[mail-crypt-plugin] Password Query for Folder Keys questions

2019-05-30 Thread emordin via dovecot 
So I believe I generated a key successfully with:
'doveadm mailbox cryptokey generate -u user -UR' because I got the output with 
the check mark and the Public ID string of characters.

However I still can't read the CRYPTED emails when logging in with IMAP.. i'm 
still getting the following error in the mail log:
Error: read() failed: read(/var/vmail/[domain . 
com/user/Maildir/cur/](http://domain.com/user/Maildir/cur/)) 
failed: Private key not available: Cannot decrypt key ... : error:03070068:big 
num routines:BN_mpi2bn:encoding error

I've tried to list the key with 'doveadm mailbox cryptokey list -u user' but 
I'm only getting the following output:
Folder Active Public ID
And I've tried to create a password with 'doveadm mailbox cryptokey password -u 
user -n Password1' and I'm getting the following output:
result: dcrypt_key_load_private(...) failed: password missing

Also my settings in conf.d:
10-mail.conf -
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugins{
  mail_crypt_curve = secp512r1
  mail_crypt_save_version = 2
  mail_crypt_require_encrypted_user_key = yes
}
20-lmtp.conf -
protocol lmtp{
  mail_plugins = $mail_plugins sieve
}

And my settings in dovecot-sql.conf.ext:
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=1234
password_query = SELECT email as user,password, '%w' AS 
userdb_mail_crypt_private_password FROM virtual_users WHERE email='%u';

In the virtual_users table I have:
id, domain_id, email, password

Any ideas what the issue may be?
Also am I suppose to add the 'userdb_mail_crypt_private_password' into the 
table and put the virtual users email login password in there? Or is it suppose 
to be a temporary query?

Thanks.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

Problem SSL entrust certificate

2019-05-30 Thread Il Neofita via dovecot 
Hi
I have compiled dovecot 2.3.6 on RH 8, and I copied the configuration from
dovecot 2.0.9
however, when I try to connect the new machine the certificate is not
recognized
The same certificate is working with apache

CONNECTED(0004)
depth=0 ...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 ...
verify error:num=21:unable to verify the first certificate
verify return:1
...
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2311 bytes and written 404 bytes
Verification error: unable to verify the first certificate

Re: macOS Notes.app IMAP Syncing Not Working

2019-05-30 Thread Steven Smith via dovecot 
It does not appear that macOS Notes.app is authenticating to dovecot. I haven’t 
broken out wireshark yet, but I see in the dovecot logs that a working iOS 
access looks like this:

mail-debug.log (mailbox access):
> May 30 20:16:39 imap(pid 28792 user username): Debug: Mailbox Notes: Mailbox 
> open
ed because: SELECT

mail-info.log (solr indexing of a newly added Note):
> May 30 18:44:31 indexer-worker(pid 26589 user username): Info: Indexed 1 
> messages
 in Notes (UIDs 167..167)

There are no such log entries when I launch macOS Notes.app and toggle account 
activation in System Preferences>Internet Accounts.

It doesn’t look like macOS Notes.app is even trying to talk to dovecot.

Re: sieve setup. no svbin ?

2019-05-30 Thread Ralph Seichter via dovecot 
* Voytek Eymont via dovecot:

> what am I missing, how to check ?

Try runing "sievec -u {your_linux_user} /path/to/whatever.sieve" from a
shell and check the resulting error messages.

> postmaster_address = root

Any fully qualified address (postmas...@yourdomain.com seems like a
logical choice).

-Ralph

Re: macOS Notes.app IMAP Syncing Not Working

2019-05-30 Thread Steven Smith via dovecot 
* Ralph, Steven Smith via dovecot:

> > The issue is that macOS Note.app does not sync with this server.

> I'm syncing macOS Mojave's Notes.app with Dovecot without problems, so
> it can be done. Have you made sure that you activated both mail and
> notes in macOS' Internet Accounts preferences for this particular IMAP
> account? If so, is that IMAP account listed in the navigation bar of
> Notes.app (mine shows iCloud and the IMAP account)?

