Error: stat no such file or directory with 2.2.33.2

[María Arrea]

    We have upgraded today from Dovecot 2.2.31 to Dovecot 2.2.33.2 and 
modified our config to include ITERINDEX in mail_location and we are 
detecting some errors like this:



/Dec 13 08:17:31 buzon_rhel7 dovecot: imap(rboloix): Error: 
stat(/buzones/location/18/48/rboloix/mailboxes/SIT - Pra 
2014/dbox-Mails) failed: No such file or directory//
//Dec 13 08:40:24 buzon_rhel7 dovecot: imap(espi): Error: 
stat(/buzones/location/11/21/espi/mailboxes/CURSOS/ACCION 
SOCIAL/dbox-Mails) failed: No such file or directory//
//Dec 13 08:40:25 buzon_rhel7 dovecot: imap(espi: Error: 
stat(/buzones/location/11/21/espi/mailboxes/CURSOS/ACCION 
SOCIAL/dbox-Mails) failed: No such file or directory//
//Dec 13 08:41:59 buzon_rhel7 dovecot: imap(espi): Error: 
stat(/buzones/location/11/21/espi/mailboxes/CURSOS/ACCION 
SOCIAL/dbox-Mails) failed: No such file or directory/


    I have grepped logs of past 4 weeks and have not found this errors 
with Dovecot 2.2.31. Any idea of what is going on?



    Full doveconf -n output below:


/# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 Red Hat Enterprise Linux 
Server release 7.4 (Maipo) xfs

auth_cache_negative_ttl = 10 secs
auth_cache_size = 10 M
auth_cache_ttl = 2 mins
auth_master_user_separator = *
auth_mechanisms = plain login
auth_worker_max_count = 5500
base_dir = /var/run/dovecot/
default_client_limit = 5000
default_process_limit = 6500
disable_plaintext_auth = no
imap_capability = +XLIST
imap_client_workarounds = tb-extra-mailbox-sep delay-newmail tb-lsub-flags
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_fsync = never
mail_gid = entrega
mail_home = /buzones/location/%2.26Hn/%2.200Hn/%n/home_usuario/
mail_location = 
mdbox:/buzoneslocation//%2.26Hn/%2.200Hn/%n:ITERINDEX:INDEX=/indices_dovecot/indices/%2.26Hn/%2.200Hn/%n:ALT=/buzones/alternativolocation//%2.26Hn/%2.200Hn/%n

mail_max_userip_connections = 15000
mail_plugins = " zlib acl quota virtual mail_log notify"
mail_uid = entrega
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date

mdbox_purge_preserve_alt = yes
mdbox_rotate_interval = 1 days
mdbox_rotate_size = 60 M
namespace {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox SPAM {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  type = private
}
namespace {
  list = yes
  location = 
mdbox:/buzoneslocation//%%2.26Hn/%%2.200Hn/%%n:ALT=/buzones/alternativolocation//%%2.26Hn/%%2.200Hn/%%n:INDEX=/indices_dovecot/indices/%%2.26Hn/%%2.200Hn/%%n:INDEXPVT=~/mdbox/carpeta_compartida/%%u

  prefix = carpeta_compartida/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace {
  list = yes
  location = 
virtual:/etc/dovecot/virtual:INDEX=~/mdbox/virtual:CONTROL=~/mdbox/virtual

  prefix = Carpetas_virtuales/
  separator = /
}
passdb {
  args = /etc/dovecot/deny
  deny = yes
  driver = passwd-file
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/buzoneslocation//acls_compartidas.db
  lda_mailbox_autosubscribe = yes
  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  mail_log_fields = uid box msgid size subject from
  quota = dict:Cuota de usuario::file:/buzones/cuotas/%n
  quota_rule2 = Trash:storage=+10%%
  quota_warning = storage=90%% aviso_cuota 90 %u
  sieve = 
/buzoneslocation//%2.26Hn/%2.200Hn/%n/home_usuario/dovecot.sieve

