Bug: 'noreplicate' database extra field ingnored

2018-10-19 Thread Phil 
The 'noreplicate' user database field described in the wiki appears to 
make no difference as to whether an account gets replicated or not.
My sql user query returns a 'noreplicate' field and I can confirm that 
this is getting set using 'doveadm user', however when I add a new 
account with noreplicate=true it gets replicated regardless.


User query:
user_query = SELECT home, uid, gid, noreplicate FROM mail_accounts WHERE 
address = '%u'


# doveadm user us...@mydomain.com
field   value
uid 1000
gid 1000
home/mail/domains/mydomain.com/user1/Maildir
mailmaildir:/mail/domains/mydomain.com/user1/Maildir
noreplicate t


# 2.3.3 (dcead646b): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: FreeBSD 11.2-RELEASE-p4 amd64
# Hostname: mx
doveadm_password = # hidden, use -P to show it
doveadm_port = 2727
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
listen = *
mail_location = maildir:%h
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_replica = tcps:mail2..com
}
protocols = imap lmtp submission
replication_full_sync_interval = 6 hours
service aggregator {
  fifo_listener replication-notify-fifo {
user = vmail
  }
  unix_listener replication-notify {
user = vmail
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
user = vmail
  }
  user = root
}
service doveadm {
  inet_listener {
port = 2727
ssl = yes
  }
}
service imap-login {
  inet_listener imaps {
address = xxx.xxx.xxx.xxx
port = 993
  }
  process_limit = 256
  process_min_avail = 6
  service_count = 1
  vsz_limit = 64 M
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
mode = 0600
user = vmail
  }
}
ssl = required
ssl_cert = .com.pem
ssl_client_ca_dir = /etc/ssl/
ssl_client_ca_file = /etc/ssl/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
verbose_proctitle = yes
protocol imap {
  mail_max_userip_connections = 100
}
protocol lda {
  postmaster_address = postmaster@.com
  sendmail_path = /usr/sbin/sendmail
}

Request: option to hide user IP/HELO content from mail sent via submissiond

2018-10-19 Thread Lee Maguire 
For reasons of user privacy and security I usually configure submission servers 
to not include accurate IP address and HELO information of authenticated users. 
(Usually replacing it with a private-use domain / IPv6 address.)

Dovecot submission (2.3.2) will produce a header something like this (where 
“10.22.36.10" is a public IP address)

  Received: from [192.168.1.184] ([10.22.36.10])
by x.example.com with ESMTPSA
id xY/yDFD9yVtsFwAARu9lhg
(envelope-from )
for ; Fri, 19 Oct 2018 18:50:40 +0100

It would be good if a local administrator could override the trace “from” 
content with syntactically valid, but privacy respecting, content. e.g.

  Received: from submission.local ([fdf7:c4e4:1c1e::10])
by x.example.com with ESMTPSA
id xY/yDFD9yVtsFwAARu9lhg
(envelope-from )
for ; Fri, 19 Oct 2018 18:50:40 +0100


RFC 5321 specifies that the “from” MUST exist but only specifies that the 
content SHOULD be the source host. (Assuming that Submission is “an SMTP 
environment”. RFC 6409 makes some provision for header rewriting to hide 
machine names. https://tools.ietf.org/html/rfc6409#section-8.8 )

https://tools.ietf.org/html/rfc5321#section-4.4
 The FROM clause, which MUST be supplied in an SMTP environment, 
 SHOULD contain both (1) the name of the source host as presented
 in the EHLO command and (2) an address literal containing the IP
 address of the source, determined from the TCP connection.

RE: Dovecot 2.2.13 error message

2018-10-19 Thread Aki Tuomi 


 
 
  
   I mean same user having concurrent session on more than one backend. This will likely cause index corruption. Same applies for dovecot doing delivery on differenr backend than where the user is currently logged in. 
  
  
   
  
  
   Aki
  
  
   
On 19 October 2018 at 17:57 Albert Whale <
albert.wh...@it-security-inc.com> wrote:
   
   

   
   

   
   
Maybe I misunderstand. Each user is only able to access their mailbox from a single connection at a time. Other users can access the NFS Spool from other connections, I think that is what I am calling Concurrent connections.
   
   

   
   
Is that the same definition you have?
   
   

   
   

   
   

   
   
From: dovecot [mailto:
dovecot-boun...@dovecot.org] On Behalf Of Aki Tuomi
   
   
Sent: Friday, October 19, 2018 10:05 AM
   
   
To: Albert Whale <
albert.wh...@it-security-inc.com>; 
dovecot@dovecot.org
   
   
Subject: RE: Dovecot 2.2.13 error message
   
   

   
   

   
   

   
   
Concurrent access is not supported. One user should access mail using one backend at a time. You can use dovecot in director mode to prevent this.
   
   

   
   

   
   

   
   
Aki
   
   

   
   
On 19 October 2018 at 16:47 Albert Whale < 
albert.wh...@it-security-inc.com albert.wh...@it-security-inc.com> > wrote:
   
   

   
   

   
   

   
   

   
   

   
   
Yes, there is currently concurrent usage because the Mail spool is NFS
   
   

   
   
Mounted.
   
   

   
   

   
   

   
   

   
   

   
   

   
   

   
   
Here is the current configuration:
   
   

   
   

   
   

   
   

   
   

   
   

   
   

   
   
dovecot -n
   
   

   
   

   
   

   
   
# 2.1.15: /etc/dovecot/dovecot.conf
   
   

   
   

   
   

   
   
# OS: Linux 3.10.54-server-2.mga3 i686 Mageia 3
   
   

   
   

   
   

   
   
base_dir = /var/run/dovecot/
   
   

   
   

   
   

   
   
disable_plaintext_auth = no
   
   

   
   

   
   

   
   
lock_method = dotlock
   
   

   
   

   
   

   
   
login_greeting = SpamZapper Email ready.
   
