Multiple ACTIVE Sieve scripts
Hi! Is there a reason the email filter sieve can only activate one single script? > list "mailinglists.sieve" "spam.sieve" ACTIVE > activate mailinglists.sieve > list "mailinglists.sieve" ACTIVE "spam.sieve" > I can't see the logic here ... I am doing something wrong? Aaron
Re: Allowing for multiple recipient_delimiter characters?
On Fri, Mar 18, 2016 at 5:58 PM, Aaron Lindsay wrote: > Postfix allows the recipient_delimiter configuration parameter to > contain multiple characters, splitting on the first such character it > encounters. For example, if using 'recipient_delimiter=+-' both > aaron+...@example.com and aaron-...@example.com would be delivered to > aa...@example.com. > > Is anyone opposed to changing dovecot's handling of > recipient_delimiter so that it's the same as that of postfix? If not, > I am willing to rebase/merge/address review comments on Lennart > Weller's patch[1] to get this functionality upstream. I didn't receive any opposition to my proposal, so I've created two github pull requests for discussion - one for dovecot and one for pigeonhole: https://github.com/dovecot/core/pull/4 https://github.com/dovecot/pigeonhole/pull/2 I've also attached the two patches for review here in case that is preferred. Please keep me in CC as I'm not subscribed to the list. Thanks! -Aaron 0001-subaddress-Support-multiple-recipient_delimiters.patch Description: application/download 0001-Support-multiple-recipient_delimiters.patch Description: application/download
Allowing for multiple recipient_delimiter characters?
Postfix allows the recipient_delimiter configuration parameter to contain multiple characters, splitting on the first such character it encounters. For example, if using 'recipient_delimiter=+-' both aaron+...@example.com and aaron-...@example.com would be delivered to aa...@example.com. Is anyone opposed to changing dovecot's handling of recipient_delimiter so that it's the same as that of postfix? If not, I am willing to rebase/merge/address review comments on Lennart Weller's patch[1] to get this functionality upstream. While I think aligning with postfix' behaviour would be convenient for those of us who run a server using both dovecot and postfix, would this break any other common use cases I'm not aware of? Thanks! -Aaron [1] - http://dovecot.org/pipermail/dovecot/2015-February/099660.html (I've talked with Lennart off-list, and he's OK with me working to get his patch merged, as long as I attribute his work to him, but doesn't have the time to work on it himself right now)
Re: Working with Active Directory on Windows Server 2012 R2
I’ve fixed the issue by using a slightly different configuration. Particularly the problem was due to mistaking %u (user@domain) vs %n (just user). Here are the configuration files for anyone looking to get it working with Active Directory on 2012 R2 on Dovecot 2.2.9 (or similar, whatever comes with Ubuntu Server 14.10). Note: the uid & guid virtual need to exist (i.e. on Ubuntu, useradd virtual) and the directory /var/vmail must exist and be owned by virtual (referenced in 10-mail.conf and dovecot-ldap.conf.ext). I suspect as well that part of the reason that it is working is that I have UNIX services enabled on AD, which if you’re considering any integration with Linux you have to do anyways, so that must be enabled and configured for each user (which if you’re at this stage you likely know how to do). Attached are the relevant configuration files. Hopefully it will save the unfortunate sysadmin tasked with integrating AD and Dovecot one day. On November 27, 2014 at 12:15:05 AM, Aaron Jenkins (aa...@rsbuddy.com<mailto:aa...@rsbuddy.com>) wrote: I’ve removed the dn / dnpass. When attempting with new user: $ cat /var/log/dovecot-info.log Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5553 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5558, TLS, session= Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5559 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5560, TLS, session= Nov 27 00:09:29 auth: Info: ldap(test.user@a d.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:35 auth: Info: ldap(test.u...@ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:37 imap-login: Info: Disconnected (auth failed, 2 attempts in 8 secs): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, TLS, session= $ cat /var/log/dovecot-debug.log Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Nov 27 00:13:07 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Nov 27 00:13:07 auth: Debug: auth client connected (pid=6219) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=/xfdttIIagAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44650 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 2256273409 6219 1 a99d65893905abf592245098b369359e session_pid=6223 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 2256273409 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6224) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=gn7dttIIawAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44651 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 1233256449 6224 1 587c0fc0406dbbdac1ccf4bb6267ff59 session_pid=6225 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 1233256449 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6226) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:09 auth: Debug: client passdb out: FAIL 1 user=test.u...@ad.automaton.uk Nov 27 00:13:09 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 resp=AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00
Re: Working with Active Directory on Windows Server 2012 R2
