Re: maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27

[Christian Balzer]

Hello,

On Wed, 5 Feb 2020 08:58:29 +0200 Aki Tuomi wrote:

> Can you provide full doveconf -n output? Also how are you delivering mail?
>
As pretty much implied, Exim is delivering mails, w/o problems.
And if it gets to create the home directory, everything is fine
and maildirsize gets put there.

But if the first access is via the newer dovecot the bogus maildirfolder
file gets created in the home directory and prevents Exim (and itself?)
from putting a maildirsize there.

My bet is that that something in the auto-create logic changed or the
"mail_home" needing to be set explicitly instead of defaulting to
mail_location if unset, etc.

Redacted and relevant parts only: 
---
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.2 
# Hostname: testbox.gol.com
auth_default_realm = gol.com
default_client_limit = 16384
default_process_limit = 1024
first_valid_uid = 8
imap_hibernate_timeout = 30 secs
imap_idle_notify_interval = 8 mins
imap_logout_format = in=%i out=%o head=<%{fetch_hdr_count}> del=<%{deleted}> 
exp=<%{expunged}> trash=<%{trashed}> session=<%{session}>
login_trusted_networks = some.net.work
mail_gid = 8
mail_location = maildir:%h
mail_privileged_group = mail
mail_uid = 8
mailbox_idle_check_interval = 1 mins
maildir_very_dirty_syncs = yes

passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  quota = maildir:User
  quota_rule = ?:storage=200M
  quota_rule2 = Trash:storage=+50M
  sieve = file:~/sieve;active=~/.dovecot.sieve
}

userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol imap {
  mail_max_userip_connections = 40
  mail_plugins = quota imap_quota
}
protocol pop3 {
  mail_plugins = quota
}
---

Regards,

Christian
> Aki
> 
> On 5.2.2020 4.24, Christian Balzer wrote:
> >
> > Hello,
> >
> > as the tin says.
> > I have several servers running 2.2.27 (Debian stretch) and am adding new
> > ones with 2.3.4.1 (Debian buster).
> > The configs were upgraded where needed but neither 10-mail.conf nor
> > 15-mailboxes.conf were changed. 
> > 15-mailboxes is all commented out (I guess the default is auto-create,
> > which isn't documented anywhere I could find) and the only non-comments in
> > 10-mail.conf are
> > ---
> > mail_location = maildir:%h
> > mail_privileged_group = mail
> > ---
> >
> > So yes, no namespaces are explicitly defined/declared.
> >
> >
> > The 2.3.4.1 version wrongly creates a maildirfolder file in the home
> > directory (maildir root), preventing exim from correctly creating/using
> > maildirsize.
> >
> > a) Is this expected behavior and can it be changed?
> > b) How can I disable inbox auto-creation if a) doesn't pan out?
> >
> > Thanks,
> >
> > Christian  
> 


-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Rakuten Mobile Inc.

Re: auth-client via SSL?

[Aki Tuomi]

On 4.2.2020 13.46, Heiko Schlittermann wrote:
> Hi, I'm resending this message, still hoping for an answer.
>
> Hello,
>
> does dovecot support tls-on-connect for AF INET based auth-client
> sockets?
>
> Rationale behind my question:
>
> Exim can use the Dovecot auth-client socket to delegate the
> SMTP-AUTH authentication to Dovecot.
>
> Currently Exim supports the AF UNIX only for this socket.  Jeremy makes
> progress in extending this to use AF INET sockets too.
>
> While it works with clear text communication already, during testing I
> was to setup the auch-client socket as an TLS server (tls-on-connect).
> It doesn't seem to work as I'd expect. The socket still offers
> clear-text only.
>
> Here my configuration snippets regarding this socket
>
>ssl = yes
>ssl_cert = ssl_key = 
> service auth {
> …
> unix_listener auth-client {
> group = _exim
> mode = 0660
> }
> inet_listener auth-client {
> name = exim
> port = 4711
> ssl = yes
> }
> }
>
> SSL connections to :993 work as expected.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann


Hi!

This is not (yet) implemented. You can probably workaround with haproxy
/ stunnel for now.

