Re: [Dovecot] Allowing non-SSL connections only for certain Password Databases
On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: Hi, Is there a way to set disable_plaintext_auth to different values for different Password Databases? Is there another way to do it? Why do you not force SSL for all users? I have no idea how this could be made with different databases. I have only build a solution for all users stored in mysql. I'm able to force SSL for imap and pop3 on a per user basis with e.g.: ... password_query = SELECT password FROM users WHERE userid = '%u' AND allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured'); Waitasecond. I might be totally off here, but the way I read that query you accept plaintext credentials, unsecured and then check the DB. After which you might say You're not allowed to log in. If that is correct every user might send their credentials over unsecured connections? In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login. I guess I'd either - drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup) - live with the possibility that the system users are potentially disclosing their credentials. Take a step back: A random client connects to dovecot. It didn't log in yet. How would you change the capabilities to reflect 'login without starttls is allowed or not', depending on a username that you cannot know at this point? My take, ignoring the There shouldn't be a need for that quip, is that this is next to impossible. And not worth the challenge. Ben
Re: [Dovecot] Allowing non-SSL connections only for certain Password Databases
On Wednesday, April 23, 2014 10:50:37 AM CEST, Dan Pollock wrote: On Apr 23, 2014, at 1:38 AM, Benjamin Podszun d...@darklajid.de wrote: On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: ... I would like to move everyone onto more modern mail programs, but at the moment I have a couple of them that are stuck using very old software installed for them on work computers. The rest of my clients can connect on ports 993 and 995 without it being a problem. What's wrong with starttls? How are the ports relevant? Do you happen to know what the problem is? Total lack of TLS support (I .. cannot quite believe that) or is it a problem with key sizes/ciphers or whatever, i.e. with your configuration vs. the legacy apps? It's far from a perfect setup. This is quite easy to set up on Courier-imap, but for a number of reasons I would much rather be using Dovecot. (In courier-imap, you can configure different password databases independently for each of pop3, imap, pop3-ssl and imap-ssl.) Which is really not that helpful, I think. Joe random system user can still set up his mailclient to point to mail.yourdomain.tld and try to login unencrypted. You'll only deny him afterwards (even with a different password DB), after the password was transmitted over unencrypted wifi in his local StarBucks™ or equivalent. Or what am I missing here? All system users are too clever for that? In that case they can already use the ports listed above (or set their mail client to require starttls on 143/110). If they're not that security conscious, what protects them from the scenario above? Given that Dovecot features seem to be a superset of those from Courier-imap so far, I was hoping this configuration option would exist there as well. See above: What would you gain? Would that actually help you? In the end it's your setup and I don't want to come across and say You're doing it wrong here, but so far it's hard to see what you're trying to archive with that .. feature? Regards, Ben
Re: [Dovecot] Allowing non-SSL connections only for certain Password Databases
On Wednesday, April 23, 2014 10:57:23 AM CEST, Urban Loesch wrote: Am 23.04.2014 10:38, schrieb Benjamin Podszun: On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: ... Yes that is correct and I knew that when I configured the setup. But I can't manipulate the clients. If that is correct every user might send their credentials over unsecured connections? Yes, that is a disadvantage. As I just said, I can't change that. In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login. I guess I'd either - drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup) Can you help me to upgrade/fix 40k users, which have no idea how to change the settings of a mail client? Send me your phonenumber and I will redirect all requests of that to you :-) You will see very quickly that it's not practicable to force all users to use SSL at the same time. With this setup I can bring users step by step to use SSL. I haven't defined an hourly rate so far, but I could think about something here.. ;-) Really, my 'you' in most of the reply was about Dan's requirement/targeting the thread: He has system users, probably with shell access(?) and wants to protect those 'more' than virtual users, as far as I understood. I claim that his requirement is hard to implement/next to impossible. You on the other hand .. have other issues. ;) Takeaway from my response to you, Urban, should've been: I don't think your workaround helps with the original author's requirement, not Fix your own setup!. Ben
Re: [Dovecot] Migration to Dovecot 2.2.12 - How to trigger full site indexing
On Wednesday, April 9, 2014 12:57:13 PM CEST, kada...@gmail.com wrote: Hi list, We are in the process of migrating our old (dovecot 1.2.4 based) mail system to the new one: - Centos 6 x86_64 - Dovecot 2.2.12 - Users in an openldap directory - clucene FTS I'm trying to trigger a full indexing for all the user and all their mailboxes (avoiding them to individually trigger it using a search within their MUA). I'm trying to use the doveadm index command. First question, is there some sort of 'wildcard' option for the name of the mailbox to index, as I dont know all the mailboxes's names the users have created (beside the regular Sent Inbox Trash and Drafts ? I'm using a totally different set of things, but at least dovecot and clucene are agreeable.. ;-) You should have a fts plugin to doveadm that should solve this issue: doveadm fts rescan doveadm fts optimize That's what I use to trigger rebuilds. Second question I've tried: # doveadm -D index -A Sent which gave me: doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate through some users Can the '-A' option work with ldap backend ? http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb # For using doveadm -A: iterate_attrs = uid=user iterate_filter = (objectClass=posixAccount) Are you defining iterate_* for your userdb? Regards, Ben
Re: [Dovecot] dsync deleted my mailbox - what did I do wrong?
