[Dovecot] Using sork-passwd from Horde to change dovecot password

[Eduardo M KALINOWSKI]

   I'm using in my server dovecot and Horde to provide IMAP and Webmail 
for virtual users. Their password are stored in a passwd file, since the 
setup is quite simple and small. I'd like to use the Horde module 
sork-passwd to allow changing of the passwords. Apparently, this can be 
done for the case of passwd file by using an expect script, or simply 
calling a program that receives the data.


   It should not be hard to write a Perl (or Python, or whatever) 
script that does that. I'm just asking if someone has already done that 
and is willing to share the solution.

Re: [Dovecot] Using sork-passwd from Horde to change dovecot password

[Eduardo M KALINOWSKI]

Eduardo M KALINOWSKI wrote:
>I'm using in my server dovecot and Horde to provide IMAP and
> Webmail for virtual users. Their password are stored in a passwd file,
> since the setup is quite simple and small. I'd like to use the Horde
> module sork-passwd to allow changing of the passwords. Apparently,
> this can be done for the case of passwd file by using an expect
> script, or simply calling a program that receives the data.
>
>It should not be hard to write a Perl (or Python, or whatever)
> script that does that. I'm just asking if someone has already done
> that and is willing to share the solution.
OK, since apparently nobody needed that before, here's a quick and dirty
solution. There is lots of room for improvement, but it Works For Me
(and My Setup). First, this goes in the passwd's backends.php:

$backends['dovecotpasswdfile'] = array(
'name' => 'localhost',
'password policy' => array(),
'driver' => 'procopen',
'params' => array(
'program' => '/usr/local/bin/chdovecotpw'
)
);

The script is attached. A big problem is that I had to pass the password
in the command-line, because dovecotpw seems to play tricks in order to
read the input, simply writing the password twice to its STDIN does not
seem to work.


-- 
Não deixe a escola atrapalhar seus estudos.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

#!/usr/bin/perl -w
use strict;
use warnings;

use Time::HiRes qw(usleep);

### Settings
# Only %u, %n & %d are supported in PASSWORD_FILE and USER_FORMAT!
# Location of the password file
my $PASSWORD_FILE = '/home/vmail/%d/db/passwd';
# Leave undefined if users are listed in the passwd file in the same
# way they are received; or specify the format they appear in the passwd
# file.
#my $USER_FORMAT   = undef;
my $USER_FORMAT   = '%n';
# Location of dovecotpw binary
my $DOVECOTPW = '/usr/sbin/dovecotpw';
# Hash method to use
# Methods which require the username are not supported
my $METHOD= 'CRAM-MD5';
# Place to store logs
my $LOGFILE = '/var/log/horde/passwd.log';


### Exit codes:
# 1: Not all parameters were specified
# 2: Could not open pipe to dovecotpw
# 3: Error reading hash from dovecotpw pipe
# 4: Could not open passwd file
# 5: User not found
# 6: Could not open temporary passwd file for writing
# 7: Error in final rename
# 100: Wrong password informed

sub execute {
my ($inputuser, $oldpassword, $newpassword) = read_input();

my ($user, $passwdlocation) = substitute_variables($inputuser);

check_password($user, $oldpassword, $passwdlocation);

write_new_password($user, $newpassword, $passwdlocation);
}

sub read_input {
my $username= ;
my $oldpassword = ;
my $newpassword = ;
if (!$username || !$oldpassword || !$newpassword) {
print "Internal error\n";
print $::fLog "ERROR: Did not receive all parameters\n";
print $::fLog "--- Ended in error! ---\n";
close($::fLog);
exit 1;
}

chomp($username);
chomp($oldpassword);
chomp($newpassword);

return ($username, $oldpassword, $newpassword);
}

sub generate_hash {
my ($password, $method) = @_;

my $pwpipe;
my $result = open($pwpipe, "-|");
if (!defined($result)) {
print "Internal error\n";
print $::fLog "ERROR: Could not open pipe to dovecotpw\n";
print $::fLog "--- Ended in error! ---\n";
close($::fLog);
exit 2;
}
if ($result == 0) {
if (!exec($DOVECOTPW, "-s", $method, "-p", $password)) {
print "Internal error\n";
print $::fLog "ERROR: Could not open pipe to dovecotpw\n";
print $::fLog "--- Ended in error! ---\n";
close($::fLog);
exit 2;
}
}

my $hash = <$pwpipe>;
if (!$hash) {
print "Internal error\n";
print $::fLog "ERROR: Error reading hash from dovecotpw pipe\n";
print $::fLog "--- Ended in error! ---\n";
close($::fLog);
exit 3;
}

chomp($hash);
return $hash;
}

sub get_hash {
my ($user, $passwdlocation) = @_;

my $pwfile;
if (!open($pwfile, '<', $passwdlocation)) {
print "Internal error\n";
print $::fLog "ERROR: Could not open passwd file\n";
print $::fLog "--- Ended in error! ---\n";
close($::fLog);
exit 4;
}

my ($hash, $method);
while (<$pwfile>) {
  chomp;
  my ($thisuser, $thishash) = split(/:/);
  if ($thisuser eq $user) {
$hash = $thishash;
last;
  }
}
close($pwfile

[Dovecot] v1.0.13: maildirfolder not being created

[Eduardo M KALINOWSKI]

Hi,

I'm using version 1.0.13 of dovecot. I know it's somewhat dated, but
that's the latest that Debian etch offers, and I would like to avoid
compiling by myself if possible.

dovecot is not creating the 'maildirfolder' in folders that are
created via IMAP. Looking at the NEWS file, this was implemented in
v1.0.rc7, so my version should have that working already. Is there
anything else that needs to be done?

Here's dovecot -n:
# 1.0.13: /etc/dovecot/dovecot.conf
log_path: /var/log/dovecot/main.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
ssl_cert_file: /etc/ssl/certs/server.pem
ssl_key_file: /etc/ssl/private/server.pem
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_processes_count: 1
first_valid_uid: 100
mail_privileged_group: mail
mail_location:
maildir:/home/vmail/%d/%n/INBOX:INDEX=/home/vmail/%d/%n/dovecotidx
mail_plugins: quota imap_quota
auth default:
  mechanisms: plain login cram-md5
  passdb:
driver: passwd-file
args: /home/vmail/%d/db/passwd
  passdb:
driver: pam
  userdb:
driver: static
args: uid=104 gid=8 home=/home/vmail/%d/%n
  userdb:
driver: passwd
  socket:
type: listen
client:
  path: /var/run/dovecot/auth-client
  mode: 438
plugin:
  quota: maildir:ignore=Trash

-- 
I want the presidency so bad I can already taste the hors d'oeuvres.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] v1.0.13: maildirfolder not being created

[Eduardo M KALINOWSKI]

Timo Sirainen wrote:
> On Jun 22, 2008, at 4:52 PM, Eduardo M KALINOWSKI wrote:
>> Hi,
>>
>>I'm using version 1.0.13 of dovecot. I know it's somewhat dated, but
>> that's the latest that Debian etch offers, and I would like to avoid
>> compiling by myself if possible.
>>
>>dovecot is not creating the 'maildirfolder' in folders that are
>> created via IMAP. Looking at the NEWS file, this was implemented in
>> v1.0.rc7, so my version should have that working already. Is there
>> anything else that needs to be done?
>
> I haven't touched that code for a long time. I just tested with 1.0.15
> and it is created correctly. There isn't really anything in
> configuration that should break it either.. Well, you could always see
> if it gets created manually:
>
> telnet localhost 143
> x login user pass
> y create testbox
>
> And then check again for sure that there's no maildirfolder in
> /home/vmail/%d/%n/INBOX/.testbox/

I've made this test, and found out that the maildirfolder is created if
there is no dovecot-shared file in INBOX/. But if there is, then it does
not get created.

> If there really isn't, you could see if strace shows something useful.
> Before the testbox creation run "strace -p " and
> post the output.

I've done that, and apparently dovecot isn't even trying to create the
maildirfolder file:
Process 32277 attached - interrupt to quit
gettimeofday({1214144259, 856957}, {240, 0}) = 0
gettimeofday({1214144259, 856996}, NULL) = 0
epoll_wait(4, {}, 3, 7450)  = 0
gettimeofday({1214144267, 306066}, {240, 0}) = 0
gettimeofday({1214144267, 306107}, NULL) = 0
epoll_wait(4, {{EPOLLIN, {u32=135105032, u64=135105032}}}, 3, 1) = 1
gettimeofday({1214144272, 528408}, {240, 0}) = 0
read(0, "4 create test3\n", 4096)   = 15
setsockopt(1, SOL_TCP, TCP_CORK, [1], 4) = 0
stat64("/home/vmail/kalinowski.com.br/test/INBOX/.test3", 0xbf9350ac) =
-1 ENOENT (No such file or directory)
stat64("/home/vmail/kalinowski.com.br/test/INBOX/dovecot-shared",
{st_mode=S_IFREG|0640, st_size=0, ...}) = 0
umask(027)  = 077
mkdir("/home/vmail/kalinowski.com.br/test/INBOX/.test3/cur", 0777) = -1
ENOENT (No such file or directory)
mkdir("/home/vmail/kalinowski.com.br/test/INBOX/.test3", 0777) = 0
mkdir("/home/vmail/kalinowski.com.br/test/INBOX/.test3/cur", 0777) = 0
mkdir("/home/vmail/kalinowski.com.br/test/INBOX/.test3/new", 0777) = 0
stat64("/home/vmail/kalinowski.com.br/test/INBOX/.test3/tmp",
0xbf93505c) = -1 ENOENT (No such file or directory)
mkdir("/home/vmail/kalinowski.com.br/test/INBOX/.test3/tmp", 0777) = 0
chown32("/home/vmail/kalinowski.com.br/test/INBOX/.test3/cur", -1, 8) = 0
chown32("/home/vmail/kalinowski.com.br/test/INBOX/.test3/new", -1, 8) = 0
chown32("/home/vmail/kalinowski.com.br/test/INBOX/.test3/tmp", -1, 8) = 0
open("/home/vmail/kalinowski.com.br/test/INBOX/.test3/dovecot-shared",
O_WRONLY|O_CREAT|O_LARGEFILE, 0640) = 7
umask(077)  = 027
fchown32(7, -1, 8)  = 0
close(7)= 0
write(1, "4 OK Create completed.\r\n", 24) = 24
setsockopt(1, SOL_TCP, TCP_CORK, [0], 4) = 0
gettimeofday({1214144272, 529943}, NULL) = 0
epoll_wait(4, {}, 3, 4777)  = 0
gettimeofday({1214144277, 305725}, {240, 0}) = 0
gettimeofday({1214144277, 305758}, NULL) = 0
epoll_wait(4, {}, 3, 1) = 0
gettimeofday({1214144277, 306737}, {240, 0}) = 0
gettimeofday({1214144277, 306767}, NULL) = 0
epoll_wait(4, {{EPOLLIN, {u32=135105032, u64=135105032}}}, 3, 1) = 1
gettimeofday({1214144279, 474945}, {240, 0}) = 0
read(0, "", 4081)   = 0
write(2, "\1IConnection closed\n", 20)  = 20
epoll_ctl(4, EPOLL_CTL_DEL, 0, {0, {u32=135105032, u64=135105032}}) = 0
close(0)= 0
close(1)= 0
epoll_ctl(4, EPOLL_CTL_DEL, 2, {0, {u32=135099264, u64=135099264}}) = 0
munmap(0xb7f68000, 10336)   = 0
munmap(0xb7e27000, 39884)   = 0
close(3)= 0
epoll_ctl(4, EPOLL_CTL_DEL, 5, {0, {u32=135099168, u64=135099168}}) = 0
close(5)= 0
close(6)= 0
close(4)= 0
exit_group(0)   = ?
Process 32277 detached


-- 
I bought some used paint. It was in the shape of a house.
-- Steven Wright

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

[Dovecot] v1.1.1: Some files not created with dovecot-shared permissions

[Eduardo M KALINOWSKI]

Hi,

   I use dovecot-shared to add read permissions to the group in my mail 
server, which uses virtual users. This is only to ease backups.


