RE: Sieve daemon errors? (Part 1 of 2, Pt 2 to follow when Pt 1 resolved)

[dovecot]

Exactly as I suspected:

> service lmtp {
>   inet_listener lmtp {
> address = 127.0.0.1
> port = 4190
>   }
> }



As for why it looks that way?  Dunno.  Check conf.d/20-lmtp.conf.  That doesn’t 
make sense.

 

-- 

Steve Watt   KD6GGD PP-ASEL-IA   factories.words.yappy

Don't let your schooling get in the way of your education.

 

From: Dan Egli  
Sent: Friday, April 30, 2021 23:50
To: st...@watt.com; dovecot@dovecot.org
Subject: Re: Sieve daemon errors? (Part 1 of 2, Pt 2 to follow when Pt 1 
resolved)

 

Ask and ye shall receive:  # dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs
# Hostname: jupiter.newideatest.site
auth_debug = yes
auth_mechanisms = plain login
auth_socket_path = /run/dovecot/auth-userdb
auth_verbose = yes
debug_log_path = /var/log/dovecot/debug.log
default_vsz_limit = 1 G
disable_plaintext_auth = no
first_valid_uid = 114
hostname = jupiter.newideatest.site
info_log_path = /var/log/dovecot/info.log
log_path = /var/log/dovecot/error.log
mail_debug = yes
mail_gid = exim4u
mail_location = 
maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/%

 n
mail_plugins = fts
mail_privileged_group = mail
mail_server_admin = 
mail_uid = exim4u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacati  

   on subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
includ  

   e variables body enotify environment mailbox date index ihave duplicate mime 
for 

everypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  fts_autoindex = yes
  fts_autoindex_exclude = \Junk
  fts_autoindex_exclude2 = \Trash
  fts_autoindex_exclude3 = \Drafts
  fts_autoindex_exclude4 = \Spam
  fts_enforced = yes
  imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve 
 
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve 
 
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  plugin = fts managesieve sieve
  sieve = file:%h/sieve;active=%h/.dovecot.sieve 
 
  sieve_Dir = ~/sieve
  sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
  sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
  sieve_global_dir = /var/lib/dovecot/sieve/
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  sieve_pipe_bin_dir = /var/lib/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmas...@newideatest.site 
 
service auth {
  unix_listener auth-client {
mode = 0600
user = exim4u
  }
  unix_listener auth-userdb {
group = exim4u
mode = 0777
user = exim4u
  }
}
service lmtp {
  inet_listener lmtp {
address = 127.0.0.1
port = 4190
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
service managesieve {
  process_limit = 1024
}
service stats {
  unix_listener stats-reader {
mode = 0777
user = exim4u
  }
  unix_listener stats-writer {
mode = 0777
user = exim4u
  }
}
service submission-login {
  inet_listener submission {
port = 2587
  }
}
ssl_cert = mailto:postmas...@newideatest.site> 
}
protocol lda {
  info_log_path = /var/log/dovecot/lda.log
  log_path = /var/log/dovecot/lda-errors.log
  mail_plugins = fts sieve sieve
}
protocol imap {
  mail_plugins = fts imap_sieve
}
protocol sieve {
  info_log_path = /var/log/dovecot/sieve.log
  log_path = /var/log/dovecot/sieve-errors.log
  managesieve_implementation_string = Dovecot
  managesieve_max_compile_errors = 5
  managesieve_max_line_length = 64 k
}
j

On 5/1/2021 12:44 AM, Steve Watt

Re: Sieve daemon errors? (Part 1 of 2, Pt 2 to follow when Pt 1 resolved)

[Dan Egli]

Ask and ye shall receive:  # dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.11.16-gentoo-x86_64 x86_64 Gentoo Base System release 2.7 xfs
# Hostname: jupiter.newideatest.site
auth_debug = yes
auth_mechanisms = plain login
auth_socket_path = /run/dovecot/auth-userdb
auth_verbose = yes
debug_log_path = /var/log/dovecot/debug.log
default_vsz_limit = 1 G
disable_plaintext_auth = no
first_valid_uid = 114
hostname = jupiter.newideatest.site
info_log_path = /var/log/dovecot/info.log
log_path = /var/log/dovecot/error.log
mail_debug = yes
mail_gid = exim4u
mail_location = 
maildir:/var/mail/%d/%n/Maildir:INDEX=/var/mail/indexes/%d/%1n/% n

mail_plugins = fts
mail_privileged_group = mail
mail_server_admin = 
mail_uid = exim4u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacati on subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy includ e variables body enotify 
environment mailbox date index ihave duplicate mime for everypart 
extracttext imapsieve vnd.dovecot.imapsieve

