Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. How to disable the setting for dovecot. Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=scan, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=5USPZMX3/QDAqBBU Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: ssl_disable has been renamed to ssl ... ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -END PGP SIGNATURE-
Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes
Dear Steffen Kaiser, Thank you very much! Best regards, Jason -Original Message- From: Steffen Kaiser [mailto:skdove...@smail.inf.fh-brs.de] Sent: Friday, April 25, 2014 3:14 PM To: Jason Cc: dovecot@dovecot.org Subject: Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. How to disable the setting for dovecot. Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=scan, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=5USPZMX3/QDAqBBU Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: ssl_disable has been renamed to ssl ... ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -END PGP SIGNATURE-
[Dovecot] Multiple Instances Of Dovecot On One Messagebase
Hello, I would like to run multiple instances of Dovecot with same message base (maildir format) Will this set up work or would that destroy message base? Intention is to offer different authentication methods to users, username/password and client certificates. Those instances should run on different IP addresses which is supported by Dovecot. Unfortunately Dovecot does not allow different auth configs in local ip {} sections. best regards Christian
[Dovecot] separating logs by port
Hi, I wanted to ask if there's an easy way to log the port in dovecot. The background is that, as everyone's probably aware, pop3/imap usually listen on two ports (110/995 for pop3, 143/993 for imap). One port is the classic port that allows unencrypted and STARTTLS connections, the other is the legacy SSL port that allows TLS only connections. The legacy SSL ports are considered deprecated and I'd like to know if I can deprecate them on my severs. Therefore I'd like to know how many users use them, but at the moment I can't see which port my users use. I haven't found an easy way to detect that. The easiest thing would be if there'd be a way to add the port number to the pop3-login/imap-login lines in the log files. Any way to do that? cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re: [Dovecot] separating logs by port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Hanno Böck wrote: I wanted to ask if there's an easy way to log the port in dovecot. http://wiki2.dovecot.org/Variables These variables work only in Dovecot-auth and login_log_format_elements setting: %a %b - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1pJJnz1H7kL/d9rAQL73Qf+MgDj14eTh59u5DaS+ogv6tdJMFKBSg/v 6KRe0NB+eUBgcTctl+f9qjdAtzA9L0fMDlGMA9XCAY7wjjhIj/u6oq21omcJ90HP fVqor7KQshyHeulyG4QjVXcbCjgPgooqJ0z2zEMVmxSmZ9Kb0I8PyUJZjLa1mWjx 7KpicFcaW5JL23vYKbJ0Cxq6m/wLUgM1GC43Hn0sUXHt0llyyRXZgOCOlZ+JWBB+ EaAgGAqKYkqqpbHrq6Zde3sNcv3bkaJcVkUm32gTca+em+iMtBpj4hcrdgYOraQb VRE8xmOATt6tWV7PApMmv/NFhaKuVro2TI58WCOPTqjRvLADXNRi6w== =GtcU -END PGP SIGNATURE-
[Dovecot] crash while fts searching a virtual folder
Hi, searching a virtual folder crashes dovecot quite often. I'm using dovecot 2.2.12. Here's the backtrace: [New LWP 28245] [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x7fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #0 0x7fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x7fc1d73f7b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x7fc1d77e6d45 in default_fatal_finish (type=optimized out, status=0) at failures.c:193 backtrace = 0x1cdc318 /usr/local/lib/dovecot/libdovecot.so.0(+0x68d4f) [0x7fc1d77e6d4f] - /usr/local/lib/dovecot/libdovecot.so.0(+0x68dae) [0x7fc1d77e6dae] - /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc1d77a0... #3 0x7fc1d77e6dae in i_internal_fatal_handler (ctx=0x7fff86d4b2d0, format=optimized out, args=optimized out) at failures.c:657 status = 0 #4 0x7fc1d77a03b9 in i_panic (format=optimized out) at failures.c:267 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff86d4b3a0, reg_save_area = 0x7fff86d4b2e0}} #5 