Re: LDAP: "unused" & "uid missing"

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 30 Jan 2015, Leander Schäfer wrote:

Does someone know what this means? It looks to me like it got the UID, yet it 
complains ... ? Also, why does it complain about attributes being unused, yet 
I use prefetch, so they will be used?!



Log:
[...]
dovecot: auth: Debug: 
ldap(t...@mydomain.tld,192.168.10.233,): result: 
mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 
mailQuotaStorage=10240 mailQuotaMessages=20; 
mailQuotaMessages,mailStorageDirectory,mailUidNumber,mailQuotaStorage,mailGidNumber 
unused


dovecot: auth: Debug: 
ldap(t...@mydomain.tld,192.168.10.233,): result: 
mailStorageDirectory=/var/vmail mailUidNumber=2110 mailGidNumber=2110 
mailQuotaStorage=10240 mailQuotaMessages=20; uid missing

[...]


I guess that these are related to the user_attrs.

As mentioned, I use prefetch, so this is how my dovecot/dovecot-ldap.conf.ext 
is looking:


[...]
#user_attrs = mailStorageDirectory=home=%$/%u, 
mailStorageDirectory=mail=maildir:%$/%u/maildir, mailUidNumber=uid, 
mailGidNumber=gid, mailQuotaStorage=quota_rule=*:storage=%$, 
mailQuotaMessages=quota_rule2=*:messages=%$


You have commented out user_attrs, there are lookups that do _not_ follow 
an auth attempt. Those need this setting.


pass_attrs = uid=user, userPassword=password, 
mailStorageDirectory=userdb_home=%$/%u, 
mailStorageDirectory=userdb_mail=maildir:%$/%u/maildir, 
mailUidNumber=userdb_uid, mailGidNumber=userdb_gid, 
mailQuotaStorage=userdb_quota_rule=*:storage=%$, 
mailQuotaMessages=userdb_quota_rule2=*:messages=%$

[...]


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBVM8ofHz1H7kL/d9rAQLONwgAhHmj1gDzFmFdE9on+kF5jfGKEHvmV6Na
6ZfGt9vL0ReJqLqS/H4MTkbgtr6K3SHouOy0NfcgSpYgHT+vzsSD0EVUhDeenayE
jSgFpOE/0HNt0VHiyN89vLGL4nVQu4lOJr5PXTGjwZ74lFK+9L6aO9MBAm+1G4Z4
bvIQC6Uj5DHLHozfCMEUb5BNm0m3Bm69vTIgYBtvROHxXXP1Lqbba/ZspMPqDnkF
KH0gdWDUFUUb0KOMcgNgnHCKrSR3ZdnSBd2QszQ4JkOgny2gKhWLjVU0rMQEinU0
0p9bD5jwpJE7hLS/Tj5M7TJe842DXiu+BBpY5LlhIyQ++ISCVUTGCQ==
=E8V2
-END PGP SIGNATURE-

Re: Sieve permissions issue following update

[Stephan Bosch]

On 1/26/2015 3:43 PM, Olaf Hopp wrote:
> On 01/01/2015 05:22 PM, Stephan Bosch wrote:
>> On 1/1/2015 4:17 PM, Robert Blayzor wrote:
>>> On Jan 1, 2015, at 9:58 AM, Robert Blayzor 
>>> wrote:
> Hmm. This smells like a bug. I notice that your modification times of
> the .sieve and .svbin file are exactly the same (that is somewhat
> unusual). I'm looking at a potential bug that would explain your
> problem.
>
> To confirm, could you try running sievec again, so that the .svbin is
> actually newer than the .sieve?
>>>
>>> If it makes any difference at all...  I only see this using
>>> "dovecot-lda".  If I change my Exim transport to use Dovecot's LMTP,
>>> I do not see this problem.
>>
>> That is odd.
>>
>
> Hi Stephan and Robert,
> the same issue here and I'm using Exim with dovecot-lmtp and
> not with dovecot-lda.
> So it doesn't seem to be a problem of LDA vs. lmtp

Do you have the opportunity to test this with the latest Mercurial
revision? This adds a bit more debug information on the up-to-date check.

