Re: Apple mail fails with Submission

2018-12-17 Thread Aki Tuomi


 
 
  
   
  
  
   
On 18 December 2018 at 02:30 Adi Pircalabu via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   
On 2018-12-18 07:33, Ruud Voorjans wrote:
   
   

 Dear all,


 


 I'm running dovecot # 2.3.2.1 - Pigeonhole version 0.5.2 () - OS:


 Linux 4.18.0-12-generic x86_64 Ubuntu 18.10 with Submission.


 It works great except with apple mail (Iphone).


 


 I get an error with the MTA (postfix):


 ""postfix/submission/smtpd[32552]: warning: non-SMTP command from


 mail.example.org [1][xx.xx.xx.xx]: Content-Transfer-Encoding: 7bit""


 


 with other mail-client(s) (Outlook (Desktop and Iphone app)) i have no


 problem and it proxy-sends the e-mail beautiful out to the recipient.

   
   
Hardly anything to do with Dovecot. When it comes to email clients Apple
   
   
Mail has been and is still one of the worst flops (no offence intended,
   
   
just my opinion based on personal experience). If you can reliably
   
   
reproduce it, try and log the raw SMTP conversation between Postfix and
   
   
the client by enabling per IP debugging in Postfix:
   
   
postconf -e "debug_peer_level = 20"
   
   
postconf -e "debug_peer_list = xx.xx.xx.xx"
   
   
postfix reload
   
   
where xx.xx.xx.xx is the unlucky client IP address.
   
   

   
   
Possibly some crappy SMTP PIPELINING implementation at the Apple end,
   
   
who knows.
   
   

   
   
--
   
   
Adi Pircalabu
   
  
  
   
  
  
   It's not unconceivable that there are bugs in submission either. Can you provide doveconf -n and submission rawlogs? See https://wiki.dovecot.org/Submission for settings.
  
  
   
  
  
   ---
   Aki Tuomi
   
 



Re: Apple mail fails with Submission

2018-12-17 Thread Adi Pircalabu via dovecot

On 2018-12-18 07:33, Ruud Voorjans wrote:

Dear all,

I'm running dovecot # 2.3.2.1 - Pigeonhole version 0.5.2 () - OS:
Linux 4.18.0-12-generic x86_64 Ubuntu 18.10 with Submission.
It works great except with apple mail (Iphone).

I get an error with the MTA  (postfix):
""postfix/submission/smtpd[32552]: warning: non-SMTP command from
mail.example.org [1][xx.xx.xx.xx]: Content-Transfer-Encoding: 7bit""

with other mail-client(s) (Outlook (Desktop and Iphone app)) i have no
problem and it proxy-sends the e-mail beautiful out to the recipient.


Hardly anything to do with Dovecot. When it comes to email clients Apple 
Mail has been and is still one of the worst flops (no offence intended, 
just my opinion based on personal experience). If you can reliably 
reproduce it, try and log the raw SMTP conversation between Postfix and 
the client by enabling per IP debugging in Postfix:

postconf -e "debug_peer_level = 20"
postconf -e "debug_peer_list = xx.xx.xx.xx"
postfix reload
where xx.xx.xx.xx is the unlucky client IP address.

Possibly some crappy SMTP PIPELINING implementation at the Apple end, 
who knows.


--
Adi Pircalabu


Possible attack?

2018-12-17 Thread Daniel Miller via dovecot

I found an error in my log today...

Dec 17 12:03:30 bubba dovecot: 
imap(us...@amfes.com)<23017>: Error: fts_solr: 
received invalid uid '0'
Dec 17 12:04:44 bubba dovecot: 
imap(us...@amfes.com)<25004>: Fatal: master: 
service(imap): child 25004 killed with signal 11 (core dumps disabled - 
https://dovecot.org/bugreport.html#coredumps)


I've now enabled core dumps (I think) and restarted - if it comes back 
hopefully I can get a backtrace.  But reading that fts_solr message, and 
some other comments, leads me to wonder - could this be caused by 
someone/thing trying to authenticate as root?


