Re: New to dovecot admin, question about using LDAP for user-specific values

2019-09-13 Thread Jean-Daniel Dupas via dovecot 


> Le 13 sept. 2019 à 12:53, Gerben Wierda via dovecot  a 
> écrit :
> 
> 
>> On 13 Sep 2019, at 11:51, Jean-Daniel Dupas > > wrote:
>> 
>> 
>> 
>>> Le 13 sept. 2019 à 09:29, Gerben Wierda via dovecot >> > a écrit :
>>> 
>>> Nobody?
>>> 
 On 10 Sep 2019, at 11:58, Gerben Wierda via dovecot >>> > wrote:
 
 I am new to dovecot administration. I’ve read the Wiki but that hasn’t 
 given me the understanding I need.
 
 When I query my LDAP (on macOS) on a value for user ‘gerben’, I can get 
 that:
 
 dumbledore:~ gerben$ dscl /LDAPv3/127.0.0.1 -read /users/gerben 
 GeneratedUID
 GeneratedUID: 780D870E-6B00-478E-AB70-3D3307215A82
 
 I would like to use that value in dovecot settings, e.g. something like
 
 user_attrs = \
   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
 
 
 Is this possible and if so what do I exactly need to do to get this 
 working?
>> 
>> As the answer is in the question, it is hard to give you any hint about what 
>> should be done.
>> 
>> What is wrong with 
>> 
>> user_attrs = \
>>   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
>> 
>> 
>> Did you try it ? Have you got any issue with it ?
> 
> I haven’t tried anything yet as I am trying to learn before I do anything 
> (and trial and error is a very slow method), but it seems to me that just 
> that line cannot be enough. Because how does “ldap:” know to go looking in 
> the LDAP structure at "/Users//“ in the LDAP “/LDAPv3/127.0.0.1”? 
> Somehow I shall have to tell dovecot that.

OK, so your question is more about how to configure LDAP in dovecot for basic 
usage.

If you want to query the LDAP, you first have to learn what its structure is, 
and then you should tell dovecot where to look at using the 'base' and 'scope' 
parameter and what to look at using the 'user_filter' parameter.

I never tried to access OpenDirectory using LDAP queries, so you will have to 
search online about how it should be done.

Re: Multiple certificate option SNI

2019-09-13 Thread Heiko Schlittermann via dovecot 
Maciej Milaszewski IQ PL via dovecot  (Fr 13 Sep 2019 
12:10:39 CEST):
> openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1

Use -servername  for testing.

--
Heiko


signature.asc
Description: PGP signature

Re: Multiple certificate option SNI

2019-09-13 Thread Jean-Daniel Dupas via dovecot 



> Le 13 sept. 2019 à 12:10, Maciej Milaszewski IQ PL via dovecot 
>  a écrit :
> 
> Hi
> I have some problem with SNI and dovecot 2.2.36.4
> 
> Server debian 9.x ad dovecot-2.2.36.4
> 
> default server ssl cert is a wildcard like *.domain.com (digicert)
> 
> ssl_ca = /var/control/cert.pem
> ssl_cert =  
> I added for test another domain (in dns to) for another ssl (letsencrypt)
> 
> from https://wiki.dovecot.org/SSL/DovecotConfiguration
> 
> like:
> 
> local_name imap.mail.test.domain.com {
>   ssl_cert =ssl_key =  < /etc/dovecot/ssl/imap.mail.test.domain.com.key
> }
> 
> 
> doveconf -n:
> 
> local_name imap.mail.test.domain.com {
>   ssl_cert =ssl_key =  # hidden, use -P to show it
> }
> 
> Now I test like:
> openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1
> 
> and dovecot show me default server cert (digicert) but not dedicated
> from letsencrypt
> 
> In DNS domain imap.mail.test.domain.com is not match *.domain.com
> 
> Any idea ?
> 

AFAIK, the -connect option of openssl is not use for SNI, but only for IP 
resolution.
To enable SNI, you have to explicitly pass it using '-servername' parameter.

