disable pop3 ports?

2021-05-03 Thread Dan Egli 
I admit I don't quite understand dovecot's config yet, but this is 
driving me batty. I was looking at my server and noticed that dovecot 
was listening on the pop3 ports (110/TCP). Since I do not use pop3 at 
all, nor does anyone who has ever or ever will connect to the server, 
that seems like a needless waste. So I went through the config files and 
commented out every reference to pop3 in them. But when I restart 
dovecot, it STILL opens a listener on 110. How do I fix this? The ONLY 
external ports I want dovecot listening to are imap4 and imap4s.


Thanks!

--
Dan Egli
From my Test Server



OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [Dovecot] Doveadm sometimes failed "to iterate through some users" after upgrade to 2.2

2021-05-03 Thread Robert Dinse 
I am having the same issue with 2.3.11.3

Re: systemd integration not working

2021-05-03 Thread Timo Sirainen 
Did you see if the problem was that the imap-login process was using 100% CPU, or was the issue something else? I can't find a bug with the patch itself. But attached is another patch that adds some more asserts to make sure the linked lists are being used correctly, so if there is some bug it should now assert-crash instead of doing something else weird like go to infinite loop. But maybe the high CPU usage was something unrelated to this patch?

3679.diff
Description: Binary data
On 28. Apr 2021, at 21.57, Joan Moreau  wrote:Not much detailsGit version (including the patch you sent)  raised CPU load very very high.Can't play too much on my production server.Let me know if I can help
On 2021-04-28 06:12, Aki Tuomi wrote:


Can you provide any details on this instability?Aki
On April 27, 2021 7:58:01 PM UTC, Joan Moreau  wrote:
Ok, a third regression is that it becomes highly unstable with the patch you sentI had to get back to 2.3.14
On 2021-04-27 17:07, Joan Moreau wrote:


Indeed, latest git works much better :)
On 2021-04-27 05:58, Aki Tuomi wrote:

Can you try with latest git? We did some improvements on the systemd configure parts.Aki
On 26/04/2021 23:32 Joan Moreau  wrote:Looking at config.log, there is #define HAVE_LIBSYSTEMD 1But "Type=notify" does not appearMy systemd is version 248On 2021-04-26 12:05, Joan Moreau wrote:
I have# sudo systemctl status dovecot● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2021-04-25 20:13:25 UTC; 14h ago Docs: man:dovecot(1) https://doc.dovecot.org/ Main PID: 2559364 (dovecot) Tasks: 28 (limit: 76912) Memory: 1.0G CPU: 7min 18.342s CGroup: /system.slice/dovecot.service ├─2559364 /usr/sbin/dovecot -F ├─2559366 dovecot/imap-login ├─2559367 dovecot/anvil [11 connections] ├─2559368 dovecot/logOn 2021-04-26 08:32, Aki Tuomi wrote:
I don't know then. It works for me and I just tried it again. The only reason it would fail would be that HAVE_LIBSYSTEMD is not defined, so it would not be using libsystemd for notify support.$ sudo systemctl status dovecot● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2021-04-26 10:30:02 EEST; 2s ago Docs: man:dovecot(1) https://doc.dovecot.org/ Main PID: 30213 (dovecot) Status: "v2.4.devel (98a1cca054) running" Tasks: 4 (limit: 4701) Memory: 3.3M CGroup: /system.slice/dovecot.service ├─30213 /home/cmouse/dovecot/sbin/dovecot -F ├─30214 dovecot/anvil ├─30215 dovecot/log └─30216 dovecot/configYou can tell from the "Status" line that it's using Type=notify.Aki
On 26/04/2021 10:29 Joan Moreau  wrote:Yes, I do run autogen.sh after every "git pull"On 2021-04-26 08:21, Aki Tuomi wrote:
The current autoconf code is bit buggy, but if you do indeed have libsystemd-dev installed it should do the right thing and will work with systemd even if you have Type=notify.This has been actually tested, so if it's not working, then something else is wrong.Did you remember to run ./autogen.sh after pulling from git to make sure you get new configure script? Aki
On 26/04/2021 10:11 Joan Moreau  wrote:Yes systemd is installed (and the "dev" files as well)On 2021-04-26 06:23, Aki Tuomi wrote:
This is because you are not compiling with libsystemd-dev installed. I guess we need to make some service template that use type simple when you don't use libsystemd.Aki
On 25/04/2021 22:53 Joan Moreau  wrote:Yes, it seems fixed with this patch :)Another bug with git, is the "type=" in systemd is switched from "simple" to "notify". The later does not work and reverting to "simple" does workOn 2021-04-25 17:53, Aki Tuomi wrote:

On 24/04/2021 21:56 Joan Moreau  wrote:chroot= does not resolve the issueI have "chroot = login" in my conf
Thanks!The chroot was needed to get the core dump.Can you try if this does fix the crash?AkiFrom 1df4e02cbff710ce8938480b07a5690e37f661f6 Mon Sep 17 00:00:00 2001From: Timo Sirainen Date: Fri, 23 Apr 2021 16:43:36 +0300Subject: [PATCH] login-common: Fix handling destroyed_clients linked listThe client needs to be removed from destroyed_clients linked list beforeit's added to client_fd_proxies linked list.Broken by 1c622cdbe08df2f642e28923c39894516143ae2a--- src/login-common/client-common.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-)diff --git a/src/login-common/client-common.c b/src/login-common/client-common.cindex bdb6e9c798..1d264d9f75 100644--- a/src/login-common/client-common.c+++ b/src/login-common/client-common.c@@ -289,8 +289,9 @@ void client_disconnect(struct client *client, const char *reason, /* Login was successful. We may now be proxying the connection, so don't disconnect the client until client_unref(). */ if

