Re: logging computer name
On 2024-06-25 12:00, hp--- via dovecot wrote: I am running Dovecot 2.3.21. One client has multiple computers in their LAN, connecting to my server with a static IP. One or several computers in that LAN keep logging in with failed password, but the Dovecot log only shows the public static IP, like this Jun 25 10:39:20 server-name dovecot[689]: imap-login: Disconnected: Connection closed (auth failed, 2 attempts in 62 secs): user=, method=PLAIN, rip=client-public-IP, lip=server-IP, TLS, session= I tried to enable debug, but there is no more information about the LAN IP or computer names. Is there any setting which helps me with that purpose? So it will be much easier to locate the failed computers in that LAN? Technically, there's no way for Dovecot to know what the client's LAN IP address is, at least not without the client providing this information (which it won't). Some IMAP clients send IMAP ID commands to the server. This usually includes the name (e.g. "iPhone Mail", "Microsoft Outlook", etc) and version of the client, and you can have Dovecot log this to your log by setting the option: imap_id_log = * This might help you identify the misconfigured clients. Not all clients send IMAP ID commands though, and some clients only send it *after* authenticating, in which case you won't see it in your situation. - Eirik ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve issue
When you set submission_host, sieve will also use that SMTP server for
doing reject/forward/vacation, etc:
https://doc.dovecot.org/configuration_manual/sieve/sieve_and_smtp_submission/
If you don't set submission_host, sieve will instead rely your local
sendmail binary. Your local sendmail (or sendmail-compatible interface)
is probably broken/misconfigured.
- Eirik
On 2024-06-19 16:14, savaw82275--- via dovecot wrote:
Hi! Having a sieve rule:
require ["fileinto", "editheader", "variables", "envelope"];
# rule:[med]
if allof (address :contains "to" "i...@mysite.com",
header :contains "subject" "invoice") {
deleteheader "from";
addheader "from" "i...@mysite.com";
redirect "fi...@mysite.com";
}
I was receiving: redirect action: failed to redirect message to
: Sendmail program returned error (temporary failure).
Enabled debug log level in dovecot, then got some few further lines on this;
program exec:/usr/sbin/sendmail (55356): Terminated with non-zero exit code 75
AND this:
Error: sieve: redirect action: failed to redirect message to
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Environment variables in pgsql connect string
I figured this out just moments after writing to this list, actually.
libpq, the Postgresql Library used by Dovecot, will actually use the
environment variables listed below if their corresponding parameters are
not provided in the connection string:
https://www.postgresql.org/docs/8.1/libpq-envars.html
As such, these modifications will allow postgres connection using
environment variables.
dovecot.conf:
import_environment = PGUSER PGDATABASE PGPASSWORD
dovecot-sql.conf.ext:
connect = host=mail-passdb.mail.svc.cluster.local
Then, set the env variables PGUSER, PGDATABASE, PGPASSWORD in the container.
Best regards,
Eirik Rye
On 04/12/2019 13:22, Eirik Rye via dovecot wrote:
Hi,
We are trying to set up a Dovecot Docker image with dynamic database
configuration based on environment variables, however the variables do
not appear to be expanded in the "connect=" string of the SQL config.
The documentation states that environment variables, being listed under
global variables, work "everywhere":
https://doc.dovecot.org/configuration_manual/config_file/config_variables/#variables-global
However, the source code for driver-pgsql.c indicates that the connect
string is never expanded:
https://github.com/dovecot/core/blob/master/src/lib-sql/driver-pgsql.c#L297
For reference, this is my configuration. dovecot.conf:
import_environment = PASSDB_USER PASSDB_DBNAME PASSDB_PASSWORD
passdb {
override_fields = proxy=y
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
/etc/dovecot/dovecot-sql.conf.ext:
driver = pgsql
connect = host=mail-passdb dbname=%{env:PASSDB_DBNAME}
user=%{env:PASSDB_USER} password=%{env:PASSDB_PASSWORD}
Does anyone have any suggestions for how to connect to a database
without hardcoding the connection parameters in the Dovecot config,
which does not involve patching driver-pgsql.c to make the variable
expansion?
