Sieve Auth failing (ignore previous message please)

[Dan Egli]

Hi folks. I'm VERY new to Dovecot and Sieve. But I'm having an issue 
that I need help with. For some reason my sieve daemon won't allow 
people to log on. I have dovecot set to read information from a MySQL 
table, and that works fine. I can login to dovecot's imap server just 
fine. But I have SOGo for the webmail and it won't login to the sieve 
daemon. Here's what I see in the log files when I, for example, try to 
save my preferences in SOGo:


==> info.log <==
Apr 28 00:33:14 lmtp(5938): Info: Connect from 127.0.0.1

==> /var/log/sogo/sogod.log <==
Apr 28 00:33:14 sogod [24168]: <0x0x557cfa9083c0[SOGoSieveManager]> 
failure. Attempting with a renewed password (no authname supported)
Apr 28 00:33:14 sogod [24168]: <0x0x557cfa9083c0[SOGoSieveManager]> 
Could not login 'd...@newideatest.site' on Sieve server: 
<0x0x557cfaa03a70[NGSieveClient]: 
socket=address=<0x0x557cfa89d5d0[NGInternetSocketAddress]: host=localhost 
port=45456> connectedTo=<0x0x557cfa837c00[NGInternetSocketAddress]: 
host=127.0.0.1 port=4190>>>: {RawResponse = "{}"; result = 0; }


==> info.log <==
Apr 28 00:33:14 lmtp(5938): Info: Disconnect from 127.0.0.1: Remote 
closed connection unexpectedly (state=READY)


==> /var/log/sogo/sogod.log <==
Apr 28 00:33:14 sogod [24168]: 2600:387:8:7::70 "POST 
/SOGo/so/d...@newideatest.site/Preferences/save HTTP/1.1" 503 46/3676 
0.024 - - 0 - 17


I've read a lot of pages about getting sieve running, but they show 
things I don't get. For example, from 
https://rtcamp.com/tutorials/mail/server/sieve-filtering/ I see that 
telnet localhost 4190 should give this:


Escape character is '^]'.
*"IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave" *"NOTIFY" "mailto"

"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

But I don't see any of that.
Escape character is '^]'.
220 jupiter.newideatest.site Dovecot ready.

I've gotten to the point where I'm pulling my hair out. I don't understand 
dovecot well enough to even begin to guess what's going on. So I could REALLY 
use some pointers.

Thanks all!

Oh, ignore the first message. For some reason my MUA will occasionally send a 
draft to the smtp server. I still haven't figured that one out yet.

--
Dan Egli
From my Test Server

Re: systemd integration not working

[Aki Tuomi]

Can you provide any details on this instability?

