Re: Can't figure out why managesieve (pigeonhole) can't connect
Hello This test only states, that you can connect to IMAP Port 143 with STARTTLS and use your certificate there. It does not show, if your managesieve Port 4190 uses that certificate too. Managesieve does not use STARTTLS, and has its own configurations. I suspect, that in your certificate you do not have the private IP as alternate name included, as you try to reach 10.0.0.91:4190, not mydomain.com:4190. Kind regards, Christian Mack Am 14.12.22 um 21:48 schrieb co...@colinlikesfood.com: Thank you for this. I am not using self-signed, I am using letsencrypt as a CA, the certs are installed where certbot put them. I tried the example from https://wiki2.dovecot.org/TestInstallation, using openssl s_client, and I achieved the following (lots of data replaced with "...") I have not changed anything else since your last reply, I am honestly not sure what rc config has to do with certs (google has not given me a result that seems to apply). Does the below help confirm my certs are properly installed and that i can connect to dovecot over tls and pass my credentials? - root@mc:~ # openssl s_client -connect mydomain.com:143 -starttls imap CONNECTED(0004) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mydomain.com verify return:1 --- Certificate chain ... --- Server certificate -BEGIN CERTIFICATE- .. -END CERTIFICATE- .. --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4922 bytes and written 426 bytes Verification: OK --- .. .. .. --- read R BLOCK a login m...@mydomain.com MyPass * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE a OK Logged in a OK Logged in b select inbox * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 35 EXISTS * 0 RECENT * OK [UNSEEN 18] First unseen. * OK [UIDVALIDITY 1669149589] UIDs valid * OK [UIDNEXT 255] Predicted next UID * OK [HIGHESTMODSEQ 615] Highest b OK [READ-WRITE] Select completed (0.001 + 0.000 secs). c list "" * * LIST (\HasNoChildren \Marked \Trash) "/" Trash * LIST (\HasNoChildren \UnMarked \Junk) "/" Junk * LIST (\HasNoChildren \Marked \Sent) "/" Sent * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \UnMarked) "/" INBOX/email-reports * LIST (\HasNoChildren \UnMarked) "/" INBOX/NAS-Alerts * LIST (\HasChildren) "/" INBOX c OK List completed (0.001 + 0.000 secs). On 2022-11-23 14:49, PGNet Dev wrote: i don't understand why it can't connect, this seems to work fine: fine ? you're manually overriding at least one problem with your certs/config ... - Status: The certificate is NOT trusted. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... Host 10.0.0.91 (sieve) has never been contacted before. Its certificate is valid for 10.0.0.91. Are you sure you want to trust it? (y/N): y ... it appears that you're using a self-signed cert? are your trusted certs defined and correctly chained? if not explicitly defined, did you correctly add you certs to system ssl dirs, and ensure hashes are correct? demonstrate first that you can connect to dovecot over tls with a cmd line client, without ignoring or overriding your cert problems including any client/server cert verification requirements you've turned on in dovecot config once you've passed the correct certs, then demonstrate that you can authenticate in the same session with any password/credentials you've set once that all works, make sure you've got those certs correctly set up in your rc config -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Panic: file mail-index-transaction-finish.c: line 185
Am 18.09.22 um 10:21 schrieb Arkadiusz Miśkiewicz: On 18.09.2022 08:21, Aki Tuomi wrote: On September 17, 2022 10:55:42 PM GMT+03:00, "Arkadiusz Miśkiewicz" wrote: On 16.09.2022 08:46, Aki Tuomi wrote: On 15/09/2022 11:02 EEST Aki Tuomi wrote: On September 15, 2022 10:00:21 AM GMT+03:00, "Arkadiusz Miśkiewicz" wrote: On 15.09.2022 07:10, Aki Tuomi wrote: On 15/09/2022 07:57 EEST Arkadiusz Miśkiewicz wrote: On 29.12.2021 10:26, Aki Tuomi wrote: On 29/12/2021 11:20 tobiswo...@gmail.com wrote: Hi list I have weird issue with my Dovecot 2.3.17.1 (476cd46418) When deleting a certain amount of messages from my INBOX via my MUA (Evolution) all over sudden dovecot starts to panic Panic: file mail-index-transaction-finish.c: line 185 (mail_index_transaction_get_uid): assertion failed: (seq <= t->view- map->hdr.messages_count) Thanks! Aki Arkadiusz, is it possible for you to see if this issue happens with 2.3.19.2 please? I can test any version or single patch. Where is that 2.3.19.2? Apologies, I ment the "latest CE release" at https://repo.dovecot.org . I was testing that on my own 2.3.19.1 build. I can test anything that's in form of source/patch that I can build on custom Linux distro here. Tried guessing urls like https://repo.dovecot.org/ce-latest-2.3 but 404, so don't know which version is "ce-latest-2.3". Aki https://www.dovecot.org/releases/2.3/dovecot-2.3.19.1.tar.gz https://www.dovecot.org/releases/2.3/dovecot-2.3.19.1.tar.gz.sig Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Thunderbird can't connect to Dovecot (bad certificate: SSL alert number 42)
Hello
Sound to me, as if Thunderbird does not know the CA used to (self) sign
that server certificate.
As it does not know and trust that server certifikate for sending email,
it disconnects with that generic error.
Thunderbird has its own trusted CA store, therefore not using the one
from the OS (as Claw-Mail does).
Kind regards,
Christian Mack
Am 14.09.22 um 13:14 schrieb Meikel:
> Hi folks,
>
> on a Rocky Linux 8.6 based home server I run Dovecot with an account
> that I use as an archive. Archive means, that from different Thunderbird
> instances I connect to that Dovecot via IMAPS to move emails there, that
> I want to keep. Since some days from all Thunderbird instances I can no
> longer connect to that Dovecot account. In /var/log/maillog of the
> server I see
>
> Sep 14 06:39:54 server3 dovecot[2033173]: imap-login: Disconnected:
> Connection closed: SSL_accept() failed: error:14094412:SSL
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number
> 42 (no auth attempts in 0 secs): user=<>, rip=192.168.177.105,
> lip=192.168.177.13, TLS handshaking: SSL_accept() failed:
> error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:
> SSL alert number 42, session=
>
> I found that Openssl alert number 42 might be a problem with the SSL
> certificate (which certificate?) but also might be an expired SSL
> certificate (which certificate?). As on the Dovecot installation I work
> with a self signed certificat. I created a new self signed certificate
> yesterday with an expiry not before year 2032. That did not help, I see
> the same messages when I try to connect from Thunderbird.
>
> Just to see how Thunderbird is involved in the problem I installed
> Claws-Mail. From Claws-Mail I do NOT have those problems, I can access
> to Dovecot via IMAPS as expected.
>
> I do not understand why all my Thunderbird installations can no longer
> access Dovecot via IMAPS. This worked fine for about 18 months. I can't
> prove but I think on beginning of month it worked fine. Something
> happened meanwhile.
>
> If there is a problem with an SSL certificate (bad certificate: SSL
> alert number 42), which certificate makes the problem? The certificate
> used by Dovecot or some certificate used in Thunderbird?
