Re: Quota issue with mailbox.

2014-12-09 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 10 Dec 2014, Grant Pasley wrote:

i use imapsync to transfer mail from another imap server to this one, the 
total user mailbox size is 18gb. dovecot lda tells me mailbox is full even 
though i have set mailbox to unlimited.


*the the error is:*  Dec  9 19:17:01 sentinel dovecot: 
lda(gr...@xxx.com): 
msgid=: rejected: 
Quota exceeded (mailbox for user is full)


*[root@sentinel dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-mysql.conf*
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, concat('/home/vmail/', 
maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as 
userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username 
= '%u' AND active = '1'
user_query = SELECT concat('/home/vmail/', maildir) as home, 
concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, 
CONCAT('*:messages=1:bytes=', quota) as quota_rule FROM mailbox WHERE


a) you have not set the quota to unlimited, you still limit to 10'000 
messages.


b) what does
doveadm quota get -u gr...@xxx.com
say? Maybe your quota database is out of sync, try:
doveadm quota recalc -u 

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVIfvKnz1H7kL/d9rAQLAiAgAyl6A4HAXNWZt9D26ZJ24O58/0t1vTt85
WO8YHwZbg32NqMTVY5nU/rIo1P+5ETq/NaEYfVQ+ip+W+M7OE5SXymNGMmM82OIz
ly6L71T4CZi6iPn0nWdIuO6hUgg8kIUPD4eU8CHIwjB4E1gAoKn3+BXXAa7TFhHY
YJKNV7pF7Ema1iGkm7stplpM4/E8ppPeuWnof8BgYAg9vky3yxBAxi3qha40BGP4
hNePgmVUBKl/9bxRmytiUrZVIUQW3NCqwj0L5rQJ3I0BfbW0TjhwnJxUg7HaOSS/
ckO9wkVeolccq6T6b5lPGkWfOvCej8mYdPm8wu/a+/2j+kB/7Nomag==
=kn0X
-END PGP SIGNATURE-

Re: Sieve permissions issue following update

2014-12-09 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 9 Dec 2014, David Gessel wrote:


Global scripts were compiled:

/usr/local/etc/dovecot/sieve # ls
10-move-spam.sieve  10-move-spam.svbin



However, I ran sievec again and tried saving a modified script and got the same:


Actually this "ls" output and the last sentence does not indicate that the 
Sieve script had been compiled: a) after changing 10-move-spam.sieve _and_ 
b) after the upgrade with the new Sieve tools.


Did _you_ _manually_ run:

cd /usr/local/etc/dovecot/sieve
rm 10-move-spam.svbin
sievec -D 10-move-spam.sieve

? And, is the sievec command displaying the Pigeonhole version you have 
installed?



 Original Message 
Subject: Re: Sieve permissions issue following update
From: Pascal Volk 
To: Dovecot Mailing List 
Date: Tue Dec 09 2014 20:45:00 GMT+0300 (Arabic Standard Time)


On 12/09/2014 05:35 PM, David Gessel wrote:

I recently updated dovecot and my sieve filters stopped working.  Checking the 
logs I see:

Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: binary 
save: failed to create temporary file: 
open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) 
failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: 
/usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 
mode=0775)

Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: The LDA 
Sieve plugin does not have permission to save global Sieve script binaries; 
global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' 
need to be pre-compiled using the sievec tool


As mentioned in the error message from your logs and in the wiki
:

To mitigate this problem, the administrator must manually
pre-compile global scripts using the sievec command line tool.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVIftyXz1H7kL/d9rAQLoLwf/bA1r7DR5AVxBUYT2R54eM8yALRJL3PLJ
IfZzIAaqeoZj5JtKR84F3ApDpLRYaLw2juXeEAELV+2GJXThDIEyLzbkhA3xwPOb
TViaaN1Htz3H+Scz3MDC/fxGAiNGNENGNj1GP4VJGM7DibrDOcd/pxePJjBvdKFS
YzhYxAng94UZqy23CZRvsbZiHnsh1ph2C3yXhxES3Ycvgg/ETBIz98DVTfJ74b4J
AEEUVnKIefWGun+WxWNgyI+p/aOSE3PyrHhmZx5ttgHhqU8KnmiKpWMaTUlpUmVb
U5ddZndFIERBfuDaGUdMsW0sDORJ/XswF6O/Gp3UF4NbFmNGQv8MZg==
=k9Fz
-END PGP SIGNATURE-

