Re: seeking sasl configuration example

[shadrock uhuru]

On 26/04/15 15:22, Edgar Pettijohn III wrote:
>
> On Apr 26, 2015, at 4:32 AM, shadrock uhuru wrote:
>
>> hi everyone
>> could someone show me there sasl configuration section in their
>> dovecot.conf,
>> i have postfix and dovecot setup for virtual users (no system users)
>> everything works fine including tls,
>> i have tried various examples off the web for sasl but they either have
>> obsolete parameters
>> or are for a setup with system users,
>> i would prefer to use dovecots sasl implementation.
>>
>> dovecot --version = 2.1.7
>>
>> cat dovecot.conf
>>
>> ##
>> ##
>>
>> disable_plaintext_auth = no
>> mail_privileged_group = mail
>>
>> log_path = /var/log/dovecot.log
>> # auth_verbose=yes
>> # auth_debug=yes
>> # auth_debug_passwords=yes
>> mail_debug=yes
>> # verbose_ssl=yes
>>
>> passdb {
>>  args = /etc/dovecot/dovecot-sql.conf
>>  driver = sql
>> }
>> userdb {
>>  driver = prefetch
>> }
>> userdb {
>>  args = /etc/dovecot/dovecot-sql.conf
>>  driver = sql
>> }
>>
>>
>> protocols = "pop3 imap lmtp"
>>
>> protocol imap {
>>  mail_plugins = " autocreate"
>> }
>>
>> plugin {
>>  autocreate = Trash
>>  autocreate2 = Sent
>>  autocreate3 = junk
>>  autosubscribe = Trash
>>  autosubscribe2 = Sent
>>  autosubscribe3 = junk
>> }
>>
>> service auth {
>>  unix_listener /var/spool/postfix/private/auth {
>>group = postfix
>>mode = 0660
>>user = postfix
>>  }
>> }
>>
>
> That should do it.  You just need to make sure postfix is set up
> correctly.
>
> http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
>
>>
>> service lmtp {
>>unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>group = postfix
>>mode = 0600
>>user = postfix
>>}
>> }
>> protocol lmtp {
>>postmaster_address=postmas...@mydomain.com
>> 
>>hostname=niya.mydomain.com
>> }
>>
>> ssl_cert = > ssl_key = >
>> ##
>> ##
>>
>>
>> thanks
>> shadrock
>

many thank Edgar
sasl is working but i was testing the smtp port instead of submission
that sasl is setup for.

imapc fetch optimization

[Nagy, Attila]

Hi,

imapc does a lot of UID FETCH $UID (BODY.PEEK[]), which is nice, because 
it works even with the dumbest IMAP server, altough it really kills 
performance, especially on high latency lines.


I wonder: if IMAP servers can effectively handle boundless fetches (like 
a list with all wanted UIDs, or simply 1:* if all are needed), do you 
see this as a good addition to develop?


This could be a new imapc_features setting afterall...

Thanks,

Re: [Dovecot] Dovecot LDA/LMTP vs postfix virtual delivery agent and the x-original-to header

[Charles Marcus]

On 4/28/2015 1:40 PM, Tobias Franzén  wrote:
> On 2014-01-08 14:32, Charles Marcus wrote:
>> On 2012-04-09 8:53 AM, Timo Sirainen  wrote:
>>> On 9.4.2012, at 15.50, Charles Marcus wrote:
> LMTP adds a new Delivered-To:  header when there is
> a single RCPT TO. You can force a single RCPT TO from Postfix side by
> setting lmtp_destination_recipient_limit=1. LMTP doesn't
> add/remove/change X-Original-To: header.
 Ok, thanks Timo... but...