On that theory - I tried doing so via telnet - and received:

Dec 17 15:06:02 bubba dovecot: auth: Error: 
plain(ultradeitytypeper...@amfes.com,127.0.0.1,<4kQr0z99UMZ/AAAB>): user 
not found from any userdbs
Dec 17 15:06:02 bubba dovecot: imap: Error: Authenticated user not found 
from userdb, auth lookup id=3522297857 (auth connected 1 msecs ago, 
handshake 0 msecs ago, request took 1 msecs, client-pid=29572 client-id=1)


I have root's email aliased to a valid user's email.  I'm not sure how 
I'm able to authenticate as root - there isn't a root user defined in my 
LDAP database and that should be the only auth backend enabled for 
Dovecot.  Or do I need to explicitly block local users from /etc/passwd 
on the server?  The only auth databases shown in doveconf -n:


userdb {
  driver = prefetch
}
userdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /usr/local/etc/dovecot/master-users
  driver = passwd-file
  master = yes
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}

and "master-users" doesn't list root either.

--
Daniel



Re: ECDSA client question

2018-12-17 Thread Joseph Tam

On Sun, 16 Dec 2018, Michael A. Peters wrote:

We know there are unexplained constants in the NIST curves including P-256 - 
what if NSA was partially responsible for this bug (back room deal to avoid 
anti-trust prosecution, similar deal with IBM was made in the 70s I believe 
also involving cryptography) so that Android apps that use ECDSA (beyond just 
the mail client, e.g. chat apps) would use P-256 for compatibility and are 
maybe vulnerable to MITM for the key exchange.


I want Ed25519 now.


Bernstein fan?  Definitely off-topic, but the gist of his critique of
P-256 is that any possible deliberate sabotage of curve parameters is a
distraction from the real problem: complexity makes implementation
fumbles easy with distrastous consequences.

https://cr.yp.to/newelliptic/nistecc-20160106.pdf

Joseph Tam 


Apple mail fails with Submission

2018-12-17 Thread Ruud Voorjans
Dear all,

I'm running dovecot # 2.3.2.1 - Pigeonhole version 0.5.2 () - OS: Linux
4.18.0-12-generic x86_64 Ubuntu 18.10 with Submission.
It works great except with apple mail (Iphone).

I get an error with the MTA  (postfix):
""postfix/submission/smtpd[32552]: warning: non-SMTP command from
mail.example.org[xx.xx.xx.xx]: Content-Transfer-Encoding: 7bit""

with other mail-client(s) (Outlook (Desktop and Iphone app)) i have no
problem and it proxy-sends the e-mail beautiful out to the recipient.

I think it is some kind of bug or maybe it just isn't supported (yet),
cause as you said it is still "pretty basic".

Best Regards


Re: Overrideing pop delete?

2018-12-17 Thread Robert L Mathews
On 12/15/18 8:09 AM, @lbutlr wrote:

> I have a question about the namespace section.
> 
>> You create only a single namespace.
> [...]
> First all, that shows two namespace sections.

When it says "You create only a single namespace", it means you would
create a single extra namespace for the lazy expunge plugin (instead of
 creating *three* new namespaces just for the plugin, as in the later
example on that page).

This extra single lazy expunge namespace would be in addition to any
normal namespaces you already have.


> Am I just adding the new namespace for lazy_expunge inside that?

No. Do not touch your existing namespaces at all. You add a new one for
lazy expunge.


> And, finally, is there any way to limit this to only POP3 delete instead of 
> all IMAP?

Haven't tried that, but perhaps you could experiment with adding it to
mail_plugins in only the "protocol pop3" section, like:

protocol pop3 {
  mail_plugins = $mail_plugins lazy_expunge
}


-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/


Re: Bug in IDLE implementation for virtual mailbox

2018-12-17 Thread Pali Rohár
On Monday 17 December 2018 10:50:16 Timo Sirainen wrote:
> On 17 Dec 2018, at 10.44, Pali Rohár  wrote:
> > 
> > On Sunday 16 December 2018 21:55:23 Timo Sirainen wrote:
> >> On 16 Dec 2018, at 21.26, Pali Rohár  wrote:
> >>> 
> >>> Hello!
> >>> 
> >>> I found bug in Dovecot's IDLE implementation when virtual mailbox is in
> >>> use. IDLE does not notify about new emails when email appears in newly
> >>> created mailbox and IDLE was issued in virtual folder which matches "*"
> >>> wildcard and that mailbox was created after opening virtual mailbox.
> >> 
> >> It actually has nothing to do with IDLE specifically. It's just that the 
> >> virtual storage code doesn't try to look for new folders after the virtual 
> >> mailbox is opened.
> >> 
> >>> To get notifications, it is needed to re-open that "All" mailbox again.
> >> 
> >> Right. I don't think this is going to be fixed anytime soon. Quite a lot 
> >> of effort and it can be worked around.
> > 
> > How to workaround it? Imap clients uses either IDLE or STATUS or LIST
> > (with STATUS) commands for checking if there is a new messages.
> > 
> > But none of these commands reports existence of new message until that
> > virtual folder is re-opened.
> 
> I mean, workaround is for the user to just reopen the folder. I think it's 
> not very common for this situation to happen and cause problems?

My setup is that I have sieve filters to put emails from mailing lists,
bugzilla/github/gitlab/... and other projects into separate own mailbox,
based on email headers which these services provides.

So once I get email from new bugzilla, github or gitlab project, then
sieve automatically creates a new mailbox for it. And this happen every
time when I e.g. add a new comment to bugzilla project into which I have
not commented yet.

I'm having permanently opened mutt email client in tmux/screen on "All"
virtual folder to see all new emails.

And basically above bug cause problems in this scenario as I would not
see new emails.

I can re-open "All" mailbox, but first I need to know that new email was
received. And for this I'm using mutt IDLing in All virtual folder.

So it is like chicken and egg problem.

-- 
Pali Rohár
pali.ro...@gmail.com


Re: Bug in IDLE implementation for virtual mailbox

2018-12-17 Thread Timo Sirainen
On 17 Dec 2018, at 10.44, Pali Rohár  wrote:
> 
> On Sunday 16 December 2018 21:55:23 Timo Sirainen wrote:
>> On 16 Dec 2018, at 21.26, Pali Rohár  wrote:
>>> 
>>> Hello!
>>> 
>>> I found bug in Dovecot's IDLE implementation when virtual mailbox is in
>>> use. IDLE does not notify about new emails when email appears in newly
>>> created mailbox and IDLE was issued in virtual folder which matches "*"
>>> wildcard and that mailbox was created after opening virtual mailbox.
>> 
>> It actually has nothing to do with IDLE specifically. It's just that the 
>> virtual storage code doesn't try to look for new folders after the virtual 
>> mailbox is opened.
>> 
>>> To get notifications, it is needed to re-open that "All" mailbox again.
>> 
>> Right. I don't think this is going to be fixed anytime soon. Quite a lot of 
>> effort and it can be worked around.
> 
> How to workaround it? Imap clients uses either IDLE or STATUS or LIST
> (with STATUS) commands for checking if there is a new messages.
> 
> But none of these commands reports existence of new message until that
> virtual folder is re-opened.

I mean, workaround is for the user to just reopen the folder. I think it's not 
very common for this situation to happen and cause problems?



Re: Bug in IDLE implementation for virtual mailbox

2018-12-17 Thread Pali Rohár
On Sunday 16 December 2018 21:55:23 Timo Sirainen wrote:
> On 16 Dec 2018, at 21.26, Pali Rohár  wrote:
> > 
> > Hello!
> > 
> > I found bug in Dovecot's IDLE implementation when virtual mailbox is in
> > use. IDLE does not notify about new emails when email appears in newly
> > created mailbox and IDLE was issued in virtual folder which matches "*"
> > wildcard and that mailbox was created after opening virtual mailbox.
> 
> It actually has nothing to do with IDLE specifically. It's just that the 
> virtual storage code doesn't try to look for new folders after the virtual 
> mailbox is opened.
> 
> > To get notifications, it is needed to re-open that "All" mailbox again.
> 
> Right. I don't think this is going to be fixed anytime soon. Quite a lot of 
> effort and it can be worked around.

How to workaround it? Imap clients uses either IDLE or STATUS or LIST
(with STATUS) commands for checking if there is a new messages.

But none of these commands reports existence of new message until that
virtual folder is re-opened.

-- 
Pali Rohár
pali.ro...@gmail.com