IMAP sessions quit when calling MYRIGHTS on shared namespace
Hi,
the IMAP connection is dropped, when I call MYRIGHTS on the root of my
shared folders.
Using the configuration below, the shared folders are located in shared/%%U/
# telnet localhost imap
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
. LOGIN XXX
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY
MOVE QUOTA ACL RIGHTS=texk] Logged in
. MYRIGHTS shared
Connection closed by foreign host.
I'd expect some kind of error message instead of dropping the connection.
Kind regards,
Franz
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_master_user_separator = *
auth_verbose = yes
debug_log_path = /var/log/dovecot_debug.log
default_client_limit = 3500
disable_plaintext_auth = no
import_environment = TZ DOVECOT_HOSTNAME
lmtp_rcpt_check_quota = yes
mail_gid = vmail
mail_location = mdbox:~/mail
mail_plugins = acl quota zlib mail_log notify
mail_uid = vmail
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body environment
mailbox date ihave duplicate vacation-seconds imapflags notify
mbox_write_locks = fcntl
namespace {
list = children
location = mdbox:%%h/mail
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
hidden = yes
list = no
location = pop3c:
prefix = POP3-MIGRATION-NS/
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = no
special_use = \Trash
}
prefix = INBOX/
separator = /
subscriptions = yes
}
namespace parent {
hidden = yes
list = no
location =
prefix =
separator = /
subscriptions = yes
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/spool/imap/dovecot-shared-mailboxes
mail_log_events = delete undelete expunge copy save mailbox_create
mailbox_delete mailbox_rename
pop3_migration_mailbox = POP3-MIGRATION-NS/INBOX
quota = dict:user::file:%h/mail/dovecot-quota
quota_exceeded_message = Empfaenger Postfach ist voll (Mailbox Quota
Exceeded)
quota_grace = 50M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/sieve/active
sieve_before = /etc/dovecot/sieve_before/movespamfolder.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify -enotify +imapflags +vacation-seconds
sieve_max_actions = 1000
sieve_max_redirects = 1000
sieve_vacation_max_period = 0
sieve_vacation_min_period = 0
zlib_save = gz
zlib_save_level = 6
}
pop3_no_flag_updates = yes
pop3_uidl_format = %v.%u
pop3c_host = pop3.example.com
pop3c_master_user = master
pop3c_password = secret
protocols = imap pop3 lmtp sieve
service anvil {
unix_listener anvil-auth-penalty {
mode = 00
}
}
service auth {
unix_listener auth-userdb {
mode = 0777
}
}
service imap-login {
process_limit = 3000
process_min_avail = 16
service_count = 0
}
service imap {
process_limit = 10240
}
service lmtp {
inet_listener lmtp {
port = 26
}
}
service managesieve-login {
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
service_count = 0
}
service pop3 {
process_limit = 10240
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
}
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
syslog_facility = local0
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = acl quota zlib mail_log notify sieve
}
protocol doveadm {
mail_plugins = acl quota zlib mail_log notify pop3_migration
}
protocol lda {
mail_plugins = acl quota zlib mail_log notify sieve
}
protocol imap {
mail_max_userip_connections = 3789
mail_plugins = acl quota zlib mail_log notify imap_acl imap_quota
}
--
Franz Knipp, +43 664 3980169
qnipp GmbH, Hauptstraße 54, 7064 Oslip, Österreich
http://qnipp.com http://qnipp.com/qnipp.vcf
Re: IMAP sessions quit when calling MYRIGHTS on shared namespace