I’ve removed the dn / dnpass. When attempting with new user: $ cat /var/log/dovecot-info.log Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5553 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5558, TLS, session= Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5559 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5560, TLS, session= Nov 27 00:09:29 auth: Info: ldap(test.u...@ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:35 auth: Info: ldap(test.u...@ad.automaton.uk,10.211.55.29,): invalid credentials (given password: ThisIsAPass123) Nov 27 00:09:37 imap-login: Info: Disconnected (auth failed, 2 attempts in 8 secs): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, TLS, session= $ cat /var/log/dovecot-debug.log Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 27 00:13:07 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Nov 27 00:13:07 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Nov 27 00:13:07 auth: Debug: auth client connected (pid=6219) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=/xfdttIIagAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44650 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 2256273409 6219 1 a99d65893905abf592245098b369359e session_pid=6223 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 2256273409 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6224) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=gn7dttIIawAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44651 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlcgBUaGlzSXNBUGFzczEyMw== (previous base64 data may contain sensitive data) Nov 27 00:13:07 auth: Debug: client passdb out: OK 1 user=test.user Nov 27 00:13:07 auth: Debug: master in: REQUEST 1233256449 6224 1 587c0fc0406dbbdac1ccf4bb6267ff59 session_pid=6225 request_auth_token Nov 27 00:13:07 auth: Debug: ldap(test.user,10.211.55.29,): user search: base=cn=users,dc=ad,dc=automaton,dc=uk scope=subtree filter=(&(name=test.user)(objectClass=person)) fields=homeDirectory,uidNumber,gidNumber Nov 27 00:13:07 auth: Debug: master userdb out: FAIL 1233256449 Nov 27 00:13:07 auth: Debug: auth client connected (pid=6226) Nov 27 00:13:07 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 Nov 27 00:13:07 auth: Debug: client passdb out: CONT 1 Nov 27 00:13:07 auth: Debug: client in: CONT 1 AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:09 auth: Debug: client passdb out: FAIL 1 user=test.u...@ad.automaton.uk Nov 27 00:13:09 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=Ic3dttIIbAAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=143 rport=44652 resp=AHRlc3QudXNlckBhZC5hdXRvbWF0b24udWsAVGhpc0lzQVBhc3MxMjM= (previous base64 data may contain sensitive data) Nov 27 00:13:15 auth: Debug: client passdb out: FAIL 2 user=test.u...@ad.automaton.uk $ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=test.user,CN=users,DC=ad,DC=automaton,DC=uk # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: - # # test.user, Users, ad.automaton.uk dn: CN=test.user,CN=Users,DC=ad,DC=automaton,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 And the password on AD for test.user is 100% ThisIsAPass123. On November 26, 2014 at 12:16:34 AM, Steffen Kaiser (skdove...@smail.inf.fh-brs.de<mailto:skdove...@smail.inf.fh-brs.de>) wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 26 Nov 2014, Aaron Jenkins wrote: > I’ve attempted the user Mail with the same password with the same result > (binding as my own user was a last-ditch attempt). OK, what about the: > As I understand auth_bind_userdn, you do not need > dn/dnpass anyway, because auth_bind_userdn prevents searching for the > user's
Re: Working with Active Directory on Windows Server 2012 R2
I’ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). aaron@aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: - # # aaron.jenkins, Users, ad.automaton.uk dn: CN=aaron.jenkins,CN=Users,DC=ad,DC=automaton,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Same with the user Mail On November 25, 2014 at 2:18:26 AM, Steffen Kaiser (skdove...@smail.inf.fh-brs.de<mailto:skdove...@smail.inf.fh-brs.de>) wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 25 Nov 2014, Aaron Jenkins wrote: > I’m having issues getting Dovecot to work with AD on 2012 R2 in a test > environment. > … > Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) > Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured > session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 > rport=56395 > Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 > Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may > contain sensitive data) > Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Your conf: auth_bind = yes dn = aaron.jenkins dnpass = dummypass1 auth_bind_userdn = CN=%u,CN=users,DC=ad,DC=automaton,DC=uk Can you really succeed a simple auth with the dn aaron.jenkins ? This ought to be a full DN. As I understand auth_bind_userdn, you do not need dn/dnpass anyway, because auth_bind_userdn prevents searching for the user's DN, in which case Dovecot requires a connection before any user bind takes place. I wonder if the log shows the error from this setting or from the user's login attempt. Could you try another user? Can you auth from command line via ldapsearch -x -H ldap://dc1.ad.automaton.uk -D \ CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W \ - -b CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVHRYQ3z1H7kL/d9rAQLlKgf9GB2o0/T84E9KykVU/IkoCuLQLfaNeTzg tI26Puwl1+tHXY+WkJs8uHTsKWaI5Qyh0Fv/6bR3ZSB5QhEkAQSE87WKfSJCe6FX i1261C5oLSqA8mWYoyPnkeHuHDFKp9YULnfqgBbLzz/7Y63i0dDgaql5stELZSwa XCzUwrEWdxdzgt8h7mnfG6fHn4xxfLeKCiA5e62afjXux4eCGclcytXOpIgl8z7u bULhGmxqyYDvjkGXCex/LYtKx+S6zSIMg/8Ior6SrPBy+IK0qUtwPoOssCY4cycd 4ZRVdvxjmjbHrzQdV/ZJn+jLqSI016l/lzASP7SUptHb8CjwxZxeCw== =6Zsw -END PGP SIGNATURE-
Working with Active Directory on Windows Server 2012 R2