Aki

Re: maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27

[Aki Tuomi]

Can you provide full doveconf -n output? Also how are you delivering mail?

Aki

On 5.2.2020 4.24, Christian Balzer wrote:
>
> Hello,
>
> as the tin says.
> I have several servers running 2.2.27 (Debian stretch) and am adding new
> ones with 2.3.4.1 (Debian buster).
> The configs were upgraded where needed but neither 10-mail.conf nor
> 15-mailboxes.conf were changed. 
> 15-mailboxes is all commented out (I guess the default is auto-create,
> which isn't documented anywhere I could find) and the only non-comments in
> 10-mail.conf are
> ---
> mail_location = maildir:%h
> mail_privileged_group = mail
> ---
>
> So yes, no namespaces are explicitly defined/declared.
>
>
> The 2.3.4.1 version wrongly creates a maildirfolder file in the home
> directory (maildir root), preventing exim from correctly creating/using
> maildirsize.
>
> a) Is this expected behavior and can it be changed?
> b) How can I disable inbox auto-creation if a) doesn't pan out?
>
> Thanks,
>
> Christian

maildirfolder file created in maildir root during auto-creation with 2.3.4.1 but not 2.2.27

[Christian Balzer]

Hello,

as the tin says.
I have several servers running 2.2.27 (Debian stretch) and am adding new
ones with 2.3.4.1 (Debian buster).
The configs were upgraded where needed but neither 10-mail.conf nor
15-mailboxes.conf were changed. 
15-mailboxes is all commented out (I guess the default is auto-create,
which isn't documented anywhere I could find) and the only non-comments in
10-mail.conf are
---
mail_location = maildir:%h
mail_privileged_group = mail
---

So yes, no namespaces are explicitly defined/declared.


The 2.3.4.1 version wrongly creates a maildirfolder file in the home
directory (maildir root), preventing exim from correctly creating/using
maildirsize.

a) Is this expected behavior and can it be changed?
b) How can I disable inbox auto-creation if a) doesn't pan out?

Thanks,

Christian
-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Rakuten Mobile Inc.

Re: Strategy for fts

[Peter Chiochetti]

Am 04.02.20 um 12:37 schrieb Peter Chiochetti:

Am 04.02.20 um 11:46 schrieb Francis Augusto Medeiros-Logeay:

Hi Philon,

Thanks a lot for your thoughts!

Can I ask you if using Solr improved things for you? I have a mailbox 
with 15 years of e-mail and searching things take a long time.


Here, SOLR itself searches a quarter million mails in split seconds and 
returns very good results. That is on a low memory average machine.



Looking at the facts, it is closer to half a million mails in a 160GB 
Maildir, lots of trash too, but no one to sort it out. SOLR index is 1.2 
GB in size on disk. A tremendous ratio IMO.


In dovecot terms this is likely considered a small installation. We are 
a small team too :) and quite happy with the generous gift of dovecot, 
and Thunderbird BTW.



Only problem is search through e.g. nested folders from IMAP: something 
like ESEARCH would be nice - https://tools.ietf.org/html/rfc6237


PS: There is powerful client side search in some MUAs, yet sometimes 
serverside comes handy.


--
peter

Submission service, XCLIENT and HELO

[Riccardo Alfieri]

Hello,

I'm using version 2.3.4.1 and I have a fairly simple setup based on a 
submission server where I run dovecot and a relay server with postfix. 
The relevant part of dovecot's config is as follows (sanitized):


hostname = submission.domain.local submission_client_workarounds = 
whitespace-before-path submission_relay_host = 192.168.1.1 <- postfix 
submission_relay_port = 25 submission_relay_trusted = yes


Postfix is configured as follows:

smtpd_authorized_xclient_hosts = 192.168.1.2 <- submission server

Everything apparently works as expected, meaning that I can correctly 
authenticate on the submission server and the email is relayed to 
postfix, where I can see the original MUA's IP correctly logged.


