Re: Current thinking on backups ?
> Le 24 mai 2020 à 14:42, Laura Smith a > écrit : > > Hi, > > What are people doing for backups ? > My current process is LVM snapshot and backup from that to NFS share. > But there seems to be hints around the internet that people use/abuse > "doveadm backup" for backup purposes even though it seems its original > intention was for transferring mailboxes between dovecot instances. > Assuming its ok to "doveadm backup" to an NFS share, is it ok to use "doveadm > backup" when dovecot has replication setup (replication-notify etc.) ? Or > will it interfere ? > Thanks! > Laura This has came up in the past: https://dovecot.org/pipermail/dovecot/2020-February/thread.html#118206 I ended up developing my own system based on forwarding all emails to a program (from which I back-up as they come in.) I am hoping if disaster and/or misfortune were to strike my server, I could simply cat >> back all those files in order (or not come to think of it) in the /var/mail/ (or somewhere even better fit in Postfix.) I am not interested in saving the state of the mailbox as much as all the mails that ever come in (or go out.) Kindest regards, Germain
Re: identify 143 vs 993 clients
On 26 May 2020 4:48:51 AM AEST, mj wrote: >I would then ask them to move over to 993, and finally disable port 143 >altogether. > jumping here with a question, if I use 143 with STARTTLS, and, force TLS/SSL in configuration, that's equivalent from security POV, isn't it? and, same for 110 STARTTLS? Or am I missing something? thanks, V -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: child killed by signal 6
On 25/05/2020 12:06, Aki Tuomi wrote: On 25/05/2020 13:00 Peter Nabbefeld wrote: Hello, from time to time I keep getting problems with some emails causing signal 6. I've already reported those, but it seems not to be easy to find the cause. From the logs, it seems to occur in sieve implementation. I've checked the email envelopes tody by accident, probably this part of my telnet session might help: a11 fetch 1 all * 1 FETCH (RFC822.SIZE 16750 INTERNALDATE "22-May-2020 05:02:34 +" ENVELOPE ("Fri, 22 May 2020 03:46:54 +" "RE: Http2 tomact server taking time in responding when 1st StreamId is a large integer value like 2147483641" (("Prateek Kohli" NIL "prateek.kohli" "ericsson.com.INVALID")) (("Prateek Kohli" NIL "prateek.kohli" "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) NIL NIL """ ") FLAGS (\Seen)) a11 OK FETCH completed a12 fetch 2 all * 2 FETCH (RFC822.SIZE 21146 INTERNALDATE "22-May-2020 06:39:54 +" ENVELOPE ("Fri, 22 May 2020 06:39:35 +" "RE: RST on TCP level sent by Tomcat" (("Arshiya Shariff" NIL "arshiya.shariff" "ericsson.com.INVALID")) (("Arshiya Shariff" NIL "arshiya.shariff" "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("ma...@apache.org" NIL "markt" "apache.org")("M Venkata Pratap M" NIL "m.m.venkata.pratap" "ericsson.com")) NIL " " " ") FLAGS ()) a12 OK FETCH completed The first message causes signal 6, the second does not. Probably the problem is killed by the two consecutive "NIL"s? I'm not an experienced administrator, only managing my private computer, so I don't know the meaning of every envelope field. But might these two "NIL"s cause the abort? BTW, to download all messages from my IMAP account to my private dovecot instance I had to delete the first message, since I couldn't download any other messages from the IMAP folder otherwise. Kind regards Peter Hi! Can you provide the original mail? Optionally processed via https://dovecot.org/tools/maildir-obfuscate.pl ? Also, can you provide 'doveconf -n' output? There is usually some panic message in the logs. We need that as well. Regards, Stephan.
Re: identify 143 vs 993 clients
On 25/05/2020 20:52, Aki Tuomi wrote: You could use https://doc.dovecot.org/settings/core/#login-log-format-elements to log this. Yes! Perfect! Thanks! :-)
Re: identify 143 vs 993 clients
> On 25/05/2020 21:48 mj wrote: > > > Hi, > > I am trying to find a nice way to identify dovecot clients that are > still configured to use port 143 to connect to our mailserver, from the > dovecot logs. > I would then ask them to move over to 993, and finally disable port 143 > altogether. > > When looking at the dovecot logs, it seems this is not logged in any > obvious way. > > Of course I could use netflow etc, but that would not give us usernames, > but IP's, etc. > > So, is there a nice way to somehow indicate in the dovecot logs, if a > client connected on 143 or on 993? > > Thanks! You could use https://doc.dovecot.org/settings/core/#login-log-format-elements to log this. Aki
identify 143 vs 993 clients
Hi, I am trying to find a nice way to identify dovecot clients that are still configured to use port 143 to connect to our mailserver, from the dovecot logs. I would then ask them to move over to 993, and finally disable port 143 altogether. When looking at the dovecot logs, it seems this is not logged in any obvious way. Of course I could use netflow etc, but that would not give us usernames, but IP's, etc. So, is there a nice way to somehow indicate in the dovecot logs, if a client connected on 143 or on 993? Thanks!