Aki

On April 27, 2021 7:58:01 PM UTC, Joan Moreau  wrote:
>Ok, a third regression is that it becomes highly unstable with the
>patch 
>you sent
>
>I had to get back to 2.3.14
>
>On 2021-04-27 17:07, Joan Moreau wrote:
>
>> Indeed, latest git works much better :)
>> 
>> On 2021-04-27 05:58, Aki Tuomi wrote:
>> Can you try with latest git? We did some improvements on the systemd 
>> configure parts.
>> 
>> Aki
>> 
>> On 26/04/2021 23:32 Joan Moreau  wrote:
>> 
>> Looking at config.log, there is #define HAVE_LIBSYSTEMD 1
>> But "Type=notify" does not appear
>> My systemd is version 248
>> 
>> On 2021-04-26 12:05, Joan Moreau wrote: I have
>> # sudo systemctl status dovecot
>> ● dovecot.service - Dovecot IMAP/POP3 email server
>> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; 
>> vendor preset: disabled)
>> Active: active (running) since Sun 2021-04-25 20:13:25 UTC; 14h ago
>> Docs: man:dovecot(1)
>> https://doc.dovecot.org/
>> Main PID: 2559364 (dovecot)
>> Tasks: 28 (limit: 76912)
>> Memory: 1.0G
>> CPU: 7min 18.342s
>> CGroup: /system.slice/dovecot.service
>> ├─2559364 /usr/sbin/dovecot -F
>> ├─2559366 dovecot/imap-login
>> ├─2559367 dovecot/anvil [11 connections]
>> ├─2559368 dovecot/log
>> 
>> On 2021-04-26 08:32, Aki Tuomi wrote: I don't know then. It works for
>
>> me and I just tried it again. The only reason it would fail would be 
>> that HAVE_LIBSYSTEMD is not defined, so it would not be using 
>> libsystemd for notify support.
>> 
>> $ sudo systemctl status dovecot
>> ● dovecot.service - Dovecot IMAP/POP3 email server
>> Loaded: loaded (/lib/systemd/system/dovecot.service; disabled; vendor
>
>> preset: enabled)
>> Active: active (running) since Mon 2021-04-26 10:30:02 EEST; 2s ago
>> Docs: man:dovecot(1)
>> https://doc.dovecot.org/
>> Main PID: 30213 (dovecot)
>> Status: "v2.4.devel (98a1cca054) running"
>> Tasks: 4 (limit: 4701)
>> Memory: 3.3M
>> CGroup: /system.slice/dovecot.service
>> ├─30213 /home/cmouse/dovecot/sbin/dovecot -F
>> ├─30214 dovecot/anvil
>> ├─30215 dovecot/log
>> └─30216 dovecot/config
>> 
>> You can tell from the "Status" line that it's using Type=notify.
>> 
>> Aki
>> 
>> On 26/04/2021 10:29 Joan Moreau  wrote:
>> 
>> Yes, I do run autogen.sh after every "git pull"
>> 
>> On 2021-04-26 08:21, Aki Tuomi wrote: The current autoconf code is
>bit 
>> buggy, but if you do indeed have libsystemd-dev installed it should
>do 
>> the right thing and will work with systemd even if you have 
>> Type=notify.
>> 
>> This has been actually tested, so if it's not working, then something
>
>> else is wrong.
>> 
>> Did you remember to run ./autogen.sh after pulling from git to make 
>> sure you get new configure script?
>> 
>> Aki
>> 
>> On 26/04/2021 10:11 Joan Moreau  wrote:
>> 
>> Yes systemd is installed (and the "dev" files as well)
>> 
>> On 2021-04-26 06:23, Aki Tuomi wrote: This is because you are not 
>> compiling with libsystemd-dev installed. I guess we need to make some
>
>> service template that use type simple when you don't use libsystemd.
>> 
>> Aki
>> 
>> On 25/04/2021 22:53 Joan Moreau  wrote:
>> 
>> Yes, it seems fixed with this patch :)
>> 
>> Another bug with git, is the "type=" in systemd is switched from 
>> "simple" to "notify". The later does not work and reverting to
>"simple" 
>> does work
>> 
>> On 2021-04-25 17:53, Aki Tuomi wrote: On 24/04/2021 21:56 Joan Moreau
>
>>  wrote:
>> 
>> chroot= does not resolve the issue
>> I have "chroot = login" in my conf
>> 
>> Thanks!
>> 
>> The chroot was needed to get the core dump.
>> 
>> Can you try if this does fix the crash?
>> 
>> Aki
>> 
>> From 1df4e02cbff710ce8938480b07a5690e37f661f6 Mon Sep 17 00:00:00
>2001
>> From: Timo Sirainen 
>> Date: Fri, 23 Apr 2021 16:43:36 +0300
>> Subject: [PATCH] login-common: Fix handling destroyed_clients linked 
>> list
>> 
>> The client needs to be removed from destroyed_clients linked list 
>> before
>> it's added to client_fd_proxies linked list.
>> 
>> Broken by 1c622cdbe08df2f642e28923c39894516143ae2a
>> ---
>> src/login-common/client-common.c | 11 +++
>> 1 file changed, 7 insertions(+), 4 deletions(-)
>> 
>> diff --git a/src/login-common/client-common.c 
>> b/src/login-common/client-common.c
>> index bdb6e9c798..1d264d9f75 100644
>> --- a/src/login-common/client-common.c
>> +++ b/src/login-common/client-common.c
>> @@ -289,8 +289,9 @@ void client_disconnect(struct client *client,
>const 
>> char *reason,
>> /* Login was successful. We may now be proxying the connection,
>> so don't disconnect the client until client_unref(). */
>> if (client->iostream_fd_proxy != NULL) {
>> + i_assert(!client->fd_proxying);
>> client->fd_proxying = TRUE;
>> - i_assert(client->prev == NULL && client->next == NULL);
>> + DLLIST_REMOVE(&destroyed_clients, client);
>> DLLIST_PREPEND(&client_fd_proxies, client);
>> client_fd_proxies_count++;
>> }
>> @@ -307,8 +308,9 @@ void client_destroy(struct client *client, const 
>> char *

Re: systemd integration not working

[Joan Moreau]

Ok, a third regression is that it becomes highly unstable with the patch 
you sent


I had to get back to 2.3.14

On 2021-04-27 17:07, Joan Moreau wrote:


Indeed, latest git works much better :)

On 2021-04-27 05:58, Aki Tuomi wrote:
Can you try with latest git? We did some improvements on the systemd 
configure parts.


