Sieve question
I have the following in my active sieve file, and there are no errors logged. if header :contains "to" "+root" { setflag "\\Seen"; fileinto :create "root"; stop; } The message is put in .root, bit is not marked as seen. Is the default action to put mail in a folder matching the extension taking precedence?
Re: Dovecot/MSQL issue
John, I was having an issue with the tcp socket @ 127.0.0.1. I'd tried various different modifications based on the logs and the issue had remained regardless. I had built up the environment in a dockerfile and worked on it through the weekend so the problem was replicable across instances up until this morning. I ended up switching over to using the socket yesterday and only checked out to the previous commit this morning to run a few additional tests on the problematic part. For whatever reason, the issue is now completely gone. At this point, I'm thinking this must be a docker issue. The only notable (minor) differences between this past weekend and today are an AER/ASPM kernel error that was logging on the host. The paste is here: https://pastebin.com/idBWKDq2 The main difference between the weekend and today is the additional line included saying it can't find device of ID 0008. That wasn't showing up over the weekend. I think given this experience I may have to revisit my testing methodology when working with docker. Best Regards, Lorek On Tue, Jul 2, 2019 at 12:38 PM John Fawcett via dovecot < dovecot@dovecot.org> wrote: > On 01/07/2019 09:48, lorek via dovecot wrote: > > Actually, it seems I may have been wrong in initial assumption that > > the issue with the client was that it was being identified to mysql as > > coming from localhost when connecting via tcp. > > This is what syslog indicated as a reason for the failure but its not > > the whole picture. > > > > As John mentioned I am trying to have dovecot connect over TCP to > > mysql (not using the socket), and the issue looked like the cause was > > the identified by portion of mysql being read by either mysql > > incorrectly or the domain portion being overwritten on dovecot's end > > (I don't know about the internals enough to say for sure where). > > > > Just as due dilligence, I added credentials for a mysql user > > identified by localhost and removed the jail since the dovecot error > > was stating that it failed for connection by user@'localhost' (where > > there weren't credentials). > > After adding the credentials, I performed all the usual mysql tests > > before moving testing up to dovecot and still get an auth failure. The > > log seems to be a bit of a red herring or at the minimum doesn't show > > the whole picture. > > > > Replacing the connection string host with the socket (host=localhost) > > and everything works, and using an external IP that's not 127.0.0.1 > > works as expected as well. (confirmed by standing up two isolated > > mysql and dovecot containers and setting auth up over the bridge). > > > > If the issue was caused by user@'localhost' creating the credentials > > should have resolved it, and it didn't. So something weird is going on. > > I've got the environment built up in a dockerfile I can provide if > > anyone wants to dig into what's causing it. > > > > In the meantime due to time constraints, I'll just be working with the > > socket file from now for hosts running most of the mail stack all in one. > > > > Best Regards, > > Lorek. > > Lorek > > If you have user@localhost as a user in mysql you will be able to > connect with either of these options: > > - a tcp socket via an ip address that resolves to localhost > > - a unix socket via hostname localhost. > > If you have user@127.0.0.1 as a user in mysql you will be able to > connect only via: > > - a tcp socket using ip address 127.0.0.1. > > John > > >
Re: Percent character in mail_crypt_private_password not possible
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot wrote: > I don't actually recommend using password directly from user as password for > private keys, I recommend running them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also be safe enough for hashing the password? SHA512 would then generate a 128 characters hash which I would then pass to the parameter "-o plugin/mail_crypt_private_password=" of my "doveadm mailbox cryptokey generate ..." command.
Re: Dovecot/MSQL issue
On 01/07/2019 09:48, lorek via dovecot wrote: > Actually, it seems I may have been wrong in initial assumption that > the issue with the client was that it was being identified to mysql as > coming from localhost when connecting via tcp. > This is what syslog indicated as a reason for the failure but its not > the whole picture. > > As John mentioned I am trying to have dovecot connect over TCP to > mysql (not using the socket), and the issue looked like the cause was > the identified by portion of mysql being read by either mysql > incorrectly or the domain portion being overwritten on dovecot's end > (I don't know about the internals enough to say for sure where). > > Just as due dilligence, I added credentials for a mysql user > identified by localhost and removed the jail since the dovecot error > was stating that it failed for connection by user@'localhost' (where > there weren't credentials). > After adding the credentials, I performed all the usual mysql tests > before moving testing up to dovecot and still get an auth failure. The > log seems to be a bit of a red herring or at the minimum doesn't show > the whole picture. > > Replacing the connection string host with the socket (host=localhost) > and everything works, and using an external IP that's not 127.0.0.1 > works as expected as well. (confirmed by standing up two isolated > mysql and dovecot containers and setting auth up over the bridge). > > If the issue was caused by user@'localhost' creating the credentials > should have resolved it, and it didn't. So something weird is going on. > I've got the environment built up in a dockerfile I can provide if > anyone wants to dig into what's causing it. > > In the meantime due to time constraints, I'll just be working with the > socket file from now for hosts running most of the mail stack all in one. > > Best Regards, > Lorek. Lorek If you have user@localhost as a user in mysql you will be able to connect with either of these options: - a tcp socket via an ip address that resolves to localhost - a unix socket via hostname localhost. If you have user@127.0.0.1 as a user in mysql you will be able to connect only via: - a tcp socket using ip address 127.0.0.1. John
Re: dovecot.index.log: duplicate transaction log sequence (3)
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 6:50 PM, Aki Tuomi via dovecot wrote: > Please reviewhttps://wiki.dovecot.org/NFS if you have not already done so. I actually already went through this guide once but noticed now that I had the mail_fsync parameter set to "optimized", so I now changed it to "always" and will check if I still get this error message.