Re: Problem with Log-File

2021-05-03 Thread Yassine Chaouche 

Le 5/3/21 à 4:19 AM, Volf, Ronald (IRV) a écrit :

Our Dir-Structure is: (for testing, we changed all to mod 777)
    2021-05-03 04:29:32 IRV-20210501-V02-rvh:~ # dir -d /var/  
/var/log/ /var/log/IRV_MdM/ /var/log/IRV_MdM/Dovecot_main.log

    drwxrwxrwx 11 root    root 4096 2021-04-30 20:36:51 /var/
    drwxrwxrwx 21 root    root 4096 2021-05-03 02:53:34 /var/log/
    drwxrwxrwx  4 IRV_MdM IRV_MdMG 4096 2021-05-03 04:28:09 
/var/log/IRV_MdM/
    -rwxrwxrwx  1 IRV_MdM IRV_MdMG   14 2021-05-03 01:36:18 
/var/log/IRV_MdM/Dovecot_main.log

    2021-05-03 04:29:48 IRV-20210501-V02-rvh:~ #

Hello,

You can replace that with namei. For example :

ychaouche#ychaouche-PC 11:39:17 ~ $ namei -l /var/log/dmesg
f: /var/log/dmesg
drwxr-xr-x root root   /
drwxr-xr-x root root   var
drwxrwxr-x root syslog log
-rw-r- root adm    dmesg
ychaouche#ychaouche-PC 11:39:30 ~ $

-- Yassine.

Re: Sieve - disable redirect

2021-05-03 Thread Miloslav Hůla 
Sorry, just found an example configuration of "sieve_max_redirects" 
which probably is the way.


Kind regards
Milo

Dne 03.05.2021 v 12:11 Miloslav Hůla napsal(a):

Hi,

I would like to disallow "redirect" in sieve scripts to prevent 
automatical e-mail forwarding out of organisation.


I'dint find a way in [1], only "sieve_extensions" option and when I try 
"sieve_extensions = -redirect" I got:


# sievec test.sieve
sievec(root): Warning: sieve: ignored unknown extension 'redirect' while 
configuring available extensions


Is there any way?

Kind regards
Milo


[1] https://doc.dovecot.org/configuration_manual/sieve/configuration/

Re: setmetadata and NIL

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 13:01 Steffen  wrote:
> 
>  
> Hi everybody,
> 
> I played with Dovecot's metadata in
> 
> dovecot-core   2:2.3.14-5+debian9
> 
> from repo
> 
> deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main
> 
> 
> https://tools.ietf.org/html/rfc5464#section-4.3
> and
> https://github.com/coi-dev/coi-specs/blob/master/webpush-spec.md
> 
> use NIL to remove items.
> 
> Unsubscribe
> 
> To unsubscribe from push notification set the previously push annotation
> to NIL.
> 
> *Example for unsubscribing from push notifications: *
> 
> C: a SETMETADATA ""
> (/private/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
> NIL)
> S: a OK SETMETADATA complete
> 
> and
> 
> C: a SETMETADATA INBOX (/private/comment NIL)
>S: a OK SETMETADATA complete
> 
>   In the above example, the entry "/private/comment" is removed from
>   the mailbox "INBOX".
> 
> 
> However, the metadata is stored as string NIL instead of removed:
> 
> cat /home/user/Maildir/dovecot-attributes
> priv/369c8f17e81ff151f4042e27b77f/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
> NIL
> priv/369c8f17e81ff151f4042e27b77f/comment
> NIL
> shared/369c8f17e81ff151f4042e27b77f/comment
> NIL
> 
> a GETMETADATA (DEPTH 1) ""
> (/private/vendor/vendor.dovecot/webpush/subscriptions)
> * METADATA ""
> (/private/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
> {3}
> NIL)
> a OK Getmetadata completed (0.001 + 0.000 secs).
> 
> Do I have misinterpreted the samples? I though, the metadata is to be
> removed and getmetadata should not return the string NIL.
> 
> Kind regards,
> 
> -- 
> Steffen

Hi!

Seems you indeed discovered a bug. We are looking into it and tracking it as 
DOP-2379.

Thank you for reporting it.

Aki

[solved] Re: Catch all for Metadata storage in SQL database

2021-05-03 Thread Steffen 
On 03.05.21 08:10, Aki Tuomi wrote:

Thanks, Aki. Yes it helped. It never occured to me, that the last
placeholder "$key" in your example is filled with the "tail" of the pattern.