Hi all, I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. Background: AD is running on dc1.ad.automaton.uk<http://dc1.ad.automaton.uk>, the domain is ad.automaton.uk<http://ad.automaton.uk>. The DNS server is running on ad.automaton.uk<http://ad.automaton.uk> and the automaton.uk<http://automaton.uk> DNS is set up correctly in the test environment in that everything resolves to the correct IP address and I can authenticate with whichever LDAP clients (ldapsearch, ApacheDS, sssd). It refuses to bind on Dovecot for some reason. aaron@mail:/var/log$ uname -a Linux mail.ad.automaton.uk 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux aaron@mail:/var/log$ dovecot --version 2.2.9 aaron@mail:/var/log$ dpkg -l | grep dovecot ii dovecot-core 1:2.2.9-1ubuntu5 amd64secure POP3/IMAP server - core files ii dovecot-gssapi1:2.2.9-1ubuntu5 amd64secure POP3/IMAP server - GSSAPI support ii dovecot-imapd 1:2.2.9-1ubuntu5 amd64secure POP3/IMAP server - IMAP daemon ii dovecot-ldap 1:2.2.9-1ubuntu5 amd64secure POP3/IMAP server - LDAP support aaron@mail:/var/log/$ cat dovecot-debug.log … Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Nov 19 09:22:29 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:39 auth: Debug: client passdb out: FAIL 2 user=aaron.jenkins temp Nov 19 09:22:40 auth: Debug: client in: AUTH 3 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:44 auth: Debug: client passdb out: CONT 3 Nov 19 09:22:44 auth: Debug: client in: CONT 3 (previous base64 data may contain sensitive data) Nov 19 09:22:50 auth: Debug: client passdb out: FAIL 3 user=aaron.jenkins temp Nov 19 09:22:50 auth: Debug: client in: AUTH 4 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:56 auth: Debug: client passdb out: FAIL 4 user=aaron.jenkins temp (I’ve removed the base64 as it might contain passwords I actually use, if it’s important I’ll re-run it with a different password unredacted) Do you guys have any ideas on how to get it working with 2012 R2? I know the LDAP is quite funky but I suspect that’s why it doesn’t work. Also, attached is my sssd config as it’s working fine in case it might provide any insights. dovecot-ldap.conf.ext Description: dovecot-ldap.conf.ext sssd.conf Description: sssd.conf
[Dovecot] how to limit size of dovecot.log
I've done some searching and maybe I'm missing something... I have a remote dovecot and postfix server running on debian 5. I then have a local fetchmail server that retrieves email from the dovecot server via pop3s every 5 minutes. The problem is that the /var/log/dovecot.log file has grown to be over 1.1GiB over a period of less than 1 year. Is there a way to limit the size of the dovecot.log file, or do I have to run a monthly cron job or something to take care of it for me? Thank you, Aaron Johnson
Re: [Dovecot] Problems with Upgrade from Courier
That did it Timo. Thank you so much I guess coming from the windows world, some habits are still hard to break... Again, I can't thank you enough! -Original Message- From: Timo Sirainen [mailto:t...@iki.fi] Sent: Thursday, January 20, 2011 4:49 PM To: Aaron Pettitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Problems with Upgrade from Courier On 20.1.2011, at 23.37, Aaron Pettitt wrote: Note the difference of upper/lowercasing: > dovecot: 01/20/2011 10:27:25 Info: IMAP(samantha.fre...@mybridemail.com): > maildir++: root=/home/vmail/mybridemail.com/Samantha.Freeze, index=, > control=, inbox=/home/vmail/mybridemail.com/Samantha.Freeze vs. > deliver(samantha.fre...@mybridemail.com): 01/20/2011 10:44:27 Info: > maildir++: root=/home/vmail/mybridemail.com/samantha.freeze, index=, > control=, inbox=/home/vmail/mybridemail.com/samantha.freeze A simple solution would be: auth_username_format = %Lu
Re: [Dovecot] Problems with Upgrade from Courier
Thanks for the reply Timo. Here are parts of the debug log and it looks just like a user that works. dovecot: 01/20/2011 10:27:25 Info: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured dovecot: 01/20/2011 10:27:25 Info: IMAP(samantha.fre...@mybridemail.com): Effective uid=5000, gid=5000, home=/home/vmail/mybridemail.com/Samantha.Freeze dovecot: 01/20/2011 10:27:25 Info: IMAP(samantha.fre...@mybridemail.com): maildir: data=~/ dovecot: 01/20/2011 10:27:25 Info: IMAP(samantha.fre...@mybridemail.com): maildir++: root=/home/vmail/mybridemail.com/Samantha.Freeze, index=, control=, inbox=/home/vmail/mybridemail.com/Samantha.Freeze dovecot: 01/20/2011 10:27:25 Info: IMAP(samantha.fre...@mybridemail.com): Disconnected: Logged out bytes=50/115 Here is my login which is one that works: dovecot: 01/19/2011 20:13:24 Info: IMAP(aa...@mybridemail.com): Effective uid=5000, gid=5000, home=/home/vmail/mybridemail.com/aaron dovecot: 01/19/2011 20:13:24 Info: IMAP(aa...@mybridemail.com): maildir: data=/home/vmail/mybridemail.com/aaron/ dovecot: 01/19/2011 20:13:24 Info: IMAP(aa...@mybridemail.com): maildir++: root=/home/vmail/mybridemail.com/aaron, index=, control=, inbox=/home/vmail/mybridemail.com/aaron dovecot: 01/19/2011 20:13:24 Info: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured dovecot: 01/19/2011 20:13:24 Info: IMAP(aa...@mybridemail.com): Disconnected: Logged out bytes=91/474 -Original Message- From: Timo Sirainen [mailto:t...@iki.fi] Sent: Thursday, January 20, 2011 4:21 PM To: Aaron Pettitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Problems with Upgrade from Courier On Thu, 2011-01-20 at 11:02 -0500, Aaron Pettitt wrote: > It's really strange why dovecot can deliver the mail to the inbox but > cannot see the inbox when trying to retrieve the mail Set mail_debug=yes. See what it logs when logging in as the user. It should log where it's looking for the mails.
Re: [Dovecot] Problems with Upgrade from Courier
I was looking at my dovecot.deliver log and it's showing that it's
delivering it to the Inbox:
deliver(samantha.fre...@mybridemail.com): 01/20/2011 10:44:27 Info: auth
input: home=/home/vmail/mybridemail.com/samantha.freeze
deliver(samantha.fre...@mybridemail.com): 01/20/2011 10:44:27 Info: maildir:
data=/home/vmail/mybridemail.com/samantha.freeze/
deliver(samantha.fre...@mybridemail.com): 01/20/2011 10:44:27 Info:
maildir++: root=/home/vmail/mybridemail.com/samantha.freeze, index=,
control=, inbox=/home/vmail/mybridemail.com/samantha.freeze
deliver(samantha.fre...@mybridemail.com): 01/20/2011 10:44:27 Info:
msgid=<001a01cbb8b8$eabe89c0$c03b9d40$@net>: saved mail to INBOX
However, if I login as her through Telnet, it shows that she has no mail:
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags
permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1295474980] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
b OK [READ-WRITE] Select completed.
