Re: dovecot problem with ssl
Hi >root@server:/usr/local/etc/dovecot # sievec >/home3/virtual/default.sieve >doveconf: Fatal: Error in configuration file >/usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl >root@server:/usr/local/etc/dovecot # What is there at line 7 in to your /usr/local/etc/dovecot/conf.d/10-ssl.conf ? -- Christian Kivalo
dovecot problem with ssl
Hi all, I already searched for this error on google and nothing I never install dovecot, this is a first time. This error, I know, is too newbie and stupid, but I checked more than twice. root@server:/usr/local/etc/dovecot # sievec /home3/virtual/default.sieve doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 7: Unknown setting: ssl root@server:/usr/local/etc/dovecot # I'm running a FreeBSD 12-current and compile all from ports (mysql, dovecot2, portfix3.1, and all needs ports, but this error don't leave. I'm fowling this tutorial to install all, but when I'll run a sievec this stop with this error. I'm not new in FreeBSD, I'm have good experience in FreeBSD. --- /* **Nilton José RizzoUFRRJ **http://www.rizzo.eng.br http://www.ufrrj.br **http://lattes.cnpq.br/0079460703536198 **/
Re: sievec
On 03/16/2017 03:58 PM, Stephan Bosch wrote: Op 3/16/2017 om 10:20 PM schreef Robert Moskowitz: I am building a new mailserver on Centos7. My sieve is created with: mkdir /home/sieve cat
Re: sievec
Op 3/16/2017 om 10:20 PM schreef Robert Moskowitz: > I am building a new mailserver on Centos7. > > My sieve is created with: > > mkdir /home/sieve > cat require "fileinto"; > if exists "X-Spam-Flag" { > if header :contains "X-Spam-Flag" "NO" { > } else { > fileinto "Spam"; > stop; > } > } > if header :contains "subject" ["***SPAM***"] { > fileinto "Spam"; > stop; > } > EOF > > chown -R vmail:mail /home/sieve > > But in 90-sieve.conf there is the comment: > > # A path to a global sieve script file, which gets executed ONLY > # if user's private Sieve script doesn't exist. Be sure to > # pre-compile this script manually using the sievec command line > # tool. > #sieve_global_path = /var/lib/dovecot/sieve/default.sieve > > Do I run sievec on this script? Yes. > And I found the following comment on a blog, about 3 years old: > > 2: Having a user-defined sieve script will cancel out the global > script for redirecting spam. > In the dovecot.conf, get rid of the sieve_global_path and > sieve_global_dir, and instead > use: sieve_before = /path/to/global.sieve -- > what this will do is make sure that the global script runs before any > user scripts, > which allows the spam redirecting to actually work. > > What is current situation on this? That is usually good advice. The sieve_global_path setting is now called sieve_default, since it configures the default script for users that don't have a personal one. So, unless you want users to have the ability and necessity (!) to create their own spam handling rules once they create a personal script, use the sieve_before setting. The sieve_before script also needs to be pre-compiled with sievec. Regards, Stephan.
