Re: maildir boxes directory mode upon creation
* vadim 2017.08.23 16:04: > I am unable to enforce dovecot to create mailboxes with 660 permissions. > Output of dovecot -n is in the attachment. > > Please tell me what's the right way to control mailbox permissions ? Hi Vadmin, inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP Regards Thomas signature.asc Description: PGP signature
Re: maildir boxes directory mode upon creation
I can't do it right now. We have plugins and patches for postfix to check the mail before putting it in maildir. Now I need just replace Courier mail with Dovecot. Lately I'll remove self-written patches with sieve plugin for dovecot + LMTP. But there is no possibility to make it right now, atomically. On 24.08.2017 13:06, Thomas Leuxner wrote: * vadim 2017.08.23 16:04: I am unable to enforce dovecot to create mailboxes with 660 permissions. Output of dovecot -n is in the attachment. Please tell me what's the right way to control mailbox permissions ? Hi Vadmin, inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP Regards Thomas -- С уважением, Бажов Вадим, Инженер отдела технической поддержки, Компания «Айдеко» -- Телефоны: +7 (495) 987-32-70; +7 (495) 662-87-34 (тех. поддержка); +7 (343) 220-77-55; Факс: +7 (343) 220-77-85 Электронная почта: Вопросы по приобретению: sa...@ideco.ru Технические вопросы: supp...@ideco.ru Сайт: http://ideco.ru Форум: http://forum.ideco.ru
Re: maildir boxes directory mode upon creation
And. as I said, postfix create maildirs with right permissions. Dovecot make wrong permissions. Deliver mail to mailboxes via Dovecot LMTP will probably cause this wrong permission problem too. We have to support legacy installations at our customers' servers and need a certain permissions: 660, imap:mail. How can I do it with Dovecot ? On 24.08.2017 13:06, Thomas Leuxner wrote: * vadim 2017.08.23 16:04: I am unable to enforce dovecot to create mailboxes with 660 permissions. Output of dovecot -n is in the attachment. Please tell me what's the right way to control mailbox permissions ? Hi Vadmin, inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP Regards Thomas -- С уважением, Бажов Вадим, Инженер отдела технической поддержки, Компания «Айдеко» -- Телефоны: +7 (495) 987-32-70; +7 (495) 662-87-34 (тех. поддержка); +7 (343) 220-77-55; Факс: +7 (343) 220-77-85 Электронная почта: Вопросы по приобретению: sa...@ideco.ru Технические вопросы: supp...@ideco.ru Сайт: http://ideco.ru Форум: http://forum.ideco.ru
Re: doveadm client not compatible with this server (mixed old and new binaries?)
On Wed, 23 Aug 2017 21:19:33 +0100, Pallissard, Matthew wrote: I've ran into this after an upgrade of one of my instances. For whatever reason when I restarted the service there was still an old process hanging around. Fully stopping the service, checking that there were no dovecot processes running, then starting it up again resolved the issue. Given I was confident that I always completely stop the service for any upgrades I confess I was somewhat skeptical about this, but it worked. I did a full stop of the entire mail system on both machines before starting them again. Not restart, a stop command followed by a start command, and looking at the log files I'm no longer getting complaints about mixed binaries. I'm kicking myself for this one, but also grateful - thanks for that.
dmarc report faild ?
Hello Together Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems. Any from you know this Eror report, what i need to do to fix this issue? C:\folder>nslookup 94.237.32.243 Server: dns204.data.ch Address: 211.232.23.124 Name:wursti.dovecot.fi Address: 94.237.32.243 -- I check also dkim and spif but i don't see the mistake, i dont want that me Mailserver become seriussly mail problems. Regards Mauri mrep...@vmfacility.fr caloro.ch:1503564302 1503477902 1503564302 caloro.ch s s none none 100 94.237.32.243 1 none pass fail caloro.ch dovecot.org unknown caloro.ch pass
Re: dmarc report faild ?
Maurizio Caloro:
Please i have new following Error, from DMARC Report, if i check my domain
on example mxtoolbox i dont see any problems.
Any from you know this Eror report, what i need to do to fix this issue?
I guess, the reports are about messages you sent to the list:
https://dovecot.org/pipermail/dovecot/2017-August/109097.html
are you *really* sure you signed the messages well?
Why do they contain two Signatures?
It may happen the signature is invalid just after signing.
