Re: [Dovecot] Replication status

2009-02-16 Thread Eric Toczek 
Timo Sirainen wrote:
> On Mon, 2009-02-16 at 13:19 -0600, Bryan Bradsby wrote:
>   
>>> I also hate the "aggregator" and "writer" names
>>>   
>> Master, slave (ala DNS) ?
>> 
>
> Maybe, but a bit weird in a multi-master setup.
>
>   
Could always go with the naming conventions used by multimaster in ldap:
consumer and supplier/provider



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Enforcing STARTTLS for all mechs while disabling imaps

2009-01-15 Thread Eric Toczek 
Durk Strooisma wrote:
> This will work for plain text authentication. However, we are (partly)
> using
> GSSAPI, which is not a plain text authentication mechanism. TLS (through
> STARTTLS) won't be enforced in these connections.
>   
Ah yeah, will not work with GSSAPI, sorry if I missed where you said you
were using that. I can't help you the, I do not know a way to enforce TLS.



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Enforcing STARTTLS for all mechs while disabling imaps

2009-01-15 Thread Eric Toczek 
Durk Strooisma wrote:
>> On 1/15/2009, Durk Strooisma (d...@kern.nl) wrote:
>> 
>>> As far as I can see, this would only be possible when using imaps and
>>> disabling imap. However, I would like to have the other way around;
>>> disabling imaps and using imap for all communication (with enforced
>>> STARTTLS).
>>> Am I missing something?
> I've tried to enforce STARTTLS for any possible connection, to avoid using
> tunneling, but I couldn't find an option to do so.
>
>   

First you need to disable any ssl_listen in the protocol section:

protocol imap {
 listen = *:143
# ssl_listen = *:993
}
protocol pop3 {
 listen = *:110
 #ssl_listen = *:995
}

Then set:
disable_plaintext_auth = yes

That will give you the ability for users to only log in via TLS.






signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] v1.1.5 release candidate

2008-10-20 Thread Eric Toczek 
Timo Sirainen wrote:
> On Mon, 2008-10-20 at 10:06 -0400, Eric Toczek wrote:
>   
>> Was just trying out 1.1.5 on a new server, using a copy of the in
>> production one.  The data should be the same, and with 1.1.5 getting an
>> odd mkdir permissions error.
>>
>> dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]):
>> mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied
>>
>> Which doesn't make sense as it shouldn't even be creating an INBOX dir
>> there.
>> 
>
> It's trying to create a directory to store INBOX's index files.
>
>   

Yeah, I'm an idiot. I didn't read it fully and thought it was trying to
create a maildir directory for Index in the home directory.

Sorry about that.




signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] v1.1.5 release candidate

2008-10-20 Thread Eric Toczek 
Was just trying out 1.1.5 on a new server, using a copy of the in
production one.  The data should be the same, and with 1.1.5 getting an
odd mkdir permissions error.

dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]):
mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied

Which doesn't make sense as it shouldn't even be creating an INBOX dir
there.
dovecot: Oct 20 09:57:56 Info: auth(default): master out: USER  2 =20
[EMAIL PROTECTED]  home=3D/opt/dovecot/store/etoczek
mail=3Ddbox:~/.dbox:INDEX=3D/opt/dovecot/index/etoczek  uid=3D2000   =
   =20
gid=3D2000quota_rule=3D*:storage=3D2G

Not sure what's going on and why it's trying to create that dir. Though
may not be that big of an issue as I can still list messages, and Sieve
is filtering properly (while giving permissions errors for mkdir Junk
for example)

-


dovecot: Oct 20 09:57:56 Info: auth(default): client in: AUTH   3 =20
PLAIN   service=3Dpop3secured lip=3D192.168.0.61
rip=3D192.168.0.61lport=3D110   rport=3D40171   =20
resp=3D
dovecot: Oct 20 09:57:56 Info: auth(default):
cache([EMAIL PROTECTED],192.168.0.61): hit:  [EMAIL PROTECTED]
dovecot: Oct 20 09:57:56 Info: auth(default): client out: OK3 =20
[EMAIL PROTECTED]
dovecot: Oct 20 09:57:56 Info: auth(default): master in: REQUEST  =20
2   26780   3
dovecot: Oct 20 09:57:56 Info: auth(default): master out: USER  2 =20
[EMAIL PROTECTED]  home=3D/opt/dovecot/store/etoczek
mail=3Ddbox:~/.dbox:INDEX=3D/opt/dovecot/index/etoczek  uid=3D2000   =
   =20
gid=3D2000quota_rule=3D*:storage=3D2G
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Loading modules
from directory: /opt/dovecot/lib/dovecot/pop3
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded:
/opt/dovecot/lib/dovecot/pop3/lib10_quota_plugin.so
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded:
/opt/dovecot/lib/dovecot/pop3/lib20_expire_plugin.so
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded:
/opt/dovecot/lib/dovecot/pop3/lib20_fts_plugin.so
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded:
/opt/dovecot/lib/dovecot/pop3/lib21_fts_squat_plugin.so
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Effective uid=3D2000=
,
gid=3D2000
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota root:
name=3Duser backend=3Ddict args=3D:proxy::quotadict
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): dict quota:
[EMAIL PROTECTED], uri=3Dproxy::quotadict, enforcing=3D0
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota rule:
root=3Duser mailbox=3D* bytes=3D2147483648 (0%) messages=3D0 (0%)
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota rule:
root=3Duser mailbox=3DTrash bytes=3D104857600 (0%) messages=3D0 (0%)
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): dbox:
data=3D~/.dbox:INDEX=3D/opt/dovecot/index/etoczek
dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): fs:
root=3D/opt/dovecot/store/etoczek/.dbox, index=3D/opt/dovecot/index/etocz=
ek,
control=3D, inbox=3D
dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]):
mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied




signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Any suggestions for backing up an imap server and whould maildir or dbox be better than mbox?

2008-10-03 Thread Eric Toczek 
[EMAIL PROTECTED] wrote:
> Oh, no. Rsync is smarter than this. If you don't tell it _not_ to do it,
> it will transfer chunks of files which have changed and modify the
> target file in-place. How it does recognize what to do is actually worth
> a read [1].
>
> Note that this algorithm is ideal for files which are (mostly) appended
> to, like mboxes or log files.
>

Ah thanks, I hadn't looked too much into Rsync to see that it does
that.  Pretty slick.

So that being said reverse what I just said, Mbox is better for Rsync
then Maildir or Dbox (which would cause Rsync to run longer as it has
more files to look at to see if they've changed)

Re: [Dovecot] Webmail app ... again.

2008-08-14 Thread Eric Toczek 
Chris Wakelin wrote:
>
> Another persistent IMAP Webmail app may be Web-Alpine from UW, but I
> haven't tried it out yet. If it's expecting to be talking to UW-IMAP
> it'll need to use persistent connections!
>

While it's not free, a really nice webmail that does a lot of smart
things  (persistent imap connections, ldap connection pooling, and one
of the best interfaces I've seen) is Nitido's PIM 
http://www.nitido.com/products/index.shtml?web_pim .  It's used by a few
of the larger US/Canadian ISPs for their webmail, as well as some big
hosted email resellers. A bright group of guys too.

Re: [Dovecot] expire-plugin: configuration dict-server

2008-08-06 Thread Eric Toczek 
Thomas Zajic wrote:
> Hi,
> Same problem here - dovecot never adds any records to the expire
> table, although the database connection is fine. All it ever does
> is query for existing records when a message gets moved to Trash
> or Junk, so at least that part is working.

Do you use namespaces? Since Timo just discovered they may not be
working with expire properly. "Looking at the code it looks like the
expire plugin ignores the namespace prefix but expire-tool requires it,
so it probably won't work.."

Re: [Dovecot] expire-plugin: configuration dict-server

2008-08-05 Thread Eric Toczek 
Dino Ming wrote:
> Dear Eric,
>
> It's worked after I append the INBOX. in front of Trash
> The record entered into the table with path and timestamp, but missing
> value for the username. Is this make sense ?
>
Yup this is as expected.  From Timo when I asked him about it:
"The expire data is "shared" so username=NULL. You could probably remove
the whole username field. I did think about problems related to this
yesterday though, so maybe this gets changed somehow some day."

Figured since dovecot may use the username at one point, that we should
just leave it in the table.
> Here come the other questions. When I run the expire-tool, its just
> remove the inserted record from the dict_expire table.
> But anyway, I will test it for a few days first.

Hmm.. odd that it removed it. Run it with a --test and it should tell
you what it is doing. Did it remove the message from the Trash too as
well as the db entry?





signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] expire-plugin: configuration dict-server

2008-08-05 Thread Eric Toczek 
Dino Ming wrote:
> Dear Eric,
>
> I've enabled the mysql query log, and there does not have any query
> when I deleting or moving message.
> So, I'm wondering is it have some compile time flag to enable this
> perhaps ?

Hmm.. shouldn't be any flags needed besides --with-mysql and --with-sql.

I wonder if it has to do with the namespace. Try changing
expire: Trash 2
to
expire: INBOX.Trash 2

I'm not sure how (if) namespaces effect the expire plugin. Timo may be
able to shed more light.






signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] expire-plugin: configuration dict-server

2008-08-05 Thread Eric Toczek 
Jens Meyer wrote:
> Hello Eric,
>
> thank you very much for your prompt and helpful reply!
>
> The connect seem to work fine now.
>
> Please allow me two additional questions:
> Is it correct that this database-table is only a "caching-table" which
> is empty at first and will be filled later? It is not necessary to
> adapt the SQL-statement to my user-configuration, is it?!
Correct. The table is filled when the message is moved to one of the
folders that is marked as an Expire folder. That folder is added to the
table with a timestamp like so:


$ echo "select * from mail.expire where path like 'eric%'" | mysql -u
root -p
Enter password:
usernamepathtimestamp
[EMAIL PROTECTED]/Junk 1217943338
[EMAIL PROTECTED]/Trash1217941084


>
> Is it necessary to reference the foldernames with "INBOX.Trash" or
> only "Trash"? For Sieve I have to use "INBOX.Trash".
>
Use INBOX.Trash if the trash folder you're looking to clear out is a
subfolder of your Inbox.

