Re: Thunderbird ignores some folders

[Alex Crow]

IPad email client shows unsubscribed folders (?) whereas by default TB 
does not (see server settings->advanced under the account).


Just a guess...

Alex


On 03/10/14 19:03, dovecot.pk...@dfgh.net wrote:

Dear readers

we are using Dovecot 2.2.7 and all of our users are using Thunderbird as
their mail client. Some of them additionally use their iPad/iPhone and a
very few an Android Mail-Client.

Now one user noticed that two of his mail folders disappeared. He first
believed that he accidentally deleted those folders but then he realized
that they are still visible from his iPad. I checked this users maildir and
everything looks normal. Deleting the index-files made no difference: New
index-files were created but those two folders are still invisable from
Thunderbird.

My main concern is to find the reason for this behaviour. Maybe folders of
other users have disappeared and they have not yet noticed. A fresh
installation of Thunderbird will most likely fix this single users problem,
but I cannot do this for all of our users.

So here's my question: How would I debug such a situation?

Kind regards

Peter Koch

And here's our config file:

# Dovecot configuration file

default_process_limit = 2048

protocols = imap
listen= *
base_dir  = /var/dovecot/

mail_location = maildir:/mail/%u:LAYOUT=fs

ssl_cert = 

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

Wasnt that productive?

I'm hoping the hubris will lead to some self-realisation later but I 
doubt it.


Also felt like he was testing us, posting regexes for us to look at and 
then when we pointed out the errors in them suddenly declaring they were 
deliberate errors for testing!


Alex

On 27/09/14 14:28, Reindl Harald wrote:


Am 27.09.2014 um 15:16 schrieb Klaipedaville on Google:

Alex:
if it was

^From:.*\@.*\.tw$
it would not.

$ is optional and it only means the end of expression, the rule works either 
with or without it in the problem I was trying to solve.


And again according to the man page, $ is usable:
"/^(.*)-outgoing@(.*)$/"

This is again an option ($), not a must, the rule would be valid either way.

you are a ignorant fool


[root@srv-rhsoft:~]$ postmap -q "From: b...@bla.tw" 
regexp:/home/harry/Desktop/bla.cf
REJECT

[root@srv-rhsoft:~]$ postmap -q "From: bla@bla.twitter" 
regexp:/home/harry/Desktop/bla.cf
REJECT

[root@srv-rhsoft:~]$ cat /home/harry/Desktop/bla.cf
/^From:.*\@.*\.tw/ REJECT


[root@srv-rhsoft:~]$ postmap -q "From: b...@bla.tw" 
regexp:/home/harry/Desktop/bla.cf
REJECT

[root@srv-rhsoft:~]$ postmap -q "From: bla@bla.twitter" 
regexp:/home/harry/Desktop/bla.cf

[root@srv-rhsoft:~]$ cat /home/harry/Desktop/bla.cf
/^From:.*\@.*\.tw$/ REJECT



You seem to think that you are the worlds greatest regexp expert and to
be frank it comes off as a bit arrogant.

knowledge often comes arrogant to ignorant people


I am not the world greatest regexp expert but definitely not the worst one

you are the worst one because you argue instead realize your error


My rules work the way I want and need them to work. Period.

no they don't damned


I have neither time no desire to prove that 2+2=4

no, but you telling us it's 5


I will not clutter this list speaking off Dovecot issues any more as I feel 
sorry for time wasted for list readers

please do so

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

On 27/09/14 11:49, Klaipedaville on Google wrote:

Joseph Tam writes:

However, my header_checks file has just 5 lines of regexp as follows:
...
/^From:.*\@.*\.tw/   REJECT Sorry, Taiwanese mail is not 
allowed.

Can't speak about the other issues you are having, but is this regexp pattern 
what you want?  Unless Postfix PCRE automatically right-anchors these regexps, 
aren't you rejecting mail from some...@mail.twinpeaks.org,
or even twitter notifications (from *@bounce.twitter.com).

I am not sure I even understand what you were trying to say. It's either 
because you have no idea how to write any regexp / pcre rules


I don't understand why you seem to think there is some kind of magical 
interaction between postfix and dovecot. Once postfix passes to the 
Dovecot LDA that's the end of its responsibility. Likewise dovecot has 
no inside knowledge of that Postfix does.


Certainly in grep that /would/ match ,eg, f...@bar.twister.com because as 
Joseph said the .tw is not anchored to the end of the pattern. Now 
whether this applies in headerchecks is not for this list.


if it was

^From:.*\@.*\.tw$

it would not.

And again according to the man page, $ is usable:

"/^(.*)-outgoing@(.*)$/"

You seem to think that you are the worlds greatest regexp expert and to 
be frank it comes off as a bit arrogant.


Alex

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

On 26/09/14 16:44, Klaipedaville on Google wrote:


Whatever's the case the backscatter you're talking about has its own 
ways and methods to be fought with. There are countries for example 
Germany where it is prohibited by law to discard any email messages 
silently. You must reject them so that the senders would be aware what 
is going on. I was told that by one German admin. I am not sure if 
this is really true but it has some logic on one hand and it is 
completely groundless on the other hand because you cannot substitute 
a live person by a machine. Let's say if the machine (computer / 
server) confirmed reception of the email it does not necessarily mean 
that any person on the other end also received and read that email. 
But this is just demagogy that has very vogue legal / law aspects 
involved.





One *very* convincing argument not to send an *email* response (reject 
at SMTP is fine) is that it is very likely indeed you'll end up on an 
RBL yourself for doing this. It happened to us when we were still 
bouncing (probably about 8-10 years ago). It was the main reason we stopped.


Reindl,
I respecfully disagree with (a) at least for the UK. It may be the case 
in Germany but I'll be damned if I'm going to give up on my Mailscanner 
- tuned over the years enough that we've never had a legit mail get canned.


Anyway, that's enough for me otherwise this is going to turn into a 
flamewar rather than informational.

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

On 26/09/14 16:00, Klaipedaville on Google wrote:
>So why does it state in man 5 regexp_table that such tables are *case 
insensitive* by default and the /i actually toggles that? Are you 
saying that man page is wrong? I'd be surprised as I don't think I've 
yet come

>across an occasion where postfix man pages are incorrect!
I am not saying that the Postfix man is incorrect. It is 100% case 
insensitive and SPAM (upper case) and spam (lower case) would mean 
absolutely the same. Therefore my SPAM (upper case) regexp was correct.


>So if the regexes were all correct, then:
>
>a) what was your actual problem once you identified it
>
>and
>
>b) for the benefit of the list, how did you actually solve it?
>
>Alex

I explained it all in my previous post.


