Own implementation of a dict server. Is dict lookup multi threaded or single threaded?
Hi, I have created my own dict server (proxy:[]:) to access a proprietary database. What happens if the dict server lookup is slow? for example because the lookup process takes some time? Does Dovecot access the dict proxy from multiple threads or is this a single threaded process? Kind regards, Martijn Brinkers
Re: Intermittent IMAP Login failures - about 25% fail
On 07 Apr 2016, at 19:02, Mobile Phone wrote: > > pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication > failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) .. > Why it this bouncing 25% + of IMAP AUTH LOGINs? PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some PAM plugin that denies the user's access even if the password is correct. Unfortunately there's no way to enable debugging for PAM. Try simplifying your PAM setup, or if you can't figure out anything else switch to passdb shadow.
Re: Fwd: Intermittent IMAP Login failures - about 25% fail
Yes, I had as soon as I saw strange results. The fault is still intermittent and affecting all clients. auth.log: Apr 7 15:05:27 brazil auth: message repeated 10 times: [ pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=prtg.08dir rhost=91.91.91.91 user=prtg.08dir] mail.log: Apr 7 15:05:01 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=99.99.99.99, lip=91.91.91.91, TLS, session= Apr 7 15:05:02 brazil postfix/smtpd[13968]: connect from unknown[91.91.19.91] Apr 7 15:05:02 brazil postfix/smtpd[13968]: disconnect from unknown[91.91.19.91] Apr 7 15:05:27 brazil dovecot: auth: Debug: auth client connected (pid=14880) Apr 7 15:05:27 brazil dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=AY8JkxUvzQBex5Un#011lip=99.99.99.99#011rip=91.91.19.91#011lport=143#011rport=59085#011resp=AHBydGcuMDhkaXJlY3QAV2VmdWNraW5IYXRlU3BhbQ== (previous base64 data may contain sensitive data) Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.19.91): lookup service=dovecot Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.19.91): #1/1 style=1 msg=Password: Apr 7 15:05:29 brazil dovecot: auth-worker(13031): pam(prtg.08dir,91.91.19.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) Apr 7 15:05:31 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:31 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=91.91.19.91, lip=99.99.99.99, TLS, session= syslog: root@brazil:/var/log# cat syslog|grep "Apr 7 15:05"|more Apr 7 15:05:01 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:01 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=91.91.91.91, lip=99.99.99.99, TLS, session= Apr 7 15:05:02 brazil postfix/smtpd[13968]: connect from unknown[91.91.91.91] Apr 7 15:05:02 brazil postfix/smtpd[13968]: disconnect from unknown[91.91.91.91] Apr 7 15:05:27 brazil dovecot: auth: Debug: auth client connected (pid=14880) Apr 7 15:05:27 brazil dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=AY8JkuUvzQBex5Un#011lip=99.99.99.99#011rip=91.91.91.91#011lport=143#011rport=59085#011resp=AHBydGcuMDhkaXJlY3QAV2VmdWNraW5IYXRlU3BhbQ== (previous base64 data may contain sensitive data) Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.91.91): lookup service=dovecot Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.91.91): #1/1 style=1 msg=Password: Apr 7 15:05:29 brazil dovecot: auth-worker(13031): pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) Apr 7 15:05:31 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:31 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=91.91.91.91, lip=99.99.99.99, TLS, session= Apr 7 15:05:33 brazil dovecot: auth: Debug: auth client connected (pid=14881) Why it this bouncing 25% + of IMAP AUTH LOGINs? On 7 April 2016 at 14:02, Steffen Kaiser wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, 7 Apr 2016, Mobile Phone wrote: > > New server & just added three domains: >> now I see >> "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): >> user=, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, >> TLS, session=" >> Plus all Outlook users keep being bounced and finally get in. >> > > Did you tried to enable auth debug? > > http://wiki2.dovecot.org/Debugging/Authentication > > - -- Steffen Kaiser > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQEVAwUBVwZad3z1H7kL/d9rAQLDGwf/RS54zzxS4P6XxBmwPL2b3iA2YD5a9dHL > +jTs6s5zS0leX8PWcrjES9BoU8pRBRm4IRqJFI5eZeWmhSVvHSe5iAEZ0n8k+MGc > yunHljQLvsNg5EJtxiOf7TLw9k7lJuilKb5WR1aC5gBO0NscxWUIhXHy1uSGOGv8 > xtzZPSvmZJcjQWqtVl7NklUy8+jRj42uwtS3Q3G2OhyBR45vpsPQBkeNsYHaITdF > Q+LE6lAaVFuxCoX7d4XQyt+craNq0mNEl3A6DBb41YY6bK+QdXt9ciG1iOAF1aR1 > zPRlII0Vt1USX9Jw+B24/f6zfFv5yQ6q/k35o9YO0taot5swtnJBOA== > =2aRu > -END PGP SIGNATURE- > >