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 25 Jun 2014, Franz Knipp wrote: the IMAP connection is dropped, when I call MYRIGHTS on the root of my shared folders. Using the configuration below, the shared folders are located in shared/%%U/ # telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. . LOGIN XXX . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in . MYRIGHTS shared Connection closed by foreign host. I'd expect some kind of error message instead of dropping the connection. Did you've looked in your server log? You most likely got an abort or something like that. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU6p4l3z1H7kL/d9rAQIjWggAhrG+WjBhofpruWi+G9zVBjnjm18TiSvS l/Cfz6vfapk502QCvjgiQ0+OT3FUEqZvwUpu9FGlW537u+WCkJG8fmCpwrgSg7A+ jzW0Vhhszz6P7OCThEtSBypys3QFd71nuK7w20qtNEnKihErDqFiLwKd+HwzIObn vgx4F4kFnaclHZeq/i5HksmCNKVTFMqiQ9BbI4GL+EoYPBuTXkWxHofl/ukemlFw Uk9KdEqYDimfV3FWFHWF9jNEd4PypwVxWEJFeIoR2Ir1f0Tflpd5UqIvA7xqOjXg EbVRq2xT+FoNis9XeVeXEQRj0UlfTl45Z2o6Sa+PIsL+Fp4ig6iLRg== =xc2E -END PGP SIGNATURE-
Re: IMAP sessions quit when calling MYRIGHTS on shared namespace
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 2014-06-25 09:21, schrieb Steffen Kaiser: the IMAP connection is dropped, when I call MYRIGHTS on the root of my shared folders. Did you've looked in your server log? You most likely got an abort or something like that. You're right. So I enabled core dumps, this is the backtrace: #0 0x7f6857da81c2 in acl_mailbox_get_aclobj (box=value optimized out) at acl-mailbox.c:29 #1 0x7f6857b97f33 in cmd_myrights (cmd=0x13ca1f0) at imap-acl-plugin.c:331 #2 0x0041709d in command_exec (cmd=0x13ca1f0) at imap-commands.c:158 #3 0x00416150 in client_command_input (cmd=0x13ca1f0) at imap-client.c:778 #4 0x0041624a in client_command_input (cmd=0x13ca1f0) at imap-client.c:839 #5 0x004164bd in client_handle_next_command (client=0x13c97d0) at imap-client.c:877 #6 client_handle_input (client=0x13c97d0) at imap-client.c:889 #7 0x0041682f in client_input (client=0x13c97d0) at imap-client.c:931 #8 0x7f68589e62ee in io_loop_call_io (io=0x13ca100) at ioloop.c:441 #9 0x7f68589e7497 in io_loop_handler_run_internal (ioloop=value optimized out) at ioloop-epoll.c:220 #10 0x7f68589e6379 in io_loop_handler_run (ioloop=0x13a4730) at ioloop.c:488 #11 0x7f68589e63f8 in io_loop_run (ioloop=0x13a4730) at ioloop.c:465 #12 0x7f68589935d3 in master_service_run (service=0x13a45c0, callback=value optimized out) at master-service.c:566 #13 0x00420088 in main (argc=1, argv=0x13a4390) at main.c:400 Hope this helps. - -- Franz Knipp, +43 664 3980169 qnipp GmbH, Hauptstraße 54, 7064 Oslip, Österreich http://qnipp.com http://qnipp.com/qnipp.vcf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOqlN8ACgkQGRK+JW9GubbFiQCeMG711IR+4RayIpWq3KTpLCgk W7EAoIu1hcYA5TG9I/y3VvYqOQHQX1TH =jq3j -END PGP SIGNATURE-
Remove all messages in a mailbox
Hi All, I am having trouble removing all messages in a mailbox. The command below doesn't remove all the messages: doveadm expunge -u user@domain mailbox '*' all Do I need to add .* or other? THanks Murray
Re: Remove all messages in a mailbox
Hi, we use namespace with prefix = INBOX. When we need to remove all messages in mailbox we need to run this commands: doveadm expunge -u user@domain mailbox INBOX ALL doveadm expunge -u user@domain mailbox INBOX.* ALL The first remove mailboxes in inbox and the second in other subfolders. And in case you use dbox format: doveadm purge -u user@domain On Wed, 25 Jun 2014 17:57:21 +0800 Murray Trainer mtrai...@westnet.com.au wrote: Hi All, I am having trouble removing all messages in a mailbox. The command below doesn't remove all the messages: doveadm expunge -u user@domain mailbox '*' all Do I need to add .* or other? THanks Murray -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE *** signature.asc Description: PGP signature
sievec drops privileges unexpectedly
(Please keep me CC'd, I'm not subscribed)
Hi folks,
I'm using dovecot 2.1.7 (from Debian stable) with sieve. I have default
sieve script configured, which lives in /etc/dovecot/sieve. I use
dovecot-lda running under the virtual-mail user, which does not have
write access to the /etc/dovecot/sieve directory.
Now, when a mail gets delivered, I get the following message in my
logs.