Re: New to dovecot admin, question about using LDAP for user-specific values

2019-09-13 Thread Gerben Wierda via dovecot 

> On 13 Sep 2019, at 11:51, Jean-Daniel Dupas  wrote:
> 
> 
> 
>> Le 13 sept. 2019 à 09:29, Gerben Wierda via dovecot > > a écrit :
>> 
>> Nobody?
>> 
>>> On 10 Sep 2019, at 11:58, Gerben Wierda via dovecot >> > wrote:
>>> 
>>> I am new to dovecot administration. I’ve read the Wiki but that hasn’t 
>>> given me the understanding I need.
>>> 
>>> When I query my LDAP (on macOS) on a value for user ‘gerben’, I can get 
>>> that:
>>> 
>>> dumbledore:~ gerben$ dscl /LDAPv3/127.0.0.1 -read /users/gerben GeneratedUID
>>> GeneratedUID: 780D870E-6B00-478E-AB70-3D3307215A82
>>> 
>>> I would like to use that value in dovecot settings, e.g. something like
>>> 
>>> user_attrs = \
>>>   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
>>> 
>>> 
>>> Is this possible and if so what do I exactly need to do to get this working?
> 
> As the answer is in the question, it is hard to give you any hint about what 
> should be done.
> 
> What is wrong with 
> 
> user_attrs = \
>   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
> 
> 
> Did you try it ? Have you got any issue with it ?

I haven’t tried anything yet as I am trying to learn before I do anything (and 
trial and error is a very slow method), but it seems to me that just that line 
cannot be enough. Because how does “ldap:” know to go looking in the LDAP 
structure at "/Users//“ in the LDAP “/LDAPv3/127.0.0.1”? Somehow I 
shall have to tell dovecot that.

But if trial and error is the only way, I’ll have to try.

G

Multiple certificate option SNI

2019-09-13 Thread Maciej Milaszewski IQ PL via dovecot 
Hi
I have some problem with SNI and dovecot 2.2.36.4

Server debian 9.x ad dovecot-2.2.36.4

default server ssl cert is a wildcard like *.domain.com (digicert)

ssl_ca = /var/control/cert.pem
ssl_cert = https://wiki.dovecot.org/SSL/DovecotConfiguration

like:

local_name imap.mail.test.domain.com {
  ssl_cert =

Re: New to dovecot admin, question about using LDAP for user-specific values

2019-09-13 Thread Jean-Daniel Dupas via dovecot 


> Le 13 sept. 2019 à 09:29, Gerben Wierda via dovecot  a 
> écrit :
> 
> Nobody?
> 
>> On 10 Sep 2019, at 11:58, Gerben Wierda via dovecot > > wrote:
>> 
>> I am new to dovecot administration. I’ve read the Wiki but that hasn’t given 
>> me the understanding I need.
>> 
>> When I query my LDAP (on macOS) on a value for user ‘gerben’, I can get that:
>> 
>> dumbledore:~ gerben$ dscl /LDAPv3/127.0.0.1 -read /users/gerben GeneratedUID
>> GeneratedUID: 780D870E-6B00-478E-AB70-3D3307215A82
>> 
>> I would like to use that value in dovecot settings, e.g. something like
>> 
>> user_attrs = \
>>   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
>> 
>> 
>> Is this possible and if so what do I exactly need to do to get this working?

As the answer is in the question, it is hard to give you any hint about what 
should be done.

What is wrong with 

user_attrs = \
  =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 


Did you try it ? Have you got any issue with it ?

Re: keywords lost when moving a message in a folder

2019-09-13 Thread Aki Tuomi via dovecot 

On 13.9.2019 11.14, wouldsmina via dovecot wrote:
> Hi,
>
> I migrate my dovecot server from Debian 9 to Debian 10 (Dovecot
> 2.3.4.1), since when I move a message in a folder, keywords
> systematically disappear. I'm using Thunderbird 60.8.
> Would an option have escaped me? or is there a bug on this version of
> dovecot?
>
> Dovecot 2.3.4.1
> OS : Debian 10.0 x64
> FS : Ext4
>
Hi!