>
> About installation:
>
> cat /etc/redhat-release
> Rocky Linux release 8.6 (Green Obsidian)
>
> dovecot --version
> 2.3.16 (7e2e900c1a)
>
> sudo dovecot -n
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # OS: Linux 4.18.0-372.19.1.el8_6.x86_64 x86_64 Rocky Linux
> release 8.6 (Green Obsidian)
> # Hostname: ...
> auth_debug = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> first_valid_uid = 1000
> mail_debug = yes
> mail_gid = vmail
> mail_location = maildir:~/Maildir
> mail_privileged_group = vmail
> mail_uid = vmail
> mbox_write_locks = fcntl
> namespace {
> inbox = yes
> location =
> mailbox Archives {
> special_use = \Archive
> }
> prefix = INBOX/
> separator = /
> type = private
> }
> passdb {
> args = scheme=CRYPT username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> protocols = imap
> service imap-login {
> inet_listener imap {
> port = 0
> }
> }
> ssl = required
> ssl_cert = ssl_cipher_list = PROFILE=SYSTEM
> ssl_key = # hidden, use -P to show it
> userdb {
> args = username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> verbose_proctitle = yes
>
> I used the following command to recreate the SSL certificate for Dovecot:
>
> sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096
> -keyout /etc/dovecot/..key -out /etc/dovecot/..crt
>
> And with the command
>
> openssl s_client -crlf -connect .:993
>
> I can successfully connect to Dovecot and "simulate" a minimal
> IMAP-Session:
>
> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready
> a login meikel.archive@. topsecret
> a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
> THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE
> UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED
> I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
> WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE
> SNIPPET=FUZZY PREVIEW=FUZZY LITERAL+ NOTIFY
> SPECIAL-USE] Logged in
>
Re: Call procmail after sieve
Hello You need to activate vnd.dovecot.pipe extention in dovecots sieve. Kind regards, Christian Mack Am 31.08.22 um 15:13 schrieb George Asenov: > Thanks that was the reason for the permissions error. Unfortunately the > next error comes that isn't explanatory: > > ## > Starting execution of actions > Executing actions > Executing pipe action > Debug: sieve: action pipe: running program: procmail > Error: sieve: action pipe: failed to execute program `procmail': > vnd.dovecot.pipe extension is unconfigured > Finished executing pipe action (status=ok, keep=canceled) > Finished executing actions (status=ok, keep=none) > Finished executing result (no commit, status=ok, keep=no) > Debug: sieve: multi-script: Sequence ended > Debug: sieve: multi-script: Finishing sequence (status=ok) > Executing result (status=ok, commit=yes) > Starting execution of actions > Executing actions > Finished executing actions (status=ok, keep=none) > Finalizing actions > Finalize pipe action (status=ok, action_status=ok, commit_status=ok, > pre-commit=yes) > Commit pipe action > Error: sieve: failed to pipe message to program `procmail': refer to > server log for more information. [2022-08-31 13:58:54] > Finished finalizing actions (status=failure, keep=none) > Finalize implicit keep (failure=yes) > Execute implicit keep (failure=yes) > Start storing into mailbox INBOX > Executing implicit keep action > Execute storing into mailbox 'INBOX' > Saving to mailbox 'INBOX' successful so far > Finished executing implicit keep action (status=ok) > Finalize implicit keep action(status=ok, action_status=ok, > commit_status=ok) > Commit implicit keep action > Commit storing into mailbox 'INBOX' > stored mail into mailbox 'INBOX' > Finish implicit keep action > Finishing actions > Finish pipe action > Finished executing result (final, status=failure, keep=no) > Debug: sieve: multi-script: Sequence finished (status=failure, keep=no) > Debug: sieve: multi-script: Destroy > Error: sieve: Execution of script > /var/lib/dovecot/sieve_after/procmail.sieve failed, but implicit keep > was successful > ## > > On 31-Aug-22 2:27 PM, Aki Tuomi wrote: >> You are trying to execute /var/lib/dovecot/sieve-pipe/procmail though... >> >> Aki >> >>> On 31/08/2022 14:14 EEST George Asenov wrote: >>> >>> [root@uk7 ~]# stat /usr/bin/procmail >>> File: /usr/bin/procmail >>> Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 12/ mail) >>> >>> [root@uk7 ~]# stat /usr/bin/ >>> File: /usr/bin/ >>> Access: (0555/dr-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) >>> >>> [root@uk7 ~]# stat /usr >>> File: /usr >>> Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) >>> >>> For me it seems that everything with the permissions is ok. Others also >>> can execute it? >>> >>> Other suggestions? >>> Is the config correct? >>> >>> I forgot to mention >>> # dovecot --version >>> 2.3.16 (7e2e900c1a) >>> On >>> # cat /etc/redhat-release >>> Rocky Linux release 8.6 (Green Obsidian) >>> >>> On 31-Aug-22 1:16 PM, Bernd Petrovitsch wrote: >>>> Hi all! >>>> >>>> On 31/08/2022 11:40, George Asenov wrote: >>>> [...]> Aug 30 15:22:26 uk7 dovecot[112153]: >>>>> lda(test-uk7.teststring567.tk)<112151>: Fatal: >>>>> execvp(/var/lib/dovecot/sieve-pipe/procmail) failed: Permission denied >>>> >>>> That looks like a permission problem - no x Bits set on the executable >>>> and/or directories to it (for the dovecot user)? >>>> >>>> Kind regards, >>>> Bernd >>> >>> -- >>> Warm regards >>> George A. >>> WPXHosting >> > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Replication not working - GUIDs conflict - will be merged later
Hello Am 02.08.22 um 20:24 schrieb Gerald Galster: > >> (we're using maildir, so I can just rsync the individual mails/folders) > > I'm curious if anybody experienced this issue using mdbox. > As far as I remember it's better suited for replication as filenames > and location do not change on disk (index only). > Yes, we occationally got those errors too with mdbox format. Usually the user renamed or moved one of the system folders like INBOX, Sent etc. Then dovecot was faster in recreating it again, than replicating that change to the standby machine. Therefore it can not create the same folder again on the replica. This will not be fixed automatically. You have to check that all emails are on the original machine, then remove that account from the replica and sync. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Dovecot folder problem while deleting via IMAP
Hello Am 29.07.22 um 10:42 schrieb Pascal Bonny: > Dovecot Version: > 2.3.17 (8414c38c5c) > > Dear, > Some troubles occur while we delete a folder via IMAP ssl command or via a > IMAP > client (different clients tested). > > When we want to delete subfolder we observe following issues. > > > some examples following: > > we created a folder with subfolders x/y/z > > > a02 CREATE x.y.z > a02 OK Create completed (0.003 + 0.000 + 0.002 secs). > > > > response from dovecot cli > x > x.y > x.y.z > > then we try to delete the z subfolder of x > > > a04 DELETE x.y.z > a05 OK Delete completed (0.002 + 0.000 + 0.001 secs). > > > The IMAP console returns success and the dovecot listing is ok > > > response from dovecot cli = > x > x.y > > But dovecot status on x.y returns the folder is not existent > [cut] That is normal IMAP behaviour. With creating x.y.z you really create only folder z and a folder hirarchy x.y, in which you can not store emails (nor have any access). You have to create x and x.y, in order to get complete folders and subfolders usable for emails and be able to delete them :-) Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Deleting "folders only" folder doesn't actually delete
Hello
Am 11.07.22 um 16:56 schrieb Alex:
Hi,
I'm using dovecot-2.3.17.1-1.fc34.x86_64 on fedora34 and Thunderbird 91 on
fedora35. When creating a folder of type "folders only" in Thunderbird,
then trying to delete it, it doesn't actually delete it from the
filesystem. Is this a permissions problem? Or perhaps a Thunderbird problem?
