TLS Error and not working lmtp

2017-12-11 Thread Jakob Schürz 
Hi!

I have some troubles with the virtual plugin. I run a self-compiled
dovecot 2.2.33.2 from debian testing. I patched this version with the
QRESYNC-Patch from a few weeks ago.
But i always get an errormessage, when i try to open an email from a
virtual mailbox.

So i cloned the actual git-Repo and compiled dovecot and pigonehole-sieve.

The problem with the virtual plugin seems gone away. But there are some
other problems.
I use ssl=required and with dovecot from debian TLS/SSL and STARTTLS
works fine.
With the selfcompiled from git, i get this error:

dovecot[1284]: imap-login: Error: Failed to initialize SSL server
context: Couldn't parse DH parameters: error:0906D06C:PEM
routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>,
rip=127.0.0.1, lip=127.0.0.1, secured, session=

The key and crt are exactly the same files as before.

The second problem is, lmtp is not working. I use exactly the same
config for the debians dovecot and dovecot from git. But in the
gitversion the error in exim is:

Failed to connect to socket /var/run/dovecot/lmtp for dovecot_lmtp
transport: Connection refused

My config is:

# dovecot -n
# 2.3.devel (b1aac3a1d): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.devel (624e1769)
# OS: Linux 4.13.0-trunk-amd64 x86_64 Debian 9.3 btrfs
auth_debug = yes
auth_mechanisms = plain login cram-md5 digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
first_valid_uid = 1000
imap_capability = +XDOVECOT
imap_client_workarounds = tb-extra-mailbox-sep
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *, ::1
login_trusted_networks = 127.0.0.1/8 192.168.0.0/24 192.168.1.0/24
172.17.0.0/24 172.18.0.0/24
mail_debug = yes
mail_gid = vmail
mail_home =  /var/mail/%u
mail_location =
maildir:/var/mail/%u/Maildir:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/Maildir/%u:INDEXPVT=/var/lib/dovecot/db/indexes/Maildir/%u:CONTROL=/var/lib/dovecot/db/control/Maildir/%u
mail_plugins = zlib quota acl listescape mail_log notify virtual
mail_privileged_group = vmail
mail_server_admin = mailto:ja...@xundeenergie.at
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
mmap_disable = yes
namespace {
  hidden = no
  inbox = no
  list = children
  location =
maildir:/var/mail/mailarchiv/%u/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/mailarchiv/%u:INDEXPVT=/var/lib/dovecot/db/indexes/mailarchiv/%u
  mailbox incoming {
auto = create
  }
  mailbox outgoing {
auto = create
  }
  prefix = Mailarchiv/
  separator = /
  subscriptions = no
  type = private
}
namespace {
  list = children
  location =
maildir:/var/mail/public/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/public/%u:INDEXPVT=/var/lib/dovecot/db/indexes/public/%u
  prefix = Roseggergasse/
  separator = /
  subscriptions = no
  type = public
}
namespace Geteilt {
  hidden = no
  inbox = no
  list = children
  location =
maildir:/var/mail/%%u/Maildir:LAYOUT=fs:INDEXPVT=/var/lib/dovecot/db/indexes/shared/%u/%%u:INDEX=/var/lib/dovecot/db/indexes/shared/%u/%%u
  prefix = Geteilt/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace Real {
  hidden = yes
  list = no
  location =
virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u
  prefix = Real/
  separator = /
  subscriptions = no
}
namespace Synoptic {
  hidden = no
  list = children
  location =
virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u
  mailbox INBOX/Archives {
auto = no
special_use = \Archive
  }
  mailbox INBOX/Drafts {
auto = no
special_use = \Drafts
  }
  mailbox INBOX/Entwürfe {
auto = no
special_use = \Drafts
  }
  mailbox INBOX/Junk {
auto = no
special_use = \Junk
  }
  mailbox INBOX/Sent {
auto = no
special_use = \Sent
  }
  mailbox INBOX/Spam {
auto = no
special_use = \Junk
  }
  prefix = Synoptic/
  separator = /
  subscriptions = no
}
namespace inbox {
  hidden = no
  inbox = yes
  location =
  mailbox Archiv {
auto = no
special_use = \Archive
  }
  mailbox Archive {
auto = no
special_use = \Archive
  }
  mailbox Archives {
auto = no
special_use = \Archive
  }
  mailbox "Deleted Messages" {
auto = no
special_use = \Trash
  }
  mailbox Drafts {
auto = no
special_use = \Drafts
  }
  mailbox Entwürfe {
auto = no
special_use = \Drafts
  }
  mailbox "Gelöschte Elemente" {
auto = no
special_use = \Trash
  }
  mailbox "Gelöschte Objekte" {
auto = no
special_use = \Trash
  }
  mailbox Gesendet {
auto = no
special_use = \Sent
  }
  mailbox "Gesendete Elemente" {
auto = no
special_use = \Sent
  }
  mailbox "Gesendete Objekte" {
auto = no
special_use =

