Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 24 Mar 2014, Simon wrote: Hi All, Ive been googling the crap out of this but still cant seem to make it work.. any assistance would be really appreciated thanks! :) On Sun, Mar 16, 2014 at 9:02 PM, Simon grem...@gmail.com wrote: On Thursday, March 13, 2014, Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote: On Thu, 13 Mar 2014, Simon wrote: Ive taken a look at this and cant quite figure out what is going on here. I have tested all the SQL permissions, and also changed the unix_listener auth-userdb mode to 0666 (as instructed elsewhere to try and solve this issue), but cannot seem to work out what the issue is. what happens if you connect to that socket manually, e.g.: # sudo -u lda-user socat - UNIX:/usr/local/dovecot/var/ run/dovecot/auth-userdb VERSION 1 1 SPID1746 Maybe first try as root, then with the partucular users. Thanks for the reply! I tried this as root and got the following: [root@vmail1 ~]# socat - UNIX:/usr/local/dovecot/var/run/dovecot/auth-userdb 2014/03/16 20:57:05 socat[24404] E connect(3, AF=1 /usr/local/dovecot/var/run/dovecot/auth-userdb, 48): Connection refused Seems a bit wierd that I can't connect as root? Actually, Connection refused is not Permission denied, I would say that: a) Dovecot is not running, b) Dovecot is not configured to listen on that socket, c) Dovecot died when you've connect d) SELinux, AppArmor, ... prevent access - but I would expect Permission denied in that cases, too Check: lsof -c dovecot|grep auth-userdb dovecot 12600 root 56u unix 0x88003f94ed00 0t0 48261 /var/run/dovecot2.2/auth-userdb - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUy/oAnD1/YhP6VMHAQLEEQf/TopegsHb+TJ/t7LBr9WUmRDCwsLxCI7P Ctw8FRODVns7pFQZYkdytQ/klKVnxPY8TGXr58FAGJO+vIKAH0h7yCRzhfrIu2cP rBRTqFXubJ6AuqDnspYQu/hA5tr1O0SSDJKQ5e25kbStMMpSCVaHcMVah/KeZZZC sWScIt7BYkGRUPkwQOdbAbQZzmHvCCL6T/e71abK/dOgj3Pxw0kNCtQlvsAxLCdi 5eqymWXV4DNwrdrJtt89cGjCFX4jmFHngUpxE3SWRjQgtnJj5vDr3rnb0sEKwiOd 3OX8iTavRpapMIh83sTg32rs4zqrJZHv2nCWjh071coN8eAeTTX0Nw== =fIM7 -END PGP SIGNATURE-
Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
On 03/24/2014 04:14 AM, Simon wrote: On Sun, Mar 16, 2014 at 9:02 PM, Simon grem...@gmail.com wrote: On Thursday, March 13, 2014, Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Mar 2014, Simon wrote: Ive taken a look at this and cant quite figure out what is going on here. I have tested all the SQL permissions, and also changed the unix_listener auth-userdb mode to 0666 (as instructed elsewhere to try and solve this issue), but cannot seem to work out what the issue is. what happens if you connect to that socket manually, e.g.: # sudo -u lda-user socat - UNIX:/usr/local/dovecot/var/ run/dovecot/auth-userdb VERSION 1 1 SPID1746 Maybe first try as root, then with the partucular users. Thanks for the reply! I tried this as root and got the following: [root@vmail1 ~]# socat - UNIX:/usr/local/dovecot/var/run/dovecot/auth-userdb 2014/03/16 20:57:05 socat[24404] E connect(3, AF=1 /usr/local/dovecot/var/run/dovecot/auth-userdb, 48): Connection refused Seems a bit wierd that I can't connect as root? Hi All, Ive been googling the crap out of this but still cant seem to make it work.. any assistance would be really appreciated thanks! :) Please don't top-post... Some ideas: 1) Show full output of 'doveconf -n' 2) How do permissions of the socket look like? Show full output of 'ls -al /usr/local/dovecot/var/run/dovecot/' 3) Do you use SElinux or some other access control system? Any output in syslog/kernel logging? Tom signature.asc Description: OpenPGP digital signature
[Dovecot] Weird Authentication behaviour
Hi guys,
we use dovecot 2.0.9 and authentication against a mysql database. Everything
works fine, but we found some weird behavior when the password is e.g.
testpass you also authenticate successfully with testpass123 or
testpassNOT. Whatever comes after the correct password doesnt matter, the
authentication is still successful.