Best regards,
Eirik Rye
--
Eirik
Environment variables in pgsql connect string
Hi,
We are trying to set up a Dovecot Docker image with dynamic database
configuration based on environment variables, however the variables do
not appear to be expanded in the "connect=" string of the SQL config.
The documentation states that environment variables, being listed under
global variables, work "everywhere":
https://doc.dovecot.org/configuration_manual/config_file/config_variables/#variables-global
However, the source code for driver-pgsql.c indicates that the connect
string is never expanded:
https://github.com/dovecot/core/blob/master/src/lib-sql/driver-pgsql.c#L297
For reference, this is my configuration. dovecot.conf:
import_environment = PASSDB_USER PASSDB_DBNAME PASSDB_PASSWORD
passdb {
override_fields = proxy=y
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
/etc/dovecot/dovecot-sql.conf.ext:
driver = pgsql
connect = host=mail-passdb dbname=%{env:PASSDB_DBNAME}
user=%{env:PASSDB_USER} password=%{env:PASSDB_PASSWORD}
Does anyone have any suggestions for how to connect to a database
without hardcoding the connection parameters in the Dovecot config,
which does not involve patching driver-pgsql.c to make the variable
expansion?
Best regards,
Eirik Rye
Re: Dovecot release v2.3.7
Please disregard this. My apologies.
The issue appears to have been caused by an unrelated network issue with
one of the directors, that coincidentally occurred at almost the exact
same time.
A potential improvement would be if the "Ring SYNC seq=XX appears to
have got lost" error message would indicate which director/server it
pertains to.
Best regards,
Eirik Rye
On 16/07/2019 11:17, Eirik Rye via dovecot wrote:
Version 2.3.7 appears to break director ring sync. After upgrading, our
logs are full of these kinds of messages:
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=271838221)
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=3482757093)
As well as:
Jul 14 04:09:21 yyy dovecot: director: Error: Ring SYNC seq=53 appears
to have got lost, resending
These are absent from the logs prior to July 12.
I have downgraded to 2.3.6 in hopes of resolving the issue.
Regards,
Eirik Rye
On 12/07/2019 14:29, Aki Tuomi via dovecot wrote:
Hi!
We are pleased to release Dovecot release v2.3.7.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
---
Aki Tuomi
Open-Xchange oy
Re: Dovecot release v2.3.7
Downgrading to 2.3.6 did indeed resolve the issue.
Our Directors are running Ubuntu 18.04.
Regards,
Eirik Rye
On 16/07/2019 11:17, Eirik Rye via dovecot wrote:
Version 2.3.7 appears to break director ring sync. After upgrading, our
logs are full of these kinds of messages:
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=271838221)
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=3482757093)
As well as:
Jul 14 04:09:21 yyy dovecot: director: Error: Ring SYNC seq=53 appears
to have got lost, resending
These are absent from the logs prior to July 12.
I have downgraded to 2.3.6 in hopes of resolving the issue.
Regards,
Eirik Rye
On 12/07/2019 14:29, Aki Tuomi via dovecot wrote:
Hi!
We are pleased to release Dovecot release v2.3.7.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
---
Aki Tuomi
Open-Xchange oy
Re: Dovecot release v2.3.7
Version 2.3.7 appears to break director ring sync. After upgrading, our
logs are full of these kinds of messages:
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=271838221)
Jul 14 04:09:20 yyy dovecot: director: Error: director: User xxx host
lookup failed: Timeout because ring not synced - queued for 30 secs
(Ring not synced for 1410 secs, hash=3482757093)
As well as:
Jul 14 04:09:21 yyy dovecot: director: Error: Ring SYNC seq=53 appears
to have got lost, resending
These are absent from the logs prior to July 12.
I have downgraded to 2.3.6 in hopes of resolving the issue.
Regards,
Eirik Rye
On 12/07/2019 14:29, Aki Tuomi via dovecot wrote:
Hi!
We are pleased to release Dovecot release v2.3.7.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
---
Aki Tuomi
Open-Xchange oy
per-user mail_max_userip_connections in userdb extra fields
Hi,
The documentation at https://wiki.dovecot.org/UserDatabase/ExtraFields
states that "It's possible to override settings from dovecot.conf", as
well as the following:
> If you want to override settings inside sections, you can separate
the > section name and key with '/'. For example:
>
> namespace default {
> inbox = yes
> separator = .