Re: sieve problem config antispam

2017-12-11 Thread Stephan Bosch 
Op 12/11/2017 om 2:17 PM schreef Günther J. Niederwimmer:
> Hello,
>
> I like to configure the antispam with sieve from this site https://
> wiki2.dovecot.org/HowTo/AntispamWithSieve#For_rspamd
>
> But when I compile the scripts I have this Errors
> sievec /usr/lib64/dovecot/sieve/report-ham.sieve
> report-ham: line 1: error: require command: unknown Sieve capability 
> `vnd.dovecot.pipe'.

You must enable the sieve_extprograms plugin for that extension:

https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms

> report-ham: line 1: error: require command: unknown Sieve capability 
> `imapsieve'.

You must enable the sieve_imapsieve plugin:

https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/IMAPSieve

> report-ham: line 15: error: unknown command 'pipe' (only reported once at 
> first 
> occurrence).
> report-ham: error: validation failed.
> sievec(root): Fatal: failed to compile sieve script '/usr/lib64/dovecot/sieve/
> report-ham.sieve'
>
> My system is a centos 7
> dovecot 2.2.33.1
> dovecot-pigeonhole 2.2.33.1

Regards,

Stephan.

New Dovecot service: SMTP Submission (RFC6409)

2017-12-11 Thread Stephan Bosch 
Hi,

As some of you know, I started implementing the SMTP submission proxy a
few years ago. It acts as a front-end for any MTA, adding the necessary
functionality for an SMTP submission service, also known as a Mail
Submission Agent (MSA) (https://tools.ietf.org/html/rfc6409). The main
reason I created this, back then, was implementing the BURL capability
(https://tools.ietf.org/html/rfc4468). The main application of that
capability -- together with IMAP URLAUTH -- is avoiding a duplicate
upload of submitted e-mail messages; normally the message is both sent
through SMTP and uploaded to the "Sent" folder through IMAP. Using BURL,
the client can first upload the message to IMAP and then use BURL to
make the SMTP server fetch the message from IMAP for submission, thereby
avoiding a second upload. Apart from BURL, the submission proxy service 
also adds the required AUTH support, avoiding the need to configure the
MTA for SASL authentication. More SMTP capabilities like CHUNKING and
SIZE are supported, without requiring the backend MTA supporting these
extensions. Other capabilities like DSN currently require support from
the backend/relay MTA.

At this point, the submission proxy is still pretty basic. However, it
will provide a basis for adding all kinds of functionality in the (not
so distant) future. For the first time, it will be possible to act upon
message submission, rather than only message retrieval; e.g. plugins can
be devised that process outgoing messages somehow. Examples of the
things we could do are adding Sieve filtering support for outgoing
messages, or implicitly storing submitted messages to the Sent folder.
Once a plugin API is devised, you can create your own plugins.

