Re: External Program for Authentication?

[Aki Tuomi]

 
 
  
   
  
  
   
On 17 May 2018 at 00:17 Sami Ketola <
sami.ket...@dovecot.fi> wrote:
   
   

   
   

   
   

   
   

   
   

 On 16 May 2018, at 22.18, Marc Perkel <
 m...@perkel.com> wrote:


 


 Is it possible to run a bash script for authentication where a 0 exit code indicates success and a non-zero is failure? What I'm trying to do is create a shadow IMAP server that authenticates against a different server. That way my server will use the same passwords as an existing server.


 


 So what I would need is for dovecot to pass the username and password to my script, I attempt to log in remotely and if I succeed I allow access on my side. My side will be used to configure black lists and where spam is dragged from their side to my side. (I'm a spam filtering company)


 

   
   

   
   
Lua passdb 
https://wiki.dovecot.org/AuthDatabase/Lua <
https://wiki.dovecot.org/AuthDatabase/Lua> on dovecot 2.3 can be used or if you can make your external server act as auth policy server, then you could use 
https://wiki.dovecot.org/Authentication/Policy <
https://wiki.dovecot.org/Authentication/Policy> available since dovecot 2.2.25
   
   

   
   
Sami
   
  
  
   
  
  
   Or you can use passdb imap. https://wiki.dovecot.org/PasswordDatabase/IMAP
  
  
   ---
   Aki Tuomi
   
 

Re: External Program for Authentication?

[Sami Ketola]

> On 16 May 2018, at 22.18, Marc Perkel  wrote:
> 
> Is it possible to run a bash script for authentication where a 0 exit code 
> indicates success and a non-zero is failure? What I'm trying to do is create 
> a shadow IMAP server that authenticates against a different server. That way 
> my server will use the same passwords as an existing server.
> 
> So what I would need is for dovecot to pass the username and password to my 
> script, I attempt to log in remotely and if I succeed I allow access on my 
> side. My side will be used to configure black lists and where spam is dragged 
> from their side to my side. (I'm a spam filtering company)
> 


Lua passdb https://wiki.dovecot.org/AuthDatabase/Lua 
 on dovecot 2.3 can be used or if 
you can make your external server act as auth policy server, then you could use 
https://wiki.dovecot.org/Authentication/Policy 
 available since dovecot 2.2.25

Sami

Re: Maillog warning

[forums]

It"s good, no more message at the restart.

---
## 

Philippe - Forums 

Le 2018-05-16 22:23, Christian Kivalo a écrit :

> On 2018-05-16 21:53, for...@mehl-family.fr wrote: 
> 
>> # DOVECOT -N
>> 
>> ==> see attachment
> This looks overly complicated for a doveconf-n output but it seems to work...
> 
>> # GREP -B2 -A1 'MAIL_PLUGINS =' /ETC/DOVECOT/CONF.D/*
>> 
>> /etc/dovecot/conf.d/10-mail.conf-#auth_socket_path =
>> /var/run/dovecot/auth-userdb
>> /etc/dovecot/conf.d/10-mail.conf-#mail_plugin_dir =
>> /usr/lib/dovecot/modules
>> /etc/dovecot/conf.d/10-mail.conf:#mail_plugins =
> ^^ uncomment this line and add quota to the end. This is the global 
> mail_plugins setting that's included as mail_plugins = $mail_plugins in all 
> protocol sections 
> 
>> /etc/dovecot/conf.d/10-mail.conf-#mailbox_list_index = no
>> --
> rename the file back to 90-quota.conf and comment or remove the lines marked 
> below 
> 
>> /etc/dovecot/conf.d/13-quota.conf-}
>> /etc/dovecot/conf.d/13-quota.conf-
>> /etc/dovecot/conf.d/13-quota.conf:mail_plugins = $mail_plugins quota
> ^^ comment / remove thie above line 
> 
>> /etc/dovecot/conf.d/13-quota.conf-
>> /etc/dovecot/conf.d/13-quota.conf-protocol imap {
>> /etc/dovecot/conf.d/13-quota.conf:  mail_plugins = $mail_plugins
>> imap_quota
>> /etc/dovecot/conf.d/13-quota.conf-}
> ^^ comment / remove the above 3 lines (the whole protocol imap block), the 
> protocol imap block is defined in 20-imap.conf 
> 
>> --
>> /etc/dovecot/conf.d/15-lda.conf-#lda_mailbox_autosubscribe = no
>> /etc/dovecot/conf.d/15-lda.conf-protocol lda {
>> /etc/dovecot/conf.d/15-lda.conf:  mail_plugins = $mail_plugins sieve
>> /etc/dovecot/conf.d/15-lda.conf-}
>> --
>> /etc/dovecot/conf.d/20-imap.conf-#imap_urlauth_host =
>> /etc/dovecot/conf.d/20-imap.conf-protocol imap {
>> /etc/dovecot/conf.d/20-imap.conf:  #mail_plugins = $mail_plugins quota
> ^^ uncomment the above line 
> 
>> /etc/dovecot/conf.d/20-imap.conf-  #mail_max_userip_connections = 10
>> --
>> /etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_max_line_length
>> = 65536
>> /etc/dovecot/conf.d/20-managesieve.conf-  #mail_max_userip_connections
>> = 10
>> /etc/dovecot/conf.d/20-managesieve.conf:  #mail_plugins =
>> /etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_logout_format =
>> bytes=%i/%o
>> --
>> /etc/dovecot/conf.d/20-pop3.conf-protocol pop3 {
>> /etc/dovecot/conf.d/20-pop3.conf-  # Space separated list of plugins
>> to load (default is global mail_plugins).
>> /etc/dovecot/conf.d/20-pop3.conf:  #mail_plugins = $mail_plugins
>> /etc/dovecot/conf.d/20-pop3.conf-
> 
> With those four changes your warning should be gone.

Re: Maillog warning

[Christian Kivalo]

On 2018-05-16 21:53, for...@mehl-family.fr wrote:

# DOVECOT -N

==> see attachment
This looks overly complicated for a doveconf-n output but it seems to 
work...




# GREP -B2 -A1 'MAIL_PLUGINS =' /ETC/DOVECOT/CONF.D/*

/etc/dovecot/conf.d/10-mail.conf-#auth_socket_path =
/var/run/dovecot/auth-userdb
/etc/dovecot/conf.d/10-mail.conf-#mail_plugin_dir =
/usr/lib/dovecot/modules
/etc/dovecot/conf.d/10-mail.conf:#mail_plugins =
^^ uncomment this line and add quota to the end. This is the global 
mail_plugins setting that's included as mail_plugins = $mail_plugins in 
all protocol sections

/etc/dovecot/conf.d/10-mail.conf-#mailbox_list_index = no
--
rename the file back to 90-quota.conf and comment or remove the lines 
marked below

/etc/dovecot/conf.d/13-quota.conf-}
/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf:mail_plugins = $mail_plugins quota

^^ comment / remove thie above line

/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf-protocol imap {
/etc/dovecot/conf.d/13-quota.conf:  mail_plugins = $mail_plugins
imap_quota
/etc/dovecot/conf.d/13-quota.conf-}
^^ comment / remove the above 3 lines (the whole protocol imap block), 
the protocol imap block is defined in 20-imap.conf

--
/etc/dovecot/conf.d/15-lda.conf-#lda_mailbox_autosubscribe = no
/etc/dovecot/conf.d/15-lda.conf-protocol lda {
/etc/dovecot/conf.d/15-lda.conf:  mail_plugins = $mail_plugins sieve
/etc/dovecot/conf.d/15-lda.conf-}
--
/etc/dovecot/conf.d/20-imap.conf-#imap_urlauth_host =
/etc/dovecot/conf.d/20-imap.conf-protocol imap {
/etc/dovecot/conf.d/20-imap.conf:  #mail_plugins = $mail_plugins quota

^^ uncomment the above line

/etc/dovecot/conf.d/20-imap.conf-  #mail_max_userip_connections = 10
--
/etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_max_line_length
= 65536
/etc/dovecot/conf.d/20-managesieve.conf-  #mail_max_userip_connections
= 10
/etc/dovecot/conf.d/20-managesieve.conf:  #mail_plugins =
/etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_logout_format =
bytes=%i/%o
--
/etc/dovecot/conf.d/20-pop3.conf-protocol pop3 {
/etc/dovecot/conf.d/20-pop3.conf-  # Space separated list of plugins
to load (default is global mail_plugins).
/etc/dovecot/conf.d/20-pop3.conf:  #mail_plugins = $mail_plugins
/etc/dovecot/conf.d/20-pop3.conf-


With those four changes your warning should be gone.