 Are you saying that this 'Delivered-To:' header can somehow be 
 leveraged to provide the same info as the x-original-to header?
>>> I guess X-Original-To is the same address as what Postfix sees as the 
>>> original RCPT TO address before alias expansion and such? In that 
>>> case, see my today's mail in Postfix list..
>> Hi Timo,
>>
>> I just tried to find your email from that day, but don't see it in the 
>> archives...
>>
>> Was this ever resolved (getting x-original-to support in LMTP, like it 
>> is for the LDA)?
>>
>> If not, since it seemed like it wasn't going to be much work, any 
>> chance you can revisit it soon?
> Hello,
>
> I have tried to keep tabs on the various discussions going on related to 
> the X-Original-To header when using Dovecot LMTP. Until now I have not 
> needed a solution, but I am now finally about to migrate my old server.
>
> Old setup: Postfix + SpamAssassin (after-queue content filter via pipe) 
> + virtual transport, and Courier-IMAP.
> New setup: Postfix + amavisd-new (after-queue content filter via smtp, 
> with ClamAV and SpamAssassin) + Dovecot LMTP, and Dovecot for IMAP.
>
> Charles, have you found a way that works for you?

No, and I simply haven't switched to LMTP yet, for this and one other
reason (political, not technical)...

As for the rest below... wow... all I can say is, it sure would be nice
if Timo/Wietse could just add the few lines of code that Timo said would
be needed to properly support it natively.

> I was experimenting some with my test server and came up with a way that 
> utilizes some additional internal smtp content filter forwarding, which 
> produces some overhead. It should be light compared with the load from 
> ClamAV and SpamAssassin, however.
>
> I'm not yet sure how amavisd-new funneling would handle multiple local 
> recipients with different settings without passing the mail through 
> multiple time, at least once per local user, let alone without first 
> performing address mapping in postfix (for alias expansion). I have 
> configured per-user SpamAssassin bayes filtering, and may introduce a 
> whitelist based on address book entries (Roundcube.)
>
>
> This solution I'm currently testing will pass each message through 
> amavisd-new one time each per local and remote recipient, and will only 
> add the X-Original-To header to the specific local recipient each 
> envelope is intended for. No external users will receive the header, and 
> no local user will see which other local users (e.g. via BCC) have 
> potentially received the same message.
>
> Flow:
> all mail in (both external and tls-authenticated internal) -> smtp (1) 
> -> smtp-split (2) -> smtp-to-me (3a) | smtp-to-external (3b) -> 
> smtp-amavis (4) -> dovecot-lmtp (5)
>
> 1) I rely on default_destination_recipient_limit=1 in main.cf to split 
> each incoming mail into one stream per recipient.
> 2) smtp-split will receive one stream per recipient. Default 
> content_filter=smtp-to-me, followed by option 
> "smtpd_recipient_restrictions=permit_auth_destination,check_recipient_access,pcre:/usr/local/etc/postfix/filter-to-external.pcre,permit_mynetworks,reject"
>  
> means I stop processing restrictions if my server is the destination. If 
> my server is not the destination, the FILTER in check_recipient_access 
> will override the preceding smtp-to-me filter.
>
> Both 1) and 2) smtpd instances include option 
> receive_override_options=no_address_mappings, to wait with mapping to 
> internal recipient until we can add X-Original-To header for my server's 
> users only.
>
> 3a) For mail to my server, smtp-to-me will add X-Original-To using a 
> pcre script, in a similar fashion to step 2's filter. This step also 
> expands the address mapping (by not specifying any 
> receive_override_options).
>-o 
> smtpd_recipient_restrictions=check_recipient_access,pcre:/usr/local/etc/postfix/recipient_access_x-orig.pcre,permit_mynetworks,reject
>
> 3b) For mail leaving my server, smtp-to-external will not add any 
> processing besides implied expanding of the address mapping.
>
> 4) Mail is funneled through amavisd-new, once per final recipient. Mails 
> leaving the server (sent from smtp-to-external) will be scanned by ClamV 
> only. Mails with my server as the destination (sent from smtp-to-me) 
> will go through ClamV, and SpamAssassin (together with per-user bayes 
> filtering).
>
> 5) Nothing special is done here. The final destination address is sent 
> to LMTP for delivery.
>
> Contents of /usr/local/etc/

Re: CVE-2015-3420

[Timo Sirainen]

Timo Sirainen  kirjoitti 28.4.2015 kello 11.35:
> 
>> On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:
>> When can we expect 2.2.17 to resolve this?
> 
> As far as I know this doesn't affect any of the major distributions where 
> Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it 
> happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't 
> see this as especially critical issue. But I'm planning on v2.2.17 release 
> sometimes soon anyway for other reasons.

