Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. How to disable the setting for dovecot. Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=scan, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=5USPZMX3/QDAqBBU Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: ssl_disable has been renamed to ssl ... ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -END PGP SIGNATURE-
Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes
Dear Steffen Kaiser, Thank you very much! Best regards, Jason -Original Message- From: Steffen Kaiser [mailto:skdove...@smail.inf.fh-brs.de] Sent: Friday, April 25, 2014 3:14 PM To: Jason Cc: dovecot@dovecot.org Subject: Re: [Dovecot] dovecot temporary suspension all of pop3 login about 5 minutes -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Jason wrote: When the user login P0P3 more than 10 times in 1 minute that the dovecot temporary suspension all of pop3 login about 5 minutes. How to disable the setting for dovecot. Apr 24 16:11:14 mww dovecot: pop3-login: Login: user=scan, method=PLAIN, rip=192.168.16.84, lip=192.168.16.159, mpid=8767, session=5USPZMX3/QDAqBBU Apr 24 16:11:14 mww dovecot: pop3(scan): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Apr 24 16:11:15 mww dovecot: auth-worker: Error: no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory # 2.2.9: /etc/dovecot/dovecot.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:99: ssl_disable has been renamed to ssl ... ssl = no Check out last log line, it's a bug. First try update your config, then upgrade to v2.2.13, then let us know if your bug is fixed. BTW: I do not find no loadparm.c in v2.2.12. http://ubuntuforums.org/showthread.php?t=2214042 http://osdir.com/ml/ubuntu-bugs/2014-04/msg16458.html http://ubuntuforums.org/showthread.php?t=2218612 Looks like an Ubuntu bug with authentifications. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1oLSnz1H7kL/d9rAQKprwf/euB02Q0afRd4KrRshgNhdwjoDPQKNFW7 2tuWTBEoSvYujqLKVKQOONkkZOQZpy+M49AS7tJh5+0ZhsmKZKZsLLWW7pJE+fBH 6M6sZ0h2qH1HP0g9ONx0jr1aDPzNRhPtEIzZyvIgRjvg5Own2wtNLSJvncasoVLM Wh4G5K67cH6CUkufnnoG6fm7unDKZm+JxXks0GuLZ62nqW9ID/KZelfqZHH8LWLN iM0uTbW58wcF024aAs8Asa+fVGIr4NXC/OhFM0gl9B7K0opkzr58N30kE+KDAM3a GU1H+ndTn+pokTAhB7t6a3FJoXfHB2cc9hK22e6OwirtL4HmobzuPg== =GNDN -END PGP SIGNATURE-
[Dovecot] Multiple Instances Of Dovecot On One Messagebase
Hello,
I would like to run multiple instances of Dovecot with same message base
(maildir format)
Will this set up work or would that destroy message base?
Intention is to offer different authentication methods to users,
username/password and client certificates. Those instances should run on
different IP addresses which is supported by Dovecot.
Unfortunately Dovecot does not allow different auth configs in local
ip {} sections.
best regards
Christian
[Dovecot] separating logs by port
Hi, I wanted to ask if there's an easy way to log the port in dovecot. The background is that, as everyone's probably aware, pop3/imap usually listen on two ports (110/995 for pop3, 143/993 for imap). One port is the classic port that allows unencrypted and STARTTLS connections, the other is the legacy SSL port that allows TLS only connections. The legacy SSL ports are considered deprecated and I'd like to know if I can deprecate them on my severs. Therefore I'd like to know how many users use them, but at the moment I can't see which port my users use. I haven't found an easy way to detect that. The easiest thing would be if there'd be a way to add the port number to the pop3-login/imap-login lines in the log files. Any way to do that? cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re: [Dovecot] separating logs by port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Hanno Böck wrote: I wanted to ask if there's an easy way to log the port in dovecot. http://wiki2.dovecot.org/Variables These variables work only in Dovecot-auth and login_log_format_elements setting: %a %b - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1pJJnz1H7kL/d9rAQL73Qf+MgDj14eTh59u5DaS+ogv6tdJMFKBSg/v 6KRe0NB+eUBgcTctl+f9qjdAtzA9L0fMDlGMA9XCAY7wjjhIj/u6oq21omcJ90HP fVqor7KQshyHeulyG4QjVXcbCjgPgooqJ0z2zEMVmxSmZ9Kb0I8PyUJZjLa1mWjx 7KpicFcaW5JL23vYKbJ0Cxq6m/wLUgM1GC43Hn0sUXHt0llyyRXZgOCOlZ+JWBB+ EaAgGAqKYkqqpbHrq6Zde3sNcv3bkaJcVkUm32gTca+em+iMtBpj4hcrdgYOraQb VRE8xmOATt6tWV7PApMmv/NFhaKuVro2TI58WCOPTqjRvLADXNRi6w== =GtcU -END PGP SIGNATURE-
[Dovecot] crash while fts searching a virtual folder
Hi,
searching a virtual folder crashes dovecot quite often. I'm using
dovecot 2.2.12. Here's the backtrace:
[New LWP 28245]
[Thread debugging using libthread_db enabled]
Using host libthread_db library
/lib/x86_64-linux-gnu/libthread_db.so.1.