Otherwise, you'll need to wait until the next release is done.

Regards,

Stephan.

Re: managesieve & checkpassword authdb interface

[Stephan Bosch]

On 2/2/2015 2:17 AM, Peter Hodur wrote:
> Hello,
>
> does anybody knows what managesieve addon sets in SERVICE env when
> autentificating to checkpassword?

For authentication purposes "sieve" is used.

Regards,

Stephan.

managesieve & checkpassword authdb interface

[Peter Hodur]

Hello,

does anybody knows what managesieve addon sets in SERVICE env when
autentificating to checkpassword?

thanks

Pete

Re: Domain quota

[Jiri Bourek]

On 30.1.2015 16:03, Evgeny Basov wrote:

Hello.

I'm tried to use domain quota:



Search the list archives. Unless something changed in that regard, 
domain quotas don't work. When you use recalc, domain quota is updated 
to values which are valid for last mailbox that was recalculated.


The way we got domain quota working was using filesystem quotas. 
Naturally this only works if messages (files) are owned by different 
system groups (one group per domain) and when you're using maildir 
storage (otherwise no mail count, just size.)


I'm not sure but I think I saw another possible solution mentioned in 
previous discussions on the topic. Should turn up if you search the archive.

Re: auth: Error: auth worker: Aborted request: Lookup timed out

[Reindl Harald]

Am 01.02.2015 um 22:44 schrieb ML mail:

Thanks for your tip regarding the busy network.

I am using a one year old Cisco Catalyst 2960S (WS-C2960S-48TD-L) with cat6e 
cables and my network should not be overloaded as far as I know. My mailbox and 
mail proxy servers are on two different virtual machines on two different 
servers. It could be possible that it is something with the virtualization but 
my other VMs do not have any connection time outs or anything. I will keep on 
searching on the network side.


the busy network tip is nonsense since "Connection reset by peer" means 
nothing else as it says "the remote client lost connection for whatever 
reason" and that are most likely *mobile clients* and *bots*


Feb  1 20:24:17 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:24:46 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:25:18 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:26:01 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:26:45 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:27:34 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 20:37:04 mail dovecot: auth: Warning: auth client 0 disconnected 
with 2 pending requests: Connection reset by peer
Feb  1 20:37:57 mail dovecot: auth: Warning: auth client 0 disconnected 
with 2 pending requests: Connection reset by peer
Feb  1 21:26:39 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:27:49 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:28:33 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:28:51 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:29:35 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:30:19 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:31:03 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:31:39 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:31:47 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:32:31 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer
Feb  1 21:33:53 mail dovecot: auth: Warning: auth client 0 disconnected 
with 1 pending requests: Connection reset by peer



I don't know if this is related but I also get quite a few of these error 
messages:

Jan 31 14:10:46 auth: Warning: auth client 0 disconnected with 1 pending 
requests: Connection reset by peer


my interpretation:

a) you have a very very bz network ... the other end cannot respond to incoming 
requests

even if your network is NOT bz, eg, no collision blinking on your 
hubs/switches,
you are still having network problems

b) if all of your dovecot tests is on one host  ... disconnect it from the 
network
and see if dovecot's auth finishes its tasks

c) to clean up your network ...
 - use switches ... not hubs  even inexpensive netgear switches is good 
enuff
 - use good 3-6' cat6e cables ... we'll assume the bldg's wiring is done to 
bldg specs
 - my guess, you're probably having cabling problems )
 - separate slow devices from faster devices
 eg. separate printers onto its own network with a switch
 in between printers and everybody else
 - separate 10/100 devices from gigE devices ... do not mix them up on the 
same switch/hub
c ya
alvin



Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 1 pending 
requests: Connection reset by peer
Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 2 pending 
requests: Connection reset by peer
Jan 31 14:13:22 auth: Warning: auth client 0 disconnected with 2 pending 
requests: EOF
Jan 31 14:13:26 auth: Warning: auth client 0 disconnected with 1 pending 
requests: Connection reset by peer




signature.asc
Description: OpenPGP digital signature

Re: auth: Error: auth worker: Aborted request: Lookup timed out

[ML mail]

Thanks for your tip regarding the busy network.

