Re: MAPI Properties?
The last time I investigated that was a couple years ago, but according to my understanding the IMAP protocol does not support the colour categories provided by Outlook, and therefore anything Outlook does in that respect is a "Local Only" feature. That is, the colour categories cannot be stored by an IMAP server, nor shared via the IMAP protocol between multiple Outlook clients... On 15-10-25 10:34 PM, Mark Foley wrote: I'm using Dovceot/IMAP on Linux and Outlook clients on WIN7 workstations. Mail on Linux is stored in Maildir format. I'm searching for where Outook keeps its information on color categories in IMAP. According to Diane Poremsky at slipstick.com, "Outlook stores it in the mapi properties of each message. If you use MFCMAPI to viuw the messages, you'll see the properties." MAPI is a Windows thing and the recommended MFCMAPI is for viewing these properties in Exchange. Not what I can use. Outlook must be storing these properties somewhere in the Dovecot/IMAP system as color categories can be set from Outlook. Can someone tell me where to look for these properties? THX - Mark
Re: LDAP authentication
Hi,
I would suggest starting with a simplified config. by example:
hosts = my.server.local
auth_bind = yes
ldap_version = 3
base = CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local
base = DC=company,DC=local
scope = subtree
user_attrs = \
=home=/home/imapproxy/%u, \
=mail=maildir:/home/imapproxy/%u
remove the user_attrs
In my config, home is defined in userdb in main dovecot.conf
pass_attrs = uid=%u, userPassword=%w
remove pass_attrs
pass_filter = ((objectClass=user)(sAMAccountName=%u))
pass_filter = (sAMAccountName=%Ln)
And add:
user_filter = (sAMAccountName=%Ln)
auth_bind_userdn = company\%u
something tickles my brain that says my setup didn't like that. anyway,
my config has %l...@company.xyz
If that works, then you can add the other bits one at a time till it
fails
If I try to login on the LDAP-Server using ldapsearch it works, but with
Dovecot not...
I see this in my log:
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=+agW4xsZ4gAKADPG#011lip=10.0.46.4#011rip=10.0.51.198#011lport=143#011rport=34018#011resp=hidden
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: client passdb out:
OK#0111#011user=bertoncello
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: master in:
REQUEST#0111586495489#01117122#0111#01161785e0770d6c48e7316ab484bc2778c#011session_pid=17125#011request_auth_token
Jun 22 16:14:08 proxy01 dovecot: auth: Debug:
ldap(bertoncello,10.0.51.198,+agW4xsZ4gAKADPG): user search:
base=CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local
scope=subtree filter=((objectClass=posixAccount)(uid=bertoncello)) fields=
Jun 22 16:14:08 proxy01 dovecot: auth: Error:
ldap(bertoncello,10.0.51.198,+agW4xsZ4gAKADPG):
ldap_search(base=CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local
filter=((objectClass=posixAccount)(uid=bertoncello)))
failed: Operations error
Jun 22 16:14:08 proxy01 dovecot: auth: Debug: master userdb out:
FAIL#0111586495489
Jun 22 16:14:08 proxy01 dovecot: imap: Error: Internal auth failure
(client-pid=17122 client-id=1)
Jun 22 16:14:08 proxy01 dovecot: imap-login: Internal login failure
(pid=17122 id=1) (internal failure, 1 successful auths):
user=bertoncello, method=PLAIN, rip=10.0.51.198, lip=10.0.46.4,
mpid=17125, TLS, session=+agW4xsZ4gAKADPG
and if I sniff with ngrep the comunication with the AD I see:
T 10.0.46.4:58761 - 192.168.168.23:389 [AP]
0`
#
T 192.168.168.23:389 - 10.0.46.4:58761 [AP]
0a
##
T 10.0.46.4:58761 - 192.168.168.23:389 [AP]
0#...`..company\bertoncello..secret
#
T 192.168.168.23:389 - 10.0.46.4:58761 [AP]
0a
##
T 10.0.46.4:58761 - 192.168.168.23:389 [AP]
0`
#
T 192.168.168.23:389 - 10.0.46.4:58761 [AP]
0a
#
T 10.0.46.4:58761 - 192.168.168.23:389 [AP]
0.c{.5CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local1objectClass..posixAccountuid..bertoncello0.
#
T 192.168.168.23:389 - 10.0.46.4:58761 [AP]
0e04DC: LdapErr: DSID-0C0906E8, comment:
In order to perform this operation a successful bind must be completed
on the connection., data 0, v1db1.
##
T 10.0.46.4:58761 - 192.168.168.23:389 [AP]
0B.
###
T 192.168.168.23:389 - 10.0.46.4:58761 [AR]
..
and I can't understand why:
1) I read objectClass..posixAccount
2) The authentication does not work...
Thanks for your help!
Luca Bertoncello
(lucab...@lucabert.de)
Re: Evolution clientware and Dovecot
Hi, On Fri, 2014-11-14 at 11:46 -0700, The Doctor wrote: Got a customer using Evolution 2.12.3 and was using SSL and could not retrieve e-mail in the last week. Got the custome to turn off SSL and he was able to retrieve e-mail. Recently I compiled SSL so that any comprimise was removed and then all apps using SSL including dovecot was recompiled. Could this be an app/Evolution issue? Yes, but could be other things too. did you confirm that you can connect to dovecot using openssl s_client? If you are using a self-signed cert, did your evolution user accept the certificate as opposed to denying it?
Re: X-sieve-redirected-from
Jiri, Reading my message over I see it was the end of a long day at the end of a long week, thank you for interpreting and replying, The mail is forwarded, but no vacation response is sent, and the mail is not forwarded. I find the lda error like this: The mail is forwarded. No not forwarding going on. the vacation response is not sent. Hopefully that is more clear. _discarding_vacation_response_for_implicitly_delivered_message; _no_known_(envelope)_recipient_address_found_in_message_headers_ (recipient=bob.mil...@primelian.ctfn.ca,_and_no_additional_ `:addresses'_are_specified) Does the message have To: and From: headers? I recall getting the same (or similar) output when those headers were missing during my testing. Adding them fixed the issue. The problem turned out to be my defaultdelivery file in qmail; dovecot-lda was missing the -a argument for the recipient... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca
X-sieve-redirected-from
Hi,
I am chasing a problem with sieve vacation messages. the sieve file
looks like this:
## Generated by Roundcube Webmail SieveRules Plugin ##
require [copy,vacation];
# rule:[computerisms.ca]
if anyof (address :contains To bob.mil...@ctfn.ca,
address :contains Cc bob.mil...@ctfn.ca)
{
redirect :copy b...@computerisms.ca;
vacation
:days 66
:subject autotest
hello back;
}
The mail is forwarded, but no vacation response is sent, and the mail is
not forwarded. I find the lda error like this:
_discarding_vacation_response_for_implicitly_delivered_message;
_no_known_(envelope)_recipient_address_found_in_message_headers_
(recipient=bob.mil...@hostname.domain.tld,_and_no_additional_
`:addresses'_are_specified)
I am presuming this is the source of my problem. I am not sure why the
domain is being modified to reflect the fqdn of the mail server host.
