Re: Disabling passdb pam in local.conf

[Marcus Rueckert]

On Mon, 20 Jun 2016 22:03:44 +0200
Patrick Ben Koetter  wrote:
> Greetings,
> 
> I'm trying to create a configuration that leaves every config file
> deployed by an install process or paket management software
> untouched. The goal is to put every configuration required
> into /etc/dovecot/local.conf.
> 
> I've come quite far, but I fail to disable pam as passdb service in
> local.conf. What I get if I run doveconf -n is this section:
> 
> passdb {
>   driver = pam
> }
> 
> It is in there, because 10-auth.conf includes it:
> 
> !include auth-system.conf.ext
> 
> 
> These actions are not an option at the moment:
> 
> - modify /etc/dovecot/conf.d/10-auth.conf and comment/remove the
>   !include-statement
> - create an /etc/dovecot/dovecot.conf which would contain all options
> required and would not include any other *.conf files
> 
> Reading http://wiki2.dovecot.org/ConfigFile I see ways to include
> external files, but nothing to exclude a file in local.conf.
> 
> Knowing Timo I would expect there is a way to acchieve what I want. I
> just don't seem to find it.
> 
> What am I missing?

That 10-auth.conf is actually meant to be edited. most distros should
have configuration file handling pretty much figured out by now. so
none of your changes to those files should get lost. also configuration
management comes to mind.

darix

-- 
  openSUSE - SUSE Linux is my linux
  openSUSE is good for you
  www.opensuse.org

Re: autocreate: We need "auto=init"!

[Timo Sirainen]

On 13 May 2016, at 13:30, Peer Heinlein  wrote:
> 
> 
> There had been several discussions about the common problem, that
> there's need for a autocreate-function that creates mailboxes ONLY for
> new users that had never been logged in before.
> 
> The reason: Existing users already HAVE "special folders" with localized
> names. Creating "standard names" at every login will produce confusion,
> because then they have multiple Sent-Folders and aren't be able to
> delete them, because they'll always be recreated.
> 
> I would love to have:
> 
> 1) auto = init
> Create the folders ONLY if the whole Storage-Folder (e.g.: ~/Maildir or
> e.g. `/mdbox) is create (=creation of the INBOX itself). Don't create
> any folder if the main INBOX already exists. Since there has to be a
> hook to autoreate a non-existing INBOX it should be able to use this
> action to also create the folders with auto=init at the same time.

You should be able to implement this with 
http://wiki2.dovecot.org/Plugins/Welcome

Re: Bug with shared access to mailbox

[Timo Sirainen]

On 03 Jun 2016, at 11:26, Dave  wrote:
> 
>> We tested with 2.2.24, and were unable to reproduce the error. Can you
>> try again with 2.2.24?
> 
> Apologies for butting in, but I've been seeing exactly the same issue post 
> upgrade to 2.2.24 (from 2.2.18):
> 
> [2016-06-02T10:38:28+0100] imap(x): Error: Corrupted index cache file 
> /mnt/index/8cc/95
> 2952/.INBOX/dovecot.index.cache: Broken MIME parts for mail UID 13758 in 
> mailbox INBOX: Cached MIME parts don't
> match message during parsing: Cached header size mismatch 
> (parts=4100f7020a030508000

This bug should have been fixed by 
https://github.com/dovecot/core/commit/20faa69d801460e89aa0b1214f3db4b026999b1e 
+ 
https://github.com/dovecot/core/commit/1bc6f1c54b4d77830288b8cf19060bd8a6db7b27

Re: fts lucene crashes in 2.2.24

[Timo Sirainen]

On 29 May 2016, at 10:56, Wolfgang Rosenauer  wrote:
> 
> Hi,
> 
> I've just enabled FTS via Lucene on my Dovecot 2.2.24 installation but I
> see the indexer crashing ?always?.
> 
> This simple testcase with a very tiny testing mailbox exposes the issue
> immediately:
> 
> doveadm -v index -u anmesse INBOX
> 
> Program received signal SIGSEGV, Segmentation fault.
> rescan_clear_unseen_mailbox (rescan_ctx=rescan_ctx@entry=0x0,
> vname=0x55839820 "INBOX.Testfolder 2", hdr=hdr@entry=0x7fffdaf0) at
> lucene-wrapper.cc:831