I don't see any messages in the logs that would indicate some type of
failed attempt to delete. How do I troubleshoot this?
What do you get from the following command?
(Substitude the shell variables with your case.)
doveadm acl rights -u ${YOUR_USER} ${FOLDER_NAME}
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: dovecot + sieve: message recovery possible after rule pointed to invalid mailbox?
Hi If the target folder of a sieve script is not existing or doesn't have the privileges needed, then the email will be stored in INBOX instead. Therefore, no email lost ;-) Kind regards, Christian Mack Am 09.05.22 um 17:05 schrieb Charles Gresham: Hi all, we face the following situation: 1, Customer created a mailbox (aka subfolder) "ABC" and setup a Pigeonhole Sieve script to file the messages into it. So fine, so good. All seemed to work out well. 2. Customer renamed the mailbox to, let's say, "CDE" and did not change the Sieve script accordingly. 3. We noticed this from a ~/.dovecot.sieve.log (after getting a complaint that messages were not arriving properly anymore :-o ): " sieve: info: started log at Apr 28 07:41:11. error: msgid=<433788c81ea044c4ae49cb39a6f67...@alb-dc-exc08.clpl.INTERN>: failed to store into mailbox 'ABC': Internal error occurred. Refer to server log for more information. [2022-04-28 07:41:10]. " Does anybody in this list know if all these messages went to /dev/null - or else? If the latter: where/can we restore the messages? Which "server log" is meant in this error message? I couldn't find the information needed by going through https://doc.dovecot.org/configuration_manual/sieve/ <https://doc.dovecot.org/configuration_manual/sieve/#> but I wonder if all the messages end in digital nirvana if a user sieve script points to non-existing mailboxes? Thanks for any hint. Greetings, C. -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: replication fails with "Error: sync: Unknown user in remote" but user shows up in doveadm user "*"
Hello Am 21.04.22 um 18:00 schrieb Arnaud Abélard: > Hello, > > I've been trying to replicate a production server (debian buster, > dovecot 2.3.4.1). But I nothing is actually being replicated and for > each attempted user the message "Error: sync: Unknown user in remote" is > being logged. > > The ldap settings are actually the same on both server (source and > destnation) and the "unknown user" is actually showing up in doveadm > user "*" on the destination server. > > I had already replicated 2 servers and used the same settings. Am I > missing something obvious here? > Can you da a doveadm user for that specific user? Are her/his attributes OK? Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem with initial sync on new mailbox in a replicated setup
Hello Am 06.04.22 um 10:35 schrieb p...@tuta.io: > Hello, > > I run a two-node replicated setup with director + dovecot and replication > between the two nodes. > The setup is a couple of years old and has been working properly until > recently, so I suspect some type of regression. > > I'm having an issue with replication and merging of newly created mailboxes. > Old mailboxes work properly. > > When creating a new mailbox, the two nodes will not replicate and sync the > new mailbox. I have to manually "merge" the mailbox via a "doveadm sync > -1f..." command, after which all works properly. This has not been the case > in the past, so I'm trying to debug the issue. > > When syncing manually, I get the following error: > - > # doveadm -v sync -df -u 'testacco...@mydomain.ext' > doveadm(testacco...@mydomain.ext)<38041>: Warning: > Mailbox changes caused a desync. You may want to run dsync again: Remote lost > mailbox GUID 6bfcbb2f92484d624b89c5d390f1 (maybe it was just deleted?) > > > I have to sync once with a one-way merge using sync -1f and after the sync > works properly. > > My setup is running Dovecot CE 2:2.3.18-4+debian11 from the dovecot.org > repository installed on debian bullseye. The replicaiton is dove via TCP > plaintext connection. > > Below I'm attaching some debug logs, for both sync -1f and sync -f. > > Is this a normal behavior or is this a bug ? > > Kind regards, > Dave > [...] > 2022-04-06 10:12:17 > doveadm(testacco...@mydomain.ext)<38324>: Debug: > brain M: Mailbox Drafts: local=6bfcbb2f92484d624b89c5d390f1/0/1, > remote=4b70ba2389484d628fa91300660b22f9/0/1: GUIDs conflict - will be merged > later > 2022-04-06 10:12:17 > doveadm(testacco...@mydomain.ext)<38324>: Debug: > brain M: Mailbox INBOX: local=08b6a62792484d624b89c5d390f1/0/1, > remote=4d70ba2389484d628fa91300660b22f9/0/1: GUIDs conflict - will be merged > later > 2022-04-06 10:12:17 > doveadm(testacco...@mydomain.ext)<38324>: Debug: > brain M: Mailbox Junk: local=6afcbb2f92484d624b89c5d390f1/0/1, > remote=4c70ba2389484d628fa91300660b22f9/0/1: GUIDs conflict - will be merged > later > 2022-04-06 10:12:17 > doveadm(testacco...@mydomain.ext)<38324>: Debug: > brain M: Mailbox Sent: local=69fcbb2f92484d624b89c5d390f1/0/1, > remote=4a70ba2389484d628fa91300660b22f9/0/1: GUIDs conflict - will be merged > later > 2022-04-06 10:12:17 > doveadm(testacco...@mydomain.ext)<38324>: Debug: > brain M: Mailbox Trash: local=68fcbb2f92484d624b89c5d390f1/0/1, > remote=4970ba2389484d628fa91300660b22f9/0/1: GUIDs conflict - will be merged > later [-cut-] Problem is, that those folders are already created on the target system by other means than replication. Therefore they exist already, but with different GUIDs. With that the replication can not create those folders on the target side and refuses to sync mails into the existing ones. That is, till you explicitly want to merge. You have to stop automatic creation on the target machine, before doing initial sync. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: IMAP sync issue in email clients
Hello That power down incident has corrupted your email files and indexes. You should run an "doveadm force-resync -A" on your dovecot server. Or at least for all users having that problem. Kind regards, Christian Mack Am 29.03.22 um 10:52 schrieb ChandranManikandan: > Hi Friends, > > Anyone having the same issue, some users' email clients > (Outlook,Thunderbird) have not synced any emails since morning. > I tried to repair it myself but received the same message > Is it server side issue or email client side issue. > Appreciate anyone who could help me. > . > > On Tue, Mar 29, 2022 at 2:00 PM ChandranManikandan > wrote: > >> Hi Friends, >> >> Some few email accounts are sync issues come in >> outlook,thunderbird,roundcube and squirrelmail after power shutdown >> suddenly. >> The dovecot mail log is shown below for those email accounts. >> Can anyone help me to fix it? >> >> >> imap(em...@xxx.com)<19758>: Error: Mailbox INBOX: >> UID=502283: read(/home/vpopmail/domains/ >> xxx.com/email/Maildir/cur/1648520174.28570.mail.xxx.com,S=13720:2,) >> failed: Cached message size larger than expected (13720 > 0, box=INBOX, >> UID=502283) (read reason=mail stream) >> Mar 29 13:40:48 imap(em...@xxx.com)<19758>: Error: >> Corrupted record in index cache file /home/vpopmail/domains/ >> xxx.com/email/Maildir/dovecot.index.cache: Broken physical size in >> mailbox INBOX: read(/home/vpopmail/domains/ >> xxx.com/email/Maildir/cur/1648520174.28570.mail.xxx.com,S=13720:2,) >> failed: Cached message size larger than expected (13720 > 0, box=INBOX, >> UID=502283) >> Mar 29 13:40:48 imap(em...@xxx.com)<19758>: Error: >> Mailbox INBOX: UID=502283: read(/home/vpopmail/domains/ >> xxx.com/email/Maildir/cur/1648520174.28570..mail.xxx.com,S=13720:2,) >> failed: Cached message size larger than expected (13720 > 0, box=INBOX, >> UID=502283) (read reason=) >> Mar 29 13:40:48 imap(em...@xxx.com)<19758>: Info: FETCH >> failed: Internal error occurred. Refer to server log for more information. >> [2022-03-29 13:40:48] in=323 out=589163 deleted=0 expunged=0 trashed=0 >> hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 >> >> -- >> >> >> *Regards,Manikandan.C* >> > > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Replications ERROR
Hello
Am 16.02.22 um 14:35 schrieb Günther J. Niederwimmer:
> Hallo Christian,
>
> Danke für Deine Antwort!