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Sorry... openssl x509 -text -noout -in /etc/letsencrypt/live/./fullchain.pem and openssl s_client -connect host:993 Aki > On 25/05/2020 18:52 hanas...@gmail.com wrote: > > > s_client: Option unknown option -trace > *** > x509: Unknown parameter text > > > On 5/25/20 11:49 AM, Aki Tuomi wrote: > > Hi! > > > > Can you do > > > > openssl x509 text -noout > > > and check these things: > > > > your server hostname isn included in SubjectAlternativeNames, and that the > > cert hasn't got MUST-STAPLE attribute? You can see this by looking for > > 1.3.6.1.5.5.7.1.24 > > > > Also, can you provide output of > > > > openssl s_client -connect host:993 -trace > > > > Aki > > > >> On 25/05/2020 18:46 hanas...@gmail.com wrote: > >> > >> > >> Hello Aki and all, > >> > >> The below lines are in the dovecot config file. This seems to be the > >> same as Aki's suggestion. correct? I have also double checked file > >> perms, tried with several new key gens, several versions of thunderbird > >> and created completely new thunderbird profiles. > >> > >> Thank you, > >> > >> ssl_cert = >> ssl_key = >> > >> > >> On 5/25/20 11:11 AM, Aki Tuomi wrote: > >>> The real reason is that you have misconfigured your cert. Alert 42 means > >>> that the *client* consider *server* client untrusted. > >>> > >>> If you are using LE cert you should configure > >>> > >>> ssl_cert= >>> ssl_key= >>> > >>> Aki > >>> > On 25/05/2020 18:01 Hanasaki Jiji wrote: > > > From the config : auth_ssl_require_client_cert = no > GMail empty vcard ... I have no ideas . so sorry. > > Coding snippets. What can I provide for you that will help? > NOTE: it is pretty much the default config from Debian. > > Thank you, > > On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: > > > > On 2020-05-25 02:54, hanas...@gmail.com wrote: > >> Config has > >> ssl_verify_client_cert = no > >> What options might have the client auth turned on? > > > > why does gmail attacht empty vcard info ? > > > > without any config snippes its hard to say what config error is local > > > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > > > is it auth_ssl_require_client_cert = yes > > > > i dont use this auth features to make thunderbird work
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: Hi! Can you do openssl x509 text -noout On 25/05/2020 18:46 hanas...@gmail.com wrote: Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. If you are using LE cert you should configure ssl_cert= On 25/05/2020 18:01 Hanasaki Jiji wrote: From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: On 2020-05-25 02:54, hanas...@gmail.com wrote: Config has ssl_verify_client_cert = no What options might have the client auth turned on? why does gmail attacht empty vcard info ? without any config snippes its hard to say what config error is local https://wiki.dovecot.org/SSL/DovecotConfiguration is it auth_ssl_require_client_cert = yes i dont use this auth features to make thunderbird work <>
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hi! Can you do openssl x509 text -noout On 25/05/2020 18:46 hanas...@gmail.com wrote: > > > Hello Aki and all, > > The below lines are in the dovecot config file. This seems to be the > same as Aki's suggestion. correct? I have also double checked file > perms, tried with several new key gens, several versions of thunderbird > and created completely new thunderbird profiles. > > Thank you, > > ssl_cert = ssl_key = > > On 5/25/20 11:11 AM, Aki Tuomi wrote: > > The real reason is that you have misconfigured your cert. Alert 42 means > > that the *client* consider *server* client untrusted. > > > > If you are using LE cert you should configure > > > > ssl_cert= > ssl_key= > > > Aki > > > >> On 25/05/2020 18:01 Hanasaki Jiji wrote: > >> > >> > >> From the config : auth_ssl_require_client_cert = no > >> GMail empty vcard ... I have no ideas . so sorry. > >> > >> Coding snippets. What can I provide for you that will help? > >> NOTE: it is pretty much the default config from Debian. > >> > >> Thank you, > >> > >> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: > >>> > >>> On 2020-05-25 02:54, hanas...@gmail.com wrote: > Config has > ssl_verify_client_cert = no > What options might have the client auth turned on? > >>> > >>> why does gmail attacht empty vcard info ? > >>> > >>> without any config snippes its hard to say what config error is local > >>> > >>> https://wiki.dovecot.org/SSL/DovecotConfiguration > >>> > >>> is it auth_ssl_require_client_cert = yes > >>> > >>> i dont use this auth features to make thunderbird work