dovecot & iOS
Hello List, i have a working dovecot imap service running with multiple clients running fine, even iOS. What's anying is, that only on iOS ( ) i see a huge bunch of .CONTROL directories - marked grey. It seems to be a copy of the existing folder structure. I don't see this on thunderbird, outlook or even roundcube. Is there any chance to configure dovecot to hide those folders to iOS? Here's some extended Information Attached: Screenshot from iOS, where you can see, what i mean dovecot Version: 2.1.7 root@mail01:~# dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 4.9.14+ armv6l Debian 7.11 lda_mailbox_autocreate = yes listen = * mail_location = maildir:~/Maildir:INBOX=~/Maildir/Inbox:LAYOUT=fs:CONTROL=~/Maildir/.CONTROL:INDEX=~/Maildir/.INDEX namespace { inbox = yes location = mailbox { special_use = \Drafts name = Drafts } mailbox { special_use = \Junk name = Junk } mailbox { special_use = \Sent name = Sent } mailbox { special_use = \Sent name = Sent Messages } mailbox { special_use = \Trash name = Trash } prefix = name = inbox } passdb { driver = pam } plugin { antispam_debug_target = syslog antispam_signature = X-DSPAM-Signature antispam_spam = SPAM antispam_verbose_debug = 1 } postmaster_address = postmaster@domain protocols = " imap" service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns_client } service doveadm-server { name = doveadm } service imap { name = imap-login } service login/imap { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator { name = replicator } service login/ssl-params { name = ssl-params } service stats-mail { name = stats } ssl_cert =
sievec
I am building a new mailserver on Centos7. My sieve is created with: mkdir /home/sieve cat
Re: Dovecot 2.2.27 proxy - enforcing per client IP connection limits
Adi Pircalabu writes: For us it is, we're periodically getting hammered by iOS devices that try to open 300+ simultaneous IMAP connections for a single user from the same IP, while the average hovers usually below 50 for the busier mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the client to launch IMAP SEARCH commands on each and every mailbox. I've wondered whether installing Solr would alleviate this: it wouldn't directly address the connection limit problem, but perhaps it can return results fast enough to keep the concurrent connections count down. Can anyone with Solr installed confirm/refute this: does installing Solr keep iOS clients from roofing the connection count? Joseph Tam
Re: Replication Troubles
> On Feb 22, 2017, at 15:51, Wolfgang Hennerbichlerwrote: > Thank you, I can confirm that after the migration to sdbox I don’t see those > errors anymore. Turns out that message still re-appear although all my mailboxes are converted to sdbox. The most likely case for a message to re-appear is that an unread message in the inbox is deleted. On the next imap sync it re-appears (only sometimes, not always). Although this time the server does not log any errors. This is my current dovecot config: # dovecot -n # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.4 x86_64 Debian 8.7 ext4 auth_verbose = yes debug_log_path = /var/log/dovecot.debug doveadm_password = # hidden, use -P to show it first_valid_gid = 106 first_valid_uid = 104 hostname = localhost last_valid_gid = 106 last_valid_uid = 104 mail_gid = dovecot mail_location = sdbox:/var/mail/sdbox/%n mail_plugins = quota fts fts_lucene virtual notify replication mail_temp_dir = /var/lib/dovecot/tmp mail_uid = dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader namespace { list = children location = virtual:/var/mail/virtual/%n prefix = virtual. separator = . } namespace inbox { inbox = yes list = yes location = mailbox "Deleted Messages" { auto = subscribe special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { default_language = de fts = lucene fts_lucene = whitespace_chars=@. mail_replica = tcp:172.16.1.2:12345 quota = count:User quota quota_rule = *:storage=6G quota_rule2 = Trash:storage=+200M quota_rule3 = Spam:ignore quota_vsizes = yes quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = /etc/sieve/%n.sieve sieve_default = /etc/sieve/default.sieve sieve_dir = ~/sieve sieve_extensions = +editheader } pop3_deleted_flag = $POP3Deleted postmaster_address = postmas...