Re: devoid mailbox status for mail reloaded from a tape backup

2014-12-09 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 9 Dec 2014, Stephen Lidie wrote:

On Dec 9, 2014, at 11:00 AM, Steffen Kaiser  
wrote:
On Tue, 9 Dec 2014, Stephen Lidie wrote:

On Dec 9, 2014, at 2:34 AM, Steffen Kaiser  
wrote:
On Mon, 8 Dec 2014, Stephen Lidie wrote:



For me this is working, too:

doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \
-u user1 all INBOX


Eureka!! The magic incantation snippet I was seeking :) I had tried, variously, 
placing this simple string:


"mail_location=mdbox:/home/RESTORE/homeb/userName/mail:INDEX=/home/RESTORE/var/dovecot/index/userName"



So, where exactly did I fail to find -o documented?


http://wiki2.dovecot.org/Tools/Doveadm
- -o is a global option.

Dovecot v2.2.15: man doveadm
/-o
:-)

man doveadm|egrep -i '\-o'
   -o setting=value
  ple settings, the -o option may be specified multiple times.

However, I always wonder about the quoting [different shells behave 
differently] and would use:


man doveadm|egrep -i -- -o

===

Actually, I remember a post of Timo each time such question comes up. And 
this time I dug it up in the man pages.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVIfraHz1H7kL/d9rAQISHwf/SM1vlpIaYPmkm7yflIUi6HiNlsLLSvvO
9mE5eo4AZ3d+lmfR4eb5FCYtylkGdI9Uekji9vVJ/3xYEiZWt39/ju6IA15zhajS
zR71E59wa4Df49kRkB5OKAhsaWw60Dcxtb3+wQ1gdxglT6RsabwSGlQjOcGGoQtT
0RwsQXMCdfmjRpx1Xrp/fQn3iFQLMw2TyzAfwWpREy2MBnElyjknYCCKsXDYC8XY
l+XpnamxLbJuJOB2itJtGpwrCugVaoLMQoqpM3EeG/2/SXiic98AvMFxnHlcsQmy
JjLLE1Ki2f+bpKHtDgEz7CVHMIDR0EU1aUc2Tojb5D2aIVmWkjtf9A==
=dzCo
-END PGP SIGNATURE-

Renaming directories with subdirectories over IMAP

2014-12-09 Thread Зинин Дмитрий Андреевич 
Hi,

I¹ve a problem with renaming directories with subdirectories.

In root directory I create directory named ³lvl1² with subdirectory ³lvl2²

When I rename directory lvl1 to lvl1-new I get:
1. /lvl1-new with subdir lvl2 but I can use only /lvl1-new and not
/lvl1-new/lvl2 
2. /lvl1 with subdir lvl2 but I can use only /lvl1/lvl2 and not /lvl1

Is it a feature or a bug?

If bug is there a fix?

PS: CentOS 6.6 and Dovecot 2.0.9-7 from official repository with all
updates.

Best regards,
Dmitriy

Quota issue with mailbox.

2014-12-09 Thread Grant Pasley 

good morning,

i am experiencing an issue with a quot limits with a new install of 
dovecot with mysql integration. quotas are set to 0 (unlimited) and show 
as such in the mysql database as well as via the postfixadmin frontend.
i use imapsync to transfer mail from another imap server to this one, 
the total user mailbox size is 18gb. dovecot lda tells me mailbox is 
full even though i have set mailbox to unlimited.