When I look at the delivered mail, I find the following two headers:
X-sieve-redirected-from: bob.mil...@hostname.domain.tld
Delivered-to: bob.mil...@domain.tld
I have been looking for a while now, and I can't figure out where it is
picking up the hostname from. doveconf -a | grep hostname comes up
empty. the hostname is not in any of the mta config files. Anyone got
a hint?
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
Re: Authentication using AD : bug ?
Hi, I authenticate my test user in AD well in Dovecot. However, if I change this user's password in AD, the old password still works for authentication in Dovecot and the new is working too. Is there a time to make Dovecot don't remember the old password or is it a bug ? Are you sure you aren't authenticating against something else as well, like a local unix account with the same password, for example? Restarting Dovecot don't solve the problem. Do you already heard about this ? Please tell me what conf files you maybe need. Thanks in advance Nicolas signature -
Re: LDAP authentication
Hi, Sep 10 11:27:00 localhost dovecot: auth: pam(testuser1,127.0.0.1): pam_authenticate() failed: Permission denied Sep 10 11:27:00 localhost dovecot: auth: ldap(testuser1,127.0.0.1): invalid credentials I am not clear from this if you are using pam auth first and ldap auth 2nd, or if you are trying to use pam to do your ldap authentication for you. Assuming the former, I would guess that you are either failing the auth_bind, or the attributes you are using for user_filter/pass_filter aren't matching the username format. I would start by checking the settings in your dovecot-ldap.conf file... Sep 10 11:27:02 localhost dovecot: auth: Debug: client out: FAIL#0111#011user=testuser1 So, I don't know what permission is being denied by PAM, or if that was there or not when this did work. I can access my LDAP server just fine. What else can I check?
Re: outlook 2013
That’s odd. The one and only thing that Lookout does pretty well is IMAP. After several hours scouring the net last night, I am surprised to hear that. Certainly has never been my experience with outlook, especially 2013... is there some special trick that google is hiding from me? Not really. I went in armed with a list of possible fixes and did battle with the two machines today. started by installing thunderbird and shutting off outlook, which absolutely proved outlook was the problem; as soon as I started up outlook again, thunderbird showed mails being created and deleted every few seconds. Went through my list, everything from A-W (account settings to windows updates). So far so good, it's too early to say it is fixed, but I am past the two hour mark now with no problems...
Re: LDAP authentication
Hi, [joliver@localhost ~]$ cat /etc/dovecot/dovecot-ldap.conf.ext hosts = localhost base = ou=Users,dc=my,dc=domain ldap_version = 3 auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=my,dc=domain this looks different than mine. here is my example config file, maybe it helps: hosts = 192.168.26.10:389 debug_level = 0 auth_bind = yes auth_bind_userdn = %l...@computerisms.com base = dn=computerisms,dn=com scope = subtree user_filter = ((sAMAccountName=%Ln)) pass_filter = ((sAMAccountName=%Ln))
outlook 2013
I am trying really hard to wrap my head around why people insist on using this program... Where I have outlook 2013 users, I have had nothing but problems getting their mail to work with imap. my solution has been to set them up with pop, which works just like it always has. Or move them to a different program. recently, I have a customer who requires multiple machines, all using outlook 2013, to access the same email address, so pretty much have to use imap. if I set up just one of the machines with imap, it works more less as expected, with hiccups such as mail taking an hour or two or more to show up. But shortly after I connect a 2nd machine to the same account, one or both machines start to go wonky. Symptoms include deleted items returning, read messages becoming unread again, and duplicates being constantly created and deleted. The last I can confirm by watching in webmail and refreshing the inbox every few seconds; as mail shows up and deletes in outlook, so it does in webmail too. On my test machine connected to the same server, I have evolution, outlook and thunderbird all connecting to one account with no problems. Well, outlook hiccups, but it's not unusable. And I have other users on the system that share email accounts across a variety of other clients and platforms, including older versions of outlook. I have tried checking message rules, there are none; removing all folder subscriptions; running scanpst, which finds errors even before the account finishes syncing and ever time I run it after that; I have looked for viruses/malware; I have confirmed there is no forwarding or some trickery happening on the server; chkdsk and similar hardware checks all come up clean, the computers are only a couple of months old; I have got certs set up with SANs and the CA installed such that outlook does not error on the certificate; and I have tried just about every combination of settings that seem relevant. The one thing that does seem to work, at least for a few minutes or an hour or two, is deleting and recreating the accounts on one of the computers. But the problem inevitably returns in short order. Surely people have outlook 2013 connecting via imap to dovecot without problems; is there some special trick that google is hiding from me? -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca
Re: outlook 2013
Hi Patrick, Thanks for your reply. I have no idea what your doing to cause this issue :( I have a normal install of dovecot running, and I have 3 webmail pages open, 2 phones using imap, and a thunderbird connected to it. I started with outlook 2007, then 2010, and now 2013 for the last 2 years or 3years (I upgraded to it in beta at first). I haven't had any issues at all, I can delete emails, move emails, ..., and they instantly change in the other programs. I have several accounts that are used by a variety of different programs and devices, as well, but the only program that gives me any problem is outlook 2013. And not quite consistently, on some few machines I have seen it work the same as any other client. This one particular case has me quite baffled though. I just use the normal outlook2013 config options for the account, besides making sure the ssl settings are right. I think I have only used it on the 2.2 branch though, what dovecot version are you using? # dovecot --version 2.2.13 sigh. At least now I know it should be working, so I will keep searching fior a solution...
Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
Hi, Suggestions and warnings are most welcome. Thanks! Since you're using maildir, you might want to check rsync out as well, especially with --link-dest. In short, you call rsync on your backup machine like this: rsync --link-dest=previous-backup-dir source new-backup-dir check out rsnapshot. Tried, tested, and true on my systems for just short of a decade now...
