dovecot.list.index.log

[Joan Moreau via dovecot]

HI

Is it safe to delete the file dovecot.list.index.log (as I am still 
struggling with using any protocol for network storage of the emails 
(dbox), and now dovecot complains that my dovecot.list.index.log is 
corrupted)


Thank you
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[Jeff Pang via dovecot]

That's a nice suggestion. Thanks John.

On Fri, Jul 12, 2024 at 11:25 PM John Fawcett via dovecot
 wrote:
>
>
> On 12/07/2024 13:05, Jeff Pang via dovecot wrote:
> > Hello,
> >
> > Does the community version of dovecot have the replication feature?
> > When one dovecot was down, another one could take over the tasks.
> >
> > Thanks.
> >
> > _
>
> Jeff
>
> Replication is in the current dovecot version but will go away in 2.4.
>
> The doveadm sync feature is staying. So with some work you can set it up
> what you are requesting.
>
> I used to use replication and now I'm thinking about using sync but have
> not implemented it. The following are thoughs on it.
>
> There are some points to be addressed that are outside dovecot. I think
> you'd have to make sure that your sync happened frequently enough that
> you could live with losing the emails that arrives bewteen syncs for
> example. That would tend to lead to a requirement to sync more
> frequently and reduce risk of email loss. But then you'd need to avoid
> more than one sync being active simultaneously (that is my assumption
> that this would not work, but I don't know if it is a real problem).
>
> The failover would require you to stop people accessing the old server,
> stop syncing and start the backup instance. When the main instance is
> available to come back on line, you'd need to stop the backup instance,
> sync in the opposite direction and then start dovecot and re-enable the
> sync mechansim towards the backup.
>
> You need to ensure people don't connect simultaneously to both
> instances. So some thought would be needed about those cases where the
> main node goes and then comes backup to ensure that your sync is not
> still active at that point and replicates the old state onto the backup
> server and to ensure then people don't start connecting to it again
> without being able to control it.
>
> It's a disaster recover rather than high availability solution, but I
> think it can work. Others may already have got working implementations
> and thought through some of the implications.
>
> John
>
>
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
>
>

_

Your E-Mail. Your Cloud. Your Office. eclipso Mail Europe. 
https://www.eclipso.de


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[John Fawcett via dovecot]

On 12/07/2024 21:14, James Cook wrote:

On Fri, Jul 12, 2024 at 06:28:13PM GMT, John Fawcett via dovecot wrote:

Hi James

I want to avoid the -1 parameter because it doesn't do deletes in the 
target.


-l, not -1.


Thanks I missed that - so locking can be done within Dovecot

John

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[Michael Slusarz via dovecot]

> On 07/12/2024 1:14 PM MDT James Cook via dovecot  wrote:
>
> On Fri, Jul 12, 2024 at 06:28:13PM GMT, John Fawcett via dovecot wrote:
> >Hi James
> >
> >I want to avoid the -1 parameter because it doesn't do deletes in the 
> >target.
> 
> -l, not -1.

No, it's -1 - as in one(1)-way sync.

-l (lowercase L) is for locking.

michael
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

doveadm auth lookup fails for system user

[Christian H. Kuhn via dovecot]

Hi all,

next step with my auth problem with dovecot.

I want to authenticate a system user. The user exists, can log in, can 
sudo -i etc.pp. SASL with sql passdb and userdb works fine.


root@bywater /etc/dovecot/conf.d # doveadm user qno
field   value
uid 1001
gid 1001
home/home/qno
mailmaildir:~/Maildir
system_groups_user  qno

But:
root@bywater /etc/dovecot/conf.d # doveadm auth lookup qno
passdb lookup: user qno doesn't exist

And no surprise:
root@bywater /etc/dovecot/conf.d # doveadm auth test qno
Password:
passdb: qno auth failed
extra fields:
  user=qno

root@bywater /etc/dovecot/conf.d # doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-113-generic x86_64 Ubuntu 22.04.4 LTS
# Hostname: bywater.qno.de
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
listen = 65.21.136.15, [::]
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/tables.d/dovecot-sql.conf.ext
  driver = sql
}
passdb {
  args = blocking=no
  driver = passwd
}
passdb {
  driver = pam
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmas...@qno.de
protocols = " imap sieve"
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl = required
ssl_cert = ssl_cipher_list = 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
syslog_facility = local0
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%u
  driver = static
}
userdb {
  driver = passwd
}
verbose_proctitle = yes

How can it be that a user is found by userdb passwd, but not by passdb 
passwd or PAM?