*the the error is:*  Dec  9 19:17:01 sentinel dovecot: 
lda(gr...@xxx.com): 
msgid=: 
rejected: Quota exceeded (mailbox for user is full)


*[root@sentinel dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-mysql.conf*
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, 
concat('/home/vmail/', maildir) as userdb_home, 
concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as 
userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND 
active = '1'
user_query = SELECT concat('/home/vmail/', maildir) as home, 
concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, 
CONCAT('*:messages=1:bytes=', quota) as quota_rule FROM mailbox 
WHERE username = '%u' AND active = '1'



*[root@sentinel dovecot]# dovecot -n*
*# 2.0.9: /etc/dovecot/dovecot.conf*
*# OS: Linux 2.6.32-504.1.3.el6.x86_64 x86_64 CentOS release 6.6 (Final) 
ext4*

auth_mechanisms = plain login
dict {
  quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf
}
first_valid_gid = 12
first_valid_uid = 101
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lmtp_save_to_detail_mailbox = yes
mail_location = maildir:/home/vmail/%d/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date

passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
plugin {
  acl = vfile:/etc/dovecot/acls
  quota = dict:user::proxy::quotadict
  sieve = ~/dovecot.sieve
  sieve_before = /home/sieve/globalfilter.sieve
  sieve_dir = ~/sieve
  sieve_max_script_size = 1M
  trash = /etc/dovecot/trash.conf
}
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-userdb {
group = mail
mode = 0666
user = vmail
  }
}
service dict {
  unix_listener dict {
group = mail
mode = 0666
user = vmail
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service imap {
  vsz_limit = 256 M
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
service pop3-login {
  inet_listener pop3 {
port = 110
  }
  inet_listener pop3s {
port = 995
ssl = yes
  }
}
ssl_cert = http://www.avast.com

Re: Sieve permissions issue following update

2014-12-09 Thread David Gessel 


 Original Message 
Subject: Re: Sieve permissions issue following update
From: Pascal Volk 
To: Dovecot Mailing List 
Date: Wed Dec 10 2014 00:00:04 GMT+0300 (Arabic Standard Time)

> On 12/09/2014 07:50 PM, David Gessel wrote:
>> It has been running flawlessly for quite some time until the update.  
>>
>> Global scripts were compiled:
>>
>> /usr/local/etc/dovecot/sieve # ls
>> 10-move-spam.sieve  10-move-spam.svbin
>>
>> However, I ran sievec again and tried saving a modified script and got the 
>> same:
>>
>> shiofuki dovecot: lda(ges...@blackrosetech.com): Error: sieve: binary save: 
>> failed to create temporary file: 
>> open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.)
>>  failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w 
>> perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 
>> 143:6 mode=0775)
>> Dec  9 11:30:39 shiofuki dovecot: lda(ges...@blackrosetech.com): Error: 
>> sieve: The LDA Sieve plugin does not have permission to save global Sieve 
>> script binaries; global Sieve scripts like 
>> `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled 
>> using the sievec tool
>>
>>
>> I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have 
>> any significance.
>>
>> Compiling with sievec shouldn't change the permission error, which I still 
>> don't understand.
>>
>>
>>> [TOFU snipped}
> 
> /usr/local/etc/dovecot/sieve is not the user's sieve_dir; see
> .
> 
> The GLOBAL sieve scripts (see your error message above) is manged by the
> system administrator. Adnmins are using their favorite $EDITOR, the
> chmod(1) and chown(1) commands. They don't need a ManageSieve client.
> 

Pascal, 

Thank you very much for your prompt assistance.  I apologize that I haven't 
been able to use your advice to sort out the issues, but I'm either not getting 
it or it is tangential to the problem I'm having.  I apologize if I haven't 
provided enough information.

90-sieve.conf's specification of those file locations for global and user 
scripts (relevant lines from the config below):

 sieve = ~/.dovecot.sieve
 sieve_dir = ~/sieve
 #sieve_global_dir =
 sieve_before = /usr/local/etc/dovecot/sieve/

I brought up the plugin only because only two things have touched any part of 
the dovecot/sieve configuration between "working" and "not working" states:

- An update using portmaster to dovecot2-2.2.15_1/dovecot-pigeonhole-0.4.6 and 
- an edit via the Sieve plugin/Managesieve.  

One of the two has broken sieve. Unfortunately I did take note of the last 
working version of dovecot/dovecot-pigeonhole, but it could not be more than a 
few months old as I update ports fairly regularly and my last buildworld wasn't 
that long ago.

