Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-21 Thread Davide Marchi via dovecot 

Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service

inet:mailstore.example.com:12340

right??
I configured it before the "permit_sasl_authenticated" and the "reject" 
statement.




I've a doubt (again): Is it correct the the space between "[..]service" 
and "inet[..]"? As suggested here: 
https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html


I've run:

postconf smtpd_recipient_restrictions=check_policy_service 
inet:mailstore.example.com:12340


but obtain the error:

postconf: fatal: missing '=' after attribute name: 
"inet:mailstore.example.com:12340"


Please, which is the correct syntax? :-)


Thanks again!

Davide

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-21 Thread Davide Marchi via dovecot 

From: Urban Loesch 
Hi,


Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service

inet:mailstore.example.com:12340

right??
I configured it before the "permit_sasl_authenticated" and the "reject" 
statement.




And eventually, should you suggest me how made some functional 
verification test?
According to: http://www.postfix.org/SMTPD_POLICY_README.html try on 
your postfix:


telnet mailstore.example.com 12340

and insert the following lines:

sender=somesen...@somedomain.com
recipient=y...@recipient.com
size=12345
[empty line]


Set a size= in bytes which is greater that your configured quota.
In theory the policy service should respond with your configured error 
message "552 5.2.2 Mailbox is full".


Example on my server:

...
sender=postmas...@somedomain.com
recipient=m...@recipient.com
size=12345000

action=552 5.2.2 Mailbox is full
...


For a livetest reduce the quota of your testaccount to ex. 100KB and 
the send a mail > 100BK from outside to it. You should see the "552" 
error
message in your logs and you should get back a bouncemail from the 
sending server.


Hope I explained it correct.

Best
Urban



WAW! Very very clear your example!

Thanks again Urban, you are a friend ;-)

I will try...


Thanks again to all!


Davide





--
cosmogoniA
n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-20 Thread Davide Marchi via dovecot 

From: Urban Loesch

Hi,

I would like to enable (the same) quota (count) for all 
(virtual)users,

on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27,
and is not clear for me if I need to tell Postfix to communicate with 
the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
 ...
 check_policy_service inet:mailstore.example.com:12340

I configured it like your example above and it works for me.

Best
Urban


Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service 
inet:mailstore.example.com:12340


right?  :-)


And eventually, should you suggest me how made some functional 
verification test?



Many many many thanks Urban!! ;-)


Davide

Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-19 Thread Davide Marchi via dovecot 

Hi Friends,

a doubt:

I would like to enable (the same) quota (count) for all (virtual)users,
on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27,
and is not clear for me if I need to tell Postfix to communicate with 
the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
...
check_policy_service inet:mailstore.example.com:12340



My current Postfix "smtpd_recipient_restrictions":


-o 
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject




Currently I've edited:



conf.d/10-mail.conf:

# Space separated list of plugins to load for all services. Plugins 
specific to

# IMAP, LDA, etc. are added to this list in their own .conf files.
mail_plugins = $mail_plugins quota


conf.d/20-imap.conf:

protocol imap {
  # Space separated list of plugins to load (default is global 
mail_plugins).

  mail_plugins = $mail_plugins imap_quota
}


conf.d/90-quota.conf: (for use with the quota-status service)

plugin {
quota_grace = 10%%
# 10% is the default
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}



/etc/dovecot/conf.d/90-quota.conf:

plugin {
quota = maildir
quota_rule = *:storage=3G
quota_rule2 = Trash:storage=+100M
  # LDA/LMTP allows saving the last mail to bring user from under quota 
to
  # over quota, if the quota doesn't grow too high. Default is to allow 
as
  # long as quota will stay under 10% above the limit. Also allowed e.g. 
10M.

  #quota_grace = 10%%
  # 10% is the default
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
plugin {
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
}
plugin {
  #quota = dirsize:User quota
  #quota = maildir:User quota
  #quota = dict:User quota::proxy::quota
  #quota = fs:User quota
quota = count:User quota
  # This is required - it uses "virtual sizes" rather than "physical 
sizes" for quota counting:

  quota_vsizes = yes
}
plugin {
  #quota = dict:user::proxy::quota
  #quota2 = dict:domain:%d:proxy::quota_domain
  #quota_rule = *:storage=102400
  #quota2_rule = *:storage=1048576
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  user = dovecot
  unix_listener quota-warning {
user = vmail
  }
}
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}



Many many thanks!!