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  fts_autoindex = yes
  fts_autoindex_exclude = \Junk
  fts_autoindex_exclude2 = \Trash
  fts_autoindex_exclude3 = \Drafts
  fts_autoindex_exclude4 = \Spam
  fts_enforced = yes
  imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  plugin = fts managesieve sieve
  sieve = file:%h/sieve;active=%h/.dovecot.sieve
  sieve_Dir = ~/sieve
  sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
  sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
  sieve_global_dir = /var/lib/dovecot/sieve/
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  sieve_pipe_bin_dir = /var/lib/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmas...@newideatest.site
service auth {
  unix_listener auth-client {
    mode = 0600
    user = exim4u
  }
  unix_listener auth-userdb {
    group = exim4u
    mode = 0777
    user = exim4u
  }
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 4190
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
service managesieve {
  process_limit = 1024
}
service stats {
  unix_listener stats-reader {
    mode = 0777
    user = exim4u
  }
  unix_listener stats-writer {
    mode = 0777
    user = exim4u
  }
}
service submission-login {
  inet_listener submission {
    port = 2587
  }
}
ssl_cert = 

From a little bit of poking around in the source, I wonder if you 
somehow have the LMTP listener running on the sieve port.


The output of doveconf -n will help more than just the 90-sieve.conf.  
Also check the dovecot log; I found it helpful (once I figured out how 
to configure it) with debugging.


[ Apologies for top post; brain-damaged MUA in use. ]

--

Steve Watt   KD6GGD PP-ASEL-IA factories.words.yappy

Don't let your schooling get in the way of your education.

*From:* dovecot  *On Behalf Of *Dan Egli
*Sent:* Friday, April 30, 2021 23:13
*To:* dovecot@dovecot.org
*Subject:* Sieve daemon errors? (Part 1 of 2, Pt 2 to follow when Pt 1 
resolved)


Folks, I am still trying to get help here. Let me re-state what is 
going on. I have a webmail program (SOGo) that connects to the Dovecot 
sieve system to handle things like mail filters and what not. That way 
dovecot's lda program can move things where they belong. So I went 
through the config files, and found the places where I need to enable 
sieve (this is in Gentoo Linux, by the way).  Now, when dovecot starts 
I do see a listener on the sieve port on localhost:


#netstat -tl | grep sieve
tcp    0  0 localhost:sieve 0.0.0.0:*   LISTEN

And when I telnet to the port, it does connect. But it doesn't say much.

 telnet localhost sieve
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 jupiter.newideatest.site Dovecot ready.

Yet every example I see online is showing a HECK of a lot more than 
this. So what's up? Anyone got any idea what I did wrong? I've put the 
90-sieve.conf file on my web server at 
www.newideatest.site/90-sieve.conf 

Sieve daemon errors? (Part 1 of 2, Pt 2 to follow when Pt 1 resolved)

[Dan Egli]

Folks, I am still trying to get help here. Let me re-state what is going 
on. I have a webmail program (SOGo) that connects to the Dovecot sieve 
system to handle things like mail filters and what not. That way 
dovecot's lda program can move things where they belong. So I went 
through the config files, and found the places where I need to enable 
sieve (this is in Gentoo Linux, by the way).  Now, when dovecot starts I 
do see a listener on the sieve port on localhost:


#netstat -tl | grep sieve
tcp    0  0 localhost:sieve 0.0.0.0:*   LISTEN

And when I telnet to the port, it does connect. But it doesn't say much.

 telnet localhost sieve
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 jupiter.newideatest.site Dovecot ready.