   However, a few files are not created with the permissions in 
dovecot-shared. I've seen this happen to 'subscriptions', 
'maildirfolder' (when dovecot-shared exists; the change to correctly 
create maildirfolder in this case is very recent), and possibly 
'maildirsize' (I'm not sure about this one, it might be exim that is 
creating it with wrong permissions.)


This has been tested in recent snapshot package, from the Debian 
repository listed at http://wiki.dovecot.org/PrebuiltBinaries. Here's 
dovecot -n for reference:

# 1.1.1: /etc/dovecot/dovecot.conf
log_path: /var/log/dovecot/main.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_processes_count: 1
first_valid_uid: 100
mail_privileged_group: mail
mail_location: 
maildir:/home/vmail/%d/%n/INBOX:INDEX=/home/vmail/%d/%n/dovecotidx

mail_plugins: quota imap_quota
auth default:
 mechanisms: plain login cram-md5
 passdb:
   driver: passwd-file
   args: username_format=%n /home/vmail/%d/db/passwd
 passdb:
   driver: pam
 userdb:
   driver: static
   args: uid=104 gid=8 home=/home/vmail/%d/%n
 userdb:
   driver: passwd
 socket:
   type: listen
   client:
 path: /var/run/dovecot/auth-client
 mode: 438
plugin:
 quota: maildir

Re: [Dovecot] Disable POP

[Eduardo M KALINOWSKI]

Carlos Williams escreveu:

I am running Dovecot and wanted to make sure that to disable POP3
access on the MDA is as simple as removing the POP lines:

protocols = imap imaps pop3 pop3s
imap_listen = *
pop3_listen = *
imaps_listen = *
pop3s_listen = *

Do I need to modify anything else or am I looking in the totally wrong section


Remove "pop3 pop3s" from the protocols list, that is enough. You can 
even leave the _listen lines for pop3. (But those are just the defaults, 
so you could remove them anyway.)

Re: [Dovecot] Sorting Mail

[Eduardo M KALINOWSKI]

Carlos Williams escreveu:

I was wondering if Dovecot has the ability to sort email scored by
Spamassassin? I know many people use Procmail for sorting but I was
wondering if Dovecot can do the job or should I just use Procmail on
my Linux (Postfix) server to sort email in specific folders?

I have not yet installed Dovecot and or Procmail on the Postfix / Debian server.

I would be installing the latest version avialable in apt-get = 1.0.13.
  


The Dovecot LDA has Sieve filtering support. It can save spam in a 
different folder based on a header added by SpamAssassin.

Re: [Dovecot] Root folder path problem

[Eduardo M KALINOWSKI]

Yavuz Maslak wrote:
> As I said previous my mail, if I don't set any value in "Root folder path"
> option, my sent mails are stored in main "sent items" of Outlook Express.
> These mails aren't stored "sent items" of imap section.

I think this is a problem with Outlook Express, not dovecot.

I remember that there is an option that specifies where to save sent
mails. It's somewhere in the account setup, IIRC. You probably want to
set that.

-- 
Save the whales.  Collect the whole set.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Root folder path problem

[Eduardo M KALINOWSKI]

Charles Marcus escreveu:

On 7/15/2008, Ed W ([EMAIL PROTECTED]) wrote:

Thunderbird is also appalling with attachments, downloading the whole
message once so that you can read the few KB of text, then
downloading the whole message AGAIN when you open up the
attachment... Durr.


I don't see it doing that... are you sure?


Here the behaviour is the same. Quite annoying, but I don't think it is 
a problem with the IMAP server, it seems to be the client. I remeber it 
doing that with Gmail's IMAP too, when I used it.

Re: [Dovecot] v1.1.1: Some files not created with dovecot-shared permissions

[Eduardo M KALINOWSKI]

Timo Sirainen escreveu:

As for subscriptions and maildirsize .. well, those are more difficult
and I'm not sure if I should do such a change for v1.1.x releases
anymore since it would change the behavior.
  


maildirsize is actually quite discardable, so it's not a big deal.

However, the subscriptions file is somewhat important to backup (even if 
not essential), so that the users do not have to set their subscriptions 
agains should disaster happen.


The solution you mentioned in the other message seems fine.

Re: [Dovecot] Server-side sieve for client-side copies

[Eduardo M KALINOWSKI]

Daniel L. Miller escreveu:
My understanding is that sending a message from a client (use 
Thunderbird for simplicity of this conversation) is performed via 
SMTP.  Saving a copy into a sent folder is performed via IMAP (hence 
the multiple transfers to the server).  Now that I've laid a 
background - let's make it Dovecot specific.  I don't know how 
"behind-the-scenes" Dovecot performs the act of saving mail messages 
that it receives from IMAP, instead of SMTP.  Specifically, if I'm 
using sieve filters via deliver - can I setup a filter that will place 
mail copies to specific recipients into specific subfolders?


Thunderbird and other mail clients store a copy of the sent message by 
using the IMAP APPEND command, which is a generic command to store a 
mail message (or anything else, if you are brave enough) in a mailbox.


Sieve filters are run for messages that are received via SMTP (usually 
from another host), and need to be saved in the user's mailbox. 
(Provided the mail server is configured to use dovecot's deliver to do 
that.)


So, in short, these are two very different processes, and no filtering 
is done for messages saved in a folder (such as Sent).

Re: [Dovecot] Server-side sieve for client-side copies

[Eduardo M KALINOWSKI]

Daniel L. Miller escreveu:
The question:  can Dovecot be configured to support sieve filters on 
IMAP (not just SMTP) operations (Eduardo helped me here - so I'll 
specifically ask about the APPEND command).


If not , I'll make that a feature-request - "Timo, can Dovecot be 
modified to support sieve-filters on APPEND operations?".  Failing 
that, can some specific operation subsets of sieve be supported on a 
cron-like basis?  My understanding is that operations involving 
indexes are extremely fast - and that things like sender/recipient are 
included in the indexes.  So filters based on sender/recipient might 
be possible?




At this moment it can't. And as a matter of fact, I doubt it ever will, 
because it doesn't really make sense.


I'm no expert in the IMAP protocol, but as far as I understand, the 
APPEND command is used to store a new mail in a given mailbox. It would 
not make sense to run a filter to store the message somewhere other than 
where the client asked when using that command (just to use the specific 
example).

Re: [Dovecot] Server-side sieve for client-side copies

[Eduardo M KALINOWSKI]

Daniel L. Miller escreveu:
So, without changing the MUA/MTA/IMAP interaction, the IMAP server 
will simply file new messages according to user-set rules.  Doesn't 
address the multiple-transfer issue at all, but does provide an option 
for centralized control of message filing.


With the APPEND command, storing the mail somewhere that is not the 
default location would be a violation of the protocol:


6.3.11. APPEND Command

  Arguments:  mailbox name
  OPTIONAL flag parenthesized list
  OPTIONAL date/time string
  message literal

  Responses:  no specific responses for this command

  Result: OK - append completed
  NO - append error: can't append to that mailbox, error
   in flags or date/time or message text
  BAD - command unknown or arguments invalid

 The APPEND command appends the literal argument as a new message
 to the end of the specified destination mailbox.  This argument
 SHOULD be in the format of an [RFC-2822 
] message.


The simplest solution would be, as already mentioned, configure the 
client to BCC yourself, and filter that message. (And disable the 'Store 
copy of sent mails' option.) I do not think running filters for 
APPEND'ed messages is an option (even if one not active by default).

[Dovecot] Seen flag in maildir filename not being respected

[Eduardo M KALINOWSKI]

Hi,

I'm using dovecot 1.1.2 (but I've noticed this since 1.1.1 which I
was using until yesterday). It seems dovecot is ignoring the "S" flag in
Maildir filenames, and is relying only in its Index Files to determine
if a message has been read or not.

I say that because if I delete the dovecot.index.* files for a mail
folder, all the mails in there appear as unread. Also, I've tried
accessing the maildir directly (using heirloom-mailx, but mutt should
have done, too) and reading a new message. The file name was changed to
add a "S" to the end, but this message was still marked as "unread" when
the mail folder was accessed via IMAP.

The flags R, F and T are correctly read from the filename if no
index is present. I haven't tested the other flags.

I'm using dovecot's deliver, and it creates filenames such as
"1217450416.M77457P5201.mail.kalinowski.com.br,S=1377,W=1411:2,S", that
is, perfectly fine.

dovecot -n:
# 1.1.2: /etc/dovecot/dovecot.conf
log_path: /var/log/dovecot/main.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
ssl_cert_file: /etc/ssl/certs/server.pem
ssl_key_file: /etc/ssl/private/server.pem
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_processes_count: 1
first_valid_uid: 100
mail_privileged_group: mail
mail_location:
maildir:/home/vmail/%d/%n/INBOX:INDEX=/home/vmail/%d/%n/dovecotidx
mail_plugins: quota imap_quota zlib
auth default:
  mechanisms: plain login cram-md5
  passdb:
driver: passwd-file
args: username_format=%n /home/vmail/%d/db/passwd
  passdb:
driver: pam
  userdb:
driver: static
args: uid=104 gid=8 home=/home/vmail/%d/%n
  userdb:
driver: passwd
  socket:
type: listen
client:
  path: /var/run/dovecot/auth-client
  mode: 438
master:
  path: /var/run/dovecot/auth-master
  mode: 384
  user: vmail
  group: mail
plugin:
  quota: maildir
  quota_rule: ?:storage=0
  quota_rule2: Trash:ignore
  quota_rule3: Spam:ignore
  quota_rule4: Spam.Errado:ignore
  sieve: /home/vmail/%d/db/sieves/%n.sieve

Re: [Dovecot] Seen flag in maildir filename not being respected

[Eduardo M KALINOWSKI]

Timo Sirainen wrote:
> Do you have dovecot-shared file in the maildir? If it exists, Dovecot
> uses only its index file for storing \Seen flags (to get per-user
> \Seen flags with shared mailboxes).

I do, to set the owner/group and mode of files. (The mailboxes aren't
really shared, actually.) Any workarounds?