Re: Dovecot authentication against active directory
Hi , My dovecot-ldap.conf: hosts = ** dn = CN=*,OU=*,OU=*,OU=*,DC=**,DC=*,DC=de dnpass = tls = no debug_level = -1 ldap_version = 2 base = OU=*,DC=*,DC=*,DC=de deref = never scope = subtree user_attrs = sAMAccountName=home user_filter = ((ObjectClass=user)(|(mail=%u)(sAMAccountName=%u))) pass_filter = ((ObjectClass=user)(sAMAccountName=%u)) default_pass_scheme = plain I could be wrong, but I think you must have TLS to connect to AD. sAMAccountName, at least in cases I am familiar with, does not match a full email address, try %n instead of %u, or filter on userPrincipal instead. do you have a mail attribute in your active directory? I would suggest start by getting it working with just the sAMAccountName in your user/pass_filter lines, then flesh out your filters after you have that working... could anybody help me with this problem? Thanks in advance! Regards, Tobias Dummert
Re: [Dovecot] Dovecot2 vs. AD, Inactivity during authentication
Hi, have you verified from you AD logs that dovecot is sending the same thing as your ldapsearch? -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Thu, 2014-02-27 at 12:58 +0100, Jeroen Scheerder wrote: Quoth Jeroen Scheerder (27 Feb 2014, 12:38): Here's what I see in the logs: Feb 27 12:25:49 mail.info ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=r/ERi2HzQAB/AAAB Feb 27 12:26:42 mail.err ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,r/ERi2HzQAB/AAAB): Request 74099.1 timed out after 225 secs, state=1 Logging to file instead of syslog, I see a bit more: Feb 27 12:45:27 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Feb 27 12:45:27 auth: Debug: Wrote new auth token secret to /var/run/dovecot/auth-token-secret.dat Feb 27 12:45:27 auth: Debug: auth client connected (pid=74241) Feb 27 12:45:31 auth: Debug: client in: AUTH1 PLAIN service=imap secured session=9QHH22HzYgB/AAABlip=127.0.0.1 rip=127.0.0.1 lport=143 rport=64354 resp=hidden Feb 27 12:45:31 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): bind search: base=dc=office,dc=on2it,dc=net filter=((ObjectClass=person)(sAMAccountName=js)) Feb 27 12:48:27 imap-login: Info: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 176 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=9QHH22HzYgB/AAAB Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js; sAMAccountName unused Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js Feb 27 12:49:16 auth: Error: PLAIN(js,127.0.0.1,9QHH22HzYgB/AAAB): Request 74241.1 timed out after 225 secs, state=1 Feb 27 12:49:16 auth: Debug: client in: CANCEL 1 Feb 27 12:49:18 auth: Debug: client passdb out: FAIL1 user=js temp Using ldapsearch on this very host, I have verified that this particular ldap query, with the same authenticated bind, actually works: ponyboy% time ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w suppressed \ -H ldap://dc2.office.on2it.net -b dc=office,dc=on2it,dc=net -D suppressed -s sub \ '((ObjectClass=person)(sAMAccountName=js))' sAMAccountName dn: CN=Jeroen Scheerder,OU=Users,OU=Netherlands,OU=ON2IT,DC=office,DC=on2it,DC=net sAMAccountName: js # refldap://DomainDnsZones.office.on2it.net/DC=DomainDnsZones,DC=office,DC=on2it,DC=net # refldap://ForestDnsZones.office.on2it.net/DC=ForestDnsZones,DC=office,DC=on2it,DC=net # refldap://office.on2it.net/CN=Configuration,DC=office,DC=on2it,DC=net # pagedresults: cookie= ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w [...] -H0.00s user 0.00s system 19% cpu 0.019 total
Re: [Dovecot] lda+ldap multiple users
Hi, so not much to do on the qmail side. and thats the reason everything user related is done in dovecot itself. ok ...but if nobody knows if its possible inside the dovecot lookup process, a new/seperate lookup process that calls dovecot-lda with the username instead of the mailaddress might be the only opportunity. As I understand the original problem, you need one mail to be delivered to several users, which means you need to figure out how to alias or forward. Steffen's approach is a super good idea I intend to stuff into my back pocket, and is probably worth pursuing given your usage case. Other than that, and based on what I know, I would still be inclined to try and solve this by creating a local user and configuring a .qmail file to forward the mails to AD users, but tweaking your defaultdelivery to accommodate a per-user .qmail file might be tricky or impossible in your situation. A global sieve script might be another approach to forwarding mails from a virtual address to valid users, but I haven't implemented one, so I can't say if it fits your situation or provide advice on configuring one. Another approach could be setting up a mailing list, where the list address is the common address that delivers to subscribed users. Perhaps delivery to a single user and a shared folder might provide a usable end result as well... Whatever you end up doing, I am interested to hear what works for you in the end... Greetz Matze
Re: [Dovecot] lda+ldap multiple users
Hi,
Integrating qmail and active directory pretty much requires you to use
qmail-ldap. without it you need to much bubblegum and band aids for it
to be suitable for a (publicly accessible) production environment. And
I can't see how you wouldn't eventually run into problems without each
user having a unique email address.
In a pure qmail environment, I might work around the problem by giving
each user a unique mailaddress, then create a user XY and use a .qmail
file to override the LDA defaultdelivery and have it forward to the
various users, and not deliver to its own maildir. But you still miss
important features like validrcptto and smtpauth if qmail can't talk to
AD.
But with qmail-ldap for sure you can set up multiple users with the same
alias and it works. ie the users are configured with userPrincipal as
mail address with an alias of x...@domain.com, then mails sent to
x...@domain.com will deliver to all users.
I documented my sandbox qmail-ldap/dovecot system here, maybe it is
useful to you:
http://cocnm.computerisms.ca/index.php/Install_Qmail-ldap,_Dovecot,_and_Related_Email_Services
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
On Fri, 2014-02-14 at 12:07 +0100, Steffen Kaiser wrote:
On Fri, 14 Feb 2014, matthias lay wrote:
On 02/14/2014 08:27 AM, Steffen Kaiser wrote:
On Fri, 7 Feb 2014, matthias lay wrote:
I experienced that if a Mailaddress matches several users the delivery is
aborted.
dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP search
returned multiple entries
dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER lookup
failed
-
now my question, is there a way to have a mail like that delivered to all
users that matches the lookup?
havent found anything in the docs.
This is a job of your MTA.
MTA is qmail and doesnt know anything about users. dovecot uses usernames
for
mailboxes. lets say
/var/mail/userA/Maildir
/var/mail/userB/Maildir
both users have mailaddr x...@example.com mapped in Active Directory. Now
when
mails arrive lda is called like
dovecot-lda -d x...@example.com mailto:dafan.z...@securepoint.de -m INBOX
and theres my problem.