Core was generated by `dovecot/imap'.
Program terminated with signal 6, Aborted.
#0 0x7fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#0 0x7fc1d73f4425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x7fc1d73f7b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2 0x7fc1d77e6d45 in default_fatal_finish (type=optimized out,
status=0) at failures.c:193
backtrace = 0x1cdc318
/usr/local/lib/dovecot/libdovecot.so.0(+0x68d4f) [0x7fc1d77e6d4f] -
/usr/local/lib/dovecot/libdovecot.so.0(+0x68dae) [0x7fc1d77e6dae] -
/usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fc1d77a0...
#3 0x7fc1d77e6dae in i_internal_fatal_handler (ctx=0x7fff86d4b2d0,
format=optimized out, args=optimized out) at failures.c:657
status = 0
#4 0x7fc1d77a03b9 in i_panic (format=optimized out) at
failures.c:267
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff86d4b3a0, reg_save_area = 0x7fff86d4b2e0}}
#5 0x7fc1d6774ed9 in level_scores_add_vuids (br=0x2413ab8,
level=0x1c0c2e0, vbox=0x170c950) at fts-search.c:81
i = optimized out
count = 234
backend_uids = {arr = {buffer = 0x1cdbe90, element_size = 8}, v
= 0x1cdbe90, v_modifiable = 0x1cdbe90}
vuids_arr = {arr = {buffer = 0x1cdba98, element_size = 4}, v =
0x1cdba98, v_modifiable = 0x1cdba98}
vuids = 0xea
scores = 0x23c8f50
score = 0xea
#6 multi_add_lookup_result (args=0x1bbb220, level=0x1c0c2e0,
fctx=0x18c2240, result=optimized out) at fts-search.c:146
br = 0x2413ab8
vbox = 0x170c950
vuids = {arr = {buffer = 0x16dbe70, element_size = 8}, v =
0x16dbe70, v_modifiable = 0x16dbe70}
orig_size = optimized out
i = optimized out
#7 fts_search_lookup_level_multi (and_args=true, args=0x1bbb220,
fctx=0x18c2240) at fts-search.c:194
mailboxes_arr = {arr = {buffer = 0x1e0a580, element_size = 8}, v
= 0x1e0a580, v_modifiable = 0x1e0a580}
backend = optimized out
j = 60
vbox = optimized out
mailboxes = 0x1e0a5b8
level = 0x1c0c2e0
result = {pool = 0x1e0a560, box_results = 0x2413838}
i = optimized out
mailbox_count = 60
#8 fts_search_lookup_level (fctx=0x18c2240, args=0x1bbb220,
and_args=true) at fts-search.c:208
_data_stack_cur_id = 4
ret = optimized out
#9 0x7fc1d6774f86 in fts_search_lookup (fctx=optimized out) at
fts-search.c:354
last_uid = 32653
seq1 = 0
seq2 = 0
__FUNCTION__ = fts_search_lookup
#10 0x7fc1d6776388 in fts_mailbox_search_init (t=optimized out,
args=0x1bbb160, sort_program=optimized out, wanted_fields=0,
wanted_headers=0x0) at fts-storage.c:207
ft = 0x1d4be20
fbox = optimized out
flist = 0x1706610
ctx = 0x192f540
fctx = 0x18c2240
#11 0x0041caa0 in imap_search_start (ctx=0x170a238,
sargs=0x1bbb160, sort_program=0x0) at imap-search.c:576
cmd = 0x170a130
__FUNCTION__ = imap_search_start
#12 0x004117b6 in cmd_search (cmd=0x170a130) at cmd-search.c:48
ctx = 0x170a238
sargs = 0x1bbb160