BTW. I wonder why the bug is officially in Dovecot when it was OpenSSL's new 
version that started causing the crash.. I wonder how many other software 
breaks with new OpenSSL.

Re: [Dovecot] Dovecot LDA/LMTP vs postfix virtual delivery agent and the x-original-to header

[Tobias Franzén]

On 2014-01-08 14:32, Charles Marcus wrote:

On 2012-04-09 8:53 AM, Timo Sirainen  wrote:

On 9.4.2012, at 15.50, Charles Marcus wrote:

LMTP adds a new Delivered-To:  header when there is
a single RCPT TO. You can force a single RCPT TO from Postfix side by
setting lmtp_destination_recipient_limit=1. LMTP doesn't
add/remove/change X-Original-To: header.



Ok, thanks Timo... but...

Are you saying that this 'Delivered-To:' header can somehow be 
leveraged to provide the same info as the x-original-to header?


I guess X-Original-To is the same address as what Postfix sees as the 
original RCPT TO address before alias expansion and such? In that 
case, see my today's mail in Postfix list..


Hi Timo,

I just tried to find your email from that day, but don't see it in the 
archives...


Was this ever resolved (getting x-original-to support in LMTP, like it 
is for the LDA)?


If not, since it seemed like it wasn't going to be much work, any 
chance you can revisit it soon?


Thanks,


Hello,

I have tried to keep tabs on the various discussions going on related to 
the X-Original-To header when using Dovecot LMTP. Until now I have not 
needed a solution, but I am now finally about to migrate my old server.


Old setup: Postfix + SpamAssassin (after-queue content filter via pipe) 
+ virtual transport, and Courier-IMAP.
New setup: Postfix + amavisd-new (after-queue content filter via smtp, 
with ClamAV and SpamAssassin) + Dovecot LMTP, and Dovecot for IMAP.


Charles, have you found a way that works for you?

I was experimenting some with my test server and came up with a way that 
utilizes some additional internal smtp content filter forwarding, which 
produces some overhead. It should be light compared with the load from 
ClamAV and SpamAssassin, however.


I'm not yet sure how amavisd-new funneling would handle multiple local 
recipients with different settings without passing the mail through 
multiple time, at least once per local user, let alone without first 
performing address mapping in postfix (for alias expansion). I have 
configured per-user SpamAssassin bayes filtering, and may introduce a 
whitelist based on address book entries (Roundcube.)



This solution I'm currently testing will pass each message through 
amavisd-new one time each per local and remote recipient, and will only 
add the X-Original-To header to the specific local recipient each 
envelope is intended for. No external users will receive the header, and 
no local user will see which other local users (e.g. via BCC) have 
potentially received the same message.


Flow:
all mail in (both external and tls-authenticated internal) -> smtp (1) 
-> smtp-split (2) -> smtp-to-me (3a) | smtp-to-external (3b) -> 
smtp-amavis (4) -> dovecot-lmtp (5)


1) I rely on default_destination_recipient_limit=1 in main.cf to split 
each incoming mail into one stream per recipient.
2) smtp-split will receive one stream per recipient. Default 
content_filter=smtp-to-me, followed by option 
"smtpd_recipient_restrictions=permit_auth_destination,check_recipient_access,pcre:/usr/local/etc/postfix/filter-to-external.pcre,permit_mynetworks,reject" 
means I stop processing restrictions if my server is the destination. If 
my server is not the destination, the FILTER in check_recipient_access 
will override the preceding smtp-to-me filter.


Both 1) and 2) smtpd instances include option 
receive_override_options=no_address_mappings, to wait with mapping to 
internal recipient until we can add X-Original-To header for my server's 
users only.


3a) For mail to my server, smtp-to-me will add X-Original-To using a 
pcre script, in a similar fashion to step 2's filter. This step also 
expands the address mapping (by not specifying any 
receive_override_options).
  -o 
smtpd_recipient_restrictions=check_recipient_access,pcre:/usr/local/etc/postfix/recipient_access_x-orig.pcre,permit_mynetworks,reject


3b) For mail leaving my server, smtp-to-external will not add any 
processing besides implied expanding of the address mapping.


