Re: Looking for GSSAPI config [was: Looking for NTLM config example]
I think the problem still is that your keytab file has no entry imap/hostname@DOMAIN and IMAP/hostname@DOMAIN you also have no host/hostname@DOMAIN Aki On 29.06.2016 18:40, Mark Foley wrote: > Yes, I think that's exactly correct. I just made a similar reply to Edgar > Pettijohn about that. > The Thunderbird message is: > > "The Kerberos/GSSAPI ticket was not accepted by the IMAP server > m...@ohprs.org. Please check > that you are logged in to the Kerberos/GSSAPI realm." > > I made further comments in that message that I won't clutter the list by > repeating here. Check > out that message and see what you think could be wrong. > > Thanks for your help! I'm sure this is solvable! > > --Mark > > -Original Message- >> Date: Wed, 29 Jun 2016 08:03:14 -0400 >> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example] >> From: brendan kearney >> To: Mark Foley >> Cc: dovecot@dovecot.org >> >> The last log line shows "user=<>". This indicates no credentials were >> presented. If the rip field matches the client ip you tested from, I would >> bet the appropriate kerberos ticket (imap/host.domain.tld@REALM) was not >> pulled for the authentication. >> On Jun 28, 2016 11:33 PM, "Mark Foley" wrote: > [deleted]
Re: SSL Problem with -git master-2.2 tip (24 June 16)
On 30 Jun 2016, at 01:22, Reuben Farrelly wrote: > > On 30/06/2016 8:17 AM, Timo Sirainen wrote: > >> On 30 Jun 2016, at 01:09, Reuben Farrelly wrote: >>> On 30/06/2016 1:40 AM, Timo Sirainen wrote: >>> On 24 Jun 2016, at 01:51, Reuben Farrelly wrote: > Current master-2.2 branch of Dovecot compiles for me on Gentoo x86_64 but > experiences symbol errors when starting up: > > Jun 24 08:38:00 thunderstorm dovecot: lmtp(8180): Fatal: Couldn't load > required plugin /usr/lib64/dovecot/libssl_iostream_openssl.so: dlopen() > failed: /usr/lib64/dovecot/libssl_iostream_openssl.so: undefined symbol: > SSL_COMP_free_compression_methods > Jun 24 08:38:00 thunderstorm dovecot: master: Error: service(lmtp): > command startup failed, throttling for 16 secs > > I suspect that this is because I have libressl installed on my systems > instead of OpenSSL. Fixed: https://github.com/dovecot/core/commit/be2be317de8059c135bea0ec698045f0f7475d6e >>> Thanks. Better but perhaps not quite right yet - I'm now seeing lots of >>> these messages logged: >>> >>> Jun 30 08:07:22 thunderstorm.reub.net dovecot: doveadm: Warning: >>> CRYPTO_set_mem_functions() was called too late >> Are you using Ubuntu 16.04? That and maybe some other latest OpenSSL >> versions are a bit broken. Anyway, disabled the warning for now: >> https://github.com/dovecot/core/commit/a0f2b68fe41b9565a42c4854c2450c0fd8b3a8d9 >> >> It doesn't matter much that the function fails. > > No. This was with Gentoo x86_64 with LibreSSL 2.4.1 (not OpenSSL). It > appears to be a cosmetic problem though. > > Compiling now - if it's still a problem I'll re-post (otherwise assume it's > all OK). I guess LibreSSL should also fix it. I reported it to Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1594748 There's an upstream bug about it: https://rt.openssl.org/Ticket/Display.html?id=4559 But for some reason it's now marked as "rejected"...