  sieve_dir = /buzoneslocation//%2.26Hn/%2.200Hn/%n/home_usuario/sieve/
  zlib_save = gz
  zlib_save_level = 9
}
pop3_no_flag_updates = yes
protocols = pop3 imap sieve
service anvil {
  client_limit = 25000
}
service auth {
  client_limit = 32000
  unix_listener auth-master {
    user = entrega
  }
  unix_listener auth-userdb {
    user = entrega
  }
  user = root
}
service aviso_cuota {
  executable = script /usr/local/bin/quota-warning.sh
  unix_listener aviso_cuota {
    mode = 0666
  }
  user = entrega
}
service config {
  process_min_avail = 4
}
service imap-login {
  executable = /usr/libexec/dovecot/imap-login
  group = dovenull
  process_min_avail = 2
  service_count = 0
  vsz_limit = 1 G
}
service imap {
  executable = /usr/libexec/dovecot/imap
  process_limit = 8000
  process_min_avail = 12
  vsz_limit = 1 G
}
service managesieve-login {
  executable = /usr/libexec/dovecot/managesieve-login
  inet_listener sieve {
    port = 2000
  }
  process_limit = 2000
  vsz_limit = 1 G
}
service managesieve {
  

Re: TLS Error and not working lmtp

[Aki Tuomi]

On 13.12.2017 02:59, Jakob Schürz wrote:
> Am 2017-12-12 um 09:56 schrieb Aki Tuomi:
>>
>> On 12.12.2017 02:59, Jakob Schürz wrote:
>>> Hi!
> [...]
>> With v2.3 you are required to provide ssl_dh=>
>> You can generate suitable parameters with openssl gendh 2048 (or 4096).
>> Make sure you run it on something that has plenty of entropy available,
>> it will take some time.
> Thanks for the Info. This was a challange for me...
> Is this correct to put this option additionally to ssl_key and ssl_cert
> in the config?
> And it must be the parameter-File, not a cert or key?
>
>
> At least i had to change some paths to the new installation-path
> /usr/local/... in exim and dovecot conf. /var/run/dovecot is in
> /usr/local/var/run/dovecot, if i compile it from git and install it with
> make install.
>
>
> But now, it is working. Thanks for the info
>
> Jakob
>

It must be a separate file, yes.

Also you can probably omit the paths from your config, as they usually
come from defaults.

Aki

Re: TLS Error and not working lmtp

[Jakob Schürz]

Am 2017-12-12 um 09:56 schrieb Aki Tuomi:
> 
> 
> On 12.12.2017 02:59, Jakob Schürz wrote:
>> Hi!
[...]
> 
> With v2.3 you are required to provide ssl_dh= 
> You can generate suitable parameters with openssl gendh 2048 (or 4096).
> Make sure you run it on something that has plenty of entropy available,
> it will take some time.

Thanks for the Info. This was a challange for me...
Is this correct to put this option additionally to ssl_key and ssl_cert
in the config?
And it must be the parameter-File, not a cert or key?


At least i had to change some paths to the new installation-path
/usr/local/... in exim and dovecot conf. /var/run/dovecot is in
/usr/local/var/run/dovecot, if i compile it from git and install it with
make install.


But now, it is working. Thanks for the info

Jakob



signature.asc
Description: OpenPGP digital signature

Re: New Dovecot service: SMTP Submission (RFC6409)

[Robert Schetterer]

