Re: Hello some help on login users saying it's disabled

2019-05-26 Thread Remo Mattei via dovecot 
Thanks Aki I fixed it. Some issues with the Dovecot.conf :) options all good 
now. 

> Il giorno 26 mag 2019, alle ore 21:39, Aki Tuomi  
> ha scritto:
> 
> 
>> On 26 May 2019 00:34 Remo Mattei via dovecot  wrote:
>> 
>> 
>> Hello I am experiencing some strange issue with the dovecot, the web round 
>> cube works fine but when I try to connect with an iPhone over IMAP IMAPs it 
>> tells me that the account is disabled. 
>> 
>> Please advice here is what I see in the logs:
>> 
>> 
> 
> snip..
> 
>> 
>> And the account does not show any mail whereas the Web shows the mail just 
>> fine. 
>> 
>> Thanks
> 
> auth_mechanisms = PLAIN LOGIN
> 
> should help, assuming you have not configured your iPhone to use "secure 
> password" authentication.
> 
> Aki

Re: Hello some help on login users saying it's disabled

2019-05-26 Thread Aki Tuomi via dovecot 


> On 26 May 2019 00:34 Remo Mattei via dovecot  wrote:
> 
>  
> Hello I am experiencing some strange issue with the dovecot, the web round 
> cube works fine but when I try to connect with an iPhone over IMAP IMAPs it 
> tells me that the account is disabled. 
> 
> Please advice here is what I see in the logs:
> 
> 

snip..

> 
> And the account does not show any mail whereas the Web shows the mail just 
> fine. 
> 
> Thanks

auth_mechanisms = PLAIN LOGIN

should help, assuming you have not configured your iPhone to use "secure 
password" authentication.

Aki

Re: Error suggestions please

2019-05-26 Thread Eric's mail via dovecot 
Could you submit the question to the dovecot mailing list?




Get Outlook for Android







On Sun, May 26, 2019 at 10:35 PM -0600, "Remo Mattei via dovecot" 
 wrote:










May 25 15:01:27 imap(xx...@italy1.com)<10256>: Error: Mailbox INBOX: UID=208: 
read(/home/vpopmail/domains/italy1.com/x/Maildir/cur/1154731221.9257.azz.italy1.com,S=26421:2,S)
 failed: Cached message size smaller than expected (26421 < 26511, box=INBOX, 
UID=208) (read reason=mail stream)
May 25 15:01:27 imap(xxx...@italy1.com)<10256>: Error: Corrupted record in 
index cache file 
/home/vpopmail/domains/italy1.com/x/Maildir/dovecot.index.cache: UID 208: 
Broken physical size in mailbox INBOX: 
read(/home/vpopmail/domains/italy1.com/x/Maildir/cur/1154731221.9257.azz.italy1.com,S=26421:2,S)
 failed: Cached message size smaller than expected (26421 < 26511, box=INBOX, 
UID=208)
May 25 15:01:27 imap(xxx...@italy1.com)<10256>: Panic: file istream.c: line 315 
(i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - 
_stream->skip)

Can someone tell help on how to fix this issue.

Thanks

Re: imap userdb Fatal setuid errors

2019-05-26 Thread Aki Tuomi via dovecot 


> On 24 May 2019 17:11 Steven Smith via dovecot  wrote:
> 
> 
> I’m trying to configure dovecot lmtp in multi-user mode. My error logs are 
> filled with messages saying that an imap process cannot do a setuid to 
> another user:
> 
> > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from 
> > userdb lookup) failed with euid=501(adminuser): Operation not permitted 
> > (This binary should probably be called with process user set to 512(myuser) 
> > instead of 501(adminuser))
> 
> I see that others have had similar issues, but I am not able to apply any of 
> the fixes or workarounds to solve this issue (e.g. setting 
> libexec/dovecot/imap as setuid-root). I’ve also tried other fixes like 
> setting the permissions to 0777 on the userdb auth for postfix smtpd.
> 
> According to the code (restrict-access.c, linked below), it appears that when 
> a user authenticates, an imap worker process is launched that has the bid of 
> the authenticator. When another user authenticates, this last process is 
> used, but it does not have the permissions to perform a setuid to the new 
> user, resulting in the Fatal error that appears in the logs.
> 
> Is this a bug, or a configuration issue? I’ve posted my doveconf below.
> 
> Any pointers would be greatly appreciated.
> 
> Steve
> 

service imap {
  client_limit = 16
  process_limit = 200
  process_min_avail = 6
  service_count = 0
} 

This causes the imap process to be reused, but it cannot change it's 
personality anymore. Also we *do not* recommend this configuration at all. You 
are putting multiple connections inside an single-threaded binary which can 
become "stuck" for other users when single user performs long-lasting 
operations.