4) Mail is funneled through amavisd-new, once per final recipient. Mails 
leaving the server (sent from smtp-to-external) will be scanned by ClamV 
only. Mails with my server as the destination (sent from smtp-to-me) 
will go through ClamV, and SpamAssassin (together with per-user bayes 
filtering).


5) Nothing special is done here. The final destination address is sent 
to LMTP for delivery.


Contents of /usr/local/etc/postfix/recipient_access_x-orig.pcre:
/(.+)/prepend X-Original-To: <$1>

Contents of /usr/local/etc/postfix/filter-to-external.pcre:
/^/FILTER smtp-to-external:[127.0.0.1]:


Room for improvement:
Postfix seem to know the orig_to even after processing in amavisd-new, 
however I have yet to find a way to use this option.
I can move the amavisd-new filter to before the X-Original-To header 
addition, however for amavisd-new to utilize per-user bayes, I currently 
need to do the address mapping in postfix befo

Re: Trash Plugin bugs

[Alexei Gradinari]

Hello Timo,

Are you going to commit my patch to Dovecot v2.2.x?
I sent it 2 weeks ago and still haven't seen it in 
http://hg.dovecot.org/dovecot-2.2/

Regards,
Alexei

trash-plugin.patch
Description: Binary data

Re: CVE-2015-3420

[Edwardo Garcia]

On 4/28/15, Timo Sirainen  wrote:
> On 28 Apr 2015, at 11:35, Timo Sirainen  wrote:
>>
>> On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:
>>> When can we expect 2.2.17 to resolve this?
>>
>> As far as I know this doesn't affect any of the major distributions where
>> Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard i

Most of those distributions are way outdate version anyway, if they
were not maybe problem be seen too

>> happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I
>> don't see this as especially critical issue. But I'm planning on v2.2.17
>> release sometimes soon anyway for other reasons.
>
> Oh, forgot to post also the committed patch fixing this:
> http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
>

Thank you, with couple million users we can not afford take chance, so
will apply patch this morning on all servers.

Re: Quotas not working after reboot

[Edgaras Lukoševičius]

Aaaand... fixed.

quota plugin was disabled in doveadm protocol as in:

protocol doveadm {
  #mail_plugins = $mail_plugins pop3_migration
  mail_plugins = pop3_migration
}

Added ‘quota' to mail_plugins 

Now I don’t know why that wasn’t a problem after issuing “systemctl restart 
dovecot”, but at least it works now.

On 28 Apr 2015, at 14:25, Edgaras Lukoševičius  
wrote:

