Re: shared/public mailbox application
-Original Message- From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox Sent: Thursday, November 24, 2016 11:53 AM To: Dovecot Mailing List Subject: shared/public mailbox application I'm new to Dovecot and I need help configuring a shared or public mailbox - I'm not sure which is appropriate. I've read the wiki and Peer's book and neither appears to cover what I'd like to do. So I could use some specific help on how to configure a solution for the following: I'd like to create two real mailboxes, let's call them AAA and BBB. Let's call the domain "mydomain". By "real", I mean that users aaa@mydomain and bbb@mydomain can log into their own mailbox. Anyone user can send mail to them, just like any other address: aaa@mydomain or bbb@mydomain. I'd like all IMAP users in mydomain to be able to read the messages in those mailboxes. I'd like all POP users in mydomain to also see those messages. (But I don't think I need help with the virtual part). I'd like only a few designated IMAP users to be able to delete the messages in those mailboxes, including dummy users AAA and BBB themselves. Ideally, I'd like them to appear in the client under a separate namespace from shared mailboxes. Example: INBOX +--- the normal stuff. Shared +--- user1 +--- user2 Special +--- AAA +--- BBB My confusion: 1) I don't know if this requires a shared namespace or a public namespace. It "feels" like it's "public", since all users would have access. But Peer's book and the wiki describe manually creating folders for public namespaces and controlling the contents with manual file manipulation, which leads me to believe that they can't be used for regular mail (although the book and the wiki never say one way or the other). I don't want to manually control files. I want to send mail to the mailbox and delete (see above) it with a client. 2) There are several examples in Peer's book and the wiki, but none seem to match what I want. (This is the problem with documentation that is predominantly example-based). I guess I need more explanation of the mechanical differences between shared and public and why one would pick one over the other. Can someone help? Please be as specific as you can. Thanks much, Michael Hi, I did that in Linux (Ubuntu) by using symbolic links. In the INBOX of users that you want to see shared emails place a symlink to the shared INBOX. | | | ...INBOX | | .Drafts (folder) | | .Trash (folder | | ... | | ~.Shared AAA --> ../aaa | | ~.Shared BBB --> ../bbb | | | ...INBOX | | ... | | ~.Shared AAA --> ../aaa | | ~.Shared BBB --> ../bbb | | | ...INBOX | | ... | | | ...INBOX | | ... The only thing that could create problems are permissions. I use the same UID/GID for all users (vmail:vmail) so I don't have such problems. If you want special permissions for groups of users (some can delete emails in shared folders) you need to define the permission groups, add users you want to those groups and set rw permission and set group bit on shared folders. If you're not using Linux I cannot help. Adrian
Re: BUG: nopassword doesn't work with CRAM-MD5
On 17.11.2016 10:30, Arkadiusz Miśkiewicz wrote: On Thursday 17 of November 2016, Aki Tuomi wrote: On 17.11.2016 10:14, Arkadiusz Miśkiewicz wrote: Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,): Requested CRAM-MD5 scheme, but we have a NULL password NULL is there because our sql query returns empty password just like wiki says "nopassword: you want to allow all passwords, use an empty password and this field. " If password is returned in sql query then it fails, too: Nov 17 09:00:49 auth-worker(2206): Error: sql(pepe,127.0.0.1,): nopassword set but password is non- empty So looks to be a bug. It's not a bug. CRAM-MD5 does in fact require *some* password to work, Provide fake/random one for nopassword internally. you can either store it with doveadm pw -S CRAM-MD5 or as plain text password. Then I get sql(pepe,127.0.0.1,): nopassword set but password is non- empty So that doesn't help btw. doveadm pw -S is not documented, so no idea what it does Aki Sorry to bump into your conversation but Aki is defending too hard something that is realy a bug. I have signaled myself this issue in the "very old" version 2.2.9(!) nopassword means ANY password (including none). One cannot store something like ANY with doveadm, SQL or anything. So with "nopassword" the query should simply ignore the password field (missing, NULL or set to anything else). Why would an user login with nopassword? This is an administrator decision and is not subject for comments. My problem was with LDA who refuses to store mail in INBOX if the user is not properly authenticated (nopassword) so you cannot receive mails for "hidden" users that cannot login, maybe to redirect mails later or do some other things with. Adrian
Re: Crashing when run against OpenSSL 1.1.0c