Assuming your messages where signed correct,
compare the header field you signed ("From:To:Subject:Date:From")
with the version you received back from the listserver.
On the other side, there is a quiet good chance the listserver deleted
an html part you sent.
( X-Content-Filtered-By: Mailman/MimeDel 2.1.15 )
so, send plain text...
next: mailman 2.1.15 is 5 years old. These versions are known to be
not very supportive regarding DMARC
because DMARC just was invented ~2012.
If resources are available @dovecot, the operator may update to a
newer version.
Currently 2.1.24 is the latest release.
In any case, your DMARC policy p=none prevent further damage.
p=none is the the friendly choice for domains sending to lists these days.
Andreas
v2.2.32 released
https://dovecot.org/releases/2.2/dovecot-2.2.32.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.32.tar.gz.sig
Two more fixes since rc2. And repeating:
There are various changes in this release that can be used to significantly
reduce disk IO with:
1) NFS storage especially, but I guess also other remote filesystems and even
some with local disks
2) When mail storage and INDEX storage are separated
* imapc: Info-level line is logged every time when successfully
connected to the remote server. This includes local/remote IP/port,
which can be useful for matching against external logs.
* config: Log a warning if plugin { key=no } is used explicitly.
v2.3 will support "no" properly in plugin settings, but for now
any value at all for a boolean plugin setting is treated as "yes",
even if it's written as explicit "no". This change will now warn
that it most likely won't work as intended.
+ Various optimizations to avoid accessing files/directories when it's
not necessary. Especially avoid accessing mail root directories when
INDEX directories point to a different filesystem.
+ mail_location can now include ITERINDEX parameter. This tells Dovecot
to perform mailbox listing from the INDEX path instead of from the
mail root path. It's mainly useful when the INDEX storage is on a
faster storage.
+ mail_location can now include VOLATILEDIR= parameter. This
is used for creating lock files and in future potentially other
files that don't need to exist permanently. The path could point to
tmpfs for example. This is especially useful to avoid creating lock
files to NFS or other remote filesystems. For example:
mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ mail_location's LISTINDEX= can now contain a full path.
This allows storing mailbox list index to a different storage
than the rest of the indexes, for example to tmpfs.
+ mail_location can now include NO-NOSELECT parameter. This
automatically deletes any \NoSelect mailboxes that have no children.
These mailboxes are sometimes confusing to users.
+ mail_location can now include BROKENCHAR= parameter. This can
be useful with imapc to access mailbox names that aren't valid mUTF-7
charset from remote servers.
+ If mailbox_list_index_very_dirty_syncs=yes, the list index is no
longer refreshed against filesystem when listing mailboxes. This
allows the mailbox listing to be done entirely by only reading the
mailbox list index.
+ Added mailbox_list_index_include_inbox setting to control whether
INBOX's STATUS information should be cached in the mailbox list
index. The default is "no", but it may be useful to change it to
"yes", especially if LISTINDEX points to tmpfs.
+ userdb can return chdir=, which override mail_home for the
chdir location. This can be useful to avoid accessing home directory
on login.
+ userdb can return postlogin= to specify per-user imap/pop3
postlogin socket path.
+ cassandra: Add support for result paging by adding page_size=
parameter to the connect setting.
+ dsync/imapc, pop3-migration plugin: Strip also trailing tabs from
headers when matching mails. This helps with migrations from Zimbra.
+ imap_logout_format supports now %{appended} and %{autoexpunged}
+ virtual plugin: Optimize IDLE to use mailbox list index for finding
out when something has changed.
+ Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor
- virtual plugin: A lot of fixes. In many cases it was also working
very inefficiently or even incorrectly.
- imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31.
It was actually (mostly) working in previous versions, but broken
in v2.2.31.
- Modseq tracking didn't always work correctly. This could have caused
imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
not work perfectly.
- mdbox: "Inconsistency in map index" wasn't fixed automatically
- dict-ldap: %variable values used in the LDAP filter weren't escaped.
- quota=count: quota_warning = -storage=.. was never executed (try #2).
v2.2.31 fixed it for -messages, but not for -storage.
- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
FETCHes, but weren't.
- quota-status service didn't support recipient_delimiter
- acl: Don't access dovecot-acl-list files with acl_globals_only=yes
- mail_location: If INDEX dir is set, mailbox deletion deletes its
childrens' indexes. For example if "box" is deleted, "box/child"
index directory was deleted as well (but mails were preserved).