Davide

Re: Auto MX Email Client configuration, the right way?

2019-03-10 Thread Davide Marchi via dovecot 

Now I've seen the new RFC 6186 specification
(https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to
achieve the same goal.

[..]
again:
[..]
When a user identifier is required, MUAs MUST first
use the full email address provided by the user, and if that 
results

in an authentication failure, SHOULD fall back to using the "local-
part" extracted from the email address.  This is in line with the
guidance outlined in Section 5.  If both these user identifiers
result in authentication failure, the MUA SHOULD prompt the user 
for

a valid identifier.
[..]

here I have the biggest doubt, in fact Thunderbird often uses only the
username and not the whole email address, both for incoming and 
outgoing

server...
Is any of you using this second way? And possibly, do you kniw if it
works with different clients (desktop and mobile)?


I've made some tests and this solution seems very serviceable, for the 
only exception for the user name on Thunderbird.
Unlike what is stated in this RFC, Thunderbird "takes" only the name and 
not the entire email address as the username.

Anyone knows if is it possible to communicate the username type via RFC?

Many thanks again!


Davide

Auto MX Email Client configuration, the right way?

2019-03-09 Thread Davide Marchi via dovecot 

Hi Friends!
An opinion.

I would like to facilitate the configuration of one's mail client 
(desktop or mobile) to my users server.
Some time ago I asked the same question and you suggested me to use 
"Automx".


So I started of good will and I looked for the Automx documentation. And 
here the problems started as I found several inconsistencies, even 
parameters (in official documentation) that produce Apache errors..
to complicate things, different path between deb packages and official 
version :-)


Now I've seen the new RFC 6186 specification 
(https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to 
achieve the same goal.


[..]
4.  Guidance for MUAs

   By using SRV records as above, MUAs need initially only to prompt the
   user for their email address [RFC5322].  The "local-part" and
   "domain" portions are then extracted from the email address by the
   MUA.  The MUA uses the "domain" portion as the service domain to
   perform SRV lookups for the services it wants to configure.  If the
   SRV lookup is successful, the target FQDN and port for the service
   can be determined and used to complete MUA configuration.  If an SRV
   record is not found, the MUA will need to prompt the user to enter
   the FQDN and port information directly, or use some other heuristic.
   In the case of multiple SRV records returned for a particular
   service, the MUA MUST use the priority and weight fields in the
   record to determine which one to use (as per [RFC2782]).

[..]

again:
   [..]
   When a user identifier is required, MUAs MUST first
   use the full email address provided by the user, and if that results
   in an authentication failure, SHOULD fall back to using the "local-
   part" extracted from the email address.  This is in line with the
   guidance outlined in Section 5.  If both these user identifiers
   result in authentication failure, the MUA SHOULD prompt the user for
   a valid identifier.
   [..]

here I have the biggest doubt, in fact Thunderbird often uses only the 
username and not the whole email address, both for incoming and outgoing 
server...
Is any of you using this second way? And possibly, do you kniw if it 
works with different clients (desktop and mobile)?



Many many thanks!

Davide

How to inhibit pop3 server email deletion?

2019-02-02 Thread Davide Marchi 

Hi Friends,
for some special needs I would like to inhibit the email deletion from 
any email client POP3 access.
For example prevent the Thunderbird ability to delete server messages 
older than..

Is this possibile via ACL?


Many many thanks!


Davide

Strange problem on lmtp with dovecot 2.3.2.1

2018-08-20 Thread davide marchi 
Hi to all i have compiled and installed dovecot 2.3.2.1 on debian 6 with
success but now i'm facing a strange problem on communication from postfix
installed on server A with dovecot installed on server B (which version is
2.3.2.1). All incoming emails delivered from esternal from server A to
server B with LMTP is rejected with this message error

"smtpgw postfix/lmtp[1772]: 6194CA00B3: to=,
relay=192.168.10.50[192.168.10.50]:24, delay=0.02, delays=0/0.01/0.01/0,
dsn=5.5.4, status=undeliverable (host 192.168.10.50[192.168.10.50] said:
501 5.5.4 Invalid FROM: Missing domain (in reply to MAIL FROM command))"

I cant identify what is the problem , for now i have bypassed lmtp using
smtp but my goal is returning to lmtp that i have used since old versions
of dovecot.

