Re: Accessing to mail as another user
I have this configuration running, except for the ACL. The problem I'm having with ACLs is that I have to manually create the ACL for each folder userB has and if userB creates a new folder, then it is forbidden for userA until I update the ACL. How do you solve this? El 15/02/16 a las 09:18, Marco Giunta escribió: Hi, we have such configuration in our Dovecot; it is configured with virtual users and acl. To enable access of userA mailbox to userB, first I have to add userB to userA acl, and then I put userA username in an ARBITRARY_FIELD of userB record in our ldap (if you use a db for your account, the configuration could be more simple). We use the ARBITRARY_FIELD to limit the access of other users mailboxes: the field is not writable by the user, only by administrators. Our config files: /etc/dovecot/conf.d/auth-master.conf.ext ... passdb { driver = ldap master = yes args = /etc/dovecot/dovecot-ldap.conf.masterusers pass = yes default_fields = userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user} } and in /etc/dovecot/dovecot-ldap.conf.masterusers ... pass_attrs = uid=user,userPassword=password pass_filter = (&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user})) to login, you have to use the same way of a masteruser: Login: userA*userB Password: userB_password Cheers, Marco On 2016-02-10 07:49, Angel L. Mateo wrote: El 09/02/16 a las 13:44, Matthias Fechner escribió: do you maybe mean shared mailboxes: http://wiki.dovecot.org/SharedMailboxes I don't want shared mailboxes. I have to access the other mailbox as a complete separate account from my personal one. I think I can achive this with master user, but I need to found a way to configure permissions so the real user has access to all folders in the other mailbox. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 86337
Re: Pigeonhole and duplicate checking
Perfect! Using the "auth" trick and appropriate "discard" statements allowed me to get the scripts setup exactly as I had originally intended. Thanks! Dan On 2/15/2016 8:29 PM, Stephan Bosch wrote: Op 2/16/2016 om 1:32 AM schreef Dan Ragle: In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a separate user on the system with their own account (called spamuser). In the Pigeonhole setup it looks like I have to redirect those messages (i.e., redirect "spamu...@mydomain.com";). That works, but I'm having issues with "duplicate" messages getting delivered directly to my inbox instead of getting redirected. IOW, my regular user's .dovecot.sieve has: if header :contains "X-Spam-Flag" "YES" { redirect "spamu...@mydomain.com"; stop; } and the spamuser's .dovecot.sieve has: require ["imap4flags"]; setflag "\\seen"; (this system is entirely for personal use, no concerns with a user's Spam being seen via the separate spamuser account). Now, the problem I'm having is that sometimes a message arrives with a duplicate message-ID. Here's an abbreviated example from my maillog: Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844: from=, size=613, class=0, nrcpts=1, msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, proto=SMTP, daemon=MTA, relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may be forged) Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867: from=, size=613, class=0, nrcpts=1, msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, proto=SMTP, daemon=MTA, relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may be forged) Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr): 7Hj/LoBiwVboaAAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: forwarded to Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local: Client quit Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser): 9TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: stored mail into mailbox 'INBOX' Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local: Client quit Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): +TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: discarded duplicate forward to Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): +TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: stored mail into mailbox 'INBOX' So the first message comes in and is redirected properly to my spamuser and stored in the inbox. The second one comes in, pigeonhole sees it's a duplicate, refuses to redirect it, and stores it in my inbox instead. This expected behavior. I tried forcing the .dovecot.lda-dupes file to be a symlink to /dev/null just to see if it would work, but unfortunately dovecot just recreates it as a normal file the next time it delivers to that user. Exactly. Ideally, I'd like to just discard the duplicates. It looks like there is duplicate testing functionality available, but not until later versions of Dovecot/Pigeonhole. Yes, but you will not need that. Is there anyway I can either just discard the duplicates, or get them to be redirected to the spamuser? What happens is that the redirect action is ignored the second time, which means that the implicit keep is not canceled (https://tools.ietf.org/html/rfc5228#section-2.10.2). Upon executing "stop;", the script ends and the implicit keep is executed, hence the message is stored in "INBOX". So, what you need to do is cancel the implicit keep, no matter what redirect does. This can be achieved as follows: if header :contains "X-Spam-Flag" "YES" { redirect "spamu...