--
 Christian Kivalo

Re: [ceph-users] dovecot + cephfs - sdbox vs mdbox

[Webert de Souza Lima]

Thanks Jack.

That's good to know. It is definitely something to consider.
In a distributed storage scenario we might build a dedicated pool for that
and tune the pool as more capacity or performance is needed.

Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*


On Wed, May 16, 2018 at 4:45 PM Jack  wrote:

> On 05/16/2018 09:35 PM, Webert de Souza Lima wrote:
> > We'll soon do benchmarks of sdbox vs mdbox over cephfs with bluestore
> > backend.
> > We'll have to do some some work on how to simulate user traffic, for
> writes
> > and readings. That seems troublesome.
> I would appreciate seeing these results !
>
> > Thanks for the plugins recommendations. I'll take the change and ask you
> > how is the SIS status? We have used it in the past and we've had some
> > problems with it.
>
> I am using it since Dec 2016 with mdbox, with no issue at all (I am
> currently using Dovecot 2.2.27-3 from Debian Stretch)
> The only config I use is mail_attachment_dir, the rest lies as default
> (mail_attachment_min_size = 128k, mail_attachment_fs = sis posix,
> ail_attachment_hash = %{sha1})
> The backend storage is a local filesystem, and there is only one Dovecot
> instance
>
> >
> > Regards,
> >
> > Webert Lima
> > DevOps Engineer at MAV Tecnologia
> > *Belo Horizonte - Brasil*
> > *IRC NICK - WebertRLZ*
> >
> >
> > On Wed, May 16, 2018 at 4:19 PM Jack  wrote:
> >
> >> Hi,
> >>
> >> Many (most ?) filesystems does not store multiple files on the same
> block
> >>
> >> Thus, with sdbox, every single mail (you know, that kind of mail with 10
> >> lines in it) will eat an inode, and a block (4k here)
> >> mdbox is more compact on this way
> >>
> >> Another difference: sdbox removes the message, mdbox does not : a single
> >> metadata update is performed, which may be packed with others if many
> >> files are deleted at once
> >>
> >> That said, I do not have experience with dovecot + cephfs, nor have made
> >> tests for sdbox vs mdbox
> >>
> >> However, and this is a bit out of topic, I recommend you look at the
> >> following dovecot's features (if not already done), as they are awesome
> >> and will help you a lot:
> >> - Compression (classic, https://wiki.dovecot.org/Plugins/Zlib)
> >> - Single-Instance-Storage (aka sis, aka "attachment deduplication" :
> >> https://www.dovecot.org/list/dovecot/2013-December/094276.html)
> >>
> >> Regards,
> >> On 05/16/2018 08:37 PM, Webert de Souza Lima wrote:
> >>> I'm sending this message to both dovecot and ceph-users ML so please
> >> don't
> >>> mind if something seems too obvious for you.
> >>>
> >>> Hi,
> >>>
> >>> I have a question for both dovecot and ceph lists and below I'll
> explain
> >>> what's going on.
> >>>
> >>> Regarding dbox format (https://wiki2.dovecot.org/MailboxFormat/dbox),
> >> when
> >>> using sdbox, a new file is stored for each email message.
> >>> When using mdbox, multiple messages are appended to a single file until
> >> it
> >>> reaches/passes the rotate limit.
> >>>
> >>> I would like to understand better how the mdbox format impacts on IO
> >>> performance.
> >>> I think it's generally expected that fewer larger file translate to
> less
> >> IO
> >>> and more troughput when compared to more small files, but how does
> >> dovecot
> >>> handle that with mdbox?
> >>> If dovecot does flush data to storage upon each and every new email is
> >>> arrived and appended to the corresponding file, would that mean that it
> >>> generate the same ammount of IO as it would do with one file per
> message?
> >>> Also, if using mdbox many messages will be appended to a said file
> >> before a
> >>> new file is created. That should mean that a file descriptor is kept
> open
> >>> for sometime by dovecot process.
> >>> Using cephfs as backend, how would this impact cluster performance
> >>> regarding MDS caps and inodes cached when files from thousands of users
> >> are
> >>> opened and appended all over?
> >>>
> >>> I would like to understand this better.
> >>>
> >>> Why?
> >>> We are a small Business Email Hosting provider with bare metal, self
> >> hosted
> >>> systems, using dovecot for servicing mailboxes and cephfs for email
> >> storage.
> >>>
> >>> We are currently working on dovecot and storage redesign to be in
> >>> production ASAP. The main objective is to serve more users with better
> >>> performance, high availability and scalability.
> >>> * high availability and load balancing is extremely important to us *
> >>>
> >>> On our current model, we're using mdbox format with dovecot, having
> >>> dovecot's INDEXes stored in a replicated pool of SSDs, and messages
> >> stored
> >>> in a replicated pool of HDDs (under a Cache Tier with a pool of SSDs).
> >>> All using cephfs / filestore backend.
> >>>
> >>> Currently there are 3 clusters running dovecot 2.2.34 and ceph Jewel
> >>> (10.2.9-4).
> >>>  - ~25K users from a few thousands of domains per cluster
> >>>  - ~25TB of email data per cluster
> >>> 

Re: [ceph-users] dovecot + cephfs - sdbox vs mdbox

[Webert de Souza Lima]

Hello Danny,

I actually saw that thread and I was very excited about it. I thank you all
for that idea and all the effort being put in it.
I haven't yet tried to play around with your plugin but I intend to, and to
contribute back. I think when it's ready for production it will be
unbeatable.

I have watched your talk at Cephalocon (on YouTube). I'll see your slides,
maybe they'll give me more insights on our infrastructure architecture.

As you can see our business is still taking baby steps compared to Deutsche
Telekom's but we face infrastructure challenges everyday since ever.
As for now, I think we could still fit with cephfs, but we definitely need
some improvement.

Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*


On Wed, May 16, 2018 at 4:42 PM Danny Al-Gaaf 
wrote:

> Hi,
>
> some time back we had similar discussions when we, as an email provider,
> discussed to move away from traditional NAS/NFS storage to Ceph.
>
> The problem with POSIX file systems and dovecot is that e.g. with mdbox
> only around ~20% of the IO operations are READ/WRITE, the rest are
> metadata IOs. You will not change this with using CephFS since it will
> basically behave the same way as e.g. NFS.
>
> We decided to develop librmb to store emails as objects directly in
> RADOS instead of CephFS. The project is still under development, so you
> should not use it in production, but you can try it to run a POC.
>
> For more information check out my slides from Ceph Day London 2018:
> https://dalgaaf.github.io/cephday-london2018-emailstorage/#/cover-page
>
> The project can be found on github:
> https://github.com/ceph-dovecot/
>
> -Danny
>
> Am 16.05.2018 um 20:37 schrieb Webert de Souza Lima:
> > I'm sending this message to both dovecot and ceph-users ML so please
> don't
> > mind if something seems too obvious for you.
> >
> > Hi,
> >
> > I have a question for both dovecot and ceph lists and below I'll explain
> > what's going on.
> >
> > Regarding dbox format (https://wiki2.dovecot.org/MailboxFormat/dbox),
> when
> > using sdbox, a new file is stored for each email message.
> > When using mdbox, multiple messages are appended to a single file until
> it
> > reaches/passes the rotate limit.
> >
> > I would like to understand better how the mdbox format impacts on IO
> > performance.
> > I think it's generally expected that fewer larger file translate to less
> IO
> > and more troughput when compared to more small files, but how does
> dovecot
> > handle that with mdbox?
> > If dovecot does flush data to storage upon each and every new email is
> > arrived and appended to the corresponding file, would that mean that it
> > generate the same ammount of IO as it would do with one file per message?
> > Also, if using mdbox many messages will be appended to a said file
> before a
> > new file is created. That should mean that a file descriptor is kept open
> > for sometime by dovecot process.
> > Using cephfs as backend, how would this impact cluster performance
> > regarding MDS caps and inodes cached when files from thousands of users
> are
> > opened and appended all over?
> >
> > I would like to understand this better.
> >
> > Why?
> > We are a small Business Email Hosting provider with bare metal, self
> hosted
> > systems, using dovecot for servicing mailboxes and cephfs for email
> storage.
> >
> > We are currently working on dovecot and storage redesign to be in
> > production ASAP. The main objective is to serve more users with better
> > performance, high availability and scalability.
> > * high availability and load balancing is extremely important to us *
> >
> > On our current model, we're using mdbox format with dovecot, having
> > dovecot's INDEXes stored in a replicated pool of SSDs, and messages
> stored
> > in a replicated pool of HDDs (under a Cache Tier with a pool of SSDs).
> > All using cephfs / filestore backend.
> >
> > Currently there are 3 clusters running dovecot 2.2.34 and ceph Jewel
> > (10.2.9-4).
> >  - ~25K users from a few thousands of domains per cluster
> >  - ~25TB of email data per cluster
> >  - ~70GB of dovecot INDEX [meta]data per cluster
> >  - ~100MB of cephfs metadata per cluster
> >
> > Our goal is to build a single ceph cluster for storage that could expand
> in
> > capacity, be highly available and perform well enough. I know, that's
> what
> > everyone wants.
> >
> > Cephfs is an important choise because:
> >  - there can be multiple mountpoints, thus multiple dovecot instances on
> > different hosts
> >  - the same storage backend is used for all dovecot instances
> >  - no need of sharding domains
> >  - dovecot is easily load balanced (with director sticking users to the
> > same dovecot backend)
> >
> > On the upcoming upgrade we intent to:
> >  - upgrade ceph to 12.X (Luminous)
> >  - drop the SSD Cache Tier (because it's deprecated)
> >  - use bluestore engine
> >
> > I was said on freenode/#dovecot that there are many c

Re: Maillog warning

[forums]

# DOVECOT -N 

==> see attachment 

# GREP -B2 -A1 'MAIL_PLUGINS =' /ETC/DOVECOT/CONF.D/* 

/etc/dovecot/conf.d/10-mail.conf-#auth_socket_path =
/var/run/dovecot/auth-userdb
/etc/dovecot/conf.d/10-mail.conf-#mail_plugin_dir =
/usr/lib/dovecot/modules
/etc/dovecot/conf.d/10-mail.conf:#mail_plugins =
/etc/dovecot/conf.d/10-mail.conf-#mailbox_list_index = no
--
/etc/dovecot/conf.d/10-mail.conf.ucf-dist-# Space separated list of
plugins to load for all services. Plugins specific to
/etc/dovecot/conf.d/10-mail.conf.ucf-dist-# IMAP, LDA, etc. are added to
this list in their own .conf files.
/etc/dovecot/conf.d/10-mail.conf.ucf-dist:#mail_plugins =
/etc/dovecot/conf.d/10-mail.conf.ucf-dist-
--
/etc/dovecot/conf.d/13-quota.conf-}
/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf:mail_plugins = $mail_plugins quota
/etc/dovecot/conf.d/13-quota.conf-
/etc/dovecot/conf.d/13-quota.conf-protocol imap {
/etc/dovecot/conf.d/13-quota.conf:  mail_plugins = $mail_plugins
imap_quota
/etc/dovecot/conf.d/13-quota.conf-}
--
/etc/dovecot/conf.d/15-lda.conf-#lda_mailbox_autosubscribe = no
/etc/dovecot/conf.d/15-lda.conf-protocol lda {
/etc/dovecot/conf.d/15-lda.conf:  mail_plugins = $mail_plugins sieve
/etc/dovecot/conf.d/15-lda.conf-}
--
/etc/dovecot/conf.d/15-lda.conf.ucf-dist-protocol lda {
/etc/dovecot/conf.d/15-lda.conf.ucf-dist-  # Space separated list of
plugins to load (default is global mail_plugins).
/etc/dovecot/conf.d/15-lda.conf.ucf-dist:  #mail_plugins = $mail_plugins
/etc/dovecot/conf.d/15-lda.conf.ucf-dist-}
--
/etc/dovecot/conf.d/20-imap.conf-#imap_urlauth_host =
/etc/dovecot/conf.d/20-imap.conf-protocol imap {
/etc/dovecot/conf.d/20-imap.conf:  #mail_plugins = $mail_plugins quota
/etc/dovecot/conf.d/20-imap.conf-  #mail_max_userip_connections = 10
--
/etc/dovecot/conf.d/20-imap.conf.ucf-dist-protocol imap {
/etc/dovecot/conf.d/20-imap.conf.ucf-dist-  # Space separated list of
plugins to load (default is global mail_plugins).
/etc/dovecot/conf.d/20-imap.conf.ucf-dist:  #mail_plugins =
$mail_plugins
/etc/dovecot/conf.d/20-imap.conf.ucf-dist-
--
/etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_max_line_length =
65536
/etc/dovecot/conf.d/20-managesieve.conf-  #mail_max_userip_connections =
10
/etc/dovecot/conf.d/20-managesieve.conf:  #mail_plugins =
/etc/dovecot/conf.d/20-managesieve.conf-  #managesieve_logout_format =
bytes=%i/%o
--
/etc/dovecot/conf.d/20-managesieve.conf.ucf-dist-  # Space separated
list of plugins to load (none known to be useful so far).
/etc/dovecot/conf.d/20-managesieve.conf.ucf-dist-  # Do NOT try to load
IMAP plugins here.
/etc/dovecot/conf.d/20-managesieve.conf.ucf-dist:  #mail_plugins =
/etc/dovecot/conf.d/20-managesieve.conf.ucf-dist-
--
/etc/dovecot/conf.d/20-pop3.conf-protocol pop3 {
/etc/dovecot/conf.d/20-pop3.conf-  # Space separated list of plugins to
load (default is global mail_plugins).
/etc/dovecot/conf.d/20-pop3.conf:  #mail_plugins = $mail_plugins
/etc/dovecot/conf.d/20-pop3.conf- 

---
## 

Philippe - Forums 

Le 2018-05-16 21:40, Christian Kivalo a écrit :