Re: dovecot.index.log: duplicate transaction log sequence (3)
> > > ‐‐‐ Original Message ‐‐‐ > On Tuesday, July 2, 2019 6:39 PM, Aki Tuomi > wrote: > > > Are you by chance accessing mails using two different dovecot instances? > > This is not supported to be done concurrently, you need to use some sort of > > solution, such as dovecot director, to ensure user lands to one backend at > > a time. > > If you mean two different servers by asking if I access mails "using two > different dovecot instances" then the answer is no: I have everything one one > server. Does this answer your question properly? > > On the config side I have also made sure I have the "mmap_disable = yes" > parameter for NFS. Do I maybe need to tune some additional parameters? Please review https://wiki.dovecot.org/NFS if you have not already done so. Aki
Re: dovecot.index.log: duplicate transaction log sequence (3)
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 6:39 PM, Aki Tuomi wrote: > Are you by chance accessing mails using two different dovecot instances? This > is not supported to be done concurrently, you need to use some sort of > solution, such as dovecot director, to ensure user lands to one backend at a > time. If you mean two different servers by asking if I access mails "using two different dovecot instances" then the answer is no: I have everything one one server. Does this answer your question properly? On the config side I have also made sure I have the "mmap_disable = yes" parameter for NFS. Do I maybe need to tune some additional parameters?
Re: dovecot.index.log: duplicate transaction log sequence (3)
> > > Hello, > > I am running Dovecot 2.3.5.1 on OpenBSD 6.5 with RainLoop as IMAP webmail > client and just noticed the following error messages about duplicate > transaction log sequences in the index log: > > Jul 01 13:15:58 Error: imap()<21324>: > Transaction log > /var/vmail///dovecot.index.log: duplicate > transaction log sequence (3) > Jul 02 16:33:35 Error: imap()<6812>: > Transaction log > /var/vmail///dovecot.list.index.log: > duplicate transaction log sequence (2) > Jul 02 16:33:35 Panic: imap()<6812>: file > mail-index-write.c: line 137 (mail_index_write): assertion failed: > (file->hdr.prev_file_seq == hdr->log_file_seq) > Jul 02 16:33:35 Fatal: imap()<6812>: > master: service(imap): child 6812 killed with signal 6 (core not dumped - > https://dovecot.org/bugreport.html#coredumps - set service imap { > drop_priv_before_exec=yes }) > > Could this problem occur because I am using a Linux NFS server to store all > the mails mounted under /var/mail ? > > Any hints what I can do to avoid these error messages? > > Thank you in advance. > > Best regards, > Mabi Are you by chance accessing mails using two different dovecot instances? This is not supported to be done concurrently, you need to use some sort of solution, such as dovecot director, to ensure user lands to one backend at a time. Aki
Re: Percent character in mail_crypt_private_password not possible
> > > ‐‐‐ Original Message ‐‐‐ > On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi > wrote: > > > Hi, you need to escape % with %%. We are aware of a bug affecting when % > > comes in from some field via userdb, and we are looking into how to fix > > this. > > Hi Aki, > > Thank you very much for your very fast answer. I will then simply double the > percent character as workaround for now as you suggest. butterfingers me, sending empty replies.. I don't actually recommend using password *directly* from user as password for private keys, I recommend running them thru some hash / pkcs5 before that. Aki
Re: Percent character in mail_crypt_private_password not possible
> > > ‐‐‐ Original Message ‐‐‐ > On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi > wrote: > > > Hi, you need to escape % with %%. We are aware of a bug affecting when % > > comes in from some field via userdb, and we are looking into how to fix > > this. > > Hi Aki, > > Thank you very much for your very fast answer. I will then simply double the > percent character as workaround for now as you suggest.