This is fixed in 2.3.7 forward, you can find packages from
repo.dovecot.org, or you can try opening a bug in debian bugtracker.

Aki

fts_solr: Error: fts_solr: received invalid uid '0'

2019-09-13 Thread Fabian via dovecot 
Hi,

we are trying to add full text search functionality with Solr to our Doveoct 
setup. Our Versions:
OS: Debian 9
Tried versions: 
- Dovecot 2.2.7 with Solr 3.6
- Dovecot 2.3.4 with Solr 8.2
(2.2.7 from offical Debian repository, 2.3.4 from backports)

Search is working mostly of the time perfrectly smooth. But sometimes following 
message appears in mail.err:
dovecot: imap(username)16189UxYWLVuSYMasEQoK: Error: fts_solr: 
received invalid uid '0'

If this error occurs our webmail frontend delivers most of the time a timeout. 
Sometimes the search only takes really long.

Are  there any ideas why this error occurs? We are not able to reproduce the 
error in such a way that it would always be reproducible. However, we can 
reproduce the behavior in some form over and over again - but we do not know 
exactly what is decisive.

If you need any further information please ask - thanks! :-)

dovecont -n:
2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.9.0-11-amd64 x86_64 Debian 9.11 ext4
# Hostname: localhost
auth_master_user_separator = *
auth_username_format = %Ln
default_client_limit = 5000
default_process_limit = 1000
default_vsz_limit = 256M
dict {
  sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
first_valid_uid = 480
imap_capability = +XDOVECOT
lmtp_save_to_detail_mailbox = yes
mail_attribute_dict = file:/var/spool/dovecot/user/%n/Maildir/dovecot-attributes
mail_gid = vmail
mail_location = maildir:/var/spool/dovecot/user/%d/%n/Maildir:LAYOUT=fs
mail_plugins = " listescape mail_log notify quota acl fts fts_solr virtual"
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace {
  hidden = yes
  inbox = yes
  list = no
  location = 
  prefix = 
  separator = /
  subscriptions = yes
}
namespace {
  list = yes
  location = maildir:%%h/Maildir:INDEXPVT=~/shared/%%u:LAYOUT=fs
  prefix = shared/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace Public {
  list = children
  location = maildir:/var/spool/dovecot/public:INDEXPVT=~/public:LAYOUT=fs
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
namespace Virtual {
  hidden = no
  list = yes
  location = 
virtual:/etc/dovecot/virtual:INDEX=/var/spool/dovecot/user/%u/virtual
  prefix = Virtual/
  separator = /
  subscriptions = no
}
namespace inbox {
  inbox = no
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = INBOX/
  separator = /
  subscriptions = no
  type = private
}
passdb {
  args = /etc/dovecot/masteruser.%s
  driver = passwd-file
  master = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
plugin {
  acl = vfile
  acl_anyone = allow
  acl_shared_dict = file:/var/spool/dovecot/public/shared-mailboxes.db
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://172.17.10.12:8983/solr/dovecot/; 
rel="noreferrer noopener" target="_blank">172.17.10.12:8983/solr/dovecot/
  quota = dict:User quota::no-unset:proxy::sqlquota
  quota_rule = *:storage=10G
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_before = /var/spool/dovecot/globalsieve/duplicate.sieve
  sieve_duplicate_default_period = 1h
  sieve_duplicate_max_period = 1d
}
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service decode2text {
  executable = script /usr/lib/dovecot/http://decode2text.sh; 
rel="noreferrer noopener" target="_blank">decode2text.sh
  unix_listener decode2text {
mode = 0666
  }
  user = dovecot
}
service dict {
  unix_listener dict {
group = vmail
user = vmail
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
ssl = no
userdb {
  args = /etc/dovecot/mysql-userdb.conf.ext
  driver = sql
}
protocol lmtp {
  mail_plugins = " listescape mail_log notify quota acl fts fts_solr virtual 
acl quota sieve notify"
  quota_full_tempfail = yes
}
protocol imap {
  imap_capability = +XDOVECOT
  mail_max_userip_connections = 100
  mail_plugins = " listescape mail_log notify quota acl fts fts_solr virtual 
imap_acl imap_quota"
}
remote http://172.17.10.10; rel="noreferrer noopener" 
target="_blank">172.17.10.10 {
  protocol imap {
imap_metadata =

