Move mailbox/folder tree?
What would be the adviced method of moving a complete mailbox/folder tree? Eg. to a different namespace. Is this possible with 'doveadm move -u test'
Re: Dovecot proxy: authentication best practices
On 27/12/2019 16:02 William Edwards wrote:
Hi!
I have a few questions regarding Dovecot proxy:
1.
1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct?
You still control where it proxies to.
1.2 Are there any security implications when using 'nopassword' on the proxy?
As long as its really a proxy, probably no.
2.
2.1 I would like to avoid having to store all users in a passdb file on the proxy. I would much rather specify a domain for which Dovecot proxy will route all users to a specific host. Is there a way to let Dovecot proxy route to a destination host based on domain, so individual users don't have to be specified in the proxy passdb?
2.2 Is it correct that userdb does not have any effect on proxying and it can be left out of the config? Source: https://dovecot.org/pipermail/dovecot/2013-October/093138.html (point 2)
userdb is ignored on proxies. For your usecase try following
passdb {
driver = passwd-file
args = username_format=%Ld /etc/dovecot/domains.passwd
}
and into domains.passwd
domain.com::: nopassword proxy host=host1
colon count might be wrong
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
---
Aki Tuomi
Re: Issue running Dovecot in Docker Container
Can you check with `doveconf -nc /path/to/director.conf` that the values are actually set correctly?
Aki
On 27/12/2019 15:34 Naveen Reddy wrote:
The conf.d files are not included. I have added
!include conf.d/*.conf to director.conf and reloaded the dovecot and director services.
conf.d/10-logging also has the following lines:
log_path = /dovecot.log
info_log_path = $log_path
debug_log_path = $log_path
The /dovecot.log file still shows empty. Nothing is being logged to that file.
Thanks & Regards,
Naveen
On Thu, Dec 26, 2019 at 10:52 PM Aki Tuomi <
aki.tu...@open-xchange.com> wrote:
Do you have !include or !try_include in director.conf? The conf.d files are not included otherwise.
Aki
On 26/12/2019 11:27 Naveen Reddy <
naveenredd...@gmail.com> wrote:
I have tried these in the 10-logging.conf but no luck. There is nothing logged to the file.
bash-4.2# ps -efUID PID PPID C STIME TTY TIME CMDroot 1 0 0 Dec23 ? 00:00:00 /bin/bash /bootstrap.shroot 8 1 0 Dec23 ? 00:00:00 sleep 36000droot 15681 0 0 08:51 pts/1 00:00:00 bashroot 16340 0 0 09:19 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot/director.confdovecot 16341 16340 0 09:19 ? 00:00:00 dovecot-Director/anvilroot 16342 16340 0 09:19 ? 00:00:00 dovecot-Director/logroot 16344 16340 0 09:19 ? 00:00:00 dovecot-Director/configroot 16390 0 0 09:22 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.confdovecot 16391 16390 0 09:22 ? 00:00:00 dovecot-Dovecot/anvilroot 16392 16390 0 09:22 ? 00:00:00 dovecot-Dovecot/logroot 16394 16390 0 09:22 ? 00:00:00 dovecot-Dovecot/configroot 16406 15681 0 09:22 pts/1 00:00:00 ps -ef
The below processes are not starting as well.
dovecot-Dovecot/auth
dovecot-Dovecot/ssl-params
dovecot-Director/lmtp
dovecot-Director/ssl-params
dovecot-Director/imap-login director
Thanks & Regards,
Naveen
On Tue, Dec 24, 2019 at 10:54 PM Aki Tuomi <
aki.tu...@open-xchange.com> wrote:
On 24/12/2019 12:33 Naveen Reddy <
naveenredd...@gmail.com> wrote:
Hello,
We need help with an issue that we are running into when we are trying to run Dovecot in Docker container.
Also how do we enable debugging for dovecot. Logs doesn't show any info about the issue.
Below processes are not running when a Director service is started:
dovecot-Dovecot/auth
dovecot-Dovecot/ssl-params
dovecot-Director/lmtp
dovecot-Director/ssl-params
dovecot-Director/imap-login director
Here is the version that I'm running and including the dovecot -n output below:
bash-4.2# dovecot --version2.2.36
bash-4.2# dovecot -n# 2.2.36 (x): /etc/dovecot/dovecot.conf# OS: Linux 4.1.12-112.14.11.el7uek.x86_64 x86_64 Red Hat Enterprise Linux Server release 7.7 (Maipo)# Hostname: XXXauth_debug = yesauth_default_realm = auth_verbose = yesdisable_plaintext_auth = nodotlock_use_excl = nohostname = instance_name = Dovecotlogin_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c home=% domain=%dmail_debug = yesmail_fsync = alwaysmail_gid = imapdmail_home = /xxx/%d/%nmail_location = dbox:~/mail_uid = imapdmmap_disable = yespassdb { args = /etc/dovecot/lookups/ldap-pass.conf driver = ldap}passdb { args = /etc/dovecot/lookups/.conf driver = ldap}plugi
Dovecot proxy: authentication best practices
Hi! I have a few questions regarding Dovecot proxy: 1. 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct? 1.2 Are there any security implications when using 'nopassword' on the proxy? 2. 2.1 I would like to avoid having to store all users in a passdb file on the proxy. I would much rather specify a domain for which Dovecot proxy will route all users to a specific host. Is there a way to let Dovecot proxy route to a destination host based on domain, so individual users don't have to be specified in the proxy passdb? 2.2 Is it correct that userdb does not have any effect on proxying and it can be left out of the config? Source: https://dovecot.org/pipermail/dovecot/2013-October/093138.html (point 2) Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl
Re: Issue running Dovecot in Docker Container
The conf.d files are not included. I have added !include conf.d/*.conf to
director.conf and reloaded the dovecot and director services.
conf.d/10-logging also has the following lines:
log_path = /dovecot.log
info_log_path = $log_path
debug_log_path = $log_path
The /dovecot.log file still shows empty. Nothing is being logged to that
file.
