stderr
log_timestamp =
mail_gid = mail
mail_home = /secure/Maildir/%n
mail_location = Maildir:/secure/Maildir/%n
mail_plugins = acl
mail_privileged_group = mail
mail_uid = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
list = children
location =
maildir:/secure/Maildir/%%n:INDEXPVT=/secure/Maildir/%n/shared/%%n
prefix = Shared.%%n.
separator = .
subscriptions = no
type = shared
}
namespace {
location =
maildir:/secure/Maildir/projekt:INDEX=/secure/Maildir/%n/projekt
prefix = Projekt.
separator = .
subscriptions = no
type = public
}
namespace {
location = maildir:/secure/Maildir/rss:INDEX=/secure/Maildir/%n/rss
prefix = RSS.
separator = .
subscriptions = no
type = public
}
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = .
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/secure/Maildir/shared-mailboxes.db
mail_log_events = mailbox_delete
sieve = /secure/Maildir/%n/dovecot-sieve
sieve_dir = /secure/Maildir/%n/sieve
sieve_global_path = /etc/dovecot/sieve/default.sieve
}
postmaster_address = postmaster
protocols = imap lmtp sieve
service auth {
unix_listener auth-userdb {
mode = 0600
user = mail
}
user = mail
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = /etc/ssl/server.crt
ssl_key = /etc/ssl/server.key
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
mail_plugins = acl sieve acl
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = acl imap_acl
}
protocol sieve {
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
}
#0 0x7f64da799535 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x7f64da79a9b8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x7f64dab76dc5 in default_fatal_finish (type=optimized out,
status=status@entry=0) at failures.c:193
backtrace = 0xae54a8
/usr/lib64/dovecot/libdovecot.so.0(+0x6adcf) [0x7f64dab76dcf] -
/usr/lib64/dovecot/libdovecot.so.0(+0x6ae2e) [0x7f64dab76e2e] -
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f64dab30d4e] - /usr...
#3 0x7f64dab76e2e in i_internal_fatal_handler (ctx=0x7fffb9d88d00,
format=optimized out, args=optimized out) at failures.c:657
status = 0
#4 0x7f64dab30d4e in i_panic (format=format@entry=0x7f64dae79848
file %s: line %d (%s): assertion failed: (%s)) at failures.c:267
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffb9d88df0, reg_save_area = 0x7fffb9d88d30}}
#5 0x7f64dae59fbc in mail_index_keywords_unref
(_keywords=optimized out) at mail-index.c:380
keywords = optimized out
__FUNCTION__ = mail_index_keywords_unref
#6 0x7f64dae22657 in mailbox_copy (_ctx=optimized out,
mail=mail@entry=0xbcf260) at mail-storage.c:2140
ctx = 0xbd3a80
t = 0xbcd580
keywords = 0xbd4a50
pvt_flags = 0
real_mail = optimized out
ret = -1
__FUNCTION__ = mailbox_copy
#7 0x7f64dae2270d in mailbox_move (_ctx=optimized out,
mail=0xbcf260) at mail-storage.c:2153
ctx = 0xbd3a80
#8 0x0040e72d in fetch_and_copy (copy_count_r=synthetic
pointer, src_uidset_r=synthetic pointer, search_args=optimized out,
src_trans_r=0x7fffb9d88e88, t=0xbcd580, move=true, client=0xb0de50) at
cmd-copy.c:67
search_ctx = 0xbcefe0
Re: [Dovecot] dsync: possible cosmetic bug
Thus wrote Andrei Dobrotsvetov: Hello Everyone, I use dovecot2-2.2.10, FreeBSD 9.2-RELEASE. Same version and OS like me...:) Replication was set up according to: http://wiki2.dovecot.org/Replication, dsync wrapper script is used. It seems that all is worked as desired, but i see the following into log file: doveadm: Error: dsync-remote(XXX@YYY): Info: save: box=INBOX, ... There were no such log records when i tried replication without wrapper script. Forget the wrapper script on that site, it's needless or broken. Call doveadm dsync-server directly from authorized_keys. But synchronisation works then for you? I'm currently having the problem that dsync doesn't synch anything at all... Greetings, Fabiano
[Dovecot] Quota-Status issue
Following this guide:
http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I can't
seem to get it to work, as soon as I add the smtpd_recipient_restrictions
setting to postfix I can no longer send mail at all. I get the message SMTP
Error (450): Failed to add recipient postmas...@example.com (4.7.1 :
Recipient address rejected: Internal error occurred. Refer to server log
for more information.). I googled around and found this command to test the
quota-status service: printf recipient=postmaster at
example.com\nsize=1234\n\n
| nc 127.0.0.1 12340
It seems to always return the quota_status_nouser message. I'm really
stumped here. What logs do I need to check for errors and does anyone have
any experience with this?
