Re: LDAP and user duplicated with replication

[Christian Mack]

Hello

Am 02.12.21 um 17:54 schrieb Claudio Corvino:
> Hi,
> 
> I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1), I use
> LDAP/AD for /userdb, /replica is working.
> 
> When I do a search like:
> 
> /doveadm replicator status '*'/
> 
> I receive user duplicated, with and without the domain part, for example:
> 
> /test/
> /t...@domain.com/
> 
> but they are the same user; this lead the replicator doing twice the
> work of replication.
> 
> I think this is related to //etc/dovecot/dovecot-ldap.conf/ that is
> configured in this way:
> 
> /hosts = xxx/
> 
> /base = dc=xxx,dc=xxx
> ldap_version=3
> auth_bind = yes
> dn = cn=xxx,cn=Users,dc=xxx,dc=xxx
> dnpass = xxx
> scope = subtree
> user_attrs =
> sAMAccountName=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501
[...]

This is for sure wrong.

Try:
user_attrs =
sAMAccountName=user,=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

Re: quota warnings not sent out anymore

[mj]

Additional info: there seems to be permission-related issue anyway, as 
we also see messages like these in our logs:



2021-12-03T19:06:15.032873+01:00 hostname dovecot - - -  quota-warning: Error: 
lda(username,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: 
Permission denied


But are permissions of stats-writer related to not sending out quota 
notifications?


MJ

Op 06-12-2021 om 12:10 schreef mj:

Hi,

We suddenly realised that our maildir quota warnings are no longer sent 
out. We don't understand why not.


This is dovecot 2.3.4.1 on debian 10.11. We use a script to send out the 
notification, adapted from the dovecot wiki here: 
(https://doc.dovecot.org/configuration_manual/quota/)


Our quota notification script is:


#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o 
"plugin/quota=maildir::noenforcing"

From: nore...@domain.com
Subject: quota warning

Your mailbox is now $PERCENT% full.

Please delete or archive items to decrease your mailbox size.


Our complete doveconf -n output is at the end of this email.

When calling the script manually as user root, it works perfectly. But 
as user vmail or dovecot, no notifications are sent at all.


I guess this is relevant:


root@dovecot:/etc/dovecot# ls -l /var/run/dovecot/
total 8
srw--- 1 root    root  0 Dec  6 00:00 anvil
srw--- 1 root    root  0 Dec  6 00:00 anvil-auth-penalty
srw--- 1 dovecot root  0 Dec  6 11:34 auth-client
srw--- 1 dovecot root  0 Dec  6 11:34 auth-login
srw--- 1 root    root  0 Dec  6 11:34 auth-master
-rw--- 1 root    root 32 Jul 19 17:39 auth-token-secret.dat
srw-rw-rw- 1 vmail   vmail 0 Dec  6 11:34 auth-userdb
srw--- 1 dovecot root  0 Dec  6 11:34 auth-worker
srw--- 1 root    root  0 Dec  6 11:34 config
srw-rw 1 root    dovecot   0 Dec  6 11:34 dict
srw-rw 1 root    dovecot   0 Dec  6 11:34 dict-async
srw--- 1 root    root  0 Dec  6 11:34 director-admin
srw-rw-rw- 1 root    root  0 Dec  6 11:34 dns-client
srw--- 1 root    root  0 Dec  6 11:34 doveadm-server
lrwxrwxrwx 1 root    root 25 Dec  6 00:00 dovecot.conf -> 
/etc/dovecot/dovecot.conf

drwxr-xr-x 2 root    root 40 Jul 19 17:39 empty
srw-rw 1 root    dovecot   0 Dec  6 11:34 imap-hibernate
srw--- 1 root    root  0 Dec  6 11:34 imap-master
srw-rw-rw- 1 root    root  0 Dec  6 11:34 imap-urlauth
srw--- 1 dovecot root  0 Dec  6 11:34 imap-urlauth-worker
srw-rw-rw- 1 root    root  0 Dec  6 11:34 indexer
srw--- 1 dovecot root  0 Dec  6 11:34 indexer-worker
srw--- 1 dovecot root  0 Dec  6 11:34 ipc
srw-rw-rw- 1 root    root  0 Dec  6 11:34 lmtp
srw--- 1 root    root  0 Dec  6 11:34 log-errors
drwxr-x--- 2 root    nogroup 120 Dec  6 11:34 login
srw--- 1 root    root  0 Dec  6 11:34 master
-rw--- 1 root    root  6 Dec  6 00:00 master.pid
srw--- 1 root    root  0 Dec  6 11:34 old-stats
prw--- 1 root    root  0 Dec  6 11:34 old-stats-mail
prw--- 1 root    root  0 Dec  6 11:34 old-stats-user
srw--- 1 vmail   root  0 Dec  6 11:34 quota-warning
srw--- 1 root    root  0 Dec  6 11:34 replication-notify
prw--- 1 root    root  0 Dec  6 11:34 replication-notify-fifo
srw--- 1 dovecot root  0 Dec  6 11:34 replicator
srw-rw 1 vmail   vmail 0 Dec  6 11:34 stats-reader
srw-rw 1 vmail   vmail 0 Dec  6 11:34 stats-writer
drwxr-x--- 2 root    nogroup  80 Dec  6 11:34 token-login


Can anyone help, and explain what is going on here?

Thank you very much in advance for a reply!

MJ

The doveconf -n output:


root@imap:/etc/dovecot# doveconf -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-17-amd64 x86_64 Debian 10.11 xfs
# Hostname: mail.company.com
auth_debug = yes
auth_failure_delay = 10 secs
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1
default_vsz_limit = 512 M
deliver_log_format = %f | %s | msgid=%m: %$
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_greeting = Dovecot ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e 
%c lport=%a

mail_gid = vmail
mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
mail_plugins = acl lazy_expunge zlib quota mail_log notify
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  list = children
  location = 
maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u 


  prefix = shared/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  i

Re: public folders, ACLs

[Stefan G. Weichinger]

I now solved most of my problems here and have a test setup that does 
what it should do.


We only hit the issue that deleting a folder from the public namespace 
fails because of this issue:


https://dovecot.org/list/dovecot/2011-May/059315.html

That is 10 years old ... is there a valid solution maybe?

(yes, I will try to find something as well)

We currently use a global ACL file and have 3 users in with full 
"lrwstipekxa" permissions.


Toggling off thunderbird's use of Trash isn't really wanted ...

quota warnings not sent out anymore

[mj]

Hi,

We suddenly realised that our maildir quota warnings are no longer sent 
out. We don't understand why not.


This is dovecot 2.3.4.1 on debian 10.11. We use a script to send out the 
notification, adapted from the dovecot wiki here: 
(https://doc.dovecot.org/configuration_manual/quota/)


Our quota notification script is:


#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o 
"plugin/quota=maildir::noenforcing"
From: nore...@domain.com
Subject: quota warning

Your mailbox is now $PERCENT% full.

Please delete or archive items to decrease your mailbox size.


Our complete doveconf -n output is at the end of this email.

When calling the script manually as user root, it works perfectly. But 
as user vmail or dovecot, no notifications are sent at all.


I guess this is relevant:


root@dovecot:/etc/dovecot# ls -l /var/run/dovecot/
total 8
srw--- 1 rootroot  0 Dec  6 00:00 anvil
srw--- 1 rootroot  0 Dec  6 00:00 anvil-auth-penalty
srw--- 1 dovecot root  0 Dec  6 11:34 auth-client
srw--- 1 dovecot root  0 Dec  6 11:34 auth-login
srw--- 1 rootroot  0 Dec  6 11:34 auth-master
-rw--- 1 rootroot 32 Jul 19 17:39 auth-token-secret.dat
srw-rw-rw- 1 vmail   vmail 0 Dec  6 11:34 auth-userdb
srw--- 1 dovecot root  0 Dec  6 11:34 auth-worker
srw--- 1 rootroot  0 Dec  6 11:34 config
srw-rw 1 rootdovecot   0 Dec  6 11:34 dict
srw-rw 1 rootdovecot   0 Dec  6 11:34 dict-async
srw--- 1 rootroot  0 Dec  6 11:34 director-admin
srw-rw-rw- 1 rootroot  0 Dec  6 11:34 dns-client
srw--- 1 rootroot  0 Dec  6 11:34 doveadm-server
lrwxrwxrwx 1 rootroot 25 Dec  6 00:00 dovecot.conf -> 
/etc/dovecot/dovecot.conf
drwxr-xr-x 2 rootroot 40 Jul 19 17:39 empty
srw-rw 1 rootdovecot   0 Dec  6 11:34 imap-hibernate
srw--- 1 rootroot  0 Dec  6 11:34 imap-master
srw-rw-rw- 1 rootroot  0 Dec  6 11:34 imap-urlauth
srw--- 1 dovecot root  0 Dec  6 11:34 imap-urlauth-worker
srw-rw-rw- 1 rootroot  0 Dec  6 11:34 indexer
srw--- 1 dovecot root  0 Dec  6 11:34 indexer-worker
srw--- 1 dovecot root  0 Dec  6 11:34 ipc
srw-rw-rw- 1 rootroot  0 Dec  6 11:34 lmtp
srw--- 1 rootroot  0 Dec  6 11:34 log-errors
drwxr-x--- 2 rootnogroup 120 Dec  6 11:34 login
srw--- 1 rootroot  0 Dec  6 11:34 master
-rw--- 1 rootroot  6 Dec  6 00:00 master.pid
srw--- 1 rootroot  0 Dec  6 11:34 old-stats
prw--- 1 rootroot  0 Dec  6 11:34 old-stats-mail
prw--- 1 rootroot  0 Dec  6 11:34 old-stats-user
srw--- 1 vmail   root  0 Dec  6 11:34 quota-warning
srw--- 1 rootroot  0 Dec  6 11:34 replication-notify
prw--- 1 rootroot  0 Dec  6 11:34 replication-notify-fifo
srw--- 1 dovecot root  0 Dec  6 11:34 replicator
srw-rw 1 vmail   vmail 0 Dec  6 11:34 stats-reader
srw-rw 1 vmail   vmail 0 Dec  6 11:34 stats-writer
drwxr-x--- 2 rootnogroup  80 Dec  6 11:34 token-login


Can anyone help, and explain what is going on here?

Thank you very much in advance for a reply!

MJ

The doveconf -n output:


root@imap:/etc/dovecot# doveconf -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-17-amd64 x86_64 Debian 10.11 xfs
# Hostname: mail.company.com
auth_debug = yes
auth_failure_delay = 10 secs
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1
default_vsz_limit = 512 M
deliver_log_format = %f | %s | msgid=%m: %$
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_greeting = Dovecot ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c 
lport=%a
mail_gid = vmail
mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
mail_plugins = acl lazy_expunge zlib quota mail_log notify
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = children
  location = 
maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u
  prefix = shared/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox "Deleted items" {

special_use = \Trash
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent items" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  mailbox inbox {
auto = subscribe
  }
  prefix = 
  separator = /

  type = private
}
passdb {
  args = /

Re: Errors after upgrade to v2.3.17

[Aki Tuomi]

 
 
  
   Hi!
  
  
   
  
  
   The .locks directory is ok. It's related to recent change on how duplicates are handled.
  
  
   
  
  
   Aki
  
  
   
On 06/12/2021 10:52 Aurel Mihai  wrote:
   
   

   
   

   
   

 Hi,
 Thank you.
 I configured mail home and mail location to point to different places: mail_home to /home/virtual0/%d/%n and, respectively, mail_location to maildir:/home/virtual0/%d/%n/Maildir
 Now the initial error: "Error: lmtp-server: conn unix:pid=40487,uid=107 [22]: rcpt user@domain: stat(/home/virtual0/domain/user/.dovecot.lda-dupes/tmp) failed: Not a directory" does no longer appear in the mail log, but in the user home directory there is still this folder showing up .dovecot.lda-dupes.locks, but this time it is empty, it has no "/cur", "/tmp", "/new" directories.
 
 
 # ls -lha /home/virtual0/domain/user
 total 32K
 drwx--  5 vmail mail 8.0K Dec  6 09:19 .
 drwx--  4 vmail mail  152 Dec  6 08:50 ..
 -rw---  1 vmail mail  568 Dec  6 09:19 .dovecot.lda-dupes
 drwx--  2 vmail mail  152 Dec  6 09:19 .dovecot.lda-dupes.locks
 lrwxrwxrwx  1 vmail mail   23 Dec  6 08:33 .dovecot.sieve -> sieve/sieve.sieve.sieve
 -rw---  1 vmail mail  323 Dec  6 09:19 .dovecot.svbin
 drwxr-xr-x 10 vmail mail 8.0K Dec  6 09:20 Maildir
 drwx--  3 vmail mail  152 Dec  6 09:18 sieve
 
 
 
Aurel

   
   
   

 On Fri, Dec 3, 2021 at 9:11 AM Aki Tuomi  wrote:
 


 Hi Adrian, Aurel.
 
 I am not sure why Adrian consider that .dovecot.lda-dupes would have been changed like this?
 
 Your problem is that you have configured mail home and mail location to point to same place, causing dovecot to consider .dovecot.lda-dupes as a maildir folder. 
 
 This is a very common misconfiguration, which leads into exactly this kind of issues.
 
 The recommended configuration is to configure mail_location=maildir:~/mail to avoid this issue.
 