- director: v2.2.31 caused rapid reconnection loops to directors
that were down.
Re: Dovecot - Postfix Calender Synchronisation
On Wed Aug 23 2017 14:26:15 GMT-0400 (Eastern Standard Time), Rupert Gallagher wrote: > On Wed, Aug 23, 2017 at 7:22 PM, Tanstaafl wrote: > >> I would have to put in a plug for SOGo - very lightweight, ... > >> Care to elaborate? > > https://github.com/inverse-inc/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#system-requirements > > Too many requirements. I obviously meant would you care to elaborate on this comment of yours: "There are two portable file formats for calendar and contacts that work across applications and systems, but no server that can use them, and use them safely." Any client<>server system will have some basic requirements. SOGo is very easy to install (as long as you are using a repo+package manager, and aren't trying to install each dependency manually by hand).
Re: dmarc report faild ?
Le 8/24/2017 à 3:47 PM, A. Schulze a écrit : Maurizio Caloro: Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems. Any from you know this Eror report, what i need to do to fix this issue? I guess, the reports are about messages you sent to the list: https://dovecot.org/pipermail/dovecot/2017-August/109097.html As I explained to Maurizio (off list), he received an aggregate report.. (Actually from one of my mail servers) in the sample he sent... It's an aggregate report, so even if everything was succesful, I (or rather opendmarc-reports since I'm using opendmarc) would still send a report ! So receiving a DMARC aggregate report isn't an indication of a problem ! Any SPF error in the report would be normal when received from a mailing list, but I think DMARC passes if either SPF or DKIM pass (you don't need both). Note this is a bit OT, since dovecot has nothing to do with SPF, DKIM, DMARC or any of the postfix/sendmail MILTERs. --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: Dovecot - Postfix Calender Synchronisation
On 08/23/17 10:11, m...@caloro.ch wrote: Please witch add-on possibilities exist to synchronize the Calednar with Dovecot and Postfix. Can give me here any a possible direction ? We use Nextcloud. Excellent integration with Thunderbird Lightning and with anything that have CalDAV and/or CardDAV client. Plus, of course, file sharing ...
dovecot umask for mail boxes
I want to control the mode of newly created boxes. The official documentation here: https://wiki.dovecot.org/SharedMailboxes/Permissions , under Permissions for new mailboxes says this: "When creating a new mailbox, Dovecot copies the permissions from the mailbox root directory. For example with mboxes if you have directories" But it seems to be untrue. I checked it, it soesn't work. I found a topic in mail list archive: https://dovecot.org/list/dovecot/2008-September/033395.html Its recommended to create a 'dovecot-shared' file in each mailbox with proper rights. But how can I do that if mailbox is not exists yet ? Can you provide any working solution to this problem ? -- С уважением, Бажов Вадим, Инженер отдела технической поддержки, Компания «Айдеко» -- Телефоны: +7 (495) 987-32-70; +7 (495) 662-87-34 (тех. поддержка); +7 (343) 220-77-55; Факс: +7 (343) 220-77-85 Электронная почта: Вопросы по приобретению: sa...@ideco.ru Технические вопросы: supp...@ideco.ru Сайт: http://ideco.ru Форум: http://forum.ideco.ru
Re: dovecot umask for mail boxes
Le 8/24/2017 à 6:46 PM, vadim a écrit : I want to control the mode of newly created boxes. The official documentation here: https://wiki.dovecot.org/SharedMailboxes/Permissions , under Permissions for new mailboxes says this: "When creating a new mailbox, Dovecot copies the permissions from the mailbox root directory. For example with mboxes if you have directories" But it seems to be untrue. I checked it, it soesn't work. I found a topic in mail list archive: https://dovecot.org/list/dovecot/2008-September/033395.html Its recommended to create a 'dovecot-shared' file in each mailbox with proper rights. But how can I do that if mailbox is not exists yet ? Can you provide any working solution to this problem ? Hey, Personally I always set the parent directory to have g+s (and group owner to "mail", or whatever you use for your dovecot installation), and this seems to do the trick. I use mdbox, so it may be dependent on the backend being used for mail storage (mbox, maildir, sdbox, mdbox...) --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: vacation problem with SRS