Re: SSL Problem with -git master-2.2 tip (24 June 16)
On 30/06/2016 8:17 AM, Timo Sirainen wrote: On 30 Jun 2016, at 01:09, Reuben Farrelly wrote: On 30/06/2016 1:40 AM, Timo Sirainen wrote: On 24 Jun 2016, at 01:51, Reuben Farrelly wrote: Current master-2.2 branch of Dovecot compiles for me on Gentoo x86_64 but experiences symbol errors when starting up: Jun 24 08:38:00 thunderstorm dovecot: lmtp(8180): Fatal: Couldn't load required plugin /usr/lib64/dovecot/libssl_iostream_openssl.so: dlopen() failed: /usr/lib64/dovecot/libssl_iostream_openssl.so: undefined symbol: SSL_COMP_free_compression_methods Jun 24 08:38:00 thunderstorm dovecot: master: Error: service(lmtp): command startup failed, throttling for 16 secs I suspect that this is because I have libressl installed on my systems instead of OpenSSL. Fixed: https://github.com/dovecot/core/commit/be2be317de8059c135bea0ec698045f0f7475d6e Thanks. Better but perhaps not quite right yet - I'm now seeing lots of these messages logged: Jun 30 08:07:22 thunderstorm.reub.net dovecot: doveadm: Warning: CRYPTO_set_mem_functions() was called too late Are you using Ubuntu 16.04? That and maybe some other latest OpenSSL versions are a bit broken. Anyway, disabled the warning for now: https://github.com/dovecot/core/commit/a0f2b68fe41b9565a42c4854c2450c0fd8b3a8d9 It doesn't matter much that the function fails. No. This was with Gentoo x86_64 with LibreSSL 2.4.1 (not OpenSSL). It appears to be a cosmetic problem though. Compiling now - if it's still a problem I'll re-post (otherwise assume it's all OK). Reuben
Re: SSL Problem with -git master-2.2 tip (24 June 16)
On 30 Jun 2016, at 01:09, Reuben Farrelly wrote: > > On 30/06/2016 1:40 AM, Timo Sirainen wrote: > >> On 24 Jun 2016, at 01:51, Reuben Farrelly wrote: >>> Current master-2.2 branch of Dovecot compiles for me on Gentoo x86_64 but >>> experiences symbol errors when starting up: >>> >>> Jun 24 08:38:00 thunderstorm dovecot: lmtp(8180): Fatal: Couldn't load >>> required plugin /usr/lib64/dovecot/libssl_iostream_openssl.so: dlopen() >>> failed: /usr/lib64/dovecot/libssl_iostream_openssl.so: undefined symbol: >>> SSL_COMP_free_compression_methods >>> Jun 24 08:38:00 thunderstorm dovecot: master: Error: service(lmtp): command >>> startup failed, throttling for 16 secs >>> >>> I suspect that this is because I have libressl installed on my systems >>> instead of OpenSSL. >> Fixed: >> https://github.com/dovecot/core/commit/be2be317de8059c135bea0ec698045f0f7475d6e > > Thanks. Better but perhaps not quite right yet - I'm now seeing lots of > these messages logged: > > Jun 30 08:07:22 thunderstorm.reub.net dovecot: doveadm: Warning: > CRYPTO_set_mem_functions() was called too late Are you using Ubuntu 16.04? That and maybe some other latest OpenSSL versions are a bit broken. Anyway, disabled the warning for now: https://github.com/dovecot/core/commit/a0f2b68fe41b9565a42c4854c2450c0fd8b3a8d9 It doesn't matter much that the function fails.
Re: SSL Problem with -git master-2.2 tip (24 June 16)
On 30/06/2016 1:40 AM, Timo Sirainen wrote: On 24 Jun 2016, at 01:51, Reuben Farrelly wrote: Current master-2.2 branch of Dovecot compiles for me on Gentoo x86_64 but experiences symbol errors when starting up: Jun 24 08:38:00 thunderstorm dovecot: lmtp(8180): Fatal: Couldn't load required plugin /usr/lib64/dovecot/libssl_iostream_openssl.so: dlopen() failed: /usr/lib64/dovecot/libssl_iostream_openssl.so: undefined symbol: SSL_COMP_free_compression_methods Jun 24 08:38:00 thunderstorm dovecot: master: Error: service(lmtp): command startup failed, throttling for 16 secs I suspect that this is because I have libressl installed on my systems instead of OpenSSL. Fixed: https://github.com/dovecot/core/commit/be2be317de8059c135bea0ec698045f0f7475d6e Thanks. Better but perhaps not quite right yet - I'm now seeing lots of these messages logged: Jun 30 08:07:22 thunderstorm.reub.net dovecot: doveadm: Warning: CRYPTO_set_mem_functions() was called too late Reuben
Re: Looking for GSSAPI config [was: Looking for NTLM config example]