Aki

On 26/04/2021 23:32 Joan Moreau  wrote:

Looking at config.log, there is #define HAVE_LIBSYSTEMD 1
But "Type=notify" does not appear
My systemd is version 248

On 2021-04-26 12:05, Joan Moreau wrote: I have
# sudo systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; 
vendor preset: disabled)

Active: active (running) since Sun 2021-04-25 20:13:25 UTC; 14h ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Main PID: 2559364 (dovecot)
Tasks: 28 (limit: 76912)
Memory: 1.0G
CPU: 7min 18.342s
CGroup: /system.slice/dovecot.service
├─2559364 /usr/sbin/dovecot -F
├─2559366 dovecot/imap-login
├─2559367 dovecot/anvil [11 connections]
├─2559368 dovecot/log

On 2021-04-26 08:32, Aki Tuomi wrote: I don't know then. It works for 
me and I just tried it again. The only reason it would fail would be 
that HAVE_LIBSYSTEMD is not defined, so it would not be using 
libsystemd for notify support.


$ sudo systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; disabled; vendor 
preset: enabled)

Active: active (running) since Mon 2021-04-26 10:30:02 EEST; 2s ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Main PID: 30213 (dovecot)
Status: "v2.4.devel (98a1cca054) running"
Tasks: 4 (limit: 4701)
Memory: 3.3M
CGroup: /system.slice/dovecot.service
├─30213 /home/cmouse/dovecot/sbin/dovecot -F
├─30214 dovecot/anvil
├─30215 dovecot/log
└─30216 dovecot/config

You can tell from the "Status" line that it's using Type=notify.

Aki

On 26/04/2021 10:29 Joan Moreau  wrote:

Yes, I do run autogen.sh after every "git pull"

On 2021-04-26 08:21, Aki Tuomi wrote: The current autoconf code is bit 
buggy, but if you do indeed have libsystemd-dev installed it should do 
the right thing and will work with systemd even if you have 
Type=notify.


This has been actually tested, so if it's not working, then something 
else is wrong.


Did you remember to run ./autogen.sh after pulling from git to make 
sure you get new configure script?


Aki

On 26/04/2021 10:11 Joan Moreau  wrote:

Yes systemd is installed (and the "dev" files as well)

On 2021-04-26 06:23, Aki Tuomi wrote: This is because you are not 
compiling with libsystemd-dev installed. I guess we need to make some 
service template that use type simple when you don't use libsystemd.


Aki

On 25/04/2021 22:53 Joan Moreau  wrote:

Yes, it seems fixed with this patch :)

Another bug with git, is the "type=" in systemd is switched from 
"simple" to "notify". The later does not work and reverting to "simple" 
does work


On 2021-04-25 17:53, Aki Tuomi wrote: On 24/04/2021 21:56 Joan Moreau 
 wrote:


chroot= does not resolve the issue
I have "chroot = login" in my conf

Thanks!

The chroot was needed to get the core dump.

Can you try if this does fix the crash?

Aki

From 1df4e02cbff710ce8938480b07a5690e37f661f6 Mon Sep 17 00:00:00 2001
From: Timo Sirainen 
Date: Fri, 23 Apr 2021 16:43:36 +0300
Subject: [PATCH] login-common: Fix handling destroyed_clients linked 
list


The client needs to be removed from destroyed_clients linked list 
before

it's added to client_fd_proxies linked list.

Broken by 1c622cdbe08df2f642e28923c39894516143ae2a
---
src/login-common/client-common.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/login-common/client-common.c 
b/src/login-common/client-common.c

index bdb6e9c798..1d264d9f75 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -289,8 +289,9 @@ void client_disconnect(struct client *client, const 
char *reason,

/* Login was successful. We may now be proxying the connection,
so don't disconnect the client until client_unref(). */
if (client->iostream_fd_proxy != NULL) {
+ i_assert(!client->fd_proxying);
client->fd_proxying = TRUE;
- i_assert(client->prev == NULL && client->next == NULL);
+ DLLIST_REMOVE(&destroyed_clients, client);
DLLIST_PREPEND(&client_fd_proxies, client);
client_fd_proxies_count++;
}
@@ -307,8 +308,9 @@ void client_destroy(struct client *client, const 
char *reason)


if (last_client == client)
last_client = client->prev;
- /* remove from clients linked list before it's added to
- client_fd_proxies. */
+ /* move to destroyed_clients linked list before it's potentially
+ added to client_fd_proxies. */
+ i_assert(!client->fd_proxying);
DLLIST_REMOVE(&clients, client);
DLLIST_PREPEND(&destroyed_clients, client);

@@ -409,13 +411,14 @@ bool client_unref(struct client **_client)
DLLIST_REMOVE(&client_fd_proxies, client);
i_assert(client_fd_proxies_count > 0);
client_fd_proxies_count--;
+

Re: connection closes every 10 minutes

[Joseph Tam]

On Mon, 26 Apr 2021, Marco Fioretti wrote:


3) a few days ago I received a new modem from my ISP, as part of their
network upgrade operations

4) more or less in the same moment the problem I reported here
disappeared. Now mutt stays connected even 24 hours without losing
connection.