> On 2018-05-16 21:07, for...@mehl-family.fr wrote: 
> 
>> OK.
>> 
>> I renamed "conf.d/90-quota.conf" to "conf.d/13-quota.conf" and I have
>> no more this message.
> This doesn't really fix your problem, you just removed the signs of it. The 
> order of the files in /etc/dovecot/conf.d matters.
> 
> Please provide the following:
> doveconf -n
> 
> grep -B2 -A1 'mail_plugins =' /etc/dovecot/conf.d/*` shows the unexpanded 
> mail_plugins settings from your config.# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.14.34-v7+ armv7l Debian 9.4 nfs
auth_mechanisms = plain login
dict {
  quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
lock_method = dotlock
mail_location = maildir:/NFS_Mounts/MBOX/vmail/%d/%n/Maildir
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace {
  inbox = yes
  location = 
  mailbox {
special_use = \Drafts
name = Drafts
  }
  mailbox {
special_use = \Junk
name = Junk
  }
  mailbox {
special_use = \Sent
name = Sent
  }
  mailbox {
special_use = \Sent
name = Sent Messages
  }
  mailbox {
special_use = \Trash
name = Trash
  }
  prefix = 
  separator = /
  name = inbox
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  quota = maildir
  quota_grace = 10%%
  quota_rule = *:storage=3G
  quota_rule2 = Trash:storage=+100M
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve = /etc/dovecot/sieve/.%n-dovecot.sieve
  sieve_dir = /NFS_Mounts/MBOX/vmail/%d/%n/sieve/
}
postmaster_address = supp...@mehl-family.fr
protocols = " i

Re: External Program for Authentication?

[Christian Kivalo]

On 2018-05-16 21:18, Marc Perkel wrote:

Is it possible to run a bash script for authentication where a 0 exit
code indicates success and a non-zero is failure? What I'm trying to
do is create a shadow IMAP server that authenticates against a
different server. That way my server will use the same passwords as an
existing server.

So what I would need is for dovecot to pass the username and password
to my script, I attempt to log in remotely and if I succeed I allow
access on my side. My side will be used to configure black lists and
where spam is dragged from their side to my side. (I'm a spam
filtering company)
Have you looked at the checkpassword [1] and imap [2] authdatbase 
descriptions in the wiki?


[1] https://wiki2.dovecot.org/AuthDatabase/CheckPassword
[2] https://wiki2.dovecot.org/PasswordDatabase/IMAP

--
 Christian Kivalo

Re: [ceph-users] dovecot + cephfs - sdbox vs mdbox

[Danny Al-Gaaf]

Hi,

some time back we had similar discussions when we, as an email provider,
discussed to move away from traditional NAS/NFS storage to Ceph.

The problem with POSIX file systems and dovecot is that e.g. with mdbox
only around ~20% of the IO operations are READ/WRITE, the rest are
metadata IOs. You will not change this with using CephFS since it will
basically behave the same way as e.g. NFS.

We decided to develop librmb to store emails as objects directly in
RADOS instead of CephFS. The project is still under development, so you
should not use it in production, but you can try it to run a POC.

For more information check out my slides from Ceph Day London 2018:
https://dalgaaf.github.io/cephday-london2018-emailstorage/#/cover-page

The project can be found on github:
https://github.com/ceph-dovecot/

-Danny

Am 16.05.2018 um 20:37 schrieb Webert de Souza Lima:
> I'm sending this message to both dovecot and ceph-users ML so please don't
> mind if something seems too obvious for you.
> 
> Hi,
> 
> I have a question for both dovecot and ceph lists and below I'll explain
> what's going on.
> 
> Regarding dbox format (https://wiki2.dovecot.org/MailboxFormat/dbox), when
> using sdbox, a new file is stored for each email message.
> When using mdbox, multiple messages are appended to a single file until it
> reaches/passes the rotate limit.
> 
> I would like to understand better how the mdbox format impacts on IO
> performance.
> I think it's generally expected that fewer larger file translate to less IO
> and more troughput when compared to more small files, but how does dovecot
> handle that with mdbox?
> If dovecot does flush data to storage upon each and every new email is
> arrived and appended to the corresponding file, would that mean that it
> generate the same ammount of IO as it would do with one file per message?
> Also, if using mdbox many messages will be appended to a said file before a
> new file is created. That should mean that a file descriptor is kept open
> for sometime by dovecot process.
> Using cephfs as backend, how would this impact cluster performance
> regarding MDS caps and inodes cached when files from thousands of users are
> opened and appended all over?
> 
> I would like to understand this better.
> 
> Why?
> We are a small Business Email Hosting provider with bare metal, self hosted
> systems, using dovecot for servicing mailboxes and cephfs for email storage.
> 
> We are currently working on dovecot and storage redesign to be in
> production ASAP. The main objective is to serve more users with better
> performance, high availability and scalability.
> * high availability and load balancing is extremely important to us *
> 
> On our current model, we're using mdbox format with dovecot, having
> dovecot's INDEXes stored in a replicated pool of SSDs, and messages stored
> in a replicated pool of HDDs (under a Cache Tier with a pool of SSDs).
> All using cephfs / filestore backend.
> 
> Currently there are 3 clusters running dovecot 2.2.34 and ceph Jewel
> (10.2.9-4).
>  - ~25K users from a few thousands of domains per cluster
>  - ~25TB of email data per cluster
>  - ~70GB of dovecot INDEX [meta]data per cluster
>  - ~100MB of cephfs metadata per cluster
> 
> Our goal is to build a single ceph cluster for storage that could expand in
> capacity, be highly available and perform well enough. I know, that's what
> everyone wants.
> 
> Cephfs is an important choise because:
>  - there can be multiple mountpoints, thus multiple dovecot instances on
> different hosts
>  - the same storage backend is used for all dovecot instances
>  - no need of sharding domains
>  - dovecot is easily load balanced (with director sticking users to the
> same dovecot backend)
> 
> On the upcoming upgrade we intent to:
>  - upgrade ceph to 12.X (Luminous)
>  - drop the SSD Cache Tier (because it's deprecated)
>  - use bluestore engine
> 
> I was said on freenode/#dovecot that there are many cases where SDBOX would
> perform better with NFS sharing.
> In case of cephfs, at first, I wouldn't think that would be true because
> more files == more generated IO, but thinking about what I said in the
> beginning regarding sdbox vs mdbox that could be wrong.
> 
> Any thoughts will be highlt appreciated.
> 
> Regards,
> 
> Webert Lima
> DevOps Engineer at MAV Tecnologia
> *Belo Horizonte - Brasil*
> *IRC NICK - WebertRLZ*
> 
> 
> 
> ___
> ceph-users mailing list
> ceph-us...@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> 

Re: Maillog warning

[Christian Kivalo]

On 2018-05-16 21:07, for...@mehl-family.fr wrote:

OK.

I renamed "conf.d/90-quota.conf" to "conf.d/13-quota.conf" and I have
no more this message.
This doesn't really fix your problem, you just removed the signs of it. 
The order of the files in /etc/dovecot/conf.d matters.


Please provide the following:
doveconf -n

grep -B2 -A1 'mail_plugins =' /etc/dovecot/conf.d/*` shows the 
unexpanded mail_plugins settings from your config.


--
 Christian Kivalo

Re: [ceph-users] dovecot + cephfs - sdbox vs mdbox

[Webert de Souza Lima]

Hello Jack,

yes, I imagine I'll have to do some work on tuning the block size on
cephfs. Thanks for the advise.
I knew that using mdbox, messages are not removed but I though that was
true in sdbox too. Thanks again.