   

   
   

   
   

   
   
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
   
   

   
   

   
   

   
   
mail_debug = yes
   
   

   
   

   
   

   
   
mail_fsync = always
   
   

   
   

   
   

   
   
mail_location = maildir:~/Maildir
   
   

   
   

   
   

   
   
mail_nfs_index = yes
   
   

   
   

   
   

   
   
mail_nfs_storage = yes
   
   

   
   

   
   

   
   
mail_privileged_group = mail
   
   

   
   

   
   

   
   
mbox_lock_timeout = 15 mins
   
   

   
   

   
   

   
   
mmap_disable = yes
   
   

   
   

   
   

   
   
passdb {
   
   

   
   

   
   

   
   
driver = pam
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
protocols = imap pop3
   
   

   
   

   
   

   
   
service anvil {
   
   

   
   

   
   

   
   
client_limit = 1000
   
   

   
   

   
   

   
   
process_limit = 1
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
service auth {
   
   

   
   

   
   

   
   
user = root
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
service imap-login {
   
   

   
   

   
   

   
   
chroot = login
   
   

   
   

   
   

   
   
client_limit = 10
   
   

   
   

   
   

   
   
user = dovecot
   
   

   
   

   
   

   
   
vsz_limit = 256 M
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
service pop3-login {
   
   

   
   

   
   

   
   
chroot = login
   
   

   
   

   
   

   
   
client_limit = 1024
   
   

   
   

   
   

   
   
user = dovecot
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
ssl = no
   
   

   
   

   
   

   
   
syslog_facility = local2
   
   

   
   

   
   

   
   
userdb {
   
   

   
   

   
   

   
   
driver = passwd
   
   

   
   

   
   

   
   
}
   
   

   
   

   
   

   
   
verbose_proctitle = yes
   
   

   
   

   
   

   
   
protocol pop3 {

RE: Dovecot 2.2.13 error message

2018-10-19 Thread Albert Whale 
Maybe I misunderstand.  Each user is only able to access their mailbox from a 
single connection at a time.  Other users can access the NFS Spool from other 
connections, I think that is what I am calling Concurrent connections.

Is that the same definition you have?

 

From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Aki Tuomi
Sent: Friday, October 19, 2018 10:05 AM
To: Albert Whale ; dovecot@dovecot.org
Subject: RE: Dovecot 2.2.13 error message

 

Concurrent access is not supported. One user should access mail using one 
backend at a time. You can use dovecot in director mode to prevent this. 

 

Aki 

On 19 October 2018 at 16:47 Albert Whale < albert.wh...@it-security-inc.com 
 > wrote: 

 

 

Yes, there is currently concurrent usage because the Mail spool is NFS 

Mounted. 

 

 

 

Here is the current configuration: 

 

 

 

dovecot -n 

 

# 2.1.15: /etc/dovecot/dovecot.conf 

 

# OS: Linux 3.10.54-server-2.mga3 i686 Mageia 3 

 

base_dir = /var/run/dovecot/ 

 

disable_plaintext_auth = no 

 

lock_method = dotlock 

 

login_greeting = SpamZapper Email ready. 

 

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c 

 

mail_debug = yes 

 

mail_fsync = always 

 

mail_location = maildir:~/Maildir 

 

mail_nfs_index = yes 

 

mail_nfs_storage = yes 

 

mail_privileged_group = mail 

 

mbox_lock_timeout = 15 mins 

 

mmap_disable = yes 

 

passdb { 

 

driver = pam 

 

} 

 

protocols = imap pop3 

 

service anvil { 

 

client_limit = 1000 

 

process_limit = 1 

 

} 

 

service auth { 

 

user = root 

 

} 

 

service imap-login { 

 

chroot = login 

 

client_limit = 10 

 

user = dovecot 

 

vsz_limit = 256 M 

 

} 

 

service pop3-login { 

 

chroot = login 

 

client_limit = 1024 

 

user = dovecot 

 

} 

 

ssl = no 

 

syslog_facility = local2 

 

userdb { 

 

driver = passwd 

 

} 

 

verbose_proctitle = yes 

 

protocol pop3 { 

 

mail_max_userip_connections = 20 

 

pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s 

 

pop3_uidl_format = %08Xv%08Xu 

 

} 

 

protocol lda { 

 

postmaster_address = postmas...@example.com   

 

} 

 

protocol imap { 

 

mail_max_userip_connections = 30 

 

} 

 

 

 

 

 

For the time being, I have isolated usage of POP3 connections on a single 

Servers, however IMAP is especially problematic. 

 

 

 

From: Aki Tuomi [mailto: aki.tu...@open-xchange.com 
 ] 

Sent: Friday, October 19, 2018 2:51 AM 

To: Albert Whale < albert.wh...@it-security-inc.com 
 >; dovecot@dovecot.org 
  

Subject: Re: Dovecot 2.2.13 error message 

 

 

 

 

 

On 18.10.2018 15.15, Albert Whale wrote: 

 

In attempting to reactivate my IMAP communications with my Email Spool (NFS 

Mounted), I have gotten the following while attempting to download the 

Emails via POP3. 

 

 

 

Oct 18 08:00:45 ns4 dovecot: pop3-login: Login: user=, 

method=PLAIN, rip=74.109.213.194, lip=66.207.133.232 

 

Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Error: Timeout (180s) while 

waiting for dotlock for transaction log file 

/home/aewhale/Maildir/dovecot.index.log 

 

Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Disconnected: Storage error 

during logout. top=0/0, retr=11511/1566975544, del=11511/11511, 

size=1566691807 

 

Oct 18 08:02:58 ns4 dovecot: pop3(aewhale): Connection closed top=0/0, 

retr=0/0, del=0/11520, size=1566929900 

 

 

 

This is significantly more information than what I can receive from 2.1.15, 

but still does not resolve the communications issues. 

 

 

 

Any help is certainly appreciated. 

 

 

 

 

 

-- 

 

Albert E. Whale, CEH CHS CISA CISSP 

 

 

 

Hi! 

 

Seems something is locking the index. Do you have concurrent usage between 

two or more nodes for same user? 

 

Aki 

 

--- 
Aki Tuomi

RE: Dovecot 2.2.13 error message

2018-10-19 Thread Aki Tuomi 


 
 
  
   Concurrent access is not supported. One user should access mail using one backend at a time. You can use dovecot in director mode to prevent this.
  
  
   
  
  
   Aki
  
  
   
On 19 October 2018 at 16:47 Albert Whale <
albert.wh...@it-security-inc.com> wrote:
   
   

   
   

   
   
Yes, there is currently concurrent usage because the Mail spool is NFS
   
   
Mounted.
   