If I look in the new folder under her folder, it shows the last emails I
sent this morning:
-rw--- 1 vmail vmail 3564 Jan 20 10:21
1295536875.M679042P20187.mybridemail.com,W=3672
-rw--- 1 vmail vmail 3540 Jan 20 10:27
1295537272.M522196P26548.mybridemail.com,W=3649
-rw--- 1 vmail vmail 3554 Jan 20 10:39
1295537952.M462095P9353.mybridemail.com,W=3662
-rw--- 1 vmail vmail 3540 Jan 20 10:44
1295538267.M893549P15392.mybridemail.com,W=3649
It's really strange why dovecot can deliver the mail to the inbox but cannot
see the inbox when trying to retrieve the mail
From: Aaron Pettitt [mailto:apett...@comcast.net]
Sent: Thursday, January 20, 2011 10:02 AM
To: 'dovecot@dovecot.org'
Subject: Problems with Upgrade from Courier
I inherited a server from a previous employee. The server crashed so it was
time to move everything over to another server. We have a web mail site and
I installed everything running dovecot, postfix and roundcube. After I
installed it, everything worked great when I created a new user. The new
user could send and receive emails with no issues. I then copied the home
directory over from the other server and ran the courier-dovecot migration
script. It created the subscription files and the dovecot-uidlist files in
each user (about 1000 total users). When I login as one of the existing
users, it says that there is no mail in the mailbox. However, if I look at
the user's cur and new folders, there is mail in those folders. If I send a
new mail to the user, it does not show up in their inbox. If I look in
their new folder, the new mail that I sent was delivered to that folder but
it does not show up in their inbox. I've tried going to dovecot directly
through telnet with the same results. I've been stuck for 2 days now so any
help is greatly appreciated. Below is my dovecot.conf with all the comments
removed.
Thanks all!
protocols = imap imaps
disable_plaintext_auth = no
log_path = '/var/log/dovecot/error.log'
info_log_path = '/var/log/dovecot/info.log'
log_timestamp = "%m/%d/%Y %H:%M:%S "
#mail_location = maildir:~/
mail_location = maildir:/home/vmail/%d/%n/
mail_privileged_group = mail
mail_debug = yes
protocol imap {
}
protocol pop3 {
}
protocol managesieve {
sieve_storage=~/sieve
}
protocol lda {
log_path = /home/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmas...@mybridemal.com
mail_plugins = cmusieve
global_script_path = /home/vmail/globalsieverc
}
auth_verbose = yes
auth_debug = no
auth_debug_passwords = no
auth default {
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
}
user = root
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
#group =
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
}
[Dovecot] Problems with Upgrade from Courier
I inherited a server from a previous employee. The server crashed so it was
time to move everything over to another server. We have a web mail site and
I installed everything running dovecot, postfix and roundcube. After I
installed it, everything worked great when I created a new user. The new
user could send and receive emails with no issues. I then copied the home
directory over from the other server and ran the courier-dovecot migration
script. It created the subscription files and the dovecot-uidlist files in
each user (about 1000 total users). When I login as one of the existing
users, it says that there is no mail in the mailbox. However, if I look at
the user's cur and new folders, there is mail in those folders. If I send a
new mail to the user, it does not show up in their inbox. If I look in
their new folder, the new mail that I sent was delivered to that folder but
it does not show up in their inbox. I've tried going to dovecot directly
through telnet with the same results. I've been stuck for 2 days now so any
help is greatly appreciated. Below is my dovecot.conf with all the comments
removed.
Thanks all!
protocols = imap imaps
disable_plaintext_auth = no
log_path = '/var/log/dovecot/error.log'
info_log_path = '/var/log/dovecot/info.log'
log_timestamp = "%m/%d/%Y %H:%M:%S "
#mail_location = maildir:~/
mail_location = maildir:/home/vmail/%d/%n/
mail_privileged_group = mail
mail_debug = yes
protocol imap {
}
protocol pop3 {
}
protocol managesieve {
sieve_storage=~/sieve
}
protocol lda {
log_path = /home/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmas...@mybridemal.com
mail_plugins = cmusieve
global_script_path = /home/vmail/globalsieverc
}
auth_verbose = yes
auth_debug = no
auth_debug_passwords = no
auth default {
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
}
user = root
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
#group =
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
}
Re: [Dovecot] Segfault in dovecot-lda 2.0.5
On 10/19/2010 1:23 AM, Stephan Bosch wrote:
Op 19-10-2010 0:43, Aaron schreef:
On 10/18/2010 3:38 PM, Stephan Bosch wrote:
Could you provide some more info, i.e. a gdb backtrace?
Ack! Sorry about that, wasn't trying to message you personally, just
wanted to let someone know.
I can't get this to do it reliably, i only noticed it by accident
looking through some logs, and traced it back to some *very* large
incoming emails.
The emails seem to get delivered eventually, but they definitely fail
on the first try.
What if you try to re-deliver exactly those large messages again?
Regards,
Stephan.
Then it seems to work.. by default my setup retries on failure.
Actually had some automated messages (fail2ban) retry 3 times today..
weird, since they're only about 4k. Same segfault. They're local
deliveries (generated on the same server), and running through Sieve.