We'll soon do benchmarks of sdbox vs mdbox over cephfs with bluestore
backend.
We'll have to do some some work on how to simulate user traffic, for writes
and readings. That seems troublesome.

Thanks for the plugins recommendations. I'll take the change and ask you
how is the SIS status? We have used it in the past and we've had some
problems with it.

Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*


On Wed, May 16, 2018 at 4:19 PM Jack  wrote:

> Hi,
>
> Many (most ?) filesystems does not store multiple files on the same block
>
> Thus, with sdbox, every single mail (you know, that kind of mail with 10
> lines in it) will eat an inode, and a block (4k here)
> mdbox is more compact on this way
>
> Another difference: sdbox removes the message, mdbox does not : a single
> metadata update is performed, which may be packed with others if many
> files are deleted at once
>
> That said, I do not have experience with dovecot + cephfs, nor have made
> tests for sdbox vs mdbox
>
> However, and this is a bit out of topic, I recommend you look at the
> following dovecot's features (if not already done), as they are awesome
> and will help you a lot:
> - Compression (classic, https://wiki.dovecot.org/Plugins/Zlib)
> - Single-Instance-Storage (aka sis, aka "attachment deduplication" :
> https://www.dovecot.org/list/dovecot/2013-December/094276.html)
>
> Regards,
> On 05/16/2018 08:37 PM, Webert de Souza Lima wrote:
> > I'm sending this message to both dovecot and ceph-users ML so please
> don't
> > mind if something seems too obvious for you.
> >
> > Hi,
> >
> > I have a question for both dovecot and ceph lists and below I'll explain
> > what's going on.
> >
> > Regarding dbox format (https://wiki2.dovecot.org/MailboxFormat/dbox),
> when
> > using sdbox, a new file is stored for each email message.
> > When using mdbox, multiple messages are appended to a single file until
> it
> > reaches/passes the rotate limit.
> >
> > I would like to understand better how the mdbox format impacts on IO
> > performance.
> > I think it's generally expected that fewer larger file translate to less
> IO
> > and more troughput when compared to more small files, but how does
> dovecot
> > handle that with mdbox?
> > If dovecot does flush data to storage upon each and every new email is
> > arrived and appended to the corresponding file, would that mean that it
> > generate the same ammount of IO as it would do with one file per message?
> > Also, if using mdbox many messages will be appended to a said file
> before a
> > new file is created. That should mean that a file descriptor is kept open
> > for sometime by dovecot process.
> > Using cephfs as backend, how would this impact cluster performance
> > regarding MDS caps and inodes cached when files from thousands of users
> are
> > opened and appended all over?
> >
> > I would like to understand this better.
> >
> > Why?
> > We are a small Business Email Hosting provider with bare metal, self
> hosted
> > systems, using dovecot for servicing mailboxes and cephfs for email
> storage.
> >
> > We are currently working on dovecot and storage redesign to be in
> > production ASAP. The main objective is to serve more users with better
> > performance, high availability and scalability.
> > * high availability and load balancing is extremely important to us *
> >
> > On our current model, we're using mdbox format with dovecot, having
> > dovecot's INDEXes stored in a replicated pool of SSDs, and messages
> stored
> > in a replicated pool of HDDs (under a Cache Tier with a pool of SSDs).
> > All using cephfs / filestore backend.
> >
> > Currently there are 3 clusters running dovecot 2.2.34 and ceph Jewel
> > (10.2.9-4).
> >  - ~25K users from a few thousands of domains per cluster
> >  - ~25TB of email data per cluster
> >  - ~70GB of dovecot INDEX [meta]data per cluster
> >  - ~100MB of cephfs metadata per cluster
> >
> > Our goal is to build a single ceph cluster for storage that could expand
> in
> > capacity, be highly available and perform well enough. I know, that's
> what
> > everyone wants.
> >
> > Cephfs is an important choise because:
> >  - there can be multiple mountpoints, thus multiple dovecot instances on
> > different hosts
> >  - the same storage backend is used for all dovecot instances
> >  - no need of sharding domains
> >  - dovecot is easily load balanced (with director sticking users to the
> > same dovecot backend)
> >
> > On the upcoming upgrade we intent to:
> >  - upgrade ceph to 12.X (Luminous)
> >  - drop the SSD Cache Tier (because it's deprecated)
> >  - use bluestore engine
> >
> > I was said on freenode/#dovecot that there are many cases where SDBOX
> would
> > perform better with NFS sh

External Program for Authentication?

[Marc Perkel]

Is it possible to run a bash script for authentication where a 0 exit 
code indicates success and a non-zero is failure? What I'm trying to do 
is create a shadow IMAP server that authenticates against a different 
server. That way my server will use the same passwords as an existing 
server.


So what I would need is for dovecot to pass the username and password to 
my script, I attempt to log in remotely and if I succeed I allow access 
on my side. My side will be used to configure black lists and where spam 
is dragged from their side to my side. (I'm a spam filtering company)

Re: Maillog warning

[forums]

OK. 

I renamed "conf.d/90-quota.conf" to "conf.d/13-quota.conf" and I have no
more this message. 

Thank's. 

---
## 

Philippe - Forums 

Le 2018-05-16 20:53, Sami Ketola a écrit :

>> On 16 May 2018, at 20.16, for...@mehl-family.fr wrote: 
>> 
>> I have comment the line... 
>> 
>> But now I see other warning : 
>> 
>> _WARNING: /ETC/DOVECOT/CONF.D/OLD-90-QUOTA.CONF LINE 39: GLOBAL SETTING 
>> MAIL_PLUGINS WON'T CHANGE THE SETTING INSIDE AN EARLIER FILTER AT 
>> /ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13 (IF THIS IS INTENTIONAL, AVOID THIS 
>> WARNING BY MOVING THE GLOBAL SETTING BEFORE /ETC/DOVECOT/CONF.D/15-LDA.CONF 
>> LINE 13)_ 
>> 
>> AND... I see an error message : 
>> 
>> _ERROR: COULDN'T LOAD REQUIRED PLUGIN 
>> /USR/LIB/DOVECOT/MODULES/LIB11_IMAP_QUOTA_PLUGIN.SO: PLUGIN QUOTA MUST BE 
>> LOADED ALSO (YOU MUST SET: MAIL_PLUGINS=$MAIL_PLUGINS QUOTA)_
> Load your global plugins first, in global config file and protocol specific 
> plugins later in the config. 
> 
> Sami

Re: Maillog warning

[Christian Kivalo]

On 2018-05-16 19:16, for...@mehl-family.fr wrote:

I have comment the line...

But now I see other warning :

_WARNING: /ETC/DOVECOT/CONF.D/OLD-90-QUOTA.CONF LINE 39: GLOBAL
SETTING MAIL_PLUGINS WON'T CHANGE THE SETTING INSIDE AN EARLIER FILTER
AT /ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13 (IF THIS IS INTENTIONAL,
AVOID THIS WARNING BY MOVING THE GLOBAL SETTING BEFORE
/ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13)_

AND... I see an error message :

_ERROR: COULDN'T LOAD REQUIRED PLUGIN
/USR/LIB/DOVECOT/MODULES/LIB11_IMAP_QUOTA_PLUGIN.SO: PLUGIN QUOTA MUST
BE LOADED ALSO (YOU MUST SET: MAIL_PLUGINS=$MAIL_PLUGINS QUOTA)_
The output of doveconf -n would help to see what plugins you are trying 
to load


--
 Christian Kivalo

Re: Maillog warning

[Sami Ketola]

> On 16 May 2018, at 20.16, for...@mehl-family.fr wrote:
> 
> I have comment the line...
> 
> But now I see other warning :
> 
> Warning: /etc/dovecot/conf.d/OLD-90-quota.conf line 39: Global setting 
> mail_plugins won't change the setting inside an earlier filter at 
> /etc/dovecot/conf.d/15-lda.conf line 13 (if this is intentional, avoid this 
> warning by moving the global setting before /etc/dovecot/conf.d/15-lda.conf 
> line 13)
> 
> AND... I see an error message :
> 
> Error: Couldn't load required plugin 
> /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so: Plugin quota must be 
> loaded also (you must set: mail_plugins=$mail_plugins quota)
> 
Load your global plugins first, in global config file and protocol specific 
plugins later in the config.