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. If you are using LE cert you should configure ssl_cert= On 25/05/2020 18:01 Hanasaki Jiji wrote: From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: On 2020-05-25 02:54, hanas...@gmail.com wrote: Config has ssl_verify_client_cert = no What options might have the client auth turned on? why does gmail attacht empty vcard info ? without any config snippes its hard to say what config error is local https://wiki.dovecot.org/SSL/DovecotConfiguration is it auth_ssl_require_client_cert = yes i dont use this auth features to make thunderbird work <>
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. If you are using LE cert you should configure ssl_cert= On 25/05/2020 18:01 Hanasaki Jiji wrote: > > > From the config : auth_ssl_require_client_cert = no > GMail empty vcard ... I have no ideas . so sorry. > > Coding snippets. What can I provide for you that will help? > NOTE: it is pretty much the default config from Debian. > > Thank you, > > On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: > > > > On 2020-05-25 02:54, hanas...@gmail.com wrote: > > > Config has > > > ssl_verify_client_cert = no > > > What options might have the client auth turned on? > > > > why does gmail attacht empty vcard info ? > > > > without any config snippes its hard to say what config error is local > > > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > > > is it auth_ssl_require_client_cert = yes > > > > i dont use this auth features to make thunderbird work
Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
>From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen wrote: > > On 2020-05-25 02:54, hanas...@gmail.com wrote: > > Config has > > ssl_verify_client_cert = no > > What options might have the client auth turned on? > > why does gmail attacht empty vcard info ? > > without any config snippes its hard to say what config error is local > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > is it auth_ssl_require_client_cert = yes > > i dont use this auth features to make thunderbird work
Re: child killed by signal 6
> On 25/05/2020 13:00 Peter Nabbefeld wrote: > > > Hello, > > from time to time I keep getting problems with some emails causing > signal 6. I've already reported those, but it seems not to be easy to > find the cause. From the logs, it seems to occur in sieve implementation. > > I've checked the email envelopes tody by accident, probably this part of > my telnet session might help: > > a11 fetch 1 all > * 1 FETCH (RFC822.SIZE 16750 INTERNALDATE "22-May-2020 05:02:34 +" > ENVELOPE ("Fri, 22 May 2020 03:46:54 +" "RE: Http2 tomact server > taking time in responding when 1st StreamId is a large integer value > like 2147483641" (("Prateek Kohli" NIL "prateek.kohli" > "ericsson.com.INVALID")) (("Prateek Kohli" NIL "prateek.kohli" > "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" > "tomcat.apache.org")) (("Tomcat Users List" NIL "users" > "tomcat.apache.org")) NIL NIL > "" " > ") > FLAGS (\Seen)) > a11 OK FETCH completed > > a12 fetch 2 all > * 2 FETCH (RFC822.SIZE 21146 INTERNALDATE "22-May-2020 06:39:54 +" > ENVELOPE ("Fri, 22 May 2020 06:39:35 +" "RE: RST on TCP level sent > by Tomcat" (("Arshiya Shariff" NIL "arshiya.shariff" > "ericsson.com.INVALID")) (("Arshiya Shariff" NIL "arshiya.shariff" > "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" > "tomcat.apache.org")) (("Tomcat Users List" NIL "users" > "tomcat.apache.org")) (("ma...@apache.org" NIL "markt" "apache.org")("M > Venkata Pratap M" NIL "m.m.venkata.pratap" "ericsson.com")) NIL " > " > " > ") > FLAGS ()) > a12 OK FETCH completed > > The first message causes signal 6, the second does not. Probably the > problem is killed by the two consecutive "NIL"s? I'm not an experienced > administrator, only managing my private computer, so I don't know the > meaning of every envelope field. But might these two "NIL"s cause the abort? > > BTW, to download all messages from my IMAP account to my private dovecot > instance I had to delete the first message, since I couldn't download > any other messages from the IMAP folder otherwise. > > Kind regards > > Peter Hi! Can you provide the original mail? Optionally processed via https://dovecot.org/tools/maildir-obfuscate.pl ? Also, can you provide 'doveconf -n' output? Aki
