Re: Packages for CentOS 8
On 1 Jun 2020, at 17:02, Peter wrote: On 2/06/20 1:49 am, Aki Tuomi wrote: we are still waiting for CentOS 8 Repo for current Dovecot version from here https://repo.dovecot.org/. Do you have an idea when it will come? Who does it maintain? Is it the Dovecot team? Thanks, Tobias Yes, it's maintained by us. We are working on it and hopefully we are able to publish next release for CentOS8. There are unfortunately some package dependency issues which are not yet fixed in CentOS8, so let's hope those are fixed before we do our release. Aki: If you're talking about quota-devel it has been available now from CentOS in the Devel repo for a while. If you're talking about tcp_wrappers-devel, that is not available and I don't think it ever will be because CentOS 8 has obsoleted tcp wrappers. I have simply disabled tcp wrappers functionality in my GhettoForge build. I'm not aware of any other missing dependencies. Tobias: You are more than welcome to use the packages from GhettoForge which are now in the gf-plus repo. I would love to hear feedback if you have any issues with them. We will have a look at gf-plus, thank you! Tobias
Re: Packages for CentOS 8
On 2/06/20 5:18 am, Aki Tuomi wrote: Aki: If you're talking about quota-devel it has been available now from CentOS in the Devel repo for a while. If you're talking about tcp_wrappers-devel, that is not available and I don't think it ever will be because CentOS 8 has obsoleted tcp wrappers. I have simply disabled tcp wrappers functionality in my GhettoForge build. I'm not aware of any other missing dependencies. We are adding zstd compression support in 2.3.11, which was nicely broken by redhat/centos in 8.1, and will be fixed in 8.2. That makes sense. At the moment 2.3.10.1 is packaged in GhettoForge, and in that case I may just have to wait until 8.2 drops to release 2.3.11, or if I can selectively disable zstd in the build I can do that until 8.2 drops and then rebuild. Peter
Re: Packages for CentOS 8
> On 01/06/2020 18:02 Peter wrote: > > > On 2/06/20 1:49 am, Aki Tuomi wrote: > >> we are still waiting for CentOS 8 Repo for current Dovecot version from > >> here https://repo.dovecot.org/. Do you have an idea when it will come? > >> Who does it maintain? Is it the Dovecot team? > >> > >> Thanks, > >> > >> Tobias > > > > Yes, it's maintained by us. We are working on it and hopefully we are able > > to publish next release for CentOS8. There are unfortunately some package > > dependency issues which are not yet fixed in CentOS8, so let's hope those > > are fixed before we do our release. > > Aki: If you're talking about quota-devel it has been available now from > CentOS in the Devel repo for a while. If you're talking about > tcp_wrappers-devel, that is not available and I don't think it ever will > be because CentOS 8 has obsoleted tcp wrappers. I have simply disabled > tcp wrappers functionality in my GhettoForge build. I'm not aware of > any other missing dependencies. > > Tobias: You are more than welcome to use the packages from GhettoForge > which are now in the gf-plus repo. I would love to hear feedback if you > have any issues with them. > > > Peter We are adding zstd compression support in 2.3.11, which was nicely broken by redhat/centos in 8.1, and will be fixed in 8.2. Aki
Re: Packages for CentOS 8
On 2/06/20 1:49 am, Aki Tuomi wrote: we are still waiting for CentOS 8 Repo for current Dovecot version from here https://repo.dovecot.org/. Do you have an idea when it will come? Who does it maintain? Is it the Dovecot team? Thanks, Tobias Yes, it's maintained by us. We are working on it and hopefully we are able to publish next release for CentOS8. There are unfortunately some package dependency issues which are not yet fixed in CentOS8, so let's hope those are fixed before we do our release. Aki: If you're talking about quota-devel it has been available now from CentOS in the Devel repo for a while. If you're talking about tcp_wrappers-devel, that is not available and I don't think it ever will be because CentOS 8 has obsoleted tcp wrappers. I have simply disabled tcp wrappers functionality in my GhettoForge build. I'm not aware of any other missing dependencies. Tobias: You are more than welcome to use the packages from GhettoForge which are now in the gf-plus repo. I would love to hear feedback if you have any issues with them. Peter
locking question
We're running dovecot 2.3.10 on two different servers (two different environments). Both very similarly configured (sendmail and procmail for mail delivery); same OS and patch levels. One environment has nearly 10,000 users and hasn't seen problems. The other environment has just a handful of users, but one user is very active with email and has a fairly complicated procmail configuration. I'm having ongoing mail file locking problems with that one user... Procmail says it's using dotlocking and fcntl: procmail v3.22 2001/09/10 Locking strategies: dotlocking, fcntl() I'm using defaults for dovecot: #mbox_read_locks = fcntl #mbox_write_locks = dotlock fcntl I have seen this a number of times in dovecot's logs. This signifies a start of locking problems with a mailbox. Mailbox aa_checkme_second: fcntl() failed with mbox: No locks available Procmail's logs show this: procmail: Locking "mail/aa_checkme_second.lock" procmail: Assigning "LASTFOLDER=mail/aa_checkme_second" procmail: Opening "mail/aa_checkme_second" procmail: Acquiring kernel-lock procmail: Kernel-lock failed procmail: Unlocking "mail/aa_checkme_second.lock" These errors were not concurrent; dovecot's errors happened first. I've been suspicious that there was a locking conflict of some kind. My only remaining question on that front is about the read locks. Is it worth trying dotlock for it instead of fcntl? If that's not the problem, then could we be running into some system limitations or a bug in the kernel or mailbox storage? The server running dovecot is Centos 6.10. The mailbox storage is on Isilon OneFS 8.1.2.0. I should probably increase dovecot's logging to see if anything else jumps out at me. thank you for any suggestions. Tom Lieuallen Oregon State Univesity