You have implicitly created mail aliases for your users. qmail has to
resolve this alias XY into the users A and B.
You could wrap your call to the Dovecot LDA by a script resolving the
aliases somehow, e.g.:
#!/bin/bash
tmpf=/tmp/split.$$.tmp
# save the message in case we have multiple recipients
cat - $tmpf
ldapsearch mailtarget=$1 samaccountname | \
awk '$1 == sAMAccountName: { print $2 } ' | \
while read uid; do
dovecot-lda -d $uid . $tmpf
rc=$?
if test $rc -gt 0; then
rm -f $tmpf
exit $rc
fi
done
rm -f $tmpf
adjust ldap query and attribute names and call to MDA.
This is not really nice, because you cannot handle individual problems,
e.g. what shall happen if delivery to userB fails? Shall userA get the
message, shall delivery to userA succeeded, but to retried to userB?
Currently the first error is returned to qmail and probably one user gets
the same message again and again, because of a problem of another user's
mailbox. You could return $rc at the very end, then qmail gets the success
status of the delivery attemp to the last user.
I wouldn't do such stuff in a non-private environment.
Re: [Dovecot] Authentification Dovecot + Samba4
I wrote a wiki on how to build an ldap-authenticated network using samba4. the dovecot part is on this page, but there are other relevant parts reachable from the main page as well: http://cocnm.computerisms.ca/index.php/Install_Qmail-ldap,_Dovecot,_and_Related_Email_Services -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Fri, 2013-12-06 at 19:21 +0100, d...@quantentunnel.de wrote: Hello list, I am struggling with setting up dovecot 2.1.7 with samba 4.1.2 on debian wheezy. Dovecot should authenticate via LDAP, but I cannot get it to work reliably. Sometimes auth works, sometimes not. Referals are already activated in ldap.conf … LDAP-authentication works fine with other clients (Apache Directory Studio, …) Has somebody got a similar setup running? I would love some hints on how to debug this issue … Thank you! Regards dovecot-ldap.conf hosts = 192.168.188.156:389 dn = CN=Administrator,CN=Users,DC=DOMAIN,DC=LOCAL dnpass = Test123 auth_bind = yes ldap_version = 3 base = DC=DOMAIN,DC=LOCAL tls = no debug_level = -1 ldap_version = 3 scope = subtree user_attrs = uidNumber=uid,gidNumber=gid user_filter = (((objectClass=Person)(sAMAccountName=%u))) pass_attrs = sAMAccountName=user,userPassword=password pass_filter = (((objectClass=Person)(sAMAccountName=%u))) logs: srv1 dovecot: auth: Debug: auth client connected (pid=0) srv1 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=doveadm#011resp=hidden srv1 dovecot: auth: Debug: ldap(john): bind search: base=DC=DOMAIN,DC=LOCAL filter=(((objectClass=Person)(sAMAccountName=john))) srv1 dovecot: auth: Error: ldap_search srv1 dovecot: auth: Error: put_filter: (((objectClass=Person)(sAMAccountName=john))) srv1 dovecot: auth: Error: put_filter: AND srv1 dovecot: auth: Error: put_filter_list ((objectClass=Person)(sAMAccountName=john)) srv1 dovecot: auth: Error: put_filter: ((objectClass=Person)(sAMAccountName=john)) srv1 dovecot: auth: Error: put_filter: AND srv1 dovecot: auth: Error: put_filter_list (objectClass=Person)(sAMAccountName=john) srv1 dovecot: auth: Error: put_filter: (objectClass=Person) srv1 dovecot: auth: Error: put_filter: simple srv1 dovecot: auth: Error: put_simple_filter: objectClass=Person srv1 dovecot: auth: Error: put_filter: (sAMAccountName=john) srv1 dovecot: auth: Error: put_filter: simple srv1 dovecot: auth: Error: put_simple_filter: sAMAccountName=john srv1 dovecot: auth: Error: ldap_build_search_req ATTRS: sAMAccountName srv1 dovecot: auth: Error: ldap_send_initial_request srv1 dovecot: auth: Error: ldap_send_server_request srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid -1 srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid -1 (timeout 0 usec) srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid -1 all 0 srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections: srv1 dovecot: auth: Error: * host: DOMAIN.local port: 0 srv1 dovecot: auth: Error: refcnt: 1 status: Connected srv1 dovecot: auth: Error: last used: Fri Dec 6 19:08:49 2013 srv1 dovecot: auth: Error: srv1 dovecot: auth: Error: srv1 dovecot: auth: Error: * host: 192.168.188.156 port: 389 (default) srv1 dovecot: auth: Error: refcnt: 2 status: Connected srv1 dovecot: auth: Error: last used: Fri 2013 srv1 dovecot: auth: Error: srv1 dovecot: auth: Error: srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests: srv1 dovecot: auth: Error: * msgid 37, origid 37, status InProgress srv1 dovecot: auth: Error:outstanding referrals 0, parent count 0 srv1 dovecot: auth: Error: * msgid 35, origid 33, status InProgress srv1 dovecot: auth: Error:outstanding referrals 0, parent count 1 srv1 dovecot: auth: Error: * msgid 33, origid 33, status RequestCompleted srv1 dovecot: auth: Error:outstanding referrals 1, parent count 1 srv1 dovecot: auth: Error: ld 0x7fef48794580 request count 3 (abandoned 0) srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue: srv1 dovecot: auth: Error:Empty srv1 dovecot: auth: Error: ld 0x7fef48794580 response count 0 srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid -1 all 0 srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL srv1 dovecot: auth: Error: ldap_int_select srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid -1 all 0 srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 35 message type search-result srv1 dovecot: auth: Error: ldap_chase_referrals srv1 dovecot: auth: Error: read1msg: V2 referral chased, mark request completed, id = 35 srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 0 new referrals srv1 dovecot: auth: Error: read1msg: mark request completed, ld 0x7fef48794580 msgid 35 srv1 dovecot: auth: Error: merged parent (id 33) error info: result errno 1, error 2020: Operation unavailable without
Re: [Dovecot] using dovecot in Asterisk imap storage
-- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Tue, 2013-10-22 at 02:47 +0200, Asmaa Ahmed wrote: Hello, I am trying to use postfix/dovecot as mail server to be the imap storage for my voicemail system.For that I installed postfix and dovecot and trying to follow the instructions in this post http://etel.wiki.oreilly.com/wiki/index.php?title=Storing_Voicemail_on_an_IMAP_serverprintable=yes ugh. it's hard to read your mail, some line breaks or new paragraphs would be useful. I have yet to find one wiki that answers all questions. Expand your horizon: http://wiki2.dovecot.org/Authentication/MasterUsers FWIW, if you are using a recent version of freepbx you can configure imap storage in there on a per-user/extension basis, so you don't need to set up the masteruser...