> By the way, my quotas are configured to use SQL:
> user_query = SELECT CONCAT('/home/vmail/', maildir) AS home, 997 AS uid, 996 
> AS gid, CONCAT('*:bytes=', quota) AS quota_rule, CONCAT('maildir:storage=', 
> quota) AS quota FROM mailbox WHERE username = LOWER('%u') AND active = '1' 
> AND suspended = ‘0'
> 
> And when I run command "doveadm -D quota get -u te...@testdomain1.tld” i see 
> In MySQL query log that query is sent.
> 
> 
> On 28 Apr 2015, at 12:00, Edgaras Lukoševičius 
>  wrote:
> 
>> Hello,
>> 
>> after rebooting my dovecot server quotas are no longer working.
>> 
>> # dovecot --version
>> 2.2.10
>> 
>> CentOS Linux release 7.0.1406
>> 
>> It is strange that restarting dovecot did not reveal this problem, but 
>> rebooting whole server did.
>> 
>> 
>> 
>> Before reboot it was like this:
>> 
>> # doveadm -D quota get -u te...@testdomain1.tld
>> doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot
>> doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
>> doveadm(root): Debug: Loading modules from directory: 
>> /usr/lib64/dovecot/doveadm
>> 03NB0d9erYBwhnzXhbS66fLDMU8v4ZiCDQDM3tDHCKme4ujpHy/lRk33305AIO9UXtgHGFyJYSpcVgoVnXJQGpJBphGvkAF4XI1JGx83Dtlb44wgJ8ZBgOm4qSNOoQIXKv0NO35EwUohtYBMlDJKPRUTwRF93tW7RsfWZGVNi4Eo5k616Tn4ooU3JMXkQA8LZ5zzLllspBVDbyb4GPAmWiw==
>>  root@ovzcloud
>> doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() 
>> failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
>> symbol: acl_user_module (this is usually intentional, so just ignore this 
>> message)
>> doveadm(root): Debug: Skipping module doveadm_expire_plugin, because 
>> dlopen() failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: 
>> undefined symbol: expire_set_deinit (this is usually intentional, so just 
>> ignore this message)
>> doveadm(root): Debug: Module loaded: 
>> /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so
>> doveadm(root): Debug: Module loaded: 
>> /usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
>> doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
>> dlopen() failed: 
>> /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined 
>> symbol: lucene_index_iter_deinit (this is usually intentional, so just 
>> ignore this message)
>> doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() 
>> failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined 
>> symbol: fts_backend_rescan (this is usually intentional, so just ignore this 
>> message)
>> doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
>> plugin/quota=maildir:storage=51200
>> doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
>> plugin/quota_rule=*:bytes=51200
>> doveadm(te...@testdomain1.tld): Debug: Effective uid=997, gid=996, 
>> home=/home/vmail/t/e/testdomain1.tld/test1/
>> doveadm(te...@testdomain1.tld): Debug: Quota root: name=storage=51200 
>> backend=maildir args=
>> doveadm(te...@testdomain1.tld): Debug: Quota rule: root=storage=51200 
>> mailbox=* bytes=51200 messages=0
>> doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=48640 (95%) 
>> messages=0 reverse=no command=quota-warning 95 te...@testdomain1.tld
>> doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=40960 (80%) 
>> messages=0 reverse=no command=quota-warning 80 te...@testdomain1.tld
>> doveadm(te...@testdomain1.tld): Debug: Quota grace: root=storage=51200 
>> bytes=2560 (5%)
>> doveadm(te...@testdomain1.tld): Debug: Namespace inbox: type=private, 
>> prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes 
>> location=maildir:/home/vmail/t/e/testdomain1.tld/test1/
>> doveadm(te...@testdomain1.tld): Debug: maildir++: 
>> root=/home/vmail/t/e/testdomain1.tld/test1, index=, indexpvt=, control=, 
>> inbox=/home/vmail/t/e/testdomain1.tld/test1, alt=
>> doveadm(te...@testdomain1.tld): Debug: Namespace : type=private, prefix=, 
>> sep=, inbox=no, hidden=yes, list=no, subscriptions=no 
>> location=fail::LAYOUT=none
>> doveadm(te...@testdomain1.tld): Debug: none: root=, index=, indexpvt=, 
>> control=, inbox=, alt=
>> Quota nameTypeValue  Limit   
>> %
>> storage=51200 STORAGE 0 50   
>> 0
>> storage=51200 MESSAGE 0  -
>> 
>> 
>> 
>> Now after rebooting i get this output:
>> 
>> # doveadm -D quota get -u te.

Re: CVE-2015-3420

[Timo Sirainen]

On 28 Apr 2015, at 11:43, Marc Schiffbauer  wrote:
> 
> * Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr:
>> On 28 Apr 2015, at 11:35, Timo Sirainen  wrote:
>>> 
>>> On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:
 When can we expect 2.2.17 to resolve this?
>>> 
>>> As far as I know this doesn't affect any of the major distributions where 
>>> Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it 
>>> happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I 
>>> don't see this as especially critical issue. But I'm planning on v2.2.17 
>>> release sometimes soon anyway for other reasons.
>> 
>> Oh, forgot to post also the committed patch fixing this: 
>> http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
> 
> Hi Timo,
> 
> does this affect 2.2.16 *only*?

The code has been there v2.2.14 - v2.2.16. I'm not sure if it could have 
affected older versions also in some way.