>
> Am Dienstag, 15. Februar 2022, 13:44:20 CET schrieb Christian Mack:
>> Hello
>>
>> Am 14.02.22 um 14:41 schrieb Günther J. Niederwimmer:
>>> Hello,
>>>
>>> Can any Help me to find out the Problem with "sync failed"
>>>
>>> I have all disabled only one user is in the moment running?
>>>
>>> doveadm replicator status '*'
>>> usernamepriority fast sync full sync
>>> success sync failed
>>> g...@example.comnone 00:01:47 23:37:43
>>> - y
>>> gjn none 00:01:47 23:42:43 -
>>> y
>>>
>>> Could it be a Problem with this
>>> doveadm user '*'
>>> g...@example.com
>>>
>>> What is the way to become logs what is going wrong ?
>>>
>>> Could it be, I have Problems with the Dovecot Variables in the LDAP Config
>>> ?
>>>
>>> Thanks very match for a answer,
>>
>> I would try a manual sync and see what error messages you get.
>> something like:
>> doveadm -v -D sync -u ${USER_NAME} -f tcp:${SERVERNAME_TO_SYNC_TO} 2>&1
> | tee sync-error.log
>
> I have this as answer
> -bash: tcp:${mx01.example.com.lan}: Falsche Variablenersetzung.
>
> olso with a IP address What is the correct syntax Thanks
>
> PS: sowas hatte ich schon gesucht, aber nicht gefunden DANKE
>
Sorry, didn't expect this to be a problem.
The ${...} are shell variables, therefore try in your case:
doveadm -v -D sync -u g...@example.com -f tcp:mx01.example.com.lan 2>&1 |
tee sync-error.log
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Replications ERROR
Hello
Am 14.02.22 um 14:41 schrieb Günther J. Niederwimmer:
> Hello,
>
> Can any Help me to find out the Problem with "sync failed"
>
> I have all disabled only one user is in the moment running?
>
> doveadm replicator status '*'
> usernamepriority fast sync full sync
> success sync failed
> g...@example.comnone 00:01:47 23:37:43
> -
> y
> gjn none 00:01:47 23:42:43 -
>
> y
>
> Could it be a Problem with this
> doveadm user '*'
> g...@example.com
>
> What is the way to become logs what is going wrong ?
>
> Could it be, I have Problems with the Dovecot Variables in the LDAP Config ?
>
> Thanks very match for a answer,
>
I would try a manual sync and see what error messages you get.
something like:
doveadm -v -D sync -u ${USER_NAME} -f tcp:${SERVERNAME_TO_SYNC_TO} 2>&1
| tee sync-error.log
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: dovecot Digest, Vol 225, Issue 73
Hello > auth-worker: Error: fatal error: failed to reserve page summary memory You have an memory allocation problem. The only thing I can see on dovecots side is increasing vsz_limit for auth service. If that doesn't solve your Problem, please ask on a devuan site. Kind regards, Christian Mack Am 28.01.22 um 13:52 schrieb David Matthews: >> 5. Re: can't authenticate (Christian Mack) > hi Christian > > log with debugging resulting from a login attempt pasted at end - to try and > make it more readable I removed everything in each line up to "dovecot:" At > no point is a password revealed, even in hashed form. > > Should also say that the problem is identical on a backup laptop also running > devuan 4; I'm not sure if I ever used that machine with dovecot before it was > upgraded from devuan 3. Also I tried creating a new user to see if that > account could authenticate; it cannot. > >> So you only can increase the logging in dovecot for authentication to >> debugging. >> auth_debug=yes > > auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth > auth: Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat > auth: Debug: auth client connected (pid=2467) > auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011session=osv6w6PW4tB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=53474#011resp= > auth: Debug: pam(fred,127.0.0.1,): Performing passdb lookup > auth-worker(2469): Debug: Loading modules from directory: > /usr/lib/dovecot/modules/auth > auth-worker(2469): Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): Server > accepted connection (fd=13) > dovecot: auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > Sending version handshake > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: Handling PASSV request > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): Performing passdb > lookup > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): lookup service=dovecot > auth-worker: Error: fatal error: failed to reserve page summary memory > auth-worker(2469): Debug: conn unix:auth-worker (pid=2468,uid=118): > auth-worker<1>: pam(fred,127.0.0.1,): #1/1 style=1 > msg=Password: > auth-worker: Error: > auth-worker: Error: runtime stack: > auth-worker: Error: runtime.throw(0x7f3b2a6a8292, 0x25) > auth-worker: Error: #011runtime/panic.go:1116 +0x74 fp=0x7f3b2a3b5b30 > sp=0x7f3b2a3b5b00 pc=0x7f3b2a4d6474 > auth-worker: Error: runtime.(*pageAlloc).sysInit(0x7f3b2a894428) > auth-worker: Error: #011runtime/mpagealloc_64bit.go:80 +0x185 > fp=0x7f3b2a3b5bc0 sp=0x7f3b2a3b5b30 pc=0x7f3b2a4ccb25 > auth-worker: Error: runtime.(*pageAlloc).init(0x7f3b2a894428, 0x7f3b2a894420, > 0x7f3b2a8aeb18) > auth-worker: Error: #011runtime/mpagealloc.go:317 +0x77 fp=0x7f3b2a3b5be8 > sp=0x7f3b2a3b5bc0 pc=0x7f3b2a4ca517 > auth-worker: Error: runtime.