Re: [Dovecot] Dovecot extremely slow!
hi,
Sep 26 11:03:23 wasabi dovecot: imap-login: Disconnected (no auth attempts in
1 secs): user=, rip=24.58.62.118, lip=146.83.9.56, TLS, \
session=uOJE1UnnxQAYOj52
Sep 26 11:03:26 wasabi dovecot: imap-login: Login: user=pato, method=PLAIN,
rip=24.58.62.118, lip=146.83.9.56, mpid=3973, TLS, session\
=PCFr1UnnxgAYOj52
try enabling the debug settings in your dovecot.conf, maybe you can get
more info:
#auth_debug = yes
#auth_debug_passwords = yes
#mail_debug = yes
You also mention that your auth server is on a separate machine, and 60
seconds seems a lot like a timeout threshold, maybe you are having
intermittent problems there. Maybe if you could tail the dovecot and
the ldap logs simultaneously then repeat your test, you would see a
discrepancy on the auth server when the dovecot logs show user=
ssl_cert = /etc/dovecot/wasabi.imap.crt
ssl_key = /etc/dovecot/private/wasabi.imap.nopwd.key
Hmm... a low-level guess: maybe you need to speicify your CA here? I
don't *think* that would explain your slowness, but I suppose there
could be a timeout looking for it...
userdb {
driver = passwd
}
Re: [Dovecot] Dovecot extremely slow!
-- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Wed, 2013-09-25 at 16:15 -0600, LuKreme wrote: On 25 Sep 2013, at 16:05 , Patricio Rojo p...@oan.cl wrote: I attach the 10-master configuration That’s not that useful. doveconf -n is useful As are the server logs, as opposed to the strace output...
Re: [Dovecot] Disagreement on where mail goes.
One guess: your mail_location is misconfigured. something like: mail_location = maildir:/usr/local/%u/Maildir might fix it up... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Fri, 2013-08-16 at 17:09 -0600, LuKreme wrote: My virtual users have their mail stored in /usr/local/virtual/u...@example.com/ dovecot wants to read the mail from /usr/local/virtual/u...@example.com/Maildir which is causing problems since all new mail is being written in /usr/local/virtual/u...@example.com/new and dovecot is looking in /usr/local/virtual/u...@example.com/Maildir/new For the local users, /home/user/Maildir is the right directory. for right now I've had to kludge a script that moves mail from /usr/local/virtual/u...@example.com/new to /usr/local/virtual/u...@example.com/Maildir/new every two minutes.
[Dovecot] lda and home directory
Hello, I am using qmail and lda configured such that lda should not have to do a lookup for delivery. I set my defaultdelivery like so: |HOME=/home/mail/$USER /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda Given that the email address being delivered to is bob.mil...@computerisms.com, I expect $USER to be equal to bob.miller and $HOME to expand to /home/mail/bob.miller/. The problem is lda reports: Debug:_Home_dir_not_found:_/home/mail/bob.mil...@computerisms.com/ The whole system up to here uses only the bob.miller part, and I can't find where it keeps adding the domain part from. I have tried changing all sorts of variables and config values to try and make it quit adding the domain part, but no matter what I change lda still tries to deliver the email address as username. The only measure of success I can report is that in some configurations mail delivers to /home/mail//. Where exactly is dovecot getting this value? Side question: I note in places throughout the wiki and internet variables such as $EXT, $USER, $DEST_USERNAME, and $FROM_ENVELOPE are used. I can find no documentation, beyond my own common sense anyway, to explain how/when these variables are expanded, and what I do find doesn't seem consistent to me. For example, on the CheckPassword page, $USER is implied to expand to Username, which could contain the domain or not. However on the lda/qmail page, the variable shown is $EXT@ $USER, which implies $USER will expand as only the domain part after the @ symbol and $EXT as everything before, yet changing the variable from $USER to $EXT in my defaultdelivery file has $HOME expand to /home/mail//. Where do I find the story on how these variables (as opposed to the % variables) work? (or more specifically, is there a $VAR I can use instead of $USER that will expand to just the part before the @?) -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca
Re: [Dovecot] lda and home directory
Hi Rick, I had/have the same issue. In Dovecot 1.x I was able to use LDA with vpopmail and only environment variables to deliver to a home directory. I was never able to get it to work with Dovecot 2.x - don't know if using environment variables is depricated, but I ended up having to setup an auth server to use lda with qmail/vpopmail. :( My hosting server uses vpopmail and lda, and I don't recall having to do that. If you want to compare configs, let me know. In this case, I authenticate against samba active directory, and a (seemingly) small config change there led me on an epic quest of configuration updates through the whole email system until I got stuck in this lda box that didn't even have a problem in it. sigh. I was doing so well But you showed me the outside of the box: For your environment variable questions, those come from Qmail. See: http://www.lifewithqmail.org/lwq.html#environment-variables It's stunningly obvious now that you point it out. S obvious, in fact, I probably would have been weeks figuring it out. Thank you so much... change my defaultdelivery to: |HOME=/home/mail/$LOCAL /var/qmail/bin/preline -f /usr/local/libexec/dovecot/dovecot-lda and lda looks for the correct directory again. I guess environment variables are not deprecated, presumably that's good news?