-- 
Despite all appearances, your boss is a thinking, feeling, human being.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] related, but off-topic: how to allow users to change password?

[Eduardo M KALINOWSKI]

Sahil Tandon wrote:
> My dovecot is currently configured to authenticate vs. a userdb/passdb 
> passwd-file that contains, for each user:
>
> username:passhash:5000:5000::/path/to/home::userdb_mail=/path/to/maildir
>
> Is it possible to let users authenticate and change their passwords?  There 
> are some webmail client add-ons that allow such things if users are system 
> accounts or in a MySQL/LDAP db.  Does anyone else use passdb/userdb 
> passwd-files like above and have a method for allowing users to change their 
> passwords from the web?
>
> Sorry for the slightly off-topic question, but hoping another Dovecot admin 
> has solved this problem.  Preference is to not to be tied to any particular 
> webmail client just for this change password feature.
>   

There isn't a general utility to do that. I wrote a simple script for
one such case, namely sork-passwd from the Horde suite. The script just
receives the username, old password and new password from stdin and then
changes the password entry in a file. But I'm using only passwd files,
without the extra fields in a userdb file. Besides that, there are other
things that could have been done in a better way.

If you want to take a look, I posted it here some time ago:
http://www.dovecot.org/list/dovecot/2008-June/031629.html

-- 
Never do today what you can put off until tomorrow.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] related, but off-topic: how to allow users to change password?

[Eduardo M KALINOWSKI]

Sahil Tandon wrote:
> Eduardo M KALINOWSKI <[EMAIL PROTECTED]> wrote:
>
>   
>> There isn't a general utility to do that. I wrote a simple script for
>> one such case, namely sork-passwd from the Horde suite. The script just
>> receives the username, old password and new password from stdin and then
>> changes the password entry in a file. But I'm using only passwd files,
>> without the extra fields in a userdb file. Besides that, there are other
>> things that could have been done in a better way.
>>
>> If you want to take a look, I posted it here some time ago:
>> http://www.dovecot.org/list/dovecot/2008-June/031629.html
>> 
>
> Thanks Eduardo.  That looks like something I might've been able to modify 
> for our needs but using it with sork would require us to install the 
> entire Horde, which we do not want

If you have another similar application that can output the
username/password parameters (or can write one easily), the
password-changing script should be easy to adapt to that case.

-- 
You know you have a small apartment when Rice Krispies echo.
-- S. Rickly Christian

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] dovecot-auth requires userdb, but already configured

[Eduardo M KALINOWSKI]

Carl Vondrick wrote:
> Greetings!
>
> My ultimate goal is to have fetchmail/getmail poll from POP3/IMAP servers
> and deliver mail into Dovecot mailboxes.  This does not work because the
> Dovecot LDA for some reason fails.
>
> I believe I have narrowed down the problem to dovecot-auth not finding my
> userdb.  But, I am able to connect to dovecot via IMAP in my MUA and preform
> operations (read, delete mail, create folders).  This leads me to believe my
> userdb is setup correctly.
>
> Does anyone have any idea as to why dovecot-auth would not find my userdb?
> (Configuration is below).

Are you using virtual users? In this case, Dovecot's deliver needs a
master socket to get user information from. See instructions at
http://wiki.dovecot.org/LDA .

-- 
FORTRAN is the language of Powerful Computers.
    -- Steven Feiner

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] virtual domains and SSL certificates

[Eduardo M KALINOWSKI]

Kacper Wysocki escreveu:

Hi all,

I have dovecot 1.1.0 setup to access vpopmail accounts for several
virtual domains.
Dovecot IMAP is accessed through several virtual domains as well, ie
mail.foo.com an d mail.bar.com
The problem is that the configuration file specifies only one
certificate file for dovecot, which means only one Common Name, which
means one cannot provide one server cert that will match mail.foo.com
AND mail.bar.com, and either [EMAIL PROTECTED] or [EMAIL PROTECTED] will get a
"Security Error: Domain Name Mismatch" in their mail client when
connecting through IMAPS.

How can I avoid this domain name mismatch error?
  


a) Use a single host name for all domains.

b) If you really want different hostnames for all domains, you'll need 
one IP address for each domain. Dovecot can at this moment listen on 
several addresses, but it only uses one SSL certificate for all of them, 
which means you would need several dovecot instantes running.


Which leads us to the request: could it be that in a future version one 
could select a different certificate for each IP that Dovecot listens to?

Re: [Dovecot] Expire Plugin - LDA with Vpopmail errors

[Eduardo M KALINOWSKI]

Ron Culler wrote:
> I am trying to setup Dovecot to use the expire plugin and wanted to use
> the LDA so I can ensure the messages are indexed as they are delivered
> to the mailboxes. This system is only accessed via a webmail interface
>
> Using dovecot-1.1.2 and Vpopmail with Qmail
>
> Dovecot.conf file
> [snip]
>
> I see errors in the /var/log/dovecot-deliver.log deliver ([EMAIL PROTECTED])
> Error: Can't connect to auth server at
> /usr/local/var/run/dovecot//auth-master: no such file or directory.
>
> What do I need to do to create this?  

A "socket master" definition in the config file, as described in
http://wiki.dovecot.org/LDA .

-- 
Insults are effective only where emotion is present.
    -- Spock, "Who Mourns for Adonais?"  stardate 3468.1

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] problems with sieve and lda

[Eduardo M KALINOWSKI]

Harondel J. Sibble wrote:
> Following the wiki here for system users
>
> http://wiki.dovecot.org/LDA/Postfix
>
> I never get any info in the logs about cmusieve, the only way I see anything 
> show up is if I add the transport settings to postfix/master.cf or see below
>
> >From reading the list archives, as best as I can tell, the only time I need 
> to make the changes in postfix's master.cf is if I am using a virtual 
> environment, otherwise for local delivery, all I need is the mailbox_command 
> setting in postfix/main.cf
>
> However with that setting, I get nothing! If I then run deliver from the 
> command line as per a couple of mailling postings,
>
> cat /etc/hosts | /usr/libexec/dovecot/deliver -d [EMAIL PROTECTED] -f 
> [EMAIL PROTECTED]
>
> I get 
>
> deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Loading modules 
> from directory: /usr/lib/dovecot/lda
> deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Module loaded: 
> /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so
> deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Error: Can't connect to 
> auth server at /var/run/dovecot/auth-master: No such file or directory
>   

To use -d ACCOUNT, you need a master socket where deliver looks up user
information: see the "Virtual Users" section in
http://wiki.dovecot.org/LDA . But if you are not using virtual users
(and only used -d to test), you should not need it.

How are you calling deliver in postfix? Do you see in postfix's logs the
messages being handled to deliver?


-- 
Deadwood, n.:
Anyone in your company who is more senior than you are.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Auto Vacation replies again

[Eduardo M KALINOWSKI]

CJ Keist escreveu:

Stephan,
   Thank you.  I understand what you are saying in trying to keep a
vicious cycle of auto-replies responding to each other.  But in our
environment I don't have any choice as our central virus/spam email
gateway will can any message without a valid from address in the headers


The messages do have a valid from address in the headers - but their 
Envelope From address is empty, as the RFC recommends. These are two 
different things.

Re: [Dovecot] Webmail app ... again.

[Eduardo M KALINOWSKI]

Timo Sirainen escreveu:
I've heard that imapproxy isn't all that useful with Dovecot once auth 
cache is enabled and set large enough. It'll then just basically 
replace Dovecot's process fork(s) with the overhead of its own.


If I understand Dovecot's auth caching, it will save DB lookups (or 
sequential passwd-file lookups, etc), but it will still need to spawn a 
new imap process for each connection the webmail does.


With imapproxy, the process will be kept running for a couple minutes 
after the webmail disconnects that connection and will be reused if a 
new request is made in sequence.

Re: [Dovecot] Webmail app ... again.

[Eduardo M KALINOWSKI]

Timo Sirainen wrote:
> On Aug 15, 2008, at 2:22 PM, Eduardo M KALINOWSKI wrote:
>> If I understand Dovecot's auth caching, it will save DB lookups (or
>> sequential passwd-file lookups, etc), but it will still need to spawn
>> a new imap process for each connection the webmail does.
>>
>> With imapproxy, the process will be kept running for a couple minutes
>> after the webmail disconnects that connection and will be reused if a
>> new request is made in sequence.
>
>
> Yes, but is it worth it to keep an extra daemon proxying all TCP
> connetions to IMAP server just to save a some imap process creations?

Good question, only benchmarking could tell, and the results would
probably vary between different machines, operating systems and
architectures.

> v2.0 hopefully allows this kind of "wait a couple of minutes before
> dying" natively.

That would be really nice.

-- 
BOFH excuse #52:

Smell from unhygienic janitorial staff wrecked the tape heads

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] POP3 dictionary attacks

[Eduardo M KALINOWSKI]

Charles Marcus wrote:
> Dictionary attacks are a fact of life these days.
>
> Just install some kind of blocking on your firewall (fail2ban is a good
> one), and let it take care of the worst of it..

I wonder what  they want by cracking a POP3 server. Read the user's
mails? It's true POP3 passwords are almost always equal to SMTP ones
(which is useful for spamming), but then why not try to crack the SMTP
server directly?

-- 
The bomb will never go off.  I speak as an expert in explosives.
-- Admiral William Leahy, U.S. Atomic Bomb Project

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] compile with ssl support

[Eduardo M KALINOWSKI]

Catalin Ciubotariu escreveu:
> I did'nt know that  i have to install first SSL then recompile with 
> CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib ./configure
>
> it's ok now but the server does not accept the password
>
> There was a problem logging onto your mail server. Your User Name was 
> rejected. Account: '10.10.10.4', Server: '10.10.10.4', Protocol: POP3, Server 
> Response: '-ERR Plaintext authentication disallowed on non-secure 
> connections.', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error 
> Number: 0x800CCC91
>   

Your client is not connecting with SSL. I guess that's not what you want.

In dovecot.conf, enable the protocol pop3s (right in the beginning), and
configure your clients to use SSL. The default port for POP3 over SSL is
995, if I recall correctly.

Re: [Dovecot] Sieve fileinto a subfolder fails

[Eduardo M KALINOWSKI]

Rich McAllister wrote:
> I'm using Dovecot 1.0.10 on Ubuntu 8.04, using the packages from the
> distro; exim4 is my MTA and it's configured according to the
> instructions in the wiki, everything is working fine for delivery into
> the Maildir INBOX via Dovecot's LDA and reading mail via IMAP using
> Thunderbird.
>
> My habit on previous mail systems was to create a Lists folder and
> subfolders under Lists for each mailing list I subscribe to.  I tried
> to use Dovecot sieve to sort mail into the folders with sieve filters
> like
>
> require "fileinto";
> if header :contains "Subject" "[NCCC]" {
> fileinto "Lists/NCCC";
> } else {
> keep;
> }
>
> I created Lists/NCCC via Thunderbird (so I could set the "check this
> folder for new mail property") but when Dovecot tries to deliver into
> the folder, I get the log message
>
>  msgid=<...>: Couldn't open mailbox Lists/NCCC: Invalid mailbox name
>
> Is there some other syntax for specifying folder/subfolder names in
> Dovecot sieve, or do I just have to live with the folders all at the
> top level

Try fileinto "Lists.NCCC", the "." is the default folder separator.