It is consistent with the errors and my understanding that user scripts are not 
the likely culprit: I included the information for the sake of completeness, 
which can now be dismissed.  Moving back to the logged warnings:

Error: sieve: binary save: failed to create temporary file: 
open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.)
 failed:

- this seems to me to indicate that sieve tried to write 
"10-move-spam.svbin.shiofuki.blackrosetech.com.96421" in the directory 
/usr/local/etc/dovecot/sieve/

Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: 
/usr/local/etc/dovecot/sieve

- I read this as sieve determining that "vmail" is not permitted to write to 
/usr/local/etc/dovecot/sieve

we're not in group 6(mail), dir owned by 143:6 mode=0775)

- and giving a very helpful bit of advice that "we're" not in group 6(mail) - 
which I'm reading as "vmail" not being in group "mail" - and that the target 
directory is owned by 143:6 0775.  The latter is consistent with the OS's 
reporting of the directory:

drwxrwxr-x   2 dovecot  mail  4B Dec  9 11:27 sieve

from /etc/group
mail:*:6:postfix,clamav,vscan,dovecot,vmail,spamd
dovecot:*:143:

IF I'm reading "we're" as "vmail" correctly, this is incorrect ("we're not in 
group 6(mail)).  vmail IS in group "mail" and group "mail" does have write 
permissions to /usr/local/etc/dovecot/sieve/
(group is rwx).  Perhaps "we're" now refers to another user?  I see from top (I 
realize this is unlikely):

96387 dovenull   1  200 29120K  6080K kqread  7   0:00   0.00% 
managesieve-login

As for the error 

dovecot: lda(ges...@blackrosetech.com): Error: sieve: The LDA Sieve plugin does 
not have permission to save global Sieve script binaries; global Sieve scripts 
like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled 
using the sievec tool

The reported error is consistent with the previous - a newly minted permission 
problem that seems to have come with the update.  In this case the advice given 
about precompiling global scripts seems misplaced.  The script is compiled, as

Re: Sieve permissions issue following update

2014-12-09 Thread Pascal Volk 
On 12/09/2014 07:50 PM, David Gessel wrote:
> It has been running flawlessly for quite some time until the update.  
> 
> Global scripts were compiled:
> 
> /usr/local/etc/dovecot/sieve # ls
> 10-move-spam.sieve  10-move-spam.svbin
> 
> However, I ran sievec again and tried saving a modified script and got the 
> same:
> 
> shiofuki dovecot: lda(ges...@blackrosetech.com): Error: sieve: binary save: 
> failed to create temporary file: 
> open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.)
>  failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w 
> perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 
> 143:6 mode=0775)
> Dec  9 11:30:39 shiofuki dovecot: lda(ges...@blackrosetech.com): Error: 
> sieve: The LDA Sieve plugin does not have permission to save global Sieve 
> script binaries; global Sieve scripts like 
> `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled 
> using the sievec tool
> 
> 
> I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have 
> any significance.
> 
> Compiling with sievec shouldn't change the permission error, which I still 
> don't understand.
> 
> 
>> [TOFU snipped}

/usr/local/etc/dovecot/sieve is not the user's sieve_dir; see
.

The GLOBAL sieve scripts (see your error message above) is manged by the
system administrator. Adnmins are using their favorite $EDITOR, the
chmod(1) and chown(1) commands. They don't need a ManageSieve client.


Regards,
Pascal
-- 
The trapper recommends today: fabaceae.1434...@localdomain.org

Re: Sieve permissions issue following update

2014-12-09 Thread David Gessel 
It has been running flawlessly for quite some time until the update.  

Global scripts were compiled:

/usr/local/etc/dovecot/sieve # ls
10-move-spam.sieve  10-move-spam.svbin

However, I ran sievec again and tried saving a modified script and got the same:

shiofuki dovecot: lda(ges...@blackrosetech.com): Error: sieve: binary save: 
failed to create temporary file: 
open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.shiofuki.blackrosetech.com.96421.)
 failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: 
/usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 
mode=0775)
Dec  9 11:30:39 shiofuki dovecot: lda(ges...@blackrosetech.com): Error: sieve: 
The LDA Sieve plugin does not have permission to save global Sieve script 
binaries; global Sieve scripts like 
`/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled using 
the sievec tool


I use Thomas Schmid's Sieve 0.2.3d add on to Thunderbird, if that might have 
any significance.