> On Jun 29, 2016, at 10:32 AM, Mark Foley wrote: > >> On Tue, 28 Jun 2016 22:52:25 -0500 Edgar Pettijohn >> wrote: >> >> What does thunderbird tell you? > > Good question. I saw Tbird's message after sending my last email. When > Tbird starts I get a > message box in the lower right saying: > > "The Kerberos/GSSAPI ticket was not accepted by the IMAP server > m...@ohprs.org. Please check > that you are logged in to the Kerberos/GSSAPI realm." > > The interesting bit, to me, is that the IMAP server's hostname is not > m...@ohprs.org. It should > be mail.ohprs.org, or I would rather expect it to be mail.hprs.local using > the actual local > domain/realm name, not the public FQDN. I'm suspecting there is something > wrong with the > kerberos config. > > To further confuse. There *is* a WIN7 workstation 'mark' in the domain, > though not the > workstation from which this testing is being done (this workstation is named > 'common') and host > 'mark' is not reachable as m...@ohprs.org. Furthermore, the Thunderbird > account/user for this > testing is also 'mark', not to be confused with the host 'mark' (though I > think that's exactly > what's being confused). > > Where is this m...@ohprs.org coming from? The Thunderbird Account Name is > m...@ohprs.org, which > is this user's email address. > > Perhaps Thunderbird simply has a badly worded error message and didn't really > mean "IMAP server > m...@ohprs.org", or perhapd kerberos is not configured correctly. My > /etc/krb5.conf is shown > below. Any ideas on what might be wrong? It's doubtful it's a thunderbird issue unless you've given it bad information. Unfortunately I don't use ldap or gssapi so I'm afraid I can't offer much help. > > [libdefaults] > default_realm = HPRS.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > [libdefaults] > default_realm = HPRS.LOCAL > dns_lookup_kdc = true > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > fcc-mit-ticketflags = true > > [realms] > HPRS.LOCAL = { > default_domain = hprs.local > auth_to_local_names = { > Administrator = root > } > } > > [domain_realm] > hprs.local = HPRS.LOCAL > # this is not a mistake > .hprs.local = HPRS.LOCAL > > Thanks, --Mark > > -Original Message- >> From: Edgar Pettijohn >> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example] >> Date: Tue, 28 Jun 2016 22:52:25 -0500 >> To: Mark Foley >> >> >> >>> On Jun 28, 2016, at 10:32 PM, Mark Foley wrote: >>> >>> Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, >>> and restarted. Now I >>> don't get that "Unknown authentication mechanism 'gssapi'" message in >>> maillog, and mail is >>> delivered successfully to the other domain users having PLAIN >>> authentication. That's a big >>> step. In examining my original config.log output I apparently did not have >>> --with-gssapi enabled. >>> >>> HOWEVER - the Thunderbird client configured for 'Kerberos / GSSAPI' still >>> cannot correctly >>> authenticate and retrieve mail. Here is the dovecot log for that host: >> What does thunderbird tell you? >> >> >>> Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be >>> used for ECDH and ECDHE key exchanges >>> Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be >>> used for ECDH and ECDHE key exchanges >>> Jun 28 22:44:05 auth: Debug: Loading modules from directory: >>> /usr/local/lib/dovecot/auth >>> Jun 28 22:44:05 auth: Debug: Read auth token secret from >>> /usr/local/var/run/dovecot/auth-token-secret.dat >>> Jun 28 22:44:05 auth: Debug: auth client connected (pid=24076) >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x10, ret=1: before/accept >>> initialization [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept >>> initialization [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read >>> client hello A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read >>> client hello A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >>> server hello A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >>> certificate A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >>> key exchange A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >>> server done A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush >>> data [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read >>> client certificate A [192.168.0.58] >>> Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read >>> clie
Re: [patch] Fix for returning NULL values in SQL dict lookups
On 11 May 2016, at 23:49, NederHost/Sebastiaan Hoogeveen wrote: > > Hi, > > I noticed a bug doing dict lookups on an SQLite database which had NULL > values in its columns; a segmentation fault occurred, probably due to a null > pointer dereference in str_tabescape. The problem is that sqlite3_column_text > returns a null pointer for column values which are (SQL) NULL. It seems the > other database drivers do something similar. The following patch makes the > dict server check for null pointers and return a 'not found' reply in those > cases (I changed the order around in the decision tree to avoid having to > repeat return values): Fixed a bit differently: https://github.com/dovecot/core/commit/923ed5836f90175e736846f02edfd9c2ee07dc6b
Re: mail-search backtrace