Hey Jiri. Thanks for getting back. On Friday, April 4, 2014 4:48:48 PM CEST, Jiri Bourek wrote: - where did I fail (ignoring the backups, please. That's .. something I know) From the man page: backup - Backup mails from default mail location to location2 (or vice versa, if -R parameter is given). No changes are ever done to the source location. Any changes done in destination are discarded. Yeah, maybe. That's what I thought _after_ the fact (i.e. that was what I hinted at with 'one way sync'). But see below. The last sentence describes what happened to you: all new mail on the new machine is a change and was discarded (by deleting new mail.) If I'm not mistaken, this is correct behaviour for backup mode - you get exact copy of the source side (maildir:/tmp/mail_backup) on destination side (d...@darklajid.de) That would be sort of okay. Except that isn't what happened: - The target mailbox was killed completely - Nothing was restored If what you're suggesting here is true I'd expect a clean copy of my source - even if it destroys all other changes. That did NOT happen though. It nuked the target and didn't restore a thing. Plus, dsync mirror did exactly the same: Nuked the (live) mailbox once more, same error message, not a single message restored (but also no modification to the source). - Can I use dsync ... for backups? I don't think that this is a good idea after yesterday night? AFAIK you can safely use it to make the backup. I'm not sure if it can be reliably used to restore data (don't think so but I'm not an expert.) I'd use doveadm import for that. That'd be my experience at this point as well, of course. :-) The bigger question is if this is well-known / correct and if this should be documented in a better fashion. Was I really that naive to expect that to work (in that case: ignore the documentation request) or could that happen again? Ben
[Dovecot] dsync deleted my mailbox - what did I do wrong?
Hi. Mostly annoying: I migrated from one machine to another, made sure the target host worked as expected, updated mx records and - after a couple of days - signed it off as good. This is just my private machine, no big deal if something goes wrong.. Everything's fine? Good, let's migrate my inbox from the old machine. There's no direct connectivity between those servers, so what I did was: (old server) sudo -u vmail dsync -u d...@darklajid.de backup maildir:/tmp/mail_backup/ Works fine, got my maildir. Tar'd it up, moved it to the new server. Now how do I import those mails? Ah, let's use the same command, with -R? (new server) sudo -u vmail dsync -u d...@darklajid.de -R backup maildir:/tmp/mail_backup Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. Wait. What? Sure enough, the last couple of days are gone, the target mailbox is completely empty. I read the man page over and over again, but failed to see the problem. I even thought for a moment that _maybe_ dsync backup is one-way only (even if that failed as well) and tried the same command with mirror. Exactly the same output, same result, empty target mailbox. In the end I succeeded to import the mails with doveadm import, completely lost a number of days of mails. My fault, sloppy not to back the up again, but I still don't think that this should happen. Ever. My question now is: - where did I fail (ignoring the backups, please. That's .. something I know) - Can I use dsync ... for backups? I don't think that this is a good idea after yesterday night? - Should dsync EVER try to delete mailboxes? Even 'special' mailboxes? Should it warn about that, asking for a --force switch or something? Any insights would be appreciated. At this point the damage is done, but I'd like to learn how to do better. Ben
[Dovecot] dovecot 2.2.10 fts_lucene: Failed to initialize backend
Hey there. Lurking most of the time here, currently I'm trying to make FTS work™