Transport path is qmail-send->qmail-scanner->maildrop->dovecot-lda
(since I do have some rules on my server that require hooks into
external applications).
The relevant maildrop code is
if ( $RETURNCODE == 0)
{
`test -r $HOME/$LCEXT/.sieve`
if ( $RETURNCODE == 0)
{
exception {
to "| /usr/libexec/dovecot/deliver -d
$lc...@$host"
}
}
}
Where LCEXT is the lower case representation of the user's name, and
HOST is the domain name.
Re: [Dovecot] Segfault in dovecot-lda 2.0.5
On 10/18/2010 3:38 PM, Stephan Bosch wrote: On 10/19/2010 12:25 AM, Aaron wrote: On 10/10/2010 8:48 AM, Stephan Bosch wrote: Op 10-10-2010 17:30, Sean Cardus schreef: Any ideas? Yes, this was reported several times already. First thread: http://www.dovecot.org/list/dovecot/2010-October/053475.html Apply this change: http://hg.dovecot.org/dovecot-2.0/rev/e2f9baa436f2 That should fix it. I'm seeing a similar crash when piping in excessively large (7-10mb) emails. I have already applied the listed change, which fixed this issue with normal sized email. Could you provide some more info, i.e. a gdb backtrace? Regards, Stephan Ack! Sorry about that, wasn't trying to message you personally, just wanted to let someone know. I can't get this to do it reliably, i only noticed it by accident looking through some logs, and traced it back to some *very* large incoming emails. The emails seem to get delivered eventually, but they definitely fail on the first try.
Re: [Dovecot] Qmail+Vpopmail+Mysql+Dovecot 2.x (Notes on a successful conversion)
On 10/8/2010 10:14 AM, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/07/2010 06:42 PM, Aaron wrote: user_query = SELECT pw_dir as home, 1008 AS uid, 1003 AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' Just a quick FYI: You could just use the vpopmail driver that comes with Dovecot. It's easier to configure, and it does not matter what backend database you use. - -- /* Matt BrookingsGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ You're kidding. It works now? As of which revisions of Dovecot/Vpopmail? (It was broken with dovecot 2+vpopmail 5.4.30 & 5.5 the last time I attempted to use it). Thanks! a.
[Dovecot] Qmail+Vpopmail+Mysql+Dovecot 2.x (Notes on a successful conversion)
SoI had a hell of a time converting my qmail install to dovecot 2.0.5,
so I thought I'd pass on what I learned.
1. When using vpopmail, do not use " --disable-many-domains". If you
do, you'll need to recompile vpopmail without that setting and use the
script found at
http://qmailrocks.thibs.com/downloads/scripts/migrate-vpopmail-many-domains
to collapse the tables.
2. Switch to mysql authentication. The following snippet works well.
driver = mysql
connect = host=/var/run/mysqld/mysqld.sock user=vpopmail
password=YOURPASS dbname=vpopmail
default_pass_scheme = PLAIN
password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user,
pw_clear_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND
pw_domain = '%d'
user_query = SELECT pw_dir as home, 1008 AS uid, 1003 AS gid FROM
vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
3. When integrating Sieve, vpopmail apparently needs to own auth-master
and authdb. (example available on request)
4. If coming from maildrop as the LDA, you can put the following in
your maildroprc to allow a gentler transition (or to keep maildrop's
ability to call external applications)
`test -r /usr/libexec/dovecot/deliver`
if ( $RETURNCODE == 0)
{
`test -r $HOME/$EXT/.sieve`
if ( $RETURNCODE == 0)
{
to "| /usr/libexec/dovecot/deliver -d $...@$user"
}
}
5. When completely switching, you can either replace the .qmail files
or use one of the following in qmail/control/defaultdelivery
|/var/qmail/bin/preline -f /usr/libexec/dovecot/deliver -d $...@$user
|/var/qmail/bin/preline -f /usr/libexec/dovecot/deliver -d
${EXT/-...@$user -a $...@$user
--
This should allow a final conversion to vpopmail 5.5 (from 5.4.30) with
dovecot 2.0.x.. I haven't done that final step yet, but it should now work.
Anyhow, I hope this saves someone a few days of head scratching.
a.
Re: [Dovecot] 2.0.5: deliver crashing
On 10/6/2010 12:58 AM, Ralf Hildebrandt wrote: * Ralf Hildebrandt: * Timo Sirainen: On 5.10.2010, at 23.37, Ralf Hildebrandt wrote: From my log: Oct 6 00:10:36 postamt kernel: [2353838.557216] deliver[2799]: segfault at 48 ip b77dd649 sp bfcf3b48 error 6 in libdovecot-storage.so.0.0.0[b778e000+b8000] http://hg.dovecot.org/dovecot-2.0/rev/e2f9baa436f2 ? Patching& installing. I call it a day after this... It seems to work :) Confirmed. Same problem noted, this patch stopped that segfault.
Re: [Dovecot] Using dovecot with vpopmail and mysql auth?
On 8/17/2010 8:39 AM, Aaron Greengrass wrote: Hi, Does anyone happen to know the right strings to do authentication against mysql storing vpopmail data, vs using the vpopmail auth module? I'm trying to get up to both vpopmail 5.5, and dovecot 2.0, and dovecot-auth seems to reliably segfault on the 5.5 vpopmail module. I've tried downgrading vpopmail as well, with less than stellar results. I saw an old article about doing exactly that -- switching from the vpop module, while still using it's DB, but it is both a) old, and b) confusing. Any help you can offer -- or urls in a pinch -- would be appreciated. Addendum I'm using one domain per table. This means I need to probably translate %d into blah_blah instead of blah.blah. An earlier list conversation mentioned this as a possible sql injection point -- I definitely don't want to open up a security hole! I saw the patch to use vpopmail 5.4.30 with dovecot 2.x, I can do that, but ideally I'd like to a) get up to vpopmail 5.5, b) stop using the vpopmail driver and switch to the mysql one, and c) upgrade to dovecot v2. Suggestions? Thanks for your help. Aaron.