i Cant compile piegeon hole from github with this feature: 2822.c -fPIC -DPIC -o .libs/rfc2822.o *edit-mail.c:* In function '*edit_mail_set_cache_corrupted*': *edit-mail.c:1665:3:* *error: *too many arguments to function ' *edmail->wrapped->v.set_cache_corrupted*' (&edmail->wrapped->mail, field, reason); * ^* *edit-mail.c:* At top level: *edit-mail.c:1694:2:* *warning: *initialization from incompatible pointer type [enabled by default] edit_mail_get_backend_mail, * ^* *edit-mail.c:1694:2:* *warning: *(near initialization for ' *edit_mail_vfuncs.get_real_mail*') [enabled by default] *edit-mail.c:1701:2:* *warning: *initialization from incompatible pointer type [enabled by default] edit_mail_set_cache_corrupted, * ^* *edit-mail.c:1701:2:* *warning: *(near initialization for ' *edit_mail_vfuncs.set_cache_corrupted*') [enabled by default] *edit-mail.c:1703:1:* *warning: *missing initializer for field ' *set_cache_corrupted_reason*' of '*struct mail_vfuncs*' [-Wmissing-field-initializers] }; * ^* In file included from *edit-mail.c:16:0*: */usr/local/include/dovecot/mail-storage-private.h:509:9:* *note: *' *set_cache_corrupted_reason*' declared here void (*set_cache_corrupted_reason)(struct mail *mail, * ^* make[4]: *** [edit-mail.lo] Error 1 make[4]: *** Waiting for unfinished jobs libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I/usr/local/include/dovecot -DMODULEDIR=\"/usr/local/lib/dovecot\" -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I../../.. -MT rfc2822.lo -MD -MP -MF .deps/rfc2822.Tpo -c rfc2822.c -o rfc2822.o >/dev/null 2>&1 mv -f .deps/rfc2822.Tpo .deps/rfc2822.Plo make[4]: Leaving directory `/opt/pigeonhole-master/src/lib-sieve/util' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/opt/pigeonhole-master/src/lib-sieve' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/opt/pigeonhole-master/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/opt/pigeonhole-master' make: *** [all] Error 2 2017-08-24 2:13 GMT+02:00 Stephan Bosch : > Op 7/20/2017 om 8:24 PM schreef Kacper Guzik: > > I have this version with FIXME > > > > > > /* FIXME: If From header of message has same address, we should > use > > that > > > > * instead to properly include the phrase part. > > > > */ > > > > rfc2822_header_printf(msg, "To", "<%s>", reply_to); > > > > > > > > This should be work ok? Or You must change something? > > > > 2017-07-20 15:51 GMT+02:00 Stephan Bosch : > > > >> > >> Op 20-7-2017 om 10:37 schreef Kacper Guzik: > >> > >> Hi i have similiar problem like here: > >>> http://www.iredmail.org/forum/topic11833-iredmail-support-vo > >>> cation-respone-unknown-user.html > >>> > >>> > >>> email send : > >>> from : web...@gmail.com > >>> to : ja...@mail.com > >>> > >>> vocation sent back > >>> from : ja...@mail.com > >>> to : srs0=hmc8=v7=gmail.com=web...@mail.com > >>> > >>> > >>> > >>> postsrsd changing return-path from web...@gmail.com to srs0=hmc8=v7= > >>> gmail.com=web...@mail.com > >>> > >>> this is no problem for me but sieve: > >>> > >>> Vacation's messages are always addressed to the Return-Path address > >>> > >>> it is possible some how change this ugly to header to normal? > >>> > >>> I can't find anything on dovecot mailing lists > >>> > >> Hmm, > >> > >> I think this relates to this FIXME: > >> > >> https://github.com/dovecot/pigeonhole/blob/master/src/lib- > >> sieve/plugins/vacation/cmd-vacation.c#L951 > >> > >> Looks like I've been just lazy. Should be relatively easy to fix. > > I addressed the FIXME earlier already and I have this pending now: > > https://github.com/dovecot/pigeonhole/commit/ > 0e5ec449f701bdc293c5fdc2551d0a7b242703d7 > > Regards, > > Stephan. >
Re: Dovecot - Postfix Calender Synchronisation
Re: portable formats and their mime type https://en.m.wikipedia.org/wiki/ICalendar https://en.m.wikipedia.org/wiki/VCard Re: dependencies - db: why? just use the ical and vcard files! They are files, they are in a directory, they can be used like dovecot uses eml files! No need for postgresql or mysql. - webmail: why? We use dovecot!!! - apache web: why? we use nginx. - linux: why? we use other unix systems. - python: why? it takes 140MB all by itself, it is an interpreter (slow), it is a security hazard, we would have to install it on purpose and sanbox it in a virtual machine! So we have to install a vm manager. Bloody hell... Sent from ProtonMail Mobile On Thu, Aug 24, 2017 at 4:25 PM, Tanstaafl wrote: > On Wed Aug 23 2017 14:26:15 GMT-0400 (Eastern Standard Time), Rupert > Gallagher wrote: > On Wed, Aug 23, 2017 at 7:22 PM, Tanstaafl wrote: > >> I > would have to put in a plug for SOGo - very lightweight, ... > >> Care to > elaborate? > > > https://github.com/inverse-inc/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#system-requirements > > > Too many requirements. I obviously meant would you care to elaborate on > this comment of yours: "There are two portable file formats for calendar and > contacts that work across applications and systems, but no server that can > use them, and use them safely." Any client<>server system will have some > basic requirements. SOGo is very easy to install (as long as you are using a > repo+package manager, and aren't trying to install each dependency manually > by hand). @libertytrek.org> @protonmail.com>