(*mheap).init(0x7f3b2a894420) > auth-worker: Error: #011runtime/mheap.go:743 +0x24b fp=0x7f3b2a3b5c10 > sp=0x7f3b2a3b5be8 pc=0x7f3b2a4c74cb > auth-worker: Error: runtime.mallocinit() > auth-worker: Error: #011runtime/malloc.go:480 +0x109 fp=0x7f3b2a3b5c38 > sp=0x7f3b2a3b5c10 pc=0x7f3b2a4acc09 > auth-worker: Error: runtime.schedinit() > auth-worker: Error: #011runtime/proc.go:563 +0x65 fp=0x7f3b2a3b5c90 > sp=0x7f3b2a3b5c38 pc=0x7f3b2a4d9e25 > auth-worker: Error: runtime.rt0_go(0x7ffd65c5e428, 0x2, 0x7ffd65c5e428, > 0x7f3b2a3b6700, 0x7f3b2af22ea7, 0x0, 0x7f3b2a3b6700, 0x7f3b2a3b6700, > 0xbe848d2612a1e5f4, 0x7ffd65c5cabe, ...) > auth-worker: Error: #011runtime/asm_amd64.s:214 +0x129 fp=0x7f3b2a3b5c98 > sp=0x7f3b2a3b5c90 pc=0x7f3b2a508c09 > auth: Error: auth worker: Aborted PASSV request for fred: Worker process died > unexpectedly > auth: Debug: pam(fred,127.0.0.1,): Finished passdb lookup > dovecot: auth: Debug: auth(fred,127.0.0.1,): Auth request > finished > auth-worker(2469): Fatal: master: service(auth-worker): child 2469 returned > error 2 > auth-worker(2471): Debug: Loading modules from directory: > /usr/lib/dovecot/modules/auth > dovecot: auth-worker(2471): Debug: Module loaded: > /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so > auth-worker(2471): Debug: conn unix:auth-worker (pid=2468,uid=118): Server > accepted connection (fd=13) &
Re: can't authenticate
Hello Am 27.01.22 um 17:37 schrieb David Matthews: > hi Christian > >> Did the password hash algorithm change between devuan 3 and 4? You >> can check that in your /etc/shadow file. > > As I understand, devuan is pretty much debian without systemd? And > that if you were prepared to do a fair bit of work you could start > with debian installed, hack it about and end up with something like > devuan? > > I doubt devuan has done anything to deviate from debian at this level > and both machines were recently dist-upgraded. Dovecot needed no > tinkering with at all on the debian machine. > I never used devuan, so I can not comment on its upgrade strategies. The default in Debian has changed, but on an dist-upgrade they are not changed automatically. This would not be possible anyway, as you need the original password for generating the new hash. But you could enforce the user to change it on the next login. The hash algorithm changes, when you set a new or other password. Check also release notes of Bulseye: https://www.debian.org/releases/stable/amd64/release-notes/ch-information.de.html#pam-default-password >> The start of the password field should be the same something like >> $6$... >> > > Yes it is on devuan 4. I no longer have anything with devuan 3 to > check that, but it shouldn't have changed in a dist-upgrade? > Interestingly, although it's the same user and password on both > machines, I notice that the hashes in /etc/shadow are not identical > after the commencing $6$. But then I don't know how these hashes are > derived, so maybe that is not unexpected? > So the password algorithm didn't change. $6$ is still the old one SHA-512. The hashes are different between machines, as they are salted. The salt is stored after $6$ up till the next $ sign. As the salt differs, the hash has to be different. Thats what salts are made for :-) So you only can increase the logging in dovecot for authentication to debugging. auth_debug=yes Perhaps you also want to set auth_debug_passwords=yes for getting the actual password in plain text. (Don't forget to disable that afterwards!) Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: can't authenticate
Hello
Did the password hash algorithm change between devuan 3 and 4?
You can check that in your /etc/shadow file.
The start of the password field should be the same something like $6$...
Kind regards,
Christian Mack
On 27.01.22 13:14, David Matthews wrote:
> hi Christian
>
> Same user and password on both machines, users with shell accounts; exactly
> the same; in fact I'm struggling to see anything different that might be
> relevant. On one machine dovecot just works on the other, it stopped working
> after a dist-upgrade.
>
> One machine (where it works) is a debian 11 VPS, the other is real PC
> hardware running devuan 4, but their dovecot is a debian package. I can't see
> why either of that should matter and dovecot also just worked on the PC with
> devuan 3.
>
> I've tried purging dovecot-core and dovecot-imapd and reinstalling to no
> effect.
>
>>
>> 1. Re: can't authenticate (Christian Mack)
>>
>>
>> ------
>>
>> Message: 1
>> Date: Thu, 27 Jan 2022 11:42:22 +0100
>> From: Christian Mack >christian.m...@uni-konstanz.de>
>> To: dovecot@dovecot.org
>> Subject: Re: can't authenticate
>> Message-ID: >a2fbca25-75c7-4e19-a084-5e8d4d8cc...@uni-konstanz.de>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello
>>
>>> passdb {
>>> driver = pam
>>> }
>>
>> Is user fred defined on your development machine?
>> Does the password match the one from the production machine?
>>
>>
>> Kind regards,
>> Christian Mack
>>
>> On 26.01.22 21:14, David Matthews wrote:
>>> My live mail exchanger and development machines have identical dovecot
>>> setups, yet I cannot login on the development machine:-
>>>
>>> dovecot --version
>>> 2.3.13 (89f716dc2)
>>>
>>>> telnet localhost 143
>>> Trying 127.0.0.1...
>>> Connected to bulawayo.
>>> Escape character is '^]'.