I realise it's probably because of the use of the reject action, which 
presumably inserts the text "No spamming allowed here." into the subject 
of the bounce.


However what also concerns me is that sending MDN's back to the envelope 
sender of SPAM messages is very likely to cause your server to be the 
origin of "Joe-Job" spam. The sieve RFCs state that if using reject 
(therefore sending MDNs) you should also be able to check for forged 
envelope senders and in that case do not send bounces. In real life it's 
considered best to just not bother sending anything back at all, and 
either discard, or block at the SMTP level using RBLs.


Cheers

Alex






--
This message has been scanned for viruses and
dangerous content by *MailScanner* , and is
believed to be clean. 


--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

On 26/09/14 15:27, Klaipedaville on Google wrote:

/^Subject:.**{5}SPAM*{5}/REJECT No spammers allowed here.
/^Subject:.*\*\*\*\*\*SPAM\*\*\*\*\*/REJECT No spammers allowed.
/\s**{5}SPAM*{5}/REJECT No spamming
hullababballos allowed.
I think it may be this one above. From the postfix manuals"By default, matching is 
case-insensitive, and newlines are not treated as special characters. The behavior is 
controlled by flags, which are toggled by appending one or more of the following 
characters after the pattern: *i* (default: on) Toggles the case sensitivity flag. By 
default, matching is case insensitive."

Case insensitive is declared by putting this /i at the end of a rule.
Postfix has nothing to do with regular expressions (regexp) and regexp is not 
controlled by postfix. There should be a regexp library available on the server 
where you are using regexp. It’s like PHP, or tml, or js, or css, it cannot be 
controlled by postfix.
So why does it state in man 5 regexp_table that such tables are *case 
insensitive* by default and the /i actually toggles that? Are you saying 
that man page is wrong? I'd be surprised as I don't think I've yet come 
across an occasion where postfix man pages are incorrect!





And it looks like * needs escaping there too (if you're trying to match exactly 5 
asterisks, you should probably do "\*{5}" not just *{5}.

Yes, the escape character in front \*{5} to match 5 asterisks is the correct 
one. You are right. I am an expert on regexp and this (incorrect one) was there 
just for testing purposes because there was a problem with the library on the 
server so I had this bad rule over there to follow up on error in logs. The 
library has been fixed by now and as I said earlier execution stops on the 
first rule matched but does not really do any harm if there is a mistake in the 
rule, in this 'mistake' case the rule is simply skipped.


/^Subject:(.*)SPAM/REJECT Spam is not allowed. DISCARD.
were causing the Dovecot Sieve rejection bounce not to go through. The rules 
blocked the spam all right but rejection was turned into discard for some reason. 
Now the question is how do I find out which regular >expressions will be in 
conflict with default.sieve scripting rules?
That's just about learning Posix Regex syntax.

All the rules are 100% correct as there is a very simple and useful tool in postfix to check if 
regexp is correct. The tool can be used even by people who don't have a foggiest idea how regexp 
work. All you have to do is to type on a command line this postmap -q "Subject: *SPAM* 
blablablabla" regexp:/etc/postfix/header_checks or this postmap -q "X-Spam-Flag: 
YES" regexp:/etc/postfix/header_checks and it will tell you if your rule is correct or not. It 
is bullet and fool proof system with 100% guarantee. All these rules have been checked like that 
despite the fact that I know for a fact that they are correct by my own knowledge and experience.





I'm almost 100% sure that that regex also matched the bounce from your sieve 
rules. There is no mysterious interaction between header_checks and sieve 
rules, it's just your pattern was too liberal in the former.

No, no. The regex could not have matched the bounce from my own rules because 
it would be silly to send a test message from the same server that would loop 
back and block myself by my own rules. I sent test messages from another 
server's accounts. Plus, there is a difference. Header_checks in Postfix use 
only customized rules that do not involve any Spamassassin's added headers. Now 
in my case only Dovecot Sieve goes through Spamassassin headers because as 
mentioned earlier I passed delivery from Postfix to dovecot LDA in my 
configuration. That's why everything that has Spamassassin's headers and tags 
added has to be configured via default.sieve scripting and everything else 
(that do not get Spamassassin's headers added) may use header_checks of 
Postfix. I have just figured that out by runnning quite a few different and 
simple tests.





I think if you tune that header_checks file correctly you should have no more 
issues.

The header_check rules are fine tuned to their best.

Anyway, I am thankful for your suggestion as it pointed me to the right 
direction. Then I picked it up and simply followed onwards by elaborating and 
building on top which led me to a solved problem  Thank you.




So if the regexes were all correct, then:

a) what was your actual problem once you identified it

and

b) for the benefit of the list, how did you actually solve it?

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020)

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

On 26/09/14 14:10, Klaipedaville on Google wrote:
Hey! You are right Alex! Many thanks for pointing me to head over to 
the right direction!
It was a clash on rules for some reason. Now, I was also right that 
these two systems could not be used together because the rules 
declared in different systems to perform the same action (REJECT) 
cause the error I was having!

The following rule in default.sieve:
require ["reject"];
# rule: Reject on "x-spam-flag" header
if header :contains "X-Spam-Flag" "YES" {
  reject "No spamming allowed here.";
   stop;
}
and the following Postfix's regexp header_check rules on the subject 
field:

/^Subject:.**{5}SPAM*{5}/REJECT No spammers allowed here.
/^Subject:.*\*\*\*\*\*SPAM\*\*\*\*\*/REJECT No spammers allowed.
/\s**{5}SPAM*{5}/REJECT No spamming 
hullababballos allowed.


I think it may be this one above. From the postfix manuals:

"By default, matching is case-insensitive, and newlines are not treated 
as special characters. The behavior is controlled by flags, which are 
toggled by appending one or more of the following characters after the 
pattern: *i* (default: on) Toggles the case sensitivity flag. By 
default, matching is case insensitive."


And it looks like * needs escaping there too (if you're trying to match 
exactly 5 asterisks, you should probably do "\*{5}" not just *{5}.


/^Subject:(.*)SPAM/  REJECT Spam is not allowed. 
DISCARD.
were causing the Dovecot Sieve rejection bounce not to go through. The 
rules blocked the spam all right but rejection was turned into discard 
for some reason.
Now the question is how do I find out which regular expressions will 
be in conflict with default.sieve scripting rules?


That's just about learning Posix Regex syntax.

Default.sieve is set to block spam on the X-Spam-Flag header and 
header_checks is set to block spam on the subject field. I am still 
clueless why didn't these two "cooperate"? Was it just because they 
were "told" to perform the same action as per my previous guess?