Error compiling pigeonhole managesieve 0.4.24

2018-08-10 Thread davide marchi 
Hi i have a problem compiling as mantioned on object of this mail: i'm
changing dovecot on my debian 6 from version 2.2.32 to 2.2.36 and
pigeonhole from 0.4.20 to 0.4.24
this is output of dovecot -n for listing versions installed

dovecot -n
# 2.2.32 (dfbe293d4): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.20 (7cd71ba)
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10
 i have downloaded packages from site and compiling from source

so far so good
for pigeonhole this is the configure command that i always use

./configure CFLAGS=-O3
but when i run make this is the error that i came accross:

/bin/bash ../../libtool  --tag=CC   --mode=link gcc  -std=gnu99 -O3 -Wall
-W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
-Wstrict-aliasing=2  -I../..  -export-dynamic  -o sievec sievec.o
../../src/lib-sieve/libdovecot-sieve.la ../../src/lib-sieve-tool/
libsieve-tool.la -ldovecot-storage  -ldovecot-lda -L/usr/local/lib/dovecot
-ldovecot -lrt
libtool: link: gcc -std=gnu99 -O3 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I../.. -o
.libs/sievec sievec.o -Wl,--export-dynamic
../../src/lib-sieve/.libs/libdovecot-sieve.so
../../src/lib-sieve-tool/.libs/libsieve-tool.a
/usr/local/lib/dovecot/libdovecot-storage.so
/usr/local/lib/dovecot/libdovecot-lda.so -L/usr/local/lib/dovecot
/usr/local/lib/dovecot/libdovecot.so -lrt -Wl,-rpath
-Wl,/usr/local/lib/dovecot
../../src/lib-sieve/.libs/libdovecot-sieve.so: undefined reference to
`str_sanitize_utf8'
collect2: ld returned 1 exit status
make[3]: *** [sievec] Error 1
make[3]: Leaving directory
`/download/dovecot-2.2-pigeonhole-0.4.24/src/sieve-tools'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/download/dovecot-2.2-pigeonhole-0.4.24/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/download/dovecot-2.2-pigeonhole-0.4.24'
make: *** [all] Error 2

What's wrong ? Thanks in advance on helping me

Re: Auto configure email clients from Dovecot?

2018-07-01 Thread Davide Marchi 

[..]

Eduardo M KALINOWSKI:
It is possible but it's not a dovecot job.


Ak, ok!


Thunderbird has a protocol to get the settings but is DNS/xml related (
and is pretty normal because it not know the name of the mail server
before )
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration
You need to serve an xml file on your webserver on the same domain.




MfG Robert Schetterer:
see
https://automx.org/en/
https://blog.sys4.de/outlook-2013-special-use-mit-dovecot-de.html
https://wiki.dovecot.org/MailboxSettings


Perfect!

Many thanks to all!

Davide

Auto configure email clients from Dovecot?

2018-06-30 Thread Davide Marchi 

Hi Friends,

I'm using on Debian Jessie, Dovecot 1:2.2.13-12~deb8u3.
I would like to know if is it possible to auto-configure the email 
client, for example Thunderbird or K-9 mail.
Essentially I would like to know if is it possible to let dovecot 
instruct the mail client about how to auto-configure the email client.


Actually my mail server parameters are not automatically taken from 
Thunderbird or K9-Mail.

Is there a way to make this possible? Or am I on a wrong path?

Many many thanks!

Davide
Italy

Dovecot path separator clarification

2017-12-15 Thread Davide Marchi 

Hi Friends,
On Debian Jessie and Dovecot 1:2.2.x using the default separator "/" 
(simply leave commented 10-mail.conf -> "#separator =")


I've create for a vuser (from client) a subfolder Scuola/prova

on server side, Dovecot create:

../Maildir/.Scuola.prova

Here my question: why not

../Maildir/Scuola/prova ?



Where I'm wrong?

Many thanks!

Davide

Re: Recommended tool for migrating IMAP servers

2017-12-15 Thread Davide Marchi 

[..]
Well, I've read the dsync documentation, but this warning has me a 
little worried:


"Make sure destination is exactly as source, deleting/reverting any 
changes in destination if necessary"


This is when you use the 'backup' option. Dsync then makes 1:1 copy of
the source. If you use 'sync -1' option,
it does not delete mails/folders from destination.

Sami


Ah, ok, for the next sync I will try Dsync!