Yet every example I see online is showing a HECK of a lot more than 
this. So what's up? Anyone got any idea what I did wrong? I've put the 
90-sieve.conf file on my web server at 
www.newideatest.site/90-sieve.conf for those who want to see it. If any 
other config files are wanted/needed to help figure this out, let me 
know what they are and I'll take care of it.  Here's an example of what 
other websites I've looked at say I SHOULD see:


Trying 162.243.12.140...
Connected to test3.rtcamp.com.
Escape character is '^]'.
*"IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave" *"NOTIFY" "mailto"

"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

so why am I not getting all this?

--
Dan Egli
From my Test Server



OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 30 Apr 2021, at 13:47, Robert L Mathews  wrote:
> Because of this, I've changed my company's various email
> autoconfigure/autodiscover hints and help pages to recommend configuring
> new clients using port 993 for IMAP

The is the right choice, though port 993 is IMAPS, not IMAP. I did not even 
know starttls was allowed/supported/widely available on port 143. I haven’t 
allowed use of that port in nearly 20 years (people with old mail clients that 
didn’t support IMAPS could use webmail).

> and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS).
> I don't need the hassle of finding out the hard way that new programs are
> deprecating STARTTLS, if that's what they're doing.

Since port 587 is dedicated to submission with STARTTLS you should be fine, as 
anyone wanting yo use submissions will be using only port 465.

Unless you are concerned about STRIPTLS, but on most (all proper?) 
configurations of port 587, there is no fallback for STRIPTLS to exploit via a 
downgrade attack. And most newer (last half decade?) mail clients will try 
submissions it submission fails, or vice-versa. Or at least the clients used by 
most people.

-- 
'Why are our people going out there?' said Mr Boggis of the Thieves'
Guild. 'Because they are showing a brisk pioneering spirit and
seeking wealth and... additional wealth in a new land,' said Lord
Vetinari. 'What's in it for the Klatchians?' said Lord Downey.
'Oh, they've gone out there because they are a bunch of
unprincipled opportunists always ready to grab something for
nothing,' said Lord Vetinari. [...] The Patrician looked down
again at his notes. 'Oh, I do beg your pardon,' he said. 'I seem
to have read those last two sentences in the wrong order.

Re: Can the disable_plaintext_auth setting get overridden for a specific port?

[@lbutlr]

On 30 Apr 2021, at 11:17, Steve Dondley  wrote:
> In 10-auth.conf, I have "disable_plaintext_auth = yes"
> 
> For port 143, I'd like to do something like this to override that setting:
> 
> service imap-login {
>  inet_listener imap {
>port = 143
>disable_plain_text_auth = no
>  }
> }

Are you sure you want to allow insecure plain text easily intercepted trivially 
hacked connections to your mail server? 

> Based on https://wiki.dovecot.org/LoginProcess and 
> https://doc.dovecot.org/configuration_manual/service_configuration/ it 
> doesn't seem like this is supported. But maybe there is another way to 
> accomplish this?

You are specifically turning off plaintext auth, the is going to do what it 
says on the tin.

BTW, there is no reasons to turn off plain text auth if you are using SSL as 
you should be.

-- 
The only good thing ever to come out of religion was the music.

how to show FreeIPA/Kerberos Password expired on webmail login

[Robert Kudyba]

Using dovecot-2.3.14-1.fc33.x86_64 with FreeIPA & Kerberos if a user's
password is expired in a web mail login, e.g., with Squirrelmail, the user
sees:
"Unknown user or password incorrect."

The dovecot logs show:
auth: Debug: client passdb out: FAIL1   user=ouru...@ourdomain.edu
code=pass_expired reason=Password expired  original_user=ouruser
imap-login: Debug: Ignoring unknown passdb extra field: original_user
imap-login: Info: Aborted login (password expired): user=<
ouru...@ourdomain.edu>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
secured, session=

Would this  be a feature request to show this message to users?

Also with debug logging there is a lot of log noise and are these errors
normal?