@mydomain.com"; discard; stop; } The discard action will cancel the implicit keep. It will not affect the redirect action in any way. If you're a bit scared of the discard action, you can also replace the it with some other action that cancels the implicit keep, such as "fileinto" to put duplicates in their own little black hole folder. Also, some other questions I came up with along the way: Is there any way I can force a message to fileinto a different user's Mailbox? I'm guessing no since it appears that the lmtp drops root privileges before the global sieve script is interpreted, but thought I'd ask anyway. I did try: fileinto "/var/mail/spamuser"; But Dovecot complained, something about the mailbox pattern being invalid. If it were possible, I would think it would want something like fileinto "spamuser:INBOX"; instead, but I don't know if that is
Re: Pigeonhole and duplicate checking
Op 2/16/2016 om 1:32 AM schreef Dan Ragle: > In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a > separate user on the system with their own account (called spamuser). > In the Pigeonhole setup it looks like I have to redirect those > messages (i.e., redirect "spamu...@mydomain.com";). That works, but > I'm having issues with "duplicate" messages getting delivered directly > to my inbox instead of getting redirected. IOW, my regular user's > .dovecot.sieve has: > > if header :contains "X-Spam-Flag" "YES" { > redirect "spamu...@mydomain.com"; > stop; > } > > and the spamuser's .dovecot.sieve has: > > require ["imap4flags"]; > setflag "\\seen"; > > (this system is entirely for personal use, no concerns with a user's > Spam being seen via the separate spamuser account). > > Now, the problem I'm having is that sometimes a message arrives with a > duplicate message-ID. Here's an abbreviated example from my maillog: > > Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844: > from=, size=613, class=0, nrcpts=1, > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, > proto=SMTP, daemon=MTA, > relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may > be forged) > Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local > Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867: > from=, size=613, class=0, nrcpts=1, > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, > proto=SMTP, daemon=MTA, > relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may > be forged) > Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr): > 7Hj/LoBiwVboaAAACXJZQA: sieve: > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: > forwarded to > Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local: > Client quit > Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local > Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser): > 9TPnN55iwVYNaQAACXJZQA: sieve: > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: > stored mail into mailbox 'INBOX' > Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local: > Client quit > Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local > Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): > +TPnN55iwVYNaQAACXJZQA: sieve: > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: > discarded duplicate forward to > Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): > +TPnN55iwVYNaQAACXJZQA: sieve: > msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: > stored mail into mailbox 'INBOX' > > So the first message comes in and is redirected properly to my > spamuser and stored in the inbox. The second one comes in, pigeonhole > sees it's a duplicate, refuses to redirect it, and stores it in my > inbox instead. This expected behavior. > I tried forcing the .dovecot.lda-dupes file to be a symlink to > /dev/null just to see if it would work, but unfortunately dovecot just > recreates it as a normal file the next time it delivers to that user. Exactly. > Ideally, I'd like to just discard the duplicates. It looks like there > is duplicate testing functionality available, but not until later > versions of Dovecot/Pigeonhole. Yes, but you will not need that. > Is there anyway I can either just discard the duplicates, or get them > to be redirected to the spamuser? What happens is that the redirect action is ignored the second time, which means that the implicit keep is not canceled (https://tools.ietf.org/html/rfc5228#section-2.10.2). Upon executing "stop;", the script ends and the implicit keep is executed, hence the message is stored in "INBOX". So, what you need to do is cancel the implicit keep, no matter what redirect does. This can be achieved as follows: if header :contains "X-Spam-Flag" "YES" { redirect "spamu...