Compiling with sievec shouldn't change the permission error, which I still 
don't understand.




 Original Message 
Subject: Re: Sieve permissions issue following update
From: Pascal Volk 
To: Dovecot Mailing List 
Date: Tue Dec 09 2014 20:45:00 GMT+0300 (Arabic Standard Time)

> On 12/09/2014 05:35 PM, David Gessel wrote:
>> I recently updated dovecot and my sieve filters stopped working.  Checking 
>> the logs I see:
>>
>> Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: 
>> binary save: failed to create temporary file: 
>> open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.)
>>  failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w 
>> perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 
>> 143:6 mode=0775)
>>
>> Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: The 
>> LDA Sieve plugin does not have permission to save global Sieve script 
>> binaries; global Sieve scripts like 
>> `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled 
>> using the sievec tool
>>
>>
> 
> As mentioned in the error message from your logs and in the wiki
> :
> 
>   To mitigate this problem, the administrator must manually
>   pre-compile global scripts using the sievec command line tool.
> 
> 
> Regards,
> Pascal
>

Re: Required SSL with exceptions

2014-12-09 Thread Pascal Volk 
On 12/09/2014 06:02 PM, dove...@outputservices.com wrote:
> 
> What is the syntax for login_trusted_networks?  The docs and WIKI do not show 
> it.
grep -rn login_trusted_networks .
./example-config/dovecot.conf:48:#login_trusted_networks =
…

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =


Regards,
Pascal

-- 
The trapper recommends today: c01dcofe.1434...@localdomain.org

Re: Required SSL with exceptions

2014-12-09 Thread dovecot 
On 12/08/14 23:50, SATOH Fumiyasu wrote:
> Hi,
>
> At Mon, 08 Dec 2014 16:01:43 -0600,
> List wrote:
>> Essentially we would like to host IMAP with SSL enforced for any connections 
>> coming from anywhere except the subnet where our other mail servers reside.  
>> The idea is to not install a local instance of dovecot on the 
>> webmail/carddav/caldav servers to reduce the number of instances that need 
>> to be managed.  Is it possible to have two imap listeners, where ssl is 
>> enforced on one port, and not on another?
>
> Use login_trusted_networks parameter.
>

What is the syntax for login_trusted_networks?  The docs and WIKI do not show 
it.

Re: Sieve permissions issue following update

2014-12-09 Thread Pascal Volk 
On 12/09/2014 05:35 PM, David Gessel wrote:
> I recently updated dovecot and my sieve filters stopped working.  Checking 
> the logs I see:
> 
> Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: 
> binary save: failed to create temporary file: 
> open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.)
>  failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w 
> perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 
> 143:6 mode=0775)
> 
> Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: The 
> LDA Sieve plugin does not have permission to save global Sieve script 
> binaries; global Sieve scripts like 
> `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' need to be pre-compiled 
> using the sievec tool
> 
> 

As mentioned in the error message from your logs and in the wiki
:

To mitigate this problem, the administrator must manually
pre-compile global scripts using the sievec command line tool.


Regards,
Pascal
-- 
The trapper recommends today: defaced.1434...@localdomain.org

Re: doveadm -A operations failing due to broken mdbox

2014-12-09 Thread Pascal Volk 
On 12/09/2014 11:23 AM, Ralf Hildebrandt wrote:
> I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users.
> 
> Unfortunately this command terminates prematurely once it reaches a
> defective mdbox!
> 
> Is there a workaround for this?
> 
> Like using doveadm to get a list of valid users and then run "doveadm
> purge -u" on each of those?
> 

Are you looking for a workaround like this?

for user in `doveadm user \*`; do doveadm purge -u $user; done


Regards,
Pascal
-- 
The trapper recommends today: defaced.1434...@localdomain.org

Sieve permissions issue following update

2014-12-09 Thread David Gessel 
I recently updated dovecot and my sieve filters stopped working.  Checking the 
logs I see:

Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: binary 
save: failed to create temporary file: 
open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) 
failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: 
/usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 
mode=0775)