>>> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
>>> STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
>>> a login fred xxx
>>> a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-26
>>> 20:02:14]
>>>
>>> same if I try openssl s_client to 993
>>>
>>>> tail /var/log/mail.log
>>> Jan 26 20:03:28 bulawayo dovecot: imap-login: Disconnected (auth service
>>> reported temporary failure): user=>fred>, method=PLAIN, rip=127.0.0.1,
>>> lip=127.0.0.1, secured, session=>1MRorYHWwOp/AAAB>
>>>
>>> doveconf -n
>>> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.5.13 (cdd19fe3)
>>> # OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.1
>>> # Hostname: bulawayo
>>> mail_location = mbox:~/mail:INBOX=/var/mail/%u
>>> mail_privileged_group = mail
>>> namespace inbox {
>>> inbox = yes
>>> location =
>>> mailbox Drafts {
>>> special_use = \Drafts
>>> }
>>> mailbox Junk {
>>> special_use = \Junk
>>> }
>>> mailbox Sent {
>>> special_use = \Sent
>>> }
>>> mailbox "Sent Messages" {
>>> special_use = \Sent
>>> }
>>> mailbox Trash {
>>> special_use = \Trash
>>> }
>>> prefix =
>>> }
>>> passdb {
>>> driver = pam
>>> }
>>> protocols = " imap"
>>> service imap-login {
>>> inet_listener imap {
>>> port = 143
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> ssl = yes
>>> }
>>> }
>>> ssl_cert = >/etc/dovecot/private/dovecot.pem
>>> ssl_client_ca_dir = /etc/ssl/certs
>>> ssl_dh = # hidden, use -P to show it
>>> ssl_key = # hidden, use -P to show it
>>> userdb {
>>> driver = passwd
>>> }
>>>
>>> --
>>> David Matthews
>>> m...@dmatthews.org
>>>
>>
>>
>> --
>> Christian Mack
>> Universit?t Konstanz
>> Kommunikations-, Informations-, Medienzentrum (KIM)
>> Abteilung IT-Dienste Forschung und Lehre
>> 78457 Konstanz
>> +49 7531 88-4416
>>
>> -- next part --
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/pkcs7-signature
>> Size: 5351 bytes
>> Desc: S/MIME Cryptographic Signature
>> URL:
>> >https://dovecot.org/pipermail/dovecot/attachments/20220127/2c510097/attachment-0001.bin>
>>
>> --
>>
>> Subject: Digest Footer
>>
>> ___
>> dovecot mailing list
>> dovecot@dovecot.org
>> https://dovecot.org/mailman/listinfo/dovecot
>>
>>
>> --
>>
>> End of dovecot Digest, Vol 225, Issue 70
>>
>>
>>
>
> --
> David Matthews
> m...@dmatthews.org
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: can't authenticate
Hello
> passdb {
> driver = pam
> }
Is user fred defined on your development machine?
Does the password match the one from the production machine?
Kind regards,
Christian Mack
On 26.01.22 21:14, David Matthews wrote:
> My live mail exchanger and development machines have identical dovecot
> setups, yet I cannot login on the development machine:-
>
> dovecot --version
> 2.3.13 (89f716dc2)
>
>> telnet localhost 143
> Trying 127.0.0.1...
> Connected to bulawayo.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
> STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
> a login fred xxx
> a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-26
> 20:02:14]
>
> same if I try openssl s_client to 993
>
>> tail /var/log/mail.log
> Jan 26 20:03:28 bulawayo dovecot: imap-login: Disconnected (auth service
> reported temporary failure): user=, method=PLAIN, rip=127.0.0.1,
> lip=127.0.0.1, secured, session=<1MRorYHWwOp/AAAB>
>
> doveconf -n
> # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.13 (cdd19fe3)
> # OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.1
> # Hostname: bulawayo
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> protocols = " imap"
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> ssl_cert = ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
>
> --
> David Matthews
> m...@dmatthews.org
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Errors: Failed to map transaction log, Corrupted transaction log, imeout (180s) while waiting for lock for transaction log
Hello
We only saw such errors with replication between two machines, when new
emails where errornously deliverd to both of them or clients connected
to both simultaniously.
Do you have such a setup?
Kind regards,
Christian Mack
On 26.01.22 15:48, absolutely_f...@libero.it wrote:
> Hi all,
>
> I am using dovecot-2.3.17_1 on FreeBSD system.
>
> This server offers webmail, pop3 and imap access for users.
>
> Today I am receiving several complaints from users about slowness and/or
> access issues.
>
> I checked on my /var/log/maillog and I see lots of:
>
>
> Error: Timeout (180s) while waiting for lock for transaction log file
> /var/domains/domain.it/username/Maildir/dovecot.list.index.log (WRITE lock
> held by pid 84939)
>
> Error: Corrupted transaction log file
> /var/domains/domain.it/otherusername/Maildir/dovecot.list.index.log seq 2:
> indexid changed: 1643184505 -> 1643205059 (sync_offset=0)
>
> Error: Transaction log file
> /var/domains/otherdomain.net/otheruser/Maildir/dovecot.list.index.log: marked
> corrupted
>
> Not all users seem affected. My mailbox, for example, is working fine.
>
> I checked on my disks (this is a ZFS volume) and I didn't find
> errors/warnings.
>
> Any suggestion?
>
> This is my dovecot configuration:
>
>
> # dovecot -n
> # 2.3.17 (e2aa53df5b): /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 13.0-RELEASE-p6 amd64 zfs
> # Hostname: mailserver.domain.it
> auth_debug = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> default_client_limit = 2000
> default_process_limit = 500
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> first_valid_gid = 125
> first_valid_uid = 125
> imap_id_log = *
> mail_gid = 1003
> mail_location = maildir:/mail/domains
> mail_privileged_group = postfix
> mail_uid = 1003
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service imap {
> process_limit = 1536
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl_cert = ssl_key = # hidden, use -P to show it
> userdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> protocol imap {
> mail_max_userip_connections = 100
> }
>
> Thank you very much
>
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: sieve-filter ignores -u argument
Hello What do you get for doveadm user postmas...@domain.tld Kind regards, Christian Mack Am 24.01.22 um 13:59 schrieb Андрей Куницын: > Hello > I try to test my sieve script, but found out that it is impossible to use a > sieve-filter tool with virtual mail users. It always uses a real user name > instead of passed via -u argument. > > > # sieve-filter -v -u postmas...@domain.tld ~/sieve/managesieve.sieve INBOX > sieve-filter(root): Fatal: Unknown user > > sudo -u vmail sieve-filter -u postmas...@domain.tld > ~/sieve/managesieve.sieve INBOX > sieve-filter(vmail): Fatal: Unknown user > > Also there is the same question on serverfault, but without an answer. > https://serverfault.com/questions/1055407/how-to-make-sieve-filter-use-virtual-users > > My environment is Ubuntu 20.04 > dovecot --version > 2.3.7.2 (3c910f64b) > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Sync via ssh fails when ssl is active
Hello Am 20.01.22 um 16:32 schrieb Johan: > > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied Check permission on /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: lmtp_save_to_detail_mailbox
Hello Am 16.01.22 um 18:49 schrieb dove...@ptld.com: > lmtp_save_to_detail_mailbox: > " If the recipient address includes a detail element / role (as in > user+detail format), save the message to the detail mailbox. " > > Im not understanding this, what is the "detail mailbox"? > I tried testing this feature by setting "lmtp_save_to_detail_mailbox = yes" > and sending an email to user+t...@example.com. > The email still ended up in the default inbox folder. > So what does lmtp_save_to_detail_mailbox do or is there another setting that > also needs to be set to use this feature? > That means, if there is a mailbox with the same name as the used detail extension, it will move that email there. In your example: Set "lmtp_save_to_detail_mailbox = yes". Create a mailbox with name "test" in user's postbox. Then send an email to and it will end up in mailbox "test" instead of INBOX. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: quota warnings not sent out anymore
Hello
Just to clarify.