I'm running Dovect 2.2.10 with Postfix 2.6.6
Here's my dovecot -n result:
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
acl = mysql:/etc/dovecot/dovecot-share-folder.conf
quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
first_valid_uid = 2000
last_valid_uid = 2000
listen = *
log_path = /var/log/dovecot.log
mail_gid = 2000
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_plugins = quota
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location =
prefix =
separator = /
type = private
}
namespace {
list = children
location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
prefix = Shared/%%u/
separator = /
subscriptions = yes
type = shared
}
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-master-users-password
driver = passwd-file
master = yes
}
plugin {
acl = vfile
acl_shared_dict = proxy::acl
auth_socket_path = /var/run/dovecot/auth-master
autocreate = INBOX
autocreate2 = Sent
autocreate3 = Trash
autocreate4 = Drafts
autocreate5 = Junk
autosubscribe = INBOX
autosubscribe2 = Sent
autosubscribe3 = Trash
autosubscribe4 = Drafts
autosubscribe5 = Junk
quota = dict:user::proxy::quotadict
quota_grace = 10%%
quota_rule = *:storage=1G
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=85%% quota-warning 85 %u
quota_warning2 = storage=90%% quota-warning 90 %u
quota_warning3 = storage=95%% quota-warning 95 %u
sieve = /%Lh/sieve/dovecot.sieve
sieve_dir = /%Lh/sieve
sieve_global_dir = /var/vmail/sieve
sieve_global_path = /var/vmail/sieve/dovecot.sieve
}
protocols = pop3 imap sieve
service auth {
unix_listener /var/spool/postfix/dovecot-auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
process_limit = 500
service_count = 1
}
service pop3-login {
service_count = 1
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/dovecot-quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
ssl = required
ssl_cert = /etc/pki/tls/certs/iRedMail_CA.pem
ssl_key = /etc/pki/tls/private/iRedMail.key
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
lda_mailbox_autocreate = yes
log_path = /var/log/sieve.log
mail_plugins = quota sieve autocreate
postmaster_address = root
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
For my postfix/main.cf I have this relevant setting:
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service
inet:127.0.0.1:, check_policy_service inet:127.0.0.1:10031,
check_policy_service inet:127.0.0.1:12340, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
[Dovecot] Detail improvement: %c variable
Hi, although dovecot is great and almost exactly solving my problems and fitting my requirements, there is an odd detail that causes me problems: The %c variable. (See http://wiki2.dovecot.org/Variables ) I'm managing an IMAP server for an association, which is connected to an LDAP server. Users can connect in three ways: IMAPS from the internet, IMAP from local acccounts, and IMAP through a Web-IMAP interface, which is protected through additional one-time-passwords. The web gateway is intended to be used from untrusted computers as well, so the IMAP password entered through the Web site must not be the same as the password used on IMAPS. I have solved this problem by using %s%c as part of the LDAP user_filter. When people connect over IMAPS, this becomes imapsecured (%s=imap, %c=secured), while an unencrypted connect becomes imap (%s=imap, %c=) Unfortunately, this works only, if the web interface and the IMAP server are located on different (virtual) machines. But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes secured on localhost, even if unencrypted. It causes a lot of trouble and headache. Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost). regards Hadmut
Re: [Dovecot] Detail improvement: %c variable
Am 23.02.2014 23:27, schrieb Hadmut Danisch: But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes secured on localhost, even if unencrypted. It causes a lot of trouble and headache what headache? how do you imagine a man-in-the-middle-attack on 127.0.0.1 Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost) to gain exactly what? frankly for practical usage epect debugging even a fallback to no encryption at all on loopback would be sane and for the sake of reduce useless overhead fine signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Detail improvement: %c variable
On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote: what headache? The one I've described. how do you imagine a man-in-the-middle-attack on 127.0.0.1 You're confusing the different attacks. This has nothing to do with a man-in-the-middle. This is against a passive eavesdropper, e.g. someone watching people entering the password at a web interface, or a keylogger on an unreliable computer. Please add a configuration variable to configure, whether %c should become secured for unencrypted traffic on the loopback device (localhost) to gain exactly what? to gain different LDAP filter strings for IMAP requests coming from outside encrypted with SSL/TLS and unencrypted IMAP requests on localhost. frankly for practical usage epect debugging even a fallback to no encryption at all on loopback would be sane and for the sake of reduce useless overhead fine It is never a good idea to lower security in favor of easy debugging. That's why I propose a switch to turn this behaviour on and off. Hadmut
Re: [Dovecot] Detail improvement: %c variable
Am 24.02.2014 00:23, schrieb Hadmut Danisch: On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote: what headache? The one I've described. you described nothing relevant you only talk why 127.0.0.1 is treated as secured well because it is by definition, if you don't trust 127.0.0.1 you have lost the game at all how do you imagine a man-in-the-middle-attack on 127.0.0.1 You're confusing the different attacks. This has nothing to do with a man-in-the-middle. This is against a passive eavesdropper, e.g. someone watching people entering the password at a web interface, or a keylogger on an unreliable computer RTFM - these is *logging* and there it does not make a difference in case of security if it was a encrypted connection or one from LOCALHOST where there is no wire at all between client and server These variables work only in Dovecot-auth and *login_log_format_elements* setting %c secured secured string with SSL, TLS and localhost connections. Otherwise empty. signature.asc Description: OpenPGP digital signature