Re: Percent character in mail_crypt_private_password not possible
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi wrote: > Hi, you need to escape % with %%. We are aware of a bug affecting when % > comes in from some field via userdb, and we are looking into how to fix this. Hi Aki, Thank you very much for your very fast answer. I will then simply double the percent character as workaround for now as you suggest.
Re: Percent character in mail_crypt_private_password not possible
> > > Hello, > > I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to > use a mail crypt private password which contains a percent "%" character as > you can see below: > > $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent > mailbox cryptokey generate -u em...@domain.tld -URf > > doveadm(em...@domain.tld): Error: Failed to expand plugin setting > mail_crypt_private_password = 'SomethingWith%Percent': Unknown variable '%P' > > Note here that the percent is escaped with a backslash "\%" in order for the > shell not to process it. > > Regards, > Mabi Hi, you need to escape % with %%. We are aware of a bug affecting when % comes in from some field via userdb, and we are looking into how to fix this. Aki
Percent character in mail_crypt_private_password not possible
Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u em...@domain.tld -URf doveadm(em...@domain.tld): Error: Failed to expand plugin setting mail_crypt_private_password = 'SomethingWith%Percent': Unknown variable '%P' Note here that the percent is escaped with a backslash "\%" in order for the shell not to process it. Regards, Mabi
dovecot.index.log: duplicate transaction log sequence (3)
Hello, I am running Dovecot 2.3.5.1 on OpenBSD 6.5 with RainLoop as IMAP webmail client and just noticed the following error messages about duplicate transaction log sequences in the index log: Jul 01 13:15:58 Error: imap()<21324>: Transaction log /var/vmail///dovecot.index.log: duplicate transaction log sequence (3) Jul 02 16:33:35 Error: imap()<6812>: Transaction log /var/vmail///dovecot.list.index.log: duplicate transaction log sequence (2) Jul 02 16:33:35 Panic: imap()<6812>: file mail-index-write.c: line 137 (mail_index_write): assertion failed: (file->hdr.prev_file_seq == hdr->log_file_seq) Jul 02 16:33:35 Fatal: imap()<6812>: master: service(imap): child 6812 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set service imap { drop_priv_before_exec=yes }) Could this problem occur because I am using a Linux NFS server to store all the mails mounted under /var/mail ? Any hints what I can do to avoid these error messages? Thank you in advance. Best regards, Mabi
Re: Variable expansion with variables containing '%' (ldap with 2.3.6)
Am Tue, 2 Jul 2019 08:51:24 +0300 schrieb Aki Tuomi : > On 2.7.2019 8.24, Aki Tuomi via dovecot wrote: > > On 1.7.2019 13.37, Matthias Lay via dovecot wrote: > >> Am Mon, 1 Jul 2019 13:08:46 +0300 (EEST) > >> schrieb Aki Tuomi : > >> > >>> Hi, > >>> > >>> there seems to be a problem when expanding variables containing a > >>> single '%' in value in dovecot V2.3.6 > >>> > >>> having a user defined Variable in user_attrs like > >>> > >>> user_attrs = name=home=/maildir/%Ln, > >>> =myvar=path/%L{ldap:sAMAccountName} > >>> > >>> > >>> and sAMAccountName conains a '%', in my example "sonder%zeichen" > >>> leads to: > >>> > >>> lda(sonder%zeichen)<5723>: Fatal: Failed > >>> to expand plugin setting myvar = 'path/sonder%zeichen': Unknown > >>> variable '%z' > >>> > >>> same setup works with dovecot 2.2.29 > >>> > >>> Any Feedback appreciated. > >>> Thanks. > >>> Matze > >>> > >>> You can use %% to escape a % > >>> --- > >>> Aki Tuomi > >>> > >> Hi Aki, > >> > >> nope this doesnt work. if I use 'sonder%%zeichen', the ldap lookup > >> searches for the User/Value "sonder%%zeichen" in ldap/AD. what > >> fails, as this user doesnt exist. > >> > >> and I cant escape the value in all cases anyway, as its an remote > >> value, coming from the ldap server. > >> > >> seems to me the sequence of intepreting variables and modifiers > >> changed between 2.2 ans 2.3 > >> now it gets the variable value from remote in the first place, and > >> interprets the value itself for more variables or modifiers, which > >> might not be what you want. > >> > >> like in a subquery using > >> > >> @mail=%{ldap:mailDN} > >> > >> but I dont use subqueries. just a simple expansion > >> > >> =myvar=%{ldap:mailDN} > >> > >> any more ideas? > >> > >> > >> > >> > >> > > I have to investigate this a bit. > > > > > > Aki > > > > Seems to be a bug of a kind. I'll open it in our issue tracker. > > Aki > thx for your effort Aki. If I can help out testing a patch, just let me know Matze