I am NOT 100% sure that the problem disappeared AFTER the change of
modem. That happened during a few chaotic days, both work- and
family-wise, so I did not take notes. And modems may have nothing to
do at all with the disconnections. But now the problem is not there
anymore, I have no clue what may have happened, and if anybody can
guess... thanks in advance.


Does this modem also have an integrated router?  These units tend to
act as NAT gateways/firewalls that keep track of "active" sessions by
tracking external/interface NAT address mappings.  Cheap or older one
could have TTL on these entries i.e. if no traffic is detected within
a time window, it is discarded, and appearing as if the endpoints had
disconnected.  I guess it could also happen if the state tracking
tables has limited memory and your internal network is busy, like a family
member opening up a P2P application.

Just a hypothesis.


Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757


However, my hypothesis wouldn't produce this.  This is a active
logout.

Joseph Tam 

Re: systemd integration not working

[Joan Moreau]

Indeed, latest git works much better :)

On 2021-04-27 05:58, Aki Tuomi wrote:

Can you try with latest git? We did some improvements on the systemd 
configure parts.


Aki

On 26/04/2021 23:32 Joan Moreau  wrote:

Looking at config.log, there is #define HAVE_LIBSYSTEMD 1
But "Type=notify" does not appear
My systemd is version 248

On 2021-04-26 12:05, Joan Moreau wrote: I have
# sudo systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; 
vendor preset: disabled)

Active: active (running) since Sun 2021-04-25 20:13:25 UTC; 14h ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Main PID: 2559364 (dovecot)
Tasks: 28 (limit: 76912)
Memory: 1.0G
CPU: 7min 18.342s
CGroup: /system.slice/dovecot.service
├─2559364 /usr/sbin/dovecot -F
├─2559366 dovecot/imap-login
├─2559367 dovecot/anvil [11 connections]
├─2559368 dovecot/log

On 2021-04-26 08:32, Aki Tuomi wrote: I don't know then. It works for 
me and I just tried it again. The only reason it would fail would be 
that HAVE_LIBSYSTEMD is not defined, so it would not be using 
libsystemd for notify support.


$ sudo systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; disabled; vendor 
preset: enabled)

Active: active (running) since Mon 2021-04-26 10:30:02 EEST; 2s ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Main PID: 30213 (dovecot)
Status: "v2.4.devel (98a1cca054) running"
Tasks: 4 (limit: 4701)
Memory: 3.3M
CGroup: /system.slice/dovecot.service
├─30213 /home/cmouse/dovecot/sbin/dovecot -F
├─30214 dovecot/anvil
├─30215 dovecot/log
└─30216 dovecot/config

You can tell from the "Status" line that it's using Type=notify.

Aki

On 26/04/2021 10:29 Joan Moreau  wrote:

Yes, I do run autogen.sh after every "git pull"

On 2021-04-26 08:21, Aki Tuomi wrote: The current autoconf code is bit 
buggy, but if you do indeed have libsystemd-dev installed it should do 
the right thing and will work with systemd even if you have 
Type=notify.


This has been actually tested, so if it's not working, then something 
else is wrong.


Did you remember to run ./autogen.sh after pulling from git to make 
sure you get new configure script?


Aki

On 26/04/2021 10:11 Joan Moreau  wrote:

Yes systemd is installed (and the "dev" files as well)

On 2021-04-26 06:23, Aki Tuomi wrote: This is because you are not 
compiling with libsystemd-dev installed. I guess we need to make some 
service template that use type simple when you don't use libsystemd.


Aki

On 25/04/2021 22:53 Joan Moreau  wrote:

Yes, it seems fixed with this patch :)

Another bug with git, is the "type=" in systemd is switched from 
"simple" to "notify". The later does not work and reverting to "simple" 
does work


On 2021-04-25 17:53, Aki Tuomi wrote: On 24/04/2021 21:56 Joan Moreau 
 wrote:


chroot= does not resolve the issue
I have "chroot = login" in my conf

Thanks!