Try this:

service imap {
  process_limit = 200
  process_min_avail = 6
} 

Aki

Re: Automatically subscribe to the INBOX folder

2019-05-26 Thread Christian Taskenlund via dovecot 

Just add the inbox as a mailbox aswell:

mailbox INBOX {
  auto = subscribe
}

Error suggestions please

2019-05-26 Thread Remo Mattei via dovecot 
May 25 15:01:27 imap(xx...@italy1.com)<10256>: Error: Mailbox 
INBOX: UID=208: 
read(/home/vpopmail/domains/italy1.com/x/Maildir/cur/1154731221.9257.azz.italy1.com,S=26421:2,S)
 failed: Cached message size smaller than expected (26421 < 26511, box=INBOX, 
UID=208) (read reason=mail stream)
May 25 15:01:27 imap(xxx...@italy1.com)<10256>: Error: 
Corrupted record in index cache file 
/home/vpopmail/domains/italy1.com/x/Maildir/dovecot.index.cache: UID 208: 
Broken physical size in mailbox INBOX: 
read(/home/vpopmail/domains/italy1.com/x/Maildir/cur/1154731221.9257.azz.italy1.com,S=26421:2,S)
 failed: Cached message size smaller than expected (26421 < 26511, box=INBOX, 
UID=208)
May 25 15:01:27 imap(xxx...@italy1.com)<10256>: Panic: file 
istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= 
_stream->pos - _stream->skip)

Can someone tell help on how to fix this issue.

Thanks 



smime.p7s
Description: S/MIME cryptographic signature

Hello some help on login users saying it's disabled

2019-05-26 Thread Remo Mattei via dovecot 
Hello I am experiencing some strange issue with the dovecot, the web round cube 
works fine but when I try to connect with an iPhone over IMAP IMAPs it tells me 
that the account is disabled. 

Please advice here is what I see in the logs:


May 25 14:30:32 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=<4AZjBr2J2cisCqP7>
May 25 14:30:32 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:32 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:32 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:34 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:34 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:37 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:37 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:39 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=
May 25 14:30:39 imap-login: Info: Aborted login (no auth attempts in 0 secs): 
user=<>, rip=172.10.163.251, lip=208.53.44.237, session=

And the account does not show any mail whereas the Web shows the mail just 
fine. 

Thanks

Imap reverse / proxy in front of our clients machines.

2019-05-26 Thread Brent Clark via dovecot 
Good day Guys

I have a user story have an imap reverse / proxy in front of our clients
servers.

Im currently using the following sources for information.
https://wiki.failover.de/Email/Dovecot/IMAP/Proxy/
https://gist.github.com/rplessl/dd56d05c84f988706418
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

In my vagrant instance, dovecot can connect to the the remote server
You can see my debugging and conf:
https://pastebin.com/raw/H2AL53Fz
https://pastebin.com/raw/hZHSHvcu

If anyone can assist it would be greatly appreciated.

Many thanks
Regards
Brent

imap userdb Fatal setuid errors

2019-05-26 Thread Steven Smith via dovecot 
I’m trying to configure dovecot lmtp in multi-user mode. My error logs are 
filled with messages saying that an imap process cannot do a setuid to another 
user:

> May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from 
> userdb lookup) failed with euid=501(adminuser): Operation not permitted (This 
> binary should probably be called with process user set to 512(myuser) instead 
> of 501(adminuser))


I see that others have had similar issues, but I am not able to apply any of 
the fixes or workarounds to solve this issue (e.g. setting libexec/dovecot/imap 
as setuid-root). I’ve also tried other fixes like setting the permissions to 
0777 on the userdb auth for postfix smtpd.

According to the code (restrict-access.c, linked below), it appears that when a 
user authenticates, an imap worker process is launched that has the bid of the 
authenticator. When another user authenticates, this last process is used, but 
it does not have the permissions to perform a setuid to the new user, resulting 
in the Fatal error that appears in the logs.

Is this a bug, or a configuration issue? I’ve posted my doveconf below.