The reason I send this message now, is that this code is finally merged
into the Dovecot master repository. This means that it is part of the
upcoming 2.3 release. Now that it is merged, you can install and test it
from Github if you like. Feedback is of course appreciated. The
documentation is still pretty sparse, but there is currently not much to
configure. Just add "submission" to the protocols and configure the
relay MTA server. The configuration is currently only documented in the
example configuration in doc/example-config/conf.d/20-submission.conf.
The submission service is a login service, just like IMAP, POP3 and
ManageSieve, so clients are required to authenticate. The same
authentication configuration will also apply to submission, unless
you're doing protocol-specific things, in which case you may need to
amend your configuration for the new protocol. BURL support requires a
working IMAP URLAUTH implementation.

I've updated the automated Xi Debian package builder to create an
additional dovecot-submissiond package. So, if you're using the Xi
packages, you only need to install that package and configure the relay MTA.

Regards,

Stephan.

Re: Recommended tool for migrating IMAP servers

2017-12-11 Thread x9p 

On Mon, December 11, 2017 9:32 am, Davide Marchi wrote:

>
> However, it seems that Imapsync has license issues and in fact it's not
> included in the Debian repositories.
> Is it to be used anyway or should be avoid?
>

I do not believe imapsync has license issues. Its written in perl and its
hosted on github. You can pay for support if you want. and disable stats
uploaded to their servers, via command line.

> Many thanks again
>
> Davide
>


cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE
1524 E7EE

Re: hosting emails at home

2017-12-11 Thread Ruben Safir 
what I said, not what you said...


On Mon, Dec 11, 2017 at 10:41:44AM -0800, Kenneth Porter wrote:
> --On Monday, December 11, 2017 1:07 PM -0500 Ruben Safir
>  wrote:
> 
> >thatis not secure and you might as well use gmail
> >
> >It is not so hard to just get a static IP and put a mail server up.
> 
> Why do you think this isn't secure?
> 
> Gmail wouldn't let me run my own spam and AV solution. My external
> server gives me full control, with sendmail, MIMEDefang,
> SpamAssassin, ClamAV, dovecot, and procmail. I could, in principle,
> keep a remote copy of all my mail there and dsync it to my home
> server. I'm using fetchmail (with SSL option) only because I didn't
> understand dsync when I set it up.
> 
> I'm still a bit unclear on how dsync decides which users to sync.
> All my users are real system users, not virtual users. I'd like to
> retire my 3 older accounts on my home system to never receive email
> again, only provide it for archival reading, and direct all my mail
> to new accounts that could be dsync'd to the leased external server.
> So I'd want to limit dsync to only sync the new accounts. Which
> might even be virtual.

-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013

Re: hosting emails at home

2017-12-11 Thread Kenneth Porter 
--On Monday, December 11, 2017 1:07 PM -0500 Ruben Safir 
 wrote:



thatis not secure and you might as well use gmail

It is not so hard to just get a static IP and put a mail server up.


Why do you think this isn't secure?

Gmail wouldn't let me run my own spam and AV solution. My external server 
gives me full control, with sendmail, MIMEDefang, SpamAssassin, ClamAV, 
dovecot, and procmail. I could, in principle, keep a remote copy of all my 
mail there and dsync it to my home server. I'm using fetchmail (with SSL 
option) only because I didn't understand dsync when I set it up.


I'm still a bit unclear on how dsync decides which users to sync. All my 
users are real system users, not virtual users. I'd like to retire my 3 
older accounts on my home system to never receive email again, only provide 
it for archival reading, and direct all my mail to new accounts that could 
be dsync'd to the leased external server. So I'd want to limit dsync to 
only sync the new accounts. Which might even be virtual.

Re: hosting emails at home

2017-12-11 Thread Kenneth Porter 
--On Monday, December 11, 2017 1:06 PM + Darac Marjal 
 wrote:



That's relatively easy. I use the following:


Thanks! My recipe for sendmail is here (section Sendmail workaround, near 
the end of the page), copied from a post on the sendmail newsgroup.




Every time I look into Postfix it looks so much simpler, and your example, 
even with the complicated regex, confirms that.