> for one, you need to use proxy::metadata
> 
> then define
> 
> dict {
>metadata = mysql:/path/to/config
> }
> 
> then you need the mapping file, which you could use something like:
> 
> connect = host=localhost dbname=dovecot user=dovecot password=dovecot
> map {
>  pattern = priv/$key
>  fields {
>meta_key = $key
>  }
>  table = meta
>  username_field = username
>  value_field = value
> }


> 
> Hope this helps.

yes, it did :-)

For the archive - using postgres:

-- TODO: TEXT for testing purpose - adapt later
CREATE TABLE metadata (
   username TEXT NOT NULL,
   meta_key TEXT NOT NULL,
   value TEXT
);
CREATE UNIQUE INDEX metadata_pk ON metadata (username, meta_key);

-- Dovecot uses INSERT all the time
-- Taken from merge_quota()
CREATE OR REPLACE FUNCTION merge_metadata() RETURNS TRIGGER AS $$
BEGIN
  -- not working currently, because Dovecot passes "NIL" as string.
  -- we could test for NIL, but is it a bug?
  IF NEW.value ISNULL THEN
DELETE FROM metadata WHERE username = NEW.username AND meta_key
= NEW.meta_key;
RETURN NULL;
  END IF;
  LOOP
UPDATE metadata SET value = NEW.value
  WHERE username = NEW.username AND meta_key = NEW.meta_key;
IF found THEN
  RETURN NULL;
END IF;

BEGIN
  INSERT INTO metadata (value, meta_key, username)
  VALUES (NEW.value, NEW.meta_key, NEW.username);
  return NULL;
EXCEPTION WHEN unique_violation THEN
  -- someone just inserted the record, update it
END;
  END LOOP;
END;
$$ LANGUAGE plpgsql;

CREATE TRIGGER upd_metadata BEFORE INSERT ON metadata
   FOR EACH ROW EXECUTE PROCEDURE merge_metadata();




-- 
Steffen



signature.asc
Description: OpenPGP digital signature

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 13:14 Fiorenza Meini  wrote:
> 
>  
> Il 03/05/21 11:37, Aki Tuomi ha scritto:
> > 
> >> On 03/05/2021 11:53 Fiorenza Meini  wrote:
> >>
> >>   
> >> Il 03/05/21 10:42, Aki Tuomi ha scritto:
> >>>
>  On 03/05/2021 11:16 Fiorenza Meini  wrote:
> 
> 
>  Il 03/05/21 09:47, Aki Tuomi ha scritto:
> >
> >> On 03/05/2021 10:42 Fiorenza Meini  wrote:
> >>
> >> 
> >> Hi,
> >> I successfully enable mail_crypt module but I'm experiencing a strange
> >> behaviour with tmp directory while accessing with POP3 protocol:
> >>
> >> I see in log file:
> >> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
> >> Permission denied
> >>
> >> I changed tmp directory configuration (mail_temp_dir variable) and
> >> setting it with 777 permission, but the error is the same.
> >>
> >> On client side it's working everything, but I'd like to understand the
> >> error and if I have to be worried about it.
> >>
> >> Thank you and regards
> >> Fiorenza
> >>
> >> -- 
> >> Fiorenza Meini/Spazio Web
> >>
> >
> > Are you by chance using selinux or apparmor there which could prevent 
> > this? Also Dovecot's stock systemd unit prevenst you from writing into 
> > random locations, /tmp should be fine though.
> >
> > Aki
> >
> 
>  Hi,
>  I have apparmor installed on the machine, but even if stopped it the
>  problem didn't solved.
> 
>  I think dovecot's systemd unit file configuration is this
>  one:/usr/lib/tmpfiles.d/dovecot.conf
> 
>  It's content is this:
>  # Type PathMode UID  GID Age Argument
>  d  /var/run/dovecot/   0755 root root-   -
>  d  /var/run/dovecot/login/ 0750 root dovecot -   -
> 
>  Should I insert here a line for /tmp directory ?
> 
>  Thank you and regards
> 
>  Fiorenza
> >>>
> >>> I don't think you need to do that.
> >>>
> >>> Also note that since you're using systemd, dovecot has PrivateTmp=yes, 
> >>> which means that /tmp is actually /tmp/*service*dovecot*/tmp
> >>>
> >>> Aki
> >>>
> >>
> >> Hi,
> >> thank you.
> >> I can't see that directory under /tmp Is there a way to create it?
> >>
> >> Regards
> >> Fiorenza
> > 
> > Depends a lot on your setup. I see I got the mask wrong, it's really
> > 
> >   /tmp/*systemd*dovecot*/tmp
> > 
> > Aki
> > 
> 
> Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 
> on these directory.  Restarted dovecot, nothing changed and the error is 
> the same.
> 
> Trying to understand which is exactly the tmp directory used by dovecot, 
> I configured the variable mail_temp_dir, and I saw that dovecot used the 
> directory configured, which was different from /tmp.
> 
> Under what conditions does dovecot use the temporary directory?
> 
> Thank you and regards
> 
> Fiorenza

You cannot create the directory by hand, it's managed by systemd. If you do not 
have that directory you are either not using systemd, or you have disabled 
PrivateTmp=yes.

Dovecot uses mail_temp_dir when it needs to "buffer" data to disk when 
reading/writing mails.