Re: Quotas not working after reboot

[Edgaras Lukoševičius]

By the way, my quotas are configured to use SQL:
user_query = SELECT CONCAT('/home/vmail/', maildir) AS home, 997 AS uid, 996 AS 
gid, CONCAT('*:bytes=', quota) AS quota_rule, CONCAT('maildir:storage=', quota) 
AS quota FROM mailbox WHERE username = LOWER('%u') AND active = '1' AND 
suspended = ‘0'

And when I run command "doveadm -D quota get -u te...@testdomain1.tld” i see In 
MySQL query log that query is sent.


On 28 Apr 2015, at 12:00, Edgaras Lukoševičius  
wrote:

> Hello,
> 
> after rebooting my dovecot server quotas are no longer working.
> 
> # dovecot --version
> 2.2.10
> 
> CentOS Linux release 7.0.1406
> 
> It is strange that restarting dovecot did not reveal this problem, but 
> rebooting whole server did.
> 
> 
> 
> Before reboot it was like this:
> 
> # doveadm -D quota get -u te...@testdomain1.tld
> doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot
> doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
> doveadm(root): Debug: Loading modules from directory: 
> /usr/lib64/dovecot/doveadm
> 03NB0d9erYBwhnzXhbS66fLDMU8v4ZiCDQDM3tDHCKme4ujpHy/lRk33305AIO9UXtgHGFyJYSpcVgoVnXJQGpJBphGvkAF4XI1JGx83Dtlb44wgJ8ZBgOm4qSNOoQIXKv0NO35EwUohtYBMlDJKPRUTwRF93tW7RsfWZGVNi4Eo5k616Tn4ooU3JMXkQA8LZ5zzLllspBVDbyb4GPAmWiw==
>  root@ovzcloud
> doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() 
> failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
> symbol: acl_user_module (this is usually intentional, so just ignore this 
> message)
> doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() 
> failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
> symbol: expire_set_deinit (this is usually intentional, so just ignore this 
> message)
> doveadm(root): Debug: Module loaded: 
> /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so
> doveadm(root): Debug: Module loaded: 
> /usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
> doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
> dlopen() failed: 
> /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined 
> symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore 
> this message)
> doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() 
> failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined 
> symbol: fts_backend_rescan (this is usually intentional, so just ignore this 
> message)
> doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
> plugin/quota=maildir:storage=51200
> doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
> plugin/quota_rule=*:bytes=51200
> doveadm(te...@testdomain1.tld): Debug: Effective uid=997, gid=996, 
> home=/home/vmail/t/e/testdomain1.tld/test1/
> doveadm(te...@testdomain1.tld): Debug: Quota root: name=storage=51200 
> backend=maildir args=
> doveadm(te...@testdomain1.tld): Debug: Quota rule: root=storage=51200 
> mailbox=* bytes=51200 messages=0
> doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=48640 (95%) 
> messages=0 reverse=no command=quota-warning 95 te...@testdomain1.tld
> doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=40960 (80%) 
> messages=0 reverse=no command=quota-warning 80 te...@testdomain1.tld
> doveadm(te...@testdomain1.tld): Debug: Quota grace: root=storage=51200 
> bytes=2560 (5%)
> doveadm(te...@testdomain1.tld): Debug: Namespace inbox: type=private, 
> prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes 
> location=maildir:/home/vmail/t/e/testdomain1.tld/test1/
> doveadm(te...@testdomain1.tld): Debug: maildir++: 
> root=/home/vmail/t/e/testdomain1.tld/test1, index=, indexpvt=, control=, 
> inbox=/home/vmail/t/e/testdomain1.tld/test1, alt=
> doveadm(te...@testdomain1.tld): Debug: Namespace : type=private, prefix=, 
> sep=, inbox=no, hidden=yes, list=no, subscriptions=no 
> location=fail::LAYOUT=none
> doveadm(te...@testdomain1.tld): Debug: none: root=, index=, indexpvt=, 
> control=, inbox=, alt=
> Quota nameTypeValue  Limit
>%
> storage=51200 STORAGE 0 50
>0
> storage=51200 MESSAGE 0  -
> 
> 
> 
> Now after rebooting i get this output:
> 
> # doveadm -D quota get -u te...@testdomain1.tld
> doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot
> doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
> doveadm(root): Debug: Loading modules from directory: 
> /usr/lib64/dovecot/doveadm
> doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() 
> failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
> symbol: acl_user_module (this is usually intentional, so just ignore