Here are the used configs:
// auth-sql.conf.ext
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/data/mail/%d/%n
}
// dovecot-sql.conf.ext
driver = mysql
connect = host=[IP] dbname=[DB] user=[USER] password=[PASS]
default_pass_scheme = CRYPT
password_query = SELECT `password`, `login` AS `user` FROM
`v_email_accounts` WHERE `login`='%u'
// 10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain
!include auth-sql.conf.ext
// 10-master.conf
default_process_limit = 1000
default_client_limit = 3003
default_vsz_limit = 1024M
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 0
vsz_limit = 1024M
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
vsz_limit = 1024M
process_limit = 2048
}
service pop3 {
process_limit = 2048
}
service auth {
unix_listener auth-userdb {
user = vmail
group = vmail
}
client_limit = 8096
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
Thanks in advance for your help!
Re: [Dovecot] Weird Authentication behaviour
On 03/24/2014 07:34 AM, Jürgen Ladstätter wrote: Hi guys, we use dovecot 2.0.9 and authentication against a mysql database. Everything works fine, but we found some weird behavior – when the password is e.g. “testpass” you also authenticate successfully with “testpass123” or “testpassNOT”. Whatever comes after the correct password doesn’t matter, the authentication is still successful. .. default_pass_scheme = CRYPT http://wiki2.dovecot.org/Authentication/PasswordSchemes -- CRYPT: Traditional DES-crypted password in /etc/passwd (e.g. pass = vpvKh.SaNbR6s) Dovecot uses libc's crypt() function, which means that CRYPT is usually able to recognize MD5-CRYPT and possibly also other password schemes. See all of the *-CRYPT schemes at the top of this page. *The traditional DES-crypt scheme only uses the first 8 characters of the password, the rest are ignored.* Other schemes may have other password length limitations (if they limit the password length at all).
Re: [Dovecot] Weird Authentication behaviour
Am 24.03.2014 12:47, schrieb Gedalya: On 03/24/2014 07:34 AM, Jürgen Ladstätter wrote: we use dovecot 2.0.9 and authentication against a mysql database. Everything works fine, but we found some weird behavior – when the password is e.g. “testpass” you also authenticate successfully with “testpass123” or “testpassNOT”. Whatever comes after the correct password doesn’t matter, the authentication is still successful. .. default_pass_scheme = CRYPT http://wiki2.dovecot.org/Authentication/PasswordSchemes -- CRYPT: Traditional DES-crypted password in /etc/passwd (e.g. pass = vpvKh.SaNbR6s) Dovecot uses libc's crypt() function, which means that CRYPT is usually able to recognize MD5-CRYPT and possibly also other password schemes. See all of the *-CRYPT schemes at the top of this page. *The traditional DES-crypt scheme only uses the first 8 characters of the password, the rest are ignored.* Other schemes may have other password length limitations (if they limit the password length at all) my passwords have 19 chars and my linux login does not accept only the first 8 ones, that's the state for many years now frankly 8 chars is laughable, i recently wrote a PHP library to generate secure random passwords and for 10 passwords get 13 collisions is way to much given that that means you have a collision every 8000 tries which means not you need 8000 in a real world attack GENERATED: 10 COLLISIONS: 13 signature.asc Description: OpenPGP digital signature
[Dovecot] Case-sensitive INBOX or client issue?
I am using dovecot as an IMAP server for a Cisco product (Cisco Agent
Desktop by Calabrio) and noticed some odd behavior when trying to access
emails. The mail is delivered to the main INBOX, then a Cisco server moves
it to a directory within the INBOX based on the queue it is meant for.