I'm almost 100% sure that that regex also matched the bounce from your 
sieve rules. There is no mysterious interaction between header_checks 
and sieve rules, it's just your pattern was too liberal in the former.


But the target to perform this same action on was different... Any 
more ideas anyone? Alex? Many thanks in advance for any input!


I think if you tune that header_checks file correctly you should have no 
more issues.


Thanks

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

Re: Dovecot Sieve and Postfix header_checks Issue

[Alex Crow]

That would most likely be something in your header_checks that is 
causing the bounce from Sieve to be rejected.


There is no reason why you cannot use both.

On 26/09/14 12:35, Klaipedaville on Google wrote:

Hello List,

I tried to subscribe but it's taking forever for the confirmation email to 
arrive so I thought I would ask away by emailing directly. My apologies in 
advance should this question appear twice.

It may seem real simple to experts but I cannot really figure it out. I'll try 
to be concise:

Dovecot version is 2.1.7. Its dovecot –n is real short one and follows right 
after my question.

I have my Postfix 2.9.6 properties set like this: header_checks = 
/etc/path/to/myfile. Then I have Dovecot Sieve also configured and working fine.

Now the trouble is that these two cannot be combined together can they? Dovecot Sieve and 
Postfix's header_checks?  If I turn off header_checks in Postfix then Dovecot Sieve is 
working fine. If I vise versa turn off Dovecot Sieve then Postfix's header-checks are 
also working fine. However, when I keep them both turned on it also works but only 
partially and in this case Dovecot Sieve never bounces back any rejected massages 
remotely, the bounce happens only locally. That is I can see it in my logs that it was 
rejected locally but the message is never sent back to the sender saying something like, 
"Spam is rejected here". Thus the reject turns into a silent discard without 
telling the sender anything at all. Any ideas, help, advices how do I fix that? Would be 
really grateful for any suggestions / assistance at all. Many thanks in advance!

P.S. I would like to use both because Dovecot Sieve is a very powerful and 
great plugin that uses Spamassassin's added tags and headers based on which I 
create my rules. Postfix in its turn has a very neat feature of checking the 
headers via regexp but Postfix does not see / detect Spamassassin's added 
headers at all because I passed delivery and authentication (which is a way 
better than Postfix's) to dovecot deliver.

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6 ext4
auth_mechanisms = plain login cram-md5 scram-sha-1
auth_verbose = yes
hostname = WindTalker
info_log_path = /var/log/dovecot-sieve.log
log_path = /var/log/dovecot-sieve-errors.log
mail_location = maildir:/home/mvail/%d/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
passdb {
   args = /etc/dovecot/passwd
   driver = passwd-file
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_default = /etc/dovecot/default.sieve
   sieve_dir = ~/sieve
}
pop3_uidl_format = %g
postmaster_address = postmas...@example.com
protocols = imap pop3 sieve
service auth {
   unix_listener /var/spool/postfix/private/auth {
 group = postfix
 mode = 0660
 user = postfix
   }
}
ssl_ca = 

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

Re: Multiple A Records for IMAP service

[Alex Crow]

Hi Vijay,

No, this will not work properly. 50% of the time the client will still 
try to connect to the downed server.


You need something like keepalived or corosync/pacemaker.

Cheers

Alex

On 29/08/14 11:52, Vijay Rajah wrote:

Hello All,

I have a quick question.

I have 2 MX servers each with a Dovecot Instances (2.2.6). These 2 
Dovecot Instances are replicated by using Dsync... All works well.


The questions is, Can I have 2 A records for my imap.mydomain.tld? The 
Idea being, if for any reason, one of the Dovecot IMAP instances are 
unreachable, the client can connect to the other Instance. (this is 
purely a fail over scenario).


If it matters, The clients are Thunderbird, Android Native (default) 
Mail client, iOS Mail Client.


-Thanks in advance
Vijay



--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

[Dovecot] Solr/Tika

[Alex Crow]

|Hi list,

If I've added the tika stuff to my tomcat/solr setup, ie copied:
|
||solr-4.7.2/dist/solr-cell-*|
solr-4.7.2/contrib/extraction/lib/*

to

||/var/lib/tomcat6/webapps/solr/WEB-INF/lib/

how do I get dovecot to index attachments?

Do I just need to add|  fts-solr =/index-attachments 
url=http://localhost:8080/solr-4.7.2/

/to the 90-plugin.conf?

Or do I need to so something like

fts_tika =/http://localhost:8080/solr-4.7.2//

IE the same uri I have for the solr?

Thanks

Alex

Re: [Dovecot] Fw: Cannot Authenticate via LDAP

[Alex Crow]

Hi Ron,

TBH you were doing most things right anyway, I misread your pastebin stuff.

But I'm glad the details helped you, and you're welcome!

Cheers

Alex

On 04/06/13 19:04, Ron Scott-Adams wrote:
Hi Alex, thanks for your input. As you might have surmised from my 
doveconf output, I had things horribly misconfigured. :) Everything is 
dandy now, I just had to RTFM and understand userdb/passdb and the 
ldap settings better. My new configuration follows:


BEGIN DOVECONF:
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-45-generic x86_64 Ubuntu 12.04.2 LTS
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
log_path = /var/log/dovecot.log
mail_location = maildir:~/.maildir
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = " imap pop3"
ssl_cert = ldap://localhost:389
dn = uid=dovecot,ou=Services,dc=tohuw,dc=net
dnpass = [redacted]
debug_level = -1
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Users,dc=tohuw,dc=net
base = dc=tohuw,dc=net
user_filter = (uid=%u)
pass_filter = (uid=%u)
iterate_attrs = uid=user
default_pass_scheme = SSHA

END DOVECOT-LDAP.CONF.EXT
---

The dovecot-ldap-userdb.conf.ext is a symlink, as the documentation 
suggests I do.



On Tue, Jun 4, 2013 at 1:43 PM, Alex Crow <mailto:ac...@integrafin.co.uk>> wrote:


Forgot to say that the lines below would be part of a file
included thusly:

passdb {
  driver = ldap

  # Path for LDAP configuration file, see
example-config/dovecot-ldap.conf.ext
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = prefetch
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

And in the /ettc/dovecot-ldap.conf.ext as well as the examples I
gave you'll also need a line like:

uris =  ldap://myldapserver1 ldap://myldapserver2

(I use 2 servers with referrals to the master)

Also look up iterate_attrs and iterate_filter to let doveadm and
other things iterate over accounts.

Cheers

Alex


On 04/06/13 18:34, Alex Crow wrote:

Hi,

That can't be the full output of doveconf -n can it?