args = 0x16e2a38
charset = 0x424d0b UTF-8
ret = optimized out
#13 0x0041734d in command_exec (cmd=0x170a130) at
imap-commands.c:158
hook = 0x16e00f0
ret = optimized out
#14 0x004163e0 in client_command_input (cmd=0x170a130) at
imap-client.c:780
client = 0x17095e0
command = optimized out
__FUNCTION__ = client_command_input
#15 0x004164c5 in client_command_input (cmd=0x170a130) at
imap-client.c:841
client = 0x17095e0
command = optimized out
__FUNCTION__ = client_command_input
#16 0x0041676d in client_handle_next_command
(remove_io_r=synthetic pointer, client=0x17095e0) at imap-client.c:879
No locals.
#17 client_handle_input (client=0x17095e0) at imap-client.c:891
_data_stack_cur_id = 3
ret = 48
remove_io = false
handled_commands = false
__FUNCTION__ = client_handle_input
#18 0x00416ae2 in client_input (client=0x17095e0) at
imap-client.c:933
cmd = optimized out
output = 0x1709ff0
bytes = 26
__FUNCTION__ = client_input
#19 0x7fc1d77f7616 in io_loop_call_io (io=0x17071a0) at ioloop.c:388
ioloop = 0x16df730
t_id = 2
#20 0x7fc1d77f84cf in io_loop_handler_run (ioloop=optimized out)
at ioloop-epoll.c:220
ctx = 0x16e03d0
events = 0x0
event = 0x16e1230
[Dovecot] Incompatibility Thunderbirds Auth Mech TLS-Certificate - Dovecot
Hello,
it seems there there is an issue regarding TLS-Certtificate
authentication in Thunderbird and Dovecot. Obviously client certificate
is recognized by Dovecot:
Apr 25 14:29:01 dovecot dovecot: imap-login: Valid certificate:
/emailAddress=christian.fels...@example.net/CN=Christian Felsing
(Test)/OU=CF Certificates/O=example.net/C=DE
AFAIK Dovecot always requires IMAP login, even in static passdb
config. Static means arbitrary password is ok, but not no login
I hope, I am wrong, following log entry gave a hint, what Thunderbird
does or more precisely - not do:
Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth
attempts in 5 secs): user=, rip=192.168.1.99, lip=192.168.42.1, TLS,
session=3+1THN33NQBtWq5D
Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure
if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird
does several strange things on client certificates:
1st) If Dovecot is configured to request a client certificate and
Thunderbird is configured to use plain text auth, Thunderbird offers a
client certificate and login succeeds as configured in Dovecot.
Unfortunately Thunderbird uses same certificate for all configured
accounts to that host. Very bad if Dovecot reads username from
certificate attributes.
2nd) If Dovecot is configured to request a client certificate and
Thunderbird is configured to use TLS-Certificate, Thunderbird also
offers a client certificate, but Dovecot requests login from
Thunderbird. That fails, because Thunderbird assumes TLS-Certificate is
enough for successful log.