Thanks & Regards,
Naveen
On Thu, Dec 26, 2019 at 10:52 PM Aki Tuomi
wrote:
> Do you have !include or !try_include in director.conf? The conf.d files
> are not included otherwise.
>
> Aki
>
> On 26/12/2019 11:27 Naveen Reddy wrote:
>
>
> I have tried these in the 10-logging.conf but no luck. There is nothing
> logged to the file.
>
> bash-4.2# ps -ef
> UIDPID PPID C STIME TTY TIME CMD
> root 1 0 0 Dec23 ?00:00:00 /bin/bash /bootstrap.sh
> root 8 1 0 Dec23 ?00:00:00 sleep 36000d
> root 15681 0 0 08:51 pts/100:00:00 bash
> root 16340 0 0 09:19 ?00:00:00 /usr/sbin/dovecot -c
> /etc/dovecot/director.conf
> dovecot 16341 16340 0 09:19 ?00:00:00 dovecot-Director/anvil
> root 16342 16340 0 09:19 ?00:00:00 dovecot-Director/log
> root 16344 16340 0 09:19 ?00:00:00 dovecot-Director/config
> root 16390 0 0 09:22 ?00:00:00 /usr/sbin/dovecot -c
> /etc/dovecot/dovecot.conf
> dovecot 16391 16390 0 09:22 ?00:00:00 dovecot-Dovecot/anvil
> root 16392 16390 0 09:22 ?00:00:00 dovecot-Dovecot/log
> root 16394 16390 0 09:22 ?00:00:00 dovecot-Dovecot/config
> root 16406 15681 0 09:22 pts/100:00:00 ps -ef
>
> The below processes are not starting as well.
>
> dovecot-Dovecot/auth
> dovecot-Dovecot/ssl-params
> dovecot-Director/lmtp
> dovecot-Director/ssl-params
> dovecot-Director/imap-login director
>
>
> Thanks & Regards,
> Naveen
>
>
> On Tue, Dec 24, 2019 at 10:54 PM Aki Tuomi < aki.tu...@open-xchange.com>
> wrote:
>
>
> On 24/12/2019 12:33 Naveen Reddy < naveenredd...@gmail.com> wrote:
>
>
> Hello,
>
> We need help with an issue that we are running into when we are trying to
> run Dovecot in Docker container.
> Also how do we enable debugging for dovecot. Logs doesn't show any info
> about the issue.
>
> Below processes are not running when a Director service is started:
>
> dovecot-Dovecot/auth
> dovecot-Dovecot/ssl-params
> dovecot-Director/lmtp
> dovecot-Director/ssl-params
> dovecot-Director/imap-login director
>
>
> Here is the version that I'm running and including the dovecot -n output
> below:
>
> bash-4.2# dovecot --version
> 2.2.36
>
> bash-4.2# dovecot -n
> # 2.2.36 (x): /etc/dovecot/dovecot.conf
> # OS: Linux 4.1.12-112.14.11.el7uek.x86_64 x86_64 Red Hat Enterprise Linux
> Server release 7.7 (Maipo)
> # Hostname: XXX
> auth_debug = yes
> auth_default_realm =
> auth_verbose = yes
> disable_plaintext_auth = no
> dotlock_use_excl = no
> hostname =
> instance_name = Dovecot
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
> home=% domain=%d
> mail_debug = yes
> mail_fsync = always
> mail_gid = imapd
> mail_home = /xxx/%d/%n
> mail_location = dbox:~/
> mail_uid = imapd
> mmap_disable = yes
> passdb {
> args = /etc/dovecot/lookups/ldap-pass.conf
> driver = ldap
> }
> passdb {
> args = /etc/dovecot/lookups/.conf
> driver = ldap
> }
> plugin {
> stats_refresh = 30 secs
> stats_track_cmds = yes
> }
> protocols = imap lmtp
> service auth {
> client_limit = 4096
> unix_listener auth-userdb {
> mode = 0777
> }
> }
> service imap-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener imap {
> address =
> port = 1144
> ssl = no
> }
> inet_listener imaps {
> address =
> port = 994
> ssl = yes
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = imap
> service_count = 50
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service imap {
> service_count = 50
> }
> service lmtp {
> executable = lmtp -L
> inet_listener lmtp {
> address =
> port = 10025
> }
> }
> service stats {
> fifo_listener stats-mail {
> mode = 0600
> user = imapd
> }
> }
> ssl_cert = ssl_cipher_list = XX
> ssl_key = # hidden, use -P to show it
> ssl_protocols = X
> userdb {
> args = /etc/dovecot/lookups/ldap-user.conf
> driver = ldap
> }
> userdb {
> args = /etc/dovecot/lookups/xxx.conf
> driver = ldap
> }
>
> Thanks & Regards,
> Naveen
>
>
> Try setting
>
> log_path=/dovecot.log
> info_log_path=$log_path
> debug_log_path=$log_path
>
> ---
> Aki Tuomi
>
>
> ---
> Aki Tuomi
>
>
Setting up expunge rules on a per user basis?
Hi all, I was wondering, is it possible to setup for instance expunge rules on a per user basis, when I am using userdb SQL lookups (or, possibly via post-login scripts) Reading the docs it seems like its possible, but I am not entirely sure about the data I should return, so have any of you done something like this, and could maybe post an example? -- Peter Reinhold