You need to define (examples from my configs using qmail
schema; your values will probably be different if you are
using AD or openLDAP with a different mail schema)

user_attrs = homeDirectory=home,mailMessageStore=mail
user_filter = (&(objectClass=qmailUser)(mail=%u))
pass_attrs =

userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail
pass_filter = (&(objectClass=qmailUser)(mail=%u))

Also look at the auth_bind parameter. Mine is "yes" because
I'm using userdb prefetch as you can see from the pass_attrs
param.

And you probably need to set up virtual users as well!

Cheers

Alex


On 04/06/13 17:44, Christian Wiese wrote:

Hello Christian,
I tried what you suggested by adding "REFERALS off"
to /etc/ldap/ldap.conf and restarting slapd and dovecot,
but the error
persists.


On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
christian.wi...@securepoint.de
<mailto:christian.wi...@securepoint.de>> wrote:

Hi Ron,

I didn't had the time to check all logs but the error log.
First thing you should check if there are LDAP
REFFERALS enabled in
the systems ldap.conf.
I had a similar looking issue and it took me a good
amount of time to
figure out that I had to disable LDAP REFFERALS globally.
This happened when using an AD as LDAP backend, but
also applies to
Samba4 as you can see in the following mailing list
thread:



http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts


The settings within the systems ldap.conf might
influence dovecot,
because libldap (openldap) functions might read the
global ldap.conf
settings.

Hope that helps.

Cheers,
Chris

Am Tue, 4 Jun 2013 05:50:16 -0400
schrieb Ron Scott-Adams mailto:r...@tohuw.net>>:

a login tohuw [myPassword] returns "NO
[AUTHENTICATIONFAILED]
Authentication failed." I believe I'm missing a
configuration
detail, but what?


info.log: http://pastebin.ca/2388873

  

Re: [Dovecot] Fw: Cannot Authenticate via LDAP

[Alex Crow]

That'll teach me for looking too quickly: the only things different from 
mine is the fact you don't look up the email address and you don't use 
prefetch.


Did you try tracing the LDAP server end (eg by upping the log level for 
your LDAP server or using tcpdump/wireshark?)


I'll shut up now before a 3rd foot goes in my trap!

Alex

On 04/06/13 18:43, Alex Crow wrote:
Forgot to say that the lines below would be part of a file included 
thusly:


passdb {
  driver = ldap

  # Path for LDAP configuration file, see 
example-config/dovecot-ldap.conf.ext

  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = prefetch
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave 
you'll also need a line like:


uris =  ldap://myldapserver1 ldap://myldapserver2

(I use 2 servers with referrals to the master)

Also look up iterate_attrs and iterate_filter to let doveadm and other 
things iterate over accounts.


Cheers

Alex

On 04/06/13 18:34, Alex Crow wrote:

Hi,

That can't be the full output of doveconf -n can it?

You need to define (examples from my configs using qmail schema; your 
values will probably be different if you are using AD or openLDAP 
with a different mail schema)


user_attrs = homeDirectory=home,mailMessageStore=mail
user_filter = (&(objectClass=qmailUser)(mail=%u))
pass_attrs = 
userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail

pass_filter = (&(objectClass=qmailUser)(mail=%u))

Also look at the auth_bind parameter. Mine is "yes" because I'm using 
userdb prefetch as you can see from the pass_attrs param.


And you probably need to set up virtual users as well!

Cheers

Alex


On 04/06/13 17:44, Christian Wiese wrote:

Hello Christian,
I tried what you suggested by adding "REFERALS off"
to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error
persists.


On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
christian.wi...@securepoint.de> wrote:


Hi Ron,

I didn't had the time to check all logs but the error log.
First thing you should check if there are LDAP REFFERALS enabled in
the systems ldap.conf.
I had a similar looking issue and it took me a good amount of time to
figure out that I had to disable LDAP REFFERALS globally.
This happened when using an AD as LDAP backend, but also applies to
Samba4 as you can see in the following mailing list thread:


http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts 



The settings within the systems ldap.conf might influence dovecot,
because libldap (openldap) functions might read the global ldap.conf
settings.

Hope that helps.

Cheers,
Chris

Am Tue, 4 Jun 2013 05:50:16 -0400
schrieb Ron Scott-Adams :


a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
Authentication failed." I believe I'm missing a configuration
detail, but what?


info.log: http://pastebin.ca/2388873

debug.log: http://pastebin.ca/2388872

error.log: http://pastebin.ca/2388871

dovecot -n: http://pastebin.ca/2388870

dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867

Re: [Dovecot] Fw: Cannot Authenticate via LDAP

[Alex Crow]

Forgot to say that the lines below would be part of a file included thusly:

passdb {
  driver = ldap

  # Path for LDAP configuration file, see 
example-config/dovecot-ldap.conf.ext

  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = prefetch
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

And in the /ettc/dovecot-ldap.conf.ext as well as the examples I gave 
you'll also need a line like:


uris =  ldap://myldapserver1 ldap://myldapserver2

(I use 2 servers with referrals to the master)

Also look up iterate_attrs and iterate_filter to let doveadm and other 
things iterate over accounts.


Cheers

Alex

On 04/06/13 18:34, Alex Crow wrote:

Hi,

That can't be the full output of doveconf -n can it?

You need to define (examples from my configs using qmail schema; your 
values will probably be different if you are using AD or openLDAP with 
a different mail schema)


user_attrs = homeDirectory=home,mailMessageStore=mail
user_filter = (&(objectClass=qmailUser)(mail=%u))
pass_attrs = 
userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail

pass_filter = (&(objectClass=qmailUser)(mail=%u))

Also look at the auth_bind parameter. Mine is "yes" because I'm using 
userdb prefetch as you can see from the pass_attrs param.


And you probably need to set up virtual users as well!

Cheers

Alex


On 04/06/13 17:44, Christian Wiese wrote:

Hello Christian,
I tried what you suggested by adding "REFERALS off"
to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error
persists.


On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
christian.wi...@securepoint.de> wrote:


Hi Ron,

I didn't had the time to check all logs but the error log.
First thing you should check if there are LDAP REFFERALS enabled in
the systems ldap.conf.
I had a similar looking issue and it took me a good amount of time to
figure out that I had to disable LDAP REFFERALS globally.
This happened when using an AD as LDAP backend, but also applies to
Samba4 as you can see in the following mailing list thread:


http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts 



The settings within the systems ldap.conf might influence dovecot,
because libldap (openldap) functions might read the global ldap.conf
settings.

Hope that helps.