If it is true that Dovecot is not compatible to Thunderbirds way of
TLS-Certificate Authentication, I consider to set up a proxy, which
supports that way. May be Nginx would be a solution, it supports IMAP
and LUA module plus some LUA code will fake the authentication. This is
an ugly hack so I would like to avoid that, if anybody has a better
solution. Thunderbird is a very widespread IMAP client so it should not
be ignored.
best regards
Christian
---Dovecot config---
# /opt/dovecot/bin/doveconf -n
# 2.2.12: /opt/dovecot/etc/dovecot-cert/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4
auth_debug = yes
auth_debug_passwords = yes
auth_master_user_separator = *
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#
auth_username_translation = @#
base_dir = /var/run/dovecot-cert
first_valid_uid = 124
last_valid_uid = 124
listen = 192.168.42.1
log_timestamp = %Y-%m-%d %H:%M:%S
login_greeting = example.net imap4/pop3 (cert only) ready.
mail_gid = 124
mail_location = maildir:~/Maildir
mail_privileged_group = vmail
mail_uid = 124
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave imapflags notify
namespace {
list = children
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
list = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = password=test
driver = static
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
autocreate = Trash
autocreate2 = Drafts
autosubscribe = Trash
autosubscribe2 = Drafts
quota = maildir:User quota
quota_rule = *:storage=500M
quota_rule2 = Trash:storage=+100M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
}
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 4000
}
service auth-worker {
group = vmail
}
service auth {
client_limit = 8000
unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = dovecot
}
user = root
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_limit = 1024
}
service imap-postlogin {
executable = script-login /opt/cfbin/lastlogin.sh
}
service imap {
executable = imap imap-postlogin
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
process_limit = 1024
}
Re: [Dovecot] Incompatibility Thunderbirds Auth Mech TLS-Certificate - Dovecot
Am 25.04.2014 14:56, schrieb Christian Felsing: Apr 25 14:29:01 dovecot dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=, rip=192.168.1.99, lip=192.168.42.1, TLS, session=3+1THN33NQBtWq5D Dovecot wants an IMAP login, but Thunderbird does not so. I am not sure if that is a bug (or feature) of Dovecot or Thunderbird. Thunderbird does several strange things on client certificates: that is the normal behavior if you force a auth-mech on the client which the server don't announce - auth-mech and TLS certificicate are completly different worlds just configure thunderbird to use plain instead encrypted auth which means CRAM-MD5 at the end of the day, by default dovecot only offers PLAIN which is fine inside a TLS connection you can only support CRAM-MD5 with passwords stored as plain-text [root@testserver:~]$ doveconf -n | grep -i mech auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN [root@testserver:~]$ doveconf -d | grep -i mech auth_mechanisms = plain signature.asc Description: OpenPGP digital signature
[Dovecot] Trying to get DSpam+Dovecot working with Postfix and local/virtual domains
Hi,
I'm hoping that someone might be able to help, as I've been going in
circles with trying to get the right configuration done here. I'm also
not sure whether this is more of a Dovecot or DSpam question, so I'm
posting the same to both mailing lists.
My goal is to have a mail setup that is as follows:
[Incoming email] -- [Postfix] -- [Amavis] -- [DSpam] -- [Dovecot
LDA] -+---(local domain)--- /var/mail/${user}
|
+---(virtual)--- /home/vmail/${domain}/${user}@{domain}
As of right now, I have Postfix successfully feeding into Amavis,
re-injecting into Postfix with a final delivery for the local domain via
procmail, and final delivery for virtual domains via the virtual
transport into maildir (but /home/vmail/${user}@${domain})
Virtual domains are being managed by PostfixAdmin. Dovecot is running as
the IMAP server. Everything (Postfix, PostfixAdmin, Dovecot) is using a
Postgres database as backend for the dynamic maps/authentication.
The problem I've been stumbling over is trying to get DSpam to work
nicely with both a local domain and virtual domains/mailboxes, and the
same for Dovecot, as I would rather like to make use of the Sieve
functionality going forward instead of Procmail. I did have DSpam
working, but was unable to get the Dovecot antispam plugin working to
re-train based on moving mails into/out of a defined 'SPAM' folder, due
to permissions relating to how the antispam plugin was calling DSpam.
I'm really not wanting to make the local domain into a virtual mailbox
domain, because there are users on the system (for that local domain)
that already use the password in /etc/passwd for accessing the server
for other uses. While there are also people who do that who have virtual
mailbox domains, it's a far lower number.
Here's what I have so far.