Re: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect
Hi Ben, Maybe using something like set -e to try and get some output from the script? Adding the -e switch doesn't seem to produce any output, either. To be clear, I meant putting the line: set -e near the top of your script. I forget exactly how it functions, but it makes it so when a script fails it spits out a why on stdout (or maybe stderr). I believe the -x argument does something useful for troubleshooting too, but it's been too long. `man bash` knows all... It really boils-down to the fact that I can call the following on the command-line and it functions as expected: su vmail -c '/usr/lib/dovecot/deliver -a sa-train...@example.com -d sa-train...@example.com -m Training.SPAM -p /tmp/sendmail-msg-25794.txt' Yet, when I attempt to do the exact same thing from within the pipe script that Dovecot Antispam calls, I receive exit code 75 from deliver/dovecot-lda and absolutely nothing is logged, with exception of the information of which I'm already aware (logged to syslog). I am echo-ing $(whoami) just before calling deliver within the pipe script and the output is vmail. So, it's not as though the vmail user somehow lacks the permissions required to send via dovecot-lda. There are two things that came to mind when I read your mail yesterday. They are the first things I check for when my commands work and my scripts don't. The first is $PATH, I have found innumerable times when a script wouldn't run it was because it wasn't running with a fully loaded $PATH variable, and this is especially true if you are launching your script from cron. To work around this I either put a PATH= at the top of the script, or I run the script as an argument to bash instead of using the executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) so the path is retained from the shell. I decided against mentioning this yesterday because I noted you only used full paths in your script, which should also work to avoid this problem. The other thing I didn't mention was the permissions on the path to /usr/lib/dovecot/deliver (or any other path, really). Directories with no world read/execute can prevent scripts from using files beneath them if they don't have permissions on each directory level in the path. I didn't mention this yesterday because you said you ran the script as vmail. However, looking at your su vmail -c command, I remember some times when su postrgres -c didn't work when su - postrgres then running the command did. Probably neither of these will be useful to you, but I mention them in hope that they trigger and idea or set you on an investigative path that proves helpful... What is the explanation for this behavior? It has to be something to do with how the plug-in calls the script. Does the plug-in call the script in some other context, like chroot? As a final point of note, is it just me, or is the 90-plugin.conf snippet incorrect at the bottom of http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be for the analogous Dovecot 1 plug-in, e.g., antispam_mail_sendmail is used, when the equivalent directive is called antispam_pipe_program in versions = 2.0. -Ben
Re: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect
I got another quick idea, too; try running dovecot in the foreground. Maybe something that isn't being written to the log will show up on the terminal... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Thu, 2013-06-20 at 19:00 -0700, Bob Miller wrote: Hi Ben, Maybe using something like set -e to try and get some output from the script? Adding the -e switch doesn't seem to produce any output, either. To be clear, I meant putting the line: set -e near the top of your script. I forget exactly how it functions, but it makes it so when a script fails it spits out a why on stdout (or maybe stderr). I believe the -x argument does something useful for troubleshooting too, but it's been too long. `man bash` knows all... It really boils-down to the fact that I can call the following on the command-line and it functions as expected: su vmail -c '/usr/lib/dovecot/deliver -a sa-train...@example.com -d sa-train...@example.com -m Training.SPAM -p /tmp/sendmail-msg-25794.txt' Yet, when I attempt to do the exact same thing from within the pipe script that Dovecot Antispam calls, I receive exit code 75 from deliver/dovecot-lda and absolutely nothing is logged, with exception of the information of which I'm already aware (logged to syslog). I am echo-ing $(whoami) just before calling deliver within the pipe script and the output is vmail. So, it's not as though the vmail user somehow lacks the permissions required to send via dovecot-lda. There are two things that came to mind when I read your mail yesterday. They are the first things I check for when my commands work and my scripts don't. The first is $PATH, I have found innumerable times when a script wouldn't run it was because it wasn't running with a fully loaded $PATH variable, and this is especially true if you are launching your script from cron. To work around this I either put a PATH= at the top of the script, or I run the script as an argument to bash instead of using the executable bit (ie `bash /path/to/script.sh` instead of `./script.sh`) so the path is retained from the shell. I decided against mentioning this yesterday because I noted you only used full paths in your script, which should also work to avoid this problem. The other thing I didn't mention was the permissions on the path to /usr/lib/dovecot/deliver (or any other path, really). Directories with no world read/execute can prevent scripts from using files beneath them if they don't have permissions on each directory level in the path. I didn't mention this yesterday because you said you ran the script as vmail. However, looking at your su vmail -c command, I remember some times when su postrgres -c didn't work when su - postrgres then running the command did. Probably neither of these will be useful to you, but I mention them in hope that they trigger and idea or set you on an investigative path that proves helpful... What is the explanation for this behavior? It has to be something to do with how the plug-in calls the script. Does the plug-in call the script in some other context, like chroot? As a final point of note, is it just me, or is the 90-plugin.conf snippet incorrect at the bottom of http://wiki2.dovecot.org/Plugins/Antispam ? Those values appear to be for the analogous Dovecot 1 plug-in, e.g., antispam_mail_sendmail is used, when the equivalent directive is called antispam_pipe_program in versions = 2.0. -Ben
Re: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect
Hi Ben,
I checked over your script, and I don't see the problem either. You
already checked everything that comes to my mind.
Maybe using something like set -e to try and get some output from the
script?
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
On Wed, 2013-06-19 at 14:52 -0400, Ben Johnson wrote:
Hello,
I'm attempting to configure the Dovecot Antispam plug-in on Ubuntu 12.04
LTS with Dovecot 2.0.19.
Everything seems to be in order with one considerable exception: when my
pipe script (a simple Bash shell script) calls the dovecot-lda
executable, absolutely nothing seems to result.
If I copy/paste the exact same command into the terminal, the mail is
delivered to the target mailbox, as expected.
Here's my pipe script: http://pastebin.com/DBXAZqsN
When I move a message from INBOX - Junk, or from Junk - INBOX, the
pipe script is called, and here's the output:
---
31465-start (--debug --username=amavis --ham)
Checking if the command-line input argument string (--debug
--username=amavis --ham) contains the string ham or spam
Mode is HAM
Calling (as user vmail) '/usr/lib/dovecot/deliver -d
sa-train...@example.com -m Training.HAM -p
/tmp/sendmail-msg-31465.txt'
31465-end
---
But, for some reason, the call to /usr/lib/dovecot/deliver doesn't
seem to do anything.
If I copy the above output and paste it into the terminal:
/usr/lib/dovecot/deliver -d sa-train...@example.com -m Training.HAM
-p /tmp/sendmail-msg-31465.txt
Dovecot does indeed deliver the message. This works whether I execute
the above command as root or vmail.
Why does this command have no effect when called from within the pipe
script?