On 21 May 2016, at 22:17, Hugh Bragg wrote: > > dovecot-virtual files look like this: > # cat virtual/all/dovecot-virtual > * > all > # cat virtual/Unseen/dovecot-virtual > virtual.all > inthread refs unseen > > > A fresh trace: > > May 21 00:28:08 imap(x@y): Panic: file mail-search.c: line 84 > (mail_search_arg_init): assertion failed: (arg->initialized.keywords == NULL) I don't see how this would happen unless you had a "keyword something" after the INTHEAD. Anyway should be fixed by https://github.com/dovecot/core/commit/127b836fd82f421767da3bf843fca55f39f1b109
Re: External mail attachments storage cleanup
On 29.06.2016 13:06, Николай Мананков wrote: Hi! Thanks it worked! But only when I have a specific user instead wldcard (i mean -u *@example.org). Now I think I need to write a script that searches for users in the domain , and starts each of them this command . And apparently it is necessary to add to the cron job.. Hi, The script: doveadm-expunge - iterates over passwd-file databases, expunges messages in Junk and Trash folders and purges mailboxes for every user. https://github.com/moisseev/doveadm-tools/blob/master/bin/doveadm-expunge The crontab entry: 5 4 * * * /usr/local/bin/doveadm-expunge
Re: Error when searching in mailfolders
On 29 Jun 2016, at 16:40, Christoph Pleger wrote: > > Hello, > > I just found that with my dovecot 2.2.21, when I use squirrelmail to > search for something in my mailfolders, that fails with > > ERROR: Connection dropped by IMAP server. > Query: SEARCH CHARSET ISO-8859-1 ALL FROM "someone" > > That happens for searches in any folder, except from INBOX. When I search > in all folders, only results from INBOX are found, then the error message > is shown. > > The log says: > > imap: Error: terminate called after throwing an instance of 'CLuceneError' > > imap(christoph): Fatal: master: service(imap): child 2834 killed with > signal 6 (core dumps disabled) > > What can I do about that? Lucene library is throwing an error, which crashes Dovecot. Maybe Dovecot should catch the error, but it would still be broken. Try deleting the lucene indexes and rebuilding them?
Re: Unread Mail flag being reset frequently with dovecot -git master-2.2
On 24 Jun 2016, at 06:18, Reuben Farrelly wrote: > > Hi again, > > I'm experiencing problems with the Dovecot git master-2.2 branch, in which > mails that have been previously read are randomly appearing as unread. This > happens slowly and affects more and more emails the more changes that occur > to a mailbox. > > I am using Maildir format and on Gentoo Linux x86_64 on local disks. > > Usually only a few at a time change their status - and it seems to be random > which ones lose their read status. Typically though they are the most recent > emails that have been delivered in the past few months (I haven't yet seen > this occur with any really old emails). Most likely fixed by: https://github.com/dovecot/core/commit/0649b7a1656bd98d95cdf40a98d47cff9c8de9f8
Re: Looking for GSSAPI config [was: Looking for NTLM config example]
Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that. The Thunderbird message is: "The Kerberos/GSSAPI ticket was not accepted by the IMAP server m...@ohprs.org. Please check that you are logged in to the Kerberos/GSSAPI realm." I made further comments in that message that I won't clutter the list by repeating here. Check out that message and see what you think could be wrong. Thanks for your help! I'm sure this is solvable! --Mark -Original Message- > Date: Wed, 29 Jun 2016 08:03:14 -0400 > Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example] > From: brendan kearney > To: Mark Foley > Cc: dovecot@dovecot.org > > The last log line shows "user=<>". This indicates no credentials were > presented. If the rip field matches the client ip you tested from, I would > bet the appropriate kerberos ticket (imap/host.domain.tld@REALM) was not > pulled for the authentication. > On Jun 28, 2016 11:33 PM, "Mark Foley" wrote: [deleted]
Re: SSL Problem with -git master-2.2 tip (24 June 16)
On 24 Jun 2016, at 01:51, Reuben Farrelly wrote: > > Current master-2.2 branch of Dovecot compiles for me on Gentoo x86_64 but > experiences symbol errors when starting up: > > Jun 24 08:38:00 thunderstorm dovecot: lmtp(8180): Fatal: Couldn't load > required plugin /usr/lib64/dovecot/libssl_iostream_openssl.so: dlopen() > failed: /usr/lib64/dovecot/libssl_iostream_openssl.so: undefined symbol: > SSL_COMP_free_compression_methods > Jun 24 08:38:00 thunderstorm dovecot: master: Error: service(lmtp): command > startup failed, throttling for 16 secs > > I suspect that this is because I have libressl installed on my systems > instead of OpenSSL. Fixed: https://github.com/dovecot/core/commit/be2be317de8059c135bea0ec698045f0f7475d6e
Re: Looking for GSSAPI config [was: Looking for NTLM config example]