A few new Pigeonhole features
Hi, A few new Pigeonhole features that enthusiasts can experiment with: - Recently, I implemented support for the "imapsieve" extension in Sieve and its IMAP counterpart (https://tools.ietf.org/html/rfc6785). This is now in the Pigeonhole master branch. This allows running Sieve scripts at IMAP activity, rather than at delivery. There are also facilities for the familiar sieve_before/sieve_after administrator scripts. The documentation is currently only in the sources and not on the wiki: https://raw.githubusercontent.com/dovecot/pigeonhole/master/doc/plugins/imapsieve.txt - Yesterday, I implemented online trace debugging for Sieve scripts: i.e., directly during delivery rather than only using the sieve-test tool. This is also supported for the IMAPSIEVE feature discussed above. This is documented in the INSTALL file: https://github.com/dovecot/pigeonhole/blob/master/INSTALL#L522 In other news, I started a specification for a new Sieve feature that allows using the IMAP SPECIAL-USE attributes from Sieve scripts: https://tools.ietf.org/html/draft-bosch-sieve-special-use-00 There is no implementation yet. Any comments, suggestions or bug reports are welcome. Regards, Stephan.
Re: [PATCH 0/7] Fixes for lib-mail message-address
On 06 Apr 2016, at 17:29, Pali Rohár wrote: > > On Monday 04 April 2016 19:35:22 Pali Rohár wrote: >> On Monday 04 April 2016 19:31:06 aki.tu...@dovecot.fi wrote: >>> Can you please send them directly to me, please? >>> --- >>> Aki Tuomi >> >> Sent. > > Received? Are patches OK now? It would be nice if each commit was accompanied with the corresponding unit test change in test-message-address.c. Now that the unit test changes are done in a separate commit I'm not really sure which test change is testing which commit or if some tests are missing. At least the "Quote and escape strings if needed" patch needs more tests for different kinds of escapes/atext/non-atext chars and =? in strings.
Re: Fwd: Intermittent IMAP Login failures - about 25% fail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Apr 2016, Mobile Phone wrote: New server & just added three domains: now I see "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, TLS, session=" Plus all Outlook users keep being bounced and finally get in. Did you tried to enable auth debug? http://wiki2.dovecot.org/Debugging/Authentication - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVwZad3z1H7kL/d9rAQLDGwf/RS54zzxS4P6XxBmwPL2b3iA2YD5a9dHL +jTs6s5zS0leX8PWcrjES9BoU8pRBRm4IRqJFI5eZeWmhSVvHSe5iAEZ0n8k+MGc yunHljQLvsNg5EJtxiOf7TLw9k7lJuilKb5WR1aC5gBO0NscxWUIhXHy1uSGOGv8 xtzZPSvmZJcjQWqtVl7NklUy8+jRj42uwtS3Q3G2OhyBR45vpsPQBkeNsYHaITdF Q+LE6lAaVFuxCoX7d4XQyt+craNq0mNEl3A6DBb41YY6bK+QdXt9ciG1iOAF1aR1 zPRlII0Vt1USX9Jw+B24/f6zfFv5yQ6q/k35o9YO0taot5swtnJBOA== =2aRu -END PGP SIGNATURE-
Re: Opportunistic quota recalc
On 07 Apr 2016, at 14:49, Tom Sommer wrote: > > On 2016-04-06 21:09, Tom Sommer wrote: >> On 2016-04-06 20:38, Timo Sirainen wrote: >>> On 06 Apr 2016, at 13:43, Tom Sommer wrote: I'm switching quota backend to redis (from maildir++), so all my current usages are reset. I get that I can do "doveadm quota recalc -A", but it takes forever (and auth processes time out/crash). It would make much more sense to recalc the usage on login if the current usage is unset. Is there no way to do a recalc-quota-on-first-login? >>> I'd actually recommend switching to "count" quota: >>> http://wiki2.dovecot.org/Quota/Count >> I tried count, but it crashes because of dotlocks :) There is another >> post about it :) > > Any change you will have time to fix this? Because I would really love to > switch to "count". Looks unlikely right now, but lets see. You could also in theory just mount with -o nolock and use fcntl/flock locking so each server does the locking internally only. Having director working correctly is of course even more important in that case.