The chroot was needed to get the core dump.

Can you try if this does fix the crash?

Aki

From 1df4e02cbff710ce8938480b07a5690e37f661f6 Mon Sep 17 00:00:00 2001
From: Timo Sirainen 
Date: Fri, 23 Apr 2021 16:43:36 +0300
Subject: [PATCH] login-common: Fix handling destroyed_clients linked 
list


The client needs to be removed from destroyed_clients linked list 
before

it's added to client_fd_proxies linked list.

Broken by 1c622cdbe08df2f642e28923c39894516143ae2a
---
src/login-common/client-common.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/login-common/client-common.c 
b/src/login-common/client-common.c

index bdb6e9c798..1d264d9f75 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -289,8 +289,9 @@ void client_disconnect(struct client *client, const 
char *reason,

/* Login was successful. We may now be proxying the connection,
so don't disconnect the client until client_unref(). */
if (client->iostream_fd_proxy != NULL) {
+ i_assert(!client->fd_proxying);
client->fd_proxying = TRUE;
- i_assert(client->prev == NULL && client->next == NULL);
+ DLLIST_REMOVE(&destroyed_clients, client);
DLLIST_PREPEND(&client_fd_proxies, client);
client_fd_proxies_count++;
}
@@ -307,8 +308,9 @@ void client_destroy(struct client *client, const 
char *reason)


if (last_client == client)
last_client = client->prev;
- /* remove from clients linked list before it's added to
- client_fd_proxies. */
+ /* move to destroyed_clients linked list before it's potentially
+ added to client_fd_proxies. */
+ i_assert(!client->fd_proxying);
DLLIST_REMOVE(&clients, client);
DLLIST_PREPEND(&destroyed_clients, client);

@@ -409,13 +411,14 @@ bool client_unref(struct client **_client)
DLLIST_REMOVE(&client_fd_proxies, client);
i_assert(client_fd_proxies_count > 0);
client_fd_proxies_count--;
+ } else {
+ DLLIST_REMOVE(&destroyed_clients, client);
}
i_stream_unref(&client->input);
o_stream_unref(&client->output);
i_close_fd(&client->fd);
event_u

Re: Help with imapc and Shared Folder in a Cluster

[Alessio Cecchi]

Il 23/04/21 09:29, Markus Valentin ha scritto:

On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared
Mailboxes in Dovecot (2.3.14) Cluster as

explained here:

https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/


but I'm not happy:

# doveadm acl debug -u te...@emailtest.net shared/test2/Sent

doveadm(te...@emailtest.net): Info: imapc(10.0.0.202:143): Connected to
10.0.0.202:143 (local 10.0.0.203:58054)
doveadm(te...@emailtest.net): Info: imapc(10.0.0.202:143): Connected to
10.0.0.202:143 (local 10.0.0.203:58056)
doveadm(te...@emailtest.net): Error: imapc(10.0.0.202:143):
Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
doveadm(te...@emailtest.net): Error: Can't open mailbox
shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED]
Authentication failed.

ACL, master-user, master-password works fine because with regular
configuration shared folders works fine and also with master-user or
with master-password I can login and see and access to shared/ namespace
and shared folders.

But when I try to switch location from

location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

to

location = imapc:~/Maildir/shared/%%u/
[...]
imapc_host = 10.0.0.202
imapc_master_user = %u
#imapc_user = %u
imapc_password = Password
imapc_features = search

stop working.

The relevant error is this:

Apr 22 22:57:14 doveadm(te...@testemail.net): Info:
imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070)
Apr 22 22:57:14 doveadm(te...@testemail.net): Debug:
imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN
Apr 22 22:57:14 doveadm(te...@testemail.net): Debug:
imapc(10.0.0.203:143): Authenticating as te...@testemail.net for user
te...@testemail.net
Apr 22 22:57:16 doveadm(te...@testemail.net): Error:
imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED]
Authentication failed.
Apr 22 22:57:16 doveadm(te...@testemail.net): Debug:
imapc(10.0.0.203:143): Disconnected
Apr 22 22:57:16 doveadm(te...@testemail.net): Error: Can't open mailbox
shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED]
Authentication failed.

Please note "Authenticating as te...@testemail.net for user
te...@testemail.net" failed.

So my question is, the documentation page is update and right or I
missing something?

Hi,

from my perspective it is likely that te...@testemail.net can't be
authenticated as a master user which is required for this setup to work.