Sami

dovecot + cephfs - sdbox vs mdbox

[Webert de Souza Lima]

I'm sending this message to both dovecot and ceph-users ML so please don't
mind if something seems too obvious for you.

Hi,

I have a question for both dovecot and ceph lists and below I'll explain
what's going on.

Regarding dbox format (https://wiki2.dovecot.org/MailboxFormat/dbox), when
using sdbox, a new file is stored for each email message.
When using mdbox, multiple messages are appended to a single file until it
reaches/passes the rotate limit.

I would like to understand better how the mdbox format impacts on IO
performance.
I think it's generally expected that fewer larger file translate to less IO
and more troughput when compared to more small files, but how does dovecot
handle that with mdbox?
If dovecot does flush data to storage upon each and every new email is
arrived and appended to the corresponding file, would that mean that it
generate the same ammount of IO as it would do with one file per message?
Also, if using mdbox many messages will be appended to a said file before a
new file is created. That should mean that a file descriptor is kept open
for sometime by dovecot process.
Using cephfs as backend, how would this impact cluster performance
regarding MDS caps and inodes cached when files from thousands of users are
opened and appended all over?

I would like to understand this better.

Why?
We are a small Business Email Hosting provider with bare metal, self hosted
systems, using dovecot for servicing mailboxes and cephfs for email storage.

We are currently working on dovecot and storage redesign to be in
production ASAP. The main objective is to serve more users with better
performance, high availability and scalability.
* high availability and load balancing is extremely important to us *

On our current model, we're using mdbox format with dovecot, having
dovecot's INDEXes stored in a replicated pool of SSDs, and messages stored
in a replicated pool of HDDs (under a Cache Tier with a pool of SSDs).
All using cephfs / filestore backend.

Currently there are 3 clusters running dovecot 2.2.34 and ceph Jewel
(10.2.9-4).
 - ~25K users from a few thousands of domains per cluster
 - ~25TB of email data per cluster
 - ~70GB of dovecot INDEX [meta]data per cluster
 - ~100MB of cephfs metadata per cluster

Our goal is to build a single ceph cluster for storage that could expand in
capacity, be highly available and perform well enough. I know, that's what
everyone wants.

Cephfs is an important choise because:
 - there can be multiple mountpoints, thus multiple dovecot instances on
different hosts
 - the same storage backend is used for all dovecot instances
 - no need of sharding domains
 - dovecot is easily load balanced (with director sticking users to the
same dovecot backend)

On the upcoming upgrade we intent to:
 - upgrade ceph to 12.X (Luminous)
 - drop the SSD Cache Tier (because it's deprecated)
 - use bluestore engine

I was said on freenode/#dovecot that there are many cases where SDBOX would
perform better with NFS sharing.
In case of cephfs, at first, I wouldn't think that would be true because
more files == more generated IO, but thinking about what I said in the
beginning regarding sdbox vs mdbox that could be wrong.

Any thoughts will be highlt appreciated.

Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*

Re: Maillog warning

[forums]

I have comment the line... 

But now I see other warning : 

_WARNING: /ETC/DOVECOT/CONF.D/OLD-90-QUOTA.CONF LINE 39: GLOBAL SETTING
MAIL_PLUGINS WON'T CHANGE THE SETTING INSIDE AN EARLIER FILTER AT
/ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13 (IF THIS IS INTENTIONAL, AVOID
THIS WARNING BY MOVING THE GLOBAL SETTING BEFORE
/ETC/DOVECOT/CONF.D/15-LDA.CONF LINE 13)_ 

AND... I see an error message : 

_ERROR: COULDN'T LOAD REQUIRED PLUGIN
/USR/LIB/DOVECOT/MODULES/LIB11_IMAP_QUOTA_PLUGIN.SO: PLUGIN QUOTA MUST
BE LOADED ALSO (YOU MUST SET: MAIL_PLUGINS=$MAIL_PLUGINS QUOTA)_ 

:-O

---
## 

Philippe - Forums 

Le 2018-05-16 19:07, for...@mehl-family.fr a écrit :

> I just have thus to comment on the line in the file? 
> 
> ---
> ## 
> 
> Philippe - Forums 
> 
> Le 2018-05-16 18:52, Sami Ketola a écrit : 
> 
> On 16 May 2018, at 19.49, for...@mehl-family.fr wrote: 
> 
> Hi, 
> 
> In my maillog I see this warning message at every reception of e-mail: 
> 
> _STATUS=SENT (DELIVERED VIA DOVECOT SERVICE (DOVECONF: WARNING: 
> /ETC/DOVECOT/CONF.D/90-QUOTA.CONF LINE 39: GLOBAL SETTING MAIL_PLUGINS WON'T 
> CHAN._ 
> 
> It is just a warning, the e-mail was delivered. 
> 
> I don't find where is the problem.
> 
> You have mail_plugins setting in 90-quota.conf that is ignored because you 
> have defined mail_plugins in protocol lmtp {} before that in the config. The 
> order matters. 
> 
> Sami

Re: Maillog warning

[forums]

I just have thus to comment on the line in the file? 

---
## 

Philippe - Forums 

Le 2018-05-16 18:52, Sami Ketola a écrit :

>> On 16 May 2018, at 19.49, for...@mehl-family.fr wrote: 
>> 
>> Hi, 
>> 
>> In my maillog I see this warning message at every reception of e-mail: 
>> 
>> _STATUS=SENT (DELIVERED VIA DOVECOT SERVICE (DOVECONF: WARNING: 
>> /ETC/DOVECOT/CONF.D/90-QUOTA.CONF LINE 39: GLOBAL SETTING MAIL_PLUGINS WON'T 
>> CHAN._ 
>> 
>> It is just a warning, the e-mail was delivered. 
>> 
>> I don't find where is the problem.
> 
> You have mail_plugins setting in 90-quota.conf that is ignored because you 
> have defined mail_plugins in protocol lmtp {} before that in the config. The 
> order matters. 
> 
> Sami

Re: Maillog warning

[Sami Ketola]

> On 16 May 2018, at 19.49, for...@mehl-family.fr wrote:
> 
> Hi,
> 
> In my maillog I see this warning message at every reception of e-mail:
> 
> status=sent (delivered via dovecot service (doveconf: Warning: 
> /etc/dovecot/conf.d/90-quota.conf line 39: Global setting mail_plugins won't 
> chan.
> 
> It is just a warning, the e-mail was delivered.
> 
> I don't find where is the problem.
> 
> 

You have mail_plugins setting in 90-quota.conf that is ignored because you have 
defined mail_plugins in protocol lmtp {} before that in the config. The order 
matters.

Sami

Maillog warning

[forums]

Hi, 

In my maillog I see this warning message at every reception of e-mail: 

_STATUS=SENT (DELIVERED VIA DOVECOT SERVICE (DOVECONF: WARNING:
/ETC/DOVECOT/CONF.D/90-QUOTA.CONF LINE 39: GLOBAL SETTING MAIL_PLUGINS
WON'T CHAN._ 

It is just a warning, the e-mail was delivered. 