Dec  9 00:09:59 mailhost dovecot: lda(ges...@domain.com): Error: sieve: The LDA 
Sieve plugin does not have permission to save global Sieve script binaries; 
global Sieve scripts like `/usr/local/etc/dovecot/sieve/10-move-spam.sieve' 
need to be pre-compiled using the sievec tool


However this fairly clear advice on the failure seems to be contradicted by:

 # id vmail
uid=5000(vmail) gid=5000(vmail) groups=5000(vmail),6(mail)

?


dovecot-pigeonhole-0.4.6   =   up-to-date with index
dovecot2-2.2.15_1  =   up-to-date with index


uname -a
FreeBSD host.domain.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268932: Mon Jul 21 
15:51:38 PDT 2014 
ges...@host1.domain.com:/usr/obj/usr/src/sys/BARCELONA-13-08  amd64

Re: devoid mailbox status for mail reloaded from a tape backup

2014-12-09 Thread Stephen Lidie 

> On Dec 9, 2014, at 11:00 AM, Steffen Kaiser  
> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Tue, 9 Dec 2014, Stephen Lidie wrote:
>>> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser  
>>> wrote:
>>> On Mon, 8 Dec 2014, Stephen Lidie wrote:
>>> 
 I've only be able to status a mailbox for currently existing users, is it 
 possible to status a mailbox reloaded from tape to an alternate location?  
 The user may or may not exist at this time, but I still
> 
>^^
> 
 need to inspect the mailbox ... thank you,
>> 
>> Well, although I am able to issue a mailbox status command regardless, the 
>> implication was that the command displayed an empty string (nothing useful), 
>> and thus a working example using files not in the locations specified by 
>> mail_location would be useful. In my configuration mail_locations is defined 
>> as:
>> 
>>  mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u
>> 
>> So a command of the form “doveadm mailbox status -u userName all INBOX” uses 
>> mail_location as defined in dovecot.conf to locate the mail and index files, 
>> and displays appropriate information about the specified user’s INBOX.
>> 
>> If I have mail and index files in an alternate location - restored from a 
>> backup tape for example - how do I obtain data such as unseen, message 
>> count, vsize, etc about mailboxes residing at that alternate location, a 
>> location not pointed to by mail_location?  As I mentioned, “doveadm import” 
>> allows one to provide an alternate source location, but “doveadm mailbox 
>> status” does not AFAIK, thus, a sample command would be wonderful.
> 
> if the user does not exist at all, you could create a dummy "restore" 
> account, where you restore the data to and can use as any other user.
> This would work for any existing user, too.

True, that was my last resort, because I'd have to go through "channels" to get 
a real dummy username added to the University's LDAP server, then I'd have to 
to an actual import, and finally the status.

> 
> For me this is working, too:
> 
> doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \
> -u user1 all INBOX

Eureka!! The magic incantation snippet I was seeking :) I had tried, variously, 
placing this simple string:


"mail_location=mdbox:/home/RESTORE/homeb/userName/mail:INDEX=/home/RESTORE/var/dovecot/index/userName"

at various points on the doveadm command line, I tried exporting the string as 
the environment variables mail_location and MAIL_LOCATION, and I tried to find 
some option that would accept an alternate mail_location. I even briefly 
scanned the force code but saw immediately that that solution would be slow 
going :) I just now tried to find where -o was documented, to no avail:

# man doveadm|egrep -i '\-o'
# man doveadm mailbox|egrep -i '\-o'
# man doveadm help|egrep -i '\-o'

So, where exactly did I fail to find -o documented?

Now I (or an operator) can pre-scan candidate mail files pulled from tape 
before actually restoring them for a real user account, to help narrow down the 
results. Did I mention that this is the exact solution I was hoping for?!