[Dovecot] dovecot 2.2.10 fts_lucene: Failed to initialize backend
Hey there. (Lesson to self: Don't try to be cute. Somehow a trademark sign breaks my setup and the rest of the mail is discarded? Sorry for the previous, incomplete post) Lurking most of the time here, currently I'm trying to make FTS work. As far as I understand [1], squat is deprecated, solr is a rather big dependency for my 'friends family' type of installation: Lucene it is! My problem: The lucene backend isn't working, I get this error whenever I try to access it (be it doveadm fts or a search, triggering an index): # doveadm fts rescan -u d...@darklajid.de doveadm(d...@darklajid.de): Error: fts: Failed to initialize backend 'lucene': Unknown backend doveadm(d...@darklajid.de): Error: fts not enabled for user's namespace (null) Any ideas what I might be doing wrong here? All the details I could think of are below, any help would be appreciated. Regards, Ben -- Package information # pkg info dovecot2 dovecot2-2.2.10 Name : dovecot2 Version: 2.2.10 Installed on : Mon Mar 31 17:14:26 CEST 2014 Origin : mail/dovecot2 Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : mail ipv6 Licenses : MIT or LGPL21 Maintainer : b...@fsn.hu WWW: http://www.dovecot.org/ Comment: Secure and compact IMAP and POP3 servers Options: DOCS : off EXAMPLES : off GSSAPI : off KQUEUE : on LDAP : off LIBWRAP: off LUCENE : on MYSQL : off PGSQL : on SOLR : off SQLITE : off SSL: on VPOPMAIL : off Shared Libs required: libssl.so.8 libpq.so.5 libdovecot.so.0 libdovecot-storage.so.0 libdovecot-login.so.0 libdovecot-lda.so.0 libcrypto.so.8 libclucene-shared.so.1 libclucene-core.so.1 Shared Libs provided: libssl_iostream_openssl.so libdovecot.so.0 libdovecot-storage.so.0 libdovecot-sql.so.0 libdovecot-login.so.0 libdovecot-lda.so.0 libdovecot-compression.so.0 libauthdb_imap.so lib95_imap_stats_plugin.so lib90_stats_plugin.so lib30_imap_zlib_plugin.so lib21_fts_squat_plugin.so lib21_fts_lucene_plugin.so lib20_zlib_plugin.so lib20_virtual_plugin.so lib20_replication_plugin.so lib20_mailbox_alias_plugin.so lib20_mail_log_plugin.so lib20_listescape_plugin.so lib20_fts_plugin.so lib20_expire_plugin.so lib20_doveadm_fts_plugin.so lib20_doveadm_fts_lucene_plugin.so lib20_autocreate_plugin.so lib15_notify_plugin.so lib11_trash_plugin.so lib11_imap_quota_plugin.so lib10_quota_plugin.so lib10_doveadm_quota_plugin.so lib10_doveadm_expire_plugin.so lib10_doveadm_acl_plugin.so lib05_snarf_plugin.so lib05_pop3_migration_plugin.so lib02_lazy_expunge_plugin.so lib02_imap_acl_plugin.so lib01_acl_plugin.so -- Sure enough, the libraries are there/in places that look fine to me: # pkg info -l dovecot2 | grep -i fts /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.a /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.la /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.a /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.la /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so /usr/local/lib/dovecot/lib20_fts_plugin.a /usr/local/lib/dovecot/lib20_fts_plugin.la /usr/local/lib/dovecot/lib20_fts_plugin.so /usr/local/lib/dovecot/lib21_fts_lucene_plugin.a /usr/local/lib/dovecot/lib21_fts_lucene_plugin.la /usr/local/lib/dovecot/lib21_fts_lucene_plugin.so /usr/local/lib/dovecot/lib21_fts_squat_plugin.a /usr/local/lib/dovecot/lib21_fts_squat_plugin.la /usr/local/lib/dovecot/lib21_fts_squat_plugin.so -- Doveconf: # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE amd64 ufs first_valid_uid = 1 login_log_format_elements = user=%u method=%m rip=%r lip=%l mpid=%e %c %k mail_home = /var/vmail/%d/%n mail_location = maildir:/var/vmail/%d/%n/Maildir mail_plugins = fts mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe
Re: [Dovecot] dovecot 2.2.10 fts_lucene: Failed to initialize backend