Re: Dovecot - Postfix Calender Synchronisation
RG> Re: portable formats and their mime type RG> https://en.m.wikipedia.org/wiki/ICalendar RG> https://en.m.wikipedia.org/wiki/VCard RG> Re: dependencies RG> - db: why? just use the ical and vcard files! They are files, RG> they are in a directory, they can be used like dovecot uses eml RG> files! No need for postgresql or mysql. RG> - webmail: why? We use dovecot!!! RG> - apache web: why? we use nginx. RG> - linux: why? we use other unix systems. RG> - python: why? it takes 140MB all by itself, it is an interpreter RG> (slow), it is a security hazard, we would have to install it on RG> purpose and sanbox it in a virtual machine! So we have to install a vm manager. RG> Bloody hell... This is a little tongue-in-cheek, but... Do you also yell "Get offa my lawn you dirty punk kids!" regularly? I thought I had the curmudgeonly-old-man schtick down, but you're like Obi Wan. :)
Re: dmarc report faild ?
In the same vein, I am receiving forensic DMARC reports from mx01.nausch.org. Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report. It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass... Here is what I am getting : This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST). Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mrep...@vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr Authentication-Results: mx1.nausch.org; dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW" Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom= smtp.helo=db04.ivansoftware.com Received: from db04 (localhost [127.0.0.1]) by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870 for; Thu, 24 Aug 2017 19:45:02 +0200 (CEST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.99.2 at db04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr; s=mail; t=1503596702; bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=; h=To:From:Subject:Date:From; b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv 0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC 902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5 +RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu LePx9Q8z3nALg== To:dmarc-repo...@nausch.org From:mrep...@vmfacility.fr Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@ X-Mailer: opendmarc-reports v1.3.2 Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST) Message-ID: Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="report_section" Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF. I am also getting forensic reports from this MTA when posting to the list. So my guess is some...@nausch.org on this mailing list might have a misbehaving DMARC responder/filter. Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed). --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
On 24.08.2017 21:05, Ivan Warren wrote: > In the same vein, > > I am receiving forensic DMARC reports from mx01.nausch.org. > It's odd, because the actual report tells me both DKIM and SPF (in the > the of a DMARC report) pass... > > Here is what I am getting : > Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr > Authentication-Results: mx1.nausch.org; > dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr > header.b="oHXeoWbW" > Note that the first part says authentication failed, but the second part > (which is the mail headers for a legit DMARC aggregate report sent to > the published DMARC rua for nausch.org) passes all the tests - both DKIM > and SPF. > > I am also getting forensic reports from this MTA when posting to the list. > > So my guess is some...@nausch.org on this mailing list might have a > misbehaving DMARC responder/filter. Yes, I've seen this, too. I already mailed them, but never got a reaction. Most likely they run an old version of Postfix which has some problems with milters adding headers not seen by later milters... Juri
Re: dmarc report faild ?
And further funny things ... By pasting "message headers" in the message body I got a truckload of forensic reports ! Looks like there something amiss in the DKIM/DMARC realm ! --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: dmarc report faild ?