Postfix 2.11.0
main.cf (via 'postconf -nf'):
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id sleep 5
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4 ipv6
local_recipient_maps = $transport_maps unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -a $EXTENSION
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = critter.net
myhostname = cornix.critter.net
mynetworks = 127.0.0.0/8, 46.4.24.15/32, [::1]/128,
[2a01:4f8:131:4263::]/64,
184.73.168.110/32, [2001:470:7:12ba::]/64
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = -
relay_domains = pgsql:$config_directory/Maps/pgsql_relay_domains_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem
smtp_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem
smtp_tls_key_file = /etc/ssl/private/smtp.critter.net.pem
smtp_tls_session_cache_database = /var/db/postfix/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem
smtpd_tls_key_file = /etc/ssl/private/smtp.critter.net.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
tls_random_source = dev:/dev/urandom
transport_maps = pgsql:$config_directory/Maps/pgsql_transport_maps.cf
unknown_local_recipient_reject_code = 450
virtual_alias_maps =
pgsql:$config_directory/Maps/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:400
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
Re: [Dovecot] ImapTest utility not compiling
* Found my error. I moved the dovecot source code after compiling it. Didn’t realize there were embedded/absolute URLS within the dovecot source tree. All I needed to do was make clean make dovecot, then imaptest compiled no problem. [Brad Hein] From: Hein, Local Administrator brad_h...@cable.comcast.commailto:brad_h...@cable.comcast.com Date: Wednesday, April 23, 2014 at 2:00 PM To: dovecot@dovecot.orgmailto:dovecot@dovecot.org dovecot@dovecot.orgmailto:dovecot@dovecot.org Subject: ImapTest utility not compiling Following the wiki instructions here: http://www.imapwiki.org/ImapTest/Installation I’ve run into a wall trying to compile the imapTest utility (dovecot compiled without any problems). I think there’s a problem in the imapTest utility? Copy/pasted compile output and attached. The gist of the problem seems to be that imaptest can’t find the dovecot headers and libraries (configure script was executed like this: ./configure --with-dovecot=/usr/src/dovecot-20140420 checkpoint.c:3:17: error: lib.h: No such file or directory checkpoint.c:4:17: error: str.h: No such file or directory and many more Based on these errors I believe there’s a compatibility problem between the current imapTest utility and dovecot. The configure script said to report errors to this email address. [Brad Hein]
[Dovecot] Help implementing username_format in auth PAM driver
While configuring my server with dovecot I noticed that the PAM
authentication driver does not support the username_format option as
does the password file driver. This didn't seem too hard to implement
so I through together a patch.
As you can see in the attached patch I only modify the username sent
to PAM. Despit doing this I run into the domain lost
issue(http://wiki2.dovecot.org/DomainLost). This prevents me from
using the domain name in my mail_location config string. What I don't
understand is why does changing the username string sent to PAM for
authentication trigger this issue? Shouldn't dovecot continue to use
the client supplied username as I am *not* changing it anywhere in my
config?
Thanks,
Lee
diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c
index cf0b3c9..5f42a5a 100644
--- a/src/auth/passdb-pam.c
+++ b/src/auth/passdb-pam.c
@@ -37,6 +37,7 @@
typedef pam_const void *pam_item_t;
#define PASSDB_PAM_DEFAULT_MAX_REQUESTS 100
+#define PASSDB_PAM_DEFAULT_USERNAME_FORMAT %u
struct pam_passdb_module {
struct passdb_module module;
@@ -47,6 +48,7 @@ struct pam_passdb_module {
unsigned int pam_setcred:1;
unsigned int pam_session:1;
unsigned int failure_show_msg:1;
+ const char *username_format;
};
struct pam_conv_context {
@@ -55,6 +57,17 @@ struct pam_conv_context {
const char *failure_msg;
};
+inline const char*
+pam_username_lookup(struct auth_request *request)
+{
+ struct passdb_module *_module = request-passdb-passdb;
+ struct pam_passdb_module *module = (struct pam_passdb_module *)_module;
+ string_t *username = t_str_new(256);
+ var_expand(username, module-username_format,