@wogri.at protocols = " imap lmtp sieve pop3" service aggregator { fifo_listener replication-notify-fifo { user = dovecot } unix_listener replication-notify { user = dovecot } } service doveadm { inet_listener { port = 12345 } } service imap-postlogin { executable = script-login /usr/local/bin/mail-location.sh } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { port = 2003 } unix_listener lmtp { user = dovecot } user = dovecot } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service pop3 { process_limit = 1024 } service quota-warning { executable = script /usr/local/sbin/quota-warning.sh unix_listener quota-warning { user = dovecot } user = dovecot } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl = required ssl_cert = wogri
Re: Timeout Leak
On Thu, 16 Mar 2017 13:48:27 +0200 Aki Tuomiwrote: > These are always worth looking into. Please do post, also any auth debug > logs are welcome. Ok. Theese the logfile lines: Mar 14 18:06:12 master: Warning: Killed with signal 15 (by pid=7390 uid=0 code=kill) Mar 14 18:06:20 auth: Error: net_connect_unix(auth-worker) failed: Connection refused Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Mar 14 18:06:42 auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Here is the logfile.info of the relevant minute (a bit longish, passwors censored :)... Mar 14 18:06:01 pop3(l.radice_dls): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/7415, size=950442332 Mar 14 18:06:01 auth: Debug: auth client connected (pid=7375) Mar 14 18:06:01 auth: Debug: client in: AUTH3 LOGIN service=smtp nologin lip=212.45.144.70 rip=89.248.171.132 Mar 14 18:06:01 auth: Debug: client passdb out: CONT3 VXNlcm5hbWU6 Mar 14 18:06:01 auth: Debug: client in: CONT3 (previous base64 data may contain sensitive data) Mar 14 18:06:01 auth: Debug: client passdb out: CONT3 UGFzc3dvcmQ6 Mar 14 18:06:01 auth: Debug: client in: CONT3 (previous base64 data may contain sensitive data) Mar 14 18:06:01 auth-worker(6538): Debug: pam(ad...@bilink.net,89.248.171.132): lookup service=dovecot Mar 14 18:06:01 auth-worker(6538): Debug: pam(ad...@bilink.net,89.248.171.132): #1/1 style=1 msg=Password: Mar 14 18:06:02 auth: Debug: auth client connected (pid=7377) Mar 14 18:06:02 auth: Debug: client in: AUTH1 PLAIN service=pop3 session=zgbC17NKLOvAqAvRlip=192.168.134.44 rip=192.168.11.209lport=110 rport=60204 Mar 14 18:06:02 auth: Debug: client passdb out: CONT1 Mar 14 18:06:02 auth: Debug: client in: CONT1 (previous base64 data may contain sensitive data) Mar 14 18:06:02 auth-worker(7121): Debug: pam(m.castrechini_mms,192.168.11.209,): lookup service=dovecot Mar 14 18:06:02 auth-worker(7121): Debug: pam(m.castrechini_mms,192.168.11.209,): #1/1 style=1 msg=Password: Mar 14 18:06:02 auth: Debug: client passdb out: OK 1 user=m.castrechini_mms Mar 14 18:06:03 auth: Debug: master in: REQUEST 2912419841 73771 e4d4a4c42ae38c0214a0def0bb0f0915session_pid=7378 Mar 14 18:06:03 auth: Debug: passwd(m.castrechini_mms,192.168.11.209,): userdb cache hit: system_groups_user=m.castrechini_mmsuid=3002gid=111 home=/home/m.castrechini_mms Mar 14 18:06:03 auth: Debug: master userdb out: USER2912419841 m.castrechini_mms system_groups_user=m.castrechini_mmsuid=3002 gid=111 home=/home/m.castrechini_mms Mar 14 18:06:03 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.11.209, lip=192.168.134.44, mpid=7378, session= Mar 14 18:06:03 pop3(m.castrechini_mms): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:03 auth-worker(6538): Info: pam(ad...@bilink.net,89.248.171.132): unknown user Mar 14 18:06:05 auth: Debug: client passdb out: FAIL3 user=ad...@bilink.net Mar 14 18:06:06 auth: Debug: auth client connected (pid=7380) Mar 14 18:06:06 auth: Debug: client in: AUTH1 PLAIN service=pop3 session=khD317NKD+PAqAtYlip=192.168.134.44 rip=192.168.11.88 lport=110 rport=58127 resp= (previous base64 data may contain sensitive data) Mar 14 18:06:06 auth-worker(6538): Debug: pam(a.zurlo_mms,192.168.11.88, ): lookup service=dovecot Mar 14 18:06:06 auth-worker(6538): Debug: pam(a.zurlo_mms,192.168.11.88, ): #1/1 style=1 msg=Password: Mar 14 18:06:06 auth: Debug: client passdb out: OK 1 user=a.zurlo_mms Mar 14 18:06:06 auth: Debug: master in: REQUEST 3493330945 73801 e4c2a1b6ab1b7ede85f4fd8611a960c8session_pid=7382 