Re: ETOOMANYREFS related errors
Hi, I've been running a Debian-Jessie backported 4.4 kernel for the last few days, and I can confirm the same issue happening with this kernel as well. Regards, Luis El vie., 11 mar. 2016 a las 9:01, Luis Ugalde () escribió: > El vie., 11 mar. 2016 a las 2:08, Timo Sirainen () escribió: > >> On 11 Mar 2016, at 03:48, Luis Ugalde wrote: >> > >> > Hi, >> > >> > I'm starting to see, on a pretty standard Debian Jessie installation, >> some >> > error messages that are apparently related to the ETOOMANYREFS errno. >> > >> > Firstly, the mail log shows this: >> > dovecot: pop3-login: Error: fd_send(pop3, 18) failed: Too many >> references: >> > cannot splice >> >> Apparently because Linux thinks the same fd has been passed around >> recursively too many times: >> http://lkml.iu.edu/hypermail/linux/kernel/1101.0/01917.html >> >> But Dovecot doesn't pass it recursively. It's only passed once from >> pop3-login to pop3 process. >> >> > Is this something that Dovecot should be able to handle, or is it >> strictly >> > Debian/libc/MySillyMistake related? >> > >> > #uname -a >> > Linux server 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 >> > (2016-01-17) x86_64 GNU/Linux >> >> I wonder if there's a new kernel change that started detecting the >> recursion wrong. >> >> > Yes, It's started to happen with the latest kernels from the Stable > branch. This is the latest I have installed: > 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 > > Older Debian kernels are not showing up anything. This one, for example: > 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 > > > Regards. >
Re: Setting lmtp_user_concurrency_limit causes anvil permission error
On 2016-04-07 13:41, Tom Sommer wrote: I've set lmtp_user_concurrency_limit to 5 and now LMTP throws this at me for every delivery: Apr 07 13:38:33 lmtp(4434): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 7 13:32 /var/run/dovecot/anvil If I set lmtp_user_concurrency_limit to 0, the error goes away. Hrm, if I disable lmtp_rcpt_check_quota, then the error goes away as well. Very confusing.