+ auth_request_get_var_expand_table(request,
auth_request_str_escape));
+ return str_c(username);
+}
+
static int
pam_userpass_conv(int num_msg, pam_const struct pam_message **msg,
struct pam_response **resp_r, void *appdata_ptr)
@@ -82,7 +95,7 @@ pam_userpass_conv(int num_msg, pam_const struct pam_message
**msg,
case PAM_PROMPT_ECHO_ON:
/* Assume we're asking for user. We might not ever
get here because PAM already knows the user. */
- string = strdup(ctx-request-user);
+ string = strdup(pam_username_lookup(ctx-request));
if (string == NULL)
i_fatal_status(FATAL_OUTOFMEM, Out of memory);
break;
@@ -240,7 +253,7 @@ static void set_pam_items(struct auth_request *request,
pam_handle_t *pamh)
host = net_ip2addr(request-remote_ip);
if (host != NULL)
(void)pam_set_item(pamh, PAM_RHOST, host);
- (void)pam_set_item(pamh, PAM_RUSER, request-user);
+ (void)pam_set_item(pamh, PAM_RUSER, pam_username_lookup(request));
/* TTY is needed by eg. pam_access module */
(void)pam_set_item(pamh, PAM_TTY, dovecot);
}
@@ -262,7 +275,7 @@ pam_verify_plain_call(struct auth_request *request, const
char *service,
ctx.request = request;
ctx.pass = password;
- status = pam_start(service, request-user, conv, pamh);
+ status = pam_start(service, pam_username_lookup(request), conv, pamh);
if (status != PAM_SUCCESS) {
auth_request_log_error(request, pam, pam_start() failed: %s,
pam_strerror(pamh, status));
@@ -331,6 +344,7 @@ pam_preinit(pool_t pool, const char *args)
{
struct pam_passdb_module *module;
const char *const *t_args;
+ const char *format = PASSDB_PAM_DEFAULT_USERNAME_FORMAT;
int i;
module = p_new(pool, struct pam_passdb_module, 1);
@@ -367,9 +381,14 @@ pam_preinit(pool_t pool, const char *args)
}
} else if (t_args[i+1] == NULL) {
module-service_name = p_strdup(pool, t_args[i]);
+ } else if (strncmp(t_args[i], username_format=, 16) == 0) {
+ format = auth_cache_parse_key(pool, t_args[i] + 16);
} else {
i_fatal(pam: Unknown setting: %s, t_args[i]);
}
}
+
+ module-username_format = format;
+
return module-module;
}
[Dovecot] Segfault in auth (when talked to by postfix lda)
Afternoon all.
I'm seeing a segfault in dovecot 2.2.12 (debian package 1:2.2.12-2). I
can log into dovecot fine with mutt, but the segfaults seem to occur
when postfix (2.11.0, debian package 2.11.0-1+b1) tries to deliver a
message.
This was working fine under 2.2.9 (I can downgrade to that and delivery works).
Can anyone help? Doveconf -n, and backtrace follow.
--
--8-- doveconf -n --
# 2.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.12-1-686-pae i686 Debian jessie/sid xfs
auth_debug = yes
auth_mechanisms = digest-md5 cram-md5 plain
info_log_path = /var/log/dovecot.info
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
log_timestamp = %Y-%m-%d %H:%M:%S
login_log_format_elements = service=%s user=%u session=%{session} method=%m
rip=%r lip=%l mpid=%e %c %k
mail_access_groups = mail users
mail_location = mdbox:/var/mail/%u/Mail
mail_max_userip_connections = 50
mail_plugins = zlib stats
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
plugin {
antispam_backend = dspam
antispam_crm_binary = /bin/false
antispam_debug_target = syslog
antispam_dspam_args = --client;--mode=teft;--deliver;--user;%u
antispam_dspam_binary = /usr/bin/dspam
antispam_pipe_program = /usr/sbin/sendmail
antispam_pipe_tmpdir = /tmp
antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move
antispam_spam_pattern_ignorecase = SPAM
antispam_trash_pattern_ignorecase = trash;Deleted *
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
stats_refresh = 30 secs
stats_track_cmds = yes
}
postmaster_address = postmas...@darac.org.uk
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
}
}
service lmtp {
inet_listener lmtp {
address = 192.168.123.254
port = 20024
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service stats {
fifo_listener stats-mail {
mode = 0600
user = vmail
}
}
ssl_cert = /etc/dovecot/mail.www.ssl-bundle.crt
ssl_key = /etc/dovecot/private/mail.www.ssl.key
userdb {
driver = passwd
}
userdb {
args = uid=vmail gid=vmail home=/var/mail/%u
driver = static
}
protocol lmtp {
mail_fsync = optimized
mail_plugins = zlib sieve
}
protocol lda {
mail_fsync = optimized
mail_plugins = zlib sieve
}
protocol imap {
mail_plugins = zlib zlib imap_zlib antispam stats imap_stats
}
8 backtrace ---
Core was generated by `dovecot/auth'.