Should be fixed by 
https://github.com/dovecot/core/commit/0f801c1bd3d684c219d7f3b1e75f8b85f66f7951

Re: Dovecot 2.2.24 coredump client_check_command_hangs()

[Timo Sirainen]

On 08 Jun 2016, at 12:23, Peter Eriksson  wrote:
> 
> I’m seeing core dumps from Dovecot’s imap process (around 1/day currently) 
> from client_check_command_hangs().
> 
> Dovecot 2.2.24
> OS: Solaris 10
> CPU: x86
> Filesystem: Local ZFS
> 
> Most crashes are associated with one user (with 25GB of mail in his 
> mailboxes) but some (two) are also associated with other user with “just” 
> 10GB mail.
> 
> Please find enclosed various log files/traces. Let me know if there is 
> something else I might be able to provide that might give more insight into 
> this.

Could you also print in dbx:

print *client->command_queue
print *client->command_queue->next
print *client->command_queue->next->next
print *client->command_queue->next->next->next
..etc until it stops working

Looks like there is still some bug with command pipelining.

Re: Pluggable SNI?

[Timo Sirainen]

On 21 Jun 2016, at 22:58, Felipe Gasper  wrote:
> 
> Hello,
> 
>   How feasible would it be to have a “pluggable” Dovecot setup that would 
> permit arbitrary logic for fetching TLS/SNI certificates and key, rather than 
> having to hard-code each domain’s resources in a configuration file?
> 
>   A couple scenarios that I envision such a framework being able to 
> accommodate:
> 
> 1) An internal TLS service that accepts queries via a UNIX socket by domain 
> name and returns certificate/key.
> 
> 2) A directory where these resources are stored, indexed by domain name.

Configuration settings are looked up from $base_dir/config socket. In theory 
you could replace this socket with your own proxy service, which forwards all 
requests to the real config process and changes the reply in whatever way you 
want. You should be able to change the default config socket with:

service config {
  unix_listener config {
path = config-old
  }
}

Re: Storage upgrade maildir suggestions?

[Marcus Rueckert]

On 2016-06-21 07:17, Götz Reinicke - IT Koordinator wrote:

Hi,

we start to run out of diskspace soon as our users start to keep mails
for longer time periods. That's fine, but space consuming.

The maildirs are about 1 TB in total, and not long ago we enabled zlib
which is very nice.

Now I have some thoughts about the next steps:

a) Migrating the whole system to a new server with more storage?

b) Install a virtual server for the mailsystem and an extra storage
system may be NFS?

c) Stay with the current server and move all mails to a bigger NFS 
storage.


The last option c) would be the most easy one for me as I currently 
have

NFS space.

Any thoughts? Hints regarding the NFS storage? Pros Cons?

I have seen the dovecot wiki on NFS already and for now we will stay
with one single dovecot server.


FC or iSCSI as storage.

and always have a lvm layer between your HW and the FS. that way you can 
easily attach

more disk to the stripe set and grow your storage that way.

   darix

--
   openSUSE - SUSE Linux is my linux
   openSUSE is good for you
   www.opensuse.org

Pluggable SNI?

[Felipe Gasper]

Hello,

How feasible would it be to have a “pluggable” Dovecot setup that would 
permit arbitrary logic for fetching TLS/SNI certificates and key, rather than 
having to hard-code each domain’s resources in a configuration file?

A couple scenarios that I envision such a framework being able to 
accommodate:

1) An internal TLS service that accepts queries via a UNIX socket by domain 
name and returns certificate/key.

2) A directory where these resources are stored, indexed by domain name.

Thank you!

-FG

Re: Storage upgrade maildir suggestions?

[Daniel van Ham Colchete]

Gotz,

at that level of usage I would just add more drives. Working with
NFS/clustering is not worth it when you are at that level. In the following
months I'll send a e-mail to the list here talking about how I'm using Ceph
FS successfully with Dovecot, but it's a lot of trouble. At the 1TB/2TB/4TB
level, just go out and buy a bigger disk.

As a side note, with too may emails it is always a problem to have too many
small files. I would recommend taking a look at mdbox.