I am using a one year old Cisco Catalyst 2960S (WS-C2960S-48TD-L) with cat6e 
cables and my network should not be overloaded as far as I know. My mailbox and 
mail proxy servers are on two different virtual machines on two different 
servers. It could be possible that it is something with the virtualization but 
my other VMs do not have any connection time outs or anything. I will keep on 
searching on the network side.


On Saturday, January 31, 2015 8:40 PM, alvin 
 wrote:

hi

> I don't know if this is related but I also get quite a few of these error 
> messages:
> 
> Jan 31 14:10:46 auth: Warning: auth client 0 disconnected with 1 pending 
> requests: Connection reset by peer

my interpretation:

a) you have a very very bz network ... the other end cannot respond to incoming 
requests

   even if your network is NOT bz, eg, no collision blinking on your 
hubs/switches,
   you are still having network problems

b) if all of your dovecot tests is on one host  ... disconnect it from the 
network
   and see if dovecot's auth finishes its tasks

c) to clean up your network ...
- use switches ... not hubs  even inexpensive netgear switches is good 
enuff
- use good 3-6' cat6e cables ... we'll assume the bldg's wiring is done to 
bldg specs
- my guess, you're probably having cabling problems )
- separate slow devices from faster devices
eg. separate printers onto its own network with a switch
in between printers and everybody else 
- separate 10/100 devices from gigE devices ... do not mix them up on the 
same switch/hub
c ya
alvin


> Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 1 pending 
> requests: Connection reset by peer
> Jan 31 14:13:20 auth: Warning: auth client 0 disconnected with 2 pending 
> requests: Connection reset by peer
> Jan 31 14:13:22 auth: Warning: auth client 0 disconnected with 2 pending 
> requests: EOF
> Jan 31 14:13:26 auth: Warning: auth client 0 disconnected with 1 pending 
> requests: Connection reset by peer
> 
> maybe around 20-30 per day.
> 

[Bug ?] IMAP keywords are not preserved during mailbox conversion

[Alexander Moisseev]

IMAP keywords (Thunderbird Tags) are not preserved during Maildir to mdbox 
conversion.

For mailbox conversion I am using the command:
# doveadm -o mail_location=maildir:~/Maildir sync -u u...@example.com 
mdbox:~/mdbox

After conversion all Thunderbird Tags are lost.

Is it a bug or expected behavior?

--
Alexander
# doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: FreeBSD 10.1-RELEASE i386
auth_default_realm = example.com
auth_mechanisms = digest-md5 cram-md5 apop plain
doveadm_password = 
first_valid_gid = 1000
first_valid_uid = 1000
lda_mailbox_autosubscribe = yes
listen = *
mail_attachment_dir = /vmail/attachments
mail_gid = vmail
mail_home = /vmail/%d/%n
mail_location = mdbox:~/mdbox
mail_plugins = quota zlib
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave duplicate
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  args = scheme=plain username_format=%n 
/usr/local/etc/dovecot/dovecot.auth/%d.passwd
  driver = passwd-file
}
plugin {
  antispam_backend = mailtrain
  antispam_mail_notspam = learn_ham
  antispam_mail_sendmail = /usr/local/bin/rspamc
  antispam_mail_sendmail_args = -h;localhost:11334
  antispam_mail_spam = learn_spam
  antispam_spam = Junk
  antispam_trash = Trash
  quota = dict:User quota::file:%h/dovecot-quota
  quota_rule = *:storage=2G
  quota_rule2 = Trash:storage=+10%%
  quota_rule3 = Spam:storage=+20%%
  quota_status_nouser = DUNNO
  quota_status_success = DUNNO
  sieve_after = /usr/local/etc/dovecot/sieve/sieve.after
  sieve_before = /usr/local/etc/dovecot/sieve/sieve.before
  sieve_vacation_min_period = 0
  zlib_save = gz
  zlib_save_level = 3
}
postmaster_address = postmas...@example.com
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
user = vmail
  }
}
service config {
  unix_listener config {
mode = 0600
user = vmail
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
  user = vmail
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  unix_listener /var/spool/postfix/private/quota-status {
user = postfix
  }
}
ssl_cert =