It should be possible to change it to a "/" with namespaces, but it
would make a cosmetic change, and judging by other posts in the list, it
seems to cause a lot more trouble than benefits. :-)

-- 
My godda bless, never I see sucha people.
-- Signor Piozzi, quoted by Cecilia Thrale

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] question about OpenSSL with DC

[Eduardo M KALINOWSKI]

Stewart Dean escreveu:
> IBM recently changed both its delivery package for OpenSSL and the locations 
> it 
> put things.  Luckily, I have a second machine other than my mail server that 
> I 
> can test things on and DC 1.0.15 seems to be be running OK (thus I got all 
> the 
> configure/compilation tweaks right), but.is there anyway to check the DC 
> binaries to determine where it's getting its OpenSSl binaries and libraries 
> (needed at runtime)?
>   

On linux systems (and possibly other Unices), you can use 'ldd
/path/to/executable/file' to see the dynamic libraries it uses and where
are they loaded from.

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] umask and mails

[Eduardo M KALINOWSKI]

Nicolas Letellier wrote:
> Hello.
>
> I would like to have rights like 750 in my mailboxes
> (in /var/mail/vmails/domain.tld/user).
>
> http://wiki.dovecot.org/DovecotServerInstallations/RHEL/2_Users?highlight=(mask)
>
> I see an option called umask (in dovecot.conf). I set umask = 0750 in
> dovecot.conf.
>
> This option add good rights to directories, but not to the mail
> received (always in 700).
>
> Do you have a solution?
>   

That setting is deprecated, don't use it (it does not work anyway).

Create a file named 'dovecot-shared' in each of your folders, give it
the mode you want your files to have, and files will be created with
that mode. See http://wiki.dovecot.org/SharedMailboxes for details.

-- 
Pure drivel tends to drive ordinary drivel off the TV screen.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Sieve problem with 1.1.2

[Eduardo M KALINOWSKI]

[EMAIL PROTECTED] escreveu:
> Hello,
>
> I am new here, so excuse me if i am asking something already asked. I am
> using dovecot 1.1.2 along with postfix 2.6 and a pgsql backend. So far
> everything is great, until i wanted to try out the sieve implementation.
> I am using dovecot for deliver and i have set
>
> global_script_path = /home/vmail/globalsieverc
>
> The script IS working until a given user defines his own sieve script (
> for example ) :
>
> This ( or any other script for all i know ) breaks up the global one,
> and it stops working. The global script looks like this :
>
> Am i missing something, or this is the desired behaviour ?
>   

It is the documented behavior. (If this is desirable or not, that is
another question.) From http://wiki.dovecot.org/LDA/Sieve :

protocol lda {
..
  # If there is no user-specific Sieve-script, global Sieve script is
  # executed if set. (v1.0.1 and older used "global_script_path")
  #sieve_global_path =

...

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] filename format question

[Eduardo M KALINOWSKI]

Giorgenes Gelatti wrote:
> My company's current system (unfortunally) uses that non-standard format.
> The MTA writes in that format.
>
> I guess it would require a patch then?
>   

Yes. But since a patch is needed, I'd rather patch the MTA.

-- 
"In short, _N is Richardian if, and only if, _N is not Richardian."

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Maildirsize file isn't updated after doing POP

[Eduardo M KALINOWSKI]

Nitass Sutaveephamochanon escreveu:
> Hello,
>
> I have a problem about updating Maildirsize file. It seems that the 
> Maildirsize file is not updated after user does POP mail from his maildir. I 
> do not want to use any quota limitation in Dovecot. I only want Dovevot to 
> update the Maildirsize file after user retrieves his mail. The Maildirsize 
> file is created by Postfix. Would it be possible to do like this? How can I 
> configure it? Could you please advice me?
>   

Is the quota plugin loaded? You need it for Dovecot to maintain the
maildirsize.

Show us also the output of dovecot -n.

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] Panic in Dovecot 1.1.3: index-mail.c: line 1091: assertion failed: (!mail->data.destroying_stream)

[Eduardo M KALINOWSKI]

Timo Sirainen escreveu:
> On Wed, 2008-09-10 at 15:46 +0200, Peter Eriksson wrote:
>   
>> There seems to be a number of places in 'index-mail.c' that stores
>> 'time_t' values in 'uint32_t' variables.
>>
>> This might cause problems since 'time_t' is 64 bit on 64 bit Solaris
>> systems... (Definitely will cause some funny behaviour in the future
>> when time_t values won't fit inside 32 bits ints :-)
>> 
>
> It'll fit for the next 97 years. And I doubt it'll be a problem then
> anymore.
>   

That's how the Y2K bug started.:-)

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] Questions about using sieve

[Eduardo M KALINOWSKI]

Robin Atwood wrote:
> That was my impression! Since mail delivery is already working, I assumed I 
> do 
> not have to customise sendmail.cf. Is that not the case? I am not sure  I 
> understand this deliver thing, I thought in my case it actually meant 
> sendmail.

Your mail is being delivered by sendmail, so it's doing its job and
ignoring sieve completely. You'll have to configure sendmail to use
deliver to do the deliveries, and then it will use the sieve script.
Otherwise deliver is never called.

-- 
Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] two server and dbox

[Eduardo M KALINOWSKI]

[EMAIL PROTECTED] wrote:
> Dear users,
> I have a question about the storage dbox. Is it possible to deliver e-mails
> from two different lda? 
> I would have two independent servers working at the same time on nfs. 
> Is it possible since the e-mails name will be the same? 
>   

>From what I understand dbox is Maildir format with some improvements.
And Maildir requires filenames to be unique.

-- 
Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] [Dovecot 1.1.3] Strange problem with attachment download

[Eduardo M KALINOWSKI]

From: Thomas Gropp <[EMAIL PROTECTED]>
> I am testing Dovecot 1.1.3 at the moment to see if I can migrate from 
> UW-Imap(mbox) to Dovecot(maildir). Because I dont' want to influence the 
> production server I installed Dovecot on an ununsed computer with some 
> dummy-testusers using ssl and maildir. Installation was without any 
> problems and everything works fine with one exception: I cannot download 
> some attachments. If the attachment is a simple textfile or bitmap it's 
> ok, but everything else (pdf, zip, etc. - size doesn't matter) does not 
> work. Here is what happens:
> 
> 1) I right-click on the attached file -> "save as" (using Thunderbird 2)
> 2) I choose a target dir (no matter if local disk or nfs)
> 3) the download-dialog pops up and says: "starting"

I'd suggest trying first with another client to see if it's not an issue
with Thunderbird, which in my opinion is not very good at handling
attachments in imap.

Re: [Dovecot] [Dovecot 1.1.3] Strange problem with attachment download

[Eduardo M KALINOWSKI]

Ed W escreveu:
> Actually I agree with the OP.  Thunderbird "works" with attachments, but
> it's handling seems very creaky... (I'm a big fan of TB by the way!)
>
> Stuff which annoys me is that it seems to download the attachment every
> time it's needed and in particular it seems to download it instantly as
> soon as you open a message (OE only downloads the text and gets the
> attachment only if you access it - I get a bunch of MB sized attachments
> from time to time and opening these messages just to review the text of
> the message is very slow and ponderous)

That's what I had in mind. It receives the whole message (including
attachments), and after it's finished, if you want to save/view the
attachment, it downloads it again!


-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] dovecot-1.1.3 failure to install

[Eduardo M KALINOWSKI]

tonj wrote:
> not for a newbie no.
> what's a complier?
>   

Are you sure you need to install dovecot? And even if you do want an
IMAP server, do you feel confident enough to configure and maintain it?

-- 
Dry clean only.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] create folder automatically

[Eduardo M KALINOWSKI]

Seth Mattinen escreveu:
> Nicolas Letellier wrote:
>   
>> Hello.
>>
>> I install a sieve rule automatically when a mailbox is created, like:
>> if exists "X-Spam-Flag" {
>> fileinto "Junk";
>> stop;
>> }
>>
>> However, sometimes, this folder does not exist. How create it automatically?
>>
>> 
> It is created automatically (at least on mine it does).
>   

Indeed, the only way for deliver _not_ to create a folder that does not
exist is by giving the -n command line option, as stated in
http://wiki.dovecot.org/LDA .

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] create folder automatically

[Eduardo M KALINOWSKI]

From: Nicolas Letellier
> Indeed, the folder is created with the sieve rule (cf precedent mail). I
> see this line in my deliver log:
> 
> Oct  1 10:48:42 trinite deliver([EMAIL PROTECTED]):
> msgid=<[EMAIL PROTECTED]>: saved mail to Junk
> 
> However, when we connect us in the webmail, or download mail with IMAP,
> the folder is not present.
> 
> The folder is created, but no line about it is present in subscriptions
> file. So, the folder is not viewable.

If I remember correctly, recently it was added an option to deliver to 
autosubscribe to created folders. I think it is only available in the git 
version.

Re: [Dovecot] Any suggestions for backing up an imap server and whould maildir or dbox be better than mbox?

[Eduardo M KALINOWSKI]

From: Götz Reinicke
> Hi,
>
> we run a Red Hat EL 5.2 mailserver with dovecot as the imap server.
> Mails are stored in mbox format and there are about 134GB of mail.
>
> At the moment users copy their importent mail to their workstation
> accounts wich are backed up nightly.
>
> What are your suggestions to back up the mails not copied? Thanks for
> any comments.

You can simply rsync the whole mail store. Gets pretty efficient after the 
first run. Or take a look at rdiff-backup if you need to store previous copies.

> BTW: Dose changing the mailbox format from mbox to Maildir or dbox dose
> have any advantages?

I don't think it makes any difference in this case.

Re: [Dovecot] Zlib plugin question

[Eduardo M KALINOWSKI]

Ralf Hildebrandt wrote:
> http://wiki.dovecot.org/Plugins/Zlib
> says pop3 and imap can use this plugin.
>
> Does deliver also use it?

No, the zlib plugin is only for reading compressed messages/mailboxes.
You have to compress them manually.

-- 
 Knghtbrd: irc doesn't compile c code very well ;)

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Dovecot-sieve processing optimizations

[Eduardo M KALINOWSKI]

Seth Mattinen escreveu:
> Roderick A. Anderson wrote:
>   
>> I'm working at the next part of the virtual domains mail server.  I'm
>> moving this account ([EMAIL PROTECTED] is a forwarder) which has a bunch
>> of procmail rules to file into folders.
>>
>> My question is if it is more efficient is use?
>>
>> if  {
>>...
>> } elsif {
>>...
>> } elsif {
>>...
>> }
>> else
>>
>> This seems to be the way many of the example scripts do it but I found
>> at least one that used
>>
>> if {
>>...
>> }
>>
>> if {
>>...
>> }
>>
>> Which is more procmail like and for me reads easier.
>>
>> If not here where should I ask?
>>
>> 
>
> Well, both accomplish different things. In the first example, one and
> only one of the conditions will be executed. In the second one, more
> than one could possibly be executed.
>
> I've never looked at Sieve's code, but the first will stop at the first
> matching condition. In the second case, because you could make it do
> more than one thing, it must check each condition.
>   

If in each if you put a "finish" statement (or whatever is used to stop
processing the file), then the second one can be more efficient, since
it does not have to continue checking the file to see if there are
further conditions after the if/elseif/.../else block.

