Messages lost from imap folders
Hello, We have one user who is complaining that he has lost mails from 3 imap folders, administered through squirrelmail. The folders suddenly appeared unregistered, and once manually registered they were empty. Has anyone observed something like this? We are running two servers (as VMs) with Dovecot v2.2.18, synced (two-way) using dsync. The configurations follow. Can you please help me understand what may have gone wrong? Can I try to find actions regarding these folders in the logs? What should I search for? Could this be an issue involving dsync? How can I trace back dsync activity in detail? Server configs follow (I have only altered the real domain name and the login greeting.) Thanks in advance, Nick - SERVER 1 - protocols = imap pop3 login_greeting = Hello World! mail_location = maildir:~/Maildir/ mail_gid = 500 mail_uid = 500 auth_mechanisms = plain login auth_username_format = %Lu auth_verbose = yes auth_debug = no mail_debug = no disable_plaintext_auth = no mail_plugins = quota notify replication protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota notify replication } protocol pop3 { mail_max_userip_connections = 3 mail_plugins = quota notify replication pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = log_path = mail_plugins = quota notify replication postmaster_address = sysad...@example.com sendmail_path = /usr/lib/sendmail } userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u replication_dsync_parameters = -d -N -l 30 -U plugin { mail_replica = remote:vm...@vmail1.example.com } plugin { quota = maildir:User quota quota_rule = *:storage=5G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u } service quota-warning { executable = script /opt/mail1.sh user = vmail unix_listener quota-warning { user = vmail } } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service replicator { unix_listener replicator-doveadm { mode = 0600 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { service_count = 1 vsz_limit = 64 M } service pop3-login { service_count = 1 vsz_limit = 64 M } service replicator { process_min_avail = 1 } service imap { executable = imap postlogin } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog unix_listener postlogin { } } ssl_ca =
Re: My dovecot works fine against Active Directory 2003, but not against AD2008
On 9/12/2015 12:31 AM, Mark Foley wrote: > Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers > indicated to me you might be talking about Windows Small Business Server 2003 > or > 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 > AD/DC > on Linux. The OP probably is referring to AD functional levels: https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx Thanks, Shawn
New created users can not log in
Hi, I am using dovecot 2.2 for some time. All users on the system can log in using Horde Webmail. But now, after creating a new user on the server with username> this new user is not able to log in. Of course I have set a password for the new user. In the log file I can see: Sep 16 23:04:05 servername auth: gkr-pam: error looking up user information Sep 16 23:04:07 servername HORDE: [imp] [login] Authentication failed. [pid 1584 on line 730 of "/srv/www/htdocs/horde/imp/lib/Imap.php"] Sep 16 23:04:07 servername HORDE: [imp] FAILED LOGIN for calendar (93.82.157.132) to {imap://localhost/} [pid 1584 on line 157 of "/srv/www/htdocs/horde/imp/lib/Auth.php"] Sep 16 23:04:07 servername HORDE: [horde] FAILED LOGIN for calendar to horde (93.82.157.132) [pid 1584 on line 199 of "/srv/www/htdocs/horde/login.php"] Please give me a hint. -- Ferdinand
Re: How to "Windows Authenticate"
Love your "ASCII Ribbon Campaign" signature! I still use mailx myself. I'll have to check out that "access denied" message for the email to mfo...@ohprs.org. I haven't seen that before. FreeBSD.org is not blocked in my access.db. Hmmm ... Anyway, yes, I've been through those instructions over and over and they certainly do "suggest" it should work, but I haven't yet found anyone that has actually got it working. I assume you have not either, right? The platform these instructions are targeted to are not quite my setup as the Dovecot host is also the AD/DC using Samba4, so the DC/join instructions don't apply, nor does the Kerberos: "Please note that you do not need to install or configure any other Kerberos KDC for Samba to work. Samba includes a AD-compatible KDC, currently based on an included copy of the Heimdal project." https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos Also, the instruction in the link you reference must be a bit out of date because the suggested userdb: userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes } gives an error with my dovecot 2.2.15. The word "static" has to go inside the curly-braces as "driver static" and the "allow_all_users" has to be added to the 'args' string. Otherwise, Dovecot won't run the config as shown in the link. Otherwise and with the above changes to the userdb, I believe I've followed all applicable instructions in that link. The error I get with my config in the Dovecot log is: Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6> Any idea what would generate this message? --Mark -Original Message- > Subject: Re: How to "Windows Authenticate" > From: Remko Lodder> Date: Wed, 16 Sep 2015 19:38:08 +0200 > To: Mark Foley > Cc: dovecot@dovecot.org > > > On 16 Sep 2015, at 19:10, Mark Foley wrote: > > > > Does the Dovecot NTLM mechanism work with MS Outlook? > > > > [ ] YES > > [ ] NO > > > > Please check one ... anybody. > > > > ???Mark > > > > The URL on the wiki, which had probably been shared before with you; > > http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm > > suggests it does. > > The URL quotes: > > Step 5. Passwordless authentication > > If you have logged on from Windows to the AD domain, try leaving the password > field, on the account, on the MUA, blank. The username / password, from the > initial logon to the Windows machine, are seamlessly picked up and supplied > to the challenge-response process between the MUA, Dovecot and AD. Employing > this way of authentication we achieve single sign-on and we don't need to > maintain MUA local passwords. > > Did you follow the suggestions that are on that page? (all of them). > > Thank you, > Remko > > -- > /"\ Best regards, | re...@freebsd.org > \ / Remko Lodder | remko@EFnet > Xhttp://www.evilcoder.org/ | > / \ ASCII Ribbon Campaign | Against HTML Mail and News >
Re: restrict map-login by geoip?