Cheers,
Chris

Am Tue, 4 Jun 2013 05:50:16 -0400
schrieb Ron Scott-Adams :


a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
Authentication failed." I believe I'm missing a configuration
detail, but what?


info.log: http://pastebin.ca/2388873

debug.log: http://pastebin.ca/2388872

error.log: http://pastebin.ca/2388871

dovecot -n: http://pastebin.ca/2388870

dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867

Re: [Dovecot] Fw: Cannot Authenticate via LDAP

[Alex Crow]

Hi,

That can't be the full output of doveconf -n can it?

You need to define (examples from my configs using qmail schema; your 
values will probably be different if you are using AD or openLDAP with a 
different mail schema)


user_attrs = homeDirectory=home,mailMessageStore=mail
user_filter = (&(objectClass=qmailUser)(mail=%u))
pass_attrs = 
userPassword=password,homeDirectory=userdb_home,mailMessageStore=userdb_mail

pass_filter = (&(objectClass=qmailUser)(mail=%u))

Also look at the auth_bind parameter. Mine is "yes" because I'm using 
userdb prefetch as you can see from the pass_attrs param.


And you probably need to set up virtual users as well!

Cheers

Alex


On 04/06/13 17:44, Christian Wiese wrote:

Hello Christian,
I tried what you suggested by adding "REFERALS off"
to /etc/ldap/ldap.conf and restarting slapd and dovecot, but the error
persists.


On Tue, Jun 4, 2013 at 7:56 AM, Christian Wiese <
christian.wi...@securepoint.de> wrote:


Hi Ron,

I didn't had the time to check all logs but the error log.
First thing you should check if there are LDAP REFFERALS enabled in
the systems ldap.conf.
I had a similar looking issue and it took me a good amount of time to
figure out that I had to disable LDAP REFFERALS globally.
This happened when using an AD as LDAP backend, but also applies to
Samba4 as you can see in the following mailing list thread:


http://dovecot.markmail.org/message/mjurv4fp4w65u2ib?q=Dovecot+LDA+LDAP+lookups+on+samba4+server+ends+very+often+in+timeouts

The settings within the systems ldap.conf might influence dovecot,
because libldap (openldap) functions might read the global ldap.conf
settings.

Hope that helps.

Cheers,
Chris

Am Tue, 4 Jun 2013 05:50:16 -0400
schrieb Ron Scott-Adams :


a login tohuw [myPassword] returns "NO [AUTHENTICATIONFAILED]
Authentication failed." I believe I'm missing a configuration
detail, but what?


info.log: http://pastebin.ca/2388873

debug.log: http://pastebin.ca/2388872

error.log: http://pastebin.ca/2388871

dovecot -n: http://pastebin.ca/2388870

dovecot-ldap.conf.ext summary: http://pastebin.ca/2388867

Re: [Dovecot] Dovecot mysql replication

[Alex Crow]

Hi,

Balls, the silly script (written in largely incomprehensible perl by a 
predecessor of mine) is supposed to catch mailing lists, and HR won't 
let us have it auto-terminate or update... :-(


Thanks for giving me an another few hours work :-)

Alex


On 24/05/13 08:54, Edwardo Garcia wrote:

Alex, you on long vacation?

Hi, I am on leave, returning on Thursday 9th May If your query is 
urgent, please raise contact the team onitd...@integrafin.co.uk 
<mailto:itd...@integrafin.co.uk>. Regards Alex



On Fri, May 24, 2013 at 5:48 PM, Alex Crow <mailto:ac...@integrafin.co.uk>> wrote:


On 24/05/13 08:45, Edwardo Garcia wrote:

Halo,

(First time posting, please forgive English is not native)

Change from Courier to Dovecot 2.1.16

Having two server.

Having mysql on thiz two server, one master, one slave.

What we wish is slave Dovecot only ask slave mysql, unless
slave mysql not
work when then ask master, we have Postfix do thiz fallover
good, but
Dovecot talk to slave and master no mater what, we think thiz
defeat
fallover as we not want this aktion, but aktion like Postfix.

The problemo is can not find Dovecot option for thiz in
wiki2.dovecot.org <http://wiki2.dovecot.org>,
is possible?


You could set up MySQL in Dual Master mode instead

Alex



--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean. 

Re: [Dovecot] Dovecot mysql replication

[Alex Crow]

On 24/05/13 08:45, Edwardo Garcia wrote:

Halo,

(First time posting, please forgive English is not native)

Change from Courier to Dovecot 2.1.16

Having two server.

Having mysql on thiz two server, one master, one slave.

What we wish is slave Dovecot only ask slave mysql, unless slave mysql not
work when then ask master, we have Postfix do thiz fallover good, but
Dovecot talk to slave and master no mater what, we think thiz defeat
fallover as we not want this aktion, but aktion like Postfix.

The problemo is can not find Dovecot option for thiz in wiki2.dovecot.org,
is possible?



You could set up MySQL in Dual Master mode instead

Alex

Re: [Dovecot] Linking mdbox directories

[Alex Crow]

Just realised you can't hardlink directories. Given that (and forgetting 
the "delete later" thing) would it work with a symlink?


Thanks

Alex
Original Message
*Subject:* [Dovecot] Linking mdbox directories
*From:* Alex Crow 
*To:* dovecot@dovecot.org{
*CC:*
}*Date:* Mon, 20 May 2013 12:00:49 +0100


Hi Timo/list,

We have a scenario in which some email accounts on dovecot (stored in 
mdbox, separate paths for indexes, email, ALT storage and also using 
SIS for attachments, LDAP directory) need their names changed. I know 
we could just change the mail LDAP attribute (and leave 
mailMessageStore alone) so they keep the same directories on disk, but 
this would throw a spanner in the works for our backups.


Would it be possible to create a hard link of the user's directories 
under the new name, and change the LDAP mailMessageStore attribute to 
point to these without stopping and starting dovecot? And after a 
while unlink the original locations? Or would this mess up dovecot's 
internal state?


Thanks

Alex




--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

[Dovecot] Linking mdbox directories

[Alex Crow]

Hi Timo/list,

We have a scenario in which some email accounts on dovecot (stored in 
mdbox, separate paths for indexes, email, ALT storage and also using SIS 
for attachments, LDAP directory) need their names changed. I know we 
could just change the mail LDAP attribute (and leave mailMessageStore 
alone) so they keep the same directories on disk, but this would throw a 
spanner in the works for our backups.


Would it be possible to create a hard link of the user's directories 
under the new name, and change the LDAP mailMessageStore attribute to 
point to these without stopping and starting dovecot? And after a while 
unlink the original locations? Or would this mess up dovecot's internal 
state?


Thanks

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

Re: [Dovecot] Real-time sync using dsync

[Alex Crow]

On 27/02/13 20:19, Nikolaos Milas wrote:

Any suggestions?