Error: passwd-file: open(/etc/dovecot/users) failed: No such file or
directory

as well as:

auth: Debug: http-client: conn x.x.x.x:8084 [1]: Client connection failed
(fd=23)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Connection failed (1
connections exist, 0 pending)
auth: Debug: http-client: peer x.x.x.x:8084: Failed to make connection (1
connections exist, 0 pending)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Failed to establish any
connection within our peer pool: connect(x.x.x.x:8084) failed: Connection
refused (1 connections exist, 0 pending)
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Failed to set up
connection to x.x.x.x:8084 (SSL=x.x.x.x): connect(x.x.x.x:8084) failed:
Connection refused (1 peers pending, 1 requests pending)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Unlinked queue
https://x.x.x.x:8084 (0 queues linked)
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Failed to set up
any connection; failing all queued requests
auth: Debug: http-client[1]: request [Req1: POST
https://x.x.x.x:8084/?command=allow]: Error: 9003 connect(x.x.x.x:8084)
failed: Connection refused
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Dropping request
[Req1: POST https://x.x.x.x:8084/?command=allow]
auth: Debug: http-client: host x.x.x.x: Host is idle (timeout = 100 msecs)
auth: Error: policy(ouru...@ourdomain.edu,127.0.0.1,):
Policy server HTTP error: connect(x.x.x.x:8084) failed: Connection refused

Re: What imap ssl/auth settings work best with MS Outlook?

[Robert L Mathews]

On 4/29/21 2:22 AM, Steve Dondley wrote:

> Some more nuttiness: I bit the bullet and downloaded a trial version of
> MS 365 and downloaded the Outlook desktop. On my mac, at least, there
> are two different interfaces/version of Outlook: the "old" Outlook and a
> "new," more minimalist version. You can switch between the versions easily.
> 
> On the "old" outlook, I was able to get things set up without issue. But
> with the "new" outlook, I couldn't send email or set up a new account.

I also have seen this. We had a customer within the last month report
that the "new Outlook" did not work on port 143 with STARTTLS -- it
shows a generic error that it has "a connection problem". I was able to
buy a copy of it and duplicate it.

Switching back to "old Outlook" fixes it.

Switching "new Outlook" to port 993 with forced TLS/SSL also solves it.
So does disabling STARTTLS on port 143 in "new Outlook".

The "new Outlook" is labeled as a work in progress -- it only received
IMAP support at all within the last couple of months! -- so maybe they
will fix this.

That said, there's a trend nowadays to avoid STARTTLS due to "STRIPTLS"
attacks -- see the "Weaknesses and mitigations" section on
. Port 993 with forced
TLS is immune to this.

Because of this, I've changed my company's various email
autoconfigure/autodiscover hints and help pages to recommend configuring
new clients using port 993 for IMAP and port 465 for SMTP submission
(rather than 143 and 587 with STARTTLS). I don't need the hassle of
finding out the hard way that new programs are deprecating STARTTLS, if
that's what they're doing.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 09:20, Arjen de Korte wrote:

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check the  
MX records for the domain and fill those in for the SMTP and IMAP  
servers, allowing users to more easily add (if needed) the domain  
prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on the
 inbound (MX) record also handles outbound and/or IMAP. In many cases,
 these will be different systems.


tell that to ovh, amazon, google, dreamhost, microsoft that have client 
mta that belive in open ports to custommer only services, i just say go 
away in iptables

Can the disable_plaintext_auth setting get overridden for a specific port?

[Steve Dondley]

In 10-auth.conf, I have "disable_plaintext_auth = yes"

For port 143, I'd like to do something like this to override that 
setting:


service imap-login {
  inet_listener imap {
port = 143
disable_plain_text_auth = no
  }
}

Based on https://wiki.dovecot.org/LoginProcess and 
https://doc.dovecot.org/configuration_manual/service_configuration/ it 
doesn't seem like this is supported. But maybe there is another way to 
accomplish this?

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 09:13, @lbutlr wrote:


When you enter your email address, it would be TRIVIAL to check the MX
records for the domain and fill those in for the SMTP and IMAP
servers, allowing users to more easily add (if needed) the domain
prefix.


checking mx is simple, but it might not be the right server for imap, 
smtps, submission, this data would be better to check mx domain, and 
then use the mx domain to find srv ports used one this main domain, to 
find what server hosts is for imap, imaps, pop3, pop3s, smtps, 
submission, all that is custommer only ports, and plenty of vps hosters 
abuse this from ther mta setups



No one does this.


automx2 exists on github trying to be better world, but it needs ssl 
certs for all maildomains, with is imho more complicated then using srv 
dns


this would be more simple for the dns hoster to have all this then add 
all this to hosted domains



Not a big thing, of course, but a silly omission that is best
explained by "Nah, if they are going to use real servers, let's not
make it any easier."


agree, take my hat off as a small esp

Re: What imap ssl/auth settings work best with MS Outlook?