   

   
   

   
   

   
   
Here is the current configuration:
   
   

   
   

   
   

   
   
dovecot -n
   
   

   
   
# 2.1.15: /etc/dovecot/dovecot.conf
   
   

   
   
# OS: Linux 3.10.54-server-2.mga3 i686 Mageia 3
   
   

   
   
base_dir = /var/run/dovecot/
   
   

   
   
disable_plaintext_auth = no
   
   

   
   
lock_method = dotlock
   
   

   
   
login_greeting = SpamZapper Email ready.
   
   

   
   
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
   
   

   
   
mail_debug = yes
   
   

   
   
mail_fsync = always
   
   

   
   
mail_location = maildir:~/Maildir
   
   

   
   
mail_nfs_index = yes
   
   

   
   
mail_nfs_storage = yes
   
   

   
   
mail_privileged_group = mail
   
   

   
   
mbox_lock_timeout = 15 mins
   
   

   
   
mmap_disable = yes
   
   

   
   
passdb {
   
   

   
   
driver = pam
   
   

   
   
}
   
   

   
   
protocols = imap pop3
   
   

   
   
service anvil {
   
   

   
   
client_limit = 1000
   
   

   
   
process_limit = 1
   
   

   
   
}
   
   

   
   
service auth {
   
   

   
   
user = root
   
   

   
   
}
   
   

   
   
service imap-login {
   
   

   
   
chroot = login
   
   

   
   
client_limit = 10
   
   

   
   
user = dovecot
   
   

   
   
vsz_limit = 256 M
   
   

   
   
}
   
   

   
   
service pop3-login {
   
   

   
   
chroot = login
   
   

   
   
client_limit = 1024
   
   

   
   
user = dovecot
   
   

   
   
}
   
   

   
   
ssl = no
   
   

   
   
syslog_facility = local2
   
   

   
   
userdb {
   
   

   
   
driver = passwd
   
   

   
   
}
   
   

   
   
verbose_proctitle = yes
   
   

   
   
protocol pop3 {
   
   

   
   
mail_max_userip_connections = 20
   
   

   
   
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
   
   

   
   
pop3_uidl_format = %08Xv%08Xu
   
   

   
   
}
   
   

   
   
protocol lda {
   
   

   
   
postmaster_address = 
postmas...@example.com
   
   

   
   
}
   
   

   
   
protocol imap {
   
   

   
   
mail_max_userip_connections = 30
   
   

   
   
}
   
   

   
   

   
   

   
   

   
   

   
   
For the time being, I have isolated usage of POP3 connections on a single
   
   
Servers, however IMAP is especially problematic.
   
   

   
   

   
   

   
   
From: Aki Tuomi [mailto:
aki.tu...@open-xchange.com]
   
   
Sent: Friday, October 19, 2018 2:51 AM
   
   
To: Albert Whale <
albert.wh...@it-security-inc.com>; 
dovecot@dovecot.org
   
   
Subject: Re: Dovecot 2.2.13 error message
   
   

   
   

   
   

   
   

   
   

   
   
On 18.10.2018 15.15, Albert Whale wrote:
   
   

   
   
In attempting to reactivate my IMAP communications with my Email Spool (NFS
   
   
Mounted), I have gotten the following while attempting to download the
   
   
Emails via POP3.
   
   

   
   

   
   

   
   
Oct 18 08:00:45 ns4 dovecot: pop3-login: Login: user=,
   
   
method=PLAIN, rip=74.109.213.194, lip=66.207.133.232
   
   

   
   
Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Error: Timeout (180s) while
   
   
waiting for dotlock for transaction log file
   
   
/home/aewhale/Maildir/dovecot.index.log
   
   

   
   
Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Disconnected: Storage error
   
   
during logout. top=0/0, retr=11511/1566975544, del=11511/11511,
   
   
size=1566691807
   
   

   
   
Oct 18 08:02:58 ns4 dovecot: pop3(aewhale): Connection closed top=0/0,
   
   
retr=0/0, del=0/11520, size=1566929900
   
   

   
   

   
   

   
   
This is significantly more information than what I can receive from 2.1.15,
   
   
but still does not resolve the communications issues.
   
   

   
   

   
   

   
   
Any help is certainly appreciated.
   
   

   
   

   
   

   
   

   
   

   
   
--
   
   

   
   
Albert E. Whale, CEH CHS

RE: Dovecot 2.2.13 error message

2018-10-19 Thread Albert Whale 
Yes, there is currently concurrent usage because the Mail spool is NFS
Mounted.  

 

Here is the current configuration:

 

dovecot -n

# 2.1.15: /etc/dovecot/dovecot.conf

# OS: Linux 3.10.54-server-2.mga3 i686 Mageia 3

base_dir = /var/run/dovecot/

disable_plaintext_auth = no

lock_method = dotlock

login_greeting = SpamZapper Email ready.

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c

mail_debug = yes

mail_fsync = always

mail_location = maildir:~/Maildir

mail_nfs_index = yes

mail_nfs_storage = yes

mail_privileged_group = mail

mbox_lock_timeout = 15 mins

mmap_disable = yes

passdb {

  driver = pam

}

protocols = imap pop3

service anvil {

  client_limit = 1000

  process_limit = 1

}

service auth {

  user = root

}

service imap-login {

  chroot = login

  client_limit = 10

  user = dovecot

  vsz_limit = 256 M

}

service pop3-login {

  chroot = login

  client_limit = 1024

  user = dovecot

}

ssl = no

syslog_facility = local2

userdb {

  driver = passwd

}

verbose_proctitle = yes

protocol pop3 {

  mail_max_userip_connections = 20

  pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s

  pop3_uidl_format = %08Xv%08Xu

}

protocol lda {

  postmaster_address = postmas...@example.com

}

protocol imap {

  mail_max_userip_connections = 30

}

 

 

For the time being, I have isolated usage of POP3 connections on a single
Servers, however IMAP is especially problematic.

