Dovecot FINs after sending "NO Not showing other users' quota"
When I do imap getquota on a shared folder I see the NO response. That's OK but then often dovecot disconnects (sends FIN) to the client right after this. The client acks the disconnect and creates a new connection and continues on. Should dovecot disconnect after this type of imap "NO" response? -gene
Lmtp proxy help assertion failed: (conn->remote_port != 0
I have this in my 20-lmtp.conf file and created passdb-file, this should
be enough to route a message to svr1? The port 24 is reachable from the
proxy.
bash-5.0# cat 20-lmtp.conf
lmtp_proxy = yes
protocol lmtp {
# Space separated list of plugins to load (default is global
mail_plugins).
passdb {
driver = passwd-file
args = /etc/dovecot/special-passdb
default_fields = proxy=y host=svr1
}
}
bash-5.0# cat /etc/dovecot/special-passdb
test:password:1000:1000:(gecos):home:/bin/false:host=svr1
RE: lmtp proxy 'Invalid FROM: Missing domain'
If I add a domain, error changes in: connection.c: line 380 (connection_update_properties): assertion failed: (conn->remote_port != 0) -Original Message- Subject: lmtp proxy 'Invalid FROM: Missing domain' Looks like I have a correct working proxy on pop3. On both backend servers I can run cat /tmp/test.msg | /usr/libexec/dovecot/lmtp Giving 250 2.1.5 OK 354 OK Info: Disconnect from local: Connection closed (in DATA) However if I run the same command on the proxy, I am getting this error 'Invalid FROM: Missing domain'. How is this FROM even relevant if message just needs to be delivered to RCPT TO.
lmtp proxy 'Invalid FROM: Missing domain'
Looks like I have a correct working proxy on pop3. On both backend servers I can run cat /tmp/test.msg | /usr/libexec/dovecot/lmtp Giving 250 2.1.5 OK 354 OK Info: Disconnect from local: Connection closed (in DATA) However if I run the same command on the proxy, I am getting this error 'Invalid FROM: Missing domain'. How is this FROM even relevant if message just needs to be delivered to RCPT TO.
Re: Proxy GSSAPI + PLAIN authentication
If your dovecot is recent enough you can use mechanisms setting on passdb block. See https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/
On 24/11/2019 17:17 Sam via dovecot wrote:
Hi,
I try to configure a proxy accepting GSSAPI and PLAIN authentication.
When authenticating with Kerberos, Dovecot uses master user and password to authenticate to backends (backends can be Cyrus or Exchange servers too)
When authenticating with PLAIN passwords, Dovecot sends user's login and password to the backend.
For GSSAPI, I use extrafields :
k5principals=principal@REALM proxy=Y pass=masterpassword login_user=principal user=masteruser host=backend
For PLAIN, I use a static driver :
passdb { driver = static args = proxy=y host=cyrus password=%w}
I can authenticate fine with Kerberos tickets and login/password on the backend.
Trouble is that if I authenticate with PLAIN login/password, with a user known from the passdb lookup made for GSSAPI, I can authenticate with any password, it is not checked. The passdb with masteruser and nopassword=y is checked.
I can't restrict the passdb with the k5principals extrafield.
I tried static and ldap drivers, with the same wrong behaviour.
pass_attrs = \ =proxy=Y, \ =nopassword=Y, \ =pass=masterpassword, \ =login_user=%{ldap:uid}, \ =user=masteruser, \ =host=backend, \ =k5principals=%{ldap:uid}@REALM
With the ldap driver, I've got auth_bind = no
The user is found in the ldap, and Dovecot logs him with the masterpassword.
If I don't configure an ldap passdb, but a userdb only, the proxy try passdb that comes after for PLAIN logins.
With a passwd-file driver, the k5principals works fine. The user isn't found if it authenticates with PLAIN.
My question is : is it possible to restrict a ldap or static passdb for GSSAPI mechanism only ?
Thanks for your help,
Regards,
Sam
---
Aki Tuomi
Proxy GSSAPI + PLAIN authentication
Hi,
I try to configure a proxy accepting GSSAPI and PLAIN authentication.
When authenticating with Kerberos, Dovecot uses master user and password to
authenticate to backends (backends can be Cyrus or Exchange servers too)
When authenticating with PLAIN passwords, Dovecot sends user's login and
password to the backend.
For GSSAPI, I use extrafields :
k5principals=principal@REALM proxy=Y pass=masterpassword
login_user=principal user=masteruser host=backend
For PLAIN, I use a static driver :
passdb {
driver = static
args = proxy=y host=cyrus password=%w
}
I can authenticate fine with Kerberos tickets and login/password on the
backend.
Trouble is that if I authenticate with PLAIN login/password, with a user
known from the passdb lookup made for GSSAPI, I can authenticate with any
password, it is not checked. The passdb with masteruser and nopassword=y is
checked.
I can't restrict the passdb with the k5principals extrafield.