Thanks, yes, I’ve done all that and more, including:
* Setting the Path Prefix to blank, INBOX, INBOX., and ‘.’
* sqlite3 
~/Library/Containers/com.apple.Notes/Data/Library/Notes/NotesV7.storedata 
'select * from ZACCOUNT;'
* sqlite3 
~/Library/Containers/com.apple.Notes/Data/Library/Notes/NotesV7.storedata 
“update ZACCOUNT set ZUSERNAME='em...@example.com', 
ZHOSTNAME='imap.hostname.com',ZSERVERPATHPREFIX='INBOX.' where Z_PK=5;”
* Variations on the above
Reports of problems syncing Notes.app to a IMAP accounts are widespread.
I’m pretty sure it arises from some subtle dovecot configuration setting.
Would you mind posting your `doveconf -n` so that we can compare to the 
non-working and working examples above?
Steve

[mail-crypt-plugin] Password Query for Folder Keys questions

2019-05-30 Thread emordin via dovecot 
Please disregard the previous question. But I have another...

I have set up Folder Key encryption, and have sent an email to my mail server 
which is CRYPTED, however when I try to login to read the email I'm getting a 
'Private key not available: Cannot decrypt <...>: error:03070068:bignum 
routines:BN_mpi2bn:encoding error'.

I've tried to list the user key and generate a new keypair two different ways 
and have gotten the following output:
doveadm mailbox cryptokey list -U user
output: Folder Active Public ID
doveadm mailbox cryptokey generate -u user -U
output:Folder Public ID
doveadm mailbox cryptokey generate -u user -Uf
output:
Panic: file doveadm-mail.c: line 405 (doveadm_mail_next_user): assertion 
failed: (ctx->exit_code !=0)
Error: Raw backtrace: .
Aborted

Any advice?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

sieve setup. no svbin ?

2019-05-30 Thread Voytek Eymont via dovecot 
since moving/upgrading system I've noticed I no longer get sieve script
compiled, there is no dovecot.svbin created in
/var/vmail/vmail1/sbt.net.au/voy...@tld.au/sieve

what am I missing, how to check ?

also, looking at sieve.log, I see a lot of

May 31 06:32:50 lda(voy...@sbt.net.au)<1234>:
Error: sieve: Failed to initialize script execution: Invalid
postmaster_address: invalid address `root' specified for the
postmaster_address setting

# grep root dovecot.conf
postmaster_address = root

what should I have ?

# dovecot --version
2.3.6 (7eab80676)

Re: macOS Notes.app IMAP Syncing Not Working

2019-05-30 Thread Ralph Seichter via dovecot 
* Steven Smith via dovecot:

> The issue is that macOS Note.app does not sync with this server.

I'm syncing macOS Mojave's Notes.app with Dovecot without problems, so
it can be done. Have you made sure that you activated both mail and
notes in macOS' Internet Accounts preferences for this particular IMAP
account? If so, is that IMAP account listed in the navigation bar of
Notes.app (mine shows iCloud and the IMAP account)?

-Ralph

macOS Notes.app IMAP Syncing Not Working

2019-05-30 Thread Steven Smith via dovecot 
I’m requesting help getting macOS’s Notes.app to sync notes with a new dovecot 
IMAP server.

Thanks to dovecot’s excellent online documentation and help from this list, I 
have a new perfectly functioning IMAP server.

The issue is that macOS Note.app does not sync with this server. However, iOS 
Notes.app *does* sync and work well with this IMAP server, and the differences 
between macOS and iOS Notes apps are well known. (Thanks, Apple.)
https://apple.stackexchange.com/questions/265579/notes-wont-sync-via-imap-in-macos-sierra
 

https://jpmens.net/2015/09/28/experiments-using-imap-for-notes/ 

…

I am migrating from a working Server.app system in which Notes.app syncing does 
work across all devices, and therefore have a working dovecot configuration 
from Server.app, although it does not contain an explicit configuration for the 
“Notes” mailbox.