[Dovecot] Using dovecot with vpopmail and mysql auth?
Hi, Does anyone happen to know the right strings to do authentication against mysql storing vpopmail data, vs using the vpopmail auth module? I'm trying to get up to both vpopmail 5.5, and dovecot 2.0, and dovecot-auth seems to reliably segfault on the 5.5 vpopmail module. I've tried downgrading vpopmail as well, with less than stellar results. I saw an old article about doing exactly that -- switching from the vpop module, while still using it's DB, but it is both a) old, and b) confusing. Any help you can offer -- or urls in a pinch -- would be appreciated.
Re: [Dovecot] Post-logoff script
> > Hi, > > Is it possible with dovecot to run a script on user logoff > event - something like post-login script? > > You could do a post-login script that does: > > #!/bin/sh > > # post-login stuff > /usr/local/libexec/dovecot/imap > ex=$? > # post-logout stuff > exit $ex > > Of course that means some annoying extra shell processes. An > alternative would be for you to create a plugin that does the post- > logout stuff in its deinit() function. Thanks for the suggestion. I think I can do what I need using swatch to catch logon/logoff events from the logfile. Thanks, Aaron
[Dovecot] Post-logoff script
Hi, Is it possible with dovecot to run a script on user logoff event - something like post-login script? What I want to achieve is updating a SQL table with online/offline status. Thanks in advance, Aaron
[Dovecot] Using Push IMAP to trigger POP3 download
Hello all, I have an HTPC connected 24/7 to the Internet running Mythbuntu. I also have a web/email host that runs Dovecot for email and provides IMAP and POP3 access. I understand that Dovecot supports Push IMAP and I could, for example, use Thunderbird to connect to my email host to receive instant email as it arrives. I would like to add a Dovecot IMAP server on my HTPC (for increased storage, to aggregate multiple email accounts, to process messages with SpamAssassin and to provide a better webmail interface) and retrieve email from my webhost to my HTPC by POP3. To set up POP3 on my HTPC, I understand that the norm is to set a time interval (say, every 10 minutes) for clearing email. What I would prefer to do, if possible, would be to have Dovecot on my HTPC keep a Push IMAP connection with Dovecot on my webhost. When a new message is available on the webhost, my HTPC would be "pushed" a notification and it could do a POP3 download. This would allow it to clear emails with POP3 (and reduce storage requirements on my webhost), mean that I received emails instantly and not require me to have it poll for messages on a very-regular basis. Does anybody know if this is possible? As an alternative (not solving my space problem on the webhost, but solving the others), is it possible to set up Dovecot to "piggy back" off an existing IMAP server? In my example, my webhost does not offer good spam-checking and webmail. Would it be possible for me to set up a Dovecot server on my HTPC that received messages by Push IMAP, processed them with SpamAssassin (say, moving all of the spam messages to a subfolder) and provided a good web interface, all the while providing updates to the webhost's server? In some ways, this is almost more like an IMAP client than a server. I apologise if these questions are stupid! Happy New Year and thanks in advance, Aaron -- FSF Associate Member: 5632 http://www.fsf.org
Re: [Dovecot] Proxy, using checkpassword
Hi again,
Scrap that, I am now getting along fine writing my response to file
descriptor 4.
Thanks again,
Aaron
-Original Message-
From: dovecot-bounces+aroberts=domicilium@dovecot.org
[mailto:dovecot-bounces+aroberts=domicilium@dovecot.org] On Behalf Of Aaron
Roberts
Sent: 27 November 2009 10:36
To: dovecot@dovecot.org
Subject: [Dovecot] Proxy, using checkpassword
Hi all,
I think I may be doing something wrong but, is it possible to proxy POP
and IMAP users when using a checkpassword script as the passdb?
I'm trying to write a perl script to handle authentication to a mix of SQL and
POP3 sources whilst logging user passwords at the same time for a migration.
At the moment, I'm trying to set environment variables to tell dovecot what to
do:
$ENV{'AUTHORIZED'} = 2;
$ENV{'proxy'} = 'Y';
$ENV{'host'} = $pop_success;
Dovecot is logging the following:
Nov 27 10:35:01 pop3 dovecot: auth(default): client in:
AUTH#0118#011PLAIN#011service=pop3#011lip=192.168.100.143#011rip=192.168.100.60#011lport=110#011rport=3051#011resp=AGFpcmJlYXIAcG9uZGFhcjM=
Nov 27 10:35:01 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): execute:
/var/run/dovecot/login/authomatic.pl /usr/libexec/dovecot/checkpassword-reply
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): Received input:
userdb_uid=0#011userdb_gid=0#011
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): Received no input
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): exit_status=0
Nov 27 10:35:02 pop3 dovecot: auth(default): client out: OK#0118#011user=airbear
Nov 27 10:35:02 pop3 dovecot: dovecot: User airbear is missing UID (see
mail_uid setting)
Nov 27 10:35:02 pop3 dovecot: auth(default): master in:
REQUEST#0115#01116075#0118
Nov 27 10:35:02 pop3 dovecot: auth(default): master out: USER#0115#011airbear
Nov 27 10:35:02 pop3 dovecot: pop3-login: Internal login failure (auth failed,
1 attempts): user=, method=PLAIN, rip=192.168.100.60,
lip=192.168.100.143
Thanks in advance,
Aaron
[Dovecot] Proxy, using checkpassword
Hi all,
I think I may be doing something wrong but, is it possible to proxy POP
and IMAP users when using a checkpassword script as the passdb?