keywords lost when moving a message in a folder

2019-09-13 Thread wouldsmina via dovecot 
Hi,

I migrate my dovecot server from Debian 9 to Debian 10 (Dovecot 2.3.4.1),
since when I move a message in a folder, keywords systematically disappear.
I'm using Thunderbird 60.8.
Would an option have escaped me? or is there a bug on this version of
dovecot?

Dovecot 2.3.4.1
OS : Debian 10.0 x64
FS : Ext4

dovecot -n result :
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-5-amd64 x86_64 Debian 10.0
# Hostname: suzuki.domain.tld
auth_cache_size = 1 k
auth_failure_delay = 3 secs
base_dir = /var/run/dovecot/
default_vsz_limit = 4 G
first_valid_uid = 100
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_greeting = mail system ready.
login_trusted_networks = 172.16.0.0/12 192.168.0.0/16
mail_fsync = always
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_prefetch_count = 20
mail_privileged_group = mail
mailbox_idle_check_interval = 1 mins
mmap_disable = yes
namespace inbox {
  inbox = yes
  location = maildir:~/Maildir
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  subscriptions = yes
  type = private
}
passdb {
  driver = pam
}
plugin {
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  sieve = ~/sieve/.dovecot.sieve
  sieve_after = /etc/dovecot/sieve.after
  sieve_before = /etc/dovecot/sieve.before
  sieve_before2 = ~/sieve/.dovecot.vacation.sieve
  sieve_dir = ~/sieve
  sieve_editheader_forbid_add = X-Verified
  sieve_editheader_forbid_delete = X-Verified X-Seen
  sieve_editheader_max_header_size = 1k
  sieve_extensions = +editheader
  sieve_max_script_size = 2M
}
postmaster_address = postmas...@domain.tld
protocols = " imap lmtp pop3"
service auth-worker {
  process_min_avail = 6
  service_count = 0
}
service imap-login {
  process_min_avail = 10
  service_count = 0
  vsz_limit = 4 G
}
service imap {
  process_limit = 4096
  vsz_limit = 4 G
}
service pop3 {
  process_limit = 1024
}
ssl_cert =

Re: New to dovecot admin, question about using LDAP for user-specific values

2019-09-13 Thread Gerben Wierda via dovecot 
Nobody?

> On 10 Sep 2019, at 11:58, Gerben Wierda via dovecot  
> wrote:
> 
> I am new to dovecot administration. I’ve read the Wiki but that hasn’t given 
> me the understanding I need.
> 
> When I query my LDAP (on macOS) on a value for user ‘gerben’, I can get that:
> 
> dumbledore:~ gerben$ dscl /LDAPv3/127.0.0.1 -read /users/gerben GeneratedUID
> GeneratedUID: 780D870E-6B00-478E-AB70-3D3307215A82
> 
> I would like to use that value in dovecot settings, e.g. something like
> 
> user_attrs = \
>   =mail=maildir://Library/Server/Mail/Data/mail/%{ldap:GeneratedUID} 
> 
> 
> Is this possible and if so what do I exactly need to do to get this working?
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture 
> Mastering ArchiMate 
> Architecture for Real Enterprises 
>  at 
> InfoWorld
> On Slippery Ice  at EAPJ
>