Many thanks again!


davide

Re: Recommended tool for migrating IMAP servers

2017-12-13 Thread Davide Marchi 
Sami Ketola wrote:> We run all our migrations using Dovecot internal 
dsync. Usually using imapc connector to connect to legacy

platform.

Wqmi


Many thanks Wqmi!
Well, I've read the dsync documentation, but this warning has me a 
little worried:


"Make sure destination is exactly as source, deleting/reverting any 
changes in destination if necessary"


So I followed the Imapsync way, and all works fine.

I seem to have understood thatImapsync works as a traditional client,for 
this reason also much easier to use and with less mistakes risk. And 
anyway a software done very well ;-)



x9p wrote:> I do not believe imapsync has license issues. Its written in 
perl and its
hosted on github. You can pay for support if you want. and disable 
stats

uploaded to their servers, via command line.


Well, clear, many thanks x9p!


Many thanks to all!

Davide



--
cosmogoniA
cosmogoniA
n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e

Re: Recommended tool for migrating IMAP servers

2017-12-11 Thread Davide Marchi 

Il 2017-12-05 07:16 Sami Ketola ha scritto:
[..]


Trust us. We have run multiple migrations at scale of 10+ million 
users.


Sami


However, it seems that Imapsync has license issues and in fact it's not 
included in the Debian repositories.

Is it to be used anyway or should be avoid?

Many thanks again

Davide

Re: Recommended tool for migrating IMAP servers

2017-12-04 Thread Davide Marchi 

[..]

Hi,

I vouch for imapsync. Have used it in the past with quite a big amount 
of

emails.

cheers.

x0p


Ah, thanks  x0!


Also if you have fs access on both servers, and you are using maildir,
plain rsync works just as well.

Aki


no, I've not fs access on both servers! :-/

If you want to preserve IMAP UID:s and possibly also POP3 UIDL:s then 
dovecot internal

dsync is the only tool that can do it.

With every other tool you will face end users needing to  invalidate 
their local caches and

redownloading all headers if not also all mail bodies.

Sami



Can I use this tool even if I do not know the other remote server 
typology?


Many thanks to all!!

Davide



--
firma

cosmogoniA 
n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e

Recommended tool for migrating IMAP servers

2017-12-03 Thread Davide Marchi 

Hi Friends,
I would like to ask you a suggestion:
I need to migrate a imap server to a new one and then dismiss the old 
one.
Reading from relative Dovecot documentation page 
(https://wiki.dovecot.org/Migration), more tools are shown:


UW-IMAP's mailutil, imapsync, YippieMove and Larch.

The each mail servers are Linux based, one of this (mine) is Dovecot.
Based on your experience which of these tools would be preferable to 
use?



Thank you very much

Davide

Re: ACL permission: give permission to move email into different folder

2017-10-09 Thread Davide Marchi 

On October 7, 2017 at 1:29 AM Aki Tuomi  wrote:

[..]Can

you provide mail_debug=yes logs?



Hi Aki,


I've set on /etc/dovecot/conf.d/10-logging.conf:

mail_debug = yes
debug_log_path = /var/log/dovecot.debug

and

on /etc/dovecot/dovecot.conf

protocol imap {
  mail_plugins = $mail_plugins mail_log notify
}



these are my "mail_debug" logs, but first I noticed that Dovecot returns 
a not file found "/var/vmail/mysite.org/booking/Maildir/dovecot-acl" 
(each for every directory) where I set *only* the global ACL file.



mail_plugins = acl
protocol imap {
  mail_plugins = $mail_plugins imap_acl
}

plugin {

  acl = vfile:/etc/dovecot/dovecot-acl
  acl_globals_only = yes
}


LOGS:

tail -f /var/log/dovecot.debug
Oct 09 22:26:35 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib20_mail_log_plugin.so
Oct 09 22:26:35 imap(book...@mysite.org): Debug: Effective uid=5000, 
gid=5000, home=/var/vmail/mysite.org/booking
Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl: No acl_shared_dict 
setting - shared mailbox listing is disabled
Oct 09 22:26:35 imap(book...@mysite.org): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:/var/vmail/mysite.org/booking/Maildir
Oct 09 22:26:35 imap(book...@mysite.org): Debug: maildir++: 
root=/var/vmail/mysite.org/booking/Maildir, index=, indexpvt=, control=, 
inbox=/var/vmail/mysite.org/booking/Maildir, alt=
Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl: initializing 
backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl: acl username = 
book...@mysite.org

Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl: owner = 1
Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl vfile: Global ACL 
file: /etc/dovecot/dovecot-acl
Oct 09 22:26:35 imap(book...@mysite.org): Debug: acl vfile: file 
/var/vmail/mysite.org/booking/Maildir/dovecot-acl not found
Oct 09 22:27:18 imap: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib15_notify_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib20_mail_log_plugin.so
Oct 09 22:27:18 imap(book...@mysite.org): Debug: Effective uid=5000, 
gid=5000, home=/var/vmail/mysite.org/booking
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: No acl_shared_dict 
setting - shared mailbox listing is disabled
Oct 09 22:27:18 imap(book...@mysite.org): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:/var/vmail/mysite.org/booking/Maildir
Oct 09 22:27:18 imap(book...@mysite.org): Debug: maildir++: 
root=/var/vmail/mysite.org/booking/Maildir, index=, indexpvt=, control=, 
inbox=/var/vmail/mysite.org/booking/Maildir, alt=
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: initializing 
backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: acl username = 
book...@mysite.org

Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: owner = 1
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl vfile: Global ACL 
file: /etc/dovecot/dovecot-acl
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl vfile: file 
/var/vmail/mysite.org/booking/Maildir/dovecot-acl not found
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl vfile: file 
/var/vmail/mysite.org/booking/Maildir/.INBOX/Junk/dovecot-acl not found
Oct 09 22:27:18 imap: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib15_notify_plugin.so
Oct 09 22:27:18 imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib20_mail_log_plugin.so
Oct 09 22:27:18 imap(book...@mysite.org): Debug: Effective uid=5000, 
gid=5000, home=/var/vmail/mysite.org/booking
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: No acl_shared_dict 
setting - shared mailbox listing is disabled
Oct 09 22:27:18 imap(book...@mysite.org): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:/var/vmail/mysite.org/booking/Maildir
Oct 09 22:27:18 imap(book...@mysite.org): Debug: maildir++: 
root=/var/vmail/mysite.org/booking/Maildir, index=, indexpvt=, control=, 
inbox=/var/vmail/mysite.org/booking/Maildir, alt=
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: initializing 
backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 09 22:27:18 imap(book...@mysite.org): Debug: acl: acl username = 
book...@mysite.org

Oct 09 22:27:18

Re: ACL permission: give permission to move email into different folder

2017-10-06 Thread Davide Marchi 

On 06.10.2017 12:42:22, Aki Tuomi wrote:
[..]


Maybe it is not possible with Dovecot?

Many Thanks

Davide


Just give the relevant permissions to the user, and it also requires
that the target directory is writable by source user.

Aki


Oh, excuse me for the (most probably) silly question, but where I could 
give to my *virtual user* the directory write permission, if not from 
the Dovecot ACL?



Actually on /etc/dovecot/dovecot.acl:

* user=f...@mydomain.com lrwsip
* user=i...@mydomain.com lrwsip



Many thanks Aki for you help! :-)


Davide

Re: ACL permission: give permission to move email into different folder

2017-10-06 Thread Davide Marchi 

I've set ACL for two user (two primary email address, no alias), where
these users must not be able to delete email from imap server.
Now I would like to add (from the client) the ability to move any
incoming mail into different directory, if possible into an existing
directory chosen by me.


Maybe it is not possible with Dovecot?

Many Thanks

Davide

ACL permission: give permission to move email into different folder

2017-10-03 Thread Davide Marchi 

Hi friends,
I've set ACL for two user (two primary email address, no alias), where 
these users must not be able to delete email from imap server.
Now I would like to add (from the client) the ability to move any 
incoming mail into different directory, if possible into an existing 
directory chosen by me.


These are the settings on /etc/dovecot/dovecot.acl:

* user=f...@mydomain.com lrwsip
* user=i...@mydomain.com lrwsip

is it possible?

I've read https://wiki2.dovecot.org/ACL but I've not found a solution.


many many thanks!

Davide

Re: under another kind of attack

2017-07-31 Thread Davide Marchi 

From: Olaf Hopp 
Davide,
yours is all postfix and thus has got no overlap with dovecot.
So no interference.
Olaf


Yes, I know, but I preferred not to give anything for granted ;-)

Many Thanks Olaf!

