mail_max_userip_connections per remote IP not working

[Alessio Cecchi]

Hi,

I'm tryng to set a specific mail_max_userip_connections for a remote IP 
(webmail IMAP software), but it seems not working:


remote 1.2.3.4 {
  protocol imap {
    mail_max_userip_connections = 100
  }
}

and also this isn't working

remote 1.2.3.4 {
    mail_max_userip_connections = 100
}

I insert it at the end of 20-imap.conf file.

Is something wrong or is not supported?

I'm running dovecot 2.3.14.

Thanks

--
Alessio Cecchi
Postmaster @http://www.qboxmail.it
https://www.linkedin.com/in/alessice

Tuning pop3-login client_limit

[Martin Olsen]

Good day / evening / morning good dovecot people:

Overview:

We are seeing the following issue on one of our servers:

pop3-login: Error: master(pop3): net_connect_unix(pop3) failed: Resource 
temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable 
(client-pid=5418, client-id=1, rip=__REMOVED__, created 534 msecs ago, received 
0/4 bytes)

We tried tuning the pop3-login -> client_limit parameter. However, as soon as 
we increased this parameter (and after restarting dovecot), we saw an onslaught 
of lmtp connection errors in postfix (unable to deliver via lmtp to dovecot). 
This led us to set the pop3-login -> client_limit back to 1000 again and the 
lmtp errors disappeared.

This leads me to think that we should tune some other parameters as well. 
Increase overall limits or such. It seems like when increasing the client_limit 
for pop3-logins that somehow affected the lmtp deliverability.

If anyone has any input on this that would be much appreciated.

Cheers,
Martin

--

Version and config:

# dovecot --version
2.2.36 (1f10bfa63)

# dovecot -n
# 2.2.36 (1f10bfa63):
# OS: Centos 7.7
# Hostname:
auth_mechanisms =
auth_verbose = yes
base_dir = __REMOVED__
default_client_limit = 2500
disable_plaintext_auth = no
doveadm_password =
first_valid_uid = 89
last_valid_uid = 89
lmtp_rcpt_check_quota = yes
login_greeting =
login_trusted_networks =
mail_gid = 89
mail_plugins = " notify replication quota"
mail_uid = 89
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  prefix =
}
passdb {
  args =
  driver = ldap
}
plugin {
  mail_replica = tcps:
  quota = maildir:User quota
  quota_rule =
}
protocols = pop3 lmtp
replication_full_sync_interval = 3 hours
replication_max_conns = 20
service aggregator {
  fifo_listener replication-notify-fifo {
group = postfix
mode = 0640
user = postfix
  }
  unix_listener replication-notify {
group = postfix
mode = 0640
user = postfix
  }
}
service auth {
  unix_listener auth {
mode = 0660
  }
}
service doveadm {
  inet_listener {
port = 12345
ssl = yes
  }
}
service lmtp {
  process_min_avail = 10
  unix_listener lmtp {
group = postfix
mode = 0640
user = postfix
  }
}
service pop3-login {
  client_limit = 1000
  process_limit = 2048
  process_min_avail = 10
  service_count = 1
}
service pop3 {
  client_limit = 1
  process_limit = 2048
  process_min_avail = 0
  service_count = 1
}

Re: json_parse_number broken by compiler optimization

[Timo Sirainen]

On 1. Apr 2021, at 19.14, Josef 'Jeff' Sipek  
wrote:
> 
> On Wed, Mar 31, 2021 at 11:26:14 -0400, Josef 'Jeff' Sipek wrote:
>> On Wed, Mar 31, 2021 at 09:07:28 +0200, Christian Ehrhardt wrote:
>>> On Wed, Mar 31, 2021 at 8:46 AM Christian Ehrhardt 
>>>  wrote:
 On Tue, Mar 30, 2021 at 9:21 PM Josef 'Jeff' Sipek 
  wrote:
>> ...
> The culprit seems to be LTO.  If you disable LTO, everything should work
> just fine.
 
 I've had LTO disabled and it has still shown the same effect (with my
 gcc 10.2.0-1).
 I'll give it a non-LTO retry and double check if it really changed the
 compile options accordingly.
 I'll let you know about that later on.
>>> 
>>> Indeed, I wonder what I tried yesterday in regard to LTO then .. :-/
>>> I can confirm that disabling LTO fixes the issue for me as well and
>>> for now that should be a good mitigation until the root cause is found
>>> and fixed.
>> 
>> Sounds good.  Thanks for the confirmation.
> 
> Does the following patch make the tests pass for you?  We still need to
> clean it up a bit, but I figured I'd share the work-in-progress version to
> make sure we're seeing the same issues as you.  (And the obvious disclaimer:
> this patch hasn't gone through the usual before-commit scrutiny, so don't
> ship it.)

The fix is now merged to master. It ended up being a bit different (simpler) 
from what Jeff sent to the list. The main fixes are:

https://github.com/dovecot/core/commit/4e5bb6738d8907ede8ec157d07463a8e77293ba8 

https://github.com/dovecot/core/commit/1d9b4e14008b15b7a34b5c633b09b9670e866256 

Re: sieve filter bevor.spam, arnt take effect

[Bernardo Reino]

On Mon, 12 Apr 2021, mau...@gmx.ch wrote:

Hi again, Your dovecot.conf neither contains the sieve settings nor includes 
the conf.d/90-sieve.conf file, which means that you only get whatever default 
config dovecot includes.

Good luck..


Now i put everyting that I "need" for forward spam to folder Junk-E-Mail.tje
the goal are that the spam email that will deliver direct to Junk-E-Mail
folder.


I'm not sure if you still have a question, or if everything works as expected?

Please note that:
1. sieve-before scripts must be compiled (with sievec) read:
   https://doc.dovecot.org/configuration_manual/sieve/usage/

2. Your script seems to do nothing if X-Spam-Flag is YES. If no such flag, then
   it is filed into "Junk E-Mail".


require "fileinto";
  if exists "X-Spam-Flag" {
if header :contains "X-Spam-Flag" "YES" {
  } else{
 fileinto "Junk E-Mail";
 stop;
 }
 }


You probably want the opposite (and you may want to considering formatting your 
script better.. for clarity)


3. Your script does 'fileinto "Junk E-Mail"' but no such mailbox is there. Your
   config has a "Junk-E-Mail".


  mailbox Junk-E-Mail {
   special_use = \Junk
}


4. Maybe you want to check the logs and see what's actually happening.

5. Maybe you're not even using LDA/LMTP, so you may want to post your postfix
   configuration (assuming you're using postfix).

I don't think I can help any more here, but if you have further questions it 
might be wise to write them in a language you're more comfortable with?


Good luck.

Re: error 42 ssl certificate expired

[Heiko Schlittermann]

gmail  (Di 13 Apr 2021 06:16:38 CEST):
> Hi,
> 
> I got news: dovecot is the one that is broken, i got setup all other stuff
> updated to latest BUT not dovecot, and i got working system.

Are you referring to the original topic of this thread? Or is this a new
issue?

I'm asking, because your address doesn't match the OP's address and
somehow the information you're presenting doesn't fit the OP's
information (Self signed certs vs LE certs)


Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -


signature.asc
Description: PGP signature