I tried static and ldap drivers, with the same wrong behaviour.
pass_attrs = \
=proxy=Y, \
=nopassword=Y, \
=pass=masterpassword, \
=login_user=%{ldap:uid}, \
=user=masteruser, \
=host=backend, \
=k5principals=%{ldap:uid}@REALM
With the ldap driver, I've got auth_bind = no
The user is found in the ldap, and Dovecot logs him with the masterpassword.
If I don't configure an ldap passdb, but a userdb only, the proxy try
passdb that comes after for PLAIN logins.
With a passwd-file driver, the k5principals works fine. The user isn't
found if it authenticates with PLAIN.
My question is : is it possible to restrict a ldap or static passdb for
GSSAPI mechanism only ?
Thanks for your help,
Regards,
Sam
RE: Health check curl example
How do I check the standard script then on this port 5001 from the
command line?
This one of alpine linux also does not have it yet
bash-5.0# dovecot --version
2.3.7.2 (3c910f64b)
-Original Message-
Subject: RE: Health check curl example
Yes. The passthrough option is rather new.
Aki
On 24/11/2019 15:28 Marc Roos via dovecot < dovecot@dovecot.org>
wrote:
I think I already have that, I am having this configured
service health-check {
# this is the default configuration using the simple PING->PONG
# example health-check.
executable = script -p /bin/health-check.sh
inet_listener health-check {
port = 5001
}
}
bash-5.0# /bin/health-check.sh
HTTP/1.1 200 OK
Connection: keep-alive
OK
-Original Message-
Subject: Re: Health check curl example
Your health check script should implement HTTP protocol. Then you
can
use passthrough mode and use cURL.
The provided script does not speak HTTP.
Aki
On 24/11/2019 15:12 Marc Roos via dovecot < dovecot@dovecot.org>
wrote:
I am not understanding how this health check[1] script should work.
From
the commandline it works fine when I type a PING I get a PONG. But
how
do I do a curl to this 5001 port?
Tried something like this:
bash-5.0# curl http://localhost:5001/
curl: (56) Recv failure: Connection reset by peer
bash-5.0# curl http://localhost:5001/PING
curl: (56) Recv failure: Connection reset by peer
[1]
https://doc.dovecot.org/admin_manual/health_check/
---
Aki Tuomi
---
Aki Tuomi
RE: Health check curl example
Yes. The passthrough option is rather new.
Aki
On 24/11/2019 15:28 Marc Roos via dovecot <
dovecot@dovecot.org> wrote:
I think I already have that, I am having this configured
service health-check {
# this is the default configuration using the simple PING->PONG
# example health-check.
executable = script -p /bin/health-check.sh
inet_listener health-check {
port = 5001
}
}
bash-5.0# /bin/health-check.sh
HTTP/1.1 200 OK
Connection: keep-alive
OK
-Original Message-
Subject: Re: Health check curl example
Your health check script should implement HTTP protocol. Then you can
use passthrough mode and use cURL.
The provided script does not speak HTTP.
Aki
On 24/11/2019 15:12 Marc Roos via dovecot <
dovecot@dovecot.org>
wrote:
I am not understanding how this health check[1] script should work.
From
the commandline it works fine when I type a PING I get a PONG. But
how
do I do a curl to this 5001 port?
Tried something like this:
bash-5.0# curl
http://localhost:5001/
curl: (56) Recv failure: Connection reset by peer
bash-5.0# curl
http://localhost:5001/PING
curl: (56) Recv failure: Connection reset by peer
[1]
https://doc.dovecot.org/admin_manual/health_check/
---
Aki Tuomi
---
Aki Tuomi
RE: Health check curl example
I think I already have that, I am having this configured
service health-check {
# this is the default configuration using the simple PING->PONG
# example health-check.
executable = script -p /bin/health-check.sh
inet_listener health-check {
port = 5001
}
}
bash-5.0# /bin/health-check.sh
HTTP/1.1 200 OK
Connection: keep-alive
OK
-Original Message-
Subject: Re: Health check curl example
Your health check script should implement HTTP protocol. Then you can
use passthrough mode and use cURL.
The provided script does not speak HTTP.
Aki
On 24/11/2019 15:12 Marc Roos via dovecot < dovecot@dovecot.org>
wrote:
I am not understanding how this health check[1] script should work.
From
the commandline it works fine when I type a PING I get a PONG. But
how
do I do a curl to this 5001 port?
Tried something like this:
bash-5.0# curl http://localhost:5001/
curl: (56) Recv failure: Connection reset by peer
bash-5.0# curl http://localhost:5001/PING
curl: (56) Recv failure: Connection reset by peer
[1]
https://doc.dovecot.org/admin_manual/health_check/
---
Aki Tuomi
Re: Health check curl example
Your health check script should implement HTTP protocol. Then you can use passthrough mode and use cURL. The provided script does not speak HTTP. Aki On 24/11/2019 15:12 Marc Roos via dovecot < dovecot@dovecot.org> wrote: I am not understanding how this health check[1] script should work. From the commandline it works fine when I type a PING I get a PONG. But how do I do a curl to this 5001 port? Tried something like this: bash-5.0# curl http://localhost:5001/ curl: (56) Recv failure: Connection reset by peer bash-5.0# curl http://localhost:5001/PING curl: (56) Recv failure: Connection reset by peer [1] https://doc.dovecot.org/admin_manual/health_check/ --- Aki Tuomi
Health check curl example
I am not understanding how this health check[1] script should work. From the commandline it works fine when I type a PING I get a PONG. But how do I do a curl to this 5001 port? Tried something like this: bash-5.0# curl http://localhost:5001/ curl: (56) Recv failure: Connection reset by peer bash-5.0# curl http://localhost:5001/PING curl: (56) Recv failure: Connection reset by peer [1] https://doc.dovecot.org/admin_manual/health_check/
Re: [Sieve] Multiple email recipients, how?