On Tue, 28 Jun 2016 22:52:25 -0500 Edgar Pettijohn wrote: > What does thunderbird tell you? Good question. I saw Tbird's message after sending my last email. When Tbird starts I get a message box in the lower right saying: "The Kerberos/GSSAPI ticket was not accepted by the IMAP server m...@ohprs.org. Please check that you are logged in to the Kerberos/GSSAPI realm." The interesting bit, to me, is that the IMAP server's hostname is not m...@ohprs.org. It should be mail.ohprs.org, or I would rather expect it to be mail.hprs.local using the actual local domain/realm name, not the public FQDN. I'm suspecting there is something wrong with the kerberos config. To further confuse. There *is* a WIN7 workstation 'mark' in the domain, though not the workstation from which this testing is being done (this workstation is named 'common') and host 'mark' is not reachable as m...@ohprs.org. Furthermore, the Thunderbird account/user for this testing is also 'mark', not to be confused with the host 'mark' (though I think that's exactly what's being confused). Where is this m...@ohprs.org coming from? The Thunderbird Account Name is m...@ohprs.org, which is this user's email address. Perhaps Thunderbird simply has a badly worded error message and didn't really mean "IMAP server m...@ohprs.org", or perhapd kerberos is not configured correctly. My /etc/krb5.conf is shown below. Any ideas on what might be wrong? > >>> [libdefaults] > >>> default_realm = HPRS.LOCAL > >>> dns_lookup_realm = false > >>> dns_lookup_kdc = true > >>> > >>> [libdefaults] > >>> default_realm = HPRS.LOCAL > >>> dns_lookup_kdc = true > >>> kdc_timesync = 1 > >>> ccache_type = 4 > >>> forwardable = true > >>> proxiable = true > >>> fcc-mit-ticketflags = true > >>> > >>> [realms] > >>> HPRS.LOCAL = { > >>>default_domain = hprs.local > >>>auth_to_local_names = { > >>>Administrator = root > >>> } > >>> } > >>> > >>> [domain_realm] > >>>hprs.local = HPRS.LOCAL > >>> # this is not a mistake > >>>.hprs.local = HPRS.LOCAL Thanks, --Mark -Original Message- > From: Edgar Pettijohn > Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example] > Date: Tue, 28 Jun 2016 22:52:25 -0500 > To: Mark Foley > > > > > On Jun 28, 2016, at 10:32 PM, Mark Foley wrote: > > > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, > > and restarted. Now I > > don't get that "Unknown authentication mechanism 'gssapi'" message in > > maillog, and mail is > > delivered successfully to the other domain users having PLAIN > > authentication. That's a big > > step. In examining my original config.log output I apparently did not have > > --with-gssapi enabled. > > > > HOWEVER - the Thunderbird client configured for 'Kerberos / GSSAPI' still > > cannot correctly > > authenticate and retrieve mail. Here is the dovecot log for that host: > > > What does thunderbird tell you? > > > > Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be > > used for ECDH and ECDHE key exchanges > > Jun 28 22:44:05 auth: Debug: Loading modules from directory: > > /usr/local/lib/dovecot/auth > > Jun 28 22:44:05 auth: Debug: Read auth token secret from > > /usr/local/var/run/dovecot/auth-token-secret.dat > > Jun 28 22:44:05 auth: Debug: auth client connected (pid=24076) > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x10, ret=1: before/accept > > initialization [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept > > initialization [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read > > client hello A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > > client hello A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > > server hello A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > > certificate A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > > key exchange A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > > server done A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush > > data [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > > client certificate A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > > client certificate A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > > client key exchange A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > > certificate verify A [192.168.0.58] > > Jun 28 22:44:06 imap-login: Debug
Error when searching in mailfolders
Hello, I just found that with my dovecot 2.2.21, when I use squirrelmail to search for something in my mailfolders, that fails with ERROR: Connection dropped by IMAP server. Query: SEARCH CHARSET ISO-8859-1 ALL FROM "someone" That happens for searches in any folder, except from INBOX. When I search in all folders, only results from INBOX are found, then the error message is shown. The log says: imap: Error: terminate called after throwing an instance of 'CLuceneError' imap(christoph): Fatal: master: service(imap): child 2834 killed with signal 6 (core dumps disabled) What can I do about that? Regards Christoph