TIA
QNo
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[James Cook via dovecot]

On Fri, Jul 12, 2024 at 06:28:13PM GMT, John Fawcett via dovecot wrote:

Hi James

I want to avoid the -1 parameter because it doesn't do deletes in the 
target.


-l, not -1.

As for the lda to doveadm sync script, I have been wondering too about 
how to close the gap for emails arriving between syncs, even though 
the risk might not be so significant.


With delivering to two dovecot servers before accepting the email, 
either one going down will stop email delivery.


I was thinking my script will accept the email anyway if the sync
fails. It would do this:

1. Pass to dovecot-lda. If dovecot-lda fails, something is seriously 
wrong, so stop and fail.


2. Fork a background process that attempts to doveadm sync.

3. Wait for the background process to finish, or a maximum of 2 
seconds. Then return success regardless of whether sync worked.


This guards against a hard disk crash or filesystem failure on one 
machine, but falls back to single-homing the email if a server 
is down.


This is inspired by the documentation at
https://doc.dovecot.org/configuration_manual/replication/

--
James
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[John Fawcett via dovecot]

On 12/07/2024 17:38, James Cook via dovecot wrote:

Replication is in the current dovecot version but will go away in 2.4.

The doveadm sync feature is staying. So with some work you can set it 
up what you are requesting.


I used to use replication and now I'm thinking about using sync but 
have not implemented it. The following are thoughs on it.


There are some points to be addressed that are outside dovecot. I 
think you'd have to make sure that your sync happened frequently 
enough that you could live with losing the emails that arrives 
bewteen syncs for example.


I have been thinking of writing a hacky delivery script that passes 
the email on to dovecot-lda, then runs doveadm sync, and only returns 
success after the sync is done (or after a timeout). No idea what 
problems I will run into, but the idea is to never accept an email 
until it's guaranteed replicated.


That would tend to lead to a requirement to sync more frequently and 
reduce risk of email loss. But then you'd need to avoid more than one 
sync being active simultaneously (that is my assumption that this 
would not work, but I don't know if it is a real problem).


Doesn't the -l option protect against simultaneous syncs? Just based 
on reading the doveadm-sync man page. (I guess it could cause a 
problem if you start sync processes more quickly than they can finish.)


NB I'm just running a one-person email server so don't take my ideas 
too seriously :)



Hi James

I want to avoid the -1 parameter because it doesn't do deletes in the 
target. It might not be an issue, but I'd like to keep the target the 
same as the source. I don't know if it would protect against 
simultaneous jobs, but I dont' know even if that is an issue. I was 
making the assumption it could be so I plan to avoid it somehow.


As for the lda to doveadm sync script, I have been wondering too about 
how to close the gap for emails arriving between syncs, even though the 
risk might not be so significant.


With delivering to two dovecot servers before accepting the email, 
either one going down will stop email delivery. That's an inconvenience 
but without necessarily introducing risks for losing the emails. 
Ultimately it depends on where those undelivered emails are being kept 
in the meantime  (presumably MTA queue) and whether they are safer there 
than being delivered to a single instance. Though that is related only 
to the downtime. When both are up the risk would be mitigated by the 
solution.


Other idea I was thinking of is a replicated file system. That could 
make emails available in real time to both dovecot instances assuming a 
functionality to sync to disk on both/multiple nodes before replying 
back to dovecot to accept the email. I believe there would still need to 
be only one dovecot instance active at a time. However, I have heard of 
but don't know personally of horror stories about email outages on 
clustered file systems, which leads me to believe that there would still 
be sufficient residual risk to require a backup copy of the mailboxes 
with doveadm sync or other tools.


John

John





___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[James Cook via dovecot]

Replication is in the current dovecot version but will go away in 2.4.

The doveadm sync feature is staying. So with some work you can set it 
up what you are requesting.


I used to use replication and now I'm thinking about using sync but 
have not implemented it. The following are thoughs on it.


There are some points to be addressed that are outside dovecot. I 
think you'd have to make sure that your sync happened frequently 
enough that you could live with losing the emails that arrives bewteen 
syncs for example.