But in practice I doubt there is a practical difference between both.
You should use the one that is more readable for you.

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients

[Eduardo M KALINOWSKI]

Harondel J. Sibble wrote:
> dovecot -n
>
> # 1.1.4: /etc/dovecot.conf
> protocols: imaps pop3s
> ssl_listen(default): *:993
> ssl_listen(imap): *:993
> ssl_listen(pop3): *:995
> ssl_ca_file: /etc/openvpn/easy-rsa/keys/combined-ca-and-crl.crt
> ssl_cert_file: /etc/pki/dovecot/certs/dovecot-chained.cert
> ssl_key_file: /etc/pki/tls/private/server.myserver.net.key
> ssl_verify_client_cert: yes
> ssl_require_client_cert = yes
> verbose_ssl: yes
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/libexec/dovecot/imap-login
> login_executable(imap): /usr/libexec/dovecot/imap-login
> login_executable(pop3): /usr/libexec/dovecot/pop3-login
> mail_location: 
> mbox:~/mail:INBOX=/var/spool/mail/%u:INDEX=~/mail/.imap/indexes
> mail_debug: yes
> mail_executable(default): /usr/libexec/dovecot/imap
> mail_executable(imap): /usr/libexec/dovecot/imap
> mail_executable(pop3): /usr/libexec/dovecot/pop3
> mail_plugin_dir(default): /usr/lib/dovecot/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
> auth default:
>   mechanisms: plain login
>   debug: yes
>   debug_passwords: yes
>   ssl_require_client_cert: yes
>   passdb:
> driver: pam
>   userdb:
> driver: passwd
>   socket:
> type: listen
> client:
>   path: /var/spool/postfix/private/auth
>   mode: 432
>   user: postfix
>   group: postfix
>
> Interestingly enough the mode line in the dovecot.conf file is set as 0660, 
> not 432 as noted above?!?!?
>   
0660 (octal) = 432 (decimal), so the setting is OK.

-- 
Esperto é o homem que acredita em apenas metade do que lhe dizem.
Genial é o homem que sabe em que metade acreditar.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] dovecot delivery log

[Eduardo M KALINOWSKI]

jalal escreveu:
> Trying to debug a delivery problem recently (with Postfix) and I
> realized that Dovecot wasn't logging any of the delivery information.
> I'm using Postfix to recieve mail, which is passing it on to Dovecot's
> deliver to actually deliver the emails into the mail boxes.
>
> In dovecot.conf, I have:
> protocol lda {
>   log_path = /var/tmp/dovecot-deliver.log
> }
>
> Any clues as to how I can have a delivery log?
>   

That file will only log errors and abnormal conditions. To get
information on all deliveries, set info_log_path to the file you want.

-- 
Eduardo M Kalinowski
[EMAIL PROTECTED]

Re: [Dovecot] Enh-Req: Mark As Read When Delivered

[Eduardo M KALINOWSKI]

Neil wrote:
> I'm under the impression bug-reports are supposed to go to the list,  
> so hopefully it's okay if I put in a feature request here too  
> (assuming it's not already implemented; but it doesn't look like it).
>
> Basically, all I would like to do is be able to sometimes deliver mail  
> as already mail into mail boxes.  Is there some way to do this?
>
> If not, could a flag perhaps be added to deliver to do it?  (And  
> Sieve; but for now I think procmail still has much higher adoption,  
> and thus having it in deliver would be rather key...)
>   

You can do that with a sieve script, there's a feature (called imapflags
or something similar) that allows you to mark the e-mail as read.


-- 
The way of the world is to praise dead saints and prosecute live ones.
-- Nathaniel Howe

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] Unbreakable NFS locking issues...

[Eduardo M KALINOWSKI]

Well, you just posted your message three times...

Rod Treweek wrote:
> Yeah, typical rookie move by posting twice...didn't see my post, so went
> into the dovecot list setting for my account to adjust it to get a
> confirmation, and then sent the message again.  Really stupid, and I
> apologize.
>   

It's a gmail "feature": you do not see your own posts to a list, at
least not until you get a reply to them.


-- 
Bell Labs Unix -- Reach out and grep someone.

Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb

Re: [Dovecot] SSL certs per listen IP

[Eduardo M KALINOWSKI]

Ian P. Christian wrote:
> Does anyone else see a value in my putting this in as a feature
> request?  IMO it would be useful to have a whole list of IP/SSL
> mappings, or perhaps different certs on different ports. I will
> happily accept I'm in the minority though is no one else sees value in
> this.  I don't really want to run X number of instances of dovecot on
> my setup, as X might be reasonably high, and I'm running this on a low
> member virtual machine - if it weren't for having to run multiple
> processes, memory requirements would be very low.
>   

It would be nice, but it is hardly something essential.

I believe this feature is already planned by Timo for a future version.

-- 
I'm prepared for all emergencies but totally unprepared for everyday life.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] change sender name in Sieve

[Eduardo M KALINOWSKI]

Jakob Grießmann wrote:
> thanks a lot, will look into it. I have quite a few systems to
> maintain, so I think best would be to set-up my own repository, as
> your patching instructions otherwise would have to be done by hand on
> all machines, which is quite time consuming. :-)
>   

For one or two packages, you do not need to setup a repository, just
copy the .deb's and install them with dpkg -i.

-- 
Once you've tried to change the world you find it's a whole bunch easier
to change your mind.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] IMAP Folder permissions

[Eduardo M KALINOWSKI]

Stuart Gall escreveu:
> Hello,
> Happy new year.
> I have a dovecot with exim installation. I am using virtual users for  
> mail and IMAP.
> When dovecot creates a folder from imap user the permissions are  
> rwx--
> I need them to be rwxrwx---
>
> Is there a way to change this in the configuration file ?
>   

You need a dovecot-shared file. See
http://wiki.dovecot.org/SharedMailboxes for details.

-- 
Eduardo M Kalinowski
edua...@kalinowski.com.br

Re: [Dovecot] LDA - no bounces

[Eduardo M KALINOWSKI]

Andrzej Adam Filip wrote:
> How to call deliver program to be sure it will *NEVER* generate bounce
> messages?  [all signalling via deliver exit code ]
>   

According to the Wiki (http://wiki.dovecot.org/LDA), that would be the
-e option.


-- 
A general leading the State Department resembles a dragon commanding ducks.
-- New York Times, Jan. 20, 1981

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] Restoring individual messages from a backup into a Maildir setup?

[Eduardo M KALINOWSKI]

Thomas Harold wrote:
> Timo Sirainen wrote:
>   
>> That's what I meant, did Dovecot not log anything
>
> None that I could find.  At 14:48, there's nothing in the 
> dovecot-deliver.log file (set in the "protocol lda" section of our 
> dovecot.conf).
>   

I believe Timo is asking for information on the main log (of dovecot
itself and its login, imap and pop processes). From what I understand of
your scenario, deliver has nothing to do with the restored messages.

-- 
Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] Debian packages for dovecot 1.1.x

[Eduardo M KALINOWSKI]

Seth Mattinen wrote:
> Because I'm tired of seeing Debian users look like idiots for using such 
> horribly out of date versions just because they run "stable", I've set 
> up a page with .deb packages of my 1.1.x rebuilds for use under lenny.
>   

If you really mean 'lenny', this won't help much. Stable is still etch,
and if you build them under lenny, probably the versions of libraries
that dovecot uses are not available in etch.


-- 
Dentist, n.:
A Prestidigitator who, putting metal in one's mouth, pulls
coins out of one's pockets.
        -- Ambrose Bierce, "The Devil's Dictionary"

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] Adding Disclaimer to emails

[Eduardo M KALINOWSKI]

Romer Ventura escreveu:
> Hello,
>
>   I was wondering if it was possible to add a disclaimer to every  
> outgoing email using my setup (Postfix+Dovecot)..

Dovecot only deals with allowing users to access the e-mail they've
received. This would be a task for postfix.

But please, please don't. http://www.goldmark.org/jeff/stupid-disclaimers/

-- 
Eduardo M Kalinowski
edua...@kalinowski.com.br

Re: [Dovecot] Script: Moving Maildirs between servers

[Eduardo M KALINOWSKI]

Charles Marcus wrote:
> So you're rsyncing a live mail system with no problems?
>   

I do it every day for backups. :-)

> I've been tempted to start doing this, but I was under the impression it
> could be risky (cause file corruption)?
>   

I can imagine that one could end up in the backup copy with an
incomplete/corrupt file (but this will be fixed in the next rsync,
hopefully), but I don't see how rsync could corrupt the original files
in the mail server.


-- 
Why is it called a funny bone when it hurts so much?

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] auth_debug_passwords

[Eduardo M KALINOWSKI]

Josh Gentry wrote:
> Hi.  I'm new to Dovecot and about to start using it in production.  In
> the config file, I set the option, auth_debug_passwords, to yes.  I do
> not see any failed passwords logged, however.  It did cause more verbose
> authentication logging, but failed passwords are still hidden.
>   

That option is not for logging passwords, but to ease problem
investigation in case something is not working as it should.

There might be a way to log password attempts, but it's not a good idea
from the point of view of security, so I'm glad it's not so easy to have
them logged.

Remember that a failed password might be someone using a dictionary
attack, but can be an user that simply mistyped one character in his
password. But even in the first case, what good would it do to know what
words an attacker is using?



-- 
Q:  Why does Washington have the most lawyers per capita and
New Jersey the most toxic waste dumps?
A:  God gave New Jersey first choice.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] Possible to Customize File Naming Scheme?

[Eduardo M KALINOWSKI]

On Seg, 12 Set 2011, Dave Stubbs wrote:

Hello all,

I'm watching how my mail system works, and I see that procmail  
creates a new file in the /new directory, each time an email  
is received.  This file is some complex combination of UIDs and  
things, suffixed by the server name.  So far, the filename has  
alphanumerics, a couple underscores, and a dot or two only.


But once dovecot gets it's hands on the file and moves it to the  
/cur directory, it starts doing "terrible" things to the  
file name.  Now, the filename starts to have "evil" things in it,  
like colons and commas.


The colon and commas are part of the Maildir spec[0], so no, it can't  
be changed.


[0]http://cr.yp.to/proto/maildir.html


--
If you want to read about love and marriage you've got to buy two separate
books.
    -- Alan King

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] v2.0.15 released

[Eduardo M KALINOWSKI]

On Sex, 16 Set 2011, Simon Brereton wrote:
I'll bite..  But it's probably not your concern.  When will we be  
able to get stable 2.x packages for Debian?  Apt installs 1.2.15-7


In Debian stable? Only when the next stable version (wheezy) is  
released. Not in squeeze. Though perhaps a backport might appear.



--
Colors may fade in time.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Can we know when a user read our email?