Re: under another kind of attack

2017-07-29 Thread Davide Marchi 

Hi to all,

@Olaf Hopp I've this filter enabled for fail2ban, my question is: could 
my filters overlap or interfere with those suggested by you?


this is my filter:


Contents of /etc/fail2ban/jail.conf:

[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled  = true
port = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry = 6
bantime  = 600
findtime = 600

Contents of /etc/fail2ban/filter.d/postfix.conf:

# Fail2Ban configuration file
# Author: Cyril Jaquier
# $Revision$

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the 
logfile. The
#  host must be matched by a group named "host". The tag 
"" can
#  be used for standard IP/hostname matching and is only an 
alias for

#  (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values:  TEXT
#

# Jul 11 02:35:08 mail postfix/smtpd[16299]: lost connection after AUTH 
from unknown[196.12.178.73]


failregex = lost connection after AUTH from unknown\[\]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =


Many thanks!

Re: failed to store into mailbox 'INBOX/Junk': Permission

2017-07-26 Thread Davide Marchi 

From: Thomas Leuxner 

cat /etc/dovecot/dovecot-acl
* user=book...@hotelsangiorgioriccione.com lrwsi
* user=i...@hotelsangiorgioriccione.com lrwsi

Hi Davide,

For LMTP to file the mails you need to add the p flag (POST).


Well, I've added the "p" flag and now I will monitor the situation ;-)

PS
Just as an additional note, just after making this change and reload 
Dovecot I have detected (oneshot) this error message:



Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: auth: Error: read(anvil-auth-penalty) 
failed: EOF
Jul 26 22:09:53 server dovecot: auth: Error: 
net_connect_unix(anvil-auth-penalty) failed: Permission denied
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF
Jul 26 22:09:53 server dovecot: imap-login: Error: read(anvil) failed: 
EOF


But now everything seems to work well (let's hope) ;-)


Many thanks Thomas!

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-26 Thread Davide Marchi 

Steffen Kaiser ha scritto:

Does INBOX/Junk already exists?


Yes, (but empty):

find /var/vmail/hotelsangiorgioriccione.com/info/ |grep INBOX
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash/new
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash/tmp
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash/cur
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash/maildirfolder
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash/dovecot.index.log
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk/new
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk/tmp
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk/cur
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk/maildirfolder
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk/dovecot.index.log


and same for other v-user "booking"


What's in your ACL file?


cat /etc/dovecot/dovecot-acl
* user=book...@hotelsangiorgioriccione.com lrwsi
* user=i...@hotelsangiorgioriccione.com lrwsi



What does these commands return?
doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX
doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX/Junk


doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox 'INBOX' is in 
namespace ''
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox path: 
/var/vmail/hotelsangiorgioriccione.com/info/Maildir
doveadm(i...@hotelsangiorgioriccione.com): Info: All message flags are 
shared across users in mailbox
doveadm(i...@hotelsangiorgioriccione.com): Info: User 
i...@hotelsangiorgioriccione.com has rights: lookup read write 
write-seen insert
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox in user's 
private namespace
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox INBOX is 
visible in LIST



doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX/Junk
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox 'INBOX/Junk' 
is in namespace ''
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox path: 
/var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Junk
doveadm(i...@hotelsangiorgioriccione.com): Info: All message flags are 
shared across users in mailbox
doveadm(i...@hotelsangiorgioriccione.com): Info: User 
i...@hotelsangiorgioriccione.com has rights: lookup read write 
write-seen insert
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox in user's 
private namespace
doveadm(i...@hotelsangiorgioriccione.com): Info: Mailbox INBOX/Junk is 
visible in LIST



Many thanks Steffen!

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-25 Thread Davide Marchi 


I add a clarification:

Now that I've commented out sieve Junk/Trash on 
"/etc/dovecot/conf.d/15-mailboxes.conf"



  mailbox Junk
{ special_use = \Junk
  }
  mailbox Trash
{ special_use = \Trash
  }



remains a single account with permission issues, only one with write 
permissions controlled by the ACL plugin:




   plugin {
 acl = vfile:/etc/dovecot/dovecot-acl
 sieve = ~/.dovecot.sieve
 sieve_after = /etc/dovecot/sieve-after
 sieve_dir = ~/sieve
   }



Many thanks again!