There is, however, a little problem with the client HELO string that is 
not being forwarded to postfix. Instead of having the MUA HELO, I see 
the submission server HELO, as shown in the following tcpdump taken on 
the postfix server:


220 postfix.domain.local ESMTP Postfix (Ubuntu) EHLO 
submission.domain.local 250-postfix.domain.local 250-PIPELINING 250-SIZE 
1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH DIGEST-MD5 CRAM-MD5 
NTLM PLAIN LOGIN 250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN 
250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN DESTADDR 
DESTPORT 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 SMTPUTF8 
XCLIENT ADDR=192.168.1.3 PORT=57116 LOGIN=riccardo-at-domain.local 220 
postfix.domain.local ESMTP Postfix (Ubuntu) EHLO submission.domain.local 
250-postfix.domain.local 250-PIPELINING ...


As you can see the first EHLO is correctly done with the submission 
server's hostname, but the subsequent one after XCLIENT is -still- the 
same hostname, while I was expecting that to be the one forwarded from 
the MUA, or possibly a "HELO=somethingelse" in the XCLIENT line.


I've looked almost everywhere and I couldn't find a way to make dovecot 
use the MUA's HELO string. The question I'm asking is if there is a way 
to have the MUA's HELO forwarded to the relay server in some way, or if 
this is a bug or an expected behaviour.


Thanks for any help you could give

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: auth-client via SSL?

[Heiko Schlittermann]

Hi, I'm resending this message, still hoping for an answer.

Hello,

does dovecot support tls-on-connect for AF INET based auth-client
sockets?

Rationale behind my question:

Exim can use the Dovecot auth-client socket to delegate the
SMTP-AUTH authentication to Dovecot.

Currently Exim supports the AF UNIX only for this socket.  Jeremy makes
progress in extending this to use AF INET sockets too.

While it works with clear text communication already, during testing I
was to setup the auch-client socket as an TLS server (tls-on-connect).
It doesn't seem to work as I'd expect. The socket still offers
clear-text only.

Here my configuration snippets regarding this socket

   ssl = yes
   ssl_cert = 

signature.asc
Description: PGP signature

Re: Strategy for fts

[Peter Chiochetti]

Am 04.02.20 um 11:46 schrieb Francis Augusto Medeiros-Logeay:

Hi Philon,

Thanks a lot for your thoughts!

Can I ask you if using Solr improved things for you? I have a mailbox 
with 15 years of e-mail and searching things take a long time.


Here, SOLR itself searches a quarter million mails in split seconds and 
returns very good results. That is on a low memory average machine.


If you dont mind the standard, you can change the schema, so headers 
(from, to) get indexed in body text. That can help narrowing results.


Only problem is search through e.g. nested folders from IMAP: something 
like ESEARCH would be nice - https://tools.ietf.org/html/rfc6237



Peter



On 04.02.2020 09:39, Philon wrote:

Hi Francis,

next to fts-solr there was fts-lucene. But that Lucene there seems
heavily outdated why the Dovecot docs also suggest using Solr.
Elasticsearch probably is similar to Solr but the later is maintained
by Dovecot team.

I started with downloading the Solr binary distribution to Debian with
JRE preinstalled and things were running like after 10 min. Yes it’s a
bit more complicated to find the schema and edit things like header
size (in tips section). It’s running quite nicely since then and has
zero maintenance.


I will try again - I kept getting some weird errors, so I don't know if 
that's why I wasn't seing much of improvement.




As FTS indexes are separate in external Solr instance I’d guess that
it won’t interfere with dsync. What I don’t know is if dsync’ing would
trigger indexing. This brings me to wonder how one could actually
replicate the Solr instance!?


Good question. But what I thought about doing was to install FTS on my 
backup instance, and if things go fine, then I install an FTS instance 
on my production server - that is, if one doesn't interfere with the other.


I will give Solr another shot - my worries are mostly if Solr is 
supported on ARM (my prod instance is running on ARM) - I know 
Elasticsearch has an ARM build.


Ii thought about the Xapian engine, but since it requires dovecot 2.3, I 
will have to wait.


Best,

Francis




Philon

On 31 Jan 2020, at 17:24, Francis Augusto Medeiros-Logeay 
 wrote:


Hi there,

I got successfully to replicate my mail server to another dovecot 
install using dsync, mainly for redundancy, and it works great.