Mar 14 18:06:06 auth: Debug: passwd(a.zurlo_mms,192.168.11.88, ): userdb cache hit: system_groups_user=a.zurlo_mms uid=3005gid=111 home=/home/a.zurlo_mms Mar 14 18:06:06 auth: Debug: master userdb out: USER3493330945 a.zurlo_mms system_groups_user=a.zurlo_mms uid=3005gid=111 home=/home/a.zurlo_mms Mar 14 18:06:06 pop3-login: Info: Login: user=, method=PLAIN, rip=192.168.11.88, lip=192.168.134.44, mpid=7382, session= Mar 14 18:06:06 pop3(a.zurlo_mms): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Mar 14 18:06:06 auth: Debug: auth client connected (pid=7383) Mar 14 18:06:06 auth: Debug: client in: AUTH1 PLAIN service=pop3 session=KP/817NKEuPAqAtYlip=192.168.134.44 rip=192.168.11.88 lport=110 rport=58130
'doveadm who' behind nginx mail proxy
Hello, we have configured nginx to work as mail proxy for backend dovecot servers. Dovecot servers behind nginx proxy are showing internal nginx ip address for every client when running 'doveadm who' instead of showing real client IP addresses. Is is possible to configure this setup to show real client IP addresses when running 'doveadm who' on internal dovecot servers or to configure nginx to show which user-ip pairs are proxied to which servers?
Re: LDA locking problems - home related
On Thursday 16 March 2017 15:35:08 Ganael Laplanche wrote: > Hi list, Of course, the subject of my mail should be : LDA locking problems - home related not LDA*P*. I could have LDAP locking problems but that's another story ;-) -- Ganael LaplancheUnix Systems Engineer @CentraleSupelec Rennes
LDAP locking problems - home related
Hi list, # dovecot --version 2.2.13 We use Dovecot LDA and I've discovered lots of messages stating that lock files cannot be written: Mar 16 12:02:03 mailhost dovecot: lda(someuser): Error: file_dotlock_open(/home/sg/someuser/.dovecot.lda-dupes) failed: No such file or directory That user's home directory is fetched from LDAP and does not exist locally on our 'mailhost' machine, so those error messages do make sense; I would like to fix that situation. In our current Dovecot configuration, only mail_location is set: mail_location = maildir:/var/mail/%u I would like to ignore the erroneous 'home' attribute fetched from LDAP and specify a common mail_home, i.e. set: mail_home = /var/mail/%u/home but if I understand correctly, that global mail_home configuration directive would still be overridden by the LDAP 'home' attribute fetched from passdb: [...] pass_attrs = supannAliasLogin=user,userPassword=password,\ homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid [...] Can I just remove homeDirectory from pass_attrs to skip fetching 'home' from LDAP and then set the global mail_home ? Also, if that works: We would switch from a situation where a home is set (but wrong) to one where it becomes valid. Can there be any side-effect in that case (apart from fixing locking problems) ? Finally, will mail_home (leaf) directory be created if it does not exist yet (parent directory exists) ? Best regards, -- Ganael LaplancheUnix Systems Engineer @CentraleSupelec Rennes
Re: Dovecot 2.2.27 proxy - enforcing per client IP connection limits
Hi, It would be quite hard to enforce a limit at the proxy level since the proxies do not share any information. Currently I do not know any way of enforcing a limit at the proxies already. Sami > On 16 Mar 2017, at 7.14, Adi Pircalabuwrote: > > Thanks, > > I thought this might be the case. Is there any solution to enforce this on > the proxy? If not, will a feature request be considered anytime soon? I see > the proxies as the first line of defense against IMAP "abuse" and I think > it's consistent having the same configurable option available on both > backends and the proxies. > > --- > Adi Pircalabu > > On 14-03-2017 20:17, Sami Ketola wrote: >> Hi, >> mail_max_userip_connections is only enforced at the backend level. The >> setting has no effect on proxy. If you want to force the limit then >> you can only do it in the backend. >> Sami >>> On 9 Mar 2017, at 12.05, Adi Pircalabu wrote: >>> Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a >>> way to limit the inbound IMAP connections per IP & username. I know >>> "mail_max_userip_connections" limit works for the mail stores, but it >>> doesn't seem to have any effect on the proxies. I'm using a mix of Dovecot >>> & Courier-IMAP servers as backends. >>> Basically I need to find a way to enforce the maximum limit for the >>> username<>remoteip so that, if I have: >>> ESTCONNS=`doveadm -f flow proxy list | grep >>> "username=us...