 

From: Aki Tuomi [mailto:aki.tu...@open-xchange.com] 
Sent: Friday, October 19, 2018 2:51 AM
To: Albert Whale ; dovecot@dovecot.org
Subject: Re: Dovecot 2.2.13 error message

 

 

On 18.10.2018 15.15, Albert Whale wrote:

In attempting to reactivate my IMAP communications with my Email Spool (NFS
Mounted), I have gotten the following while attempting to download the
Emails via POP3.

 

Oct 18 08:00:45 ns4 dovecot: pop3-login: Login: user=,
method=PLAIN, rip=74.109.213.194, lip=66.207.133.232

Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Error: Timeout (180s) while
waiting for dotlock for transaction log file
/home/aewhale/Maildir/dovecot.index.log

Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Disconnected: Storage error
during logout. top=0/0, retr=11511/1566975544, del=11511/11511,
size=1566691807

Oct 18 08:02:58 ns4 dovecot: pop3(aewhale): Connection closed top=0/0,
retr=0/0, del=0/11520, size=1566929900

 

This is significantly more information than what I can receive from 2.1.15,
but still does not resolve the communications issues.

 

Any help is certainly appreciated.

 

 

--

Albert E. Whale, CEH CHS CISA CISSP

 

Hi!

Seems something is locking the index. Do you have concurrent usage between
two or more nodes for same user?

Aki

Re: Fatal: setgid, imap connections dropped.

2018-10-19 Thread J. de Meijer 
>
> On 18.10.2018 21.24, J. de Meijer wrote:
>>> On 16.10.2018 21.32, J. de Meijer wrote:
 I'm still trying to fix this problem. Hopefully someone can help.

 I've upgraded dovecot to 2.3.3
 # dovecot --version
 2.3.3 (dcead646b)

 That didn't help.

 Next I switched 10-auth.conf to use a local password file (instead of
 LDAP)
>>> Can you provide doveconf -n please?
>>>
>>> Aki
>> Here it is. Hopefully you can find what's wrong.
>>
>> # dovecot -n
>> # 2.3.3 (dcead646b): /usr/local/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.5.3 (f018bbab)
>> # OS: FreeBSD 11.2-RELEASE-p4 amd64
>> # Hostname: mailserver
>> auth_debug = yes
>> imap_idle_notify_interval = 29 mins
>> mail_debug = yes
>> mail_fsync = never
>> mail_location = maildir:~/Maildir
>> mail_plugins = " fts fts_solr"
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex
>> imap4flags
>> copy include variables body enotify environment mailbox date index ihave
>> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Archive {
>> auto = subscribe
>> special_use = \Archive
>>   }
>>   mailbox Drafts {
>> auto = subscribe
>> special_use = \Drafts
>>   }
>>   mailbox Sent {
>> auto = subscribe
>> special_use = \Sent
>>   }
>>   mailbox Spam {
>> auto = subscribe
>> special_use = \Junk
>>   }
>>   mailbox Trash {
>> auto = subscribe
>> special_use = \Trash
>>   }
>>   prefix =
>>   separator = /
>> }
>> passdb {
>>   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
>>   driver = ldap
>> }
>> plugin {
>>   fts = solr
>>   fts_autoindex = yes
>>   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
>>   imapsieve_mailbox1_before =
>> file:/usr/local/etc/dovecot/sieve/report-spam.sieve
>>   imapsieve_mailbox1_causes = COPY
>>   imapsieve_mailbox1_name = Spam
>>   imapsieve_mailbox2_before =
>> file:/usr/local/etc/dovecot/sieve/report-ham.sieve
>>   imapsieve_mailbox2_causes = COPY
>>   imapsieve_mailbox2_from = Spam
>>   imapsieve_mailbox2_name = *
>>   recipient_delimiter = +
>>   sieve = file:~/sieve;active=~/.dovecot.sieve
>>   sieve_after = /usr/local/etc/dovecot/sieve-after.d
>>   sieve_before = /usr/local/etc/dovecot/sieve-before.d
>>   sieve_global_extensions = +vnd.dovecot.pipe
>>   sieve_pipe_bin_dir = /usr/local/etc/dovecot/sieve
>>   sieve_plugins = sieve_imapsieve sieve_extprograms
>>   sieve_quota_max_storage = 50M
>> }
>> postmaster_address = webmas...@example.com
>> protocols = imap pop3 lmtp sieve
>> service auth {
>>   client_limit = 1600
>>   unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>>   }
>> }
>> service imap-login {
>>   inet_listener imap {
>> address = 127.0.0.1, ::1
>>   }
>>   process_min_avail = 3
>>   service_count = 1
>> }
>> service imap {
>>   process_min_avail = 3
>>   service_count = 256
>> }
>> service lmtp {
>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> group = postfix
>> mode = 0600
>> user = postfix
>>   }
>> }
>> service pop3-login {
>>   inet_listener pop3 {
>> address = 127.0.0.1, ::1
>>   }
>>   service_count = 1
>> }
>> ssl = required
>> ssl_cert = > ssl_cipher_list =
>> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> ssl_dh = # hidden, use -P to show it
>> ssl_key = # hidden, use -P to show it
>> ssl_min_protocol = TLSv1.2
>> ssl_prefer_server_ciphers = yes
>> userdb {
>>   args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
>>   driver = ldap
>> }
>> protocol imap {
>>   mail_max_userip_connections = 50
>>   mail_plugins = " fts fts_solr imap_sieve"
>> }
>> protocol lmtp {
>>   lmtp_save_to_detail_mailbox = yes
>>   mail_fsync = optimized
>>   mail_plugins = " fts fts_solr quota sieve"
>> }
>>
>>
>>
> Hi!
>
> You can't set
>
> service imap {
>  service_count = 256
> }
>
> if you are using multiple system UIDs. See
> https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve
>
> *service_count* can be changed from 1 if only a single UID is used for
> mail users. This is improves performance, but it's less secure, because
> bugs in code may leak email data from another user's earlier connection.
>
> Aki
>

Aki, you're a live saver! :). I hoped it would be something very simple.
Just couldn't find it.
This configmistake is the drawback of starting out with someone elses
cookbook and modifying it for your own use I guess.

I'll have another good look at the whole config for other mismatches.

Many, many thanks!