I don't know if dovecot does, but your firewall should be able to. On 09/16/2015 07:32 PM, Terry Barnum wrote: Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. Thanks, -Terry Terry Barnum digital OutPost http://www.dop.com
restrict map-login by geoip?
Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. Thanks, -Terry Terry Barnum digital OutPost http://www.dop.com
Re: restrict map-login by geoip?
Terry Barnum skrev den 2015-09-17 02:32: I've searched but haven't found how to accomplish this. http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets took me 3 sec :=)
Re: restrict map-login by geoip?
Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersenwrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've searched but haven't found how to accomplish this. > > http://wiki2.dovecot.org/Authentication/RestrictAccess > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > took me 3 sec :=) >
Re: restrict map-login by geoip?
Terry Barnum skrev den 2015-09-17 03:56: Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? i did not write the wiki or dovecot c code, you asked how dovecot if it could doit, i searched the link for you, but i admit i du not understand the wiki self here :( but basicly 127.0.0.0/8 is one cidr range with many ips 127.0.0.2/32 is a single ip cidr range for ipv6 its possible aswell, but i dont know how to
Re: How to "Windows Authenticate"
Does the Dovecot NTLM mechanism work with MS Outlook? [ ] YES [ ] NO Please check one ... anybody. --Mark -Original Message- From: Mark FoleyDate: Sun, 13 Sep 2015 01:10:57 -0400 To: dovecot@dovecot.org Subject: Re: How to "Windows Authenticate" I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and password configured in the Outlook settings to Dovecot for authorizing. This mechanism has been working fine for months. or ... 2) Use NTML authorization if "Require login using Secure Password Authentication (SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication Those, I believe, are the only two choices with Outlook (other than Exchange). Therefore, in order not to configure a Domain-distinct password in Outlook, I need to use the NTLM auth_mechanism for AD "Windows Authentication" with Dovecot. I've tried the settings below (just trying one user at the moment): $ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir protocols = imap ssl_cert = , rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6> Can someone tell me what this means and how to fix it? Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and over, so simply referring me to that link will not help. Thanks, Mark
Re: How to "Windows Authenticate"
> On 16 Sep 2015, at 19:10, Mark Foleywrote: > > Does the Dovecot NTLM mechanism work with MS Outlook? > > [ ] YES > [ ] NO > > Please check one ... anybody. > > —Mark The URL on the wiki, which had probably been shared before with you; http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm suggests it does. The URL quotes: Step 5. Passwordless authentication If you have logged on from Windows to the AD domain, try leaving the password field, on the account, on the MUA, blank. The username / password, from the initial logon to the Windows machine, are seamlessly picked up and supplied to the challenge-response process between the MUA, Dovecot and AD. Employing this way of authentication we achieve single sign-on and we don't need to maintain MUA local passwords. Did you follow the suggestions that are on that page? (all of them). Thank you, Remko -- /"\ Best regards, | re...@freebsd.org \ / Remko Lodder | remko@EFnet Xhttp://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How to "Windows Authenticate"
> On 16 Sep 2015, at 19:10, Mark Foleywrote: > > Does the Dovecot NTLM mechanism work with MS Outlook? > > [ ] YES > [ ] NO > > Please check one ... anybody. > > --Mark > > [checking not suited for work]: : host mail.ohprs.org[98.102.63.107] said: 550 5.7.1 Access denied (in reply to MAIL FROM command) You are welcome :-p -- /"\ Best regards, | re...@freebsd.org \ / Remko Lodder | remko@EFnet Xhttp://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News signature.asc Description: Message signed with OpenPGP using GPGMail