0x7fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8, level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81 i = optimized out count = 234 backend_uids = {arr = {buffer = 0x1cdbe90, element_size = 8}, v = 0x1cdbe90, v_modifiable = 0x1cdbe90} vuids_arr = {arr = {buffer = 0x1cdba98, element_size = 4}, v = 0x1cdba98, v_modifiable = 0x1cdba98} vuids = 0xea scores = 0x23c8f50 score = 0xea #6 multi_add_lookup_result (args=0x1bbb220, level=0x1c0c2e0, fctx=0x18c2240, result=optimized out) at fts-search.c:146 br = 0x2413ab8 vbox = 0x170c950 vuids = {arr = {buffer = 0x16dbe70, element_size = 8}, v = 0x16dbe70, v_modifiable = 0x16dbe70} orig_size = optimized out i = optimized out #7 fts_search_lookup_level_multi (and_args=true, args=0x1bbb220, fctx=0x18c2240) at fts-search.c:194 mailboxes_arr = {arr = {buffer = 0x1e0a580, element_size = 8}, v = 0x1e0a580, v_modifiable = 0x1e0a580} backend = optimized out j = 60 vbox = optimized out mailboxes = 0x1e0a5b8 level = 0x1c0c2e0 result = {pool = 0x1e0a560, box_results = 0x2413838} i = optimized out mailbox_count = 60 #8 fts_search_lookup_level (fctx=0x18c2240, args=0x1bbb220, and_args=true) at fts-search.c:208 _data_stack_cur_id = 4 ret = optimized out #9 0x7fc1d6774f86 in fts_search_lookup (fctx=optimized out) at fts-search.c:354 last_uid = 32653 seq1 = 0 seq2 = 0 __FUNCTION__ = fts_search_lookup #10 0x7fc1d6776388 in fts_mailbox_search_init (t=optimized out, args=0x1bbb160, sort_program=optimized out, wanted_fields=0, wanted_headers=0x0) at fts-storage.c:207 ft = 0x1d4be20 fbox = optimized out flist = 0x1706610 ctx = 0x192f540 fctx = 0x18c2240 #11 0x0041caa0 in imap_search_start (ctx=0x170a238, sargs=0x1bbb160, sort_program=0x0) at imap-search.c:576 cmd = 0x170a130 __FUNCTION__ = imap_search_start #12 0x004117b6 in cmd_search (cmd=0x170a130) at cmd-search.c:48 ctx = 0x170a238 sargs = 0x1bbb160 args = 0x16e2a38 charset = 0x424d0b UTF-8 ret = optimized out #13 0x0041734d in command_exec (cmd=0x170a130) at imap-commands.c:158 hook = 0x16e00f0 ret = optimized out #14 0x004163e0 in client_command_input (cmd=0x170a130) at imap-client.c:780 client = 0x17095e0 command = optimized out __FUNCTION__ = client_command_input #15 0x004164c5 in client_command_input (cmd=0x170a130) at imap-client.c:841 client = 0x17095e0 command = optimized out __FUNCTION__ = client_command_input #16 0x0041676d in client_handle_next_command (remove_io_r=synthetic pointer, client=0x17095e0) at imap-client.c:879 No locals. #17 client_handle_input (client=0x17095e0) at imap-client.c:891 _data_stack_cur_id = 3 ret = 48 remove_io = false handled_commands = false __FUNCTION__ = client_handle_input #18 0x00416ae2 in client_input (client=0x17095e0) at imap-client.c:933 cmd = optimized out output = 0x1709ff0 bytes = 26 __FUNCTION__ = client_input #19 0x7fc1d77f7616 in io_loop_call_io (io=0x17071a0) at ioloop.c:388 ioloop = 0x16df730 t_id = 2 #20 0x7fc1d77f84cf in io_loop_handler_run (ioloop=optimized out) at ioloop-epoll.c:220 ctx = 0x16e03d0 events = 0x0 event = 0x16e1230
[Dovecot] Incompatibility Thunderbirds Auth Mech TLS-Certificate - Dovecot
Hello, it seems there there is an issue regarding TLS-Certtificate authentication in Thunderbird and Dovecot. Obviously client certificate is recognized by Dovecot: Apr 25 14:29:01 dovecot dovecot: imap-login: Valid certificate: /emailAddress=christian.fels...@example.net/CN=Christian Felsing (Test)/OU=CF Certificates/O=example.net/C=DE AFAIK Dovecot always requires IMAP login, even in static passdb config. Static means arbitrary password is ok, but not no login I hope, I am wrong, following log entry gave a hint, what Thunderbird does or more precisely - not do: Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=, rip=192.168.1.99, lip=192.168.42.1, TLS, session=3+1THN33NQBtWq5D Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird does several strange things on client certificates: 1st) If Dovecot is configured to request a client certificate and Thunderbird is configured to use plain text auth, Thunderbird offers a client certificate and login succeeds as configured in Dovecot. Unfortunately Thunderbird uses same certificate for all configured accounts to that host. Very bad if Dovecot reads username from certificate attributes. 