J. de Meijer

Re: imap-hibernate returned failure: Failed to parse client input: Invalid peer_dev_minor value

2018-10-19 Thread Alex 

Yes,

After I changed mode and user/group

Oct 18 19:17:50 server dovecot: 
imap(em...@example.com)<57613>: Error: kevent(-1) for 
notify remove fail

ed: Bad file descriptor
Oct 18 19:17:50 server dovecot: 
imap(em...@example.com)<57613>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 18 19:17:50 server dovecot: 
imap(em...@example.com)<57613>: Error: 
net_connect_unix(/var/run/dovecot/imap-hibernate) failed: Permission 
denied




All time this error:

Oct 18 19:28:48 server dovecot: 
imap(em...@example.com)<53735>: Error: kevent(-1) for 
notify remove failed: Bad file descriptor
Oct 18 19:28:48 server dovecot: 
imap(em...@example.com)<53735>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 18 19:28:48 server dovecot: 
imap(em...@example.com)<53735>: Error: 
/var/run/dovecot/imap-hibernate returned failure: Failed to parse client 
input: Invalid peer_dev_minor value: 18446744073709486335

Oct 18 19:28:48 server dovecot: imap: Error:
Oct 18 19:28:48 server dovecot: imap-hibernate: Error: Failed to parse 
client input: Invalid peer_dev_minor value: 18446744073709486335

--
Oct 18 20:37:11 server dovecot: 
imap(em...@example.com)<80384>: Error: kevent(-1) for 
notify remove failed: Bad file descriptor
Oct 18 20:37:11 server dovecot: 
imap(em...@example.com)<80384>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 18 20:37:11 server dovecot: imap-hibernate: Error: Failed to parse 
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 18 20:37:11 server dovecot: 
imap(em...@example.com)<80384>: Error: 
/var/run/dovecot/imap-hibernate returned failure: Failed to parse client 
input: Invalid peer_dev_minor value: 18446744073709486335

--
Oct 18 21:42:19 server dovecot: 
imap(em...@example.com)<4731>: Error: kevent(-1) for 
notify remove failed: Bad file descriptor
Oct 18 21:42:19 server dovecot: 
imap(em...@example.com)<4731>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 18 21:42:19 server dovecot: imap-hibernate: Error: Failed to parse 
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 18 21:42:19 server dovecot: 
imap(em...@example.com)<4731>: Error: 
/var/run/dovecot/imap-hibernate returned failure: Failed to parse client 
input: Invalid peer_dev_minor value: 18446744073709486335

--
Oct 19 10:21:47 server dovecot: 
imap(em...@example.com)<78094>: Error: kevent(-1) for 
notify remove failed: Bad file descriptor
Oct 19 10:21:47 server dovecot: 
imap(em...@example.com)<78094>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 19 10:21:47 server dovecot: imap-hibernate: Error: Failed to parse 
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 19 10:21:47 server dovecot: 
imap(em...@example.com)<78094>: Error: 
/var/run/dovecot/imap-hibernate returned failure: Failed to parse client 
input: Invalid peer_dev_minor value: 18446744073709486335

--
Oct 19 10:22:47 server dovecot: 
imap(em...@example.com)<78208>: Error: kevent(-1) for 
notify remove failed: Bad file descriptor
Oct 19 10:22:47 server dovecot: 
imap(em...@example.com)<78208>: Error: close(-1) for 
notify remove failed: Bad file descriptor
Oct 19 10:22:47 server dovecot: imap-hibernate: Error: Failed to parse 
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 19 10:22:47 server dovecot: 
imap(em...@example.com)<78208>: Error: 
/var/run/dovecot/imap-hibernate returned failure: Failed to parse client 
input: Invalid peer_dev_minor value: 18446744073709486335






Aki Tuomi писал 2018-10-19 09:50:

Does this happen every time? -1 is really not a valid file descriptor,
which is why these errors occur.

Aki

On 19.10.2018 5.23, Alex wrote:

Hello!

I tried to use imap-hibernate.

But errors in maillog:

Oct 19 05:14:24 server dovecot:
imap(em...@example.com)<67125>: Error: kevent(-1)
for notify remove failed: Bad file descriptor
Oct 19 05:14:24 server dovecot:
imap(em...@example.com)<67125>: Error: close(-1) for
notify remove failed: Bad file descriptor
Oct 19 05:14:24 server dovecot: imap-hibernate: Error: Failed to parse
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 19 05:14:24 server dovecot:
imap(em...@example.com)<67125>: Error:
/var/run/dovecot/imap-hibernate returned failure: Failed to parse
client input: Invalid peer_dev_minor value: 18446744073709486335
Oct 19 05:14:24 server dovecot: imap: Error:


dovecot-2.3.3, FreeBSD 10.4

dovenull 38990   0,0  0,0   43748  16308  -  S 3:54  
0:00,08 imap-login:  (imap-login)
dovenull 38998   0,0  0,1   47844  19536  -  S 3:54  
0:00,18 imap-login: [34.193.82.152 TLS proxy] (imap-login)
dovenull 38999   0,0  0,1   47844  17180  -  S 3:54  
0:00,19 imap-login:  (imap-login)
dovenull 39000   0,0  0,0   35556   9584  -  S 3:54  
0:00,03 dovecot/imap-login
dovenull 39001   0,0  0,0   43748  16320  -  S 3:54  
0:00,12 imap-login:  (imap-login)
dovenull 39002  

Re: Fatal: setgid, imap connections dropped.