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-25 Thread Davide Marchi 

For more clarity I also attach the content of
"/etc/dovecot/conf.d/15-mailboxes.conf"


#  mailbox Junk {
#special_use = \Junk
#  }
#  mailbox Trash {
#special_use = \Trash
#  }
  mailbox INBOX/Junk {
  auto = subscribe
  special_use = \Junk
  }
  mailbox INBOX/Trash {
  auto = subscribe
  special_use = \Trash
  }




  Date: Mon, 24 Jul 2017 18:06:29 +0200
  From: Christian Kivalo 

  Please also provide your doveconf -n


Here my Dovecot configuration (I've commented out "mailbox Junk" and 
"mailbox Trash" above)


# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.5 ext4
auth_mechanisms = plain login cram-md5
mail_location = maildir:/var/vmail/%d/%n/Maildir
mail_plugins = acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox INBOX/Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox INBOX/Trash {
auto = subscribe
special_use = \Trash
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile:/etc/dovecot/dovecot-acl
  sieve = ~/.dovecot.sieve
  sieve_after = /etc/dovecot/sieve-after
  sieve_dir = ~/sieve
}
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert = ssl_cipher_list = 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ssl_dh_parameters_length = 2048
ssl_key =

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-24 Thread Davide Marchi 
For more clarity I also attach the content of 
"/etc/dovecot/conf.d/15-mailboxes.conf"



#  mailbox Junk {
#special_use = \Junk
#  }
#  mailbox Trash {
#special_use = \Trash
#  }
  mailbox INBOX/Junk {
  auto = subscribe
  special_use = \Junk
  }
  mailbox INBOX/Trash {
  auto = subscribe
  special_use = \Trash
  }


Thanks again

failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-24 Thread Davide Marchi 

Hello to everyone,

On Debian Jessie (no SElinux) and "dovecot-sieve 1:2.2.13-12~deb8u1" 
I've changed the sieve (sieve_after) Junk and Trash path, from:


"INBOX.Junk"
to
"INBOX/Junk"


compiled it:

sievec /etc/dovecot/sieve-after/spam-to-folder.sieve

but now if i look into mail.err log, found this:


Jul 24 07:22:01 server dovecot: lmtp(6823, 
i...@hotelsangiorgioriccione.com): Error: p/3kL/mDdVmnGgAAS3B7vQ: sieve: 
msgid=<887291195.6699.1500873334921.JavaMail.trend@backend-prod-003>: 
failed to store into mailbox 'INBOX/Junk': Permission denied
Jul 24 07:22:02 server dovecot: lmtp(6823, 
i...@hotelsangiorgioriccione.com): Error: p/3kL/mDdVmnGgAAS3B7vQ: sieve: 
execution of script /etc/dovecot/sieve-after/spam-to-folder.sieve 
failed, but implicit keep was successful


and many others..


This is the "spam-to-folder.sieve content":

require ["fileinto","mailbox"];

if header :contains "X-Spam-Flag" "YES" {
 fileinto :create "INBOX/Junk";
 stop;
}


where I'm wrong?

many thanks!

Re: ACL and virtual user

2017-05-15 Thread Davide Marchi 

...I had under my eyes the solution I have not seen:


* user=foo lrw
Public user=bar lrwstipekxa
Public/* user=bar lrwstipekxa


I was enough (in my case) add the initial  "*" wildcards, like this:

* user=i...@mydomain.com lrwsi

where the "*" wildcards means all groups.

I have verified and so the configuration is perfect, the user can not 
delete their own messages




The fact remains that on the wiki dovecot ACL these steps, in the case 
of virtual users, are not clear, at least in my opinion.  :-)


I hope at least that my experience can be of assistance to other users.


Many many thanks!

Davide

ACL and virtual user

2017-05-15 Thread Davide Marchi 

Hi friends,

I would like to remove write rights for a specific virtual user/email 
address.
I've read the wiki "https://wiki2.dovecot.org/ACL; but there is nothing 
about it.



So I started reading and rereading some old ML, like this: 
https://www.dovecot.org/list/dovecot/2006-June/013683.html where they 
talk about something like that
but I would like to implement current guidelines for the "Global ACL 
file" and for virtual user.