[Erwan David]

Le 30/04/2021 à 19:06, Benny Pedersen a écrit :
> On 2021-04-30 03:48, Adi Pircalabu wrote:
>> On 29-04-2021 23:08, @lbutlr wrote:
>>> On 29 Apr 2021, at 03:22, Steve Dondley wrote:
 I am totally unfamiliar with Exchange servers. What do they offer,
 exactly, that dovecot/postfix does not (besides a revenue stream
 for MS)?
>>>
>>> A monthly stipend to Microsoft?
>>>
>>> (I think they actuallyy do offer some useful tools for things like
>>> meetings and calendars and such, including the 'feature' of being able
>>> to automatically add people to your itinerary.)
>>
>> 
>>
>> Fact: Exchange (especially hosted) is 2010-ish, Office365 is the
>> buzzword these days. Microsoft have been trying their best for quite
>> some time now to cripple the IMAP support in Outlook as much as they
>> can so that the email users will move their email business with o365
>> which - surprise surprise! - is s easy to autodiscover,
>> autoconfigure, autothis, autothat. It's all about integrated services
>> run by few well known powerful monopolies and it's only gonna get
>> worse.
>>
>> 
>
> 
>
> is mozilla thunderbird better in 2021 with no shareing or dokumented
> ical icard or shared adressbook
>
> simply is seamonkey worse then firefox ?
>
> 
>
> imho its not just microsoft
>

Thunderbird has native caldav support, you get carddav with the cardbook
extension, no problem.

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 03:48, Adi Pircalabu wrote:

On 29-04-2021 23:08, @lbutlr wrote:

On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, 
exactly, that dovecot/postfix does not (besides a revenue stream for 
MS)?


A monthly stipend to Microsoft?

(I think they actuallyy do offer some useful tools for things like
meetings and calendars and such, including the 'feature' of being able
to automatically add people to your itinerary.)




Fact: Exchange (especially hosted) is 2010-ish, Office365 is the
buzzword these days. Microsoft have been trying their best for quite
some time now to cripple the IMAP support in Outlook as much as they
can so that the email users will move their email business with o365
which - surprise surprise! - is s easy to autodiscover,
autoconfigure, autothis, autothat. It's all about integrated services
run by few well known powerful monopolies and it's only gonna get
worse.






is mozilla thunderbird better in 2021 with no shareing or dokumented 
ical icard or shared adressbook


simply is seamonkey worse then firefox ?



imho its not just microsoft

Re: What imap ssl/auth settings work best with MS Outlook?

[James]

On 30/04/2021 08:13, @lbutlr wrote:


When you enter your email address, it would be TRIVIAL to check the MX records 
for the domain and fill those in for the SMTP and IMAP servers, allowing users 
to more easily add (if needed) the domain prefix.


Better to use DNS SVR records than guess from MX or domain.  I provide 
email SVRs but does any mail client use them?


https://tools.ietf.org/html/rfc6186


There is config-v1.1.xml, again I do not know which clients use, hence 
what I should provide, maybe I carry on providing as many methods as I can.

automx2 (Re: What imap ssl/auth settings work best with MS Outlook?)

[Ralph Seichter]

* sebast...@sebbe.eu:

> When you enter your email address, it would be TRIVIAL to check the
> MX records for the domain and fill those in for the SMTP and IMAP
> servers, allowing users to more easily add (if needed) the domain
> prefix.

As pointed out here before, that approach would not generally work. Many
organisations split services over different IP addresses, and the IMAP
server need not bear any relationship to MX (inbound) or MTA (outbound).