Here is the directory structure of the Maildir:
Maildir/INBOX
Maildir/INBOX/tmp
Maildir/INBOX/63
Maildir/INBOX/63/tmp
Maildir/INBOX/63/dovecot.index.cache
Maildir/INBOX/63/cur
Maildir/INBOX/63/cur/1395445673.M548066P32100.uc-util,S=6403:2,
Maildir/INBOX/63/dovecot.index.log
Maildir/INBOX/63/dovecot-uidlist
Maildir/INBOX/63/maildirfolder
Maildir/INBOX/63/new
Maildir/INBOX/dovecot.index.cache
Maildir/INBOX/cur
Maildir/INBOX/dovecot.index.log
Maildir/INBOX/dovecot-uidlist
Maildir/INBOX/62
Maildir/INBOX/62/tmp
Maildir/INBOX/62/dovecot.index.cache
Maildir/INBOX/62/cur
Maildir/INBOX/62/cur/1395445491.M591207P32114.uc-util,S=6380:2,
Maildir/INBOX/62/dovecot.index.log
Maildir/INBOX/62/dovecot-uidlist
Maildir/INBOX/62/maildirfolder
Maildir/INBOX/62/new
Maildir/INBOX/new
Email is delivered to INBOX then gets moved to INBOX/62 or INBOX/63. The
desktop software is then supposed to read the email and process it. I did
a packet capture of the conversation and saw the following:
IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS
ID ENABLE AUTH=PLAIN] Dovecot ready.
IMAP Request: A0 AUTHENTICATE PLAIN
IMAP Response: +
IMAP Request: redacted
IMAP Response: A0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS
ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND
UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1
CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH
LIST-STATUS] Logged in
IMAP Request: A1 LIST Inbox/63
IMAP Response: A1 OK List completed.
IMAP Request: A2 CREATE Inbox/63
IMAP Response: A2 NO [ALREADYEXISTS] Mailbox exists.
If I login manually and do 'LIST INBOX/63' it works fine, but not with
Inbox/63. I was under the impression that INBOX was not case-sensitive.
Is this a bug or is the client doing something silly?
Thanks,
Henry
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7
disable_plaintext_auth = no
mail_location = maildir:~/Maildir:LAYOUT=fs
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap
ssl = no
ssl_cert = /etc/dovecot/dovecot.pem
ssl_key = /etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
--
The best way to predict the future is to invent it - Alan Kay
Re: [Dovecot] Case-sensitive INBOX or client issue?
Am 22.03.2014 01:33, schrieb SB Code Ninja: IMAP Response: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. IMAP Request: A0 AUTHENTICATE PLAIN IMAP Response: + IMAP Request: redacted IMAP Response: A0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in IMAP Request: A1 LIST Inbox/63 IMAP Response: A1 OK List completed. IMAP Request: A2 CREATE Inbox/63 IMAP Response: A2 NO [ALREADYEXISTS] Mailbox exists. If I login manually and do 'LIST INBOX/63' it works fine, but not with Inbox/63. I was under the impression that INBOX was not case-sensitive. Is this a bug or is the client doing something silly? by RFC folder names are *not* case-sensitive, if dovecot handles them case-sensitive it is a bug, however there are broken clients as well if anybody ever struggeled with different MS Outlook versions and no new mails displayed just rename 'Inbox' to 'INBOX' on the server signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Case-sensitive INBOX or client issue?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 21 Mar 2014, SB Code Ninja wrote: If I login manually and do 'LIST INBOX/63' it works fine, but not with Inbox/63. I was under the impression that INBOX was not case-sensitive. As far as I know that applies to INBOX, but not its children, see RFC1730 sec. 9. Formal Syntax mailbox ::= INBOX / astring ;; INBOX is case-insensitive; other names may be ;; case-sensitive depending on implementation. For a workaround see: http://wiki2.dovecot.org/Plugins/MailboxAlias Is this a bug or is the client doing something silly? mail_location = maildir:~/Maildir:LAYOUT=fs - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzAvD3D1/YhP6VMHAQLZ+wgAohQ2DQ0outoOhUvD+ZnPpNj236FIiEIN vYtGKL665E6ef1mSEZC87yanb5zNzQVEDfCsFbYL0dFSP2OofYvxBBACp7iLMxod wq70qutUEWjMfgMK0eP5XLjYsrzYFpjWRDcglULhr6U/mvgUg8AFbzv5ajw75Q4i LgrEbhn4LBVy68ERVY4J33zP3NZAlSjDGs+759F1mSnEet1n7hJt7P4wenpU5YM+ Lr7sonp4xRf4gF2dTtotJCHTaREkr/wD0ZQpuud3WXOgNI+bSoyShMCuWHpdnOAg 86i0XtozqKOtYJNlowF6pWa5jL+VKC2lsvCn3QwFcF0r57r1C+MzSA== =rnPm -END PGP SIGNATURE-
Re: [Dovecot] Dovecot/Django authentication
Il 2014-03-21 17:29 Thomas Johnson ha scritto: Has anyone done a dovecot authentication plugin to support these password forms (and/or any other forms that django supports)? You could use a checkpassword script to authenticate against django. The interface is fairly simple. http://wiki2.dovecot.org/AuthDatabase/CheckPassword?action=showredirect=PasswordDatabase%2FCheckPassword ciao Luca