2018-10-19 Thread Aki Tuomi 

On 18.10.2018 21.24, J. de Meijer wrote:
>> On 16.10.2018 21.32, J. de Meijer wrote:
>>> I'm still trying to fix this problem. Hopefully someone can help.
>>>
>>> I've upgraded dovecot to 2.3.3
>>> # dovecot --version
>>> 2.3.3 (dcead646b)
>>>
>>> That didn't help.
>>>
>>> Next I switched 10-auth.conf to use a local password file (instead of
>>> LDAP)
>> Can you provide doveconf -n please?
>>
>> Aki
> Here it is. Hopefully you can find what's wrong.
>
> # dovecot -n
> # 2.3.3 (dcead646b): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.3 (f018bbab)
> # OS: FreeBSD 11.2-RELEASE-p4 amd64
> # Hostname: mailserver
> auth_debug = yes
> imap_idle_notify_interval = 29 mins
> mail_debug = yes
> mail_fsync = never
> mail_location = maildir:~/Maildir
> mail_plugins = " fts fts_solr"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Archive {
> auto = subscribe
> special_use = \Archive
>   }
>   mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox Spam {
> auto = subscribe
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = subscribe
> special_use = \Trash
>   }
>   prefix =
>   separator = /
> }
> passdb {
>   args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> plugin {
>   fts = solr
>   fts_autoindex = yes
>   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
>   imapsieve_mailbox1_before =
> file:/usr/local/etc/dovecot/sieve/report-spam.sieve
>   imapsieve_mailbox1_causes = COPY
>   imapsieve_mailbox1_name = Spam
>   imapsieve_mailbox2_before =
> file:/usr/local/etc/dovecot/sieve/report-ham.sieve
>   imapsieve_mailbox2_causes = COPY
>   imapsieve_mailbox2_from = Spam
>   imapsieve_mailbox2_name = *
>   recipient_delimiter = +
>   sieve = file:~/sieve;active=~/.dovecot.sieve
>   sieve_after = /usr/local/etc/dovecot/sieve-after.d
>   sieve_before = /usr/local/etc/dovecot/sieve-before.d
>   sieve_global_extensions = +vnd.dovecot.pipe
>   sieve_pipe_bin_dir = /usr/local/etc/dovecot/sieve
>   sieve_plugins = sieve_imapsieve sieve_extprograms
>   sieve_quota_max_storage = 50M
> }
> postmaster_address = webmas...@example.com
> protocols = imap pop3 lmtp sieve
> service auth {
>   client_limit = 1600
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
> }
> service imap-login {
>   inet_listener imap {
> address = 127.0.0.1, ::1
>   }
>   process_min_avail = 3
>   service_count = 1
> }
> service imap {
>   process_min_avail = 3
>   service_count = 256
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
>   }
> }
> service pop3-login {
>   inet_listener pop3 {
> address = 127.0.0.1, ::1
>   }
>   service_count = 1
> }
> ssl = required
> ssl_cert =  ssl_cipher_list =
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.2
> ssl_prefer_server_ciphers = yes
> userdb {
>   args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
>   driver = ldap
> }
> protocol imap {
>   mail_max_userip_connections = 50
>   mail_plugins = " fts fts_solr imap_sieve"
> }
> protocol lmtp {
>   lmtp_save_to_detail_mailbox = yes
>   mail_fsync = optimized
>   mail_plugins = " fts fts_solr quota sieve"
> }
>
>
>
Hi!

You can't set

service imap {
 service_count = 256
}

if you are using multiple system UIDs. See
https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve

*service_count* can be changed from 1 if only a single UID is used for
mail users. This is improves performance, but it's less secure, because
bugs in code may leak email data from another user's earlier connection.

Aki

Re: Dovecot 2.2.13 error message

2018-10-19 Thread Aki Tuomi 

On 18.10.2018 15.15, Albert Whale wrote:
>
> In attempting to reactivate my IMAP communications with my Email Spool
> (NFS Mounted), I have gotten the following while attempting to
> download the Emails via POP3.
>
>  
>
> Oct 18 08:00:45 ns4 dovecot: pop3-login: Login: user=,
> method=PLAIN, rip=74.109.213.194, lip=66.207.133.232
>
> Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Error: Timeout (180s)
> while waiting for dotlock for transaction log file
> /home/aewhale/Maildir/dovecot.index.log
>
> Oct 18 08:02:40 ns4 dovecot: pop3(aewhale): Disconnected: Storage
> error during logout. top=0/0, retr=11511/1566975544, del=11511/11511,
> size=1566691807
>
> Oct 18 08:02:58 ns4 dovecot: pop3(aewhale): Connection closed top=0/0,
> retr=0/0, del=0/11520, size=1566929900
>
>  
>
> This is significantly more information than what I can receive from
> 2.1.15, but still does not resolve the communications issues.
>
>  
>
> Any help is certainly appreciated.
>
>  
>
>  
>
> --
>
> Albert E. Whale, CEH CHS CISA CISSP
>
>
Hi!

Seems something is locking the index. Do you have concurrent usage
between two or more nodes for same user?

Aki

Re: imap-hibernate returned failure: Failed to parse client input: Invalid peer_dev_minor value

2018-10-19 Thread Aki Tuomi 
Does this happen every time? -1 is really not a valid file descriptor,
which is why these errors occur.