I have been thinking of writing a hacky delivery script that passes 
the email on to dovecot-lda, then runs doveadm sync, and only returns 
success after the sync is done (or after a timeout). No idea what 
problems I will run into, but the idea is to never accept an email 
until it's guaranteed replicated.


That would tend to lead to a requirement to sync 
more frequently and reduce risk of email loss. But then you'd need to 
avoid more than one sync being active simultaneously (that is my 
assumption that this would not work, but I don't know if it is a real 
problem).


Doesn't the -l option protect against simultaneous syncs? Just based 
on reading the doveadm-sync man page. (I guess it could cause a 
problem if you start sync processes more quickly than they can 
finish.)


NB I'm just running a one-person email server so don't take my ideas 
too seriously :)


--
James
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot replication

[John Fawcett via dovecot]

On 12/07/2024 13:05, Jeff Pang via dovecot wrote:

Hello,

Does the community version of dovecot have the replication feature?
When one dovecot was down, another one could take over the tasks.

Thanks.

_


Jeff

Replication is in the current dovecot version but will go away in 2.4.

The doveadm sync feature is staying. So with some work you can set it up 
what you are requesting.


I used to use replication and now I'm thinking about using sync but have 
not implemented it. The following are thoughs on it.


There are some points to be addressed that are outside dovecot. I think 
you'd have to make sure that your sync happened frequently enough that 
you could live with losing the emails that arrives bewteen syncs for 
example. That would tend to lead to a requirement to sync more 
frequently and reduce risk of email loss. But then you'd need to avoid 
more than one sync being active simultaneously (that is my assumption 
that this would not work, but I don't know if it is a real problem).


The failover would require you to stop people accessing the old server, 
stop syncing and start the backup instance. When the main instance is 
available to come back on line, you'd need to stop the backup instance, 
sync in the opposite direction and then start dovecot and re-enable the 
sync mechansim towards the backup.


You need to ensure people don't connect simultaneously to both 
instances. So some thought would be needed about those cases where the 
main node goes and then comes backup to ensure that your sync is not 
still active at that point and replicates the old state onto the backup 
server and to ensure then people don't start connecting to it again 
without being able to control it.


It's a disaster recover rather than high availability solution, but I 
think it can work. Others may already have got working implementations 
and thought through some of the implications.


John


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

dovecot replication

[Jeff Pang via dovecot]

Hello,

Does the community version of dovecot have the replication feature?
When one dovecot was down, another one could take over the tasks.

Thanks.

_

Your E-Mail. Your Cloud. Your Office. eclipso Mail Europe. 
https://www.eclipso.de


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot imap_zlib

[Bjoern Franke via dovecot]

Hi,



I think you should following these steps I am sure they will worked properly 
and also important to access:

1. Check Documentation and Changelog: Look at the latest Dovecot documentation 
and changelogs to see if there are any notes about the imap_zlib plugin being 
moved renamed or deprecated.

2. Rebuild with Plugin: Ensure you have the necessary dependencies installed 
for zlib and then rebuild Dovecot with plugin support by configuring it 
explicitly. You can use the configure  with zlib option before compiling.

3. Check for Alternative Repositories: Sometimes plugins may be maintained 
separately. Check if there is an independent repository or branch that includes 
the imap zlib plugin.

4. Contact Dovecot Community: If the plugin has been removed, consider reaching 
out to the Dovecot community or mailing list for alternative solutions or to 
understand the reason for its removal.


this sounds like a ChatGPT answer. What's the purpose of it?

Regards




___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot imap_zlib

[Selena Thomas via dovecot]

Hi,

I think you should following these steps I am sure they will worked properly 
and also important to access:

1. Check Documentation and Changelog: Look at the latest Dovecot documentation 
and changelogs to see if there are any notes about the imap_zlib plugin being 
moved renamed or deprecated.

2. Rebuild with Plugin: Ensure you have the necessary dependencies installed 
for zlib and then rebuild Dovecot with plugin support by configuring it 
explicitly. You can use the configure  with zlib option before compiling.

3. Check for Alternative Repositories: Sometimes plugins may be maintained 
separately. Check if there is an independent repository or branch that includes 
the imap zlib plugin.

4. Contact Dovecot Community: If the plugin has been removed, consider reaching 
out to the Dovecot community or mailing list for alternative solutions or to 
understand the reason for its removal.

Thanks
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org