[Dovecot] imap: Error: mmap() failed with file ... dovecot.index.cache: Cannot allocate memory
Hi, since some days (about 10) I get the following error in mail error log many, many times: ... dovecot: imap(u...@domain.com pid:32769 session:dszL7lX1xADD/uGI): Error: mmap() failed with file /home/dovecotindex/domain.com/user/mailboxes/Trash /dovecot.index.cache: Cannot allocate memory It's always the same dovecot.index.cache file and only for the same heavily used account. The account is currently used from about 10 different clients with imap at the sime time. I checked the size of the index cache file and it seems very big: total 2,7G -rw--- 1 mailstore mailstore 464 Mär 24 14:36 dovecot.index -rw--- 1 mailstore mailstore 464 Mär 24 14:36 dovecot.index.backup -rw--- 1 mailstore mailstore 2,7G Mär 24 14:19 dovecot.index.cache -rw--- 1 mailstore mailstore 140 Mär 24 14:45 dovecot.index.log -rw--- 1 mailstore mailstore 89K Mär 24 14:36 dovecot.index.log.2 About 2,7 GB? To solve the problem temporarily, I removed the index files from the index Trash folder and Dovecot initialized an index rebuild. Now the size of the index files are small: total 28K -rw--- 1 mailstore mailstore 512 Mär 24 14:47 dovecot.index -rw--- 1 mailstore mailstore 20K Mär 24 15:28 dovecot.index.cache -rw--- 1 mailstore mailstore 1,2K Mär 24 15:28 dovecot.index.log But why could the index cache file be so big? Many thanks Urban
Re: [Dovecot] Weird Authentication behaviour
Reindl Harald wrote: Am 24.03.2014 12:47, schrieb Gedalya: On 03/24/2014 07:34 AM, Jürgen Ladstätter wrote: we use dovecot 2.0.9 and authentication against a mysql database. Everything works fine, but we found some weird behavior – when the password is e.g. “testpass” you also authenticate successfully with “testpass123” or “testpassNOT”. Whatever comes after the correct password doesn’t matter, the authentication is still successful. .. default_pass_scheme = CRYPT http://wiki2.dovecot.org/Authentication/PasswordSchemes -- CRYPT: Traditional DES-crypted password in /etc/passwd (e.g. pass = vpvKh.SaNbR6s) Dovecot uses libc's crypt() function, which means that CRYPT is usually able to recognize MD5-CRYPT and possibly also other password schemes. See all of the *-CRYPT schemes at the top of this page. *The traditional DES-crypt scheme only uses the first 8 characters of the password, the rest are ignored.* Other schemes may have other password length limitations (if they limit the password length at all) my passwords have 19 chars and my linux login does not accept only the first 8 ones, that's the state for many years now Because libc's crypt() was extended to support other encryption algorithms and your distribution chose to use them. (in Debian see for example /etc/login.defs, variable ENCRYPT_METHOD) That doesn't change the fact you can still use crypt() with DES encryption. For example, htpasswd still does that by default (or at least was doing that few months ago), you can recofigure your Linux login to do it as well and obviously you can configure Dovecot the same way. frankly 8 chars is laughable, i recently wrote a PHP library to generate secure random passwords and for 10 passwords get 13 collisions is way to much given that that means you have a collision every 8000 tries which means not you need 8000 in a real world attack GENERATED: 10 COLLISIONS: 13 Yes, AFAIK DES encryption is obsolete for very long time and if you know hash, it's quite easy to generate a secret which will match the hash (so security-wise database with DES encrypted passwords is pretty much no better than database with plaintext passwords) For the author of top post: Dovecot does what you told it to do. If you want to change this, it'll be a bit of a problem. If you by any chance have plaintext passwords for your accounts (and you shouldn't have them), you can pass them to doveadm pw -s SHA512-CRYPT -p plaintext and store what comes out to your DB. If you don't have them, there's a way using postlogin script - http://wiki2.dovecot.org/PostLoginScripting , see http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes This method will however convert scheme for _first_ password that allows someone to login. So you can expect complaints from your users who use their account from two devices with different passwords (with difference after 8th character.) They will login from one device, password scheme changes and the other device will be locked out.
Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
On Mon, Mar 24, 2014 at 9:10 PM, Tom Hendrikx t...@whyscream.net wrote: [root@vmail1 ~]# socat - UNIX:/usr/local/dovecot/var/run/dovecot/auth-userdb 2014/03/16 20:57:05 socat[24404] E connect(3, AF=1 /usr/local/dovecot/var/run/dovecot/auth-userdb, 48): Connection refused Seems a bit wierd that I can't connect as root? Hi All, Ive been googling the crap out of this but still cant seem to make it work.. any assistance would be really appreciated thanks! :) Please don't top-post... Hi There, Sorry about that ;) Some ideas: 1) Show full output of 'doveconf -n' http://pastebin.com/wsUt0eEF 2) How do permissions of the socket look like? Show full output of 'ls -al /usr/local/dovecot/var/run/dovecot/' http://pastebin.com/pCazAVUz 3) Do you use SElinux or some other access control system? Any output in syslog/kernel logging? /etc/selinux/config was set to permissive, so i set to disabled. Apart from the mail.log output in my pastbin above - there is no more logging that i can find. Thanks! Simon
Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
On 3/24/2014 3:55 PM, Simon grem...@gmail.com wrote: Some ideas: 1) Show full output of 'doveconf -n' http://pastebin.com/wsUt0eEF One more thing... please don't use pastebin... it breaks archives (eventually). Just copy/paste the output directly into the email body (this goes for logs too)... -- Best regards, Charles
Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb
On Tue, Mar 25, 2014 at 9:00 AM, Charles Marcus
cmar...@media-brokers.comwrote:
One more thing... please don't use pastebin... it breaks archives
(eventually).
Just copy/paste the output directly into the email body (this goes for
logs too)...
Oh sorry :(
Mar 13 09:50:44 vmail1 postfix/pipe[31090]: 5D4FFA1057: to=
accou...@thedomainname.com, relay=dovecot, delay=135007,
delays=135006/0.03/0/1, dsn=4.3.0, status=deferred (temporary failure)
Mar 13 09:55:43 vmail1 postfix/qmgr[1486]: 5220B9FE50: from=
accou...@thedomainname.com, size=2787, nrcpt=1 (queue active)
Mar 13 09:55:43 vmail1 dovecot: lda: Debug: Loading modules from directory:
/usr/local/dovecot/lib/dovecot
Mar 13 09:55:43 vmail1 dovecot: lda: Debug: Module loaded:
/usr/local/dovecot/lib/dovecot/lib10_quota_plugin.so
Mar 13 09:55:43 vmail1 dovecot: lda: Debug: Module loaded:
/usr/local/dovecot/lib/dovecot/lib90_sieve_plugin.so
Mar 13 09:55:44 vmail1 dovecot: lda: Error: userdb lookup:
connect(/usr/local/dovecot/var/run/dovecot/auth-userdb) failed: Connection
refused
Mar 13 09:55:44 vmail1 dovecot: lda: Fatal: Internal error occurred. Refer
to server log for more information.