Re: Problems with userdb and mail deliveribility
On Sun, May 17, 2020 at 01:00:53PM -0600, @lbutlr wrote: > On 17 May 2020, at 11:08, Chris Bennett > wrote: > > > > I realize that I dumpimg a lot of info out there. > > But not what we need. > > doveconf -n > postfix -n (or equivalent) > > What MTA you are using (postfix, etc) > > Errors in mail.log showing the failures. > > > > I can shoot for system users, but I really want to get the virtual users > > working. This is a bit of a project. > > user=vmail delay=2h50m40s result=TempFail stat=Error (temporary failure: > "mail.lmtp: LMTP server error: 550 5.1.1 > User doesn't exist: > > Probably your LMTP lookup is malformed, probably in your MTA. > > lmtp(rodeo)<45419>: Error: > mkdir(/var/vmail//rodeo/Maildir) failed: Permission denied (euid=1000(rodeo) > egid=1000(rodeo) missing +w perm: /var, dir owned by 0:0 mode=0755) > > You have permission issues. vmail (and all files and folders in vmail) should > be owned by the vmail user, not by root. > Thanks. Sorry for such a delay in responding, but I was out in the boonies for awhile. I am using OpenSMTPD. The problems for this were indeed as you suggested and with the passwd files. This is all working now, but I have some other problems which I will work on too. I will continue to work on those and ask another thread if I cannot get that worked out. Thanks again. Chris Bennett
Re: Packages for CentOS 8
> On 01/06/2020 16:40 Tobias Kirchhofer wrote: > > > Hi Peter, > > On 9 Apr 2020, at 12:53, Peter wrote: > > > I've now successfully built Dovecot packages for CentOS 8 that do not > > have the quota support stripped out. I was able to do this because > > CentOS has now finally shipped the quota-devel package as well as the > > other -devel packages that were previously missing from CentOS 8. > > > > For those of you who are interested they are in the GhettoForge > > Testing repo for el8 at: > > http://mirror.ghettoforge.org/distributions/gf/el/8/testing/x86_64/ > > > > These are untested so let me know if anyone experiences any issues > > with them. > > we are still waiting for CentOS 8 Repo for current Dovecot version from > here https://repo.dovecot.org/. Do you have an idea when it will come? > Who does it maintain? Is it the Dovecot team? > > Thanks, > > Tobias Yes, it's maintained by us. We are working on it and hopefully we are able to publish next release for CentOS8. There are unfortunately some package dependency issues which are not yet fixed in CentOS8, so let's hope those are fixed before we do our release. Ak
Re: Packages for CentOS 8
Hi Peter, On 9 Apr 2020, at 12:53, Peter wrote: I've now successfully built Dovecot packages for CentOS 8 that do not have the quota support stripped out. I was able to do this because CentOS has now finally shipped the quota-devel package as well as the other -devel packages that were previously missing from CentOS 8. For those of you who are interested they are in the GhettoForge Testing repo for el8 at: http://mirror.ghettoforge.org/distributions/gf/el/8/testing/x86_64/ These are untested so let me know if anyone experiences any issues with them. we are still waiting for CentOS 8 Repo for current Dovecot version from here https://repo.dovecot.org/. Do you have an idea when it will come? Who does it maintain? Is it the Dovecot team? Thanks, Tobias
Re: auth_policy_server vs client_id and x-originating-ip
> On 31. May 2020, at 15.47, Zdeněk Zámečník wrote:
>
> I run into troubles when trying to set up auth_policy_server in Dovecot
> 2.3.10.1. It works almost as expected but I cannot get client ID in this
> process.
>
> By setting up "imap_id_log=*" I see in log that Dovecot gets details about
> mail client like name and version:
>
> May 31 14:20:58 mail dovecot:
> imap(x...@example.xxx)<24796>: ID sent: name=Thunderbird,
> version=68.8.1
>
>
> But the auth_policy_server is getting all details except this ID, it's empty:
>
> May 31 14:20:58 mail auth-policy[10357]: {
> May 31 14:20:58 mail auth-policy[10357]: device_id: '',
> May 31 14:20:58 mail auth-policy[10357]: login: 'x...@example.xxx',
> May 31 14:20:58 mail auth-policy[10357]: protocol: 'imap',
> May 31 14:20:58 mail auth-policy[10357]: pwhash: '097a',
> May 31 14:20:58 mail auth-policy[10357]: remote: '1.2.3.4',
> May 31 14:20:58 mail auth-policy[10357]: tls: true
> May 31 14:20:58 mail auth-policy[10357]: }
>
>
> However in some cases I see that client_id is passed to auth_policy_server:
>
> May 31 14:27:41 mail auth-policy[10357]: {
> May 31 14:27:41 mail auth-policy[10357]: device_id: '"name"
> "Outlook-iOS-Android" "version" "2.0"',
> May 31 14:27:41 mail auth-policy[10357]: login: 'y...@example.xxx',
> May 31 14:27:41 mail auth-policy[10357]: protocol: 'imap',
> May 31 14:27:41 mail auth-policy[10357]: pwhash: '0b63',
> May 31 14:27:41 mail auth-policy[10357]: remote: '3.4.5.6',
> May 31 14:27:41 mail auth-policy[10357]: tls: true
> May 31 14:27:41 mail auth-policy[10357]: }
>
This completely depends on the imap client. Some clients send IMAP ID pre-login
and in that case it can be relayed to auth policy server.
Some clients send IMAP ID post-login and then auth policy stuff is already
completed without the information.
Sami