 From the cluster setup page:

"You’ll need to setup master user logins to work for all the users. The
logged in user becomes the master user. The master user doesn’t actually
have any special privileges. "


Hi,

after some days of debug I have found a solution to have shared folders 
works via imapc, even if partially.


First, in the documentation page there is an error, the right "location" 
should be like this:


location = imapc:%%h/Maildir

with %%h/ instead of ~/

After I have setup two passdb like these:

passdb {
   driver = static
   args = password=P4ssw0rd
   result_success = continue
}

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql-master.conf.ext
  master = yes
  result_success = continue
}

where the first is required (only on backend dovecot) when the sharing 
user (test2) need to login (with imapc_password) and the second (both in 
director and backend dovecot) when the "test1" need to login into 
sharing (test2) account like master user.


So acl debug works fine:

# doveadm acl debug -u te...@emailtest.net shared/test2/Sent
doveadm(te...@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 
10.0.0.202:143 (local 10.0.0.203:39698)
doveadm(te...@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 
10.0.0.202:143 (local 10.0.0.203:39700)
doveadm(te...@emailtest.net): Info: Mailbox 'Sent' is in namespace 
'shared/test2/'
doveadm(te...@emailtest.net): Info: Mailbox path: 
/home/vmail/domains/emailtest.net/test2/Maildir/.Sent
doveadm(te...@emailtest.net): Info: All message flags are shared across 
users in mailbox
doveadm(te...@emailtest.net): Info: User te...@emailtest.net has rights: 
lookup read write write-seen write-deleted insert expunge

doveadm(te...@emailtest.net): Info: Mailbox found from dovecot-acl-list
doveadm(te...@emailtest.net): Info: User te...@emailtest.net found from 
ACL shared dict
doveadm(te...@emailtest.net): Info: Mailbox shared/test2/Sent is visible 
in LIST


But the are still some issues, if the sharing ring is like "test2 share 
a folder with test1 that share a folder with test3 that share a folder 
test2" dovecot have a loop until max_user_connections is reached. 
Probably until option "acl_ignore_namespace" will be available we cannot 
solve this.


Moreover, if both test1 and test2 mark as read/unread the same message 
in a shared folder dovecot have some indexes issue:


Apr 25 21:03:56 Error: imap(te...@emailtest.net) 
session=: Mailbox Sen

Re: How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )

[Aki Tuomi]

> On 27/04/2021 18:02 J. Sommersberg  wrote:
> 
> 
> Hi,
> 
> i just finished tuning my dovecot setup after upgrading to 2.3.7.2.
> I needed to add the "ssl_dh =„ parameter to my config as stated in the online 
> docs at dovecot.org (http://dovecot.org).
> That was no problem and is well documented there and the hint in the log on 
> startup also helped to quickly identify the problem.
> 
> After that i was curious and read more and did a lot of research.
> But i just could not find out how to „omit“ the DH parameter as stated in the 
> online docs:
> https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
> 
> It says :
> „Since v2.3.3+ DH parameter usage is optional and can be omitted.“
> 
> I trried it in different ways.
> First i disallowed DH on the ssl_cipher_list like it was suggested in the 
> example in this doc.
> But it will still give Errors on startup/reload of dovecot.
> 
> Next i tried
> ssl_dh =
> that also did not work.
> 
> I could not figure out how to „omit“ the DH parameter.
> 
> Is it just my misinterpretation of the config doc?
> 
> thanks for clarifying
> 
> Best regards
> 
> joerg
> 
>

Hi!

Can you share the errors you receive? You can simply leave the setting away, 
and not set it. Remember to remove /var/lib/dovecot/ssl-params.dat too.

Aki

How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )

[J. Sommersberg]

Hi,

i just finished tuning my dovecot setup after upgrading to 2.3.7.2.
I needed to add the "ssl_dh =„ parameter to my config as stated in the online 
docs at dovecot.org .
That was no problem and is well documented there and the hint in the log on 
startup also helped to quickly identify the problem.

After that i was curious and read more and did a lot of research.
But i just could not find out how to „omit“ the DH parameter as stated in the 
online docs:
https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ 


It says :
„Since v2.3.3+ DH parameter usage is optional and can be omitted.“

I trried it in different ways.
First i disallowed DH on the ssl_cipher_list like it was suggested in the 
example in this doc.
But it will still give Errors on startup/reload of dovecot.

Next i tried 
ssl_dh = 
that also did not work.

I could not figure out how to „omit“ the DH parameter.