I'm trying to write a perl script to handle authentication to a mix of SQL and
POP3 sources whilst logging user passwords at the same time for a migration.
At the moment, I'm trying to set environment variables to tell dovecot what to
do:
$ENV{'AUTHORIZED'} = 2;
$ENV{'proxy'} = 'Y';
$ENV{'host'} = $pop_success;
Dovecot is logging the following:
Nov 27 10:35:01 pop3 dovecot: auth(default): client in:
AUTH#0118#011PLAIN#011service=pop3#011lip=192.168.100.143#011rip=192.168.100.60#011lport=110#011rport=3051#011resp=AGFpcmJlYXIAcG9uZGFhcjM=
Nov 27 10:35:01 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): execute:
/var/run/dovecot/login/authomatic.pl /usr/libexec/dovecot/checkpassword-reply
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): Received input:
userdb_uid=0#011userdb_gid=0#011
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): Received no input
Nov 27 10:35:02 pop3 dovecot: auth(default):
checkpassword(airbear,192.168.100.60): exit_status=0
Nov 27 10:35:02 pop3 dovecot: auth(default): client out: OK#0118#011user=airbear
Nov 27 10:35:02 pop3 dovecot: dovecot: User airbear is missing UID (see
mail_uid setting)
Nov 27 10:35:02 pop3 dovecot: auth(default): master in:
REQUEST#0115#01116075#0118
Nov 27 10:35:02 pop3 dovecot: auth(default): master out: USER#0115#011airbear
Nov 27 10:35:02 pop3 dovecot: pop3-login: Internal login failure (auth failed,
1 attempts): user=, method=PLAIN, rip=192.168.100.60,
lip=192.168.100.143
Thanks in advance,
Aaron
[Dovecot] External auth database process
Hi, Is it possible to call a completely external process to authenticate users in dovecot? I am trying to setup a transparent pop3 proxy that will lookup users from a couple of different pop3 servers, authenticate to 1 of them, take a copy of the password and a timestamp and client IP upon success, then proxy to the appropriate end server. I was hoping I would be able to do something along the lines of: dovecot.conf: passdb external args = /usr/scripts/dovecot_auth.pl %u %w The perl script would then carry out the various tasks and return the host and destuser for proxying. Thanks in advance, Aaron
Re: [Dovecot] PAM_USER falsely assumed immutable
On Wed, 22 Jul 2009, Timo Sirainen wrote: I'm not really sure why you think that's wrong. The code is there exactly for the reason that if PAM changes username Dovecot will notice it and starts using it. Actually, that makes a lot of sense. I was confusing other (proximate) logs with the implication that that situation resulted in the user being kicked out. That's not the case. Do you have some PAM plugin that changes the username and you don't want it to be changed? Yes, and history going back to Solaris 2.6 that applications -- even fairly paranoid ones like portable OpenSSH -- "respect" this. But honestly, all things considered, I'm not sure that this behavior isn't the better arrangement. It's worth a warning for history that Dovecot is presently the odd man out versus any PAM-enabled application I've ever seen (Solaris/Linux login, portable OpenSSH, ProFTPd, UW-IMAP, Apache's mod_auth_pam, xscreensaver, xdm/gdm, saslauthd, courier IMAP, I could go on forever) but it may well represent a better way moving forward. Unless you have any other thoughts, I'll look at this from the PAM module development side (namely setting PAM_USER to the authorization target rather than authentication target), and speak up if there's any unforeseen consequences. The only situation that I can see getting interesting is if a module causes stack exit while the authentication target is still set. In practice, I don't think this will happen for a PAM_SUCCESS return, and I don't particularly care if there are additional red flags raised in a PAM_AUTH_ERR or other bad return.
[Dovecot] PAM_USER falsely assumed immutable
In 1.2.1 there's:
passdb-pam.c:230 status = pam_get_item(pamh, PAM_USER, &item);
passdb-pam.c:237 auth_request_set_field(request, "user", item, NULL);
so "item" is PAM_USER, which is then checked by auth_request_set_field:
1022 if (strcmp(request->user, value) != 0) {
1023 auth_request_log_debug(request, "auth",
1024 "username changed %s -> %s",
1025 request->user, value);
that it hasn't changed.
You're not allowed to assume that PAM_USER doesn't change. See, for
example, http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/adg-security-user-identity.html
to say nothing of the fact that Rutgers has PAM modules that do exactly
that (change PAM_USER). This check needs to be relaxed (or, perhaps if you
want a config directive for DontComplyWithThePAMSpec = true, you can have
a tunable). Can this be as simple as ditching the call to
auth_request_set_field, or is there concern over interactions between PAM
and other auth features?
[Dovecot] Mailbox to maildir conversion
I just today wrote Yet Another Conversion Script. This one differs from the rest that I've seen in that it will generate a dovecot- uidlist index. I've done some testing, but not any absolutely extensive testing. It works well from what I've tried. Invocation is simple. You pass the script the maildir and the mailbox file and it parses the mailbox file. The index file is generated if there is at least one e-mail with an X-IMAP header which contains the last ID used and the IMAP UIDVALIDITY. My old mail setup was ipop3d + sendmail (now dovecot + postfix) and it had a DON'T DELETE THIS MESSAGE e-mail with the aforementioned X-IMAP header. This e-mail will not be saved in the maildir. All e-mails with an X-UID header will get an entry in the uidlist file. The script works with python 2.3 or later. I haven't tested it on pre-2.3 python versions as I don't have any installed. http://habnabit.org/mb2md.py.gz I can answer questions about it if needed. I'm also willing to try to add any suggested features.