2nd) If Dovecot is configured to request a client certificate and Thunderbird is configured to use TLS-Certificate, Thunderbird also offers a client certificate, but Dovecot requests login from Thunderbird. That fails, because Thunderbird assumes TLS-Certificate is enough for successful log. If it is true that Dovecot is not compatible to Thunderbirds way of TLS-Certificate Authentication, I consider to set up a proxy, which supports that way. May be Nginx would be a solution, it supports IMAP and LUA module plus some LUA code will fake the authentication. This is an ugly hack so I would like to avoid that, if anybody has a better solution. Thunderbird is a very widespread IMAP client so it should not be ignored. best regards Christian ---Dovecot config--- # /opt/dovecot/bin/doveconf -n # 2.2.12: /opt/dovecot/etc/dovecot-cert/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4 auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@# auth_username_translation = @# base_dir = /var/run/dovecot-cert first_valid_uid = 124 last_valid_uid = 124 listen = 192.168.42.1 log_timestamp = %Y-%m-%d %H:%M:%S login_greeting = example.net imap4/pop3 (cert only) ready. mail_gid = 124 mail_location = maildir:~/Maildir mail_privileged_group = vmail mail_uid = 124 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = password=test driver = static } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes autocreate = Trash autocreate2 = Drafts autosubscribe = Trash autosubscribe2 = Drafts quota = maildir:User quota quota_rule = *:storage=500M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags } protocols = imap pop3 lmtp sieve service anvil { client_limit = 4000 } service auth-worker { group = vmail } service auth { client_limit = 8000 unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = dovecot } user = root } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 1024 } service imap-postlogin { executable = script-login /opt/cfbin/lastlogin.sh } service imap { executable = imap imap-postlogin } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_limit = 1024 }
Re: [Dovecot] Incompatibility Thunderbirds Auth Mech TLS-Certificate - Dovecot
Am 25.04.2014 14:56, schrieb Christian Felsing: Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=, rip=192.168.1.99, lip=192.168.42.1, TLS, session=3+1THN33NQBtWq5D Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird does several strange things on client certificates: that is the normal behavior if you force a auth-mech on the client which the server don't announce - auth-mech and TLS certificicate are completly different worlds just configure thunderbird to use plain instead encrypted auth which means CRAM-MD5 at the end of the day, by default dovecot only offers PLAIN which is fine inside a TLS connection you can only support CRAM-MD5 with passwords stored as plain-text [root@testserver:~]$ doveconf -n | grep -i mech auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN [root@testserver:~]$ doveconf -d | grep -i mech auth_mechanisms = plain signature.asc Description: OpenPGP digital signature
[Dovecot] Trying to get DSpam+Dovecot working with Postfix and local/virtual domains
Hi, I'm hoping that someone might be able to help, as I've been going in circles with trying to get the right configuration done here. I'm also not sure whether this is more of a Dovecot or DSpam question, so I'm posting the same to both mailing lists. My goal is to have a mail setup that is as follows: [Incoming email] -- [Postfix] -- [Amavis] -- [DSpam] -- [Dovecot LDA] -+---(local domain)--- /var/mail/${user} | +---(virtual)--- /home/vmail/${domain}/${user}@{domain} As of right now, I have Postfix successfully feeding into Amavis, re-injecting into Postfix with a final delivery for the local domain via procmail, and final delivery for virtual domains via the virtual transport into maildir (but /home/vmail/${user}@${domain}) Virtual domains are being managed by PostfixAdmin. Dovecot is running as the IMAP server. Everything (Postfix, PostfixAdmin, Dovecot) is using a Postgres database as backend for the dynamic maps/authentication. The problem I've been stumbling over is trying to get DSpam to work nicely with both a local domain and virtual domains/mailboxes, and