Is it just my misinterpretation of the config doc?

thanks for clarifying

Best regards

joerg

Re: doveadm sync duplicating emails

[Aki Tuomi]

On 23.4.2021 21.40, Paul Robinson wrote:
> I'm upgrading a mail server using postfix 2.9.6 and dovecot 2.0.19 to
> a new server running postfix 3.4.13 and dovecot 2.3.7.2 (using Maildir
> format on both sides).
>
> I had trouble getting doveadm backup to work for one user, while all
> the others worked straight away. It would complain about problems on
> the old server in the Maildir/dovecot* files. I managed to get it to
> work by removing all the dovecot* files under Maildir for that one
> user (accepting that this would mean clients having to redownload emails).
>
> From that point, a doveadm backup worked.
>
> Using roundcube to look at the new mail server, I could see everything
> arrived.
>
> At this point, some mail generated on the new mail server would go to
> the new mail server, but all other mail is going to the old mail server.
>
> I then tried to use doveadm sync -1R to update the new mail server
> so the new server contains all the mail from the old server plus the
> new mail that has been locally delivered. 
>
> What then happened was that all the new emails delivered to the old
> server since the backup were copied to the new server, and all
> the emails that were locally delivered on the new mail server were
> still there.
>
> (So far so good).
>
> But I also saw that every email that was on the old server before the
> backup now appeared twice on the new mail server.
>
> Running sync again would mean I had three copies of email.
>
> The sync ran quickly - much too quickly for these extra copies to have
> been sent over the network. It appears that the sync made extra local
> copies on the new server.
>
> I see no errors in logs that can explain things.
>
> Looking at the email, the files stored in the cur directories are
> there multiple times; they have different names, but identical content.
>
> Trying "doveadm deduplicate -F user-list ALL" ran quickly and to no
> effect (where user-list is a file with a list of users). Trying
> "doveadm deduplicate -F user-list -m ALL" takes 100% cpu and a long
> time to run and still running right now after 4 hours. Judging by the
> disk space usage freed up, this is going to take a very long time to
> complete.
>
> Has anybody got any idea what might cause this and what change I
> should make?
>
> This was the sync command line:
> doveadm -vc /etc/dovecot/dovecot-migration.conf sync -1RF user-list imapc:
>
> For the backup and sync, I used this as the config:
>
> imapc_features = rfc822.size fetch-headers
> imapc_host = 
> imapc_ssl = imaps
> imapc_port = 993
> imapc_user = %n
> imapc_master_user = master
> imapc_password = 
>
> mail_prefetch_count = 20
> ssl_cipher_list =
> EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH
> +SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!DH
>
>
> mail_location = maildir:~/Maildir
> mail_home = /var/vmail/%d/%n/
> mail_fsync=never
>
> Thanks,
> Paul


Hi!

Can you try running with `doveadm -D` to get debug logs?

Aki

Re: failed: Cached message size smaller than expected

[Aki Tuomi]

On 23.4.2021 17.52, Hauke Fath wrote:
> On Mon, 19 Apr 2021 14:36:07 +0300 (EEST), Aki Tuomi wrote:
>
> [mbox index corruption]
>
>> None of our customers use mbox and there is no mail corruption in 
>> mbox. Just dovecot cache is disagreeing with the mail contents, which 
>> is automatically healed by removing the cache entry from cache.
> We see that a lot here,
>
> read [...] failed: Cached message size smaller than expected (5074 < 
> 5075, box=INBOX, UID=94)
>
> and it makes for a bad user experience: Clients are hanging while 
> attempting to open the mail, and users have to close the window, or 
> click on another mail then come back to the first one in order to 
> successfully open it. I get a lot of complaints.
>  
>> I am not sure what's going on with that, hard to say without knowing 
>> more about how the system is set up and configured.
> There are longstanding problems with Dovecot mbox indexing. I have a 
> mail here from 2004 reporting issues. ISTR they went away in late 1.x 
> releases (maybe should check with a test install?), then came back with 
> 2.x.
>
> I've seen index problems reported against maildir and Dovecot's custom 
> format. My personal take: If a project cannot fix support of a standard 
> format, I am surely not going to follow them into a vendor lock-in.
>
> Would be great if this could be sorted out.
>
> Cheerio,
> Hauke

We are not removing maildir support, which is a non-proprietary format.
If you are experiencing same issues with maildir using latest dovecot
release, we are happy to look at that.