Aki

On 19.10.2018 5.23, Alex wrote:
> Hello!
>
> I tried to use imap-hibernate.
>
> But errors in maillog:
>
> Oct 19 05:14:24 server dovecot:
> imap(em...@example.com)<67125>: Error: kevent(-1)
> for notify remove failed: Bad file descriptor
> Oct 19 05:14:24 server dovecot:
> imap(em...@example.com)<67125>: Error: close(-1) for
> notify remove failed: Bad file descriptor
> Oct 19 05:14:24 server dovecot: imap-hibernate: Error: Failed to parse
> client input: Invalid peer_dev_minor value: 18446744073709486335
> Oct 19 05:14:24 server dovecot:
> imap(em...@example.com)<67125>: Error:
> /var/run/dovecot/imap-hibernate returned failure: Failed to parse
> client input: Invalid peer_dev_minor value: 18446744073709486335
> Oct 19 05:14:24 server dovecot: imap: Error:
>
>
> dovecot-2.3.3, FreeBSD 10.4
>
> dovenull 38990   0,0  0,0   43748  16308  -  S 3:54  
> 0:00,08 imap-login:  (imap-login)
> dovenull 38998   0,0  0,1   47844  19536  -  S 3:54  
> 0:00,18 imap-login: [34.193.82.152 TLS proxy] (imap-login)
> dovenull 38999   0,0  0,1   47844  17180  -  S 3:54  
> 0:00,19 imap-login:  (imap-login)
> dovenull 39000   0,0  0,0   35556   9584  -  S 3:54  
> 0:00,03 dovecot/imap-login
> dovenull 39001   0,0  0,0   43748  16320  -  S 3:54  
> 0:00,12 imap-login:  (imap-login)
> dovenull 39002   0,0  0,0   43748  16320  -  S 3:54  
> 0:00,13 imap-login:  (imap-login)
> dovenull 39003   0,0  0,0   43748  16328  -  S 3:54  
> 0:00,16 imap-login:  (imap-login)
> dovenull 39004   0,0  0,1   47844  17948  -  S 3:54  
> 0:00,17 imap-login: [12.34.56.78 TLS proxy] (imap-login)
> vmail    39042   0,0  0,0   15936   3040  -  I 3:54  
> 0:00,01 imap-hibernate: [0 connections] (imap-hibernate)
> vmail    39076   0,0  0,0   78900   8984  -  S 3:54  
> 0:00,05 imap: [em...@example.com 12.34.56.78 IDLE] (imap)
> vmail    44114   0,0  0,0   78900   8936  -  I 4:06  
> 0:00,05 imap: [em...@example.com 34.193.82.152 IDLE] (imap)
>
> srw-rw   1 root dovecot    0 19 окт 03:54 imap-hibernate
> srw---   1 root dovecot    0 19 окт 03:54 imap-master
> srw---   1 root wheel  0 19 окт 03:54 imap-postlogin
> srw-rw-rw-   1 root wheel  0 19 окт 03:54 imap-urlauth
> srw---   1 dovecot  wheel  0 19 окт 03:54 imap-urlauth-worker
>
> imap_hibernate_timeout = 5 secs
>
> service imap-hibernate {
>   extra_groups = $default_internal_group
>   unix_listener imap-hibernate {
>     group = dovecot
>   }
>   user = vmail
> }
>
> service imap {
>   extra_groups = $default_internal_group
>   unix_listener imap-master {
>     group = $default_internal_group
>   }
> }
>
> I tried to set user/group vmail, set mode = 0666, but the same errors.
>
>
> Can you help me with hibernate confiration ?
>
>
>
> Best regards,
> Alex
>
>
>
>

Re: trouble with ssl disable in centos 7 with version 1.0 1.2 and 3.10

2018-10-19 Thread Aki Tuomi 


On 18.10.2018 20.43, Joseph Harth wrote:
> I am trying to use dovecot without ssl in centos 7. It works with imap
> but I am not able to make it work with pop3. Pop3 only works with
> ssl=yes. I can use dovecot in centos 4 ok.  I get the same error with
> thunderbird and outlook. But for some reason it works when I telnet to
> port 110 and do retr 1. I was able to work pam and shadow passwords.
>
> this is the output that does not work with tls disabled
>
> Oct 18 13:30:17 auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth
> Oct 18 13:30:17 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
> Oct 18 13:30:17 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Oct 18 13:30:17 auth: Debug: Read auth token secret from
> /var/run/dovecot/auth-token-secret.dat
> Oct 18 13:30:17 auth: Debug: auth client connected (pid=22513)
> Oct 18 13:30:17 auth: Debug: client in: AUTH    1       PLAIN 
>  service=pop3    session=WXv1I4R4FOXAqAAK        lip=192.168.0.37     
>   rip=192.168.0.10    lport=110        rport=58644
> Oct 18 13:30:17 auth: Debug: client passdb out: CONT    1
> Oct 18 13:30:17 auth: Debug: client in: CONT    1       == (previous
> base64 data may contain sensitive data)
> Oct 18 13:30:17 auth-worker(22515): Debug: Loading modules from
> directory: /usr/lib64/dovecot/auth
> Oct 18 13:30:17 auth-worker(22515): Debug: Module loaded:
> /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
> Oct 18 13:30:17 auth-worker(22515): Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Oct 18 13:30:17 auth-worker(22515): Debug:
> shadow(joe2,192.168.0.10,): lookup
> Oct 18 13:30:17 auth: Debug: client passdb out: OK      1       user=joe2
> Oct 18 13:30:17 auth: Debug: master in: REQUEST 2718302209      22513 
>  1       05eac7a2917ce3bc1f0f359b21b138e6        session_pid=22516
> Oct 18 13:30:17 auth-worker(22515): Debug:
> passwd(joe2,192.168.0.10,): lookup
> Oct 18 13:30:17 auth: Debug: master userdb out: USER    2718302209   
>   joe2    system_groups_user=joe2 uid=660 gid=661 home=/home/joe2
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: Effective
> uid=660, gid=661, home=/home/joe2
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: Namespace
> inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=mbox:~/mail/:INBOX=/var/mail/joe2
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: fs:
> root=/home/joe2/mail, index=, indexpvt=, control=,
> inbox=/var/mail/joe2, alt=
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: Mailbox
> INBOX: Mailbox opened because: POP3 INBOX
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: Mailbox
> INBOX: UID 30: Opened mail because: access
> Oct 18 13:30:17 pop3(joe2)<22516>: Debug: Mailbox
> INBOX: UID 30: Opened mail because: RETR
>
>
> This is the output with TLS and it works
>
> Oct 18 13:30:32 auth: Debug: auth client connected (pid=22542)
> Oct 18 13:30:33 auth: Debug: client in: AUTH    1       PLAIN 
>  service=pop3    secured=tls     session=44feJIR4FeXAqAAK       
> lip=192.168.0.37        rip=192.168.0.10     lport=110     
>  rport=58645     ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256 
> ssl_cipher_bits=128     ssl_pfs=ECDH    ssl_protocol=TLSv1.2
> Oct 18 13:30:33 auth: Debug: client passdb out: CONT    1
> Oct 18 13:30:33 auth: Debug: client in: CONT    1       == (previous
> base64 data may contain sensitive data)
> Oct 18 13:30:33 auth-worker(22515): Debug:
> shadow(joe2,192.168.0.10,<44feJIR4FeXAqAAK>): lookup
> Oct 18 13:30:33 auth: Debug: client passdb out: OK      1       user=joe2
> Oct 18 13:30:33 auth: Debug: master in: REQUEST 4165992449      22542 
>  1       cb03b70f92c0c5c030e25a39ea4b8518        session_pid=22543
> Oct 18 13:30:33 auth-worker(22515): Debug:
> passwd(joe2,192.168.0.10,<44feJIR4FeXAqAAK>): lookup
> Oct 18 13:30:33 auth: Debug: master userdb out: USER    4165992449   
>   joe2    system_groups_user=joe2 uid=660 gid=661 home=/home/joe2
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Effective
> uid=660, gid=661, home=/home/joe2
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Namespace
> inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=mbox:~/mail/:INBOX=/var/mail/joe2
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: fs:
> root=/home/joe2/mail, index=, indexpvt=, control=,
> inbox=/var/mail/joe2, alt=
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox
> INBOX: Mailbox opened because: POP3 INBOX
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox
> INBOX: UID 30: Opened mail because: access
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox
> INBOX: UID 30: Opened mail because: RETR
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox
> INBOX: UID 31: Opened mail because: access
> Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox
> INBOX: UID 31: Opened mail