 Aki
 
 > On 02/12/2021 20:42 Adrian Minta  wrote:
 > 
 > 
 > Hi Aurel,
 > apparently before 2.3.17 '.dovecot.lda-dupes' and '.dovecot.lda-dupes.lock' where files, but starting with this release they are full folders with cur/new/tmp in them.
 > 
 > Don't know if this is a bug or something is missing from the docs.
 > 
 > On 12/2/21 1:55 PM, Aurel Mihai wrote:
 > 
 > > Hello,
 > > 
 > > after upgrade to version 2.3.17, we enconter a lot of errors, such as:
 > >  
 > > 
 > > Dec 2 13:41:22 mail5 dovecot: lmtp(user@domain)<41944>: Error: lmtp-server: conn unix:pid=40487,uid=107 [22]: rcpt user@domain: stat(/home/virtual0/domain/user/.dovecot.lda-dupes/tmp) failed: Not a directory
 > > 
 > > 
 > > 
 > > 
 > > 
 > > 
 > > Any help please?
 > > 
 > > Aurel
 > > 
 > > 
 > > 
 > >  
 > -- 
 > Best regards,
 > Adrian Minta
 > 
 > 
 >
 

   
  
  
   
  
  
   ---
Aki Tuomi
  
 

Re: Errors after upgrade to v2.3.17

[Aurel Mihai]

Hi,
Thank you.
I configured mail home and mail location to point to different places:
mail_home to /home/virtual0/%d/%n and, respectively, mail_location to
maildir:/home/virtual0/%d/%n/Maildir
Now the initial error: "Error: lmtp-server: conn unix:pid=40487,uid=107
[22]: rcpt user@domain:
stat(/home/virtual0/domain/user/.dovecot.lda-dupes/tmp) failed: Not a
directory" does no longer appear in the mail log, but in the user home
directory there is still this folder showing up *.dovecot.lda-dupes.locks,*
but this time it is empty, it has no "/cur", "/tmp", "/new" directories.


# ls -lha /home/virtual0/domain/user
total 32K
drwx--  5 vmail mail 8.0K Dec  6 09:19 .
drwx--  4 vmail mail  152 Dec  6 08:50 ..
-rw---  1 vmail mail  568 Dec  6 09:19 .dovecot.lda-dupes
drwx--  2 vmail mail  152 Dec  6 09:19 .dovecot.lda-dupes.locks
lrwxrwxrwx  1 vmail mail   23 Dec  6 08:33 .dovecot.sieve ->
sieve/sieve.sieve.sieve
-rw---  1 vmail mail  323 Dec  6 09:19 .dovecot.svbin
drwxr-xr-x 10 vmail mail 8.0K Dec  6 09:20 Maildir
drwx--  3 vmail mail  152 Dec  6 09:18 sieve


Aurel

On Fri, Dec 3, 2021 at 9:11 AM Aki Tuomi  wrote:

> Hi Adrian, Aurel.
>
> I am not sure why Adrian consider that .dovecot.lda-dupes would have been
> changed like this?
>
> Your problem is that you have configured mail home and mail location to
> point to same place, causing dovecot to consider .dovecot.lda-dupes as a
> maildir folder.
>
> This is a very common misconfiguration, which leads into exactly this kind
> of issues.
>
> The recommended configuration is to configure mail_location=maildir:~/mail
> to avoid this issue.
>
> Aki
>
> > On 02/12/2021 20:42 Adrian Minta  wrote:
> >
> >
> > Hi Aurel,
> > apparently before 2.3.17 '.dovecot.lda-dupes' and
> '.dovecot.lda-dupes.lock' where files, but starting with this release they
> are full folders with cur/new/tmp in them.
> >
> > Don't know if this is a bug or something is missing from the docs.
> >
> > On 12/2/21 1:55 PM, Aurel Mihai wrote:
> >
> > > Hello,
> > >
> > > after upgrade to version 2.3.17, we enconter a lot of errors, such as:
> > >
> > >
> > > Dec 2 13:41:22 mail5 dovecot: 
> > > lmtp(user@domain)<41944>:
> Error: lmtp-server: conn unix:pid=40487,uid=107 [22]: rcpt user@domain:
> stat(/home/virtual0/domain/user/.dovecot.lda-dupes/tmp) failed: Not a
> directory
> > >
> > >
> > >
> > >
> > >
> > >
> > > Any help please?
> > >
> > > Aurel
> > >
> > >
> > >
> > >
> > --
> > Best regards,
> > Adrian Minta
> >
> >
> >
>