Here is my doveconf -n output:
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab076.8 x86_64 Ubuntu 12.04.2 LTS
auth_mechanisms = plain login
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = %Y-%m-%d %H:%M:%S
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
antispam_backend = pipe
antispam_debug_target = syslog
antispam_pipe_program = /usr/bin/sa-learn-pipe.sh
antispam_pipe_program_args = --debug;--username=amavis
antispam_pipe_program_notspam_arg = --ham
antispam_pipe_program_spam_arg = --spam
antispam_pipe_tmpdir = /tmp
antispam_spam_pattern_ignorecase = SPAM;JUNK
antispam_trash_pattern_ignorecase = trash;Deleted *
antispam_verbose_debug = 1
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_rule2 = Trash:storage=+100M
quota_rule3 = Junk:ignore
quota_warning = storage=95%% quota-warning 95 %u %d
quota_warning2 = storage=80%% quota-warning 80 %u %d
quota_warning3 = -storage=100%% quota-below below %u %d
sieve = /var/vmail/%d/%n/.sieve
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service quota-below {
executable = script /usr/local/bin/quota-below.sh
user = vmail
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
}
ssl_cert = /etc/postfix/smtpd.cert
ssl_key = /etc/postfix/smtpd.key
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota antispam
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
info_log_path = /var/log/dovecot-lda.log
log_path = /var/log/dovecot-lda-errors.log
mail_plugins = sieve quota
}
Thank you,
-Ben
Re: [Dovecot] Passwordless auth?
You can also use doveadm for quite a lot of this sort of administration; this may be easier if you're scripting in shell rather than something more sophisticated. +1
Re: [Dovecot] Slooow imap copy to Sent folders
We have a monopoly ISP who gives terrible upload speeds in their internet packages. it is pretty easy for most offices to flood the upload side of the connection, and when that happens we see the symptoms you describe. Not sure if that is applicable to you, but that is what I check when I get these reports... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Thu, 2013-04-18 at 15:21 +0200, Frank Bonnet wrote: Hello Many users here use the copy to Sent folder using the IMAP protocol with Dovecot 2.1.15 on a FresBSD 9 server. Since few days this operation ( copy to sent folder ) became longer than before , it could takes several seconds to complete even the message is very short. Is there a parameter I could tweak to boost this a bit ? may users complain with reason thank you
Re: [Dovecot] qmail-ldap LDA Delivery and sieve
Hi,
s...@mondialline.com.br:
lda(sar): Fatal: Unknown argument: sar
Usage: dovecot-lda [-c config file] [-a address] [-d username] [-p
path]
[-f envelope sender] [-m mailbox] [-e] [-k]
It happens on messanges that could not be delivered and need to be
returned to the sender.
I would think this indicates that lda is trying to deliver the message
to sar when it should be delivering to s...@mondialline.com.br. Probably
you need to adjust your ldap user_attrs and user_filters so it returns
what lda needs, but that is just a guess after a short look at your
mail...
I also tried to use this way, as documented here:
http://wiki2.dovecot.org/LDA/Qmail
| /var/qmail/bin/preline -f /usr/lib/dovecot/dovecot-lda
This is the way I did it, but I had to add the HOME variable like so:
|HOME=/home/mail/$USER /var/qmail/bin/preline
-f /usr/local/libexec/dovecot/dovecot-lda
I dont' see anything obviously wrong with your settings, but I am
connecting to an active directory instead of an openldap server, so your
setup is different than mine:
Follow my settings:
# LDAP
scope = subtree
user_attrs = uidNumber=11184,gidNumber=2110
user_filter = ((objectClass=qmailUser)(uid=%u)(accountStatus=active))
pass_attrs=uid=user,userPassword=password,mailHost=host,=proxy_maybe=y
pass_filter = ((objectClass=qmailUser)(uid=%u)(accountStatus=active))
iterate_attrs = uid=user
iterate_filter = ((objectClass=qmailUser)(accountStatus=active))
# dovecot -n output:
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-xen-amd64 x86_64 Debian 6.0.7 ext4
default_client_limit = 8000
default_process_limit = 2048
disable_plaintext_auth = no
hostname = mail.mondialline.com.br
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
mail_gid = vmail
mail_location = maildir:/dados/vmail/%u/Maildir
mail_plugins = zlib
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave vacation-seconds
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = /dados/vmail/%u/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +vacation +vacation-seconds
sieve_global_dir = /var/lib/dovecot/sieve/global/
sieve_vacation_default_period = 1h
sieve_vacation_max_period = 30d
sieve_vacation_min_period = 0
}
postmaster_address = t...@mondialline.com.br
protocols = imap lmtp sieve
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 10
}
service imap {
process_limit = 2048
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
shutdown_clients = no
ssl_cert = /var/qmail/control/cert.pem
ssl_key = /var/qmail/control/cert.pem
submission_host = mail.mondialline.com.br:25
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields = uid=vmail gid=vmail home=/dados/vmail/%u
driver = ldap
}
protocol lmtp {
auth_socket_path = director-userdb
}
protocol lda {
mail_plugins = zlib sieve
}
protocol imap {
mail_max_userip_connections = 500
mail_plugins = zlib imap_zlib
}
protocol sieve {
mail_max_userip_connections = 100
managesieve_max_line_length = 65536
}
Best regards,
--
Rudá Porto Filgueiras
http://python-blog.blogspot.com
http://twitter.com/rudaporto
Re: [Dovecot] postfix, dovecot, samba, winbind
It has been a few months since I worked out all the settings to
authenticate against samba's AD, but I think you can solve your problem
by putting a home argument in your userdb{} stanza. If that doesn't
work, and assuming you are authenticating using ldap lookups, let me
know and I can share more of how I set things up...
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
On Thu, 2013-02-28 at 18:22 +0100, Denis Witt wrote:
Hello List,
we're currently working on the migration of our LDAP/Samba3-Domain to
Samba4-Active-Directory. So far everything works fine. Postfix can deliver
Mails using ProxyAddresses-Information from the AD and Dovecot delivers the
mail.
Unfortunately when Postfix tells Dovecot to deliver the mail he submit the
username without the AD-Domain part:
Feb 28 17:17:59 tpdc postfix/pickup[30396]: 5DDAE2C0C2B: uid=0 from=root
Feb 28 17:17:59 tpdc postfix/cleanup[30402]: 5DDAE2C0C2B:
message-id=20130228161759.5ddae2c0...@mx0.concepts-and-training.de
Feb 28 17:17:59 tpdc postfix/qmgr[30395]: 5DDAE2C0C2B:
from=r...@concepts-and-training.de, size=463, nrcpt=1 (queue active)
Feb 28 17:17:59 tpdc dovecot: lda(dwitt):
msgid=20130228161759.5ddae2c0...@mx0.concepts-and-training.de: saved mail
to INBOX
Feb 28 17:17:59 tpdc postfix/local[30404]: 5DDAE2C0C2B:
to=dw...@concepts-and-training.de, orig_to=denis.w...@cat06.de,
relay=local, delay=0.24, delays=0.1/0.01/0/0.13, dsn=2.0.0, status=sent
(delivered to command: /usr/lib/dovecot/deliver)
Feb 28 17:17:59 tpdc postfix/qmgr[30395]: 5DDAE2C0C2B: removed
So Dovecot saves the Mail to /var/mail/dwitt/, which is fine for me. The
Problem kicks in when I try to read my Mail. Dovecot uses TESTDOM\dwitt as
username and so he didn't find the Mailbox and create a new one in
/var/mail/TESTDOM\dwitt.