Any pointers would be greatly appreciated.

Steve


Related:
https://serverfault.com/questions/930245/dovecot-operation-not-permitted 

https://dovecot.org/list/dovecot/2012-May/135549.html 

https://trac.macports.org/ticket/58506 

Code at https://github.com/dovecot/core/blob/master/src/lib/restrict-access.c 
:
https://github.com/dovecot/core/blob/863887d4272f962926ab279ac4cf37855dd2008d/src/lib/restrict-access.c#L238-L256
 

https://github.com/dovecot/core/blob/863887d4272f962926ab279ac4cf37855dd2008d/src/lib/restrict-access.c#L342-L346
 


doveconf -n:
> # 2.3.0.1 (ffd8a29): /opt/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.0.1 (d33dca20)
> # OS: Darwin 18.6.0 x86_64  apfs
> auth_cache_size = 10 M
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /opt/local/etc/dovecot/imap.keytab
> auth_mechanisms = plain gssapi
> auth_realms = host.domain.tld
> auth_socket_path = /opt/local/var/run/dovecot/auth-userdb
> auth_username_format = %Ln
> debug_log_path = /opt/local/var/log/mail/mail-debug.log
> default_internal_user = _dovecot
> default_login_user = _dovenull
> disable_plaintext_auth = no
> first_valid_gid = 6
> first_valid_uid = 6
> imap_id_log = *
> imap_id_send = "name" * "version" *
> imap_idle_notify_interval = 29 mins
> imap_urlauth_submit_user = submit
> info_log_path = /opt/local/var/log/mail/mail-info.log
> last_valid_gid = 100
> lda_mailbox_autocreate = yes
> log_path = /opt/local/var/log/mail/mail-err.log
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
> mail_access_groups = mail
> mail_attachment_dir = /private/var/mail/tld.domain.mail/attachments
> mail_attachment_fs = sis posix:mode=0666
> mail_debug = yes
> mail_gid = mail
> mail_home = /private/var/mail/tld.domain.mail
> mail_location = mdbox:/private/var/mail/tld.domain.mail/%Ln/mdbox
> mail_log_prefix = "%s(pid %p user %u): "
> mail_plugins = quota zlib acl fts fts_solr fts_lucene
> mail_privileged_group = mail
> mail_uid = _dovecot
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> mdbox_rotate_size = 200 M
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Archive {
> auto = subscribe
> special_use = \Archive
>   }
>   mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
>   }
>   mailbox Junk {
> auto = create
> special_use = \Junk
>   }
>   mailbox Notspam_train {
> auto = create
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox Spam_train {
> auto = create
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = create
> special_use = \Trash
>   }
>   prefix = 
>   separator = /
> }
> passdb {
>   driver = pam
>   name = pam
> }
> plugin {
>   fts = solr
>   fts_autoindex = yes
>   fts_autoindex_exclude = \Junk
>   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
>   imapsieve_mailbox1_before = 
> file:/opt/local/etc/dovecot/sieve/report-spam.sieve
>   imapsieve_mailbox1_causes = COPY APPEND
>   imapsieve_mailbox1_name = Spam_train
>   imapsieve_mailbox2_before = 
>

Re: Unknown error message

2019-05-26 Thread Luuk via dovecot 


On 26-5-2019 13:53, Jerry via dovecot wrote:

dovecot 2.3.6 (7eab80676)
FreeBSD 12.0-RELEASE-p5 amd64

I have recently been finding error messages similar to the following in
my Dovecot log file:

May 26 06:58:32 imap(ger...@seibercom.net)<87791>: Error: 
stat(/var/mail/vmail/seibercom.net/gerard/.dovecot.sieve/tmp) failed: Not a directory

The message is correct as there is no such directory. The question is
why has it suddenly started appearing? I checked my maillog file, and
there are no messages being transmitted to Dovecot when that error
message is created. Neither is there any mail with that ID number either.

Could this be someone attempting to hack into my system?

Thanks!