[Eduardo M KALINOWSKI]

On Ter, 15 Mai 2012, Joseph Tam wrote:

It works by placing innocuous individualized tags in HTML formatted
Email e.g.  "http://your.domain/?id={hash}>" that downloads a
1x1 dot).  You can then correlate web logs with the hashes to see which
messages got rendered.  A hit does not necessarily mean it got read, and
the absense does not mean it was ignored, but it's better than nothing.
If you value your privacy, turn off HTML rendering on your Email reader.


Even with HTML on, many (if not most) readers, including webmail ones,  
disable loading remote images to avoid the problem, unless the users  
specifically asks the images to be loaded.


--
Spock: We suffered 23 casualties in that attack, Captain.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Manual login to SSL-protected port?

[Eduardo M KALINOWSKI]

On Seg, 25 Out 2010, Ron Leach wrote:
We use only SSL-protected ports.  Is it possible to manually login  
to dovecot when dovecot uses SSL-protected imap ports?


Yes, just use openssl:

openssl s_client -connect your.host.org:993

This is described in the Wiki: http://wiki2.dovecot.org/TestInstallation


--
Acting is an art which consists of keeping the audience from coughing.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] v2.0.9 released

[Eduardo M KALINOWSKI]

On Qui, 13 Jan 2011, Philipp Haselwarter wrote:

And what's the status on debian? Sid still comes with 1.2.15, but it
has like 210k lines of patches; is there any chance that it'll get 2.x.x
any time soon? Or is debian just the wrong platform if I want to run the
dovecot 2 series?
What do other users do, roll your own .debs from source?


The next version of Debian, 6.0, which should be released "soon" will  
get 1.2.15. No 2.x, unfortunately.


It's possible that there will be a backport of version 2.x, however.


--
An ambassador is an honest man sent abroad to lie and intrigue for the
benefit of his country.
-- Sir Henry Wotton, 1568-1639

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Iphone IMAP access

[Eduardo M KALINOWSKI]

On Qua, 26 Jan 2011, Frank Bonnet wrote:

When I use my iphone to access my IMAP folders I can see ALL folders
in my userland and not only those listed in .subscriptions file ...

Anyone has an explaination of this ?

Might be a security/confidentiality hole isn't it ?


I don't own an iPhone, but I remember reading that that's the way it is.

You can complain to Apple. If you are lucky, you might get a rude  
response from Steve Jobs himself.


Or you could look for another mail client that honours subscriptions.  
But I'm not sure if the App Store allows other mail clients that  
"compete" with the built-in one.




--
/*
 * Buddy system. Hairy. You really aren't expected to understand this
 *
 */
-- From /usr/src/linux/mm/page_alloc.cA

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Iphone IMAP access

[Eduardo M KALINOWSKI]

On Qua, 26 Jan 2011, Robert Schetterer wrote:

so you cant verify


I can't, but the OP can, opening his mail account with a program that  
respects subscriptions, like Thunderbird.




--
Virtue is not left to stand alone.  He who practices it will have neighbors.
-- Confucius

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Iphone IMAP access

[Eduardo M KALINOWSKI]

On Qua, 26 Jan 2011, Giles Coochey wrote:
My Android HTC Desire works a dream with Dovecot... However,  
problems I have with the mail app on there is that I can't find a  
way to bottom post (will only top-post), and it strips the  
thread-ids of mailing list posts... so not so good for mailing lists  
like this one. Having said that - works great for normal IMAP email.


Profimail (http://www.lonelycatgames.com/?app=profimail) has been  
ported to Android. It's quite capable for a mobile app.



--
667:
The neighbor of the beast.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] deleted messages not going away in Thunderbird?

[Eduardo M KALINOWSKI]

On 03/05/2011 01:07 PM, Dave McGuire wrote:

Hi folks.  This may be a dumb question, but I can't seem to find a clue.

I'm running Dovecot v1.2.9 and Thunderbird v3.1.7.  If I delete
messages using a different IMAP client (I also use an iPhone and
occasionally SquirrelMail), I would expect those messages to disappear
from Thunderbird the next time I start it or click on "Get Mail".  In
fact, they do...most of the time.  Sometimes, however, they just stick
around.  If I do a "Repair Folder" on the inbox in Thunderbird, the
messages go away.

Is this a known issue?  My gut tells me there's some Thunderbird
option to make it follow inbox contents with more "attention" but I've
not been able to find it.


I've also seen it. I've only observed it in INBOX, but I rarely delete 
mails from other folders, and in those other folders generally there are 
a lot of messages, so it would be hard for me to notice one that is 
there but shouldn't.


--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] What is the recommended way to move a message from one mailbox to another using CLI

[Eduardo M KALINOWSKI]

On Qua, 27 Abr 2011, Uffe Jakobsen wrote:

What is the recommended way to move a message from one mailbox to another
using CLI - serverside commands ?


If you are using maildir, you can just mv the file.



--
BOFH excuse #392:

It's union rules. There's nothing we can do about it. Sorry.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] how to limit size of dovecot.log

[Eduardo M KALINOWSKI]

On Qui, 28 Abr 2011, Aaron C Johnson wrote:
I've done some searching and maybe I'm missing something... I have a  
remote dovecot and postfix server running on debian 5. I then have a  
local fetchmail server that retrieves email from the dovecot server  
via pop3s every 5 minutes.


The problem is that the /var/log/dovecot.log file has grown to be  
over 1.1GiB over a period of less than 1 year.


Is there a way to limit the size of the dovecot.log file, or do I  
have to run a monthly cron job or something to take care of it for me?


On Debian that should happen automatically, via the logrotate package.  
Probably installing it is enough.




--
For external use only.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Dovecot vs Exim file locking

[Eduardo M KALINOWSKI]

On Sex, 18 Dez 2009, Daniel Campos wrote:

We're planning to deploy a large e-mail system storing maildirs in a NAS
system through NFS. One of the options we're thinking on is using
Dovecot+EXIM.

As far as I've read in both project's documentation, both services implement
locking allowing multiple servers to access the same maildirs in order to
distribute the service load. However, I can't find any information
explaining whether both locking mechanisms are compatible, whether any
additional configuration is needed both in Dovecot and/or EXIM, or even
whether any locking synchronization between both services is
needed/recommendable at all.

The only remote clue I've found is that, according to Dovecot docs: "Because
Dovecot uses its own non-standard locking (dovecot-uidlist.lock dotlock
file), other MUAs accessing the maildir don't support it." (but EXIM is not
a MUA, anyway)

Anyhow theoretically MailDir could even be considered free of locking
problems, but I'm not sure of the real implications of putting together
several Exim and Dovecot installations pointing to the same NFS filesystem.

Any knowledge/experience/link/clue on this would be greatly appreciated.


As far as I know, maildir does not require locking.

I used sometime exim + dovecot without problems. Now I use dovecot's  
deliver, by doing that you'll certainly have no problems.




--
Genius doesn't work on an assembly line basis.  You can't simply say,
"Today I will be brilliant."
    -- Kirk, "The Ultimate Computer", stardate 4731.3

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] First time Dovecot user, really impressed so far. What is best IMAP enabled webmail package to go with Dovecot?

[Eduardo M KALINOWSKI]

On Ter, 05 Jan 2010, Stan Hoeppner wrote:
I've looked a little at both now and am still reading.  One thing I  
don't like
is that I'm seeing requirements a SQL server.  That adds unnecessary  
complexity
to the system and I'd rather avoid it if possible.  IIRC, one of the  
reasons I

chose Squirrelmail a few years ago was that it's requirements were pretty
simple, and that it didn't require a database backend for anything.


IMP/Horde can work with a sqlite database, which is just a file and  
requires no running server.




--
Schizophrenia beats being alone.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Dovecot not delivering mail.

[Eduardo M KALINOWSKI]

On Qua, 06 Jan 2010, Pascal Volk wrote:

Sorry, but I really can't understand, why the most unbuntu users seems
to be unable to read AND understand so simple written documentation. :(



If they could, they'd be running debian. :-)



--
The young lady had an unusual list,
Linked in part to a structural weakness.
She set no preconditions.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] First time Dovecot user, really impressed so far. What is best IMAP enabled webmail package to go with Dovecot?

[Eduardo M KALINOWSKI]

aja-li...@tni.org wrote:
> If you try Roundcube for a while you might find out nice features,
> like the "del" key works for deleting an email, drag and drop is
> possible, and there's "email auto completion" within the email compose
> window, and you can add email-addresses in emails to the address-book
> with just one mouse click.
>
> Drawbacks I've found in RoundCube so far : I couldn't find out how to 
> toggle individual emails in the mailbox window, and the search options 
> seem rather limited compared to Squirrelmail, and RoundCube only has one 
> official skin/theme included.
>   

Also, according to the site threading support does not exist yet (but it
is planned). To me this is a big no-no.


-- 
QOTD:
"You want me to put *holes* in my ears and hang things from them?
How...  tribal."

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] handling filename of compressed messages

[Eduardo M KALINOWSKI]

On Qui, 14 Jan 2010, Leonardo Rodrigues wrote:

   got it  so, basically, i shouldnt be using .gz at all, is that ok ?


Yes.

   i understood that, when moving from new to cur, filename should  
be appended of ':2,'. But filenames on new, as i understood, should  
never be changed. As soon as they are read there (on new), they  
should be moved to cur.


   what would be the correct way of compressing messages on the new  
directory and adding the Z flag ? Would be any problem if, when  
compressing on new, add the ':2,' suffix ? Indeed it would be ':2,Z'  
suffix one


How about not compressing mails still in new/? They shouldn't remain  
there for very long anyway, you could compress only the ones in cur/.




--
I have a very strange feeling about this...
        -- Luke Skywalker

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Update Dovecot index files on maildrop delivery?

[Eduardo M KALINOWSKI]

On Sex, 15 Jan 2010, Kārlis Repsons wrote:

is there some easy way to inform Dovecot about a new delivery, which has
happened after postfix invoked maildrop, so the index files would be updated?


That's exactly the task for which dovecot deliver was made.



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Update Dovecot index files on maildrop delivery?

[Eduardo M KALINOWSKI]

On Sex, 15 Jan 2010, Kārlis Repsons wrote:

On Friday 15 January 2010 12:20:05 Eduardo M KALINOWSKI wrote:

On Sex, 15 Jan 2010, Kārlis Repsons wrote:
> is there some easy way to inform Dovecot about a new delivery, which has
> happened after postfix invoked maildrop, so the index files would be
> updated?

That's exactly the task for which dovecot deliver was made.

But maybe you could also post a short info on how should deliver be called?

I read that "The Dovecot LDA, called deliver, is a local delivery agent which
takes mail from an MTA and delivers it to a user's mailbox, while keeping
Dovecot index files up to date."
However in my case maildrop seems to be in the place of deliver.  
Would it work

if maildrop had deliver called by xfilter with the options appended, then
followed by "to /dev/null"?


I don't know maildrop, so I can't tell if this would work. But the  
idea is to use deliver instead of maildrop, unless you need something  
that only maildrop can do.