Le 8/24/2017 à 9:43 PM, Ivan Warren a écrit : And further funny things ... By pasting "message headers" in the message body I got a truckload of forensic reports ! Looks like there something amiss in the DKIM/DMARC realm ! --Ivan Or rather, There is something rotten in the kingdom of DMARC (Sorry couldn't resist.. and my apologies to all for hogging the list). --Ivan smime.p7s Description: Signature cryptographique S/MIME
Re: Error: mdbox .../storage: Duplicate GUID
Hello! On Tuesday, 22 August 2017 09:59:32 CEST Dennis Schridde wrote: > When I force-resync a mailbox of mine, I see following output: > > # doveadm force-resync -u $U $P > doveadm($USER): Warning: mdbox .../storage: Inconsistency in map index > ($X,$Y2 != $X,$Y2) > doveadm($USER): Warning: fscking index file .../storage/dovecot.map.index > doveadm($USER): Warning: mdbox .../storage: rebuilding indexes > doveadm($USER): Error: mdbox .../storage: Duplicate GUID $G in m.$N1:$N2 > (size=$N3) and m.$N1:$N2 (size=$N3) > doveadm($USER): Warning: fscking index file .../storage/dovecot.map.index > doveadm($USER): Warning: mdbox .../storage: Inconsistency in map index > ($X,$Y1 != $X,$Y3) > doveadm($USER): Warning: fscking index file .../storage/dovecot.map.index > doveadm($USER): Warning: fscking index file .../storage/dovecot.map.index > > Different numbers are represented by different $variables, e.g. $N3 != $M3 > and $Y2 != $Y3. > > How can I fix this? Since the two messages are not the same (they have > different sizes), I would expect a cleanup operation to give each message a > unique GUID and write both GUIDs into all places where the old GUID was > referenced. > > I am using Dovecot 2.2.31. Please CC me, since I am not on the list. Is there a way to extract and save the offending messages, delete them and remove them from all mailboxes, and then re-insert them in a healthy way? Or is there at least a way to have a look at their contents and figure out which mailboxes they appear in? --Dennis signature.asc Description: This is a digitally signed message part.
Re: Dovecot - Postfix Calender Synchronisation
“Webmail? We use dovecot.” And how exactly do you read and write mail using dovecot? On Thu, Aug 24, 2017 at 10:56 AM Gregory Sloop wrote: > > > RG> Re: portable formats and their mime type > > RG> https://en.m.wikipedia.org/wiki/ICalendar > RG> https://en.m.wikipedia.org/wiki/VCard > > RG> Re: dependencies > > RG> - db: why? just use the ical and vcard files! They are files, > RG> they are in a directory, they can be used like dovecot uses eml > RG> files! No need for postgresql or mysql. > > RG> - webmail: why? We use dovecot!!! > > RG> - apache web: why? we use nginx. > > RG> - linux: why? we use other unix systems. > > RG> - python: why? it takes 140MB all by itself, it is an interpreter > RG> (slow), it is a security hazard, we would have to install it on > RG> purpose and sanbox it in a virtual machine! So we have to install a vm > manager. > > RG> Bloody hell... > > This is a little tongue-in-cheek, but... > Do you also yell "Get offa my lawn you dirty punk kids!" regularly? > > I thought I had the curmudgeonly-old-man schtick down, but you're like Obi > Wan. > :) >
trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
attempting to compile dovecot 2.2.31 on Sun/Oracle Solaris 10 SPARC. configure goes fine. First sign of problems during compile is with this warning: ... *** libssl_iostream_openssl.so is not portable! ... actual ERRORS - Soon, compile errors out with undefined symbols. Output at bottom of note. ... additional system information. OpenSSL - just prior to dovecot compile attempt, I downloaded and successfully compiled OpenSSL version 1.0.2l (to include a successful "make test" ) in directory /Applications/openssl-1.0.2l.32 , want to link against current code and not mess with system provided SSL stuff in /usr/sfw/* ENV setting and configure command line prior to compile - # setenv CPPFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" # setenv LDFLAGS "-L/Applications/openssl-1.0.2l.32/lib" # setenv SSL_CFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" # setenv SSL_LIBS "-R/Applications/openssl-1.0.2l.32/lib -L/Applications/openssl-1.0.2l.32/lib" # ./configure \ --prefix=/Applications/dovecot-2.2.31.32 \ --with-ssl=openssl \ --with-ssldir=/Applications/dovecot-2.2.31.32/certs \ --with-storages=mbox,maildir,imapc,pop3c . What is the .32 stuff I see appended to directories? I did a 32 bit compile of the latest OpenSSL, then , the data shown here is also for a 32 bit dovecot build to link against the 32 bit OpenSSL build. I have been fighting this for a few days, and had also done an identical 64 bit OpenSSL, then dovecot build. The 64 bit dovecot build failed in the same way and place. Additionally, when I did the 64 bit compile, I ended up pulling down a current copy of ZLIB, and