Re: Dove to error

2019-02-17 Thread Tuomi, Aki via dovecot 
Can you post doveconf -n output?Aki
 Original message From: soydepr  Date: 
17/02/2019  12:20  (GMT+02:00) To: Aki Tuomi  
Subject: Re: Dove to error now getting this error eb 17 05:03:19 pepino 
systemd[1]: Starting Dovecot IMAP/POP3 email server...Feb 17 05:03:19 pepino 
dovecot[8814]: Error: systemd listens on port 143, but it's not configured in 
Dovecot. Closing.Feb 17 05:03:19 pepino dovecot[8814]: Error: systemd listens 
on port 993, but it's not configured in Dovecot. Closing.here is my 
entiresservice imap-login {  inet_listener imap {    port = 143  }  
inet_listener imaps {    port = 993    ssl = yes  }On Sun, Feb 17, 2019 at 5:10 
AM Latin Bishop  wrote:Thanks Was 143.  I notice the -quite 
flag no longer works in openssl when testing connection On Feb 17, 2019, at 
3:33 AM, Aki Tuomi  wrote:

  
   
 
 
  
   
  
  
   
On 17 February 2019 at 05:50 Latin Bishop via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   

   
   
Getting this error after following
   
   
this tutorial
   
   

   
   
Error in configuration file /etc/dovecot/dovecot.conf duplicate listener
   
   

   
   

   
   
https://samhobbs.co.uk/2013/12/raspberry-pi-email-server-part-2-dovecot
   
   

   
  
  
   
  
  
   Usually doveconf -n tells you where the duplicate listener is so you can 
remove it.
  
  
   ---
   Aki Tuomi

Error configuring unix_listener stats-writer

2019-02-17 Thread Peter Nabbefeld via dovecot 



Hello,

I've got a very strange problem:
When I try to configure the stats-writer socket, I'm told the 
configuration is a duplicate, though none exists in the configuration 
files. So I'd guess the configuration is set either built-in or implicitly.


I've put the following into conf.d/10-master.conf:
service auth {
  unix_listener auth-userdb {
  }

  unix_listener stats-writer {
    user = vmail
    group = vmail
    mode = 0666
  }
}

BTW, using imap for mail traffic.

Is there any tool displaying an "effective" config tree (i.e., a tool 
displaying the resulting configuration from every file, displaying the 
original file and line number)? "dovecot -a" only displays all 
configurations, but without source reference, so it's impossible to find 
out about the details.  :-(


Kind regards

Peter

Migrate Mail Data from Dovecot to Dovecot

2019-02-17 Thread Odhiambo Washington via dovecot 
I have built a new server (FreeBSD-12) running dovecot-2.3.4.
My old server (FreeBSD-9.3) is running dovecot-2.3.4 as well.
The configurations are 1:1 identical.
The are about 250 users on this server, all virtual. They are mostly POP3
users, but they do "leave a copy of message on the server"
for set various number of days.

Now, to migrate the mail data, can I simply rsync the mail directories
between the old and the new server? Would that create a pitfall??

What is the recommended method?

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: [grosjo/fts-xapian] `doveadm fts rescan` removes all indices (#15)

2019-02-17 Thread Joan Moreau via dovecot 
In such case, as long as the API is not upgraded, should 

doveadm index -A -q \* 

be considered a replacement of 


doveadm fts rescan

On 2019-02-14 16:24, Timo Sirainen via dovecot wrote:

Hi, 

The rescan() function is a bit badly designed. Currently what you could do what fts-lucene does and: 
- Get list of UIDs for all mails in each folder 
- If Xapian has UID that doesn't exist -> delete it from Xapian 
- If UID is missing from Xapian -> expunge the rest of the UIDs in that folder, so the next indexing will cause them to be indexed 

The expunging of rest of the mails is rather ugly, yes.. A better API would be if backend simply had a way to iterate all mails in the index, preferrably sorted by folder. Then a more generic code could go through them and expunge the necessary mails and index the missing mails. Although not all FTS backends support indexing in the middle. Anyway, we don't really have time to implement this new API soon. 

I'm not sure if this is a big problem though. I don't think most people running FTS have ever run rescan. 

On 8 Feb 2019, at 9.54, Joan Moreau via dovecot  wrote: 

Hi, 

THis is a core problem in Dovecot in my understanding. 

In my opinion, the rescan in dovecot should send to the FTS plugin the list of "supposedly" indexed emails (UID), and the plugin shall purge the redundant UID (i..e UID present in the index but not in the list sent by dovecot) and send back the list of UID not in its indexes to dovecot, so Dovect can send one by one the missing emails 

WHat do you think ? 