I don't find where is the problem. 

Thank's. 

-- 
## 

Philippe - Forums

Re: 2.3.1 with quota and lmtp; message may be sent more than once

[Frank Ebert]

Hi,

thank you very much for your reply. Your solution seems to be a good
workaround, until the patch from Stephan is available. Since I
activated this setting in postfix, the problem doesn't appear any more.

Frank


Am Tue, 1 May 2018 23:43:13 +0300
schrieb Christos Chatzaras :

> I had the same problem and the only workaround I found was to change
> this to postfix main.cf :
> 
> default_destination_recipient_limit = 1
> 
> 
> 
> > On 1 May 2018, at 11:12, Frank Ebert  wrote:
> > 
> > Hi,
> > 
> > I have another problem with dovecot 2.3.1 on FreeBSD (smtpd is
> > postfix 3.3.0). When one mail is sent with different recipients and
> > the quota limit of one user is exceeded, the message will be
> > delivered repeatedly to all users. The queue from postfix says:
> > 
> > (lost connection with mailserver.foo.bar[private/lmtp-dovecot] while
> > sending end of data -- message may be sent more than once)
> > 
> > The problem started with dovecot 2.3.1. With 2.2.3x everything was
> > fine.
> > 
> > Any ideas?
> > 
> > Thanx
> > Frank


pgp9dfZhtCDVi.pgp
Description: Digitale Signatur von OpenPGP

Re: 2.3.1 with quota and lmtp; message may be sent more than once

[Frank Ebert]

Thanx!

Frank

Am Tue, 15 May 2018 11:53:09 +0200
schrieb Stephan Bosch :

> Op 14-5-2018 om 23:43 schreef Stephan Bosch:
> > Op 14/05/2018 om 23:17 schreef Stephan Bosch:  
> >>
> >>
> >> Op 01/05/2018 om 10:12 schreef Frank Ebert:  
> >>> Hi,
> >>>
> >>> I have another problem with dovecot 2.3.1 on FreeBSD (smtpd is
> >>> postfix 3.3.0). When one mail is sent with different recipients
> >>> and the quota limit of one user is exceeded, the message will be
> >>> delivered repeatedly to all users. The queue from postfix says:
> >>>
> >>> (lost connection with mailserver.foo.bar[private/lmtp-dovecot]
> >>> while sending end of data -- message may be sent more than once)
> >>>
> >>> The problem started with dovecot 2.3.1. With 2.2.3x everything
> >>> was fine.
> >>>
> >>> Any ideas?  
> >>
> >> Hmm, I am wondering whether we already fixed this one implicitly.
> >> I think we addressed some quota-related problems. Do you have the 
> >> opportunity to test this with git master(-2.3) ?  
> >
> > Never mind, I can reproduce something here:
> >
> > lmtp(hugo)<953>: Fatal: master: 
> > service(lmtp): child 953 killed with signal 11 (core dumps disabled
> > - https://dovecot.org/bugreport.html#coredumps)
> >
> > Working on it..  
> 
> Fix scheduled for 2.3.2:
> 
> https://github.com/dovecot/core/commit/847790d5aab84df38256a6f9b4849af0eb408419
> 
> Regards,
> 
> Stephan.
> 



pgpsmzBLQA4n6.pgp
Description: Digitale Signatur von OpenPGP

dovecot 2.3 on Ubuntu 18.04 LTS

[Jean-Daniel Dupas]

Hello,

I'm running dovecot 2.3 from repo.dovecot.org  on 
ubuntu 16.04 LTS, and I'm wondering if there is a scheduled date for the 
release of the bionic package in that repository.

The Ubuntu mainstream version is based on the 2.2 branch, which prevent us to 
use it.

Thanks.

Dovecot send duplicated certificates when using ssl_alt_cert

[Jean-Daniel Dupas]

Hello,

I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both 
RSA and ECDSA certificates.

My configuration is as follow:

ssl_alt_cert = 

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 12:02 Aki Tuomi 
ha scritto:
> To be strict, 'end to end' would mean that the SENDER would encrypt it
> on his station, and RECEIVER would only decrypt it on his station.
> Everything else is not end-to-end =)

Yes, of course, but this solution with GPG where dovecot is able to encrypt
mails with GPG key
will increase the overall security, but still allows to read all email
(just before the encryption) with
some malwares and so on.

Re: Postfix/Dovecot permissions for new mailboxes

[Aki Tuomi]

https://wiki.dovecot.org/VirtualUsers/Home


On 16.05.2018 13:42, telsch wrote:
> Yes, this settings work as i expected, but i didn't found
> documentation for
> mail_home=
>
> Thanks
>
> On 15.05.2018 20:10, Aki Tuomi wrote:
>>
>> Well, that's not what I asked you to try...
>>
>> try
>>
>> mail_home=/var/spool/mail/%u
>> mail_location=mdbox:~/
>>
>> Aki
>>
>>> On 15 May 2018 at 20:03 telsch  wrote:
>>>
>>>
>>> With this settings I don't get the expectet result, still get wrong
>>> permissions on new mailboxes. Aki did you also try with %u ?
>>>
>>>   > In /etc/dovecot/conf.d/10-mail.conf follow options are set:
>>>   >    mail_gid = mail
>>>   >    mail_privileged_group = mail
>>>   >    mail_access_groups = mail
>>>   >    mail_location = mdbox:/var/spool/mail/%u
>>>
>>> On 15.05.2018 13:06, Aki Tuomi wrote:
 I have to correct myself. I tested with sdbox now too, and it seems
 that
 using

 mail_location=sdbox:~/Mail

 produces the expected behaviour. mdbox uses same code as sdbox for
 this,
 so it should work fine.

 Aki


 On 15.05.2018 13:01, telsch wrote:
> I use mdbox not maildir:
>
>   mail_location = mdbox:/var/spool/mail/%u
>
> On 15.05.2018 11:53, Aki Tuomi wrote:
>> Do you have
>>
>> mail_location=maildir:~/mail
>>
>> or
>>
>> mail_location = maildir:/path/to/whatever/%u
>>
>> I tested with latest 2.2 that if I use /path/to, I get correct
>> permissions.
>>
>> Aki
>>
>>
>> On 15.05.2018 12:43, telsch wrote:
>>> I would expect same permissions as for root mail directory 02770:
>>>    drwxrws--- 5 newuser mail 4096 Apr 23 19:31
>>> /var/spool/mail/newuser/
>>>
>>> Using Dovecot 2.2.34
>>>
>>> On 14.05.2018 08:37, Aki Tuomi wrote:


 On 09.05.2018 12:52, telsch wrote:
> Hello,
>
> the wiki page describe that permission should copied from root
> mail
> directory
>     https://wiki2.dovecot.org/SharedMailboxes/Permissions
>
> The permissions for the root mail directory are set to 2770:
>     drwxrws--- 36 root mail 4096 Apr 15 02:30
> /var/spool/mail/
>
> But newly created mailboxes get following permissions:
>     drwx--S--- 5 newuser mail 4096 Apr 23 19:31
> /var/spool/mail/newuser/
>
> In /etc/dovecot/conf.d/10-mail.conf follow options are set:
>     mail_gid = mail
>     mail_privileged_group = mail
>     mail_access_groups = mail
>
> I'm missing something to get right group permissions for new
> mailboxes?

 What permissions were you expecting? Also, which version of
 dovecot
 are
 you running?