So I've try:


* user=foo lrw
Public user=bar lrwstipekxa
Public/* user=bar lrwstipekxa


But in my case for virtual user, so I tried (obviously I changed the 
email address with a generic one):



--
#user=i...@mydomain.com lrwsi
--

Log:
May 15 10:40:44 server dovecot: imap(i...@mydomain.com): Error: Global 
ACL file /etc/dovecot/dovecot-acl line 1: Unknown ID 'lrwsi'



--
#owner
#user=info at mydomain.com lrwsi
--

Log:
May 15 10:47:58 server dovecot: imap(i...@mydomain.com): Error: Global 
ACL file /etc/dovecot/dovecot-acl line 1: Missing ACL rights



--
#user=info at mydomain.com lrwsi
--

Log:
May 15 10:51:57 server dovecot: imap(i...@mydomain.com): Error: Global 
ACL file /etc/dovecot/dovecot-acl line 2: Unknown ID 'at'





But none of these gave results,
could you explain better or gime me an example?


Many many thanks!

Davide
Italy

Strange result searching over fts_solr

2016-09-05 Thread Davide Marchi 
log/dovecot/dovecot-lmtp-err.log
mail_fsync = optimized
mail_plugin_dir = /usr/local/lib/dovecot
mail_plugins = " notify zlib quota fts fts_solr stats acl mail_log
sieve"
postmaster_address = postmas...@mail.cgilfe.it
rejection_reason = Il sistema ha rifiutato automaticamente il messaggio
destinato a <%t> per il seguente motivo:%n%r
rejection_subject = Messaggio Rifiutato: %s
submission_host = 127.0.0.1
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
tb-lsub-flags
imap_max_line_length = 64 k
mail_plugin_dir = /usr/local/lib/dovecot
mail_plugins = " notify zlib quota fts fts_solr stats acl imap_quota
mail_log antispam imap_zlib imap_stats imap_acl"
}
protocol lda {
auth_socket_path = /usr/local/var/run/dovecot/auth-userdb
deliver_log_format = msgid=<%f>-<%s>-%m: %$
hostname = mail.cgilfe.it
info_log_path = /var/log/dovecot/dovecot-lda.log
log_path = /var/log/dovecot/dovecot-lda-err.log
mail_fsync = optimized
mail_plugin_dir = /usr/local/lib/dovecot
mail_plugins = " notify zlib quota fts fts_solr stats acl mail_log
sieve"
postmaster_address = postmas...@mail.cgilfe.it
rejection_reason = Il sistema ha rifiutato automaticamente il messaggio
destinato a <%t> per il seguente motivo:%n%r
rejection_subject = Messaggio Rifiutato: %s
submission_host = 127.0.0.1 

-- 
DAVIDE MARCHI
Teorema Ferrara Srl
Via Spronello 7 - FERRARA - 44121
Tel. 0532783161 Fax. 0532783368 

デイヴイツド 

THIS EMAIL AND ANY FILES TRANSMITTED WITH IT ARE CONFIDENTIAL AND
INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHOM THEY ARE
ADDRESSED. IF YOU HAVE RECEIVED THIS EMAIL IN ERROR PLEASE NOTIFY THE
SYSTEM MANAGER. THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION AND IS
INTENDED ONLY FOR THE INDIVIDUAL NAMED. IF YOU ARE NOT THE NAMED
ADDRESSEE YOU SHOULD NOT DISSEMINATE, DISTRIBUTE OR COPY THIS E-MAIL.
PLEASE NOTIFY THE SENDER IMMEDIATELY BY E-MAIL IF YOU HAVE RECEIVED THIS
E-MAIL BY MISTAKE AND DELETE THIS E-MAIL FROM YOUR SYSTEM. IF YOU ARE
NOT THE INTENDED RECIPIENT YOU ARE NOTIFIED THAT DISCLOSING, COPYING,
DISTRIBUTING OR TAKING ANY ACTION IN RELIANCE ON THE CONTENTS OF THIS
INFORMATION IS STRICTLY PROHIBITED.

LMTP with alias addresses

2016-04-06 Thread davide marchi 
Hi, my problem is this:
if i use lmtp for delivery and lookup for real_virtual_u...@mydomain.com
all function perfectly and mails are delivered correctly (quota and
presence of user also)

but if i send an email to real_alias_addr...@mydomain.com LMTP service
(it's an alias containing several users)  dosen't find user.
How can i resolve this problem? for completeness my system users is based
on vpopmail userdb