 Original Message  


SUBJECT:
[grosjo/fts-xapian] `doveadm fts rescan` removes all indices (#15)

DATE:
2019-02-08 08:28

FROM:
Leonard Lausen 

TO:
grosjo/fts-xapian 

CC:
Subscribed 

REPLY-TO:
grosjo/fts-xapian 


doveadm fts rescan -A deletes all indices, ie. all folders and files in the xapian-indexes are deleted. However, according to man doveadm fts, the rescan command should only 


Scan what mails exist in the full text search index and compare those to what
actually exist in mailboxes. This removes mails from the index that have already
been expunged and makes sure that the next doveadm index will index all the
missing mails (if any). 

Deleting all indices does not seem to be the intended action, especially as constructing the index anew may take very long on large mailboxes. 


--
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub [1], or mute the thread [2].



Links:
--
[1] https://github.com/grosjo/fts-xapian/issues/15
[2]
https://github.com/notifications/unsubscribe-auth/ACLmB9OB-7GaKIvhNc8sCgi7KQTrjNnoks5vLScugaJpZM4auCWp

Re: Using SHA256/512 for SQL based password

2019-02-17 Thread Aki Tuomi via dovecot 


 
 
  
   
  
  
   
On 17 February 2019 at 10:38 Odhiambo Washington via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   
On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <
dovecot@dovecot.org>
   
   
wrote:
   
   

   
   

 Jean-Daniel Dupas via dovecot wrote:


 >


 >


 >> Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot


 >> <
 dovecot@dovecot.org dovecot@dovecot.org>> a écrit :


 >>


 >>


 >>


 


 >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled


 >>> when compiling dovecot, so varying from packagers it might or not be


 >>> available. The CRYPT ones are available if crypt(3) supports them. In


 >>> dovecot v2.3 we have added bcrypt support regardless of crypt(3)


 support.


 >>


 >> CentOS7 is on dovecot 2.2.36:


 >>


 >> # doveadm pw -s ARGON2-CRYPT -p secret


 >> Fatal: Unknown scheme: ARGON2-CRYPT


 >> # doveadm pw -s ARGON2 -p secret


 >> Fatal: Unknown scheme: ARGON2


 >>


 >> I tend to stay with the distro's rpms and not take on building and


 >> maintaining myself.


 >


 
  And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm
 
 
  pw -l )
 


 
  With dovecot from the dovecot.org <
  http://dovecot.org> repo:
 


 
  # doveadm pw -s ARGON2I -p secret
 


 {ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk

   
   

 Also from dovecot.org <
 http://dovecot.org> repo:

   
   

 doveadm pw -s ARGON2I -p secret


 Fatal: Unknown scheme: ARGON2I

   
   

 

   
   

 Marc

   
   

   
   
It works for me over here:
   
   

   
   
[wash@waridi ~]#/opt/dovecot2.3/bin/doveadm pw -s ARGON2I -p secret
   
   
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$9pggnQBea9F3h3O31HoJEA$0zZZgwEuMRVZ3Mc/v6ckpalzVRVCr+GLBWnb8OrgsxU
   
   

   
   

   
   
--
   
   
Best regards,
   
   
Odhiambo WASHINGTON,
   
   
Nairobi,KE
   
   
+254 7 3200 0004/+254 7 2274 3223
   
   
"Oh, the cruft.", grep ^[^#] :-)
   
  
  
   
  
  
   I'll check next week if and why argon is missing from ce packages. 
  
  
   ---
   Aki Tuomi

Re: Using SHA256/512 for SQL based password

2019-02-17 Thread Odhiambo Washington via dovecot 
On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot 
wrote:

> Jean-Daniel Dupas via dovecot wrote:
> >
> >
> >> Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot
> >> mailto:dovecot@dovecot.org>> a écrit :
> >>
> >>
> >>
> >> On 2/13/19 8:30 AM, Aki Tuomi wrote:
> >>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
> 
>  On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
> >
> > Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
> > mailto:r...@htt-consult.com>>:
> >
> >> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
> >>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
>  I have trying to find how to set the dovecot-sql.conf for using
>  SHA256/512.  I am going to start clean with the stronger format,
> not
>  migrate from the old MD5.  It seems all I need is:
> >>> you maybe would like to have a look to the hashing algo ARGON2I
> >>> which is
> >>> currently recommended for new developments and deployments.
> >> Recommended by whom?
> >>
> >> Can you provide a link?
> > Sure, please see here:
> > https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
> >
> >>
> >> And if I was adventurous about hashes, I would be looking more at
> >> Keccak.
> >>
> >>
> >> Check out my Internet Draft:
> >>
> >>
> >> draft-moskowitz-small-crypto-00.txt
> > Thanks for the tip, will have a look for into it.
>  Keccak is a general hashing function.  It was the first? of the
>  hashing 'sponge' functions, that many have followed.  It is the basis
>  of SHA3 (at Keccak's greatest strength).
> 
>  Argon2 seems to be special-built for password hashing.  Thing is it is
>  not supported on my CentOS7 system:
> 
>  # doveadm pw -l
>  MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN
>  CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5
>  PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT
>  SHA256-CRYPT SHA512-CRYPT
> 
>  Of course SHA3 is not listed either...
> 
> 
> >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled
> >>> when compiling dovecot, so varying from packagers it might or not be
> >>> available. The CRYPT ones are available if crypt(3) supports them. In
> >>> dovecot v2.3 we have added bcrypt support regardless of crypt(3)
> support.
> >>
> >> CentOS7 is on dovecot 2.2.36:
> >>
> >> # doveadm pw -s ARGON2-CRYPT -p secret
> >> Fatal: Unknown scheme: ARGON2-CRYPT
> >> # doveadm pw -s ARGON2 -p secret
> >> Fatal: Unknown scheme: ARGON2
> >>
> >> I tend to stay with the distro's rpms and not take on building and
> >> maintaining myself.
> >
> > And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm
> > pw -l )
> >
> > With dovecot from the dovecot.org  repo:
> >
> > # doveadm pw -s ARGON2I -p secret
> >
> {ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk
>
> Also from dovecot.org  repo:
>
> doveadm pw -s ARGON2I -p secret
> Fatal: Unknown scheme: ARGON2I
>
> 
>
> Marc
>

It works for me over here:

[wash@waridi ~]#/opt/dovecot2.3/bin/doveadm pw -s ARGON2I -p secret
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$9pggnQBea9F3h3O31HoJEA$0zZZgwEuMRVZ3Mc/v6ckpalzVRVCr+GLBWnb8OrgsxU


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)

Re: Using SHA256/512 for SQL based password

2019-02-17 Thread Marc Weustink via dovecot 

Jean-Daniel Dupas via dovecot wrote:



Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot 
mailto:dovecot@dovecot.org>> a écrit :




On 2/13/19 8:30 AM, Aki Tuomi wrote:

On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:


On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:


Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
mailto:r...@htt-consult.com>>:


On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:

I have trying to find how to set the dovecot-sql.conf for using
SHA256/512.  I am going to start clean with the stronger format, not
migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I
which is
currently recommended for new developments and deployments.

Recommended by whom?

Can you provide a link?

Sure, please see here:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet



And if I was adventurous about hashes, I would be looking more at
Keccak.


Check out my Internet Draft:


draft-moskowitz-small-crypto-00.txt

Thanks for the tip, will have a look for into it.

Keccak is a general hashing function.  It was the first? of the
hashing 'sponge' functions, that many have followed.  It is the basis
of SHA3 (at Keccak's greatest strength).

Argon2 seems to be special-built for password hashing.  Thing is it is
not supported on my CentOS7 system:

# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN
CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5
PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT
SHA256-CRYPT SHA512-CRYPT

Of course SHA3 is not listed either...



ARGON2 support is added in dovecot v2.3. It also needs to be enabled
when compiling dovecot, so varying from packagers it might or not be
available. The CRYPT ones are available if crypt(3) supports them. In
dovecot v2.3 we have added bcrypt support regardless of crypt(3) support.


CentOS7 is on dovecot 2.2.36:

# doveadm pw -s ARGON2-CRYPT -p secret
Fatal: Unknown scheme: ARGON2-CRYPT
# doveadm pw -s ARGON2 -p secret
Fatal: Unknown scheme: ARGON2

I tend to stay with the distro's rpms and not take on building and 
maintaining myself.


And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm 
pw -l )


With dovecot from the dovecot.org  repo:

# doveadm pw -s ARGON2I -p secret
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk


Also from dovecot.org  repo:

doveadm pw -s ARGON2I -p secret
Fatal: Unknown scheme: ARGON2I



Marc

Re: Dove to error

2019-02-17 Thread Aki Tuomi via dovecot 


 
 
  
   
  
  
   
On 17 February 2019 at 05:50 Latin Bishop via dovecot <
dovecot@dovecot.org> wrote:
   
   

   
   

   
   

   
   
Getting this error after following
   
   
this tutorial
   
   

   
   
Error in configuration file /etc/dovecot/dovecot.conf duplicate listener
   
   

   
   

   
   
https://samhobbs.co.uk/2013/12/raspberry-pi-email-server-part-2-dovecot
   
   

   
  
  
   
  
  
   Usually doveconf -n tells you where the duplicate listener is so you can remove it.
  
  
   ---
   Aki Tuomi