On Thursday, April 3, 2014 11:28:17 AM CEST, Peter Chiochetti wrote: Am 2014-04-03 11:18, schrieb Benjamin Podszun: My problem: The lucene backend isn't working, I get this error whenever I try to access it (be it doveadm fts or a search, triggering an index): # doveadm fts rescan -u d...@darklajid.de doveadm(d...@darklajid.de): Error: fts: Failed to initialize backend 'lucene': Unknown backend ... Ben, in the wiki it says, lucene has to be v2.1+ Dont know enough of freebsd naming schemes, but to me this looks like you only have lucene v1? Shared Libs required: libclucene-shared.so.1 libclucene-core.so.1 Thanks, good idea. But -- # pkg info clucene clucene-2.3.3.4_3 Name : clucene Version: 2.3.3.4_3 Installed on : Mon Mar 31 17:14:25 CEST 2014 Origin : textproc/clucene Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : textproc Licenses : LGPL21 or APACHE20 Maintainer : off...@freebsd.org WWW: http://sourceforge.net/projects/clucene/ Comment: CLucene is a C++ port of Lucene Shared Libs provided: libclucene-shared.so.2.3.3.4 libclucene-core.so.2.3.3.4 libclucene-contribs-lib.so.2.3.3.4 # ls -l /usr/local/lib/libclucene*so lrwxr-xr-x 1 root wheel 28 Feb 13 11:03 /usr/local/lib/libclucene-contribs-lib.so - libclucene-contribs-lib.so.1 lrwxr-xr-x 1 root wheel 20 Feb 13 11:03 /usr/local/lib/libclucene-core.so - libclucene-core.so.1 lrwxr-xr-x 1 root wheel 22 Feb 13 11:03 /usr/local/lib/libclucene-shared.so - libclucene-shared.so.1 -- So the version should be fine I guess. On top of that: I hope that the port itself isn't broken (possible of course, but I'd rather expect the f-up in my installation/my configuration?). Thanks, Ben
Re: [Dovecot] dovecot 2.2.10 fts_lucene: Failed to initialize backend
On Thursday, April 3, 2014 12:13:49 PM CEST, Benjamin Podszun wrote: On Thursday, April 3, 2014 11:28:17 AM CEST, Peter Chiochetti wrote: Am 2014-04-03 11:18, schrieb Benjamin Podszun: ... Sorry for replying to myself, but I'm truely stuck and maybe this makes more sense to one of you guys? Running truss (think, 'strace' if you will) on doveadm fts rescan -u d...@darklajid.de I get the trace at the end of this mail. Take away for me: The .so file is actually used/loaded. The only error that I don't understand is ioctl(9,TIOCGETA,0xd3c0) ERR#25 'Inappropriate ioctl for device' Should I take this to the FreeBSD issue tracker instead? Thanks, Ben mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366509056 (0x800675000) issetugid(0x800874f30,0x7fffefc9,0x40,0x0,0x800800875f67,0x0) = 0 (0x0) lstat(/etc,{ mode=drwxr-xr-x ,inode=4895616,size=2048,blksize=32768 }) = 0 (0x0) lstat(/etc/libmap.conf,{ mode=-rw-r--r-- ,inode=4895697,size=112,blksize=32768 }) = 0 (0x0) open(/etc/libmap.conf,O_CLOEXEC,01760) = 3 (0x3) fstat(3,{ mode=-rw-r--r-- ,inode=4895697,size=112,blksize=32768 }) = 0 (0x0) mmap(0x0,112,PROT_READ,MAP_PRIVATE,3,0x0)= 34366541824 (0x80067d000) close(3) = 0 (0x0) lstat(/usr,{ mode=drwxr-xr-x ,inode=6902016,size=512,blksize=32768 }) = 0 (0x0) lstat(/usr/local,{ mode=drwxr-xr-x ,inode=6902027,size=512,blksize=32768 }) = 0 (0x0) lstat(/usr/local/etc,{ mode=drwxr-xr-x ,inode=250090,size=512,blksize=32768 }) = 0 (0x0) lstat(/usr/local/etc/libmap.d,0x7fffb798) ERR#2 'No such file or directory' munmap(0x80067d000,112) = 0 (0x0) access(/usr/local/lib/dovecot/libz.so.6,0) ERR#2 'No such file or directory' open(/var/run/ld-elf.so.hints,O_CLOEXEC,031713770) = 3 (0x3) read(3,Ehnt\^A\0\0\0\M^@\0\0\0Z\0\0\0\0\0\0\0Y\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0,128) = 128 (0x80) lseek(3,0x80,SEEK_SET) = 128 (0x80) read(3,/lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/usr/local/lib/dovecot:/usr/local/lib/event2\0,90) = 90 (0x5a) close(3) = 0 (0x0) access(/lib/libz.so.6,0) = 0 (0x0) open(/lib/libz.so.6,O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=4574633,size=85424,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,2183168,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368610304 (0x800876000) mmap(0x800876000,81920,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368610304 (0x800876000) mmap(0x800a8a000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x14000) = 34370789376 (0x800a8a000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access(/usr/local/lib/dovecot/libcrypt.so.5,0) ERR#2 'No such file or directory' access(/lib/libcrypt.so.5,0) = 0 (0x0) open(/lib/libcrypt.so.5,O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=4574617,size=61992,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,2228224,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370793472 (0x800a8b000) mmap(0x800a8b000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370793472 (0x800a8b000) mmap(0x800c99000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xe000) = 34372947968 (0x800c99000) mmap(0x800c9a000,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34372952064 (0x800c9a000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access(/usr/local/lib/dovecot/libdovecot-storage.so.0,0) = 0 (0x0) open(/usr/local/lib/dovecot/libdovecot-storage.so.0,O_CLOEXEC,031713770) = 3 (0x3) fstat(3,{ mode=-rwxr-xr-x ,inode=329626,size=1243496,blksize=32768 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000) mmap(0x0,3186688,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34373021696 (0x800cab000) mmap(0x800cab000,1048576,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34373021696 (0x800cab000) mmap(0x800faa000,45056,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xff000) = 34376163328 (0x800faa000) munmap(0x80067d000,4096) = 0 (0x0) close(3) = 0 (0x0) access(/usr/local/lib/dovecot/libdovecot.so.0,0) = 0 (0x0) open(/usr/local/lib/dovecot/libdovecot.so.0,O_CLOEXEC
Re: [Dovecot] check the user number
On Monday, March 31, 2014 10:21:28 AM CEST, ihab wrote: There is a way to check the number of user using the system at anytime doveadm who comes to mind? What are you looking for? /Ben
Re: [Dovecot] Config problem: want SSL + local roundcube
On Tuesday, November 5, 2013 5:35:15 PM CEST, Rich wrote: On 05/11/13 15:56, Reindl Harald wrote: does it hurt? no! My SSL certificate is of course invalid for 127.0.0.1 and I could not get RC to connect on port 993 for some reason (although that's probably for a RC mailing list, granted). I guess the question is mostly Why isn't RC connecting to your certificate's CN like everyone else? Why 127.0.0.1, not example.com?
[Dovecot] State of the FTS modules and packaging
Hi there. I'm running a small (VPS) mail system just for myself for quite a while and want to support some friends and family now. For that I'm improving / documenting the setup. One thing I never cared to implement was FTS support. Looking at the options [1] now, I'm stuck. I don't want solr (no Java bashing here, I'm sure that's working awesome. But I don't want to pull all these dependencies in on my tiny VPS: Memory and disk will be as small as I can get away with). With that out of the way: What are my options? Squat: Why's squat deprecated? Did it stop working? Can someone shed some light on the original reasons for the deprecation? What are the risks to go with squat anyway? Clucene: That seems .. unusable. It would be my prefered choice (not deprecated, little dependencies), but .. it isn't packaged in deb based distributions (Debian, Ubuntu). It doesn't even _build_, because it doesn't use pkg-config to find the clucene includes (at least for 2.1.17) in these environments. Centos is even more out of date with 2.0.9. Given the experience above, is solr my only option to offer FTS? Can you guys share how you're having a stable base/os with a somewhat recent (and complete!) dovecot package? Thanks a lot regards, Ben 1: http://wiki2.dovecot.org/Plugins/FTS