child killed by signal 6
Hello, from time to time I keep getting problems with some emails causing signal 6. I've already reported those, but it seems not to be easy to find the cause. From the logs, it seems to occur in sieve implementation. I've checked the email envelopes tody by accident, probably this part of my telnet session might help: a11 fetch 1 all * 1 FETCH (RFC822.SIZE 16750 INTERNALDATE "22-May-2020 05:02:34 +" ENVELOPE ("Fri, 22 May 2020 03:46:54 +" "RE: Http2 tomact server taking time in responding when 1st StreamId is a large integer value like 2147483641" (("Prateek Kohli" NIL "prateek.kohli" "ericsson.com.INVALID")) (("Prateek Kohli" NIL "prateek.kohli" "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) NIL NIL "" " ") FLAGS (\Seen)) a11 OK FETCH completed a12 fetch 2 all * 2 FETCH (RFC822.SIZE 21146 INTERNALDATE "22-May-2020 06:39:54 +" ENVELOPE ("Fri, 22 May 2020 06:39:35 +" "RE: RST on TCP level sent by Tomcat" (("Arshiya Shariff" NIL "arshiya.shariff" "ericsson.com.INVALID")) (("Arshiya Shariff" NIL "arshiya.shariff" "ericsson.com.INVALID")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("Tomcat Users List" NIL "users" "tomcat.apache.org")) (("ma...@apache.org" NIL "markt" "apache.org")("M Venkata Pratap M" NIL "m.m.venkata.pratap" "ericsson.com")) NIL " " " ") FLAGS ()) a12 OK FETCH completed The first message causes signal 6, the second does not. Probably the problem is killed by the two consecutive "NIL"s? I'm not an experienced administrator, only managing my private computer, so I don't know the meaning of every envelope field. But might these two "NIL"s cause the abort? BTW, to download all messages from my IMAP account to my private dovecot instance I had to delete the first message, since I couldn't download any other messages from the IMAP folder otherwise. Kind regards Peter
Re: Sieve test string and case sensitivity
On 22/05/2020 15:37, Kim Minh Kaplan wrote: Hello, I have found that Pigeonhole comes with an extensive testsuite against the Sieve RFCs. As I am working on a personal Sieve project I decided to run my tool on this testsuite and it stumbled on "Basic assignment: string test failed"[1]. Pigeonhole defaults to comparator "i;octet"[2] for the string test. But Sieve says that the default comparator should be "i;ascii-casemap"[3]. Did I miss some other part of the standard? Can you point me in the right direction? Thank you, Kim Minh. [1]: https://github.com/dovecot/pigeonhole/blob/master/tests/extensions/variables/basic.svtest#L102 [2]: https://github.com/dovecot/pigeonhole/blob/master/src/lib-sieve/plugins/variables/tst-string.c#L92 [3]: https://tools.ietf.org/html/rfc5228#section-2.7.3 Looks like you found an ancient bug. Tracking internally as DOP-1902. Regards, Stephan.
Re: Sieve addheader directive works only partially
On 19/05/2020 13:31, Peter Folta wrote: Hi Stephan, Sorry for the delay - this was on version 2.3.4.1 (f79e8e7e4). Relevant bits from the config: # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-9-amd64 x86_64 Debian 10.4 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader imapsieve vnd.dovecot.imapsieve sieve_extensions = +editheader sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms Thanks Peter Yeah, it's old. Try upgrading. If you can't, you'll be stuck with an explicit keep workaround for now. Regards, Stephan. On May 15, 2020, at 3:49 PM, Stephan Bosch wrote: Op 13-5-2020 om 20:10 schreef Peter Folta: require “editheader”; if address :is "From” “special-sen...@example.com” { addheader “X-My-Custom-Header” “Header Value"; } I have enabled the editheader extension in my Dovecot configuration: plugin { … sieve_extensions = +editheader } What version is this? Please provide output of `dovecot -n`. This smells a lot like an age-old bug that was fixed long ago. It works fine with master. Regards, Stephan.