@mydomain.com"; discard; stop; } The discard action will cancel the implicit keep. It will not affect the redirect action in any way. If you're a bit scared of the discard action, you can also replace the it with some other action that cancels the implicit keep, such as "fileinto" to put duplicates in their own little black hole folder. > Also, some other questions I came up with along the way: > > Is there any way I can force a message to fileinto a different user's > Mailbox? I'm guessing no since it appears that the lmtp drops root > privileges before the global sieve script is interpreted, but thought > I'd ask anyway. I did try: > > fileinto "/var/mail/spamuser"; > > But Dovecot complained, something about the mailbox pattern being > invalid. If it were possible, I would think it would want something like > > fileinto "spamuser:INBOX"; > > instead, but I don't know if that is even possible. Your guess is right on the money. > In a global sieve scri
Re: the prefix number of the configuration filename
At a guess, the directory gets listed, the names get sorted numerically, and then read in order low-to-high. In theory, the end result will be the same regardless of what order stuff gets read in, but doing it in a deterministic order makes troubleshooting easier. On Mon, Feb 15, 2016 at 7:31 PM, Dogz wrote: > Hi all, > > I am very curious about the prefix number of the configuration > filename, such as 10-auth.conf > 10-director.conf > 10-logging.conf > 10-mail.conf > 10-master.conf > 10-ssl.conf > 15-lda.conf > 15-mailboxes.conf > 20-imap.conf > 20-lmtp.conf > 20-managesieve.conf > 20-pop3.conf > 90-acl.conf > 90-plugin.conf > 90-quota.conf > 90-sieve.conf > 90-sieve-extprograms.conf > > What are those meanings of 10,15,20 and 90 ? > > Please advise me and thank you in advance. > > -- > Best Regards, > Dogz >
Re: the prefix number of the configuration filename
> Hi all, I am very curious about the prefix number of the configuration > filename, such as 10-auth.conf What are those meanings of 10,15,20 > and 90 ? The configuration files are read and processed according to the sorting order of their names. Adding the numeric prefixes allows the order in which the files are processed to be determined independently of their names. So, in this case, the config files with names starting with 10 are read first (i.e., 10-director.conf is processed first). If the number prefixes weren't there, then the "acl.conf" file would be processed first (instead of near the end). It matters what order the configuration files are processed in because later files can override parameters set by earlier files. Rich Wales ri...@richw.org
Pigeonhole and duplicate checking
I spent some time setting up Dovecot LMTP with Pigeonhole this weekend. I got most of the things I wanted to working but have a few issues that I'm hoping that someone might be able to help with. First, I'm running the stock version of the tools from the core repos for CentOS/6, which means Dovecot 2.0.9 and Pigeonhole 0.2.2. Unfortunately, I don't expect to be able to upgrade those anytime soon, so I'm hoping I can find workarounds for my existing versions. My mailserver is sendmail, I linked to Dovecot LMTP by adding: FEATURE(`local_lmtp', `[IPC]', `FILE /var/run/dovecot/lmtp')dnl to my sendmail.mc. In my prior procmail setup, I auto-forwarded all my SPAM E-mail to a separate user on the system with their own account (called spamuser). In the Pigeonhole setup it looks like I have to redirect those messages (i.e., redirect "spamu...@mydomain.com";). That works, but I'm having issues with "duplicate" messages getting delivered directly to my inbox instead of getting redirected. IOW, my regular user's .dovecot.sieve has: if header :contains "X-Spam-Flag" "YES" { redirect "spamu...@mydomain.com"; stop; } and the spamuser's .dovecot.sieve has: require ["imap4flags"]; setflag "\\seen"; (this system is entirely for personal use, no concerns with a user's Spam being seen via the separate spamuser account). Now, the problem I'm having is that sometimes a message arrives with a duplicate message-ID. Here's an abbreviated example from my maillog: Feb 15 00:30:46 myhost sendmail[26844]: u1F5UeBP026844: from=, size=613, class=0, nrcpts=1, msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, proto=SMTP, daemon=MTA, relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may be forged) Feb 15 00:31:05 myhost dovecot: lmtp(26856): Connect from local Feb 15 00:31:07 myhost sendmail[26867]: u1F5UvFi026867: from=, size=613, class=0, nrcpts=1, msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>, proto=SMTP, daemon=MTA, relay=117.27.191.61.broad.static.hf.ah.cndata.com [61.191.27.117] (may be forged) Feb 15 00:31:10 myhost dovecot: lmtp(26856, dmr): 7Hj/LoBiwVboaAAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: forwarded to Feb 15 00:31:10 myhost dovecot: lmtp(26856): Disconnect from local: Client quit Feb 15 00:31:10 myhost dovecot: lmtp(26893): Connect from local Feb 15 00:31:10 myhost dovecot: lmtp(26893, spamuser): 9TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: stored mail into mailbox 'INBOX' Feb 15 00:31:11 myhost dovecot: lmtp(26893): Disconnect from local: Client quit Feb 15 00:31:18 myhost dovecot: lmtp(26893): Connect from local Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): +TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: discarded duplicate forward to Feb 15 00:31:18 myhost dovecot: lmtp(26893, dmr): +TPnN55iwVYNaQAACXJZQA: sieve: msgid=<68895654496651-hltyggrlpdjdvtzrhfikg...