Best,
Daniel Colchete

On Tue, Jun 21, 2016 at 4:17 AM, Götz Reinicke - IT Koordinator <
goetz.reini...@filmakademie.de> wrote:

> Hi,
>
> we start to run out of diskspace soon as our users start to keep mails
> for longer time periods. That's fine, but space consuming.
>
> The maildirs are about 1 TB in total, and not long ago we enabled zlib
> which is very nice.
>
> Now I have some thoughts about the next steps:
>
> a) Migrating the whole system to a new server with more storage?
>
> b) Install a virtual server for the mailsystem and an extra storage
> system may be NFS?
>
> c) Stay with the current server and move all mails to a bigger NFS storage.
>
> The last option c) would be the most easy one for me as I currently have
> NFS space.
>
> Any thoughts? Hints regarding the NFS storage? Pros Cons?
>
> I have seen the dovecot wiki on NFS already and for now we will stay
> with one single dovecot server.
>
>
> Thanks and regards . Götz
>
>
>
>

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

On 16-06-21 07:20:49, Edgar Pettijohn wrote:
> 
> 
> Sent from my iPhone
> 
> > On Jun 21, 2016, at 6:46 AM, Ralf Hildebrandt  wrote:
> > 
> > * Edgar Pettijohn :
> > 
> >>> Only /etc/dovecot/local.conf should be changed.
> >> So you want the standard files to remain unchanged from default settings 
> >> and override them with your settings in local.conf?
> > 
> > Exactly (he said that in his initial mail).
> > 
> Sorry for requesting verification. 
> 
> However, to answer the question. I don't think it's possible. There are a lot 
> of neat config options, but I don't think the exact use case is possible.  It 
> may be easy to implement, im not familiar with dovecots parse_config(). Maybe 
> store the first occurrence of a setting, but replace it with the last 
> encountered. 
> 
> > -- 
> > [*] sys4 AG
> > 
> > http://sys4.de, +49 (89) 30 90 46 64
> > Schlei??heimer Stra??e 26/MG, 80333 M??nchen
> >   
> > Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> > Aufsichtsratsvorsitzender: Florian Kirstein
Sorry didn't send to list.
-- 
Edgar Pettijohn

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

On 16-06-20 23:28:20, Patrick Ben Koetter wrote:
> * Edgar Pettijohn :
> > Is your goal to have "1" config file?
> 
> No, that would eliminate the ability to change distro settings via the regular
> package management.
> 
> My goal is to add/remove what my service requires via the additional
> local.conf.
> 
> p@rick
> 
> -- 
> [*] sys4 AG
>  
> https://sys4.de, +49 (89) 30 90 46 64
> Schlei??heimer Stra??e 26/MG,80333 M??nchen
>  
> Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
>  
I'm not sure what you mean by "ability to change distro settings"
-- 
Edgar Pettijohn

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

On 16-06-20 23:28:20, Patrick Ben Koetter wrote:
> * Edgar Pettijohn :
> > Is your goal to have "1" config file?
> 
> No, that would eliminate the ability to change distro settings via the regular
> package management.
> 
> My goal is to add/remove what my service requires via the additional
> local.conf.
> 
> p@rick
> 
> -- 
> [*] sys4 AG
>  
> https://sys4.de, +49 (89) 30 90 46 64
> Schlei??heimer Stra??e 26/MG,80333 M??nchen
>  
> Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
>  
What package management do you speak of? I've installed dovecot on several
distros and haven't had to use anything other than the typical dovecot 
config files.
-- 
Edgar Pettijohn

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

On 16-06-20 23:28:20, Patrick Ben Koetter wrote:
> * Edgar Pettijohn :
> > Is your goal to have "1" config file?
> 
> No, that would eliminate the ability to change distro settings via the regular
> package management.
> 
> My goal is to add/remove what my service requires via the additional
> local.conf.
> 
> p@rick
> 
> -- 
> [*] sys4 AG
>  
> https://sys4.de, +49 (89) 30 90 46 64
> Schlei??heimer Stra??e 26/MG,80333 M??nchen
>  
> Sitz der Gesellschaft: M??nchen, Amtsgericht M??nchen: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
>  
By distro settings do you mean that you want a config that can be 
easily changed going from say Debian to FreeBSD? What package 
management do you speak of?
-- 
Edgar Pettijohn

Re: Disabling passdb pam in local.conf

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 21 Jun 2016, Ralf Hildebrandt wrote:


I'm trying to create a configuration that leaves every config file deployed by
an install process or paket management software untouched. The goal is to put
every configuration required into /etc/dovecot/local.conf.