Aki

Re: Error and Panic (with coredump)

[Aki Tuomi]

On 27.4.2021 9.57, Thomas Knaute wrote:
>
>
>
>>
>>> On 26/04/2021 19:03 Thomas Knaute  wrote:
>>>
>>>
>>> Hi there,
>>>
>>> i'm pretty new to this stuff, just tell me if you need more
>>> information.
>>>
>>> Apr 26 17:15:43 dilia dovecot:
>>> imap(u...@domain.de)<78561>: Error:
>>> i_stream_seekable_write_failed: close((&sstream->fd)) @
>>> istream-seekable.c:246 failed (fd=21): Bad fi
>>> le descriptor
>>> Regards, Thomas
>>
>> Do you by change run out of disk space in /tmp or see any other errors?
>>
>> Aki
>>
>
> it was
> /dev/mapper/dilia-vg-tmp 360M 3,6M 334M 2% /tmp
>
> now it is
> /dev/mapper/dilia-vg-tmp 1,4G 2,8M 1,3G 1% /tmp
>
> Other Errors:
>
> User has several thousand mails in the "Send" folder. Whenever the
> webmailer tried to read the folder, this error occurred.
>
> Apr 15 13:50:44 dilia dovecot:
> imap(u...@domain.de)<11957>: Error: Raw backtrace:
> /usr/lib/dovecot/libdovecot.so.0(+0xdb13b) [0x7fd9e90ce13b] ->
> /usr/lib/dovecot/libdovecot.so.0(+0xdb1d1) [0x7fd9e90ce1d1] ->
> /usr/lib/dovecot/libdovecot.so.0(+0x4a21b) [0x7fd9e903d21b] ->
> /usr/lib/dovecot/libdovecot.so.0(+0x4dfc7) [0x7fd9e9040fc7] ->
> /usr/lib/dovecot/libdovecot.so.0(+0xe6942) [0x7fd9e90d9942] ->
> /usr/lib/dovecot/libdovecot.so.0(i_stream_alloc+0x88) [0x7fd9e90db098]
> -> /usr/lib/dovecot/libdovecot.so.0(+0xee059) [0x7fd9e90e1059] ->
> /usr/lib/dovecot/libdovecot.so.0(+0xee546) [0x7fd9e90e1546] ->
> /usr/lib/dovecot/libdovecot.so.0(+0xe66d9) [0x7fd9e90d96d9] ->
> /usr/lib/dovecot/libdovecot.so.0(i_stream_get_size+0x2a)
> [0x7fd9e90da5aa] ->
> /usr/lib/dovecot/modules/lib20_zlib_plugin.so(+0x417c)
> [0x7fd9e8dfd17c] ->
> /usr/lib/dovecot/libdovecot-storage.so.0(index_mail_set_seq+0x25)
> [0x7fd9e924ceb5] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xd19ce)
> [0x7fd9e92539ce] ->
> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_search_next_nonblock+0x10d)
> [0x7fd9e925418d] ->
> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_search_next_nonblock+0x28)
> [0x7fd9e91dce58] ->
> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_search_next+0x3f)
> [0x7fd9e91dcedf] -> dovecot/imap [u...@domain.de 10.242.2.34 UID
> fetch](+0x21847) [0x557be3f0e847] -> dovecot/imap [u...@domain.de
> 10.242.2.34 UID fetch](imap_fetch_more+0x39) [0x557be3f0f779] ->
> dovecot/imap [u...@domain.de 10.242.2.34 UID fetch](cmd_fetch+0x337)
> [0x557be3f00c07] -> dovecot/imap [u...@domain.de 10.242.2.34 UID
> fetch](command_exec+0x70) [0x557be3f0cd80] -> dovecot/imap
> [u...@domain.de 10.242.2.34 UID fetch](+0x1e3f2) [0x557be3f0b3f2] ->
> dovecot/imap [u...@domain.de 10.242.2.34 UID fetch](+0x1e494)
> [0x557be3f0b494] -> dovecot/imap [u...@domain.de 10.242.2.34 UID
> fetch](client_handle_input+0x1b5) [0x557be3f0b845] -> dovecot/imap
> [u...@domain.de 10.242.2.34 UID fetch](client_input+0x7e)
> [0x557be3f0bd6e] ->
> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6f)
> [0x7fd9e90e45ef] ->
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x136)
> [0x7fd9e90e5be6] ->
> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c)
> [0x7fd9e90e468c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40)
> [0x7fd9e90e47f0]
> Apr 15 13:50:44 dilia dovecot:
> imap(u...@domain.de)<11957>: Fatal: master:
> service(imap): child 11957 returned error 83 (Out of memory (service
> imap { vsz_limit=512 MB }, you may need to increase it) - set
> CORE_OUTOFMEM=1 environment to get core dump)
>
> so i increased the limit:
> /etc/dovecot/conf.d/10-master.conf:default_vsz_limit = 1024M
>
>
Did these actions fix the issues?


Aki