In this case, I'd leave things as they are and not worry about  
indexes. When the mail folder is opened next time dovecot will notice  
the new messages and update the indexes.




--
 knghtbrd: Eww, find a better name, the movie sucked.. 
 Mercury: The engine is better than the movie

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] handling filename of compressed messages

[Eduardo M KALINOWSKI]

On 01/17/2010 12:06 PM, Leonardo Rodrigues wrote:

The 'script compress idea' from the Wiki page sais:
Dovecot can now read the file, but to avoid compressing it again on the
next run, you'll probably want to rename it again to include e.g. a "Z"
flag in the file name to mark that it was compressed (e.g.
1223212411.M907959P17184.host,S=3271:2,SZ).


 If i rename the file and add the Z flag, i will be braking the
dovecot-uidlist file, which contain the filenames without the Z flag.
Users would have to download the compressed files again because the
filename was changed. That on big mailboxes and slow connections
(specially after the very 1st compression routine run) can be a BIG problem.

 keeping the filename intact, not even adding the Z flag, would be a
great idea to avoid clients from redownloading messages ??? Compression
routines would probably have to use file command to identify already
compressed files, which would badly impact on the performance of its run
... not being able to identify already compressed files based on its
filename would be very bad 
   


I think that file name comparison is based only on the part before the 
":", which identifies the message. What comes after are flags that might 
be set/unset independently of dovecot if another program also accesses 
the mail directory.


Note that it is not necessary to include the "Z" flag to prevent double 
compression. If you really want, you can keep the same file, just be 
sure in your compression script to check if files are compressed by 
looking at the first bytes: both gzip and bzip2 files always start with 
some fixed bytes.



--
The nation that controls magnetism controls the universe.
        -- Chester Gould/Dick Tracy

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] feature question: local delivery from SMTP

[Eduardo M KALINOWSKI]

On Qua, 20 Jan 2010, Phil Howard wrote:

Does Dovecot really need a separate MTA for inbound mail?  Or can it receive
SMTP directly if there is no forwarding to do?  What about spam/virus
filtering in that case?


Dovecot does not receive mails. It only serves them to users via IMAP or POP3.

So, yes, you need a program like exim or postfix.

--
BOFH excuse #424:

operation failed because: there is no message for this error (#1014)

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] POP3 Problem with SPAM-Mail's over sieve

[Eduardo M KALINOWSKI]

On Qui, 20 Mai 2010, Michael Niehren wrote:

Hi together,

i am currently using dovecot 1.2.10 with the sieve-plugin and use a
sieve-filter to sort the SPAM-Mail's directly into a Junk-Folder:

require "fileinto";
# rule:[junkfilter]
if header :contains "X-Spam-Flag" "YES" {
  fileinto "Junk";
}


My problem is now, if i try to retrieve the Mails via POP3, i did not get the
SPAM-Mail's in the Junk-Folder, only the normal ones, that are not filtered
over the sieve plugin.

Could anyone tell me how to solve that issue ?


POP3 has no concept of folders, so only mails in INBOX are accessible.

In the wiki there's a "Virtual INBOX por POP with all folders"  
solution, but the net effect is displaying all e-mails from all  
folders in the INBOX, so you might save a few processor cycles and  
simply not filter mails in folders in the first place.


--
Some assembly required.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] dovecot vs. Thunderbird

[Eduardo M KALINOWSKI]

On 06/15/2010 08:11 AM, Bodo Schulz wrote:
> When i want subscribe Folders, i have no access to folder are deeper as
> second level!
>   

I've seen this with Thunderbird 3.x (it worked fine with 2.x). I suppose
it's a Thunderbird bug. To be sure, connect manually and ask for a list
of folders: http://wiki.dovecot.org/TestInstallation

-- 
If you wish women to love you, be original; I know a man who wore fur
boots summer and winter, and women fell in love with him.
    -- Anton Chekhov

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Dovecot 1.1.x and 1.2.x differencies

[Eduardo M KALINOWSKI]

We're drifting quite OT here, but...

On 06/16/2010 08:29 AM, Charles Marcus wrote:
> Again - this is why I have never been inclined to even give debian a
> try... with gentoo, with a very few minor exceptions, the most I've ever
> had to wait was a few weeks...
>   

If you want newer releases, you can use debian "testing" or "unstable".
Note that "stable"/"unstable" means changing/not changing, not
necessarily that the software is prone to instabilities (crashes, random
bugs, etc.). Naturally, software in testing/unstable was tested for less
time than the ones in the "stable" releases, but this will be true in
any rolling release system.


-- 
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Thunderbird problem

[Eduardo M KALINOWSKI]

On 06/27/2010 06:04 AM, Stan Hoeppner wrote:
> Regardless, my point is valid and stands: there is no (good) reason
> for the
> protocol to require multiple socket connections when everything can be
> accomplished more efficiently (in terms of resources consumed) over a single
> socket.  I'm sure many people more qualified than me have pointed this out WRT
> the IMAP protocol over the years.
>   

Tomas is right. It's only possible to monitor one folder via IDLE per
IMAP connection. It's stupid and inefficient, but that's how IMAP IDLE
was designed.

Fortunately, there's the NOTIFY extension to overcome that limitation.
But it's not supported in all clients (nor in all servers, I'd guess).


-- 
A visit to a strange place will bring fresh work.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] mdbox: Cannot create subfolder called "dbox-Mails" (2.0beta5)

[Eduardo M KALINOWSKI]

On 07/02/2010 07:37 PM, William Blunn wrote:
> They might decide to create folders thus:
>
> "postfix-Mails"
> "exim-Mails"
> "dbox-Mails"
>
> Oops. We just collided with the Special value.
>   

In this case, I'll have to agree with Steve Jobs[0] and say: "Change
your folders [sic] name. Not that big of a deal."

[0] http://thenextweb.com/2009/11/19/steve-jobs-small-developer-change-apps/

Since in a mailbox you will be inevitably storing mails, the -Mail part
is unnecessary anyway.

> Compare and contrast an alternative possibility "zgo0kq2njs". This is 
> the uncommon character 'z' followed by nine random alphanumeric 
> characters, for a total of 10 characters, and as such should have equal 
> storage complexity to the original 10 ASCII character proposal 
> "dbox-Mails". But it does not make any word or phrase in any language I 
> know of.
>
> This should make a better Special value because it should be less likely 
> to collide with any normal value.
>   

The same argument that you use to say that dbox-Mails should be allowed
can be used to justify the need for a folder called "zgo0kq2njs". One
just has to be more creative. :-)

And even if it's easy to type with command-completion, I doubt anyone
would have a clue to the purpose of a folder named like this, unlike a
folder with a descriptive name.

-- 
Nondeterminism means never having to say you are wrong.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Feature request: usernames and passwords

[Eduardo M KALINOWSKI]

On Qua, 21 Jul 2010, Leonardo Rodrigues wrote:
i completly agree that dovecot is not the place for enforcing  
password policies nor checking them.


but, still on the subject, maybe dovecot could have some  
features for helping sysadmins to avoid/mitigate brute-force  
attacks. As told, some bots tries username=password, but those  
fuckers (the bots) also tries lots of common passwords, 123, 1234,  
the username followed by some numbers, and lots of others.


of course, if the provided password is not correct, dovecot  
denies access as it should  but in those situations, logs can  
get pretty filled with login failed messages, specially on servers  
with lots of accounts. And, in some cases, after lots of tries, the  
bot can found the correct username/password combination.


[snip]


I think none of this is dovecot's function. Let's keep the UNIX  
filosophy: one tool does one function, and does that function well.  
Dovecot is an execellent mail server. It should not be turned into a  
monster Windows-like application that does dozens of  
not-really-quite-related things.


What you want can be done with other tools.


--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] mobile phone access to dovecot

[Eduardo M KALINOWSKI]

On Qua, 04 Ago 2010, casanova99 wrote:

I didn't find anything interesting in the search, so I just wanted to see
what other people have done (or thought about doing).

I'd like to be able to access my dovecot server via IMAP, from the Internet,
using the integrated e-mail client from a smart phone.  I'm very concerned
about security and don't feel comfortable just poking holes into the
firewall for direct access from the Internet.  Is there a better way to do
this?


The IMAP server is in your home machine, not a dedicated server, right?

Anyway, if you need to access it, you'll need to open your machine up  
for connections. If you can isolate the IPs you'd be connecting from,  
you can restrict access to them.



--
QOTD:
"When she hauled ass, it took three trips."

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Thunderbird IMAP woes

[Eduardo M KALINOWSKI]

On Qua, 11 Ago 2010, Timo Sirainen wrote:
Now, the problem is that to a lesser extent, Thunderbird 2, and to  
a larger extent Thunderbird 3 is having serious issues when I go  
(want to go) deeper than two levels of nesting. Like, in the  
Subscribe dialog sometimes I see the third level subfolders,  
sometimes I dont. If is subscribe to a second-level folder, then  
create a subfolder in it, the other subfolders suddenly appear.  
It's all very random, unfortunatelly, then only way I can use the  
system right now is to uncheck 'Show subscribed folders only' in  
Account Settings, and even then, sometimes folders disappear or  
reappear that are highly nested.


Some people have complained about this, but I thought this happened  
with all servers. So you're saying that the same TB versions with  
Courier didn't have this problem? .. Wonder what Courier could be  
doing differently here. I thought Dovecot and Courier outputs would  
be the same.


I have this problem with TB 3 (but it worked fine in TB 2, with the  
same Dovecot version).


Horde's IMP webmail does not have this problem. I believe it's a TB  
problem that has nothing to do with Dovecot.



--
Algol-60 surely must be regarded as the most important programming language
yet developed.
    -- T. Cheatham

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] email stuck in outbox

[Eduardo M KALINOWSKI]

barnaby cockcroft wrote:
> Can anyone here help me out with a client side Outlook issue? I know
> outlook is a horrible imap client :(
>
> We intermittently have a problem where mail gets "stuck" in Outlook
> users' outboxes.
>
> Might have anything to do with dovecot?

I really doubt so. It could be a problem with your SMTP server, but
dovecot is only used for reading messages, not for sending.

>  Is there anyway I can
> troubleshoot this server side? Are there any settings I can tweak?
>   

Check your mail server logs. But first see what Outlook tells you: there
might be a clue.

This often happens when an invalid e-mail address is passed, which
causes rejection of the message and it stays in the outbox (and then
gets reject again, and so on). Are all the recipients valid e-mail
addresses?


-- 
In fiction the recourse of the powerless is murder; in life the recourse
of the powerless is petty theft.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] exim4 + dovecot + SquirrelMail virtualhosted on Debian

[Eduardo M KALINOWSKI]

Seth Mattinen wrote:
>> So I installed the most current Dovecot package (1.0.rc15) in Debian.  
>> Something is broken though...
>>
>> As I log into SquirrelMail, I get an error message "Error connecting to IMAP 
>> server: localhost. 111 : Connection refused".  To investigate, I decided to 
>> telnet localhost on port 143 and found out that yes, the connection is in 
>> fact refused.
>>
>> So what do I need to do in order to have dovecot listen on port 143?
>>
>> Also, I noticed when I restart dovecot...
>>
>> debian:/etc/dovecot# /etc/init.d/dovecot restart
>> Restarting mail server: dovecotError: Can't use mail executable 
>> /usr/lib/dovecot/imap: No such file or directory
>>
>> I hope this isn't a serious problem.
>>
>> 
>
> You probably didn't install the dovecot-imap package.
>   

Also, in the Debian setup you'll have to modify the
/etc/dovecot/dovecot.conf file and specify imap in the protocols line.