I've come quite far, but I fail to disable pam as passdb service in
local.conf. What I get if I run doveconf -n is this section:

passdb {
  driver = pam
}


It seems that there is no way of saying something like:

remove passdb

Adding new passdb entries is no problem, but removing existing ones is
hard.


I thought

passwd 1 {
 driver = none
}

would do the trick, but you get an error about that this passdb is already 
defined.


passdb 0 {
passdb 2 {

is fine, because they do not already exist.

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBV2k483z1H7kL/d9rAQKAkQgApe4vem0lhSEcsgNK8W0jJjROC/z7N5Ij
sNBdWolbzwP7I1cnNMP6cs7xHwneM7khmRh6PzNScHBoF6YpMkAb7MLWeXKpWLpN
AafN9NOM6wBjr1Stzb4DzuztuKsFE806md96MgrSQKqfNKPNUDwlNpDW8yIRo07E
kOi3CBRzur+ZVkUFXhtgtcejTpoo441WNUMbL9oFRatMv+lPVddLHMuNWINWoz2N
kVtYdzN+hlTUHuI2wlWIs1J0YqiAVXbbsEHT8LExp9d30eMxbNiQDqX9hQlUSmax
2tTKPuiLZ8VRZytQcMfAHX0DmNfDga8/zvWrt9SRaLn5d9Qc4rGdPA==
=5tei
-END PGP SIGNATURE-

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

Sent from my iPhone

> On Jun 21, 2016, at 6:46 AM, Ralf Hildebrandt  wrote:
> 
> * Edgar Pettijohn :
> 
>>> Only /etc/dovecot/local.conf should be changed.
>> So you want the standard files to remain unchanged from default settings and 
>> override them with your settings in local.conf?
> 
> Exactly (he said that in his initial mail).
> 
Sorry for requesting verification. 

However, to answer the question. I don't think it's possible. There are a lot 
of neat config options, but I don't think the exact use case is possible.  It 
may be easy to implement, im not familiar with dovecots parse_config(). Maybe 
store the first occurrence of a setting, but replace it with the last 
encountered. 

> -- 
> [*] sys4 AG
> 
> http://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG, 80333 München
>   
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein

Re: Disabling passdb pam in local.conf

[Ralf Hildebrandt]

* Patrick Ben Koetter :
> Greetings,
> 
> I'm trying to create a configuration that leaves every config file deployed by
> an install process or paket management software untouched. The goal is to put
> every configuration required into /etc/dovecot/local.conf.
> 
> I've come quite far, but I fail to disable pam as passdb service in
> local.conf. What I get if I run doveconf -n is this section:
> 
> passdb {
>   driver = pam
> }

It seems that there is no way of saying something like:

remove passdb

Adding new passdb entries is no problem, but removing existing ones is
hard. 

What is the actual problem? System accounts shouldn't be able to
log-in? System accounts shouldn't be valid mailboxes?
 

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Disabling passdb pam in local.conf

[Ralf Hildebrandt]

* Edgar Pettijohn :

> > Only /etc/dovecot/local.conf should be changed.
> > 
> So you want the standard files to remain unchanged from default settings and 
> override them with your settings in local.conf?

Exactly (he said that in his initial mail).

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Disabling passdb pam in local.conf

[Edgar Pettijohn]

