Re: Some questions about mail_crypt setups
On 2021-02-22 2:25 am, Aki Tuomi wrote: > On 22/02/2021 00:20 deano-dovecot@areyes.comwrote: Some questions about > mail_crypt setups I have global mail encryption working nicely, and > replication works nicely between two systems. The main problem is that the > private and public keys are *right there* on the server in > /etc/dovecot/private ... Fine for a completely controlled system, but not so > fine when on a rented VPS etc. When are the keys read in by dovecot ? Are > they ever read in again while dovecot is running, or does it cache them in > ram until dovecot is restarted ? Would it be possible for dovecot to read the > keys as output from a script ? I'm thinking of a small script that would > reach out to an authentication service like Authy or Okta or similar. Admin > gets an alert on their phone, taps OK, UNLOCK and the two keys are returned > to the script, which then hands them back to dovecot and away it goes. The > mail_crypt config normally contains mail_crypt_global_private_key = > Recently one solution used was to provide per-user global keypair, which is > used to encrypt everything for a user. This can be easier than using the > managed keys and encrypting the user's key with password. Any examples around ? DC
Re: doveadm sync different local vs remote account/mailbox name
Following up on my own post - partial potential solution, and additional questions. So, it *looks* like using something like "auth_username_format = %Ln" on the old server dovecot config will fix the problem I outlined below. (I still need to try it, and since it's a production server, I need to be careful when/how I do that.) But this doesn't solve a similar issue I can certainly see happening. Lets say, on the new server and old server, I'm actually syncing different accounts. Say on the old server it's joes But on the new server, it's sallys (Joe decided they'd rather be called Sally.) So, I'm trying to sync the joes mailbox on the old system with the sallys mailbox on the new one. Is there a way that handles that? And if so, it would also allow me to solve this with the problem outlined in the prior post by supplying the source and destination mailboxes individually / separately. Thanks again! -Greg I'm, trying to sync/backup mailboxes from a current dovecot instance to a new server. But the old server has real system accounts. The new server has virtual users. And the account/user-name is different. Example: Joe Sixpack is joes (on the old system) but is j...@sixpack.org (on the new system.) I'm using something like this to attempt the sync doveadm -o mail_fsync=never backup -R -u j...@sixpack.org imapc: This works from the new system, as it recognizes the user with a full @domain.com username - but the old system doesn't know who j...@sixpack.org is - and just wants joes. I don't see a way to specify the remote account username independently from the local one. What's the best way to handle this? TIA -Greg
doveadm sync different local vs remote account/mailbox name
I'm, trying to sync/backup mailboxes from a current dovecot instance to a new server. But the old server has real system accounts. The new server has virtual users. And the account/user-name is different. Example: Joe Sixpack is joes (on the old system) but is j...@sixpack.org (on the new system.) I'm using something like this to attempt the sync doveadm -o mail_fsync=never backup -R -u j...@sixpack.org imapc: This works from the new system, as it recognizes the user with a full @domain.com username - but the old system doesn't know who j...@sixpack.org is - and just wants joes. I don't see a way to specify the remote account username independently from the local one. What's the best way to handle this? TIA -Greg
Re: BUG report
On 21 Feb 2021, at 06:19, Oleg Pyzin wrote: > I've compiled Dovecot on a macmini G4 PPC from ports, What OS version are you running on it? -- "Are you pondering what I'm pondering?" "I think so, Brain. But does 'Chunk o' Cheesy's' deliver packing material?"
Re: Policy on folder's name and path's length
Ping Original Message On Feb 18, 2021, 08:49, Rupert Gallagher < r...@protonmail.com> wrote: Hello, Users can be really good at hanging everybody when you give them enough roope. I spotted a number of problems that I think are of interest to everybody and need mitigation. # length of path A busy Windows user wrote enough mail subfolders, and folder names with soo many characters, that exceed Windows maximum path length. To avoid taxing the mail server, their mail client (Thunderbird) is configured to keep a local copy of emails. I need to enforce a policy on the maximum path length they can create, and the maximum number of characters on any given folder name. # forbidden characters Another problem folder names was the presence of white spaces, note the plural, on both the beginning and end of folder names. For example, to emphasize the importance of folders, the user added white spaces in front of names: > Must be at the top > Very important > A bit less important >Normal stuff And to add insult to injury they wrote spaces at the end of folder names: > This is a folder name with two hidden spaces I need to enfoce a policy that forbids the use white spaces at the beginning and end of folder names, as well as the use of repeated characters: > I spotted your policy and found this new trick # subfolders, everywhere... A user confused their IMAP account for a file system and mind map tool, so they created folders everywhere, including root folders at the same level of inbox, draft, junk, trash, and huge directories under inbox. I need to enforce a policy that allows the creation of folders only under /Archive. I think such policies make good sense on any dovecot server and should be enforced by default.
Re: dsync and sieve again
> On 17. Feb 2021, at 23.53, Edgaras Lukoševičius > wrote: > > Hi, > > I'm starting to wonder if dsync is supposed to sync sieve scripts at all? Or > should it work only as a part of replicator? Because I was not able to get it > working on multiple Dovecot and Pigeon versions, and I see lots of > replication/dsync and sieve related questions in the mailing list. > > I'm trying to get it to work using latest versions on > http://repo.dovecot.org/ce-2.3-latest repo. > > The versions I am testing at the moment are: > - Dovecot 2.3.13 (89f716dc2) > - Pigeonhole 0.5.13 (cdd19fe3) > > It's a straightforward setup, nothing fancy. So the question is - is it > supposed to work at all without replicator? > It does sync sieve scripts as long as you have the plugin installed in both ends and have correct configuration regarding sieve script location. Sami