Re: Looking for GSSAPI config [was: Looking for NTLM config example]
The last log line shows "user=<>". This indicates no credentials were presented. If the rip field matches the client ip you tested from, I would bet the appropriate kerberos ticket (imap/host.domain.tld@REALM) was not pulled for the authentication. On Jun 28, 2016 11:33 PM, "Mark Foley" wrote: > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, > and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in > maillog, and mail is > delivered successfully to the other domain users having PLAIN > authentication. That's a big > step. In examining my original config.log output I apparently did not have > --with-gssapi enabled. > > HOWEVER - the Thunderbird client configured for 'Kerberos / GSSAPI' still > cannot correctly > authenticate and retrieve mail. Here is the dovecot log for that host: > > Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Jun 28 22:44:05 imap-login: Debug: SSL: elliptic curve secp384r1 will be > used for ECDH and ECDHE key exchanges > Jun 28 22:44:05 auth: Debug: Loading modules from directory: > /usr/local/lib/dovecot/auth > Jun 28 22:44:05 auth: Debug: Read auth token secret from > /usr/local/var/run/dovecot/auth-token-secret.dat > Jun 28 22:44:05 auth: Debug: auth client connected (pid=24076) > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x10, ret=1: before/accept > initialization [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept > initialization [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 > read client hello A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > client hello A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > server hello A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > certificate A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > key exchange A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > server done A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush > data [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > client certificate A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read > client certificate A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > client key exchange A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > certificate verify A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read > finished A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > session ticket A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > change cipher spec A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write > finished A [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush > data [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation > finished successfully [192.168.0.58] > Jun 28 22:44:06 imap-login: Debug: SSL: where=0x2002, ret=1: SSL > negotiation finished successfully [192.168.0.58] > Jun 28 22:44:11 imap-login: Debug: SSL alert: close notify [192.168.0.58] > Jun 28 22:44:11 imap-login: Debug: SSL alert: close notify [192.168.0.58] > Jun 28 22:44:11 imap-login: Info: Disconnected (no auth attempts in 6 > secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, TLS, > session= > > Does this tell you anything? `doveconf -n` and krb5.conf are configured as > shown in previous > messages below. > > Closer! --Mark > > -Original Message- > From: Mark Foley > Date: Tue, 28 Jun 2016 22:04:42 -0400 > To: dovecot@dovecot.org > Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config > example] > > Aki, you wrote: > > > Doh. Seems your dovecot isn't compiled with gssapi support? Can you > compile it yourself? > > > > I'll try to check status of NTLM this week. > > I'm OK with continuing to try gssapi, esp. if NTLM is restricted to v1. > > I do have the Dovecot sources and will peruse the possible options after I > send this. I am on > version 2.2.15 and I see that the current downloadable version is 2.2.24. > Should I upgrade? Do > you think that would help? (a perusal of the changes since 2.2.15 shows > nothing obvious > realated to gssapi) > > --Mark > > -Original Message- > > Date: Tue, 28 Jun 2016 18:06:10 +0300 (EEST) > > From: aki.tu...@dovecot.fi > > To: dovecot@dovecot.org > > Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config > example] > > > > > On June 28, 2016 at 5:17 PM Mark Foley wro
External mail attachments storage cleanup
Hi! Thanks it worked! But only when I have a specific user instead wldcard (i mean -u *@example.org). Now I think I need to write a script that searches for users in the domain , and starts each of them this command . And apparently it is necessary to add to the cron job..