I tried to fix it with auth_username_translation and auth_username_format but
it doesn't work.
Any ideas?
Thanks!
Re: [Dovecot] How To Remove?
the pkg installer did not come with an uninstaller, and since the install is pretty much useless, is there some list of what it installed so i can get rid of it all? This would actually be a function of your package manager. For example on debian you can do dpkg -L packagename to get a list of files. Your package manager should also have an uninstalling utility of its own. Again for example on debian apt-get remove packagename. So your package shouldn't need to come with its own installer, nor should you need to extract the files by hand... thanks, christian
Re: [Dovecot] How To Remove?
So your package shouldn't need to come with its own installer, nor should you need to extract the files by hand... Bah! My neural pathways are shorting out. That should read: So your package shouldn't need to come with its own uninstaller, nor should you need to delete the files by hand... thanks, christian
Re: [Dovecot] POLL: v2.2 to allow one mail over quota?
+1 to one last mail, though it would be nice if the over percentage could be configurable... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Mon, 2012-10-29 at 22:39 +0200, Timo Sirainen wrote: Currently if user is 1MB under quota and someone tries to deliver mail that is over 1MB, Dovecot rejects the mail. But smaller mails aren't rejected probably for days. So user might not even realize that they didn't receive one of the mails. Also having a user almost over quota is a rather strange state I think. So what do you think about v2.2 allowing delivery of one last mail even if it brings the user over quota? Except add a limit that if the message size is as much as the user's entire quota limit it wouldn't be added (or 50% or ..?). Also IMAP wouldn't allow this, since user would get an error anyway. I could make this also optional, but if nobody really wants to keep the old behavior there's really no point in adding the option.
Re: [Dovecot] dovecot auth against AD on samba4
I don't have it in production yet because there are other things I am still trying to add to samba4, but my test server has dovecot authenticating against samba4. Without openchange or any other non-native mechanism. Dovecot supports authenticating against ldap, the settings are in your auth-ldap.conf file. Samba4/Active Directory is just another ldap implementation. between the config files and the wiki, I believe all the documentation you need is there... -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Wed, 2012-10-24 at 11:48 +0200, Carsten Laun-De Lellis wrote: Hi group I am currently running a mail server on ubuntu 11.04 with postfix 2.8.5, dovecot dovecot 2.0.13 and openldap 2.4.23. I have now read about sogo and I am thinking about installing it because of it's native outlook support capabilities. The ZEG appliance wouldn't be an option for me because I use a virtual server from a provider where I can't install my own vm or even an iso. When I go thru the documentation there is a part with installing OpenChange based on samba4. As far as I understood the OpenChange authentication is against the samba4 AD. Actually there is no support in syncing the AD against an OpenLdap Server and I would have to change the OpenLdap port because the AD is listening on port 389. To change the port wouldn't be a big deal, but what i was thinking about to run the dovecot auth also against the samba 4 AD. I searched around on the internet but didn't find a doc yet how to do that. Does anyone here could provide me with a link or a how-to ? Thanks very much in advance. Regards, Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net
Re: [Dovecot] Dovecot configuration and question about IP trusted
Hi Mik, Also how do you understand this sentence # Don't use mmap() at all. This is required if you store indexes to shared # filesystems (NFS or clustered filesystem) or for some operating systems # which use a separate cache for mmap, such as OpenBSD. mmap_disable = yes I've read it 10 times, and I don't know if this should be set to yes or no (probably because my english is not perfect). My operating system is OpenBSD and I don't share NFS or cluster filesystems. Well, your english is monumentally better than my second language (if you could even say I have one), so good on you... I interpret this sentence as an if statement: if [[ (using NFS||Cluster) == true || (using OS w separate cache for mmap, such as OpenBSD) == true ]]; then setting is required (set to yes/true) fi Thank you -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca
Re: [Dovecot] Dovecot configuration and question about IP trusted
Hi, I 'm trying to tighten the security a little bit and added in dovecot.conf login_trusted_networks = 192.168.1.0/30 Then restarted Dovecot My client has the IP 192.168.1.20 and it's still able to retrieve emails. I expected it to be forbidden. Am I missing something ? My interpretation of the documentation indicates that the trusted network setting causes certain authentication and security checks to be bypassed if a computer is in the trusted network, and to not bypass those authentication and security checks if the computer is not in the trusted range. I see nothing indicating this setting will forbid anything... I feel that Dovecot is slow. I'm doing my test with my iphone as an imap client. Test 1: I retrieve a mail on a remote server provided by a hosting company, it takes 2 seconds Test 2: I retrieve a mail on my server which is on my LAN, the mail includes a few letters in the subject and a few letters in the body. The action takes about 8 seconds. It's quite subtule to measure so first I would like to know if Dovecot tries to do a dns reverse lookup or something like that. And it would explain the overhead. I don't know about the reverse lookup, but this sounds like a caching issue to me. http://wiki2.dovecot.org/IndexFiles Thank you -- Computerisms Bob Miller 867-334-7117 / 867 633 3760 http://computerisms.ca
[Dovecot] sieve vacation
Hello, I set up pigeonhole on a server and am using roundcube's sieverules to create a set of rules. When using the vacation feature, I can see in the logs that dovecot is sending the vacation response, but the recipient never receives it. What method does dovecot use to send the response? Does it use the sendmail binary, does it use the mail command, does it connect to some smtp server somewhere, does it use qmail-inject if it finds it? I find no evidence it is using any of these methods on my server, but I am not sure if one of these methods is failing or if there is some place else I should be looking for the missing vacation response... Thank you for any suggestions... -- Computerisms Bob Miller 867-334-7117 / 867 633 3760 http://computerisms.ca
Re: [Dovecot] sieve vacation
Robert, The settings are listed in the example conf.d/15-lda.conf file. The important settings are: sendmail_path is used to send mails. Note that the default is /usr/sbin/sendmail, which doesn't necessarily work the same as /usr/lib/sendmail. Alternatively you can use submission_host to send mails via the specified SMTP server. This is the missing piece of information I wasn't finding. Thank you very much...