Mar 13 09:55:44 vmail1 postfix/pipe[31212]: 5220B9FE50: to=
accou...@thedomainname.com, relay=dovecot, delay=136173,
delays=136171/0.03/0/1.1, dsn=4.3.0, status=deferred (temporary failure)
[root@vmail1 vmail]# dovecot -n
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.el6.centos.plus.x86_64 x86_64 CentOS release 6.5
(Final) xfs
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login digest-md5 cram-md5
auth_verbose = yes
debug_log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%n/Maildir
mbox_write_locks = fcntl
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=512M
quota_rule2 = Trash:storage=+10%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=50%% quota-warning 50 %u
}
service auth {
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service quota-warning {
executable = script /var/vmail/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
mail_plugins = quota
}
protocol imap {
mail_plugins = quota imap_quota
ssl_cert = /etc/ssl/dovecot/imap.pem
ssl_key = /etc/ssl/dovecot/imap.pem
}
protocol pop3 {
mail_plugins = quota
ssl_cert = /etc/ssl/dovecot/pop.pem
ssl_key = /etc/ssl/dovecot/pop.pem
}
# ls -al
total 28
drwxr-xr-x. 5 rootroot 4096 Aug 17 2013 .
drwxr-xr-x. 3 rootroot 4096 Jul 13 2013 ..
srw---. 1 rootroot0 Jul 18 2013 anvil
srw---. 1 rootroot0 Jul 18 2013 anvil-auth-penalty
srw---. 1 rootroot0 Jul 18 2013 auth-client
srw---. 1 dovecot root0 Jul 18 2013 auth-login
srw---. 1 rootroot0 Jul 18 2013 auth-master
-rw---. 1 rootroot 32 Jul 13 2013 auth-token-secret.dat
srwxrwxrwx. 1 vmail vmail 0 Jul 18 2013 auth-userdb
srw---. 1 dovecot root0 Jul 18 2013 auth-worker
srw---. 1 rootroot0 Jul 18 2013 config
srwxrwxrwx. 1 vmail vmail 0 Jul 18 2013 dict
srw---. 1 rootroot0 Jul 18 2013 director-admin
srw---. 1 rootroot0 Jul 18 2013 director-userdb
srw-rw-rw-. 1 rootroot0 Jul 18 2013 dns-client
srw---. 1 rootroot0 Jul 18 2013 doveadm-server
lrwxrwxrwx. 1 rootroot 43 Jul 18 2013 dovecot.conf -
/usr/local/dovecot/etc/dovecot/dovecot.conf
drwxr-xr-x. 2 rootroot 4096 Jul 13 2013 empty
srw-rw-rw-. 1 rootroot0 Jul 18 2013 imap-urlauth
srw---. 1 dovecot root0 Jul 18 2013 imap-urlauth-worker
srw-rw-rw-. 1 rootroot0 Jul 18 2013 indexer
srw---. 1 dovecot root0 Jul 18 2013 indexer-worker
srw---. 1 rootroot0 Jul 18 2013 ipc
srw---. 1 rootroot0 Jul 18 2013 log-errors
drwxr-x---. 2 rootdovenull 4096 Jul 18 2013 login
-rw-r--r--. 1 rootroot 40 Jul 18 2013 mounts
srw---. 1 vmail root0 Jul 18 2013 quota-warning
srw---. 1 rootroot0 Jul 18 2013 replication-notify
prw---. 1 rootroot0 Jul 18 2013 replication-notify-fifo
srw---. 1 dovecot root0 Jul 18 2013 replicator
srw-rw-rw-. 1 rootroot0 Jul 18 2013 ssl-params
srw---. 1 rootroot0 Jul 18 2013 stats
prw---. 1 rootroot0 Jul 18 2013 stats-mail
drwxr-x---. 2 rootdovenull 4096 Jul 18 2013 token-login
[Dovecot] Direct groups of users to pairs of backend servers
Hi All, I am using dovecot in the Director setup with multiple proxy and backend mailstores and user information stored in LDAP. I am aware users can be directed to a single backend server. It would be useful to be able to direct groups of users to pairs of backend servers to give some fault tolerance against NFS issues and make the whole thing more scalable. Otherwise each backend mailstore will need all the NFS mounts and the whole cluster will be affected if one NFS mount has an issue. I am not sure if this possible with the current dovecot implementation? If not it would be a great enhancement. Thanks Murray