doveadm import from backup of public namespace
Hello, we are creating backups of our public folders with following command: /usr/bin/doveadm -o mail=mdbox:/home/vmail/public backup "mdbox:/var/local/backup/dovecot/public" With doveadm we can search/extract mails like that: doveadm -D -o plugin/acl="" -o mail=mdbox:/var/local/backup/dovecot/public search mailbox INBOX.projects.implementation.55-0004-000-IT.Server.Mailsystem.imap all doveadm(bwe): Debug: Effective uid=0, gid=0, home=/root doveadm(bwe): Debug: acl: No acl setting - ACLs are disabled doveadm(bwe): Debug: Namespace inbox: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:/var/local/backup/dovecot/public doveadm(bwe): Debug: fs: root=/var/local/backup/dovecot/public, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=public, prefix=Public., sep=., inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:/home/vmail/public doveadm(bwe): Debug: fs: root=/home/vmail/public, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=public, prefix=Archive., sep=., inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:/home/vmail/archive doveadm(bwe): Debug: fs: root=/home/vmail/archive, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(bwe): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= 12a155041b825d57c715d77ca1d0 2 12a155041b825d57c715d77ca1d0 3 12a155041b825d57c715d77ca1d0 4 When trying to import mails from those backups we can find no way to address the public folder to import from: doveadm -D -o plugin/acl="" import -u bwe mdbox:/var/local/backup/dovecot/public restore Mailbox projects.implementation.55-0004-000-IT.Server.Mailsystem.imap all doveadm -D -o plugin/acl="" import -u bwe mdbox:/var/local/backup/dovecot/public restore mailbox INBOX.projects.implementation.55-0004-000-IT.Server.Mailsystem.imap all doveadm -D -o plugin/acl="" import -u bwe mdbox:/var/local/backup/dovecot/public restore mailbox Public.projects.implementation.55-0004-000-IT.Server.Mailsystem.imap all nothing happens, we just get: doveadm(bwe): Debug: Effective uid=0, gid=0, home=/root doveadm(bwe): Debug: acl: No acl setting - ACLs are disabled doveadm(bwe): Debug: fs: root=/var/local/backup/dovecot/public, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Added userdb setting: mail=mdbox:~/mdbox doveadm(bwe): Debug: Added userdb setting: plugin/master_user=bwe doveadm(bwe): Debug: Effective uid=2000, gid=2000, home=/home/vmail/bwe doveadm(bwe): Debug: acl: No acl setting - ACLs are disabled doveadm(bwe): Debug: Namespace inbox: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox doveadm(bwe): Debug: fs: root=/home/vmail/bwe/mdbox, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=public, prefix=Public., sep=., inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:/home/vmail/public doveadm(bwe): Debug: fs: root=/home/vmail/public, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=public, prefix=Archive., sep=., inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:/home/vmail/archive doveadm(bwe): Debug: fs: root=/home/vmail/archive, index=, indexpvt=, control=, inbox=, alt= doveadm(bwe): Debug: Namespace : type=private, prefix=, sep=, inbox=no, hidden=yes, list=no, subscriptions=no location=fail::LAYOUT=none doveadm(bwe): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= How can mails from those backups restored or how do we have to address the mailbox in this case? Bernhard
Re: chroot: Error: Temp file creation to /tmp
On 28-06-16 23:17, Timo Sirainen wrote: On 28 Jun 2016, at 10:55, bvr wrote: Hello, We are using dovecot (2.2.10) and it's working great! When I enable chrooting by appending /./ to the homedirs I'm getting errors like this: mail1 dovecot[47074]: imap(user): Error: Temp file creation to /tmp/dovecot.imap.mail1.70079. failed: No such file or directory On the surface everything seems to be working fine and I have not been able to produce the error myself. Sometimes Dovecot wants to create temporary files to avoid excessive memory usage. If it can't create the temp file it'll just keep the temporary data in memory. You can control the temporary file location with mail_temp_dir setting. But maybe the nicest solution would be to just create tmp/ director to everybody's home dir? I guess Dovecot could do this also automatically if it has permissions, but I'm not entirely sure if that's a good idea. So you are saying it is expected behaviour for Dovecot to use mail_temp_dir within the mail_chroot? That makes sense but it surprises me there are so few results when I google the error message. Since we are using Maildir I suppose I could simply use mail_temp_dir=/Maildir/tmp Thanks, bvr.