Many thanks,
Steve

> 
> shows the same as
> 
> doveadm mailbox status -u user2 all INBOX
> 
> but not the same as:
> 
> doveadm mailbox status -u user1 all INBOX
> 
> So, if you craft a good -o mail_location= and an "-u", which has access 
> permissions on filesystem level (e.g. if you are using system users), it 
> should work. Maybe, you need to specify "-o home=...", too.
> 
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iQEVAwUBVIccm3z1H7kL/d9rAQJ5sAgAnwLKX+GHvrvdnWOkMfAVl68tamJCZEvw
> 7tWQCjK7LpcctjiRO7xFVZSKq4OruD6tkU0pnPut6w2sIL8DIhp4lyVBHbuNMA4s
> QyA0oLq2tMfEYEiSn8g1G5NpCPnSeo8uFinhHcSAwPWJNo5ly22QHZmZI787olM2
> Q7A2insZTvVKLSOe+tcK8SMX05GJLXb5lIRQHj2SkvkmBFiMKI2s6xxakLmEnB4h
> 3LOFqMoXTmvgGioOtoppZxPJ5jJfUNyGGCfDH7CmKwg6nbUpehf61OdQekCUSoH7
> 383RgWCW/BUb6ink9nzQDVGLSRCmzT5U0KRZ7nkMobqjuwZ/8L0AMw==
> =oNin
> -END PGP SIGNATURE-

Re: devoid mailbox status for mail reloaded from a tape backup

2014-12-09 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 9 Dec 2014, Stephen Lidie wrote:

On Dec 9, 2014, at 2:34 AM, Steffen Kaiser  
wrote:
On Mon, 8 Dec 2014, Stephen Lidie wrote:

I've only be able to status a mailbox for currently existing users, is 
it possible to status a mailbox reloaded from tape to an alternate 
location?  The user may or may not exist at this time, but I still


^^


need to inspect the mailbox ... thank you,


Well, although I am able to issue a mailbox status command regardless, the 
implication was that the command displayed an empty string (nothing useful), 
and thus a working example using files not in the locations specified by 
mail_location would be useful. In my configuration mail_locations is defined as:

mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u

So a command of the form “doveadm mailbox status -u userName all INBOX” uses 
mail_location as defined in dovecot.conf to locate the mail and index files, 
and displays appropriate information about the specified user’s INBOX.

If I have mail and index files in an alternate location - restored from a 
backup tape for example - how do I obtain data such as unseen, message count, 
vsize, etc about mailboxes residing at that alternate location, a location not 
pointed to by mail_location?  As I mentioned, “doveadm import” allows one to 
provide an alternate source location, but “doveadm mailbox status” does not 
AFAIK, thus, a sample command would be wonderful.


if the user does not exist at all, you could create a dummy "restore" 
account, where you restore the data to and can use as any other user.

This would work for any existing user, too.

For me this is working, too:

doveadm -o mail_location=maildir:/home/user2/Maildir mailbox status \
 -u user1 all INBOX

shows the same as

doveadm mailbox status -u user2 all INBOX

but not the same as:

doveadm mailbox status -u user1 all INBOX

So, if you craft a good -o mail_location= and an "-u", which has 
access permissions on filesystem level (e.g. if you are using system 
users), it should work. Maybe, you need to specify "-o home=...", too.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVIccm3z1H7kL/d9rAQJ5sAgAnwLKX+GHvrvdnWOkMfAVl68tamJCZEvw
7tWQCjK7LpcctjiRO7xFVZSKq4OruD6tkU0pnPut6w2sIL8DIhp4lyVBHbuNMA4s
QyA0oLq2tMfEYEiSn8g1G5NpCPnSeo8uFinhHcSAwPWJNo5ly22QHZmZI787olM2
Q7A2insZTvVKLSOe+tcK8SMX05GJLXb5lIRQHj2SkvkmBFiMKI2s6xxakLmEnB4h
3LOFqMoXTmvgGioOtoppZxPJ5jJfUNyGGCfDH7CmKwg6nbUpehf61OdQekCUSoH7
383RgWCW/BUb6ink9nzQDVGLSRCmzT5U0KRZ7nkMobqjuwZ/8L0AMw==
=oNin
-END PGP SIGNATURE-

Dovecot Pre-Login Scripting

2014-12-09 Thread Jeremy Hayden 
Hello,

 

We are in the process of migrating users from one system that is currently
not hosted by our company, to our dovecot 2.2.10 installation.  We are
planning on doing the dovecot dsync command for copying users mail over to
the new installation, but the one snag we are running into is ensuring we
are able to get the users credentials stored in our system.