the same for Dovecot, as I would rather like to make use of the Sieve functionality going forward instead of Procmail. I did have DSpam working, but was unable to get the Dovecot antispam plugin working to re-train based on moving mails into/out of a defined 'SPAM' folder, due to permissions relating to how the antispam plugin was calling DSpam. I'm really not wanting to make the local domain into a virtual mailbox domain, because there are users on the system (for that local domain) that already use the password in /etc/passwd for accessing the server for other uses. While there are also people who do that who have virtual mailbox domains, it's a far lower number. Here's what I have so far. Postfix 2.11.0 main.cf (via 'postconf -nf'): alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 ipv6 local_recipient_maps = $transport_maps unix:passwd.byname $alias_maps mail_owner = postfix mailbox_command = /usr/local/bin/procmail -a $EXTENSION mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = critter.net myhostname = cornix.critter.net mynetworks = 127.0.0.0/8, 46.4.24.15/32, [::1]/128, [2a01:4f8:131:4263::]/64, 184.73.168.110/32, [2001:470:7:12ba::]/64 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = - relay_domains = pgsql:$config_directory/Maps/pgsql_relay_domains_maps.cf sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtp_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtp_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtp_tls_session_cache_database = /var/db/postfix/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtpd_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache smtpd_use_tls = yes soft_bounce = yes tls_random_source = dev:/dev/urandom transport_maps = pgsql:$config_directory/Maps/pgsql_transport_maps.cf unknown_local_recipient_reject_code = 450 virtual_alias_maps = pgsql:$config_directory/Maps/pgsql_virtual_alias_maps.cf virtual_gid_maps = static:400 virtual_mailbox_base = /home/vmail virtual_mailbox_domains =
Re: [Dovecot] ImapTest utility not compiling
* Found my error. I moved the dovecot source code after compiling it. Didn’t realize there were embedded/absolute URLS within the dovecot source tree. All I needed to do was make clean make dovecot, then imaptest compiled no problem. [Brad Hein] From: Hein, Local Administrator brad_h...@cable.comcast.commailto:brad_h...@cable.comcast.com Date: Wednesday, April 23, 2014 at 2:00 PM To: dovecot@dovecot.orgmailto:dovecot@dovecot.org dovecot@dovecot.orgmailto:dovecot@dovecot.org Subject: ImapTest utility not compiling Following the wiki instructions here: http://www.imapwiki.org/ImapTest/Installation I’ve run into a wall trying to compile the imapTest utility (dovecot compiled without any problems). I think there’s a problem in the imapTest utility? Copy/pasted compile output and attached. The gist of the problem seems to be that imaptest can’t find the dovecot headers and libraries (configure script was executed like this: ./configure --with-dovecot=/usr/src/dovecot-20140420 checkpoint.c:3:17: error: lib.h: No such file or directory checkpoint.c:4:17: error: str.h: No such file or directory and many more Based on these errors I believe there’s a compatibility problem between the current imapTest utility and dovecot. The configure script said to report errors to this email address. [Brad Hein]
[Dovecot] Help implementing username_format in auth PAM driver
While configuring my server with dovecot I noticed that the PAM authentication driver does not support the username_format option as does the password file driver. This didn't seem too hard to implement so I through together a patch. As you can see in the attached patch I only modify the username sent to PAM. Despit doing this I run into the domain lost issue(http://wiki2.dovecot.org/DomainLost). This prevents me from using the domain name in my mail_location config string. What I don't understand is why does changing the username string sent to PAM for authentication trigger this issue? Shouldn't dovecot continue to use the client supplied username as I am *not* changing it anywhere in my config? Thanks, Lee diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c index cf0b3c9..5f42a5a 100644 --- a/src/auth/passdb-pam.c +++ b/src/auth/passdb-pam.c @@ -37,6 +37,7 @@ typedef pam_const void *pam_item_t; #define PASSDB_PAM_DEFAULT_MAX_REQUESTS 100 +#define PASSDB_PAM_DEFAULT_USERNAME_FORMAT %u struct pam_passdb_module { struct passdb_module module; @@ -47,6 +48,7 @@ struct pam_passdb_module { unsigned int pam_setcred:1; unsigned int pam_session:1; unsigned int failure_show_msg:1; + const char *username_format; }; struct pam_conv_context { @@ -55,6 +57,17 @@ struct pam_conv_context { const char *failure_msg; }; +inline const char* +pam_username_lookup(struct auth_request *request) +{ + struct passdb_module *_module = request-passdb-passdb; + struct pam_passdb_module *module = (struct pam_passdb_module *)_module; + string_t *username = t_str_new(256); + var_expand(username, module-username_format, + auth_request_get_var_expand_table(request, auth_request_str_escape)); + return str_c(username); +} + static int pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, struct pam_response **resp_r, void *appdata_ptr) @@ -82,7 +95,7 @@ pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, case PAM_PROMPT_ECHO_ON: /* Assume we're asking for user. We might not ever get here because PAM already knows the user. */ - string = strdup(ctx-request-user); + string = strdup(pam_username_lookup(ctx-request)); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, Out of memory); break; @@ -240,7 +253,7 @@ static void set_pam_items(struct auth_request *request, pam_handle_t *pamh) host = net_ip2addr(request-remote_ip); if (host != NULL) (void)pam_set_item(pamh, PAM_RHOST, host); - (void)pam_set_item(pamh, PAM_RUSER, request-user); + (void)pam_set_item(pamh, PAM_RUSER, pam_username_lookup(request)); /* TTY is needed by eg. pam_access module */ (void)pam_set_item(pamh, PAM_TTY, dovecot); } @@ -262,7 +275,7 @@ pam_verify_plain_call(struct auth_request *request, const char *service, ctx.request = request; ctx.pass = password; - status = pam_start(service, request-user, conv, pamh); + status = pam_start(service, pam_username_lookup(request), conv, pamh); if (status != PAM_SUCCESS) { auth_request_log_error(request, pam, pam_start() failed: %s, pam_strerror(pamh, status)); @@ -331,6 +344,7 @@ pam_preinit(pool_t pool, const char *args) { struct pam_passdb_module *module; const char *const *t_args; + const char *format = PASSDB_PAM_DEFAULT_USERNAME_FORMAT; int i; module = p_new(pool, struct pam_passdb_module, 1); @@ -367,9 +381,14 @@ pam_preinit(pool_t pool, const char *args) } } else if (t_args[i+1] == NULL) { module-service_name = p_strdup(pool, t_args[i]); + } else if (strncmp(t_args[i], username_format=, 16) == 0) { + format = auth_cache_parse_key(pool, t_args[i] + 16); } else { i_fatal(pam: Unknown setting: %s, t_args[i]); } } + + module-username_format = format; + return module-module; }
[Dovecot] Segfault in auth (when talked to by postfix lda)
Afternoon all. I'm seeing a segfault in dovecot 2.2.12 (debian package 1:2.2.12-2). I can log into dovecot fine with mutt, but the segfaults seem to occur when postfix (2.11.0, debian package 2.11.0-1+b1) tries to deliver a message. This was working fine under 2.2.9 (I can downgrade to that and delivery works). Can anyone help? Doveconf -n, and backtrace follow. -- --8-- doveconf -n -- # 2.2.12: /etc/dovecot/dovecot.conf # OS: Linux 3.12-1-686-pae i686 Debian jessie/sid xfs auth_debug = yes auth_mechanisms = digest-md5 cram-md5 plain info_log_path = /var/log/dovecot.info lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot.log log_timestamp = %Y-%m-%d %H:%M:%S login_log_format_elements = service=%s user=%u session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k mail_access_groups = mail users mail_location = mdbox:/var/mail/%u/Mail mail_max_userip_connections = 50 mail_plugins = zlib stats mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/passwd driver = passwd-file } plugin { antispam_backend = dspam antispam_crm_binary = /bin/false antispam_debug_target = syslog antispam_dspam_args = --client;--mode=teft;--deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_pipe_program = /usr/sbin/sendmail antispam_pipe_tmpdir = /tmp antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam_pattern_ignorecase = SPAM antispam_trash_pattern_ignorecase = trash;Deleted * sieve = ~/.dovecot.sieve sieve_dir = ~/sieve stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmas...@darac.org.uk protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 } } service lmtp { inet_listener lmtp { address = 192.168.123.254 port = 20024 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_cert = /etc/dovecot/mail.www.ssl-bundle.crt ssl_key = /etc/dovecot/private/mail.www.ssl.key userdb { driver = passwd } userdb { args = uid=vmail gid=vmail home=/var/mail/%u driver = static } protocol lmtp { mail_fsync = optimized mail_plugins = zlib sieve } protocol lda { mail_fsync = optimized mail_plugins = zlib sieve } protocol imap { mail_plugins = zlib zlib imap_zlib antispam stats imap_stats } 8 backtrace --- Core was generated by `dovecot/auth'. Program terminated with signal 11, Segmentation fault. #0 auth_fields_find_idx (fields=fields@entry=0x0, key=key@entry=0xb84ae448 uid, idx_r=idx_r@entry=0xbfc07d0c) at auth-fields.c:44 44 auth-fields.c: No such file or directory. (gdb) bt full #0 auth_fields_find_idx (fields=fields@entry=0x0, key=key@entry=0xb84ae448 uid, idx_r=idx_r@entry=0xbfc07d0c) at auth-fields.c:44 i = optimized out count = optimized out #1 0xb77bed33 in auth_fields_add (fields=0x0, key=key@entry=0xb84ae448 uid, value=value@entry=0xb84a6312 1120, flags=flags@entry=(unknown: 0)) at auth-fields.c:68 field = optimized out idx = 3091882770 __FUNCTION__ = auth_fields_add #2 0xb77bb03b in auth_request_set_userdb_field (request=request@entry=0xb84b9218, name=0xb84ae448 uid, value=0xb84a6312 1120) at auth-request.c:1605 uid = optimized out gid = optimized out #3 0xb77d2fb5 in userdb_template_export (tmpl=0xb84ae410, auth_request=auth_request@entry=0xb84b9218) at userdb-template.c:83 table = 0xb84a6110 str = 0xb84a5ff0 value = optimized out i = 0 count = 6 __FUNCTION__ = userdb_template_export #4 0xb77d230a in static_lookup_real (auth_request=auth_request@entry=0xb84b9218, callback=0xb77ba9b0 auth_request_userdb_callback) at userdb-static.c:32 _module = optimized out module = optimized out #5 0xb77d23ae in static_credentials_callback (result=PASSDB_RESULT_OK, credentials=0xb84b5bb7 Mananozu, size=8, auth_request=0xb84b9218) at userdb-static.c:52 ctx
[Dovecot] Assert Crash with HG 49e9d9743f6e
New crash most likely related to Virtual plugin again: Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box-opened) Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6bc0f) [0x7fdfce48ac0f] - /usr/lib/dovecot/libdovecot.so.0(+0x6bc6e) [0x7fdfce48ac6e] - /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fdfce4442ce] - /usr/lib/dovecot/libdovecot-storage.so.0(+0x82299) [0x7fdfce777299] - /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x9f1b) [0x7fdfccc2df1b] - /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0x564) [0x7fdfccc2eb84] - /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x33) [0x7fdfce776e53] - /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fdfce776f77] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](cmd_select_full+0x173) [0x412c13] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](command_exec+0x3c) [0x41839c] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x417400] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x4174ba] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](client_handle_input+0x115) [0x417775] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](client_input+0x72) [0x417b22] - /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7fdfce49b9fe] - /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd7) [0x7fdfce49c9f7] - /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fdfce49ba89] - /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fdfce49bb08] - /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fdfce449673] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](main+0x298) [0x40c128] - /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fdfce0b2ead] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x40c28d] Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Fatal: master: service(imap): child 31334 killed with signal 6 (core not dumped) Disabling virtual prevents Dovecot from crashing. signature.asc Description: Digital signature