I am looking for a solution that would work in creating a failover 
cluster with two nodes, utilizing (two) CentOS 6 VMs, each on a 
different data center; this requirement makes technologies like drbd 
unusable (due to the inherent lack of complete link reliability 
between the two nodes).


Not sure how one can provide full HA between two datacenters with a 
single unreliable link in any case. You should arrange multiple 
physically independent links before you even think about doing failover 
- otherwise you stand to find yourself in a sticky situation when 
something odd happens. DRBD "split-brain" also applies to other 
solutions such as clustered and replicating filesystems. It hurts like 
hell when your storage gets damaged and you have no way of telling what 
the "good" copy is.


*If* you can wire in a second circuit between the two DCs (and 
preferably a 3rd you will be OK for any HA scenario. Ie, one circuit for 
data+DRBD traffic (ideally this should be 2 circuits) and another for 
heartbeat/fencing etc.


That said, I've heard good things about GlusterFS but I'm still not sure 
I'd trust it for corporate-level offsite HA.


This kind of thing is cheap to do badly and expensive to do right.


Cheers

Alex

Re: [Dovecot] IMAP instead of Maildir on Ubuntu Precise

[Alex Crow]

On 10/12/12 11:58, Thufir wrote:
Well, I'm just confused now because I see, which I should've noticed 
first, that IMAP is a protocol while Maildir is a Mailbox (type).


So, I could very well be using Mailbox with IMAP?

What I want to do is to "read" messages from Thunderbird by connecting 
to dovecot-imapd.  Pardon, I'm flailing a bit because of the terminology.


thanks,

Thufir

On 12/10/2012 03:50 AM, Thufir wrote:

Why is dovecot using Maildir and not IMAP.






In that case you probably want to have Dovecot using Maildir or mdbox as 
the underlying storage format (both are better performing than Mbox). If 
dovecot-imapd is running and your authentication is set up ok you should 
simply be able to connect to the server with Thunderbird and read your 
email.


IMAP clients don't care how the server is storing the email, they just 
"talk IMAP" and don't see the format the messages are actually stored with.


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Deleting a folder with & character

[Alex Crow]

On 19/09/12 09:22, Angel L. Mateo wrote:

Hello,

One of my users has a mailbox named 'INBOX.Kron & SPM' (maybe 
created a long time ago, when we use courier imap as pop/imap server, 
but I'm not sure).


I can see the maildir with a doveadm list command:

amateo_adm@myotis31:~$ sudo doveadm mailbox list -u 
...
INBOX.Kron & SPM
...

but I can't delete it, neithe rename it:

amateo_adm@myotis31:~$ sudo doveadm mailbox delete -u  
'INBOX.Kron & SPM'
doveadm(jrfv): Error: Can't delete mailbox INBOX.Kron & SPM: Mailbox 
doesn't exist: INBOX.Kron &- SPM
amateo_adm@myotis31:~$ sudo doveadm mailbox delete -u  
'INBOX.Kron \& SPM'
doveadm(jrfv): Error: Can't delete mailbox INBOX.Kron \& SPM: Mailbox 
doesn't exist: INBOX.Kron \&- SPM


is there any way to delete it with doveadm command? should I use a 
specific syntax or escape to indicate the name?



Hi,

I see something similar when I try to doveadm import maildir folders (to 
mdbox) with ampersands - I get the same "Mailbox doesn't exist: 
INBOX.Foo &- Bar" with that extraneous hyphen.


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Alerts when process limits are met

[Alex Crow]

On 01/09/12 09:10, David Anderson wrote:

Hi,

I've not found the answer to this question anywhere - please forgive 
me if I overlooked.


I'd like to be able to be automatically alerted if process limits are 
hit (e.g. max POP3 logins).


Is there a way that I can configure a script to be run, in the same 
way that I can with quota warnings?


I can of course use logwatch, but this alerts me the next day, and 
logwatch can be noisy and it's easy to overlook.


My motivation: for some reason my POP3 listener was hanging, and I had 
to restart dovecot (this is 2.0.9). But I was not aware - the process 
was still there, it was accepting connections (but not doing anything 
useful with them) and was actually managing to log the fact that the 
process limit was being hit (as more and more connections came in). If 
I could have been alerted I could have restarted dovecot earlier.


Many thanks,
David



I believe that nagios or icinga could do this for you with a log 
analyser plugin.


http://exchange.nagios.org/directory/Plugins/Log-Files


Cheers

Alex

Re: [Dovecot] Variables in LDAP userdb

[Alex Crow]

Timo,

Thanks, I scripted replacing the correct entries in LDAP.

To clarify, what happens in these case with regard to the default 
mail_location set in the config files (ie is it used or overridden):


1. The LDAP attribute referenced in the userdb lookup exists but is empty
2. The LDAP attribute is not present for the user.

Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

[Dovecot] Variables in LDAP userdb

[Alex Crow]

Hi Timo,

Is it OK to have dovecot variables in entries in an LDAP userdb? Say I 
wanted to set the mail userdb parameter to override mail_location, would 
it work by having an entry in LDAP (eg for mailMessageStore attrib) like:


mdbox:/home/email/%d/%n:INDEX=/home/indexes/%d/%1n/%n:ALT=/home/email_archive/%d/%1n/%n

and those % variables will still be expanded by dovecot? Or would I be 
required to replace them in the LDAP directory with their actual values?


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

[Dovecot] Dsync and SIS

[Alex Crow]

Hi all,

Just to clarify, if we back up a dovecot 2 server with SIS for 
attachments and ALT storage by rsyncing it (including the SIS and ALT 
storage) to a remote server when it's idle (or at least almost entirely 
so), and run dovecot on that machine, would it seem feasible to restore 
backups from that server by using dysnc - specifically for the scenario 
where someone accidentally deletes emails/folders etc.?


I've seen queries about SIS before but nothing specifically about this 
scenario.


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Just trying to make dovecot work.

[Alex Crow]

On 06/08/12 02:35, Peter Snow wrote:
Well you can continue to kid yourselves that the documentation is good 
if you like. The facts say differently.


It would be easier if you started at the correct wiki for the version 
you have:



http://wiki2.dovecot.org/FrontPage


I have always found the documentation superb. I think you must have 
standards to which most other can merely aspire.


Alex

Re: [Dovecot] Integrating Dovecot with Amazon Web Services

[Alex Crow]

On 28/06/12 20:28, Charles Marcus wrote:

On 2012-06-28 2:04 PM, Gary Mort  wrote:

That's probably due to the different structures they use.   sdbox
can safely use either because each email message has a unique
filename, and if it exists in both places it doesn't matter.