@domain.com.proto=imap" | wc -l` >>> $ESTCONNS is lower or equal than the configured limit. >>> The proxies are configured as per >>> https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy to forward the >>> password to the remote server using MySQL. In dovecot-sql.conf.ext I have: >>> password_query = SELECT NULL AS password, 'Y' as nopassword, host, email as >>> email, 'any-cert' as 'starttls', 'Y' AS proxy FROM mailbox WHERE email = >>> '%u' AND disabled_smtpauth=0 >>> At the moment the only way I can limit the number of established >>> connections per source IP address on the Dovecot proxies is using iptables, >>> which isn't what I want. >>> Where else can I look? >>> Adi Pircalabu, System Administrator >>> DDNS, a Total Internet Company >>> 159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868 >>> On 08/03/17 12:32, Adi Pircalabu wrote: Hi, Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 2.6.32-642.4.2.el6.x86_64 x86_64 CentOS release 6.8 (Final) auth_cache_negative_ttl = 5 mins auth_cache_size = 16 M auth_cache_ttl = 18 hours default_client_limit = 6120 default_process_limit = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = imap pop3 lmtp sieve service auth { client_limit = 6120 } service imap-login { process_limit = 2048 process_min_avail = 20 service_count = 0 vsz_limit = 256 M } service imap { process_limit = 2048 } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 0 vsz_limit = 128 M } service managesieve { process_limit = 1024 } service pop3 { process_limit = 1024 } [...] protocol imap { imap_capability = IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE mail_max_userip_connections = 50 }
Re: Timeout Leak
On 16.03.2017 12:32, Luciano Mannucci wrote: > Hello all, > > I've got 3 occurences of this message in my log file: > > auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) > > Can I ignore it, or is it a syhmptom of something wrong? > > I'm running dovecot 2.2.28 (bed8434). I'll post my doveconf -n if it > is worth investigating further... > > Cheers, > > Luciano. These are always worth looking into. Please do post, also any auth debug logs are welcome. Aki
Timeout Leak
Hello all, I've got 3 occurences of this message in my log file: auth: Warning: Timeout leak: 0x805e480 (auth-request-handler.c:550) Can I ignore it, or is it a syhmptom of something wrong? I'm running dovecot 2.2.28 (bed8434). I'll post my doveconf -n if it is worth investigating further... Cheers, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/
Re: Postfix Ignoring lmtp, delivering straight to maildir
And the answer is, auth_username_format=%n in dovecot.conf. On 03/16/2017 01:04 AM, Doug Barton wrote: Looks like this is a dovecot problem after all. :) I can get Postfix to deliver to lmtp, but it's telling it to deliver to a fully qualified 'u...@domain.tld' address. Postfix says that it can't find that user, and that turns out to be the case. dovecot: auth: Debug: master in: USER#0112#011u...@domain.tld#011service=lmtp So I read up on that error, and it looked like I needed to do this in auth-system.conf.ext userdb { driver = passwd override_fields = username_format=%n } But that didn't work, same error. So how do I convince dovecot that u...@domain.tld is really local Unix account named "user" ?? Doug
Re: Postfix Ignoring lmtp, delivering straight to maildir
Looks like this is a dovecot problem after all. :) I can get Postfix to deliver to lmtp, but it's telling it to deliver to a fully qualified 'u...@domain.tld' address. Postfix says that it can't find that user, and that turns out to be the case. dovecot: auth: Debug: master in: USER#0112#011u...@domain.tld#011service=lmtp So I read up on that error, and it looked like I needed to do this in auth-system.conf.ext userdb { driver = passwd override_fields = username_format=%n } But that didn't work, same error. So how do I convince dovecot that u...@domain.tld is really local Unix account named "user" ?? Doug