Google ".dovecot.sieve/tmp) failed not a directory" found a link to this 
list


see: https://dovecot.org/list/dovecot/2017-May/108183.html

On 2017-05-31 15:09, David Gessel wrote: >/As my logs fill up with 
"imap(user at domain.com 
): Error: 
/>/stat(/mail/doman.com/user//.dovecot.sieve/tmp) failed: Not a 
/>/directory" errors, I followed the advice at 
/>/https://wiki2.dovecot.org/VirtualUsers/Home and 
/>/https://dovecot.org/list/dovecot/2016-June/104403.html and set in 
/>//usr/local/etc/dovecot/conf.d/10-mail.conf />//>/# By default LIST 
command returns all entries in maildir beginning with />/a dot. />/# 
Enabling this option makes Dovecot return only entries which are 
/>/directories. />/# This is done by stat()ing each entry, so it causes 
more disk I/O. />/# (For systems setting struct dirent->d_type, this 
check is free and />/it's />/# done always regardless of this setting) 
/>/maildir_stat_dirs = yes />//>/My mailbox format reads "mail_location 
= />/maildir:~:CONTROL=/var/no-quota/%u:INDEX=MEMORY" />//>/The error is 
factually correct, but there is not .dovecot.sieve/tmp />/directory or 
file as .dovecot.sieve is a file (the head sieve script />/that calls 
the subordinate scripts out of the /sieve directory. />//>/There is a 
tmp directory at /sieve/tmp/ />//>/drwxr- 2 vmail vmail 2B May 31 
04:14 tmp />//>//>/Any hints as to why this isn't working? It does seem 
like the right />/answer. /The answer is in the wiki page you referred 
to: "Home directory shouldn't be the same as mail directory with mbox or 
Maildir formats (but with dbox/obox it's fine)." You should set 
mail_home (where for example the sieve script is saved to) to a 
different path than mail_location.

Unknown error message

2019-05-26 Thread Jerry via dovecot 
dovecot 2.3.6 (7eab80676)
FreeBSD 12.0-RELEASE-p5 amd64

I have recently been finding error messages similar to the following in
my Dovecot log file:

May 26 06:58:32 imap(ger...@seibercom.net)<87791>: Error: 
stat(/var/mail/vmail/seibercom.net/gerard/.dovecot.sieve/tmp) failed: Not a 
directory

The message is correct as there is no such directory. The question is
why has it suddenly started appearing? I checked my maillog file, and
there are no messages being transmitted to Dovecot when that error
message is created. Neither is there any mail with that ID number either.

Could this be someone attempting to hack into my system?

Thanks!

-- 
Jerry


pgpsfqHD9p6rE.pgp
Description: OpenPGP digital signature

Re: Workaround for infinite loop in XCLIENT command bug

2019-05-26 Thread mabi via dovecot 
‐‐‐ Original Message ‐‐‐
On Saturday, May 25, 2019 12:18 AM, Sami Ketola via dovecot 
 wrote:

> just add:
>
> protocol lmtp {
> login_trusted_networks=
> }

Thank you so much Sami for the further details. I added the 
login_trusted_networks specifically to the lmtp protocol and now I can see that 
it does not issue any XCLIENT command anymore so this means my mail delivery 
through LMTP works again. I guess I didn't even need any XCLIENT command to be 
issued anyway as it was only issuing "XCLIENT HELO=localhost TTL=5".

Dovecot multiple passdb and fail2ban

2019-05-26 Thread Joaquin F via dovecot 
Objective: different password for remote and local imap login

Version: 2.2.36 (1f10bfa63) on CentOS 7
Users are from Active Directory, mapped to local users via sssd

After much experimentation, I have configured this way:
doveconf -n passdb userdb
passdb {
 args = username_format=%Ln /etc/dovecot/remote
 driver = passwd-file
 skip = authenticated
 username_filter = user01 user02
   }
   passdb {
 driver = pam
 override_fields = allow_nets=127.0.0.0/8,192.168.1.0/24
 skip = authenticated
   }
   userdb {
 driver = passwd
   }

If I put the passdb's in the reverse order, I would get failure
messages (when logging in remotely) in /var/log/secure, such as:
   auth: pam_sss(dovecot:auth): authentication failure; logname= uid=0
euid=0 tty=dovecot ruser=user02 rhost=xx.xx.xx.xx user=user02
Which caused fail2ban to ban that ip

/etc/fail2ban/jail.local
   [dovecot]
   enabled = true
   port = imap,imaps

If I set "auth_verbose = yes", then I can see messages in (when
logging in locally) in /var/log/maillog
   dovecot: auth: passwd-file(user02,192.168.1.20,):
Password mismatch
which is probably not a big deal... but seems inefficient?

Question: is there a more elegant way to use different passdb depending on ip?

Thanks in advance.