@hverovvxzb.arkansas-email.com>: stored mail into mailbox 'INBOX' So the first message comes in and is redirected properly to my spamuser and stored in the inbox. The second one comes in, pigeonhole sees it's a duplicate, refuses to redirect it, and stores it in my inbox instead. I tried forcing the .dovecot.lda-dupes file to be a symlink to /dev/null just to see if it would work, but unfortunately dovecot just recreates it as a normal file the next time it delivers to that user. Ideally, I'd like to just discard the duplicates. It looks like there is duplicate testing functionality available, but not until later versions of Dovecot/Pigeonhole. Is there anyway I can either just discard the duplicates, or get them to be redirected to the spamuser? Also, some other questions I came up with along the way: Is there any way I can force a message to fileinto a different user's Mailbox? I'm guessing no since it appears that the lmtp drops root privileges before the global sieve script is interpreted, but thought I'd ask anyway. I did try: fileinto "/var/mail/spamuser"; But Dovecot complained, something about the mailbox pattern being invalid. If it were possible, I would think it would want something like fileinto "spamuser:INBOX"; instead, but I don't know if that is even possible. In a global sieve script, is there anyway to know/test which system user is the targeted user for delivery? So in a global sieve_before script I could test the target user, and if it's spamuser just file it immediately and stop with no further testing? Thanks for any assistance! Dan
the prefix number of the configuration filename
Hi all, I am very curious about the prefix number of the configuration filename, such as 10-auth.conf 10-director.conf 10-logging.conf 10-mail.conf 10-master.conf 10-ssl.conf 15-lda.conf 15-mailboxes.conf 20-imap.conf 20-lmtp.conf 20-managesieve.conf 20-pop3.conf 90-acl.conf 90-plugin.conf 90-quota.conf 90-sieve.conf 90-sieve-extprograms.conf What are those meanings of 10,15,20 and 90 ? Please advise me and thank you in advance. -- Best Regards, Dogz
Health check for dsync?
I am syncing two Dovecot sites using dsync. Are there any tools available to confirm that dsync is (or is not) running properly between the two sites? (E.g., something I could run periodically in Nagios?) Rich Wales ri...@richw.org
doveadm backup to local drive
I'm trying to get doveadm to backup all users to a local drive without any luck. $ sudo doveadm backup -A /Volumes/mail_bak/mailstore_backup/ Error: User listing returned failure doveadm: Error: Failed to iterate through some users The doveadm-backup man page has the instruction to make sure the iterate query matches the database layout but I'm not sure what that means. If the user_query in dovecot-sql.conf.ext looks like this, what should the iterate_query look like? user_query = \ SELECT '/opt/local/virtual/%d/%n/mail' as home, \ 'maildir:/opt/local/virtual/%d/%n/mail' as mail, 501 as uid, \ 501 as gid, concat("*:storage=", quota) AS quota \ FROM mailbox WHERE username = "%u" AND active = "1" # Query to get a list of all usernames. iterate_query = SELECT username AS user FROM users Thanks, -Terry Terry Barnum digital OutPost Carlsbad, CA http://www.dop.com 800/464-6434
Re: Redundant and Geobalancing setup
Hi Daniel, I do already have a backup server where I replicate the mails every 4 hours using imapsync. Not the best, but this is workable. The one time I redirected to backup server, people where complaining that they were having duplicate mails ( this was pop access ) I also have mx backup with easydns, was part of the plan so I use it. We have three main offices, a few on the road managers and many dealers. Dealers run their own business under our trademark, and use the same domains for mails as ours (head offices). I mean every mailbox is on the same server. May be not the best. I have the mandate to get everything running smooth. There can be outages, but not too long. One hour is too long for some It will also be to educated people here and there. I understand that what they want costs money, but I'm not able to make them understand that what they want is not plug and play cheap solution. But, I'm going to test on VMs dovecot on glusterfs with dovecot director if I manage to get it working properly. Might be a challenge, but who knows, it might work :) Best regards, Cedric 2016-02-15 4:16 GMT-05:00 Daniel Tröder : > On 02/13/2016 04:00 AM, Cedric Malitte wrote: > > Hi, > > > > I use dovecot for a long time now, but only as a single isolated server > > each time. > > > > I joined a company a few years back. We had trouble with compagnies > hosting > > our mail, supposedly full redundant and so on. > > > > The company is small, but we have many dealers around the world, and it's > > growing. > > > > Mail