lmtp_rcpt_check_quota = yes silently blocks mail if quota check fails
I have a user which has a quota-check that fails with 'Internal error', if I enable lmtp_rcpt_check_quota, the mail is silently tempfailed. Actually it looks like lmtp_rcpt_check_quota=yes suppresses normal Info/Error logging, even on Director. The MTA just gets " 451 4.3.0 Temporary internal error (in reply to end of DATA command)" from the director, but nothing is logged with lmtp_rcpt_check_quota=yes, anywhere. -- Tom
Re: doveadm sync -1 -R
Hi, > Am 06.04.2016 um 21:18 schrieb Timo Sirainen : > > On 05 Apr 2016, at 13:49, Lukas Kolbe wrote: >> >> For each invoke of doveadm backup -R, the local (new) mailbox gets wiped and >> all mails are retransferred - so far, so good. I’d like to use "doveadm sync >> -1“ as per the manpage to keep the downtime short, however sync doesn’t like >> the -R option: >> >> sync: invalid option -- 'R' >> doveadm sync [-u |-A] [-S ] [-1fPU] [-l ] [-r >> ] [-m ] [-g ] [-n | -N] [-x >> ] [-s ] -d| >> >> If I understand it correctly, without -R it would mean that doveadm sync >> would incorporate the changes from the local dovecot-mailbox into the remote >> imapc:-Mailbox, which is the opposite of what I want. > > I completely forgot doveadm sync -1 when I removed -R :( > > Reverted original "fix": > https://github.com/dovecot/core/commit/eba17ecf3a70c10010cd893f3c1a0c1ddd9c5bc0 > > This is what it should have been: > https://github.com/dovecot/core/commit/53c42948d25b1593c1d16a71799c0ffe8d80aa79 > Timo, thanks a lot - this seems to work now as expected! Kind regards, Lukas
Re: Opportunistic quota recalc
On 2016-04-06 21:09, Tom Sommer wrote: On 2016-04-06 20:38, Timo Sirainen wrote: On 06 Apr 2016, at 13:43, Tom Sommer wrote: I'm switching quota backend to redis (from maildir++), so all my current usages are reset. I get that I can do "doveadm quota recalc -A", but it takes forever (and auth processes time out/crash). It would make much more sense to recalc the usage on login if the current usage is unset. Is there no way to do a recalc-quota-on-first-login? I'd actually recommend switching to "count" quota: http://wiki2.dovecot.org/Quota/Count I tried count, but it crashes because of dotlocks :) There is another post about it :) Any change you will have time to fix this? Because I would really love to switch to "count".
Setting lmtp_user_concurrency_limit causes anvil permission error
I've set lmtp_user_concurrency_limit to 5 and now LMTP throws this at me for every delivery: Apr 07 13:38:33 lmtp(4434): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 7 13:32 /var/run/dovecot/anvil If I set lmtp_user_concurrency_limit to 0, the error goes away. -- Tom
Fwd: Intermittent IMAP Login failures - about 25% fail
New server & just added three domains:
now I see
"dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs):
user=, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99,
TLS, session="
Plus all Outlook users keep being bounced and finally get in.
Failure rate is a predictable 25%
I am going to kill all the users soon...
Not too many files open, nor bandwidth, nor load.
Any light/help appreciated.
root@brazil:/var/log# dovecot --version
2.2.9
root@brazil:/var/log# dovecot -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.19.0-58-generic x86_64 Ubuntu 14.04.4 LTS
auth_debug_passwords = yes
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3 pop3
ssl_cert =
Re: enable/disable shared namespace in passdb
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different name than "shared" and see if it works. hello it does, and there is no warning. i feel foolish i did not bother to try thanks, that solves part of the problem best regards alexis
Re: enable/disable shared namespace in passdb
Le 06/04/2016 21:41, Timo Sirainen a écrit :
On 04 Apr 2016, at 13:28, a...@oleane.net wrote:
namespace shared {
type = shared
list = yes# children
disabled = yes
separator = /
prefix = shared/%%u/
location = imapc:~/dovemail/shared/%%u/
}
Don't you get a warning with this?
Warning: Obsolete setting in dovecot.conf:1: namespace shared {} has been
replaced by namespace { type=shared }
This is because of the v1.x dovecot.conf auto-conversion code. Try giving it a different
name than "shared" and see if it works.
yes i get this exact warning
i tried with and without
given the fact that other namespaces parameters can be changed
dynamically through passdb by returning
"namespace"/NAMESPACE_NAME/PARAMETER=VALUE, i was hoping to do the same
with shared namespaces which is why i added a name
i'm wondering : is using shared namespaces with non generic acls and
imapc currently supported in dovecot ?
i'm running into 2 problems :
--> the acl files are looked up in the filesystem in
~loggedin_user/.../shared/sharing_user/ rather than in ~sharing_user so
the filesystem paths are not translated. i can circumvent with symlinks
but i assume the ACLs should be looked up using imap or an extra
location attribute could be added to the namespace so the acls are read
in the proper location.
--> the sharers might themselves have other people sharing with them so
the imapc connections loop. i need a way to selectively disable the
shared namespace. ( based on a specific port, the source address,
something passed by imapc:, the fact that there is a master login...
whatever works )
i'm ready to beta-test if that can help in any way
thanks for your great work
best regards
alexis