-- 
1 + 1 = 3, for large values of 1.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br
http://move.to/hpkb

Re: [Dovecot] Maildir and mail files question

[Eduardo M KALINOWSKI]

Harry Lachanas escreveu:
> If an incoming mail is saved in 2 mail locations via dovecot deliver,
> and its wished that if deleted from box "a" should also be deleted from 
> box "b" ...
>
> wil it be safe to delete based upon the W=x part of the file name 
>
> So far my tests indicate that It could be true ...
>   

W= represents the size of the message. While it is relatively
unlikely that two messages will have the exact same size, it certainly
can happen.


-- 
Eduardo M Kalinowski
edua...@kalinowski.com.br

Re: [Dovecot] dbox - how to awaken the monster

[Eduardo M KALINOWSKI]

Odhiambo Washington wrote:
> Hello people,
>
> Since the invention of this storage called dbox, I have never quite gotten
> round to understanding it, nor getting to use it. It seems so strange to me
> and I must ask a few stupid questions about it.
> I use the MTA to deliver mail to Maildir, either in ~/Maildir or
> /some/path/%d/%n/Maildir. It has always beat me how dbox comes into play
> under such circumstances. From the wiki, I see the following:
> "dbox supports a quick migration from Maildir format" - now this leaves me
> hanging. How? Suppose I migrate from Maildir to dbox, what changes do I make
> to the MTA to understand that I use dbox?
> Ok, I use Exim as my MTA.
>
> I hope someone can explain to me what I need to do to Exim and what to do th
> Dovecot so that I can test this dbox thing.
> And suppose I want to transfer userA's mail to UserB, what do I do? With
> Maildir, I can simply do something like
>   

exim does not know about dbox (it's a dovecot-specific format). You'd
need to configure exim to use dovecot's deliver as LDA. There are
instructions for that in the Wiki.


-- 
 taniwha: Quote material :)
 Endy: :)
 Endy: I already snipped it

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] deliver vs lda

[Eduardo M KALINOWSKI]

Charles Marcus wrote:
> heh... well, they would soon enough...
>
> Seriously though... why call it a 'local delivery agent', when its
> really more than that? Local suggests local/system users, and dovecot
> delivery agent works fine for both local and virtual users. Postfix
> calls its local delivery agent 'local', and its virtual delivery agent
> 'virtual'
>   

It's local because it stores e-mails somewhere in the local filesystem
hierarchy, instead of sending it to a remote machine via SMTP (or any
other protocol).

I don't know postfix a lot, but I wonder why it needs two LDAs, one for
real users and one for virtual ones, when the only conceptual difference
should be where to store e-mails and where to lookup information on the
existence of the user and his mail spool directory.


-- 
A lost ounce of gold may be found, a lost moment of time never.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] deliver vs lda

[Eduardo M KALINOWSKI]

Charles Marcus wrote:
> On 4/8/2009, Eduardo M KALINOWSKI (edua...@kalinowski.com.br) wrote:
>   
>> It's local because it stores e-mails somewhere in the local filesystem
>> hierarchy, instead of sending it to a remote machine via SMTP (or any
>> other protocol).
>> 
>
> But thats not the generally accepted meaning of local in context of
> email servers.

I don't know what is the generally accepted, but to me virtual users are
just as local as real users, they just don't have a proper account
(because there is no need to).

>  Besides, this isn't true if you're using NFS...
>   

Not quite... in the point of view of a program, writing to a NFS share
or a filesystem in the same machine is the same thing, the program
doesn't even have to know that it's storing a file in another machine.
And mail is not being "transported", which would involve another MTA
that would further handle the e-mail.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Dovecot -> Gmail (via POP Mail Fetcher)

[Eduardo M KALINOWSKI]

Neil wrote:
> I'm trying to move my entire email store from my Dovecot installation (which
> I normally access via IMAP) into Gmail using Gmail's Mail Fetcher (which
> functions over POP); and I'm running into two problems:
> 1. Gmail only imported 78 out of 1000+ mails in my inbox, which I'm taking
> to mean that Dovecot is reporting only those 78 as new.  How can I get
> Dovecot to send all mail over as new?
>
> 2. I can't be sure of this yet (since, due to #1, Gmail doesn't seem to be
> downloading everything), but I'm pretty sure Dovecot is only reporting my
> Inbox emails over POP; is there a way I can get all my mail, from all my
> folders, to stream in over POP?
>   

POP3 only accesses INBOX, so if the e-mails are in other folders, they
are not visible. Some time ago someone proposed a solution (I guess
using a virtual folder, but I'm not sure), try searching the archives.

-- 
It's bad enough that life is a rat-race, but why do the rats always have to win?

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] How do I get my mail from fetchmail into dovecot

[Eduardo M KALINOWSKI]

On Qua, 29 Abr 2009, Michael Steinbeck-Reeves wrote:

That is the problem, fetchmail just forwards it to port 25 (I think) and
I need to work out what to put between fetchmail and dovecot in order to
get the mail into the correct folders...


A MTA (Mail Tranfer Agent), such as exim, postfix or others.

Though there might be a way to configure fetchmail to store directly  
in the mail store, but I'm not sure (I don't use it).


--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] How can I put a file back in Maildir folder?

[Eduardo M KALINOWSKI]

Allan Cassaro wrote:
> Hi,
>
> I have a problem: today, when I ran "fsck" some file was linked to
> "lost+find" folder...
> After some hours I has all files mapped (File / User). So... how can I put
> this files back in Maildir folder of this users?
>
> I tried with:
> cat $file | deliver -d username
>
> but without success...
>
> Any help will be appreciated!
>   

If it's a properly formed mail (basically headers, a blank line, and a
body), you could just copy/move it to the cur/ folder of the mailbox.
Dovecot will see it (and index it) next time the folder is opened.

-- 
The Celts invented two things, Whiskey and self-destruction.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Deleting mail account?

[Eduardo M KALINOWSKI]

On Seg, 25 Mai 2009, David Reid wrote:

This is likely a daft question, but how do I remove a mailbox from a  
dovecot server? I'd like to simply remove it from the disk as well,  
deleting any messages, indexes etc etc


Is there a way?


There is an IMAP command that does that. I don't remember its name,  
but you can lookup in the RFC.


Or you can just remove the file (if using mbox) or directory (if using  
Maildir) that holds the mailbox. Then remove the indexes, which can be  
in the same directory or somewhere else, depending on how you  
configured dovecot.



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Deleting mail account?

[Eduardo M KALINOWSKI]

On Seg, 25 Mai 2009, David Reid wrote:
I'd like to be able to do it all via a web interface and dovecot to  
keep the admin to a minimum. I've seen the delete function in IMAP,  
but it fails when I try and remove the INBOX.


So you want to remove a whole account?

You'll need to disable (or even remove, but I wouldn't recommend that)  
in you authentication database. How it is done depends on which kind  
of authentication you are using.


Then, if you want to delete all the mails for that account, just  
remove the folders where they are stored. This is specified by the  
mail_location setting in dovecot.conf.



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Deleting mail account?

[Eduardo M KALINOWSKI]

On Seg, 25 Mai 2009, David Reid wrote:

Eduardo M KALINOWSKI wrote:
Then, if you want to delete all the mails for that account, just  
remove the folders where they are stored. This is specified by the  
mail_location setting in dovecot.conf.


This part is where I was hoping there was a way to get dovecot to  
remove the mails for me... Is that possible? If not I guess I need  
to look at other ways of dealing with it.


For all folders except the INBOX itself, you can delete them via IMAP.  
You can also remove everything from the INBOX, but you cannot delete  
the INBOX itself through dovecot.



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] offlineimap with dovecot and sieve

[Eduardo M KALINOWSKI]

On Ter, 26 Mai 2009, Dieter Faulbaum wrote:

I have a dumb question, is it possible to use this combination:

Synchronising a remote IMAP-server and a local dovecot-IMAP-server by
offlineimap (with both types = IMAP), which works very well.
But it seems, that my sieve-scripts on the local dovecot server are not
recognised by this combination.
Is there a good debugging way for this?


There isn't much to debug. They are not run because they are only run  
when deliver is used to deliver mails to the user. When they are  
directly copied to the mail boxes they are not run.


I believe you cannot do that with offlineimap. But if you can get a  
program that downloads the e-mails from the other server and passes  
them to the deliver (or to your MTA, which then passes them to  
deliver) you'll achieve what you want.




--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Users with large (4GB) inboxes crippling dovecot

[Eduardo M KALINOWSKI]

On Qui, 28 Mai 2009, Curtis Maloney wrote:

But what sort of user puts 4GB of mail into a _single_ folder??


Those that never delete the emails nor move them into folders.  
Everything they ever received is in the INBOX.


And yes, this happens a lot.


--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Urgent problem with deleting emails and maildirsize

[Eduardo M KALINOWSKI]

On Qui, 02 Jul 2009, Jose Luis Marin Perez wrote:

Dears Sirs,

I hope they can help me with this problem since it is urgent.

I've completed the migration from Courier to Dovecot that has been
running correctly, the only problem is that maildirsize file is not
updated when you delete the emails, resulting in accounts that reach to
100% faster, so I have to manually delete this file.

 Through Dovecot can be configured to automatically update when  
maildirsize delete emails?


Posting the same request twice in two hours in not going to get an  
answer faster. Especially if you do not add the missing information in  
the first post to the second one.


Please show us your dovecot -n output.

That will answer the question, but anyway: do you have the quota  
plugin configured?



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: [Dovecot] Urgent problem with deleting emails and maildirsize

[Eduardo M KALINOWSKI]

On Qui, 02 Jul 2009, Jose Luis Marin Perez wrote:

Thanks for your response Eduardo.

 Apologies to the list by the rush and lack of information when  
reporting a problem.


One of the webmails is configured so that when delete some
mail move to Trash directory, I have no problem here because I've
configured Dovecot to ignore this folder to quota

 The other
two webmails are not configured to use the Trash directory and when you
delete some mail will be maintained in the INBOX but it shows shading
and the server adds the flag T:

 1244457746.11461.domain.com, S = 5413:2, ST

 So no updates maildirsize and quota does not change, this may  
result in the accounts quickly reach 100% usage.


The quote does not change because the mail is not deleted. It's only  
marked as deleted (T flag). Once the folder is expunged (that's how  
IMAP call it; your webmail mail give a different name for this action)  
all mails flagged as deleted are actually deleted and space is released.


The easiest solution would be to use a Trash folder also for this  
domain. Or, if you do not want that, you'll have to instruct your  
users to expunge their folders when they want to claim space. I  
believe there is also a plugin that should do automatic expunging, but  
I don't known when it's triggered.



--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br