Re: [Dovecot] authentication to IMAP
On Thursday 07 May 2009 17:53:34 punit_j wrote: a1 NO Authentication failed. what do the logs say? My dovecot server does PLAIN authentication as can auth_mechanisms = plain Is there a way to do PLAIN auth with crypt password or any means of doing admin authentication on behalf of normal user ? see here and see if you have troubles http://wiki.dovecot.org/Authentication/MasterUsers Daniel
[Dovecot] Fwd: Re: sasl parameters missing (in postfix)
In response to my request for postfix to support dovecot auth arguments I got the forwarded reply. If someone gets around to this before me I won't be offended. Story is I deployed a webmail with certificate based authentication that substitutes a global master password (http://wiki.dovecot.org/Authentication/MasterUsers) when the certificate matches. The webmail accesses the inbox by imap and reuses the password for smtp through postfix. I configured dovecot sasl authentication to allow a particular global password to be allowed from one IP address of the webmail server. Unfortuanately it seems as though postfix doesn't pass rip= (remote ip) or the other AUTH parameters of the protocol (http://dovecot.org/doc/auth-protocol.txt). Is adding these parameters to postfix's sasl authentication a useful feature request? -- Forwarded Message -- Subject: Re: sasl parameters missing Date: Thu, 7 Aug 2008 From: Wietse Venema [EMAIL PROTECTED] To: Daniel Black [EMAIL PROTECTED] Daniel Black: Thanks Wietse, On Tue, 5 Aug 2008 09:30:44 am Wietse Venema wrote: Postfix passes the information in the SMTP client's AUTH command. This is how I got the Dovecot extension from Timo. If someone is willing to monitor his docs for changes, it seems fairly stable. Going off the doc/auth-protocol.txt changelog Nov 12 2006 lport/rport was added. Aug 07 2005 changed valid-client-cert to ssl-valid-cert Oct 22 2004 original documentation Current implementation of the authentication server in dovecot seems to ignore parameters it doesn't understand. then they are welcome to do so. I won't. On the basis of this apparent stability and compatibility would you consider accepting a patch? Yes. No promise, though, that it will be adopted. One consideration is that Postfix does not talk directly to Dovecot, but instead talks to an abstraction layer that is used for both Cyrus SASL and for Dovecot. Obviously, that XSASL abstraction layer must not be made specific to the underlying Cyrus SASL or Dovecot implementation. The solution therefore is not to extend XSASL functions with one extra argument for each Dovecot feature. Apart from being Dovecot-specific, functions with many parameters are difficult to update correctly; compilers can't always tell that two arguments should be swapped. I solved the problem of many-parameter functions by using macros such as TLS_SERVER_START(). This gives more assurance that data is passed correctly, and it less likely to break due to human maintainer error. Wietse --- -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097 signature.asc Description: This is a digitally signed message part.
Re: [Dovecot] fd limit 1024 is lower in dovecot-1.1.1
On Sun, 29 Jun 2008 03:53:54 pm Zhang Huangbin wrote: Hi, all. I just upgrade from 1.0.15 to 1.1.1 in a test box(RHEL 5.2, x86_64). after upgrade, i got this warning msg: 8 # /etc/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: Warning: fd limit 1024 is lower than what Dovecot can use under full load (more than 1280). Either grow the limit or change login_max_processes_count and max_mail_processes settings [ OK ] 8 but i changed either login_max_processes_count and max_mail_processes to 2048, it raised the same msg. change may not mean increase How can i solove this issue? /etc/security/limits.conf to increase the nofiles or possibly decrese the process counts. -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097 signature.asc Description: This is a digitally signed message part.
Re: [Dovecot] Multiple SSL certificates with dovecot.
On Tue, 10 Jun 2008 08:01:38 pm Andre Rodier wrote: Hello all, By advance, I hope you'll excuse my probably not perfect English, which is not my mother tongue. its pretty good. I have always appreciated dovecot for this simplicity to setup and lightweight, but today, after many installations, I cannot find how to setup dovecot for my configuration. - I use only IMAPS to retrieve the mails. - I manage two domain names - I use CA-Cert certificates So,the question is : how to setup dovecot to select the appropriate certificate, according to the domain name I use when I retrieve mails using the IMAPS protocol ? It cannot. To do so would require Server Name Indication rfc3546 to be implemented. It also would require email clients to support it. https://wiki.cacert.org/wiki/VhostTaskForce An alternate is to get both names in the one certificate. https://wiki.cacert.org/wiki/CSRGenerator -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097 signature.asc Description: This is a digitally signed message part.