Vendors use different types of autodiscover/autoconfig mechanisms. I
have written a service that implements some of them:

  https://rseichter.github.io/automx2/

It may be overkill for domains with a very small user base with purely
static data, but for medium sized organisations upwards or for those who
need to lookup email addresses from LDAP (matching an unrelated login
name), automx2 provides a means of handing out config data to iOS/macOS
Mail, some Outlook versions, Thunderbird, KMail, and more.

The documentation I pointed to also includes a description of some of
the mechanisms and RFCs behind it, in case you are interested.

-Ralph

Catch all for Metadata storage in SQL database

[Steffen Kaiser]

Hi,

the

https://doc.dovecot.org/configuration_manual/imap_metadata/

sample uses

mail_attribute_dict = file:%h/Maildir/dovecot-attributes

which stores all keys=value pairs in the file.

http://dovecot.2317879.n4.nabble.com/Dovecot-v2-3-9-3-HTTP-API-Endpoint-for-mailbox-cryptokey-operations-td70801.html

uses a SQL dict, however very specific ones. How can I use a SQL dict to 
store _all_ keys, as with a file based storage?


I cannot find a documentation for "pattern" specification, that works as 
"catch all", in order to store anything not catched by patterns into the 
database.


https://wiki.dovecot.org/Dictionary does not give any hint (in my eyes).



--
Steffen Kaiser

Re: What imap ssl/auth settings work best with MS Outlook?

[Erwan David]

Le 30/04/2021 à 11:47, James a écrit :

On 30/04/2021 08:13, @lbutlr wrote:

When you enter your email address, it would be TRIVIAL to check the MX 
records for the domain and fill those in for the SMTP and IMAP 
servers, allowing users to more easily add (if needed) the domain prefix.


Better to use DNS SVR records than guess from MX or domain.  I provide 
email SVRs but does any mail client use them?


https://tools.ietf.org/html/rfc6186


There is config-v1.1.xml, again I do not know which clients use, hence 
what I should provide, maybe I carry on providing as many methods as I can.





Here is what Thunderbird does : 
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration


No use of SRV Alas

Re: What imap ssl/auth settings work best with MS Outlook?

[Jochen Bern]

On 30.04.21 09:20, Arjen de Korte wrote:
> Citeren "@lbutlr" :
>> When you enter your email address, it would be TRIVIAL to check the MX
>> records for the domain and fill those in for the SMTP and IMAP
>> servers, allowing users to more easily add (if needed) the domain prefix.
> 
> Rightfully so. There is absolutely no guarantee that the server on the
> inbound (MX) record also handles outbound and/or IMAP. In many cases,
> these will be different systems.

There's no *guarantee* that any *other* guessing or discovery mechanism
that comes built into any general-distribution MUA will be correct, either.

(Says the man who has to seriously beat even current versions of
*Thunderbird* into accepting a manually-entered config and act as a test
tool against the IMAPS servers we purpose-built and run for the
appliances in the field. "How dare you NOT have an SMTP-out server for
this account at all!" etc..)

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH



smime.p7s
Description: S/MIME Cryptographic Signature

Re: What imap ssl/auth settings work best with MS Outlook?

[Arjen de Korte]

Citeren "@lbutlr" :


On 30 Apr 2021, at 01:20, Arjen de Korte  wrote:

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check  
the MX records for the domain and fill those in for the SMTP and  
IMAP servers, allowing users to more easily add (if needed) the  
domain prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on  
the inbound (MX) record also handles outbound and/or IMAP. In many  
cases, these will be different systems.


It is very very common. It's been at least a decade since I saw a  
configuration in which the SMTP/IMAP servers were on a different  
domain than the MX domain.


It´s getting less and less common. I see plenty domains where e-mail  
spam/virus protection is outsourced and where there is absolutely no  
hope of guessing the correct hostnames for outbound or IMAP servers  
based on the domain of the MX record. Configuring Autodiscover records  
may help somewhat, but even then YMMV.

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 30 Apr 2021, at 01:20, Arjen de Korte  wrote:
> Citeren "@lbutlr" :
> 
>> When you enter your email address, it would be TRIVIAL to check the MX 
>> records for the domain and fill those in for the SMTP and IMAP servers, 
>> allowing users to more easily add (if needed) the domain prefix.
>> 
>> No one does this.
> 
> Rightfully so. There is absolutely no guarantee that the server on the 
> inbound (MX) record also handles outbound and/or IMAP. In many cases, these 
> will be different systems.