I would greatly appreciate any help or pointers for these questions:

Does anyone have a working template for dovecot that works with macOS 
Notes.app? I’ve posted doveconf -n of both the new server and the old 
Server.app server below.

Would you all be able to provide advice on TO-DO’s and NOT-TO-DO’s for 
mailbox/name-space reconfiguration as I try to muck around with a nicely 
working, deployed IMAP server? I believe that the solution has something to do 
with name spaces and separators, and I’ve already changed the separator from 
the original ‘/’  to ‘.’ on the working server without success or obvious 
changes.

All the mail boxes on the new IMAP server look like this, *without* a prefix 
‘.’:
> ls -1 /var/mail/tld.domain.mail/username/mdbox/mailboxes/
> Archive/
> Deleted Messages/
> Drafts/
> INBOX/
> Junk/
> Notes/
> Sent/
> Trash/


All the mailboxes on the working Server.app mailserver look like this, *with* a 
prefix ‘.’:
> $ sudo ls -1 /Library/Server/Mail/Data/mail/users/username
> .Archive
> .Deleted Messages
> .Drafts
> .Junk
> .Notes
> .Sent Messages
> cur
> …
> new
> subscriptions
> tmp



Here are the `doveconf -n` of the new server that doesn’t sync macOS Notes.app, 
and the old Server.app IMAP server that does:

New server `dovecot -n` [Note: original separator was set to ‘/’, now changed 
to ‘.’ in config.d/10-mail.conf]:
> # 2.3.6 (): /opt/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.6 ()
> # OS: Darwin 18.6.0 x86_64  apfs
> # Hostname: newhost.domain.tld
> auth_cache_size = 10 M
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /opt/local/etc/dovecot/imap.keytab
> auth_mechanisms = plain gssapi
> auth_realms = newhost.domain.tld
> auth_socket_path = /opt/local/var/run/dovecot/auth-userdb
> auth_username_format = %Ln
> debug_log_path = /opt/local/var/log/mail/mail-debug.log
> disable_plaintext_auth = no
> first_valid_gid = 6
> first_valid_uid = 6
> imap_id_log = *
> imap_id_send = "name" * "version" *
> imap_idle_notify_interval = 29 mins
> imap_urlauth_submit_user = submit
> info_log_path = /opt/local/var/log/mail/mail-info.log
> last_valid_gid = 100
> lda_mailbox_autocreate = yes
> log_path = /opt/local/var/log/mail/mail-err.log
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
> mail_access_groups = mail
> mail_attachment_dir = /private/var/mail/tld.domain.mail/attachments
> mail_attachment_fs = sis posix:mode=0666
> mail_debug = yes
> mail_gid = mail
> mail_home = /private/var/mail/tld.domain.mail
> mail_location = mdbox:/private/var/mail/tld.domain.mail/%Ln/mdbox
> mail_log_prefix = "%s(pid %p user %u): "
> mail_plugins = quota zlib acl fts fts_solr fts_lucene
> mail_privileged_group = mail
> mail_uid = _dovecot
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> mdbox_rotate_size = 200 M
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Archive {
> auto = subscribe
> special_use = \Archive
>   }
>   mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
>   }
>   mailbox Junk {
> auto = create
> special_use = \Junk
>   }
>   mailbox Notspam_train {
> auto = create
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Spam_train {
> auto = create
> special_use = \Junk
>   }
>   mailbox Trash {
> auto = create
> special_use = \Trash
>   }
>   prefix = 
>   separator = .
> }
> passdb {
>   driver = pam
>   name = pam
> }
> plugin {
>   fts = solr
>   fts_autoindex = yes
>   fts_autoindex_exclude = \Junk
>   fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
>

SIGABRT on fetching mail

2019-05-30 Thread Peter Nabbefeld via dovecot 



Good Morning,

I tried using gdb, but that doesn't work for me:

$ ulimit -c unlimited
$ sudo systemctl restart dovecot
$ sudo -E getmail
getmail version 5.13
Copyright (C) 1998-2019 Charles Cazabon.  Licensed under the GNU GPL
version 2.
SimpleIMAPSSLRetriever:peter.nabbef...@gmx.de@imap.gmx.net:993:
getmailrc: operation error (child pid 19702 killed by signal 6)
  1 messages (12551 bytes) retrieved, 0 skipped
$ gdb bt 19702
GNU gdb (GDB) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
    .