Hi You can't think how glad I am that SSL issues rise again in a new Dovecot version with next Ubuntu release with a new OpenSSL library. Some days ago I have posted something similar about Ubuntu 14.04 - Dovecot 2.2.9 - OpenSSL 1.0 (Dovecot processes turning zombie) but noone cared about. I still think is somehow related to ssl-param process + config + auth + ...whatever (all of them "ignoring idle SIGINT") If Dovecot SSL implementation is so dependant of a certain version of a library (OpenSSL for example) you should consider saving a copy of the "known-good" library version somewhere in Dovecot private space and use it without relaing on generic system upgrades. Don't get me wrong: I love Dovecot as IMAP server and local delivery agent. But public interface is unreliable, authentication too, so for now I am using Dovecot as an isolated server in localhost and attach other public interfaces to it. Even so, delivery agent LDA is still trying to authenticate and complains about null passwords (what?). I have destination addresses that should go to a shared mailbox and that user@domain is never allowed to login. The workaround is to set an "impossible" password for those but this is not a nice solution. LDA should care only about what counts for him (maybe using some defaults) and leave everything else for the "big boys". Sorry for any inconvenience, Adrian POPA - Original Message - From: "Aki Tuomi" To: Sent: Tuesday, November 15, 2016 1:43 PM Subject: Re: Crashing when run against OpenSSL 1.1.0c On 15.11.2016 13:27, Michael Marley wrote: Hi, I am running Dovecot 2.2.26.0 compiled against OpenSSL 1.1 and, since upgrading to OpenSSL 1.1.0c, the "lmtp" process has been crashing with SIGSEGV whenever it receives SIGINT. This always happens a minute or so after the lmtp process handles a message. It can also be manually reproduced by sending SIGINT to one of the running lmtp processes. I am compiling and running on an Ubuntu 17.04 x86_64 system using GCC 6.2. Here is the output of me reproducing it with gdb: (gdb) signal SIGINT Continuing with signal SIGINT. Program received signal SIGSEGV, Segmentation fault. 0x7f6748cc2fb0 in ?? () (gdb) bt #0 0x7f6748cc2fb0 in ?? () #1 0x7f674872ac60 in ossl_init_thread_stop (locals=) at crypto/init.c:336 #2 0x7f674872aee4 in OPENSSL_cleanup () at crypto/init.c:391 #3 0x7f67491052e0 in __run_exit_handlers (status=0, listp=0x7f674948c5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:83 #4 0x7f674910533a in __GI_exit (status=) at exit.c:105 #5 0x7f67490eb3f8 in __libc_start_main (main=0x555b35fbfbc0 , argc=1, argv=0x7ffd4ede3588, init=, fini=, rtld_fini=, stack_end=0x7ffd4ede3578) at ../csu/libc-start.c:325 #6 0x555b35fbfe3a in _start () Here is the output of "doveconf -n": # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (623ae77) # OS: Linux 4.8.7-040807-generic x86_64 Ubuntu Zesty Zapus (development branch) auth_mechanisms = plain login auth_username_format = %Ln mail_location = mdbox:~/mdbox mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address = mich...@michaelmarley.com protocols = imap sieve lmtp service auth { client_limit = 1624 unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imaps { port = 0 } } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_ca = Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". test_cipher_test_vectors . : ok test_cipher_aead_test_vectors : ok test_hmac_test_vectors ... : ok test_load_v1_keys : ok test_load_v1_key . : ok test_load_v1_public_key ..
Dovecot processes turning zombie
Hi I am running Ubuntu 14.04 (plan to go to 16.04) with Postfix and Dovecot 2.2.9 from Ubuntu repository. Dovecot configuration has not changed dramatically since the days of Ubuntu 12.04 (can't remember Dovecot version). In the last months, connection to Dovecot IMAP service become more and more dificult. First Ubuntu Thunderbird refused to connect, than Android phones. The last one connecting regularly was an old XP laptop(!). Now it's facing problems too. Again, I did not make any configuration changes lately so only system upgrades (libraries) may have caused this. The first thing to notice was that some Dovecot processes are going zombie (defunct). At startup "ssl-params", then sometimes "auth", "imap-login" and rarely "config". Turning on debug logging in Dovecot show that offending process "is ignoring idle SIGINT". And "auth client limit (1000) reached". This behavior also impacts on Postfix delivery through Dovecot LDA with "status=deferred (temporary failure)" (I turned off mail sending with -e in lda invocation). Another thing is SLL connection. Attempts to test with openssl s_client show that Dovecot is not responding after ClientHelo when it should normally send server certificate. The very same certificate is used with Postfix and it works (I can send mails through Postfix) but IMAP connections to Dovecot do not. There is no protocol mismatch because I have try a local SSL connection (same computer). Initial messages are TLS1.2 but nothing in response. So my question is: did you faced such problems and found a cause (and maybe a fix)? Upgrading to Ubuntu 16.04 with whatever Dovecot version it provides may resolve the issues? Thanks