> Actually nothing happens when trying the plugin with "dovecot
> --exec-mail ext /usr/libexec/dovecot/expire-tool --test".
Do you have the plugin loaded in the imap protocol section?

protocol imap {
...
  mail_plugins = fts fts_squat quota imap_quota expire
...
}


If you do then the table should get updated when you move a message into
the trash folder.

If you've got the plugin set correctly and you're still not getting
anything written into the table you can restart mysql with query logging
on: 

http://dev.mysql.com/doc/refman/5.0/en/query-log.html

Then move a message to one of the expire folders and see what query is run on 
the database and if it's not succeeding due to an error. 




signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] expire-plugin: configuration dict-server

2008-08-05 Thread Eric Toczek 
Jens Meyer wrote:
>
> Unfortunately I have problems with the dictionary:
> -->
> dovecot: Aug 05 13:30:25 Error: dict: Unknown dict module: db
> dovecot: Aug 05 13:30:25 Error: dict: Failed to initialize dictionary
> 'expire'
>
Looking at the rpm it doesn't look like it has bdb support built in. But
it sounds like you want to use Mysql so that's alright.

>
> Are there any further tipps how to use the expire-plugin with
> mysql-connection (i.e. database-scheme, SQL-Select)?
You will need to setup your configuration like this:

dovecot.conf:

dict {
...
  expiredict = mysql:/opt/dovecot/etc/dovecot-dict-expire.conf
...
}


plugin {
...
expire = Trash 7 Trash/* 7 Spam 3 Junk 3
expire_dict = proxy::expiredict
...
}

dovecot-dict-expire.conf:
connect = host= dbname= user= password=
table = expire
select_field = timestamp
where_field = path
username_field = username


Then you'll want to create the table like so:
create table expire( username varchar(255) not null, path varchar(100)
not null, timestamp integer, primary key (username, path))engine=innodb;

That should work for you. Of course enter in  your correct config
location and your specific expire settings.

-Eric



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Expire plugin with Mysql

2008-08-05 Thread Eric Toczek 
Dino Ming wrote:
> Here is my dict.conf file
>
> connect = host=sql dbname=vmail user=xx password=xx
> table = dict_expire
> select_field = timestamp
> where_field = path
> username_field = username
>

That looks good

> How can I debug the imap and check why the table didn't got updated
> when we delete email ?

When I was having issues previous with mysql quota I turned on mysql
query logging to see what exactly was being done on the database side,
and discovered what the errors were. You may want to give it a shot:

http://dev.mysql.com/doc/refman/5.0/en/query-log.html

Re: [Dovecot] Dovecot load balancing

2008-07-31 Thread Eric Toczek 
Thomas Hummel wrote:
> On Thu, Jul 31, 2008 at 03:26:06PM +0200, Thomas Hummel wrote:
>   
>> I don't quite understand the proxy_maybe option :
>> 
>
>   
The proxy_maybe allows you to have a user log into a server that is both
doing proxy logins for another host as well as local logins. So User A
connects into server 1, they live on server 2 so server 1 proxies the
connection onto server 2. User B connects into server 1 and they live on
server 1, so proxy_maybe allows the connect to be made direct even
though their proxy setting says they go to a specific host (which
happens to be server 1)

> Also, 2 things which aren't quite clear to me in the Wiki :
>
> a) Password forwarding
>
> Make sure that the authentication succeeds with any given password. You can 
> do this by using empty passwords. v1.1+ requires also that you return 
> nopassword field.
>
> -> Does that mean that the proxy has to accept only empty passwords and that
>that's the actual imap server that will deal with the actual password ?
>   

The destination host must be set to allow plain text passwords.

> b) The connections created to the destination server can't be TLS/SSL 
> encrypted.
>
> Does it still work if the client is using SSL/TLS to connect to the proxy ?
>  
>   

Yes the initial connection can be done using SSL/TLS. What happens is
the proxy will do the auth for the user using their password and if it
succeeds and they have a proxy attribute setup then the connect is made
to the destination host using a plaintext connection. What you can do is
setup a dovecot proxy host(s) that has no users assigned to that server
and allows only SSL/TLS connections, then on the backend a bunch of
servers that users get assigned to but they cannot have:
disable_plaintext_auth = yes
in the configuration.