Aki

Re: Problem with Log-File

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 06:19 Volf, Ronald (IRV)  wrote:
> 
> 
> Hello!
> We want to log error in a File directly : /var/log/IRV_MdM/Dovecot_main.log.
> 
> We got this error: 'Can't open log file /var/log/IRV_MdM/Dovecot_main.log: 
> Permission denied'
> 
> Please have a look at our Problem. Is it a bug or an incorrect config ?
> 
> Our Dir-Structure is: (for testing, we changed all to mod 777)
> 2021-05-03 04:29:32 IRV-20210501-V02-rvh:~ # dir -d /var/ /var/log/ 
> /var/log/IRV_MdM/ /var/log/IRV_MdM/Dovecot_main.log
>  drwxrwxrwx 11 root root 4096 2021-04-30 20:36:51 /var/
>  drwxrwxrwx 21 root root 4096 2021-05-03 02:53:34 /var/log/
>  drwxrwxrwx 4 IRV_MdM IRV_MdMG 4096 2021-05-03 04:28:09 /var/log/IRV_MdM/
>  -rwxrwxrwx 1 IRV_MdM IRV_MdMG 14 2021-05-03 01:36:18 
> /var/log/IRV_MdM/Dovecot_main.log
>  2021-05-03 04:29:48 IRV-20210501-V02-rvh:~ #
> 
> Version:
> 2021-05-03 04:28:05 IRV-20210501-V02-rvh:~ # dovecot --version
>  2.3.14 (cee3cbc0d)
>  2021-05-03 04:28:12 IRV-20210501-V02-rvh:~ #
> 
> Logs:
> 2021-05-03 04:28:51 IRV-20210501-V02-rvh:~ # doveadm log find
>  Debug: /var/log/IRV_MdM/Dovecot_main.log
>  Info: /var/log/IRV_MdM/Dovecot_main.log
>  Warning: /var/log/IRV_MdM/Dovecot_main.log
>  Error: /var/log/IRV_MdM/Dovecot_main.log
>  Fatal: /var/log/IRV_MdM/Dovecot_main.log
> 
> Config:
>  2021-05-03 04:45:27 IRV-20210501-V02-rvh:~ # dovecot -n
>  # 2.3.14 (cee3cbc0d): /etc/dovecot/dovecot.conf
>  # Pigeonhole version 0.5.14 (1b5c82b2)
> # OS: Linux 5.12.0-1-default x86_64 ext3
>  # Hostname: IRV-20210501-V02-rvh
>  auth_cache_size = 20 M
>  auth_debug = yes
>  auth_debug_passwords = yes
>  auth_verbose = yes
>  auth_verbose_passwords = plain
>  default_internal_user = IRV_MdM
>  default_login_user = IRV_MdM_Login
>  deliver_log_format = msgid=%m: %$ (From=%f, To=%t, Subject=%s, Size=%p/%w, 
> Dsn=%{storage_id})
>  disable_plaintext_auth = no
>  first_valid_uid = 1
>  last_valid_gid = 4
>  last_valid_uid = 4
>  listen = *
>  log_path = /var/log/IRV_MdM/Dovecot_main.log
>  log_timestamp = "%Y-%m-%d %H:%M:%S "
>  login_greeting = Welcome to the INetS - Multi-Device-Mail-Server.
>  mail_access_groups = IRV_MdMG
>  mail_debug = yes
>  mail_location = 
> maildir:/var/spool/IRV_MdM/User/%u/Mail:CONTROL=/var/spool/IRV_MdM/User/%u/Ctrl:INDEX=/var/spool/IRV_MdM/User/%u/Index:LAYOUT=fs
>  mail_temp_dir = /var/spool/IRV_MdM/Tmp
>  managesieve_notify_capability = mailto
>  managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
>  namespace inbox {
>  inbox = yes
>  location =
>  mailbox Drafts {
>  special_use = \Drafts
>  }
>  mailbox Junk {
>  special_use = \Junk
>  }
>  mailbox Sent {
>  special_use = \Sent
>  }
>  mailbox "Sent Messages" {
>  special_use = \Sent
>  }
>  mailbox Trash {
>  special_use = \Trash
>  }
>  prefix =
>  }
>  passdb {
>  args = /etc/dovecot/dovecot-sql.conf.ext
>  driver = sql
>  }
>  plugin {
>  sieve = file:~/sieve;active=~/.dovecot.sieve
>  }
>  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
>  postmaster_address =supp...@irv.at
> ssl_cert = /Apps_IRV/Web/Cert/IRV_star_irv_at/IRV_STAR_irv_at.Crt.crt
>  ssl_cipher_list = 
> ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
>  ssl_key = # hidden, use -P to show it
>  ssl_options = no_compression
>  ssl_prefer_server_ciphers = yes
>  userdb {
>  driver = prefetch
>  }
>  userdb {
>  args = /etc/dovecot/dovecot-sql.conf.ext
>  driver = sql
>  }
>  verbose_proctitle = yes
>  2021-05-03 04:45:42 IRV-20210501-V02-rvh:~ #
> 
> OS:
> 2021-05-03 04:45:42 IRV-20210501-V02-rvh:~ # i_ver
>  Isg-Release: Version = 07.00.22 from 2021-01-22 21:13.
>  Linux-Release: openSUSE Tumbleweed 20210430 Linux 5.12.0-1-default x86_64.
>  2021-05-03 05:13:01 IRV-20210501-V02-rvh:~ #
> Please send the reply to supp...@irv.at.
> 
> Mit freundlichen Grüßen / with best regards
> 
> Ing. Ronald VOLF
> http://www.irv.at/ IRV Datenverarbeitung GmbH 
> Internet:  www.irv.at (http://www.irv.at/)
> Mail:  sa...@irv.at   
> Tel.:  (+43-2236) 2236 7 *
> Fax:   (+43-2236) 2191 7 / 30 
> Addr.: Brown Boveri Strasse 6, Top 18
> 2351 Wr. Neudorf, Austria

Hi!

Not sure which os you are using but perhaps if it's redhat based, you need to 
ensure correct selinux context on the directory and files? Or you have some 
other thing preventing you from writing, so you should probably check `dmesg` 
and `/var/log/audit/audit.log` and such.

Aki

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Fiorenza Meini 




Il 03/05/21 11:37, Aki Tuomi ha scritto:



On 03/05/2021 11:53 Fiorenza Meini  wrote:

  
Il 03/05/21 10:42, Aki Tuomi ha scritto:



On 03/05/2021 11:16 Fiorenza Meini  wrote:

   
Il 03/05/21 09:47, Aki Tuomi ha scritto:



On 03/05/2021 10:42 Fiorenza Meini  wrote:


Hi,

I successfully enable mail_crypt module but I'm experiencing a strange
behaviour with tmp directory while accessing with POP3 protocol:

I see in log file:
Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
Permission denied

I changed tmp directory configuration (mail_temp_dir variable) and
setting it with 777 permission, but the error is the same.

On client side it's working everything, but I'd like to understand the
error and if I have to be worried about it.

Thank you and regards
Fiorenza

--
Fiorenza Meini/Spazio Web



Are you by chance using selinux or apparmor there which could prevent this? 
Also Dovecot's stock systemd unit prevenst you from writing into random 
locations, /tmp should be fine though.

Aki



Hi,
I have apparmor installed on the machine, but even if stopped it the
problem didn't solved.

I think dovecot's systemd unit file configuration is this
one:/usr/lib/tmpfiles.d/dovecot.conf

It's content is this:
# Type PathMode UID  GID Age Argument
d  /var/run/dovecot/   0755 root root-   -
d  /var/run/dovecot/login/ 0750 root dovecot -   -

Should I insert here a line for /tmp directory ?

Thank you and regards

Fiorenza


I don't think you need to do that.

Also note that since you're using systemd, dovecot has PrivateTmp=yes, which 
means that /tmp is actually /tmp/*service*dovecot*/tmp

Aki



Hi,
thank you.
I can't see that directory under /tmp Is there a way to create it?

Regards
Fiorenza


Depends a lot on your setup. I see I got the mask wrong, it's really

  /tmp/*systemd*dovecot*/tmp

Aki



Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 
on these directory.  Restarted dovecot, nothing changed and the error is 
the same.


Trying to understand which is exactly the tmp directory used by dovecot, 
I configured the variable mail_temp_dir, and I saw that dovecot used the 
directory configured, which was different from /tmp.


Under what conditions does dovecot use the temporary directory?

Thank you and regards

Fiorenza

Sieve - disable redirect

2021-05-03 Thread Miloslav Hůla 

Hi,

I would like to disallow "redirect" in sieve scripts to prevent 
automatical e-mail forwarding out of organisation.


I'dint find a way in [1], only "sieve_extensions" option and when I try 
"sieve_extensions = -redirect" I got:


# sievec test.sieve
sievec(root): Warning: sieve: ignored unknown extension 'redirect' while 
configuring available extensions


Is there any way?

Kind regards
Milo


[1] https://doc.dovecot.org/configuration_manual/sieve/configuration/

setmetadata and NIL

2021-05-03 Thread Steffen 
Hi everybody,

I played with Dovecot's metadata in

dovecot-core   2:2.3.14-5+debian9

from repo

deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main


https://tools.ietf.org/html/rfc5464#section-4.3
and
https://github.com/coi-dev/coi-specs/blob/master/webpush-spec.md

use NIL to remove items.

Unsubscribe

To unsubscribe from push notification set the previously push annotation
to NIL.

*Example for unsubscribing from push notifications: *

C: a SETMETADATA ""
(/private/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
NIL)
S: a OK SETMETADATA complete

and

C: a SETMETADATA INBOX (/private/comment NIL)
   S: a OK SETMETADATA complete

  In the above example, the entry "/private/comment" is removed from
  the mailbox "INBOX".


However, the metadata is stored as string NIL instead of removed:

cat /home/user/Maildir/dovecot-attributes
priv/369c8f17e81ff151f4042e27b77f/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
NIL
priv/369c8f17e81ff151f4042e27b77f/comment
NIL
shared/369c8f17e81ff151f4042e27b77f/comment
NIL

a GETMETADATA (DEPTH 1) ""
(/private/vendor/vendor.dovecot/webpush/subscriptions)
* METADATA ""
(/private/vendor/vendor.dovecot/webpush/subscriptions/31754ee7-d3ee-4226-b112-6895ed26fcf8
{3}
NIL)
a OK Getmetadata completed (0.001 + 0.000 secs).

Do I have misinterpreted the samples? I though, the metadata is to be
removed and getmetadata should not return the string NIL.

Kind regards,

-- 
Steffen





signature.asc
Description: OpenPGP digital signature

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 11:53 Fiorenza Meini  wrote:
> 
>  
> Il 03/05/21 10:42, Aki Tuomi ha scritto:
> > 
> >> On 03/05/2021 11:16 Fiorenza Meini  wrote:
> >>
> >>   
> >> Il 03/05/21 09:47, Aki Tuomi ha scritto:
> >>>
>  On 03/05/2021 10:42 Fiorenza Meini  wrote:
> 
> 
>  Hi,
>  I successfully enable mail_crypt module but I'm experiencing a strange
>  behaviour with tmp directory while accessing with POP3 protocol:
> 
>  I see in log file:
>  Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
>  Permission denied
> 
>  I changed tmp directory configuration (mail_temp_dir variable) and
>  setting it with 777 permission, but the error is the same.
> 
>  On client side it's working everything, but I'd like to understand the
>  error and if I have to be worried about it.
> 
>  Thank you and regards
>  Fiorenza
> 
>  -- 
>  Fiorenza Meini/Spazio Web
> 
> >>>
> >>> Are you by chance using selinux or apparmor there which could prevent 
> >>> this? Also Dovecot's stock systemd unit prevenst you from writing into 
> >>> random locations, /tmp should be fine though.
> >>>
> >>> Aki
> >>>
> >>
> >> Hi,
> >> I have apparmor installed on the machine, but even if stopped it the
> >> problem didn't solved.
> >>
> >> I think dovecot's systemd unit file configuration is this
> >> one:/usr/lib/tmpfiles.d/dovecot.conf
> >>
> >> It's content is this:
> >> # Type PathMode UID  GID Age Argument
> >> d  /var/run/dovecot/   0755 root root-   -
> >> d  /var/run/dovecot/login/ 0750 root dovecot -   -
> >>
> >> Should I insert here a line for /tmp directory ?
> >>
> >> Thank you and regards
> >>
> >> Fiorenza
> > 
> > I don't think you need to do that.
> > 
> > Also note that since you're using systemd, dovecot has PrivateTmp=yes, 
> > which means that /tmp is actually /tmp/*service*dovecot*/tmp
> > 
> > Aki
> > 
> 
> Hi,
> thank you.
> I can't see that directory under /tmp Is there a way to create it?
> 
> Regards
> Fiorenza

Depends a lot on your setup. I see I got the mask wrong, it's really

 /tmp/*systemd*dovecot*/tmp

Aki

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Fiorenza Meini 




Il 03/05/21 10:42, Aki Tuomi ha scritto:



On 03/05/2021 11:16 Fiorenza Meini  wrote:

  
Il 03/05/21 09:47, Aki Tuomi ha scritto:



On 03/05/2021 10:42 Fiorenza Meini  wrote:

   
Hi,

I successfully enable mail_crypt module but I'm experiencing a strange
behaviour with tmp directory while accessing with POP3 protocol:

I see in log file:
Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
Permission denied

I changed tmp directory configuration (mail_temp_dir variable) and
setting it with 777 permission, but the error is the same.

On client side it's working everything, but I'd like to understand the
error and if I have to be worried about it.

Thank you and regards
Fiorenza

--
Fiorenza Meini/Spazio Web



Are you by chance using selinux or apparmor there which could prevent this? 
Also Dovecot's stock systemd unit prevenst you from writing into random 
locations, /tmp should be fine though.

Aki



Hi,
I have apparmor installed on the machine, but even if stopped it the
problem didn't solved.

I think dovecot's systemd unit file configuration is this
one:/usr/lib/tmpfiles.d/dovecot.conf

It's content is this:
# Type PathMode UID  GID Age Argument
d  /var/run/dovecot/   0755 root root-   -
d  /var/run/dovecot/login/ 0750 root dovecot -   -

Should I insert here a line for /tmp directory ?

Thank you and regards

Fiorenza


I don't think you need to do that.

Also note that since you're using systemd, dovecot has PrivateTmp=yes, which 
means that /tmp is actually /tmp/*service*dovecot*/tmp

Aki



Hi,
thank you.
I can't see that directory under /tmp Is there a way to create it?

Regards
Fiorenza

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 11:16 Fiorenza Meini  wrote:
> 
>  
> Il 03/05/21 09:47, Aki Tuomi ha scritto:
> > 
> >> On 03/05/2021 10:42 Fiorenza Meini  wrote:
> >>
> >>   
> >> Hi,
> >> I successfully enable mail_crypt module but I'm experiencing a strange
> >> behaviour with tmp directory while accessing with POP3 protocol:
> >>
> >> I see in log file:
> >> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
> >> Permission denied
> >>
> >> I changed tmp directory configuration (mail_temp_dir variable) and
> >> setting it with 777 permission, but the error is the same.
> >>
> >> On client side it's working everything, but I'd like to understand the
> >> error and if I have to be worried about it.
> >>
> >> Thank you and regards
> >> Fiorenza
> >>
> >> -- 
> >> Fiorenza Meini/Spazio Web
> >>
> > 
> > Are you by chance using selinux or apparmor there which could prevent this? 
> > Also Dovecot's stock systemd unit prevenst you from writing into random 
> > locations, /tmp should be fine though.
> > 
> > Aki
> > 
> 
> Hi,
> I have apparmor installed on the machine, but even if stopped it the 
> problem didn't solved.
> 
> I think dovecot's systemd unit file configuration is this 
> one:/usr/lib/tmpfiles.d/dovecot.conf
> 
> It's content is this:
> # Type PathMode UID  GID Age Argument
> d  /var/run/dovecot/   0755 root root-   -
> d  /var/run/dovecot/login/ 0750 root dovecot -   -
> 
> Should I insert here a line for /tmp directory ?
> 
> Thank you and regards
> 
> Fiorenza

I don't think you need to do that.

Also note that since you're using systemd, dovecot has PrivateTmp=yes, which 
means that /tmp is actually /tmp/*service*dovecot*/tmp

Aki

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Fiorenza Meini 




Il 03/05/21 09:47, Aki Tuomi ha scritto:



On 03/05/2021 10:42 Fiorenza Meini  wrote:

  
Hi,

I successfully enable mail_crypt module but I'm experiencing a strange
behaviour with tmp directory while accessing with POP3 protocol:

I see in log file:
Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
Permission denied

I changed tmp directory configuration (mail_temp_dir variable) and
setting it with 777 permission, but the error is the same.

On client side it's working everything, but I'd like to understand the
error and if I have to be worried about it.

Thank you and regards
Fiorenza

--
Fiorenza Meini/Spazio Web



Are you by chance using selinux or apparmor there which could prevent this? 
Also Dovecot's stock systemd unit prevenst you from writing into random 
locations, /tmp should be fine though.

Aki



Hi,
I have apparmor installed on the machine, but even if stopped it the 
problem didn't solved.


I think dovecot's systemd unit file configuration is this 
one:/usr/lib/tmpfiles.d/dovecot.conf


It's content is this:
# Type PathMode UID  GID Age Argument
d  /var/run/dovecot/   0755 root root-   -
d  /var/run/dovecot/login/ 0750 root dovecot -   -

Should I insert here a line for /tmp directory ?

Thank you and regards

Fiorenza

Re: mail_crypt module and error with tmp directory

2021-05-03 Thread Aki Tuomi 


> On 03/05/2021 10:42 Fiorenza Meini  wrote:
> 
>  
> Hi,
> I successfully enable mail_crypt module but I'm experiencing a strange 
> behaviour with tmp directory while accessing with POP3 protocol:
> 
> I see in log file:
> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: 
> Permission denied
> 
> I changed tmp directory configuration (mail_temp_dir variable) and 
> setting it with 777 permission, but the error is the same.
> 
> On client side it's working everything, but I'd like to understand the 
> error and if I have to be worried about it.
> 
> Thank you and regards
> Fiorenza
> 
> -- 
> Fiorenza Meini/Spazio Web
> 

Are you by chance using selinux or apparmor there which could prevent this? 
Also Dovecot's stock systemd unit prevenst you from writing into random 
locations, /tmp should be fine though.

Aki

mail_crypt module and error with tmp directory

2021-05-03 Thread Fiorenza Meini 

Hi,
I successfully enable mail_crypt module but I'm experiencing a strange 
behaviour with tmp directory while accessing with POP3 protocol:


I see in log file:
Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: 
Permission denied


I changed tmp directory configuration (mail_temp_dir variable) and 
setting it with 777 permission, but the error is the same.


On client side it's working everything, but I'd like to understand the 
error and if I have to be worried about it.


Thank you and regards
Fiorenza

--
Fiorenza Meini/Spazio Web

Via Dante Alighieri, 10 - 13900 - BIELLA
tel. +39 015 2431982-1 - fax 015 2522600
https://esseweb.eu
--
Questo messaggio e i suoi allegati ai sensi del Regolamento (UE) 
2016/679 sono indirizzati esclusivamente alle persone indicate.
La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza 
di queste informazioni sono rigorosamente vietate.
Qualora abbiate ricevuto questo documento per errore siete pregati di 
darne immediata comunicazione al mittente e provvedere alla sua distruzione.

Re: Writing an custom imap command

2021-05-03 Thread Aki Tuomi 


> On 01/05/2021 18:32 Ryan Beethe  wrote:
> 
>  
> I'm interested in writing a custom imap command that behaves a bit like
> IDLE but synchronizes some state that is specific to my mail client /
> mail server.
> 
> I found that stateless commands were trivial to understand, and I really
> like the plugin pattern for registering custom commands.
> 
> But I have a few questions on how to write a long-running command that I
> was not able to answer by reading through the code.  This mailing list
> seems like the best place to ask them.
> 
> For reference, the source code for my custom command is here:
> 
> 
> https://github.com/Splintermail/splintermail-client/blob/dev/server/xkeysync.c
> 
> Thanks,
> 
> Ryan
> 
> --
> 
> 1. Why does cmd-idle.c sometimes call client_command_free()?  But
> sometimes it doesn't?
> 
> For example, cmd_idle_continue() frees it in some branches but not
> others.  That makes no sense to me; it seems like it should be based
> on your entrypoint (mailbox notify callback vs input callback vs
> timeout callback), not based on which branch of logic within that
> entrypoint.
>
> 2. Why does cmd-idle.c ever call client_destroy()?  That seems like
> something that should be invoked only by the imap process, not by any
> command.
> 
> It calls it in cmd-idle.c:idle_callback (which is a mailbox notify
> callback).  It invokes it after idle_sync_now() when it detects that
> client->disconnected is set.  Maybe that happens in imap_sync_init()
> or something?
> 
> 3. Why does cmd-idle.c ever call client_disconnect()?  That also seems
> like the responsibility of the imap process, and not any command.
> 
> idle_client_input_more() detects when i_stream_read returns -1,
> meaning that the client has *already disconnected*.  Then it calls
> client_disconnect().
> 
> I think this is the crazy part... the istream is effectively unique
> to the imap process, so it seems unreasonable that any command is
> responsible for cleaning it up; it should just always happen at the
> imap process level before exiting, right?
>

IDLE cmd can be sometimes delegated to a separate worker called imap-hibernate, 
in which case the connection is moved to another process. This explains about 
all your questions.
 
> 4. What does client_continue_pending_input() actually do, and under what
> conditions does it need to be called?
> 
> There is one place that you *can't* call it; there is a section in
> imap-client.c:client_handle_input() that calls
> imap-client.c:client_handle_next_command(), which calls the
> cmd->func().  That makes sense; that's the input trigger for the
> command plugin, so maybe you only have to trigger it when you are
> receiving input that doesn't fit into the normal command args
> behavior.
> 
> It has a comment that says "this function is called at the end of
> I/O callbacks (and only there)".  It _is_ called by client_input()
> and by client_output(), but also by:
>  - cmd-idle.c:idle_client_input (io_add_istream callback)
>  - cmd-append.c:client_input_append (io_add_istream callback)
>  - imap-search.c:cmd_search_more_callback (timeout_add callback)
> The first two cases seem to be the only io_add_istream() commands
> that even exist, so that explains them.  I can't explain the
> imap-search.c case at all.
> 
> Reading through it I have really no idea what
> client_continue_pending_input is really doing.
> 
> My command has a DONE mechanic just like IDLE so I'm pretty sure I
> need to invoke this function, I'm just concerned I'm going to do it
> wrong if I don't understand the mechanics of it.

It means that you did not consume all the input there was.

You probably shold look some much more simple commands as insipiration. Try 
looking e.g. how cmd_id is implemented instead. 

Aki

Re: Can the disable_plaintext_auth setting get overridden for a specific port?

2021-05-03 Thread Aki Tuomi 


> On 30/04/2021 20:17 Steve Dondley  wrote:
> 
>  
> In 10-auth.conf, I have "disable_plaintext_auth = yes"
> 
> For port 143, I'd like to do something like this to override that 
> setting:
> 
> service imap-login {
>inet_listener imap {
>  port = 143
>  disable_plain_text_auth = no
>}
> }
> 
> Based on https://wiki.dovecot.org/LoginProcess and 
> https://doc.dovecot.org/configuration_manual/service_configuration/ it 
> doesn't seem like this is supported. But maybe there is another way to 
> accomplish this?

If you want to allow plaintext auth from trusted proxies, use 
login_trusted_networks instead. 
https://doc.dovecot.org/settings/core/#login-trusted-networks

Aki

Re: Catch all for Metadata storage in SQL database

2021-05-03 Thread Aki Tuomi 


> On 30/04/2021 09:38 Steffen Kaiser  wrote:
> 
>  
> Hi,
> 
> the
> 
> https://doc.dovecot.org/configuration_manual/imap_metadata/
> 
> sample uses
> 
> mail_attribute_dict = file:%h/Maildir/dovecot-attributes
> 
> which stores all keys=value pairs in the file.
> 
> http://dovecot.2317879.n4.nabble.com/Dovecot-v2-3-9-3-HTTP-API-Endpoint-for-mailbox-cryptokey-operations-td70801.html
> 
> uses a SQL dict, however very specific ones. How can I use a SQL dict to 
> store _all_ keys, as with a file based storage?
> 
> I cannot find a documentation for "pattern" specification, that works as 
> "catch all", in order to store anything not catched by patterns into the 
> database.
> 
> https://wiki.dovecot.org/Dictionary does not give any hint (in my eyes).
> 
> 
> 
> -- 
> Steffen Kaiser


for one, you need to use proxy::metadata

then define

dict {
   metadata = mysql:/path/to/config
}

then you need the mapping file, which you could use something like:

connect = host=localhost dbname=dovecot user=dovecot password=dovecot
map {
 pattern = priv/$key
 fields {
   meta_key = $key
 }
 table = meta
 username_field = username
 value_field = value
}

with

CREATE TABLE meta (
   username VARCHAR(255) NOT NULL,
   meta_key VARCHAR(255) NOT NULL,
   value VARCHAR(255),
   PRIMARY KEY(username, `key`)
);

Hope this helps.

Aki