trouble with ssl disable in centos 7 with version 1.0 1.2 and 3.10

2018-10-19 Thread Joseph Harth 
I am trying to use dovecot without ssl in centos 7. It works with imap but I am 
not able to make it work with pop3. Pop3 only works with ssl=yes. I can use 
dovecot in centos 4 ok.  I get the same error with thunderbird and outlook. But 
for some reason it works when I telnet to port 110 and do retr 1. I was able to 
work pam and shadow passwords.
this is the output that does not work with tls disabled
Oct 18 13:30:17 auth: Debug: Loading modules from directory: 
/usr/lib64/dovecot/authOct 18 13:30:17 auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.soOct 18 13:30:17 auth: 
Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.soOct 18 
13:30:17 auth: Debug: Read auth token secret from 
/var/run/dovecot/auth-token-secret.datOct 18 13:30:17 auth: Debug: auth client 
connected (pid=22513)Oct 18 13:30:17 auth: Debug: client in: AUTH    1       
PLAIN   service=pop3    session=WXv1I4R4FOXAqAAK        lip=192.168.0.37        
rip=192.168.0.10    lport=110        rport=58644Oct 18 13:30:17 auth: Debug: 
client passdb out: CONT    1Oct 18 13:30:17 auth: Debug: client in: CONT    1   
    == (previous base64 data may contain sensitive data)Oct 18 13:30:17 
auth-worker(22515): Debug: Loading modules from directory: 
/usr/lib64/dovecot/authOct 18 13:30:17 auth-worker(22515): Debug: Module 
loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.soOct 18 13:30:17 
auth-worker(22515): Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.soOct 18 13:30:17 auth-worker(22515): 
Debug: shadow(joe2,192.168.0.10,): lookupOct 18 13:30:17 
auth: Debug: client passdb out: OK      1       user=joe2Oct 18 13:30:17 auth: 
Debug: master in: REQUEST 2718302209      22513   1       
05eac7a2917ce3bc1f0f359b21b138e6        session_pid=22516Oct 18 13:30:17 
auth-worker(22515): Debug: passwd(joe2,192.168.0.10,): 
lookupOct 18 13:30:17 auth: Debug: master userdb out: USER    2718302209      
joe2    system_groups_user=joe2 uid=660 gid=661 home=/home/joe2Oct 18 13:30:17 
pop3(joe2)<22516>: Debug: Effective uid=660, gid=661, 
home=/home/joe2Oct 18 13:30:17 pop3(joe2)<22516>: Debug: 
Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=mbox:~/mail/:INBOX=/var/mail/joe2Oct 18 13:30:17 
pop3(joe2)<22516>: Debug: fs: root=/home/joe2/mail, index=, 
indexpvt=, control=, inbox=/var/mail/joe2, alt=Oct 18 13:30:17 
pop3(joe2)<22516>: Debug: Mailbox INBOX: Mailbox opened 
because: POP3 INBOXOct 18 13:30:17 pop3(joe2)<22516>: Debug: 
Mailbox INBOX: UID 30: Opened mail because: accessOct 18 13:30:17 
pop3(joe2)<22516>: Debug: Mailbox INBOX: UID 30: Opened mail 
because: RETR

This is the output with TLS and it works
Oct 18 13:30:32 auth: Debug: auth client connected (pid=22542)Oct 18 13:30:33 
auth: Debug: client in: AUTH    1       PLAIN   service=pop3    secured=tls     
session=44feJIR4FeXAqAAK        lip=192.168.0.37        rip=192.168.0.10     
lport=110       rport=58645     ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256  
ssl_cipher_bits=128     ssl_pfs=ECDH    ssl_protocol=TLSv1.2Oct 18 13:30:33 
auth: Debug: client passdb out: CONT    1Oct 18 13:30:33 auth: Debug: client 
in: CONT    1       == (previous base64 data may contain sensitive data)Oct 18 
13:30:33 auth-worker(22515): Debug: 
shadow(joe2,192.168.0.10,<44feJIR4FeXAqAAK>): lookupOct 18 13:30:33 auth: 
Debug: client passdb out: OK      1       user=joe2Oct 18 13:30:33 auth: Debug: 
master in: REQUEST 4165992449      22542   1       
cb03b70f92c0c5c030e25a39ea4b8518        session_pid=22543Oct 18 13:30:33 
auth-worker(22515): Debug: passwd(joe2,192.168.0.10,<44feJIR4FeXAqAAK>): 
lookupOct 18 13:30:33 auth: Debug: master userdb out: USER    4165992449      
joe2    system_groups_user=joe2 uid=660 gid=661 home=/home/joe2Oct 18 13:30:33 
pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Effective uid=660, gid=661, 
home=/home/joe2Oct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: 
Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=mbox:~/mail/:INBOX=/var/mail/joe2Oct 18 13:30:33 
pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: fs: root=/home/joe2/mail, index=, 
indexpvt=, control=, inbox=/var/mail/joe2, alt=Oct 18 13:30:33 
pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox INBOX: Mailbox opened 
because: POP3 INBOXOct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: 
Mailbox INBOX: UID 30: Opened mail because: accessOct 18 13:30:33 
pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox INBOX: UID 30: Opened mail 
because: RETROct 18 13:30:33 pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: 
Mailbox INBOX: UID 31: Opened mail because: accessOct 18 13:30:33 
pop3(joe2)<22543><44feJIR4FeXAqAAK>: Debug: Mailbox INBOX: UID 31: Opened mail 
because: RETR