Re: [Dovecot] nfs locking issues...
A few questions...
1. What are you running as the underlying FS for your NFS share?
2. What are you using for the NFS server?
3. Do you see any messages about lockd in your messages file?
4. When you strace a deadlocked process, what do you see?
5. Do these locks appear to deadlock on the same machine, or
is one lock on one machine and another lock on another machine?
-Aaron
On Tue, Feb 26, 2008 at 11:03 AM, John Gray <[EMAIL PROTECTED]> wrote:
> I'm running Dovecot 1.1 RC1. I believe I've done all the due diligence
> for making things working correctly over nfs. But I run into locking
> issues if I run over nfs.
>
> procmail is doing the delivery over nfs. uw-imap was ruining over nfs.
> dovecot is fine if its on the nfs server (i.e. it has local access to
> the disk, no nfs)
> I run into lock deadlocks if I run dovecot over nfs
> Users are directed to different servers, but a given users will always
> get the same server (at least until there's no activity for that user
> for over an hour). This only applies to when running dovecot over nfs.
> Everybody goes to the nfs server otherwise.
>
> Sometimes I can kill all the processes, remove the dot locks, and
> recover. Something I need to reboot the nfs server to recover.
>
> Let me give a run down of the particulars:
>
> All the mail is in mbox format.
> everybody runs linux with kernel 2.6.24.2 (any known nfs locking issues
> there?).
> delivery is done via procmail, its locking and dovecot's are both
> dotlock, fcntl.
> The nfs mount options are
> actimeo=3,hard,noatime,rsize=32768,wsize=32768,nfsvers=3
> The clocks are in sync.
>
> Dovecot.conf:
> protocols = imap imaps pop3 pop3s
> login_greeting = imap ready.
> mail_location = mbox:~/:INBOX=/var/mail/%u
> mmap_disable = yes
> mail_nfs_storage = yes
> mail_nfs_index = yes
> protocol imap {
> }
> protocol pop3 {
> pop3_uidl_format = %08Xu%08Xv
> }
> auth default {
> mechanisms = plain
> passdb pam {
> }
> userdb passwd {
> }
> user = root
> }
> dict {
> }
> plugin {
> }
>
> Any help would be greatly appreciated.
>
> Thanks,
> John
>
> --
> John Gray [EMAIL PROTECTED]
> AgoraNet, Inc. (302) 224-2475
> 314 E. Main Street, Suite 1 (302) 224-2552 (fax)
> Newark, De 19711http://www.agora-net.com
>
>
Re: [Dovecot] Maildir Subsystems
Hey Timo, thanks for the quick response... On Fri, Feb 22, 2008 at 4:50 PM, Timo Sirainen <[EMAIL PROTECTED]> wrote: > > src/lib-storage/index/maildir/ has all the maildir specific code. In > v1.1 the mailbox listing is separated from mailbox storage handling to > src/lib-storage/list/. A lot of code is common between all mailbox > backends though. > > Quota is implemented as a plugin in src/plugins/quota/ and src/plugins/ > imap-quota/. I realize I'm probably not looking deep enough, but after a quick scan of how you lay out the different backends, I thought it might be easier for us to actually just implement our own backend rather than modifying the existing maildir implementation. I'd provide more details, but for legal reasons, I can't (yet). Is there a rough document of the abstraction between the backends that I could read, or can you provide an overview of that layer - or point me in the right direction? > Dovecot v1.1 handles NFS a lot better than v1.0 and I'd suggest not > bothering with v1.0 anymore if you use NFS. Righto, I'll stick to concentrating on 1.1. > 1) Call Courier migration script (http://wiki.dovecot.org/Migration/Courier > ) from post-login script (http://wiki.dovecot.org/PostLoginScripting) > for the user logging in. > 2) Stop Courier > 3) Start Dovecot Nifty, that makes life easy. Thanks. -Aaron
[Dovecot] Maildir Subsystems
Greetings - new to the list, so apologies of I'm asking questions that have been brought up before. I work for a large email provider, currently using qmail, vpopmail and courier-imap. We tend to make fairly regular customizations of the software, and if you folks have any knowledge of courier's code layout, you probably can understand why we hate working on it. Anyway, I am looking at the possibility of migrating to dovecot, after a quick review of the code layout. It is MUCH nicer to read. But I have a few specific questions: 1. We customize our maildir system fairly heavily, and I'm wondering where the maildir code is located. Specifically, anywhere the app actually does work on disk related to folders, mail content and quotas. While I have reviewed the code in brief, I thought it would be easier to poke this list to get pointed in the right direction. 2. Courier works quite well over NFS for us, and I'm curious why your documentation covers NFS more specifically. What aspects of the filesystem are normally used that don't translate easily to work over NFS? Do you use stuff like inotify or atimes? 3. If anyone has any suggestions on how to migrate tens of thousands of imap users from courier to dovecot in a few hour window, I'd like to hear them :) Thanks, Aaron Wiebe
[Dovecot] maildir file name flags out of order?
I was trying to figure out why my false-positive spam messages were being tagged as "personal" by thunderbird, and I noticed a possible problem. According to DJB: http://cr.yp.to/proto/maildir.html > New flags may be defined later. Flags must be stored in ASCII order: e.g., > "2,FRS". Looking at my maildir, I am seeing flags out of order, such as "2,Sdae" Shouldn't that be "2,Sade"? -Aaron