 Aki

>>

Re: Postfix/Dovecot permissions for new mailboxes

[telsch]

Yes, this settings work as i expected, but i didn't found documentation for
mail_home=

Thanks

On 15.05.2018 20:10, Aki Tuomi wrote:


Well, that's not what I asked you to try...

try

mail_home=/var/spool/mail/%u
mail_location=mdbox:~/

Aki


On 15 May 2018 at 20:03 telsch  wrote:


With this settings I don't get the expectet result, still get wrong
permissions on new mailboxes. Aki did you also try with %u ?

  > In /etc/dovecot/conf.d/10-mail.conf follow options are set:
  >mail_gid = mail
  >mail_privileged_group = mail
  >mail_access_groups = mail
  >mail_location = mdbox:/var/spool/mail/%u

On 15.05.2018 13:06, Aki Tuomi wrote:

I have to correct myself. I tested with sdbox now too, and it seems that
using

mail_location=sdbox:~/Mail

produces the expected behaviour. mdbox uses same code as sdbox for this,
so it should work fine.

Aki


On 15.05.2018 13:01, telsch wrote:

I use mdbox not maildir:

  mail_location = mdbox:/var/spool/mail/%u

On 15.05.2018 11:53, Aki Tuomi wrote:

Do you have

mail_location=maildir:~/mail

or

mail_location = maildir:/path/to/whatever/%u

I tested with latest 2.2 that if I use /path/to, I get correct
permissions.

Aki


On 15.05.2018 12:43, telsch wrote:

I would expect same permissions as for root mail directory 02770:
   drwxrws--- 5 newuser mail 4096 Apr 23 19:31
/var/spool/mail/newuser/

Using Dovecot 2.2.34

On 14.05.2018 08:37, Aki Tuomi wrote:



On 09.05.2018 12:52, telsch wrote:

Hello,

the wiki page describe that permission should copied from root mail
directory
    https://wiki2.dovecot.org/SharedMailboxes/Permissions

The permissions for the root mail directory are set to 2770:
    drwxrws--- 36 root mail 4096 Apr 15 02:30 /var/spool/mail/

But newly created mailboxes get following permissions:
    drwx--S--- 5 newuser mail 4096 Apr 23 19:31
/var/spool/mail/newuser/

In /etc/dovecot/conf.d/10-mail.conf follow options are set:
    mail_gid = mail
    mail_privileged_group = mail
    mail_access_groups = mail

I'm missing something to get right group permissions for new
mailboxes?


What permissions were you expecting? Also, which version of dovecot
are
you running?

Aki

Re: end-to-end encryption

[Jochen Bern]

On 05/16/2018 12:01 PM, Aki Tuomi wrote:
> On 16.05.2018 12:56, Jochen Bern wrote:
>> Considering the keywords "dovecot" and "sieve", that would still not be
>> "end to end" and not even "MSA to MX"(-ish) but merely "encrypted
>> storage upon/after final delivery", wouldn't it ... ?
> 
> To be strict, 'end to end' would mean that the SENDER would encrypt it
> on his station, and RECEIVER would only decrypt it on his station.
> Everything else is not end-to-end =)

Yes. Hence my ad-hoc "MSA to MX" terminology for the middle ground that
sysad-me can achieve *without* continued user enthusi^H^H^H^H^H^H^H
cooperation. :-}

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect



smime.p7s
Description: S/MIME Cryptographic Signature

Re: end-to-end encryption

[Aki Tuomi]

On 16.05.2018 12:56, Jochen Bern wrote:
> On 05/16/2018 06:07 AM, Aki Tuomi wrote:
>>> On 15 May 2018 at 22:43 Gandalf Corvotempesta 
>>>  wrote:
>>> Is possible to implement and end-to-end encryption with dovecot, where
>>> server-side there is no private key to decrypt messages?
>> You could probably automate this with sieve and e.g. GnuPG, which would mean
>> that all your mails are encrypted without server having key to decrypt this.
> Considering the keywords "dovecot" and "sieve", that would still not be
> "end to end" and not even "MSA to MX"(-ish) but merely "encrypted
> storage upon/after final delivery", wouldn't it ... ?
>
> FWIW, for auto-encrypting someplace near the MSA, I've used the "GPGPit"
> tool that's available on the web (and that I've made into an "SMIMEit"
> myself). The nontrivial problem with that is to retrieve recipients'
> pubkeys in an even remotely trustworthy manner, of course.
>
> Regards,

To be strict, 'end to end' would mean that the SENDER would encrypt it
on his station, and RECEIVER would only decrypt it on his station.
Everything else is not end-to-end =)

Aki

Re: Re: end-to-end encryption

[Jochen Bern]

On 05/16/2018 06:07 AM, Aki Tuomi wrote:
>> On 15 May 2018 at 22:43 Gandalf Corvotempesta 
>>  wrote:
>> Is possible to implement and end-to-end encryption with dovecot, where
>> server-side there is no private key to decrypt messages?
> 
> You could probably automate this with sieve and e.g. GnuPG, which would mean
> that all your mails are encrypted without server having key to decrypt this.

Considering the keywords "dovecot" and "sieve", that would still not be
"end to end" and not even "MSA to MX"(-ish) but merely "encrypted
storage upon/after final delivery", wouldn't it ... ?

FWIW, for auto-encrypting someplace near the MSA, I've used the "GPGPit"
tool that's available on the web (and that I've made into an "SMIMEit"
myself). The nontrivial problem with that is to retrieve recipients'
pubkeys in an even remotely trustworthy manner, of course.

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect



smime.p7s
Description: S/MIME Cryptographic Signature

Re: end-to-end encryption

[tobisworld]

Yes the server need to know the pubKey for encryption and the client
need access to the privKey to decrypt.
The correct pubKey is determined from gpg based on the rcpt address

Cheers

tobi

Am 16.05.2018 um 11:30 schrieb Gandalf Corvotempesta:
> Il giorno mer 16 mag 2018 alle ore 11:19  ha scritto:
>> I personally use gpgit https://github.com/EtiennePerot/gpgit
>> Which does the encryption of messages. Then I use a sieve script which
>> calls gpgit for every msg and encrypts before saving into mailbox
> 
> If I understood properly, for this to work, a public key must be stored on
> server,
> so that every message is encrypted. Then, on each MUA, the private key must
> be
> present, so that each MUA is able to decrypt the encrypted message, right ?
> 

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 11:19  ha scritto:
> I personally use gpgit https://github.com/EtiennePerot/gpgit
> Which does the encryption of messages. Then I use a sieve script which
> calls gpgit for every msg and encrypts before saving into mailbox

If I understood properly, for this to work, a public key must be stored on
server,
so that every message is encrypted. Then, on each MUA, the private key must
be
present, so that each MUA is able to decrypt the encrypted message, right ?

Re: end-to-end encryption

[tobisworld]

Hi

I personally use gpgit https://github.com/EtiennePerot/gpgit
Which does the encryption of messages. Then I use a sieve script which
calls gpgit for every msg and encrypts before saving into mailbox

Cheers

tobi

Am 16.05.2018 um 10:24 schrieb Gandalf Corvotempesta:
> Il giorno mer 16 mag 2018 alle ore 06:09 Aki Tuomi 
> ha scritto:
>> You could probably automate this with sieve and e.g. GnuPG, which would
> mean that all your mails are encrypted without server having key to decrypt
> this.
> 
> Any guide or sample to look for ?
> 

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 06:09 Aki Tuomi 
ha scritto:
> You could probably automate this with sieve and e.g. GnuPG, which would
mean that all your mails are encrypted without server having key to decrypt
this.

Any guide or sample to look for ?