Crashes in dovecot -hg (86f535375750)

[Reuben Farrelly]

Seems there is some breakage with -hg latest - 2.2.16 (86f535375750+). 
I've just had 4 core files created in short succession on both servers 
in the replication set.  Here's the first...


tornado reuben # gdb /usr/libexec/dovecot/imap core
GNU gdb (Gentoo 7.9 vanilla) 7.9
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/libexec/dovecot/imap...done.
[New LWP 20929]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `dovecot/imap'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x7f186087693a in fts_user_free (fuser=0x0) at fts-user.c:187
187 fts-user.c: No such file or directory.
(gdb) bt full
#0  0x7f186087693a in fts_user_free (fuser=0x0) at fts-user.c:187
user_langp = 0x30008
#1  0x7f1860876ac2 in fts_mail_user_deinit (user=0x20a3eb0)
at fts-user.c:215
fuser = 0x0
#2  0x7f185d7890f8 in fts_lucene_mail_user_deinit (user=0x20a3eb0)
at fts-lucene-plugin.c:99
fuser = 0x20a5550
#3  0x7f185d994e0c in replication_user_deinit (user=0x20a3eb0)
at replication-plugin.c:310
ruser = 0x20a5500
#4  0x7f18615b565a in mail_user_unref (_user=0x20abc28) at 
mail-user.c:168

user = 0x20a3eb0
__FUNCTION__ = "mail_user_unref"
#5  0x0041afef in client_default_destroy (client=0x20abbb0, 
reason=0x0)

at imap-client.c:284
cmd = 0x7ffde3a18960
__FUNCTION__ = "client_default_destroy"
#6  0x0041ada0 in client_destroy (client=0x20abbb0, reason=0x0)
at imap-client.c:236
No locals.
#7  0x0041ccf4 in client_input (client=0x20abbb0) at 
imap-client.c:967

cmd = 0x7ffde3a189a0
output = 0x0
bytes = 12
__FUNCTION__ = "client_input"
#8  0x7f18612fc992 in io_loop_call_io (io=0x20c8610) at ioloop.c:501
ioloop = 0x2076740
t_id = 2
__FUNCTION__ = "io_loop_call_io"
#9  0x7f18612fec40 in io_loop_handler_run_internal (ioloop=0x2076740)
at ioloop-epoll.c:220
ctx = 0x2077460
events = 0x2078290
event = 0x2078290
list = 0x2078e80
io = 0x20c8610
tv = {tv_sec = 4, tv_usec = 999387}
events_count = 5
msecs = 5000
ret = 1
i = 0
j = 0
call = true
__FUNCTION__ = "io_loop_handler_run_internal"
#10 0x7f18612fcb2f in io_loop_handler_run (ioloop=0x2076740)

Reuben

Re: CVE-2015-3420

[Marc Schiffbauer]

* Timo Sirainen schrieb am 28.04.15 um 11:35 Uhr:

On 28 Apr 2015, at 11:35, Timo Sirainen  wrote:


On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:

When can we expect 2.2.17 to resolve this?


As far as I know this doesn't affect any of the major distributions where 
Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it 
happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't 
see this as especially critical issue. But I'm planning on v2.2.17 release 
sometimes soon anyway for other reasons.


Oh, forgot to post also the committed patch fixing this: 
http://hg.dovecot.org/dovecot-2.2/rev/86f535375750


Hi Timo,

does this affect 2.2.16 *only*?

thx
-Marc


--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: CVE-2015-3420

[Timo Sirainen]

On 28 Apr 2015, at 11:35, Timo Sirainen  wrote:
> 
> On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:
>> When can we expect 2.2.17 to resolve this?
> 
> As far as I know this doesn't affect any of the major distributions where 
> Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it 
> happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't 
> see this as especially critical issue. But I'm planning on v2.2.17 release 
> sometimes soon anyway for other reasons.