> On Jun 21, 2016, at 1:26 AM, Patrick Ben Koetter  wrote:
> 
> * Edgar Pettijohn :
>> What distro settings?
> 
> These files should remain unchanged:
> 
> ~$ tree /etc/dovecot/
> /etc/dovecot/
> ├── conf.d
> │   ├── 10-auth.conf
> │   ├── 10-director.conf
> │   ├── 10-logging.conf
> │   ├── 10-mail.conf
> │   ├── 10-master.conf
> │   ├── 10-ssl.conf
> │   ├── 10-tcpwrapper.conf
> │   ├── 15-lda.conf
> │   ├── 15-mailboxes.conf
> │   ├── 20-imap.conf
> │   ├── 90-acl.conf
> │   ├── 90-plugin.conf
> │   ├── 90-quota.conf
> │   ├── auth-checkpassword.conf.ext
> │   ├── auth-deny.conf.ext
> │   ├── auth-master.conf.ext
> │   ├── auth-passwdfile.conf.ext
> │   ├── auth-sql.conf.ext
> │   ├── auth-static.conf.ext
> │   ├── auth-system.conf.ext
> │   └── auth-vpopmail.conf.ext
> ├── dovecot.conf
> ├── dovecot-dict-sql.conf.ext
> ├── dovecot.pem
> ├── dovecot-sql.conf.ext
> ├── private
> └── README
> 
> Only /etc/dovecot/local.conf should be changed.
> 
So you want the standard files to remain unchanged from default settings and 
override them with your settings in local.conf?


> p@rick
> 
> 
> 
> 
>> 
>> Sent from my iPhone
>> 
>>> On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter  wrote:
>>> 
>>> * Edgar Pettijohn :
 Is your goal to have "1" config file?
>>> 
>>> No, that would eliminate the ability to change distro settings via the 
>>> regular
>>> package management.
>>> 
>>> My goal is to add/remove what my service requires via the additional
>>> local.conf.
>>> 
>>> p@rick
>>> 
>>> -- 
>>> [*] sys4 AG
>>> 
>>> https://sys4.de, +49 (89) 30 90 46 64
>>> Schleißheimer Straße 26/MG,80333 München
>>> 
>>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
>>> Aufsichtsratsvorsitzender: Florian Kirstein
> 
> -- 
> [*] sys4 AG
> 
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
> 
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
> 

Storage upgrade maildir suggestions?

[Götz Reinicke - IT Koordinator]

Hi,

we start to run out of diskspace soon as our users start to keep mails
for longer time periods. That's fine, but space consuming.

The maildirs are about 1 TB in total, and not long ago we enabled zlib
which is very nice.

Now I have some thoughts about the next steps:

a) Migrating the whole system to a new server with more storage?

b) Install a virtual server for the mailsystem and an extra storage
system may be NFS?

c) Stay with the current server and move all mails to a bigger NFS storage.

The last option c) would be the most easy one for me as I currently have
NFS space.

Any thoughts? Hints regarding the NFS storage? Pros Cons?

I have seen the dovecot wiki on NFS already and for now we will stay
with one single dovecot server.


Thanks and regards . Götz





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Edgar Pettijohn :
> What distro settings?

These files should remain unchanged:

~$ tree /etc/dovecot/
/etc/dovecot/
├── conf.d
│   ├── 10-auth.conf
│   ├── 10-director.conf
│   ├── 10-logging.conf
│   ├── 10-mail.conf
│   ├── 10-master.conf
│   ├── 10-ssl.conf
│   ├── 10-tcpwrapper.conf
│   ├── 15-lda.conf
│   ├── 15-mailboxes.conf
│   ├── 20-imap.conf
│   ├── 90-acl.conf
│   ├── 90-plugin.conf
│   ├── 90-quota.conf
│   ├── auth-checkpassword.conf.ext
│   ├── auth-deny.conf.ext
│   ├── auth-master.conf.ext
│   ├── auth-passwdfile.conf.ext
│   ├── auth-sql.conf.ext
│   ├── auth-static.conf.ext
│   ├── auth-system.conf.ext
│   └── auth-vpopmail.conf.ext
├── dovecot.conf
├── dovecot-dict-sql.conf.ext
├── dovecot.pem
├── dovecot-sql.conf.ext
├── private
└── README

Only /etc/dovecot/local.conf should be changed.

p@rick




> 
> Sent from my iPhone
> 
> > On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter  wrote:
> > 
> > * Edgar Pettijohn :
> >> Is your goal to have "1" config file?
> > 
> > No, that would eliminate the ability to change distro settings via the 
> > regular
> > package management.
> > 
> > My goal is to add/remove what my service requires via the additional
> > local.conf.
> > 
> > p@rick
> > 
> > -- 
> > [*] sys4 AG
> > 
> > https://sys4.de, +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> > 
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> > Aufsichtsratsvorsitzender: Florian Kirstein
> > 

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein