Re: noob maildir question
Hi Mik > I would like to ask if it is an acceptable practice to manage messages in the > maildir as a file (move them from one folder to another) while dovecot is in > stop state thinking that it will be rebuild to the next imap user login Maildir is actually designed to do so, as the storage can also lie on NFS and external programms bring mail in. Speak, you can move and edit files just like normal on the filesystem (even when doevecot is running) and dovecot will rebuild it’s index accordingly. However for "mass actions", like moving a lot of mail files, specific IMAP tools (dovecot provides a bunch of them) might be the better choise. Steven -- https://www.tech-island.com/
Re: noob maildir question
thanks John for the reply what I would like to do is implement an autoarchive function at server level that, in the night while dovecot is down, moves messages older than n days from the user inbox to a subfolder of the same user (cur to cur) tx mik ‐‐‐ Original Message ‐‐‐ Il lunedì 24 gennaio 2022 2:43 AM, John Stoffel ha scritto: > "mikfum" == mikfum mik...@protonmail.com writes: mikfum> I would like to ask if it is an acceptable practice to manage mikfum> messages in the maildir as a file (move them from one folder mikfum> to another) while dovecot is in stop state thinking that it mikfum> will be rebuild to the next imap user login No, it's not a good idea, bad things might happen. what are you trying to accomplish? Maybe we can give a suggestion if we know what you are trying to accomplish. Don't assume that a certain method is the only way, just talk about the problem and what you wnat to achieve, not HOW you want to achieve it. Cheers, John
Re: noob maildir question
ok thanks ‐‐‐ Original Message ‐‐‐ Il lunedì 24 gennaio 2022 3:56 AM, ha scritto: > I would like to ask if it is an acceptable practice to manage messages in the > maildir as a file (move them from one folder to another) while dovecot is in > stop state thinking that it will be rebuild to the next imap user login Acceptable? That is subjective. It is your system. Big difference in what you can get away with on a small personal server vs being gmail. Only you know what is acceptable or not on your server. Mechanically possible, i believe so. Dovecot documentation in multiple places mentions how indexes are always rebuilt as needed. You can even have a setup where your MTA places new messages in folders without going through dovecot. When dovecot "finds" the file it just indexes it. So sure, i dont see why not, just keep in mind the overhead (if any) added by re-indexing.
Re: noob maildir question
thanks ‐‐‐ Original Message ‐‐‐ Il lunedì 24 gennaio 2022 5:15 AM, Ted Hatfield ha scritto: > I do this all the time on my server. From one user mailbox to another or > > from one maildir folder to another. On my platform I need to make certain > > owner/group of the moved messages is correct for the user I've moved them > > to. Other than that dovecot appears to re-index on the fly. > > Be aware that this is observed information. Others more knowledgeable may > > have concerns that I'm not aware of or just can't see on my system. > > Ted > > On Mon, 24 Jan 2022, mikfum wrote: > > > I would like to ask if it is an acceptable practice to manage messages in > > the maildir as a file (move them from > > > > one folder to another) while dovecot is in stop state thinking that it will > > be rebuild to the next imap user login > > > > thanks for your patience:) > > > > mik
Re: noob maildir question
ok, not a 'mass action' but I search about imap tools, thanks! ‐‐‐ Original Message ‐‐‐ Il lunedì 24 gennaio 2022 10:15 AM, Steven Varco ha scritto: > Hi Mik > > > I would like to ask if it is an acceptable practice to manage messages in > > the maildir as a file (move them from one folder to another) while dovecot > > is in stop state thinking that it will be rebuild to the next imap user > > login > > Maildir is actually designed to do so, as the storage can also lie on NFS and > external programms bring mail in. > > Speak, you can move and edit files just like normal on the filesystem (even > when doevecot is running) and dovecot will rebuild it’s index accordingly. > > However for "mass actions", like moving a lot of mail files, specific IMAP > tools (dovecot provides a bunch of them) might be the better choise. > > Steven > > --- > > https://www.tech-island.com/
Re: noob maildir question
Am Montag, dem 24.01.2022 um 10:18 + schrieb mikfum: > thanks John for the reply > what I would like to do is implement an autoarchive function at > server level that, in the night while dovecot is down, moves > messages older than n days from the user inbox to a subfolder of the > same user (cur to cur) > > tx > mik > Use something like this in cron or similar: doveadm move -A Archive BEFORE 90d You must make sure though that the Archive mailbox exists before. > ‐‐‐ Original Message ‐‐‐ > > Il lunedì 24 gennaio 2022 2:43 AM, John Stoffel ha > scritto: > > > "mikfum" == mikfum mik...@protonmail.com writes: > > mikfum> I would like to ask if it is an acceptable practice to manage > > mikfum> messages in the maildir as a file (move them from one folder > > mikfum> to another) while dovecot is in stop state thinking that it > > mikfum> will be rebuild to the next imap user login > > No, it's not a good idea, bad things might happen. > > what are you trying to accomplish? Maybe we can give a suggestion if > > we know what you are trying to accomplish. Don't assume that a > > certain method is the only way, just talk about the problem and what > > you wnat to achieve, not HOW you want to achieve it. > > Cheers, > > John
Re: noob maildir question
very nice!, you also made me find the wiki to look for answers to any other trivial questions without boring you... tx again ‐‐‐ Original Message ‐‐‐ Il lunedì 24 gennaio 2022 12:15 PM, Felix Zielcke ha scritto: > Am Montag, dem 24.01.2022 um 10:18 + schrieb mikfum: > > > thanks John for the reply > > > > what I would like to do is implement an autoarchive function at > > > > server level that, in the night while dovecot is down, moves > > > > messages older than n days from the user inbox to a subfolder of the > > > > same user (cur to cur) > > > > tx > > > > mik > > Use something like this in cron or similar: > > doveadm move -A Archive BEFORE 90d > > You must make sure though that the Archive mailbox exists before. > > > ‐‐‐ Original Message ‐‐‐ > > > > Il lunedì 24 gennaio 2022 2:43 AM, John Stoffel j...@stoffel.org ha > > > > scritto: > > > > > "mikfum" == mikfum mik...@protonmail.com writes: > > > > mikfum> I would like to ask if it is an acceptable practice to manage > > > > mikfum> messages in the maildir as a file (move them from one folder > > > > mikfum> to another) while dovecot is in stop state thinking that it > > > > mikfum> will be rebuild to the next imap user login > > > > No, it's not a good idea, bad things might happen. > > > > what are you trying to accomplish? Maybe we can give a suggestion if > > > > we know what you are trying to accomplish. Don't assume that a > > > > certain method is the only way, just talk about the problem and what > > > > you wnat to achieve, not HOW you want to achieve it. > > > > Cheers, > > > > John
sieve-filter ignores -u argument
Hello I try to test my sieve script, but found out that it is impossible to use a sieve-filter tool with virtual mail users. It always uses a real user name instead of passed via -u argument. # sieve-filter -v -u postmas...@domain.tld ~/sieve/managesieve.sieve INBOX sieve-filter(root): Fatal: Unknown user sudo -u vmail sieve-filter -u postmas...@domain.tld ~/sieve/managesieve.sieve INBOX sieve-filter(vmail): Fatal: Unknown user Also there is the same question on serverfault, but without an answer. https://serverfault.com/questions/1055407/how-to-make-sieve-filter-use-virtual-users My environment is Ubuntu 20.04 dovecot --version 2.3.7.2 (3c910f64b) -- Sincerely, Andrey Kunitsyn
Re: noob maildir question
mikfum> thanks John for the reply No problem! I'm not an expert by any stretch, but I've been using dovecot for years and doing It for way too many years... LOL! mikfum> what I would like to do is implement an autoarchive function mikfum> at server level that, in the night while dovecot is down, mikfum> moves messages older than n days from the user inbox to a mikfum> subfolder of the same user (cur to cur) Why do you bring dovecot down? What maintenance are you running them? I'm curious because I never reboot my dovecot instance unless there's a problem. And these days, if you are running a business providing email service, it seems better to run a cluster of dovecot servers behind dovecot director to load balance things. I also feel that using the doveadm commands to do this work is the better way, since it will properly handle locking and consistency of the folder(s). Why do you think that doing this with dovecot is down is the best way to do this? John
Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
Hello Aki, Thank you, that works. But it doesn't solve my main problem. Newer versions of Outlook started to parse the "@domain" out of the "user@domain" which yielded only "user". I found that by prepending a '\' (backslash) it would yield "user@domain" correctly. But with GSSAPI, the backslash fails and removing it allows for correct authentication of the whole user name including "@domain". The problem now is having to configure all the many clients in the field that have the backslash prepended to the user name. Is here a way around this with version 2.3? Regards, David Koski da...@kosmosisland.com dko...@sutinen.com > > > On 23 January 2022 1.29.43 UTC, David Koski > wrote: >>Is NTLM now dead? The Readme says: >> >>2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek >> (48d6f7282) >> >>    auth: Remove ntlm mechanism & the LANMAN and NTLM password >> schemes >> >>> >>> Regards, >>> David Koski >>> >> > > You should use GSSAPI instead. > > Aki >
silly quesiton
Hi,
Up to now, I used PAM of each user in order to send and receive email. ( BTW,
sending email, a use authentication was required and we used the login and
passwd of the user on the system
Now, for dovecot, I start to use MD5 passwrd.. and that sounds to be OK
auth_mechanisms = plain login cram-md5
passdb {
driver = passwd-file
# Path for passwd-file. Also set the default password scheme.
args = scheme=cram-md5 /etc/cram-md5.pwd
}
But changing the passwrd for the user1.. he can retrieve emails from dovecot,
but cannot send anymore, because sending emails kept the old passwrd. ( using
the PAM)
1) How can I says sendmail to use the same passwd file ( with MD5) than dovecot
?
2) Ideally, I would like to create virtual users for the same mailbox Is that
possible ?
like 2 files Users and PAsswrds pointing out the mailbox : maildir
:/home/mailbox/user1
ex :
us...@foo.com passwrd1 /home/mailbox/generic_mails
and
user2 passwrd2 home/mailbox/generic_mails
How can I do that ?
Thanks for your help
Received invalid SSL certificate: unable to get certificate CRL
I'm having a frustrating problem trying to use "doveadm sync" to pull mails off a server for migration purposes. # 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.17.1 (a1a0b892) # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 I have tried both explicit "ssl_client_ca_dir = /etc/ssl/certs" and commenting it out (i.e. relying on OpenSSL default per the docs) I always get the same: Info: Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Internet Security Research Group/CN=ISRG Root X1 (check ssl_client_ca_* se ttings?) Received invalid SSL certificate: unable to get issuer certificate: /C=US/O=Internet Sec urity Research Group/CN=ISRG Root X1 (check ssl_client_ca_* settings?) - disconnecting openssl s_client -starttls imap -servername $name -connect $name:143 is happy though: --- Certificate chain 0 s:CN = i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4954 bytes and written 412 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
Re: Received invalid SSL certificate: unable to get certificate CRL
Hi Zakaria Thank you for your suggestion. I don't think an out of date ca trust is the issue with me. I'm running Debian Bullseye (i.e. latest Debian release) and its fully up to date with all patches. I will look into your suggestion though. Laura ‐‐‐ Original Message ‐‐‐ On Monday, January 24th, 2022 at 21:29, Zakaria wrote: > Hi Laura, > > I dont know if it will work, but I came across similar issue with letsencrypt > using recent openssl, and it fails verifying with the same error message and > the following has resolved it for me. > > Try to run the following command against the client certificate full chain > and cert file:- > > openssl verify -CAfile fullchain1.pem cert1.pem > > if it did throw the same error then try verifying using the following updated > full chain with valid lets encrypt intermediary and root certificate, if it > will work. > > wget -O isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem && > wget -O isrg-root-x1-cross-signed.pem > https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem && wget -O > lets-encrypt-r3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem && wget > -O lets-encrypt-r3-cross-signed.pem > https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem && cat > isrgrootx1.pem isrg-root-x1-cross-signed.pem lets-encrypt-r3.pem > lets-encrypt-r3-cross-signed.pem > combined_chain1.pem && dos2unix > combined_chain1.pem && rm -f lets-encrypt-r3*.* && rm -f isrg*.