Am 12.12.2017 um 00:14 schrieb Stephan Bosch:
> Hi,
> 
> As some of you know, I started implementing the SMTP submission proxy a
> few years ago. It acts as a front-end for any MTA, adding the necessary
> functionality for an SMTP submission service, also known as a Mail
> Submission Agent (MSA) (https://tools.ietf.org/html/rfc6409). The main
> reason I created this, back then, was implementing the BURL capability
> (https://tools.ietf.org/html/rfc4468). The main application of that
> capability -- together with IMAP URLAUTH -- is avoiding a duplicate
> upload of submitted e-mail messages; normally the message is both sent
> through SMTP and uploaded to the "Sent" folder through IMAP. Using BURL,
> the client can first upload the message to IMAP and then use BURL to
> make the SMTP server fetch the message from IMAP for submission, thereby
> avoiding a second upload. Apart from BURL, the submission proxy service 
> also adds the required AUTH support, avoiding the need to configure the
> MTA for SASL authentication. More SMTP capabilities like CHUNKING and
> SIZE are supported, without requiring the backend MTA supporting these
> extensions. Other capabilities like DSN currently require support from
> the backend/relay MTA.
> 
> At this point, the submission proxy is still pretty basic. However, it
> will provide a basis for adding all kinds of functionality in the (not
> so distant) future. For the first time, it will be possible to act upon
> message submission, rather than only message retrieval; e.g. plugins can
> be devised that process outgoing messages somehow. Examples of the
> things we could do are adding Sieve filtering support for outgoing
> messages, or implicitly storing submitted messages to the Sent folder.
> Once a plugin API is devised, you can create your own plugins.
> 
> The reason I send this message now, is that this code is finally merged
> into the Dovecot master repository. This means that it is part of the
> upcoming 2.3 release. Now that it is merged, you can install and test it
> from Github if you like. Feedback is of course appreciated. The
> documentation is still pretty sparse, but there is currently not much to
> configure. Just add "submission" to the protocols and configure the
> relay MTA server. The configuration is currently only documented in the
> example configuration in doc/example-config/conf.d/20-submission.conf.
> The submission service is a login service, just like IMAP, POP3 and
> ManageSieve, so clients are required to authenticate. The same
> authentication configuration will also apply to submission, unless
> you're doing protocol-specific things, in which case you may need to
> amend your configuration for the new protocol. BURL support requires a
> working IMAP URLAUTH implementation.
> 
> I've updated the automated Xi Debian package builder to create an
> additional dovecot-submissiond package. So, if you're using the Xi
> packages, you only need to install that package and configure the relay MTA.
> 
> Regards,
> 
> Stephan.
> 
> 
> 
> 
> 

Hi Stephan, this is extreme cool !


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Mail-crypt plugin clarification

[rje]

I'm looking into ways to encrypt the stored email on my server. The idea is
to make it impossible for my hosting provider (who has access to my VPS) to
read the mail from the disk. 

So I'm looking into ways to do this, and I found the mail-crypt plugin for
dovecot. Unfortunately I find the documentation very hard to understand.
There is no clear description of what the goal and purpose of the plugin is,
or how it works. Most of the documentation is very short and provides no
explanation. So here are some questions - I will gladly help to update the
documentation when some of these questions are answered :) If you cannot
answer them all, please tell me what you know..

- It seems mail-cypt will transparently encrypt/decrypt mail - so it stores
it on the server in encrypted form, but dovecot serves it unencrypted over
IMAP. Is this correct?

- It seems that mail-crypt needs both a private and a public key to work. Is
this correct?

- If mail-crypt has both private and public key in its configuration, does
that not defeat the purpose of the whole thing? Anyone with access to the
disk will be able to read everything?

Regarding the settings:

mail_crypt_global_private_key(_n) - Private key to decrypt files, you can
specify many
mail_crypt_global_public_key - Public key to use to encrypt files, you can
specify one

- How does this work? What does mail-crypt do when multiple private keys are
specified?

mail_crypt_private_key - Private key to decrypt user's master key, can be
base64 encoded
mail_crypt_private_password - Password to decrypt user's master key or
environment private key

- What is the relation between a users master key, and the private/public
global keys above? What is an environment private key?

TIA, and as I said above, I will help with updating the docs!



--
Sent from: http://dovecot.2317879.n4.nabble.com/

Re: New Dovecot service: SMTP Submission (RFC6409)

[Stephan Bosch]

Op 12-12-2017 om 15:28 schreef Tanstaafl:

This is fantastic Stephan! Especially since I'll soon be rolling a new
Dovecot server to act as a backup for our current Office 365 mail, as
well as to be prepared in case I can ever talk the boss into migrating
back to dovecot (we were using Dovecot for a really long time until he
was convinced by others that we 'had' to be on Office 365).

I'll also be setting up a shiny new VPS for my own private mail server,
to provide better service that I currently get from my shared Dreamhost
account.

But can you confirm...

Would this also be called 'BURL' support?

And will this initial implementation work with current Postfix to
provide the basic Save-To-Sent feature?

I seem to recall there was some minor code required on the Postfix side,
and Wietse seemed to not have a problem implementing it, but had asked
about any IMAP Clients supporting BURL...