You only will getting an over quota once, you step over one or multiple
of those quota warning limits while storing an email.
Therefore you will not get any warning, just because you are over that
85% limit.
If you receive another email in that account, and go at least over 90%,
then dovecot will call your script once.
If you also go over 100% with that same mail, you will not get one for
90% or 95%, but only one for 100%.
You also should check, if you have any environment variables set, which
are not present, when your script is run by dovecot.
Do you have any logging in it?
Kind regards,
Christian Mack
Am 15.12.21 um 14:06 schrieb mj:
> Hi,
>
> I am still struggling with this, and would appreciate any help ayone can
> give. Let me try to explain step for step.
>
> I created a test account t...@company.com:
>
>> root@dovecot:/# doveadm quota get -u test
>> Quota name Type Value
>> Limit
>>
>> %
>> STORAGE 1209
>> 1368
>>
>> 88
>> MESSAGE 35
>> -
>>
>> 0
>
> As you can see, the test mailbox is 88% full, so it should receive
> warnings, because in dovecot.conf I have set:
>
>> plugin {
>> quota = maildir
>> quota_rule = ?:storage=5G
>> quota_rule2 = Trash:storage=+100M
>> quota_warning = storage=97%% quota-warning 97 %u
>> quota_warning2 = storage=95%% quota-warning 95 %u
>> quota_warning3 = storage=90%% quota-warning 90 %u
>> quota_warning4 = storage=85%% quota-warning 85 %u
>> quota_warning5 = storage=80%% quota-warning 80 %u
>> quota_warning6 = -storage=100%% quota-warning below %u
>> }
>
> We use a script to send out the email warnings, configured like this:
>
>> service quota-warning {
>> executable = script /usr/local/bin/quota-warning.sh
>> unix_listener quota-warning {
>> user = vmail
>> mode = 0666
>> }
>> user = vmail
>> }
>
> When running this script manually as vmail, the warning is delivered to
> the test user:
>
>> sudo -H -u vmail bash -c '/usr/local/bin/quota-warning.sh 90 test'
>
> However, in practice: dovecot never sends out any quota-warnings. It
> just starts generating delivery failures when the mailbox is over 100%.
>
> We define the per-user quota in the first line of each user's
> maildirsize file, for the test user: /var/vmail/test/Maildir/maildirsize
>
> Here is a debug=yes log file of 88% full incoming mailbox delivery:
>
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Loading modules from directory: /usr/lib/dovecot/modules
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib02_lazy_expunge_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> auth USER input: test uid=5000 gid=5000 home=/var/vmail/test
>> Dec 15 13:56:07 mail dovecot: auth: Debug: master in:
>> USER#0111#011t...@company.com#011service=lda
>> Dec 15 13:56:07 mail dovecot: auth: Debug: userdb out:
>> USER#0111#011test#011uid=5000#011gid=5000#011home=/var/vmail/test
>> Dec 15 13:56:07 mail dovecot: lda(t...@company.com)<20290><>: Debug:
>> changed username to test
>> Dec 15 13:56:07 mail dovecot:
>> lda(test)<20290>: Debug: Effective uid=5000,
>> gid=5000, home=/var/vmail/test
>> Dec 15 13:56:07 mail dovecot:
Re: LDAP and user duplicated with replication
Hello Am 02.12.21 um 17:54 schrieb Claudio Corvino: > Hi, > > I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1), I use > LDAP/AD for /userdb, /replica is working. > > When I do a search like: > > /doveadm replicator status '*'/ > > I receive user duplicated, with and without the domain part, for example: > > /test/ > /t...@domain.com/ > > but they are the same user; this lead the replicator doing twice the > work of replication. > > I think this is related to //etc/dovecot/dovecot-ldap.conf/ that is > configured in this way: > > /hosts = xxx/ > > /base = dc=xxx,dc=xxx > ldap_version=3 > auth_bind = yes > dn = cn=xxx,cn=Users,dc=xxx,dc=xxx > dnpass = xxx > scope = subtree > user_attrs = > sAMAccountName=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501 [...] This is for sure wrong. Try: user_attrs = sAMAccountName=user,=home=/mnt/mail-storage-lv0007/%$,=uid=501,=gid=501 Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: LDAP Help
Am 02.12.21 um 21:25 schrieb Günther J. Niederwimmer: > Hello Dovecot professionals, > > I have a working user authentication with LDAP, now I want to allow the users > to use mailAterneteAddress for their account, unfortunately I can't find any > filter settings for dovecot that this works? I just can't find the right > settings for LDAP (FreeIPA). > > Does anyone of you have any hints or links so that I can get on with it. > Somehow I don't understand how I can umconvigure the dovecot-ldap.conf.ext > > Thank you for your help. > You have to enhance user_filter and pass_filter in dovecot-ldap.conf.ext Something like: user_filter = (&(objectClass=inetOrgPerson)(|(uid=%Lu)(cn=%Lu)(mail=%Lu)(mailAlternateAddress=%Lu))) pass_filter = (&(objectClass=inetOrgPerson)(|(uid=%Lu)(cn=%Lu)(mail=%Lu)(mailAlternateAddress=%Lu))) Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: new bee needs starter docs
Hello What you need is probably 'doveadm sync'. Check its manual with man doveadm-sync Kind regards, Christian Mack Am 01.12.21 um 23:26 schrieb Gene Heskett: > Greetings all' > > > Brand New today install of debian bullseye. > > > I have looked at you doc pages, but don't see a good tut for a newbie to use > for setting it > up the first time ever. I have version 2.3.13 (89f716dc2) from the debian > bullseye distro. > > > What I want is to pull from my ISP account, which is also running dovecot, to > a local mailfile. > Or I can do that with fetchmail, its been doing that for a decade already. > Its currently > using procmail to run stuff thru spamassassin and clamd depositing the > survivors into > a /var/mail/mailfile, which the older tde kmail then pulled and sorted into > folders holding maildirs. But I can't get tde to install on bullseye. > > > > Kudo's for any help you can supply. > > > Cheers, Gene > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Requested CRAM-MD5 scheme, but we have only CRYPT
Hello auth_mechanisms are only for encrypting passwords while authenticating. They have nothing to do with transport encryption aka TLS and STARTTLS. You only can use CRAM-MD5 when your authentication source provides plain passwords. As you use password hashes in your authentication source, you have to disable it. Else a client will try to send you the CRAM-MD encrypted password, which you can not check for validity. Hope this clears it a bit. Kind regards, Christian Mack On 01.12.21 23:26, absolutely_f...@libero.it wrote: > Hi, > I wondering if I can simply disable CRAM-MD5 and/or DIGEST-MD5. > Are they useful in case of SSL or TLS connections? > Thankyou > >> Il 01/12/2021 18:42 Aki Tuomi ha scritto: >> >> >> auth_mechanisms = plain login digest-md5 cram-md5 >> >> You still advertise them though. >> >> Aki -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Downloading mailbox from replica server