[Dovecot] compile troubles - stat.mtim - 1.1hg
having trouble compiling dovecot-1.1hg latest pull I'm amost thinking _GNU_SOURCE needs to be defined as its built to work Any suggestions welcome. make[4]: Nothing to be done for `all'. make[4]: Leaving directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage/list' Making all in index make[4]: Entering directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage/index' Making all in maildir make[5]: Entering directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage/index/maildir' gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/lib -I../../../../src/lib-mail -I../../../../src/lib-imap -I../../../../src/lib-index -I../../../../src/lib-storage -I../../../../src/lib-storage/index -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include -MT maildir-uidlist.o -MD -MP -MF .deps/maildir-uidlist.Tpo -c -o maildir-uidlist.o maildir-uidlist.c maildir-uidlist.c: In function 'maildir_uidlist_update_hdr': maildir-uidlist.c:322: error: request for member 'st_mtim' in something not a structure or union make[5]: *** [maildir-uidlist.o] Error 1 make[5]: Leaving directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage/index/maildir' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage/index' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/dan/software_projects/dovecot-1.1/src/lib-storage' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/dan/software_projects/dovecot-1.1/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/dan/software_projects/dovecot-1.1' fgrep HAVE_STAT config.h /* #undef HAVE_STATFS_MNTFROMNAME */ /* #undef HAVE_STATVFS_MNTFROMNAME */ #define HAVE_STAT_XTIM /* #undef HAVE_STAT_XTIMESPEC */ from config.log configure:28085: checking if struct stat has st_?tim timespec fields configure:28117: gcc -c -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 conftest.c 5 conftest.c: In function 'main': conftest.c:104: warning: unused variable 'x' configure:28123: $? = 0 configure:28134: result: yes configure:28149: checking if struct stat has st_?timespec fields configure:28181: gcc -c -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 conftest.c 5 conftest.c: In function 'main': conftest.c:105: error: 'struct stat' has no member named 'st_mtimespec' conftest.c:105: warning: unused variable 'x' configure:28187: $? = 1 configure: failed program was: Portage 2.1.4.4 (default-linux/amd64/2007.0, gcc-4.2.3, glibc-2.6.1-r0, 2.6.22-vs2.2.0.7-gentoo x86_64) = System uname: 2.6.22-vs2.2.0.7-gentoo x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Timestamp of tree: Sat, 17 May 2008 22:15:01 + distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r9 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox:1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 features.h #ifdef _GNU_SOURCE # define _BSD_SOURCE1 #endif #if defined _BSD_SOURCE || defined _SVID_SOURCE # define __USE_MISC 1 #endif sys/stat.h includes bits/stat.h #include features.h struct stat { #ifdef __USE_MISC /* Nanosecond resolution timestamps are stored in a format equivalent to 'struct timespec'. This is the type used whenever possible but the Unix namespace rules do not allow the identifier 'timespec' to appear in the sys/stat.h header. Therefore we have to handle the use of this header in strictly standard-compliant sources special. */ struct timespec st_atim;/* Time of last access. */ struct timespec st_mtim;/* Time of last modification. */ struct timespec st_ctim;/* Time of last status change. */ -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097 signature.asc Description: This is a digitally signed message part.
[Dovecot] [bug] bit of a clearer error message desired - Can't load CA file... : Success
Not the clearest of error messages. A successful cannot load. May 7 21:05:29 10.10.10.213 dovecot: child 21500 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21501 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21502 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21503 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21505 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: pop3-login: Can't load CA file /etc/dovecot/all.der: Success May 7 21:05:29 10.10.10.213 dovecot: imap-login: Can't load CA file /etc/dovecot/all.der: Success /etc/dovecot/all.der was generated by concatinating the following (all in der format) http://www.cacert.org/certs/root.der http://www.cacert.org/certs/class3.der http://crl.cacert.org/revoke.crl http://crl.cacert.org/class3-revoke.crl # dovecot --version 1.0.10 reiserfs filesystem # uname -a Linux mail.cacert.org 2.6.22-vs2.2.0.7-gentoo #1 SMP Mon May 5 20:21:30 EST 2008 x86_64 GNU/Linux # dovecot -n # 1.0.10: /etc/dovecot/dovecot.conf protocols: imaps pop3s imap pop3 ssl_ca_file: /etc/dovecot/all.der ssl_cert_file: /etc/ssl/certs/ssl-cert-community-cacert.pem ssl_key_file: /etc/ssl/private/ssl-cert-community-cacert.key ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_greeting: You want mail? Well hurry up. first_valid_uid: 5000 mail_location: maildir:~/Maildir mail_read_mmaped: yes mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format: %08Xu%08Xv auth default: mechanisms: plain login verbose: yes debug: yes debug_passwords: yes ssl_require_client_cert: yes ssl_username_from_cert: yes passdb: driver: pam args: session=yes mail userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097 signature.asc Description: This is a digitally signed message part.