became the fist choice for clients to contact the dealers. > > No mail, and we loose sales. > > > > For now we have a single server ( with a backup ) on east coast. > > And sometimes peoples from EU complain about speed ah users :) > > > > What I'd like to implement is a redundant system with 2 servers, one in > NA, > > one in EU. > > And I'd also like to be able to add another server if needed on the west > > coast. > > > > Idea is, that if a server goes down, the users will be able to still > > receive and send mails, and never loose mails. > > > > For geobalacing and failover, I read that I can do it with DNS ( I'm with > > easydns ). > > > > I'm at the first stage where I collect informations that I try to > > understand and foresee a solution. > > > > First idea is to set up servers with a mysql master, slaves and a > glusterfs > > in replica mode on the servers. > > I tried glusterfs on FreeBSD and OMG, it's slow as hell ! ( well maybe > it's > > a trouble on the VMs nics ) > > On centos it's way better. > > But I read there might be trouble/index corruption for the mail storage > on > > "shared" space using maildir. > > > > I also had a look at dsync, but I wonder if it can be used on more than 2 > > servers. > > > > I found many pages on dovecot clusters using shared storage NFS mounted, > > but I feel it's not really what I need as the servers will be in > different > > datacenters. > > > > So any guide, clue hint would be really appreciated for me to do my > > homework ! > > > > Regards. > > > > Cedric > > Hi Cedric, > > I think a simpler solution will not just be cheaper but less complex - > and with that more reliable: > > The speed problem of the EU users is probably just feeling. You should > quantify it for both SMTP and IMAP. Collect that data for the scenarios > that your users complain about (is it to a partner or inter-office?). > Only then can you work on a solution that you will be able to prove to > them, is better. This is paramount. > > My suggestions: > * Server on the east cost is good for both NA and EU. > * Good (better?) internet connection for the EU office, prioritize SMTP > vs HTTP in router/firewall (fast internet is WAY cheaper than cluster > setups plus administrators) > * SMTP relay in EU _office_, so that _sending_ mails is with LAN speed > for users > > Create a redundant setup for SMTP and IMAP together on the east cost. > You'll get redundancy without the WAN problem. > > Setup a secondary MX in a different data center for uber-redundency. It > will not enable your users to read their mail in case the 1st data > center is on fire, but no client mails will get lost, as they will be > queued on the 2nd MX - better read client mails late then never! > > Setup a clone of the primary server at the 2nd MX and sync mails & > backup there on a hourly basis. If the 1st data center is not back in an > hour, you can still switch DNS to the 2nd site and your users will have > had a very short downtime. > > The result is not a top-notch 100% solution, but it is simple and > everything is implemented on application layer. That gives you freedom > to switch products, hardware, platform and administrators(!). > > Ask your customer/supervisor what uptime is necessary and how much they > are willing to pay. The SLAs of MS/Google/etc offer up to 99.9% (~9 > hours downtime per year). If that is the goal, then they should pay the > price for their equipment and staff.
Get mailbox from its guid through IMAP
In the shell I'do: doveadm fetch -u bob mailbox mailbox-guid $box uid 1 Is there a way through IMAP to get the same? -- peter
Streaming MOVE commands
Dear Dovecot devs, is streaming multiple MOVE commands by clients allowed? I am getting duplicated messages with the GNUS mail client, the interchange looks like this: *stream two moves to different folders* > 9019 UID MOVE 4062,4066,4068 "folder0" > 9020 UID MOVE 4063:4064,4067,4069:4072 "folder1" *the messages are copied* > * OK [COPYUID 1424475218 4062,4066,4068 376:378] Moved UIDs. > * OK [COPYUID 1424475231 4063:4064,4067,4069:4072 26:32] Moved UIDs. *however expunge fails to clean 4063, 4064, and 4067* > * VANISHED 4062,4066,4068:4072 thus 4063, 4064, and 4067 end both in inbox and folder1 producing duplicate messages (more details at [1]). At the GNUS mailing list, we were wondering about what should be the correct reading of RFC6851. Version and config information below. Best regards, Emilio [1] More details in the thread http://permalink.gmane.org/gmane.emacs.gnus.general/86813 [2] Version $ /usr/sbin/dovecot --version 2.2.13 [3] Config $ /usr/sbin/dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 8.3 ext4 mail_location = maildir:/home/%u/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve" ssl_cert = ... ssl_key = ... userdb { driver = passwd }
Re: Redundant and Geobalancing setup