> location = maildir:~/Maildir
> }
>
> The separator setting can be overridden by returning
namespace/default/separator=. extra field.
As such, we would expect for it to be possible to override
mail_max_userip_connections under the "protocol imap" section, with a
passwdfile userdb looking something like this:
example:{CRYPT}x:1011:1011::/mail/example::userdb_protocol/imap/mail_max_userip_connections=100
The userdb returns the expected fields in the correct format (according
to the documentation):
# doveadm user -u example
userdb: example
user : example
uid : 1011
gid : 1011
home : /mail/example
protocol/imap/mail_max_userip_connections: 100
However, this new setting is not honoured. To test, I set
"mail_max_userip_connections=1" in 20-imap.conf, and noticed that my
second connection was closed with the following error:
dovecot[13573]: imap-login: Maximum number of connections from
user+IP exceeded (mail_max_userip_connections=1)
I also attempted the same setting, without the "protocol/imap" prefix.
Is this not possible? Are there restrictions to what settings may be
overridden in userdb? The documentation appears to suggest that there isn't.
Best regards,
Eirik Rye
Re: Dovecot director: show user breakdown by director?
This is only available if you use "verbose_proctitle = yes". However, I found the command "doveadm proxy list" which does what I want: ~# doveadm proxy list | wc -l 16993 - Eirik On 14/06/2019 08:39, Sami Ketola wrote: On 13 Jun 2019, at 20.15, Eirik Rye via dovecot <mailto:dovecot@dovecot.org>> wrote: Is there a way in Dovecot to see which (or even how many) users are connected to a specific director without having to count TCP connections? # ps aux | grep imap-login dovenull 3200 0.0 0.0 44676 3376 ? S Apr16 1:15 dovecot/imap-login dovenull 3208 0.0 0.0 44664 3364 ? S Apr16 2:05 dovecot/imap-login dovenull 3209 0.0 0.0 42616 2296 ? S Apr16 9:00 dovecot/imap-login [1 connections (0 TLS)] dovenull 3210 0.0 0.0 44704 3604 ? S Apr16 3:19 dovecot/imap-login rinse and repeat with pop3-login or lmtp. Sami
Dovecot director: show user breakdown by director?
Hi, We have recently started using the director in some tests. We are using the static passdb setup (proxy=y nopassword=y) for now, where authentication is done on the downstream IMAP servers. "dovecot director status" shows a breakdown of proxied connections per backend, but there does not seem to be a similar breakdown of user connections per director. The output of "doveadm who" is empty. I assume this is due to there being no local userdb/passdb on the directors? root@xxx:/etc/dovecot/conf.d# doveadm who username # proto (pids) (ips) Is there a way in Dovecot to see which (or even how many) users are connected to a specific director without having to count TCP connections? Best regards, Eirik Rye
Re: Changes in sieve Dovecot 2.2
In sieve, 'keep' is usually equivalent to 'fileinto "INBOX"'. As such,
you ending up with duplicates in that configuration does not seem
strange as both of those operations will cause a copy of the message to
be filed to your inbox.
Your new configuration is correct.
That said, Dovecot's sieve implementation, Pigeonhole, is versioned
separately from Dovecot itself. Therefore, you should determine which
pigeonhole version you upgraded from (we are currently at 0.5.6), and
possibly peruse the Pigeonhole changelog to find the change:
https://raw.githubusercontent.com/dovecot/pigeonhole/0.5.6/NEWS
Best regards,
Eirik
On 29/05/2019 17:48, Gter Marcelo via dovecot wrote:
Hi People,
I'm use dovecot in my mailbox system, until last month i used the
dovecot version 2.0 and now i use version 2.2, version 2.2 works well
for me, but i have one small problem, in sieve.
In version 2.0 i had rules in sieve similiar to rule bellow:
if allof (true){
keep;
fileinto "INBOX";
redirect "xx"xx.com.br ";
stop;
}
In the new version 2.2 this rules above, i have one problem duplicate
messages in account from my clients, in paste INBOX, therefore, i
changed rule to bellow ( with remove fileinto inbox)
if allof (true){
keep;
redirect "xx"xx.com.br ";
stop;
}
Dovecot really changed your behavor, i did right to fix this ?
Thanks a Lot,
Marcelo