doing a 64 bit compile of that library also, and installing it under /Applications then linking against that. the system ZLIB library is/was 32 bit, and if there is a 64 bit version provided by Sun/Oracle, neither myself or the "configure" script could locate it. Not a big detail, ZLIB is an easy compile, just trying to share all relevant data. . Try again with the latest code. I have been working/fighting 2.2.31 for a couple of days. I see earlier today, dovecot 2.2.32 was released earlier today, so before anyone runs to put on their "*L*" cap and advise me to pull down the latest code, I already did that, and the compile errors out in the same place. . If your still reading, thank you, just want to provide as many relevant details as possible. Again, symbol errors from compile are at bottom. TIA for any helpful comments or suggestions, Jerry ... Undefined first referenced symbol in file ERR_clear_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_load_error_strings ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_ctrl_get_write_guarantee ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so EVP_PKEY_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_use_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_peer_certificate ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_CIPHER_get_bits ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_CIPHER_get_name ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so DH_generate_parameters ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so sk_value ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so PEM_X509_INFO_read_bio ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_NAME_oneline ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ERR_get_error_line_data ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_write ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_NAME_get_text_by_NID ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_ex_new_index ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ENGINE_init ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ENGINE_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_ctrl_pending ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_INFO_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_get_ext_d2i ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ERR_get_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so PEM_read_bio_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so OPENSSL_add_all_algorithms_noconf ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_write ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ENGINE_set_de
dovecot: config: Error: BUG: Config client connection sent too much data
Hello, Today I started noticing a very odd Dovecot error in the mail logs across 2 replicated Dovecot hosts via dsync. I have searched the Dovecot archives, Google, back tracked, downgraded Dovecot to earlier versions from earlier this year and ruled everything out I could think of to no avail. There really are not any helpful reports with what I am specifically seeing. The strange thing is only vm...@domain.net is repeatedly shown in the log. The error looks like this. *Aug 24 22:46:02 orbitron dovecot: config: Error: BUG: Config client connection sent too much dataAug 24 22:46:02 orbitron dovecot: doveadm(vm...@domain.net@domain@domain.net@domain@domain.net@domain@domain.net@domain@domain.net): Fatal: Error reading configuration: read(/var/run/dovecot/config) failed: read(size=8192) failed: Connection reset by peer*** $ dovecot --version 2.2.31 (65cde28) Dovecot #1: Linux kernel 4.9.36-x86_64 Dovecot #2: Linux kernel 4.12.8-x86_64 Here are the latest Dovecot updates performed this year. [2017-04-29 14:45] [ALPM] upgraded dovecot (2.2.28-2 -> 2.2.28-3) [2017-05-02 23:05] [ALPM] upgraded dovecot (2.2.28-3 -> 2.2.29.1-1) [2017-06-11 17:20] [ALPM] upgraded dovecot (2.2.29.1-1 -> 2.2.30.2-1) [2017-06-30 22:46] [ALPM] upgraded dovecot (2.2.30.2-1 -> 2.2.31-1) When Dovecot was last updated back on June 30, I did `systemctl daemon-reload` but never actually restarted the Dovecot daemon until what seems like today. The only thing I did today was edit /etc/dovecot/conf.d/10-auth.conf by simply enabling "*auth_username_format = %Lu*" which was commented out before I enabled it. That is the /*only*/ thing that I tested. After I was done testing I went back and commented out the same thing so it reads "*#auth_username_format = %Lu*" and of course restarted Dovecot. I really doubt this has anything to do with what I am reporting as auth is not the problem in this case. Thank You, Tony signature.asc Description: OpenPGP digital signature
Re: Dovecot - Postfix Calender Synchronisation
On Thu, Aug 24, 2017 at 10:55 PM, Roger Klorese wrote: > "Webmail? We use dovecot." And how exactly do you read and write mail using > dovecot? With a MUA.