I want to try to install fts, as some of the mailboxes have tens of 
thousands of messages, and it takes minutes to get some results when 
searching via IMAP on a Roundcube interface.


I want to experiment with fts-solr first, and firstly on my redundant 
server, ie., not on my main dovecot install. Is it ok to do this? I 
ask because I am afraid of how this whole reindexing on the redundant 
install will affect the production server.


Also, any tips on something else than fts-solr? I tried it once, but 
it was so hard to get it right, so many configurations, java, etc., 
that I'd rather try something else. I also could try fts-elastic or 
something like that, but, again, having to maintain an elasticsearch 
install might use more resources than I think is worth. Any thoughts 
on that?


Best,

--
Francis

Re: Strategy for fts and Replication

[Christian Kivalo]

On February 4, 2020 11:46:31 AM GMT+01:00, Francis Augusto Medeiros-Logeay 
 wrote:
>Hi Philon,
>
>Thanks a lot for your thoughts!
>
>Can I ask you if using Solr improved things for you? I have a mailbox 
>with 15 years of e-mail and searching things take a long time.
It a vast improvement, more or less instant results. 
>On 04.02.2020 09:39, Philon wrote:
>> Hi Francis,
>> 
>> next to fts-solr there was fts-lucene. But that Lucene there seems
>> heavily outdated why the Dovecot docs also suggest using Solr.
>> Elasticsearch probably is similar to Solr but the later is maintained
>> by Dovecot team.
>> 
>> I started with downloading the Solr binary distribution to Debian
>with
>> JRE preinstalled and things were running like after 10 min. Yes it’s
>a
>> bit more complicated to find the schema and edit things like header
>> size (in tips section). It’s running quite nicely since then and has
>> zero maintenance.
>
>I will try again - I kept getting some weird errors, so I don't know if
>
>that's why I wasn't seing much of improvement.
>> 
>> As FTS indexes are separate in external Solr instance I’d guess that
>> it won’t interfere with dsync. What I don’t know is if dsync’ing
>would
>> trigger indexing. This brings me to wonder how one could actually
>> replicate the Solr instance!?
>
>Good question. But what I thought about doing was to install FTS on my 
>backup instance, and if things go fine, then I install an FTS instance 
>on my production server - that is, if one doesn't interfere with the 
>other.
>
>I will give Solr another shot - my worries are mostly if Solr is 
>supported on ARM (my prod instance is running on ARM) - I know 
>Elasticsearch has an ARM build.
>
>Ii thought about the Xapian engine, but since it requires dovecot 2.3,
>I 
>will have to wait.
>
>Best,
>
>Francis
>
>
>> 
>> Philon
>> 
>>> On 31 Jan 2020, at 17:24, Francis Augusto Medeiros-Logeay 
>>>  wrote:
>>> 
>>> Hi there,
>>> 
>>> I got successfully to replicate my mail server to another dovecot 
>>> install using dsync, mainly for redundancy, and it works great.
>>> 
>>> I want to try to install fts, as some of the mailboxes have tens of 
>>> thousands of messages, and it takes minutes to get some results when
>
>>> searching via IMAP on a Roundcube interface.
>>> 
>>> I want to experiment with fts-solr first, and firstly on my
>redundant 
>>> server, ie., not on my main dovecot install. Is it ok to do this? I 
>>> ask because I am afraid of how this whole reindexing on the
>redundant 
>>> install will affect the production server.
>>> 
>>> Also, any tips on something else than fts-solr? I tried it once, but
>
>>> it was so hard to get it right, so many configurations, java, etc., 
>>> that I'd rather try something else. I also could try fts-elastic or 
>>> something like that, but, again, having to maintain an elasticsearch
>
>>> install might use more resources than I think is worth. Any thoughts
>
>>> on that?
>>> 
>>> Best,
>>> 
>>> --
>>> Francis
>>> 

-- 
Christian Kivalo

Re: Strategy for fts and Replication

[Francis Augusto Medeiros-Logeay]

Hi Philon,

Thanks a lot for your thoughts!

Can I ask you if using Solr improved things for you? I have a mailbox 
with 15 years of e-mail and searching things take a long time.