The thing is: with the Dovecot submission proxy, the availability of 
BURL support at Postfix/Exim/Sendmail is irrelevant. Dovecot handles the 
full SMTP BURL/IMAP URLAUTH functionality without MTA involvement. That 
should make configuration in most cases quite simple. The current 
implementation does require that the proxy has direct access to the 
user's mailbox for BURL (e.g. by running it on the same host as imap), 
but that restriction should be resolved soon, allowing for more complex 
setups.


However, keep in mind that for this particular feature we're just 
providing the "chicken" as it were. The "egg", i.e. client support, is 
still to come. Apart from Trojita (which I think is still not widely 
used), I know of no IMAP client supporting BURL/URLAUTH for message 
submission. I'd expect to see it first for clients that can truly 
benefit; i.e., mobile clients such as K9.


Regards,

Stephan.




On 12/11/2017, 6:14:26 PM, Stephan Bosch  wrote:

Hi,

As some of you know, I started implementing the SMTP submission proxy a
few years ago. It acts as a front-end for any MTA, adding the necessary
functionality for an SMTP submission service, also known as a Mail
Submission Agent (MSA) (https://tools.ietf.org/html/rfc6409). The main
reason I created this, back then, was implementing the BURL capability
(https://tools.ietf.org/html/rfc4468). The main application of that
capability -- together with IMAP URLAUTH -- is avoiding a duplicate
upload of submitted e-mail messages; normally the message is both sent
through SMTP and uploaded to the "Sent" folder through IMAP. Using BURL,
the client can first upload the message to IMAP and then use BURL to
make the SMTP server fetch the message from IMAP for submission, thereby
avoiding a second upload. Apart from BURL, the submission proxy service
also adds the required AUTH support, avoiding the need to configure the
MTA for SASL authentication. More SMTP capabilities like CHUNKING and
SIZE are supported, without requiring the backend MTA supporting these
extensions. Other capabilities like DSN currently require support from
the backend/relay MTA.

At this point, the submission proxy is still pretty basic. However, it
will provide a basis for adding all kinds of functionality in the (not
so distant) future. For the first time, it will be possible to act upon
message submission, rather than only message retrieval; e.g. plugins can
be devised that process outgoing messages somehow. Examples of the
things we could do are adding Sieve filtering support for outgoing
messages, or implicitly storing submitted messages to the Sent folder.
Once a plugin API is devised, you can create your own plugins.

The reason I send this message now, is that this code is finally merged
into the Dovecot master repository. This means that it is part of the
upcoming 2.3 release. Now that it is merged, you can install and test it
from Github if you like. Feedback is of course appreciated. The
documentation is still pretty sparse, but there is currently not much to
configure. Just add "submission" to the protocols and configure the
relay MTA server. The configuration is currently only documented in the
example configuration in doc/example-config/conf.d/20-submission.conf.
The submission service is a login service, just like IMAP, POP3 and
ManageSieve, so clients are required to authenticate. The same
authentication configuration will also apply to submission, unless
you're doing protocol-specific things, in which case you may need to
amend your configuration for the new protocol. BURL support requires a
working IMAP URLAUTH implementation.

I've updated the automated Xi Debian package builder to create an
additional dovecot-submissiond package. So, if you're using the Xi
packages, you only need to install that package and configure the relay MTA.

Re: TLS Error and not working lmtp

[Aki Tuomi]