On 02/13/2016 04:00 AM, Cedric Malitte wrote: > Hi, > > I use dovecot for a long time now, but only as a single isolated server > each time. > > I joined a company a few years back. We had trouble with compagnies hosting > our mail, supposedly full redundant and so on. > > The company is small, but we have many dealers around the world, and it's > growing. > > Mail became the fist choice for clients to contact the dealers. > No mail, and we loose sales. > > For now we have a single server ( with a backup ) on east coast. > And sometimes peoples from EU complain about speed ah users :) > > What I'd like to implement is a redundant system with 2 servers, one in NA, > one in EU. > And I'd also like to be able to add another server if needed on the west > coast. > > Idea is, that if a server goes down, the users will be able to still > receive and send mails, and never loose mails. > > For geobalacing and failover, I read that I can do it with DNS ( I'm with > easydns ). > > I'm at the first stage where I collect informations that I try to > understand and foresee a solution. > > First idea is to set up servers with a mysql master, slaves and a glusterfs > in replica mode on the servers. > I tried glusterfs on FreeBSD and OMG, it's slow as hell ! ( well maybe it's > a trouble on the VMs nics ) > On centos it's way better. > But I read there might be trouble/index corruption for the mail storage on > "shared" space using maildir. > > I also had a look at dsync, but I wonder if it can be used on more than 2 > servers. > > I found many pages on dovecot clusters using shared storage NFS mounted, > but I feel it's not really what I need as the servers will be in different > datacenters. > > So any guide, clue hint would be really appreciated for me to do my > homework ! > > Regards. > > Cedric Hi Cedric, I think a simpler solution will not just be cheaper but less complex - and with that more reliable: The speed problem of the EU users is probably just feeling. You should quantify it for both SMTP and IMAP. Collect that data for the scenarios that your users complain about (is it to a partner or inter-office?). Only then can you work on a solution that you will be able to prove to them, is better. This is paramount. My suggestions: * Server on the east cost is good for both NA and EU. * Good (better?) internet connection for the EU office, prioritize SMTP vs HTTP in router/firewall (fast internet is WAY cheaper than cluster setups plus administrators) * SMTP relay in EU _office_, so that _sending_ mails is with LAN speed for users Create a redundant setup for SMTP and IMAP together on the east cost. You'll get redundancy without the WAN problem. Setup a secondary MX in a different data center for uber-redundency. It will not enable your users to read their mail in case the 1st data center is on fire, but no client mails will get lost, as they will be queued on the 2nd MX - better read client mails late then never! Setup a clone of the primary server at the 2nd MX and sync mails & backup there on a hourly basis. If the 1st data center is not back in an hour, you can still switch DNS to the 2nd site and your users will have had a very short downtime. The result is not a top-notch 100% solution, but it is simple and everything is implemented on application layer. That gives you freedom to switch products, hardware, platform and administrators(!). Ask your customer/supervisor what uptime is necessary and how much they are willing to pay. The SLAs of MS/Google/etc offer up to 99.9% (~9 hours downtime per year). If that is the goal, then they should pay the price for their equipment and staff. For anything less my argument is less complexity for higher reliability. Greetings Daniel signature.asc Description: OpenPGP digital signature
Re: Re: Accessing to mail as another user
Hi, we have such configuration in our Dovecot; it is configured with virtual users and acl. To enable access of userA mailbox to userB, first I have to add userB to userA acl, and then I put userA username in an ARBITRARY_FIELD of userB record in our ldap (if you use a db for your account, the configuration could be more simple). We use the ARBITRARY_FIELD to limit the access of other users mailboxes: the field is not writable by the user, only by administrators. Our config files: /etc/dovecot/conf.d/auth-master.conf.ext ... passdb { driver = ldap master = yes args = /etc/dovecot/dovecot-ldap.conf.masterusers pass = yes default_fields = userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user} } and in /etc/dovecot/dovecot-ldap.conf.masterusers ... pass_attrs = uid=user,userPassword=password pass_filter = (&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user})) to login, you have to use the same way of a masteruser: Login: userA*userB Password: userB_password Cheers, Marco On 2016-02-10 07:49, Angel L. Mateo wrote: El 09/02/16 a las 13:44, Matthias Fechner escribió: do you maybe mean shared mailboxes: http://wiki.dovecot.org/SharedMailboxes I don't want shared mailboxes. I have to access the other mailbox as a complete separate account from my personal one. I think I can achive this with master user, but I need to found a way to configure permissions so the real user has access to all folders in the other mailbox. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244