On 04.02.2020 09:39, Philon wrote:

Hi Francis,

next to fts-solr there was fts-lucene. But that Lucene there seems
heavily outdated why the Dovecot docs also suggest using Solr.
Elasticsearch probably is similar to Solr but the later is maintained
by Dovecot team.

I started with downloading the Solr binary distribution to Debian with
JRE preinstalled and things were running like after 10 min. Yes it’s a
bit more complicated to find the schema and edit things like header
size (in tips section). It’s running quite nicely since then and has
zero maintenance.


I will try again - I kept getting some weird errors, so I don't know if 
that's why I wasn't seing much of improvement.




As FTS indexes are separate in external Solr instance I’d guess that
it won’t interfere with dsync. What I don’t know is if dsync’ing would
trigger indexing. This brings me to wonder how one could actually
replicate the Solr instance!?


Good question. But what I thought about doing was to install FTS on my 
backup instance, and if things go fine, then I install an FTS instance 
on my production server - that is, if one doesn't interfere with the 
other.


I will give Solr another shot - my worries are mostly if Solr is 
supported on ARM (my prod instance is running on ARM) - I know 
Elasticsearch has an ARM build.


Ii thought about the Xapian engine, but since it requires dovecot 2.3, I 
will have to wait.


Best,

Francis




Philon

On 31 Jan 2020, at 17:24, Francis Augusto Medeiros-Logeay 
 wrote:


Hi there,

I got successfully to replicate my mail server to another dovecot 
install using dsync, mainly for redundancy, and it works great.


I want to try to install fts, as some of the mailboxes have tens of 
thousands of messages, and it takes minutes to get some results when 
searching via IMAP on a Roundcube interface.


I want to experiment with fts-solr first, and firstly on my redundant 
server, ie., not on my main dovecot install. Is it ok to do this? I 
ask because I am afraid of how this whole reindexing on the redundant 
install will affect the production server.


Also, any tips on something else than fts-solr? I tried it once, but 
it was so hard to get it right, so many configurations, java, etc., 
that I'd rather try something else. I also could try fts-elastic or 
something like that, but, again, having to maintain an elasticsearch 
install might use more resources than I think is worth. Any thoughts 
on that?


Best,

--
Francis


0xEE41D33F.asc
Description: application/pgp-keys

Re: Strategy for fts and Replication

[Philon]

Hi Francis,

next to fts-solr there was fts-lucene. But that Lucene there seems heavily 
outdated why the Dovecot docs also suggest using Solr. Elasticsearch probably 
is similar to Solr but the later is maintained by Dovecot team.

I started with downloading the Solr binary distribution to Debian with JRE 
preinstalled and things were running like after 10 min. Yes it’s a bit more 
complicated to find the schema and edit things like header size (in tips 
section). It’s running quite nicely since then and has zero maintenance.

As FTS indexes are separate in external Solr instance I’d guess that it won’t 
interfere with dsync. What I don’t know is if dsync’ing would trigger indexing. 
This brings me to wonder how one could actually replicate the Solr instance!?


Philon

> On 31 Jan 2020, at 17:24, Francis Augusto Medeiros-Logeay  
> wrote:
> 
> Hi there,
> 
> I got successfully to replicate my mail server to another dovecot install 
> using dsync, mainly for redundancy, and it works great.
> 
> I want to try to install fts, as some of the mailboxes have tens of thousands 
> of messages, and it takes minutes to get some results when searching via IMAP 
> on a Roundcube interface.
> 
> I want to experiment with fts-solr first, and firstly on my redundant server, 
> ie., not on my main dovecot install. Is it ok to do this? I ask because I am 
> afraid of how this whole reindexing on the redundant install will affect the 
> production server.
> 
> Also, any tips on something else than fts-solr? I tried it once, but it was 
> so hard to get it right, so many configurations, java, etc., that I'd rather 
> try something else. I also could try fts-elastic or something like that, but, 
> again, having to maintain an elasticsearch install might use more resources 
> than I think is worth. Any thoughts on that?
> 
> Best,
> 
> --
> Francis
>