On 12.12.2017 02:59, Jakob Schürz wrote:
> Hi!
>
> I have some troubles with the virtual plugin. I run a self-compiled
> dovecot 2.2.33.2 from debian testing. I patched this version with the
> QRESYNC-Patch from a few weeks ago.
> But i always get an errormessage, when i try to open an email from a
> virtual mailbox.
>
> So i cloned the actual git-Repo and compiled dovecot and pigonehole-sieve.
>
> The problem with the virtual plugin seems gone away. But there are some
> other problems.
> I use ssl=required and with dovecot from debian TLS/SSL and STARTTLS
> works fine.
> With the selfcompiled from git, i get this error:
>
> dovecot[1284]: imap-login: Error: Failed to initialize SSL server
> context: Couldn't parse DH parameters: error:0906D06C:PEM
> routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>,
> rip=127.0.0.1, lip=127.0.0.1, secured, session=
>
> The key and crt are exactly the same files as before.
>
> The second problem is, lmtp is not working. I use exactly the same
> config for the debians dovecot and dovecot from git. But in the
> gitversion the error in exim is:
>
> Failed to connect to socket /var/run/dovecot/lmtp for dovecot_lmtp
> transport: Connection refused
>
> My config is:
>
> # dovecot -n
> # 2.3.devel (b1aac3a1d): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.devel (624e1769)
> # OS: Linux 4.13.0-trunk-amd64 x86_64 Debian 9.3 btrfs
> auth_debug = yes
> auth_mechanisms = plain login cram-md5 digest-md5
> auth_socket_path = /var/run/dovecot/auth-userdb
> auth_verbose = yes
> first_valid_uid = 1000
> imap_capability = +XDOVECOT
> imap_client_workarounds = tb-extra-mailbox-sep
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> listen = *, ::1
> login_trusted_networks = 127.0.0.1/8 192.168.0.0/24 192.168.1.0/24
> 172.17.0.0/24 172.18.0.0/24
> mail_debug = yes
> mail_gid = vmail
> mail_home =  /var/mail/%u
> mail_location =
> maildir:/var/mail/%u/Maildir:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/Maildir/%u:INDEXPVT=/var/lib/dovecot/db/indexes/Maildir/%u:CONTROL=/var/lib/dovecot/db/control/Maildir/%u
> mail_plugins = zlib quota acl listescape mail_log notify virtual
> mail_privileged_group = vmail
> mail_server_admin = mailto:ja...@xundeenergie.at
> mail_shared_explicit_inbox = yes
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart extracttext
> mmap_disable = yes
> namespace {
>   hidden = no
>   inbox = no
>   list = children
>   location =
> maildir:/var/mail/mailarchiv/%u/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/mailarchiv/%u:INDEXPVT=/var/lib/dovecot/db/indexes/mailarchiv/%u
>   mailbox incoming {
> auto = create
>   }
>   mailbox outgoing {
> auto = create
>   }
>   prefix = Mailarchiv/
>   separator = /
>   subscriptions = no
>   type = private
> }
> namespace {
>   list = children
>   location =
> maildir:/var/mail/public/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/public/%u:INDEXPVT=/var/lib/dovecot/db/indexes/public/%u
>   prefix = Roseggergasse/
>   separator = /
>   subscriptions = no
>   type = public
> }
> namespace Geteilt {
>   hidden = no
>   inbox = no
>   list = children
>   location =
> maildir:/var/mail/%%u/Maildir:LAYOUT=fs:INDEXPVT=/var/lib/dovecot/db/indexes/shared/%u/%%u:INDEX=/var/lib/dovecot/db/indexes/shared/%u/%%u
>   prefix = Geteilt/%%n/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace Real {
>   hidden = yes
>   list = no
>   location =
> virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u
>   prefix = Real/
>   separator = /
>   subscriptions = no
> }
> namespace Synoptic {
>   hidden = no
>   list = children
>   location =
> virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u
>   mailbox INBOX/Archives {
> auto = no
> special_use = \Archive
>   }
>   mailbox INBOX/Drafts {
> auto = no
> special_use = \Drafts
>   }
>   mailbox INBOX/Entwürfe {
> auto = no
> special_use = \Drafts
>   }
>   mailbox INBOX/Junk {
> auto = no
> special_use = \Junk
>   }
>   mailbox INBOX/Sent {
> auto = no
> special_use = \Sent
>   }
>   mailbox INBOX/Spam {
> auto = no
> special_use = \Junk
>   }
>   prefix = Synoptic/
>   separator = /
>   subscriptions = no
> }
> namespace inbox {
>   hidden = no
>   inbox = yes
>   location =
>   mailbox Archiv {
> auto = no
> special_use = \Archive
>   }
>   mailbox Archive {
> auto = no
> special_use = \Archive
>   }
>   mailbox Archives {
> auto = no
> special_use = \Archive
>   }
>   mailbox "Deleted Messages" {
> auto = no
> special_use = \Trash
>   }
>   mailbox Drafts {
> auto = no
> special_use = \Drafts
>   }
>   mailbox Entwürfe {
> auto = no
>