Re: hosting emails at home

2017-12-11 Thread Ruben Safir 
thatis not secure and you might as well use gmail

It is not so hard to just get a static IP and put a mail server up.

fit/pc has perfect boxes for this, run on about 15w/h power

On Sun, Dec 10, 2017 at 02:42:36PM -0800, Kenneth Porter wrote:
> On 12/10/2017 12:39 PM, Stephan H wrote:
> >I have dovecot postfix setup on my home server as well.  I use a virtual
> >server in the cloud as my mx record and mail relay and have my home record
> >on dynamic dns.  It's really effective.
> 
> My MX points at a leased virtual server and my home server uses
> fetchmail to pull the mail into local mailboxes. I suppose dsync
> might be used instead of fetchmail.

-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013

Re: Recommended tool for migrating IMAP servers

2017-12-11 Thread Sami Ketola 

> On 11 Dec 2017, at 12.32, Davide Marchi  wrote:
> 
> Il 2017-12-05 07:16 Sami Ketola ha scritto:
> [..]
>> Trust us. We have run multiple migrations at scale of 10+ million users.
>> Sami
> 
> However, it seems that Imapsync has license issues and in fact it's not 
> included in the Debian repositories.
> Is it to be used anyway or should be avoid?

We run all our migrations using Dovecot internal dsync. Usually using imapc 
connector to connect to legacy
platform.

Wqmi

Re: recover missing messages - files still present in storage

2017-12-11 Thread Webert de Souza Lima 
doveadm force-resync worked after removing the dovecot.map.index files.


Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*

sieve problem config antispam

2017-12-11 Thread Günther J . Niederwimmer 
Hello,

I like to configure the antispam with sieve from this site https://
wiki2.dovecot.org/HowTo/AntispamWithSieve#For_rspamd

But when I compile the scripts I have this Errors
sievec /usr/lib64/dovecot/sieve/report-ham.sieve
report-ham: line 1: error: require command: unknown Sieve capability 
`vnd.dovecot.pipe'.
report-ham: line 1: error: require command: unknown Sieve capability 
`imapsieve'.
report-ham: line 15: error: unknown command 'pipe' (only reported once at first 
occurrence).
report-ham: error: validation failed.
sievec(root): Fatal: failed to compile sieve script '/usr/lib64/dovecot/sieve/
report-ham.sieve'

My system is a centos 7
dovecot 2.2.33.1
dovecot-pigeonhole 2.2.33.1




-- 
mit freundlichen Grüssen / best regards,

  Günther J. Niederwimmer

Re: hosting emails at home

2017-12-11 Thread Darac Marjal 

On Sun, Dec 10, 2017 at 11:23:34AM -0800, Kenneth Porter wrote:
--On Sunday, December 10, 2017 7:05 PM + André Rodier 
 wrote:



This is so far what I have achieved:


How about MIMEDefang, ClamAV, and SpamAssassin? I'm currently running 
MD+Clam from sendmail and SA from procmail, but I'm open to seeing the 
equivalent solution with Postfix and the Dovecot LDA.


(One thing that keeps me from switching to Postfix is the need to 
accept "plussed" addresses using both the plus sign and the dot (for 
websites that refuse "+" in an email address).)


That's relatively easy. I use the following:

In main.cf:
recipient_delimiter = +
canonical_maps = pcre:/etc/postfix/canonical

In /etc/postfix/canonical:
/^([^\.]+)\.([^\.]+)@(darac\.org\.uk)$/ ${1}+${2}@${3}

The regex can probably be simplified a lot, but to me that's clear that 
foo@darac.org.uk gets mapped to foo+...@darac.org.uk.


That means that I can use plus addressing where it's supported and dot 
addressing where it isn't. From the server's point of view, it's all 
plus-addressed, but I've not yet come across a domain that doesn't like 
(SMTP) mail with a + in the from field (it's usually just the web forms 
that complain).



--
For more information, please reread.


signature.asc
Description: PGP signature

Re: Recommended tool for migrating IMAP servers

2017-12-11 Thread Davide Marchi 

Il 2017-12-05 07:16 Sami Ketola ha scritto:
[..]


Trust us. We have run multiple migrations at scale of 10+ million 
users.


Sami


However, it seems that Imapsync has license issues and in fact it's not 
included in the Debian repositories.

Is it to be used anyway or should be avoid?

Many thanks again

Davide