On 23-11-19 18:40, Ralph Seichter via dovecot wrote: * Tom Hendrikx via dovecot: There are nice tricks you can do with virtual alias maps and pcre within postfix to split email to specific user accounts, which could also accommodate other alias schemes than standard subaddressing (such as yours). Postfix supports sub-addressing out of the box, simply by setting the "recipient_delimiter" configuration parameter[1]. -Ralph [1] http://www.postfix.org/postconf.5.html#recipient_delimiter Standard subaddressing is not able to support the addressing scheme the OP has in place. But there are other ways, such as pcre alias maps, that will solve his problem a lot easier than Sieve address parsing, without discarding the existing (albeit peculiar) subaddressing scheme. I just wanted to make sure that the OP was aware of this. Kind regards, Tom
Virtual mailboxes: errors after renaming a folder
Hello, I have a dovecot server, running fine, on Debian Stretch. Virtual folders are set up, and works correctly. For instance, I have Unread, All and Conversations, and everything works fine. However, when I rename a folder, I have error messages from Dovecot. For instance, I had a folder INBOX/Bills, which I renamed INBOX/Invoices. After that, I have these error messages: > The reported error was “Failed to select mailbox: Backend mailbox INBOX/Bills' added by another session. Reopen the virtual mailbox. (for backend mailbox Search/All) (0.000 + 0.000 secs).”. How can I avoid these errors, for instance, how can I rebuild the indexes every night or so? Kind regards, André
RE: Dovecot proxy with ldap, complains about 'host not given'
Thanks!! Added this. pass_attrs = uid=user,userPassword=password,host=host -Original Message- Subject: RE: Dovecot proxy with ldap, complains about 'host not given' You need to specify fields you want. Fields are not imported automatically. See https://doc.dovecot.org/configuration_manual/authentication/ldap/ Aki On 24/11/2019 11:34 Marc Roos via dovecot < dovecot@dovecot.org> wrote: My query? Is dovecot not getting this field automatically? -Original Message- Subject: Re: Dovecot proxy with ldap, complains about 'host not given' On 23 Nov 2019, at 16:11, Marc Roos < m.r...@f1-outsourcing.eu> wrote: It looks like the dovecot proxy can authenticate correctly but fails then on with this message Nov 23 23:33:33 test2 dovecot: pop3-login: Error: proxy: host not given: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session= I have configured a host= in ldap for this user But is your query properly getting the host? (I don’t use ldap., but this is a common issue with sql lookups, so I assume that is a likely problem). -- ARE YOU FAMILIAR WITH THE WORDS 'DEATH WAS HIS CONSTANT COMPANION'? 'But I don't usually see you!’ --- Aki Tuomi
RE: Dovecot proxy with ldap, complains about 'host not given'
You need to specify fields you want. Fields are not imported automatically. See https://doc.dovecot.org/configuration_manual/authentication/ldap/ Aki On 24/11/2019 11:34 Marc Roos via dovecot < dovecot@dovecot.org> wrote: My query? Is dovecot not getting this field automatically? -Original Message- Subject: Re: Dovecot proxy with ldap, complains about 'host not given' On 23 Nov 2019, at 16:11, Marc Roos < m.r...@f1-outsourcing.eu> wrote: It looks like the dovecot proxy can authenticate correctly but fails then on with this message Nov 23 23:33:33 test2 dovecot: pop3-login: Error: proxy: host not given: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session= I have configured a host= in ldap for this user But is your query properly getting the host? (I don’t use ldap., but this is a common issue with sql lookups, so I assume that is a likely problem). -- ARE YOU FAMILIAR WITH THE WORDS 'DEATH WAS HIS CONSTANT COMPANION'? 'But I don't usually see you!’ --- Aki Tuomi
RE: Dovecot proxy with ldap, complains about 'host not given'
My query? Is dovecot not getting this field automatically? -Original Message- Subject: Re: Dovecot proxy with ldap, complains about 'host not given' On 23 Nov 2019, at 16:11, Marc Roos wrote: > It looks like the dovecot proxy can authenticate correctly but fails > then on with this message > > Nov 23 23:33:33 test2 dovecot: pop3-login: Error: proxy: host not given: > user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, > session= > > I have configured a host= in ldap for this user But is your query properly getting the host? (I don’t use ldap., but this is a common issue with sql lookups, so I assume that is a likely problem). -- ARE YOU FAMILIAR WITH THE WORDS 'DEATH WAS HIS CONSTANT COMPANION'? 'But I don't usually see you!’