* > > If didnt then try to use updated ca bundle directly from OS using following > commands and reference it in verify certificates list > > ssl_client_ca_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > ssl_verify_client_cert = yes > > On how to update, it depends on your OS, and the following works with me > > yum install ca-certificatesupdate-ca-trust > > Refer to > https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/ > > Give it a try and if you found another solution please let me know, and good > luck. > > Zakaria > > On 24 Jan 2022 20:25, Laura Smith wrote: > > > I'm having a frustrating problem trying to use "doveadm sync" to pull mails > > off a server for migration purposes. > > > > # 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf > > > > # Pigeonhole version 0.5.17.1 (a1a0b892) > > > > # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 > > > > I have tried both explicit "ssl_client_ca_dir = /etc/ssl/certs" and > > commenting it out (i.e. relying on OpenSSL default per the docs) > > > > I always get the same: > > > > Info: Received invalid SSL certificate: unable to get issuer certificate: > > /C=US/O=Internet Security Research Group/CN=ISRG Root X1 (check > > ssl_client_ca_* se > > > > ttings?) > > > > Received invalid SSL certificate: unable to get issuer certificate: > > /C=US/O=Internet Sec > > > > urity Research Group/CN=ISRG Root X1 (check ssl_client_ca_* settings?) - > > disconnecting > > > > openssl s_client -starttls imap -servername $name -connect $name:143 is > > happy though: > > > > --- > > > > Certificate chain > > > > 0 s:CN = > > > > i:C = US, O = Let's Encrypt, CN = R3 > > > > 1 s:C = US, O = Let's Encrypt, CN = R3 > > > > i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 > > > > 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 > > > > i:O = Digital Signature Trust Co., CN = DST Root CA X3 > > > > --- > > > > --- > > > > No client certificate CA names sent > > > > Peer signing digest: SHA256 > > > > Peer signature type: RSA-PSS > > > > Server Temp Key: X25519, 253 bits > > > > --- > > > > SSL handshake has read 4954 bytes and written 412 bytes > > > > Verification: OK > > > > --- > > > > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > > > > Server public key is 2048 bit > > > > Secure Renegotiation IS NOT supported > > > > Compression: NONE > > > > Expansion: NONE > > > > No ALPN negotiated > > > > Early data was not sent > > > > Verify return code: 0 (ok) > > > > ---
Re: silly quesiton
steph> Up to now, I used PAM of each user in order to send and receive
steph> email. ( BTW, sending email, a use authentication was required
steph> and we used the login and passwd of the user on the system
So just to be clear, each user has a login on your mail server in
/etc/passwd? If so, I would strongly urge you to move to using only
virtual users on your mail infrastructure.
steph> Now, for dovecot, I start to use MD5 passwrd.. and that sounds to be OK
steph> auth_mechanisms = plain login cram-md5
steph> passdb {
steph> driver = passwd-file
steph> # Path for passwd-file. Also set the default password scheme.
steph> args = scheme=cram-md5 /etc/cram-md5.pwd
steph> }
steph> But changing the passwrd for the user1.. he can retrieve
steph> emails from dovecot, but cannot send anymore, because sending
steph> emails kept the old passwrd. ( using the PAM)
What is your mail software? I assume you are having your users
connect to port 587 to submit emails to be sent out, correct? If so,
are you using postfix, exim, sendmail or some other mailer to access
email submissions and then send them out? If so, you should be able
to configure your mail server to use the same password file as your
new md5 password file.
steph> 1) How can I says sendmail to use the same passwd file ( with MD5) than
dovecot ?
Ah... just saw this. And I don't know how to configure sendmail for
this. I would suggest you look on the sendmail.org site for help.
steph> 2) Ideally, I would like to create virtual users for the same
steph> mailbox Is that possible ?
steph> like 2 files Users and PAsswrds pointing out the mailbox :
steph> maildir :/home/mailbox/user1 ex : us...@foo.com passwrd1
steph> /home/mailbox/generic_mails and user2 passwrd2
steph> home/mailbox/generic_mails
I do this myself using postfix and dovecot and it works well. I have
my users defined in an sqlite3 DB, though for a small number of users
I think a flat file is simpler.
The trick is to have the dovecot and postfix/sendmail using the same
files for the virtual users and their passwords. There are a number
of tutorials out there for doing this.
John