Eh?? Sdbox is like mbox - one file per mailbox/folder... it is NOT 
like maildir (one email = one file).




Not according to the wiki:

http://wiki2.dovecot.org/MailboxFormat/dbox

   dbox can be used in two ways:

single-dbox (sdbox in mail location): One message per file,
   similar to Maildir. For backwards compatibility, dbox is an alias to
   sdbox in mail_location.

multi-dbox (mdbox in mail location): Multiple messages per
   file, but unlike mbox multiple files per mailbox.


So the parent appears to be right.

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Hardware infrastructure for email system

[Alex Crow]

On 23/06/12 19:21, Wojciech Puchar wrote:
ALT storage, so for instance you could keep your indexes in a RAID10 
of SSDs, recent email on a RAID10 of 10kRPM/15kRPM SAS drives, and 
older email can go on a load of 5k/7.2k SATA drives in RAID6, or on a 
NAS via NFS.


far better solution but still about 2-3 times more $/performance than 
needed, and more complex than needed.


But at least an improvement



I'd respectfully disagree. If you only keep the most recent few weeks of 
email you could use reasonably priced SSDs for the indexes and perhaps 
downgrade to SATA for your "hot" store, both of which should be max 10% 
of your total space with more than a few months of email. My driving 
factor was to have different spindle sets for each purpose. Who knows, I 
might have overspent and could have done it with 3 separate SATA arrays.


OTOH what about an SSD caching kit on your server? Supermicro at least 
do them (well, my UK vendor offers them). Just have a load of big SATA 
drives and use the kit for caching. The last time I looked a 256GB kit 
was about UKP 500.


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Dovecot list IMAP archives with thunderbird?

[Alex Crow]

On 23/06/12 18:06, Timo Sirainen wrote:

On Sat, 2012-06-23 at 18:00 +0100, Alex Crow wrote:

I'm trying to access the IMAP archives with Thunderbird but can't seem
to get it to work. I have tried an unencrypted connection, SSL and TLS
but with no success. Any ideas?

Thanks

Alex


Hi,

Still stuck here - would really like to be able to access the archives
in my email client...

Anyone able to see the mailing list archives in Thunderbird or other
IMAP clients? Are they currently down?

It works fine as far as I can see, even with Thunderbird. What error do
you get?





Hi Timo,

No errors at all, I just never see any folder list or messages - tcpdump 
shows a few packets only when TLS mode is selected, but nothing after that,


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Hardware infrastructure for email system

[Alex Crow]

On 23/06/12 18:09, Andrzej A. Filip wrote:

On 06/23/2012 01:23 PM, Reindl Harald wrote:

Am 23.06.2012 13:09, schrieb Wojciech Puchar:

Finally i would recommend to get rid of RAID6. It's terribly slow on writes and
writes are common on mail server.

depends, it is slower than RAID5, but safer


Buy cheapest but largest SATA drive and use RAID1 (or RAID1+0) setup.

oh no please do not recommend SATA crap with RAID1 and think
it is faster than RAID6 - the additional writes doe snot mat
if the whole disk-system is much faster and RAID1 has no benefit
in performance

nobody will use SATA disks for high peformance servers in
production - really nobody these days!

Could you specify/define your idea of "high performance servers" land
border?
It may reduce the flame war.



Hi,

With dovecot, you can separate indexes and email, and with dbox/mdbox, 
have ALT storage, so for instance you could keep your indexes in a 
RAID10 of SSDs, recent email on a RAID10 of 10kRPM/15kRPM SAS drives, 
and older email can go on a load of 5k/7.2k SATA drives in RAID6, or on 
a NAS via NFS.


Note: with *dbox your indexes are the only place your mail flags are 
kept, so don't risk a single drive or even RAID5 for your index store.


This is what I am moving into production from dovecot 1.x on a single 
RAID6 array (hardware, LSI controller, 6 10k SAS drives in RAID10) which 
has served very well for a while but is not getting too small for all 
our mail. Performance has been good for up to 350 users, average mailbox 
size >4G, about 25-35k incoming mails per day.


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] Dovecot list IMAP archives with thunderbird?

[Alex Crow]

On 20/06/12 17:39, Alex Crow wrote:

Hi,

I'm trying to access the IMAP archives with Thunderbird but can't seem 
to get it to work. I have tried an unencrypted connection, SSL and TLS 
but with no success. Any ideas?


Thanks

Alex


Hi,

Still stuck here - would really like to be able to access the archives 
in my email client...


Anyone able to see the mailing list archives in Thunderbird or other 
IMAP clients? Are they currently down?


Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

[Dovecot] Dovecot list IMAP archives with thunderbird?

[Alex Crow]

Hi,

I'm trying to access the IMAP archives with Thunderbird but can't seem 
to get it to work. I have tried an unencrypted connection, SSL and TLS 
but with no success. Any ideas?


Thanks

Alex

--
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 
3727592)
Authorised and regulated by the Financial Services Authority (entered on the 
FSA Register; number: 190856)

Re: [Dovecot] 2.1.7 shared folder index issued

[Alex Crow]

That depends on if the regular mail_location has any INDEX or not. In any case 
they must point to the same index.




Timo,

Thanks, I pointed them both the to same location (I keep my indexes on 
an SSD array) and now shared folders seem to work fine.


Cheers for your help,

Alex

Re: [Dovecot] 2.1.7 shared folder index issued

[Alex Crow]

On 11/06/12 20:58, Timo Sirainen wrote:

On 11.6.2012, at 22.05, Alex Crow wrote:


Sorry to bother the list again so soon after fixing my own problem, but I now 
have this issue when clients try to view shared folders in Thunderbird (v12). 
They can see the shared folder, but the first time they click on in nothing 
happens. The second time they get an authentication failure. The third or 
fourth time it finally loads the shared mailbox, and I see this a few times in 
the logs:

Jun 11 19:57:43 alsace dovecot: imap(sharedvie...@integrafin.co.uk): Error: 
mdbox map 
/home/indexes/integrafin.co.uk/t/sharedviewer/shared/sharedvie...@integrafin.co.uk/storage/dovecot.map.index
 corrupted: U
nexpectedly lost shared/vie...@integrafin.co.uk/INBOX uid=73129 map_uid=74192

http://wiki2.dovecot.org/SharedMailboxes/Shared#dbox




Thanks Timo,

So should I just remove the INDEX part from the shared namespace? Or 
should I have the INDEX point to the sharer's indexes rather than the 
"sharee"?


I would like the person viewing the shared box to be able to see the 
message status set by the sharing party.