Jun 25 14:29:43 mail dovecot: lda(2001): Error: sieve: binary save: failed to
create temporary file:
open(/etc/dovecot/sieve/default.svbin.mail.local.18902.) failed: Permission
denied (euid=2009(virtual-mail) egid=2009(virtual-mail) missing +w perm:
/etc/dovecot/sieve, dir owned by 0:0 mode=0755)
Jun 25 14:29:43 mail dovecot: lda(2001): Error: sieve: the lda sieve plugin
does not have permission to save global sieve script binaries; global sieve
scripts like /etc/dovecot/sieve/default need to be pre-compiled using the
sievec tool
Due to the lack of permissions, this is of course expected. However, when I
then try to precompile the script using sievec, that also fails:
# sievec /etc/dovecot/sieve/default
sievec(root): Error: sieve: binary save: failed to create temporary file:
open(/etc/dovecot/sieve/default.svbin.mail.local.18952.) failed: Permission
denied (euid=2009(virtual-mail) egid=2009(virtual-mail) missing +w perm:
/etc/dovecot/sieve, dir owned by 0:0 mode=0755)
So, apparently sievec drops privileges to the virtual-mail user. Why does this
happen? It seems kind of counter-productive - I don't see a way to properly run
sievec as root now? How is this supposed to work?
Now I wrote this, I realized that it might be related that I have
specified mail_uid and mail_gid globally in my dovecot.conf file.
Perhaps those are intended to only be put inside the protocol imap and
protocol lda blocks? This would mean duplicating of this bit of
configuration, which doesn't really sound nice.
Gr.
Matthijs
PS, here's my dovecot -n output:
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.10-1-amd64 x86_64 Debian 7.5
log_timestamp = %Y-%m-%d %H:%M:%S
mail_access_groups = spamd-access
mail_debug = yes
mail_gid = virtual-mail
mail_location = Maildir:~/Folders:INBOX=~/INBOX:LAYOUT=fs
mail_uid = virtual-mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
antispam_backend = pipe
antispam_pipe_program = /usr/bin/spamc
antispam_pipe_program_args = --socket=/var/run/spamd.socket
antispam_pipe_program_notspam_arg = --learntype=ham
antispam_pipe_program_spam_arg = --learntype=spam
antispam_spam = Spam
antispam_trash_pattern_ignorecase = trash;Deleted *;Prullenbak;Verwijderde *
sieve = ~/sieve
sieve_dir = ~/sieve.d
sieve_global_path = /etc/dovecot/sieve/default
}
protocols = imap sieve
service auth {
unix_listener auth-client {
group = Debian-exim
mode = 0600
user = Debian-exim
}
unix_listener auth-master {
group = virtual-mail
mode = 0600
user = virtual-mail
}
user = nobody
}
ssl_cert = ssl/mail.tikatika.nl.crt-chain
ssl_key = ssl/mail.tikatika.nl.key
userdb {
args = home=/data/mail/%u allow_all_users=yes uid=virtual-mail
gid=virtual-mail
driver = static
}
protocol imap {
mail_plugins = antispam
}
protocol lda {
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_plugins = sieve
postmaster_address =
}
signature.asc
Description: Digital signature
Re: sievec drops privileges unexpectedly
Hi Matthijs, Matthijs Kooijman schreef op 25-6-2014 14:53: Now I wrote this, I realized that it might be related that I have specified mail_uid and mail_gid globally in my dovecot.conf file. Perhaps those are intended to only be put inside the protocol imap and protocol lda blocks? This would mean duplicating of this bit of configuration, which doesn't really sound nice. PS, here's my dovecot -n output: # 2.1.7: /etc/dovecot/dovecot.conf This is a very old and obsolete version. This problem was fixed almost two years ago: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/cfe8e9f49dfe This was released in Pigeonhole v0.3.2 for Dovecot v2.1.9. Regards, Stephan.