It is very very common. It's been at least a decade since I saw a configuration 
in which the SMTP/IMAP servers were on a different domain than the MX domain.

NB: I am not saying that if the MX is mail.example.net "mail.example.net" 
should be filled in, but that "example.net" should be pre-populated with the 
opportunity to add, say "IMAP." To the beginning.


-- 
'Charity ain't giving people what you wants to give, it's giving
people what they need to get.'

Re: What imap ssl/auth settings work best with MS Outlook?

[Arjen de Korte]

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check the  
MX records for the domain and fill those in for the SMTP and IMAP  
servers, allowing users to more easily add (if needed) the domain  
prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on the  
inbound (MX) record also handles outbound and/or IMAP. In many cases,  
these will be different systems.

Sv: What imap ssl/auth settings work best with MS Outlook?

[Sebastian]

But whats specified for MX isn't neccessarly the endpoint endusers should
use as their incoming/outgoing servers, especially if the MX is routed
through a external spamfiltering service.

-Ursprungligt meddelande-
Från: dovecot-boun...@dovecot.org  För @lbutlr
Skickat: den 30 april 2021 09:14
Till: dovecot mailing list 
Ämne: Re: What imap ssl/auth settings work best with MS Outlook?

On 29 Apr 2021, at 19:48, Adi Pircalabu  wrote:
> 
> 
> Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword
these days. Microsoft have been trying their best for quite some time now to
cripple the IMAP support in Outlook as much as they can so that the email
users will move their email business with o365 which - surprise surprise! -
is s easy to autodiscover, autoconfigure, autothis, autothat. It's all
about integrated services run by few well known powerful monopolies and it's
only gonna get worse.

As an example of how MSFT (and others) make configuring real emails accounts
more difficult:

When you enter your email address, it would be TRIVIAL to check the MX
records for the domain and fill those in for the SMTP and IMAP servers,
allowing users to more easily add (if needed) the domain prefix.

No one does this.

Not a big thing, of course, but a silly omission that is best explained by
"Nah, if they are going to use real servers, let's not make it any easier."

> 


-- 
'You know what the greatest tragedy is in the whole world?' said
Ginger, not paying him the least attention. 'It's all the people
who never find out what it is they really want to do or what it
is they're really good at. It's all the sons who become
blacksmiths because their fathers were blacksmiths. It's all the
people who could be really fantastic flute players who grow old
and die without ever seeing a musical instrument, so they become
bad ploughmen instead. It's all the people with talents who never
even find out. Maybe they are never born in a time when it is
possible to find out.'




smime.p7s
Description: S/MIME Cryptographic Signature

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 29 Apr 2021, at 19:48, Adi Pircalabu  wrote:
> 
> 
> Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword 
> these days. Microsoft have been trying their best for quite some time now to 
> cripple the IMAP support in Outlook as much as they can so that the email 
> users will move their email business with o365 which - surprise surprise! - 
> is s easy to autodiscover, autoconfigure, autothis, autothat. It's all 
> about integrated services run by few well known powerful monopolies and it's 
> only gonna get worse.

As an example of how MSFT (and others) make configuring real emails accounts 
more difficult:

When you enter your email address, it would be TRIVIAL to check the MX records 
for the domain and fill those in for the SMTP and IMAP servers, allowing users 
to more easily add (if needed) the domain prefix.

No one does this.

Not a big thing, of course, but a silly omission that is best explained by 
"Nah, if they are going to use real servers, let's not make it any easier."

> 


-- 
'You know what the greatest tragedy is in the whole world?' said
Ginger, not paying him the least attention. 'It's all the people
who never find out what it is they really want to do or what it
is they're really good at. It's all the sons who become
blacksmiths because their fathers were blacksmiths. It's all the
people who could be really fantastic flute players who grow old
and die without ever seeing a musical instrument, so they become
bad ploughmen instead. It's all the people with talents who never
even find out. Maybe they are never born in a time when it is
possible to find out.'