Oh, forgot to post also the committed patch fixing this: 
http://hg.dovecot.org/dovecot-2.2/rev/86f535375750

Re: CVE-2015-3420

[Timo Sirainen]

On 28 Apr 2015, at 04:15, Edwardo Garcia  wrote:
> When can we expect 2.2.17 to resolve this?

As far as I know this doesn't affect any of the major distributions where 
Dovecot is commonly used (Debian/Ubuntu/Redhat/CentOS). I've only heard it 
happening with some self-compiled OpenSSL versions (Arch/Gentoo?), so I don't 
see this as especially critical issue. But I'm planning on v2.2.17 release 
sometimes soon anyway for other reasons.

Quotas not working after reboot

[Edgaras Lukoševičius]

Hello,

after rebooting my dovecot server quotas are no longer working.

# dovecot --version
2.2.10

CentOS Linux release 7.0.1406

It is strange that restarting dovecot did not reveal this problem, but 
rebooting whole server did.



Before reboot it was like this:

# doveadm -D quota get -u te...@testdomain1.tld
doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot
doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm
03NB0d9erYBwhnzXhbS66fLDMU8v4ZiCDQDM3tDHCKme4ujpHy/lRk33305AIO9UXtgHGFyJYSpcVgoVnXJQGpJBphGvkAF4XI1JGx83Dtlb44wgJ8ZBgOm4qSNOoQIXKv0NO35EwUohtYBMlDJKPRUTwRF93tW7RsfWZGVNi4Eo5k616Tn4ooU3JMXkQA8LZ5zzLllspBVDbyb4GPAmWiw==
 root@ovzcloud
doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
symbol: acl_user_module (this is usually intentional, so just ignore this 
message)
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore this 
message)
doveadm(root): Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: 
undefined symbol: lucene_index_iter_deinit (this is usually intentional, so 
just ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined 
symbol: fts_backend_rescan (this is usually intentional, so just ignore this 
message)
doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
plugin/quota=maildir:storage=51200
doveadm(te...@testdomain1.tld): Debug: Added userdb setting: 
plugin/quota_rule=*:bytes=51200
doveadm(te...@testdomain1.tld): Debug: Effective uid=997, gid=996, 
home=/home/vmail/t/e/testdomain1.tld/test1/
doveadm(te...@testdomain1.tld): Debug: Quota root: name=storage=51200 
backend=maildir args=
doveadm(te...@testdomain1.tld): Debug: Quota rule: root=storage=51200 
mailbox=* bytes=51200 messages=0
doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=48640 (95%) 
messages=0 reverse=no command=quota-warning 95 te...@testdomain1.tld
doveadm(te...@testdomain1.tld): Debug: Quota warning: bytes=40960 (80%) 
messages=0 reverse=no command=quota-warning 80 te...@testdomain1.tld
doveadm(te...@testdomain1.tld): Debug: Quota grace: root=storage=51200 
bytes=2560 (5%)
doveadm(te...@testdomain1.tld): Debug: Namespace inbox: type=private, 
prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:/home/vmail/t/e/testdomain1.tld/test1/
doveadm(te...@testdomain1.tld): Debug: maildir++: 
root=/home/vmail/t/e/testdomain1.tld/test1, index=, indexpvt=, control=, 
inbox=/home/vmail/t/e/testdomain1.tld/test1, alt=
doveadm(te...@testdomain1.tld): Debug: Namespace : type=private, prefix=, sep=, 
inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none
doveadm(te...@testdomain1.tld): Debug: none: root=, index=, indexpvt=, 
control=, inbox=, alt=
Quota nameTypeValue  Limit  
 %
storage=51200 STORAGE 0 50  
 0
storage=51200 MESSAGE 0  -



Now after rebooting i get this output:

# doveadm -D quota get -u te...@testdomain1.tld
doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot
doveadm(root): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm
doveadm(root): Debug: Skipping module doveadm_acl_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so: undefined 
symbol: acl_user_module (this is usually intentional, so just ignore this 
message)
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() 
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined 
symbol: expire_set_deinit (this is usually intentional, so just ignore this 
message)
doveadm(root): Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Module loaded: 
/usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because 
dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: 
undefined symbol: lucene_index_iter_deinit (this is usu