Re: sievec drops privileges unexpectedly
Hey Stephan, # 2.1.7: /etc/dovecot/dovecot.conf This is a very old and obsolete version. This problem was fixed almost two years ago: Ah, cool. This is what Debian/stable ships, so I'll probably stick to this version for a while. Good to hear it's already fixed, then I'll just work around the issue for now :-) Thanks, Matthijs signature.asc Description: Digital signature
question on lmtp logged message
Hi, I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. It's working just fine, absolutely no problem on that, setup is fine. Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=vanilson.parre...@domain.com.br, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 vanilson.parre...@domain.com.br Message was expunged (received-date) (in reply to end of DATA command)) (successfull delivery) Jun 25 12:34:42 correio postfix/lmtp[6411]: ADB0A1AC05108: to=vanilson.parre...@domain.com.br, relay=correio.domain.com.br[private/dovecot-lmtp], delay=2716, delays=2714/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 vanilson.parre...@domain.com.br U7pOLAHsqlPvMgAAHvf8vg Saved) During these two log entries, absolutely nothing was changed, no configuration, absolutely nothing. Everything is local, i mean, no NFS involved. So, finally, question is: what does the 'message was expunged' message given from LMTP means ??? This is happening quite often but, as i mentionted, sooner or later all messages are getting delivered. It's working despite the delay this is causing. [root@correio log]# dovecot --version 2.2.13 -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Managing users and home dirs
Just a quick update on the below ... The 3-node setup is working cleanly now. One master/backup DB node, two dovecot nodes, using Percona Xtradb Cluster 5.5. All replication (percona and dovecot dsync) is via ipsec tunnels. Adding a user or new domain is a matter of creating a /var/mail/newusers.txt file, containing the list of users to be added. john,doe.com,password,John Doe user A cronjob on both dovecot nodes scans the user database and the /var/mail dirs. For any new users in the file it adds them to the DB and creates their userdir/Maildir. Any new user in the DB without a userdir, it creates their userdir/Maildir. So it's a max of 5 minutes for a new user to be available on node1, and another 5 minutes to be replicated to node2. Once the users are created, the newusers.txt file is deleted. It would be nice to use a database trigger to create the userdir/Maildir immediately rather than the cronjob, but I haven't got that figured out yet. I found the lib_mysqludf_sys UDF library, but it doesn't seem to be working. Some issue with the db replication I think. Any ideas for creating a directory from a mysql trigger ? On 2014-06-21 11:12, deano-dove...@areyes.com wrote: For those of you using virtual users, and SQL, how are you managing your users and their home dirs ? That is, what process do you use for adding/deleting users, creating their home dirs etc ? I suppose it's easy enough to do manually, inserting rows in the database, creating dirs, chown/chmod yada yada, but there must be a better way to do it ... If you're doing dovecot replication then it gets even more cumbersome, having to duplicate the effort in two places (and make sure it's correct). I have a nice test setup using Percona XtraDB Clustering in a 3-node cluster which works swimmingly, albeit in VMs only at the moment. A master DB node and two dovecot nodes. Dovecot replication is up and running nicely too, and I almost have all the communications going over ipsec tunnels, so it will be nice and secure. D.
imap/pop3/lmtp proxy question/problem
Dear list,
We are finally back to our task of migrating from cyrus to dovecot.
dovecot mostly does what we want in terms of POP3/IMAP server. Now we
are preparing for migration. The plan is to use dovecot as proxy for
not-yet migrated accounts. This works wonderfully for IMAP but not for
LMTP. Here's what I find in the logs when I try to deliver e-mail to
the dovecot lmtp port:
Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: none: root=, index=,
indexpvt=, control=, inbox=, alt=
Jun 25 19:03:06 klee dovecot: lmtp(5037): Connect from IP-address
Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: user USER: Auth PASS
lookup returned temporary failure: reason=Configured passdbs don't
support crentials lookups
Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: auth input:
reason=Configured passdbs don't support crentials lookups
Delivery works fine without proxy (lmtp_proxy = no). What I would need
to do is to configure the proxy part so that POP3/IMAP uses the accounts
username/password and LMTP uses a special account to deliver e-mail.
This is dovecot-ldap.auth (the =proxy=y will be replaced by a field from
ldap once the tests work):
uris = ldaps://our.ldap.server/
tls = no
auth_bind = yes
base = dc=mur,dc=at
deref = never
scope = subtree
user_attrs = =home=/srv/vmail/mail/%Lu,=uid=999,=gid=999
user_filter = ((objectClass=posixAccount)(uid=%u))
pass_attrs =
uid=user,userPassword=password,=proxy=y,=host=our.imap.server,=starttls=yes
iterate_attrs = uid=user
iterate_filter = (objectClass=posixAccount)
dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid
auth_verbose = yes
disable_plaintext_auth = no
lmtp_proxy = yes
login_greeting = Dovecot is spitze!
mail_debug = yes
mail_location = maildir:/srv/vmail/mail/%u
mail_plugins = acl
namespace {
hidden = no
inbox = no
list = children
location = maildir:/srv/vmail/mail/%%u:INDEX=/srv/vmail/mail/%u/shared/%%u
prefix = shared.%%u.
separator = .
subscriptions = yes
type = shared
}
namespace inbox {
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
separator = .
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap lmtp pop3
service auth {
unix_listener auth-userdb {
group = vmail
user = vmail
}
}
service lmtp {
inet_listener lmtp {
address = 172.16.16.78
port = 24
}
user = vmail
}
ssl_cert = /etc/dovecot/server.pem
ssl_key = /etc/dovecot/private/server.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = acl quota sieve
postmaster_address = postmas...@mur.at
}
protocol imap {
mail_plugins = acl imap_acl
}
Regards,
--
j.hofmüller
Gerüchtegenerator http://plagi.at/geruecht
signature.asc
Description: OpenPGP digital signature