Program terminated with signal 11, Segmentation fault.
#0 auth_fields_find_idx (fields=fields@entry=0x0, key=key@entry=0xb84ae448
uid,
idx_r=idx_r@entry=0xbfc07d0c) at auth-fields.c:44
44 auth-fields.c: No such file or directory.
(gdb) bt full
#0 auth_fields_find_idx (fields=fields@entry=0x0, key=key@entry=0xb84ae448
uid,
idx_r=idx_r@entry=0xbfc07d0c) at auth-fields.c:44
i = optimized out
count = optimized out
#1 0xb77bed33 in auth_fields_add (fields=0x0, key=key@entry=0xb84ae448 uid,
value=value@entry=0xb84a6312 1120, flags=flags@entry=(unknown: 0)) at
auth-fields.c:68
field = optimized out
idx = 3091882770
__FUNCTION__ = auth_fields_add
#2 0xb77bb03b in auth_request_set_userdb_field
(request=request@entry=0xb84b9218,
name=0xb84ae448 uid, value=0xb84a6312 1120) at auth-request.c:1605
uid = optimized out
gid = optimized out
#3 0xb77d2fb5 in userdb_template_export (tmpl=0xb84ae410,
auth_request=auth_request@entry=0xb84b9218) at userdb-template.c:83
table = 0xb84a6110
str = 0xb84a5ff0
value = optimized out
i = 0
count = 6
__FUNCTION__ = userdb_template_export
#4 0xb77d230a in static_lookup_real
(auth_request=auth_request@entry=0xb84b9218,
callback=0xb77ba9b0 auth_request_userdb_callback) at userdb-static.c:32
_module = optimized out
module = optimized out
#5 0xb77d23ae in static_credentials_callback (result=PASSDB_RESULT_OK,
credentials=0xb84b5bb7 Mananozu, size=8, auth_request=0xb84b9218) at
userdb-static.c:52
ctx
[Dovecot] Assert Crash with HG 49e9d9743f6e
New crash most likely related to Virtual plugin again: Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Panic: file mail-storage.c: line 1836 (mailbox_transaction_begin): assertion failed: (box-opened) Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6bc0f) [0x7fdfce48ac0f] - /usr/lib/dovecot/libdovecot.so.0(+0x6bc6e) [0x7fdfce48ac6e] - /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fdfce4442ce] - /usr/lib/dovecot/libdovecot-storage.so.0(+0x82299) [0x7fdfce777299] - /usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0x9f1b) [0x7fdfccc2df1b] - /usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0x564) [0x7fdfccc2eb84] - /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x33) [0x7fdfce776e53] - /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync+0x27) [0x7fdfce776f77] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](cmd_select_full+0x173) [0x412c13] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](command_exec+0x3c) [0x41839c] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x417400] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x4174ba] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](client_handle_input+0x115) [0x417775] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](client_input+0x72) [0x417b22] - /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x4e) [0x7fdfce49b9fe] - /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd7) [0x7fdfce49c9f7] - /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x7fdfce49ba89] - /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fdfce49bb08] - /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fdfce449673] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE](main+0x298) [0x40c128] - /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fdfce0b2ead] - dovecot/imap [t...@leuxner.net 95.223.79.50 EXAMINE]() [0x40c28d] Apr 26 07:40:40 spectre dovecot: imap(t...@leuxner.net): Fatal: master: service(imap): child 31334 killed with signal 6 (core not dumped) Disabling virtual prevents Dovecot from crashing. signature.asc Description: Digital signature