Cheers

Alex

[Dovecot] 2.1.7 shared folder index issued

[Alex Crow]

Hi,

Sorry to bother the list again so soon after fixing my own problem, but 
I now have this issue when clients try to view shared folders in 
Thunderbird (v12). They can see the shared folder, but the first time 
they click on in nothing happens. The second time they get an 
authentication failure. The third or fourth time it finally loads the 
shared mailbox, and I see this a few times in the logs:


Jun 11 19:57:43 alsace dovecot: imap(sharedvie...@integrafin.co.uk): 
Error: mdbox map 
/home/indexes/integrafin.co.uk/t/sharedviewer/shared/sharedvie...@integrafin.co.uk/storage/dovecot.map.index 
corrupted: U
nexpectedly lost shared/vie...@integrafin.co.uk/INBOX uid=73129 
map_uid=74192
Jun 11 19:57:43 alsace dovecot: imap(sharedvie...@integrafin.co.uk): 
Disconnected: Internal error occurred. Refer to server log for more 
information. [2012-06-11 19:57:43] in=308 out=820
Jun 11 19:57:43 alsace dovecot: auth: Debug: auth client connected 
(pid=1957)


Ideally I'd like shared mailboxes to work in the first click - any ideas?

Cheers

Alex

Re: [Dovecot] 2.1.7 altmove not working

[Alex Crow]

BTW I need to add that even with -v -D there were no complaints from 
dovecot altmove, and nothing untoward in /var/log/maillog. I also 
forgot to specify that I'm running on Centos6.2, all updates applied, 
package was built with a combo of the spec file from ATRPMs and the 
latest source tarball.


I previously had the ATRPMS 2.1.1 package installed, same issue.

Please feel free to tell me if I'm doing something wrong (ie something 
has changed between 2.0 and 2.1 re ALT: storage.


Cheers

Alex

I don't know how I did it (I didn't change *any* config directive) but 
now it magically seems to work after a reboot and umount/remount of the 
ALT storage area. However I still have that dangling symlink:


lrwxrwxrwx   1 email email 54 Jun  8 22:05 dbox-alt-root -> 
/home/email_archive/integrafin.co.uk/a/acrow/mailboxes


Where the target doesn't exist...

Cheers

Alex

Re: [Dovecot] 2.1.7 altmove not working

[Alex Crow]

On 08/06/12 12:13, Alex Crow wrote:

Hi list,

I've just set up a 2.1.7 server, and have migrated a couple of 
accounts across from a 2.0.15 server, keeping the old configs. I have 
a strange problem on the new box in that altmove just doesn't work. I 
have my main storage under /home/email, indexes under /home/indexes 
and ALT under /home/email_archive.


When I run the altmove command, the following broken symlink is 
created in /home/email/integrafin.co.uk/acrow:


lrwxrwxrwx.  1 email email 54 Jun  8 10:46 dbox-alt-root -> 
/home/email_archive/integrafin.co.uk/a/acrow/mailboxes


But nothing is created in the archive other than the empty directory: 
/home/email_archive/integrafin.co.uk/a/acrow.


My mail_location is:

mail_location = 
mdbox:/home/email/%d/%n:INDEX=/home/indexes/%d/%1n/%n:ALT=/home/email_archive/%d/%1n/%n


This worked perfectly on the older server. I have attached my doveconf 
-a output.


Any help much appreciated.

Regards

Alex



BTW I need to add that even with -v -D there were no complaints from 
dovecot altmove, and nothing untoward in /var/log/maillog. I also forgot 
to specify that I'm running on Centos6.2, all updates applied, package 
was built with a combo of the spec file from ATRPMs and the latest 
source tarball.


I previously had the ATRPMS 2.1.1 package installed, same issue.

Please feel free to tell me if I'm doing something wrong (ie something 
has changed between 2.0 and 2.1 re ALT: storage.


Cheers

Alex

[Dovecot] 2.1.7 altmove not working

[Alex Crow]

Hi list,

I've just set up a 2.1.7 server, and have migrated a couple of accounts 
across from a 2.0.15 server, keeping the old configs. I have a strange 
problem on the new box in that altmove just doesn't work. I have my main 
storage under /home/email, indexes under /home/indexes and ALT under 
/home/email_archive.


When I run the altmove command, the following broken symlink is created 
in /home/email/integrafin.co.uk/acrow:


lrwxrwxrwx.  1 email email 54 Jun  8 10:46 dbox-alt-root -> 
/home/email_archive/integrafin.co.uk/a/acrow/mailboxes


But nothing is created in the archive other than the empty directory: 
/home/email_archive/integrafin.co.uk/a/acrow.


My mail_location is:

mail_location = 
mdbox:/home/email/%d/%n:INDEX=/home/indexes/%d/%1n/%n:ALT=/home/email_archive/%d/%1n/%n


This worked perfectly on the older server. I have attached my doveconf 
-a output.


Any help much appreciated.

Regards

Alex
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.el6.x86_64 x86_64 CentOS release 6.2 (Final) ext4
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = no
auth_default_realm = 
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname = 
auth_krb5_keytab = 
auth_last_valid_uid = 0
auth_master_user_separator = 
auth_mechanisms = plain
auth_proxy_self = 
auth_realms = 
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
auth_username_format = %Lu
auth_username_translation = 
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot/
config_cache_size = 1 M
debug_log_path = 
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config = 
director_doveadm_port = 0
director_mail_servers = 
director_servers = 
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_commands = 
doveadm_password = 
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u 
-l%{lock_timeout} -n%{namespace}
first_valid_gid = 1
first_valid_uid = 500
hostname = 
imap_capability = 
imap_client_workarounds = 
imap_id_log = 
imap_id_send = 
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imapc_features = 
imapc_host = 
imapc_list_prefix = 
imapc_master_user = 
imapc_password = 
imapc_port = 143
imapc_rawlog_dir = 
imapc_ssl = no
imapc_ssl_ca_dir = 
imapc_ssl_verify = yes
imapc_user = %u
import_environment = TZ
info_log_path = 
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = no
lda_original_recipient_header = 
libexec_dir = /usr/libexec/dovecot
listen = *
lmtp_proxy = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets = 
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c 
session=<%{session}>
login_trusted_networks = 
mail_access_groups = 
mail_attachment_dir = /home/email_archive/attachments
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot = 
mail_debug = yes
mail_fsync = never
mail_full_filesystem_access = no
mail_gid = email
mail_home = 
mail_location = 
mdbox:/home/email/%d/%n:INDEX=/home/indexes/%d/%1n/%n:ALT=/home/email_archive/%d/%1n/%n
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins = 
mail_prefetch_count = 0
mail_privileged_group = 
mail_save_crlf = no
mail_shared_explicit_inbox = yes
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid = email
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds = 
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
i