 

We are migrating the email from a Gmail ISP account to our installation as
they are discontinuing their support next year.  The setup is a multistep
process we are hoping to accomplish.  When a connection is started to our
cluster, it will first check the database to see if the credentials match,
if not it will verify against Gmail's servers.  If the Gmail test is
successful, it would pass the credentials to a script to store them for
future login attempts.  Once the authentication is verified and stored
locally, we would run a post-login script to run dsync to copy the mail down
to the new system.

 

The problem we are running into is efficiently and appropriately hooking
into the dovecot authentication process.  We are unable to find anything
regarding PreLogin Scripting to contrast the PostLoginScripting we are
currently using, and the only other thing we are currently seeing as a
possible option is running a custom authentication socket or password
imap-login to a script.  This seems like it would be a resource nightmare
depending on the server load and are hoping for a more elegant option to be
unveiled.

 

Any other options or suggestions are welcome.  We are also wondering, if we
have to go with the custom authentication setup, if there are any examples
out there to base our scripts off in setting it up.

 

Thank you,

Jeremy

Re: Required SSL with exceptions

2014-12-09 Thread List 

On 12/9/14, 12:50 AM, SATOH Fumiyasu wrote:

Hi,

At Mon, 08 Dec 2014 16:01:43 -0600,
List wrote:

Essentially we would like to host IMAP with SSL enforced for any connections 
coming from anywhere except the subnet where our other mail servers reside.  
The idea is to not install a local instance of dovecot on the 
webmail/carddav/caldav servers to reduce the number of instances that need to 
be managed.  Is it possible to have two imap listeners, where ssl is enforced 
on one port, and not on another?

Use login_trusted_networks parameter.



Excellent, that's exactly what I was looking for.  Thank you!

Re: doveadm -A operations failing due to broken mdbox

2014-12-09 Thread Robert Schetterer 
Am 09.12.2014 um 12:23 schrieb Ralf Hildebrandt:
> I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users.
> 
> Unfortunately this command terminates prematurely once it reaches a
> defective mdbox!
> 
> Is there a workaround for this?
> 
> Like using doveadm to get a list of valid users and then run "doveadm
> purge -u" on each of those?
> 

hm then you need a mech which finds broken mdboxes before
better might be some force ( override stop parameter ) needs to be
implemented for purge


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

doveadm -A operations failing due to broken mdbox

2014-12-09 Thread Ralf Hildebrandt 
I'm using "/usr/bin/doveadm purge -A" to purge the mdboxes of my users.

Unfortunately this command terminates prematurely once it reaches a
defective mdbox!

Is there a workaround for this?

Like using doveadm to get a list of valid users and then run "doveadm
purge -u" on each of those?

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: devoid mailbox status for mail reloaded from a tape backup

2014-12-09 Thread Stephen Lidie 

> On Dec 9, 2014, at 2:34 AM, Steffen Kaiser  
> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Mon, 8 Dec 2014, Stephen Lidie wrote:
> 
>> I've only be able to status a mailbox for currently existing users, is it 
>> possible to status a mailbox reloaded from tape to an alternate location?  
>> The user may or may not exist at this time, but I still need to inspect the 
>> mailbox ... thank you,
> 
> yes
> 

:)

Well, although I am able to issue a mailbox status command regardless, the 
implication was that the command displayed an empty string (nothing useful), 
and thus a working example using files not in the locations specified by 
mail_location would be useful. In my configuration mail_locations is defined as:

mail_location = mdbox:~/mail:INDEX=/var/dovecot/index/%u

So a command of the form “doveadm mailbox status -u userName all INBOX” uses 
mail_location as defined in dovecot.conf to locate the mail and index files, 
and displays appropriate information about the specified user’s INBOX.

If I have mail and index files in an alternate location - restored from a 
backup tape for example - how do I obtain data such as unseen, message count, 
vsize, etc about mailboxes residing at that alternate location, a location not 
pointed to by mail_location?  As I mentioned, “doveadm import” allows one to 
provide an alternate source location, but “doveadm mailbox status” does not 
AFAIK, thus, a sample command would be wonderful.

thx/stv