For help, type "help".
Type "apropos word" to search for commands related to "word"...
bt: Datei oder Verzeichnis nicht gefunden.
Attaching to process 19702
ptrace: Kein passender Prozess gefunden.
/home/peter/NetBeansProjects/19702: Datei oder Verzeichnis nicht gefunden.
(gdb)

Finally, I could find a file in /var/lib/systemd/coredump:
-rw-r-+ 1 root root 710416 30. Mai 08:54
core.deliver.1003.d14b28050b8343f5a60c5998ef3947df.19702.155919928600.lz4

This is obviously the required dump. However, I'd not attach such a file
to a post to the mailing list, so where can I put that? Send it directly
to You?

Kind regards

Peter

PS: I'm using Arch Linux - probably the hint above could be added to
https://www.dovecot.org/bugreport-mail as a hint for other Arch users,
as it's much easier than using gdb for those not using it?

failed to pipe to program sa-learn-spam.sh

2019-05-30 Thread @lbutlr via dovecot 
Error: program `/usr/lib/dovecot/sieve/sa-learn-spam.sh' terminated abnormally, 
signal 11
Error: sieve: pipe action: failed to pipe message to program 
`sa-learn-spam.sh': refer to server log for more information. [2019-05-29 
17:59:12]

What server log? This is all that get logged.

 # pwd
/usr/lib/dovecot/sieve

 # ls -lsa
> total 96
> 8 drwxrwxrwx  3 root wheel  512 Jun 18  2018 .
> 8 drwxr-xr-x  3 root wheel  512 May 17 17:54 ..
> 8 -rw-r--r--  1 root wheel   86 Jun 15  2018 default.sieve
> 8 drwxr-xr-x  2 root wheel  512 Jun 13  2018 global
> 8 -rw-r--r--  1 root wheel   62 May 14  2018 mark-read.sieve
> 8 -rw-r--r--  1 kremels  wheel  192 Jun 17  2018 mark-read.svbin
> 8 -rwxr-xr-x  1 root wheel  314 Feb 12  2018 report-ham.sieve
> 8 -rw-r--r--  1 lbutler  wheel  448 Jun 18  2018 report-ham.svbin
> 8 -rwxr-xr-x  1 root wheel  199 Feb 12  2018 report-spam.sieve
> 8 -rw-r--r--  1 kremewheel  354 Jun 15  2018 report-spam.svbin
> 8 -rwxr-xr-x  1 root wheel  131 Jun 18  2018 sa-learn-ham.sh
> 8 -rwxr-xr-x  1 root wheel   54 Feb 12  2018 sa-learn-spam.sh

 # cat sa-learn-spam.sh 
> #!/bin/sh
> exec /usr/local/bin/sa-learn -u ${1} --spam

 #  ls -ls /usr/local/bin/sa-learn
> 96 -rwxr-xr-x  1 root  wheel  45939 May 29 09:59 /usr/local/bin/sa-learn

report-spam.sieve:
> require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
> 
> if environment :matches "imap.user" "*" {
>   set "username" "${1}";
> }
> 
> pipe :copy "sa-learn-spam.sh" [ "${username}" ];

in doveconf I have:

> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date ihave
> 
> plugin {
>   imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
>   imapsieve_mailbox1_causes = COPY
>   imapsieve_mailbox1_name = Junk
>   …

It WAS working.




-- 
Women and cats will do as they please, and men and dogs should relax an
get used to the idea.