Hello Thunderbird/Outlook does that, because you change the servername in your configuration. In order to avoid that, use a reverse proxy and switch on it between your IMAP servers. You can use a dovecot director for that. In your clients you only configure the proxy. That also avoids changing configuration on all of your clients. Kind regards, Christian Mack Am 01.12.21 um 09:31 schrieb Claudio Corvino: > Hi, > > I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1) both > connected through an IPsec tunnel, I use LDAP/AD for /userdb, /all seems > to be working. > > I have a question: if I switch my Thunderbird/Outlook client to use the > other server I have to download again all the emails, about 10 GB. > > Is there any way to avoid this? Do I have to download again all the > folders every time I switch from node A to node B on my client? > > Thanks! > > Regards > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Strange errors with Dovecot replication
Hello What have you stored in /var/www/html/ooo/its-test? Kind regards, Christian Mack Am 01.12.21 um 09:27 schrieb Claudio Corvino: > Hi, > > nobody can help here? > > Thanks > > On 02/11/21 15:47, Claudio Corvino wrote: >> >> Hi, >> >> I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1) for >> testing purposes, both connected through an IPsec tunnel, I use >> LDAP/AD for /userdb, /all seems to work fine except for these errors >> present in logs every day: >> >> NODE A: >> >> /doveadm: Error: sieve: file storage: >> utime(/var/www/html/ooo/its-test) failed: Operation not permitted: 28 >> Time(s) >> dsync-local(its-test): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s) >> dsync-local(its-test): Error: sieve: file >> storage: utime(/var/www/html/ooo/its-test) failed: Operation not >> permitted: 2 Time(s) >> dsync-local(its-test): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s) >> dsync-local(its-test2): Error: read(xxx) >> failed: Connection reset by peer (last sent=mailbox_delete, last >> recv=handshake): 1 Time(s)/ >> >> NODE B: >> >> /doveadm: Error: Couldn't lock >> /mnt/mail-storage-dev/its-test/.dovecot-sync.lock: >> fcntl(/mnt/mail-storage-dev/its-test/.dovecot-sync.lock, write-lock, >> F_SETLKW) locking failed: Timed out after 30 seconds: 2 Time(s) >> doveadm: Error: Couldn't lock >> /mnt/mail-storage-dev/its-test2/.dovecot-sync.lock: >> fcntl(/mnt/mail-storage-dev/its-test2/.dovecot-sync.lock, write-lock, >> F_SETLKW) locking failed: Timed out after 30 seconds: 1 Time(s) >> doveadm: Error: sieve: file storage: >> utime(/var/www/html/ooo/its-test) failed: Operation not permitted: 28 >> Time(s) >> dsync-local(its-test): Error: sieve: file >> storage: utime(/var/www/html/ooo/its-test) failed: Operation not >> permitted: 2 Time(s)/ >> >> What I have to do? Do I have to worry about this or I can ignore it? >> >> Thanks >> >> Regards >> >> -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: Spam Folder
Hello
Am 22.11.21 um 00:58 schrieb bobby:
> I have been following the tutorial here:
> https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin
> I notice that when I log into my mail via nextcloud mail, there is no spam
> folder. Is there something further I need to do so it is generated?
>
Dovecot will autocreate folder when you tell it to do so with "auto" option.
In my example it also automatically subscribes this folder, as most
email clients only show subscribed folders.
The special_use option will tell all email clients, that this is an
folder for Junk.
So if they have some builtin "Mark as Junk/Spam" button, it will use
that folder to move to.
In /etc/dovecot/conf.d/15-mailboxes.conf set:
"[...]
namespace inbox {
[...]
mailbox Junk {
special_use = \Junk
auto = subscribe
}
[...]"
Kind regards,
Christian Mack
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: imap_metadata plugin panic
Hello You have a missing argument variable in your prepared statement: SELECT meta_key FROM metadata WHERE meta_key LIKE AND username = ? should be SELECT meta_key FROM metadata WHERE meta_key LIKE ? AND username = ? Kind regards, Christian Mack Am 15.11.21 um 19:27 schrieb Elisamuel Resto: > Hello, > > This may be covered somewhere but recently I enabled the metadata plugin > to work with sieve as part of some updates I did a while back and I > hadn't checked my logs for any issues with it and so far they're not > completely taking my system down. > > Right now, upon trying to delete a folder I noticed the following in my > logs... what am I missing? I see the broken SQL query, but I don't know > enough about the dict system or the metadata plugin to know how to add > the missing information or fix it otherwise. > > Regards, > Elisamuel Resto > > > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Panic: lib-sql: Too > many bind args (2) for statement: SELECT meta_key FROM metadata WHERE > meta_key LIKE AND username = ? > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Error: Raw backtrace: > /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x43) [0x7f449789d073] > -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x20) [0x7f449789d190] > -> /usr/lib/dovecot/libdovecot.so.0(+0xfaf1f) [0x7f44978a9f1f] -> > /usr/lib/dovecot/libdovecot.so.0(+0xfafb1) [0x7f44978a9fb1] -> > /usr/lib/dovecot/libdovecot.so.0(+0x4cd20) [0x7f44977fbd20] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0x875a) [0x555e60d7775a] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](sql_statement_query+0x42) [0x555e60d7f262] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xd97f) [0x555e60d7c97f] -> > /usr/lib/dovecot/libdovecot.so.0(dict_iterate_values+0x25) > [0x7f4497868615] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0xa929) [0x555e60d79929] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](+0xb224) [0x555e60d7a224] -> dovecot/dict [0 clients, 0 > lookups:0/0/0/0, 0 iters:0/0/0/0, 0 commits:0/0/0/0](+0xb381) > [0x555e60d7a381] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](dict_command_input+0xd9) > [0x555e60d7a579] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](+0x95b8) [0x555e60d785b8] -> > /usr/lib/dovecot/libdovecot.so.0(connection_input_default+0x15e) > [0x7f44978a16ce] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x6b) [0x7f44978bfebb] > -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x13b) > [0x7f44978c15cb] -> > /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x51) > [0x7f44978bff61] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x41) > [0x7f44978c0131] -> > /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x14) > [0x7f4497831f74] -> dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 > iters:0/0/0/0, 0 commits:0/0/0/0](main+0x189) [0x555e60d78139] -> > /usr/lib/libc.so.6(__libc_start_main+0xd5) [0x7f44972cfb25] -> > dovecot/dict [0 clients, 0 lookups:0/0/0/0, 0 iters:0/0/0/0, 0 > commits:0/0/0/0](_start+0x2e) [0x555e60d7819e] > Nov 15 12:19:19 wyvern dovecot[461]: > imap(s...@samresto.dev)<51449><+BGq2NfQM/7Pisr9>: Error: Mailbox > Trash/Processed: dict_iterate(priv/c841ad0291c27461ac670100a07d9965/) > failed: Connection closed (reply took 0.204 secs (0.204 in dict wait, > 0.000 in other ioloops, 0.000 in locks)) > Nov 15 12:19:19 wyvern dovecot[461]: dict(51438): Fatal: master: > service(dict): child 51438 killed with signal 6 (core dumped) > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
