Re: [Dovecot] Replication status
Timo Sirainen wrote: > On Mon, 2009-02-16 at 13:19 -0600, Bryan Bradsby wrote: > >>> I also hate the "aggregator" and "writer" names >>> >> Master, slave (ala DNS) ? >> > > Maybe, but a bit weird in a multi-master setup. > > Could always go with the naming conventions used by multimaster in ldap: consumer and supplier/provider signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Enforcing STARTTLS for all mechs while disabling imaps
Durk Strooisma wrote: > This will work for plain text authentication. However, we are (partly) > using > GSSAPI, which is not a plain text authentication mechanism. TLS (through > STARTTLS) won't be enforced in these connections. > Ah yeah, will not work with GSSAPI, sorry if I missed where you said you were using that. I can't help you the, I do not know a way to enforce TLS. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Enforcing STARTTLS for all mechs while disabling imaps
Durk Strooisma wrote: >> On 1/15/2009, Durk Strooisma (d...@kern.nl) wrote: >> >>> As far as I can see, this would only be possible when using imaps and >>> disabling imap. However, I would like to have the other way around; >>> disabling imaps and using imap for all communication (with enforced >>> STARTTLS). >>> Am I missing something? > I've tried to enforce STARTTLS for any possible connection, to avoid using > tunneling, but I couldn't find an option to do so. > > First you need to disable any ssl_listen in the protocol section: protocol imap { listen = *:143 # ssl_listen = *:993 } protocol pop3 { listen = *:110 #ssl_listen = *:995 } Then set: disable_plaintext_auth = yes That will give you the ability for users to only log in via TLS. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] v1.1.5 release candidate
Timo Sirainen wrote: > On Mon, 2008-10-20 at 10:06 -0400, Eric Toczek wrote: > >> Was just trying out 1.1.5 on a new server, using a copy of the in >> production one. The data should be the same, and with 1.1.5 getting an >> odd mkdir permissions error. >> >> dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]): >> mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied >> >> Which doesn't make sense as it shouldn't even be creating an INBOX dir >> there. >> > > It's trying to create a directory to store INBOX's index files. > > Yeah, I'm an idiot. I didn't read it fully and thought it was trying to create a maildir directory for Index in the home directory. Sorry about that. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] v1.1.5 release candidate
Was just trying out 1.1.5 on a new server, using a copy of the in production one. The data should be the same, and with 1.1.5 getting an odd mkdir permissions error. dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]): mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied Which doesn't make sense as it shouldn't even be creating an INBOX dir there. dovecot: Oct 20 09:57:56 Info: auth(default): master out: USER 2 =20 [EMAIL PROTECTED] home=3D/opt/dovecot/store/etoczek mail=3Ddbox:~/.dbox:INDEX=3D/opt/dovecot/index/etoczek uid=3D2000 = =20 gid=3D2000quota_rule=3D*:storage=3D2G Not sure what's going on and why it's trying to create that dir. Though may not be that big of an issue as I can still list messages, and Sieve is filtering properly (while giving permissions errors for mkdir Junk for example) - dovecot: Oct 20 09:57:56 Info: auth(default): client in: AUTH 3 =20 PLAIN service=3Dpop3secured lip=3D192.168.0.61 rip=3D192.168.0.61lport=3D110 rport=3D40171 =20 resp=3D dovecot: Oct 20 09:57:56 Info: auth(default): cache([EMAIL PROTECTED],192.168.0.61): hit: [EMAIL PROTECTED] dovecot: Oct 20 09:57:56 Info: auth(default): client out: OK3 =20 [EMAIL PROTECTED] dovecot: Oct 20 09:57:56 Info: auth(default): master in: REQUEST =20 2 26780 3 dovecot: Oct 20 09:57:56 Info: auth(default): master out: USER 2 =20 [EMAIL PROTECTED] home=3D/opt/dovecot/store/etoczek mail=3Ddbox:~/.dbox:INDEX=3D/opt/dovecot/index/etoczek uid=3D2000 = =20 gid=3D2000quota_rule=3D*:storage=3D2G dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Loading modules from directory: /opt/dovecot/lib/dovecot/pop3 dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded: /opt/dovecot/lib/dovecot/pop3/lib10_quota_plugin.so dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded: /opt/dovecot/lib/dovecot/pop3/lib20_expire_plugin.so dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded: /opt/dovecot/lib/dovecot/pop3/lib20_fts_plugin.so dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Module loaded: /opt/dovecot/lib/dovecot/pop3/lib21_fts_squat_plugin.so dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Effective uid=3D2000= , gid=3D2000 dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota root: name=3Duser backend=3Ddict args=3D:proxy::quotadict dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): dict quota: [EMAIL PROTECTED], uri=3Dproxy::quotadict, enforcing=3D0 dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota rule: root=3Duser mailbox=3D* bytes=3D2147483648 (0%) messages=3D0 (0%) dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): Quota rule: root=3Duser mailbox=3DTrash bytes=3D104857600 (0%) messages=3D0 (0%) dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): dbox: data=3D~/.dbox:INDEX=3D/opt/dovecot/index/etoczek dovecot: Oct 20 09:57:56 Info: POP3([EMAIL PROTECTED]): fs: root=3D/opt/dovecot/store/etoczek/.dbox, index=3D/opt/dovecot/index/etocz= ek, control=3D, inbox=3D dovecot: Oct 20 09:57:56 Error: POP3([EMAIL PROTECTED]): mkdir(/opt/dovecot/index/etoczek/INBOX) failed: Permission denied signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Any suggestions for backing up an imap server and whould maildir or dbox be better than mbox?
[EMAIL PROTECTED] wrote: > Oh, no. Rsync is smarter than this. If you don't tell it _not_ to do it, > it will transfer chunks of files which have changed and modify the > target file in-place. How it does recognize what to do is actually worth > a read [1]. > > Note that this algorithm is ideal for files which are (mostly) appended > to, like mboxes or log files. > Ah thanks, I hadn't looked too much into Rsync to see that it does that. Pretty slick. So that being said reverse what I just said, Mbox is better for Rsync then Maildir or Dbox (which would cause Rsync to run longer as it has more files to look at to see if they've changed)
Re: [Dovecot] Webmail app ... again.
Chris Wakelin wrote: > > Another persistent IMAP Webmail app may be Web-Alpine from UW, but I > haven't tried it out yet. If it's expecting to be talking to UW-IMAP > it'll need to use persistent connections! > While it's not free, a really nice webmail that does a lot of smart things (persistent imap connections, ldap connection pooling, and one of the best interfaces I've seen) is Nitido's PIM http://www.nitido.com/products/index.shtml?web_pim . It's used by a few of the larger US/Canadian ISPs for their webmail, as well as some big hosted email resellers. A bright group of guys too.
Re: [Dovecot] expire-plugin: configuration dict-server
Thomas Zajic wrote: > Hi, > Same problem here - dovecot never adds any records to the expire > table, although the database connection is fine. All it ever does > is query for existing records when a message gets moved to Trash > or Junk, so at least that part is working. Do you use namespaces? Since Timo just discovered they may not be working with expire properly. "Looking at the code it looks like the expire plugin ignores the namespace prefix but expire-tool requires it, so it probably won't work.."
Re: [Dovecot] expire-plugin: configuration dict-server
Dino Ming wrote: > Dear Eric, > > It's worked after I append the INBOX. in front of Trash > The record entered into the table with path and timestamp, but missing > value for the username. Is this make sense ? > Yup this is as expected. From Timo when I asked him about it: "The expire data is "shared" so username=NULL. You could probably remove the whole username field. I did think about problems related to this yesterday though, so maybe this gets changed somehow some day." Figured since dovecot may use the username at one point, that we should just leave it in the table. > Here come the other questions. When I run the expire-tool, its just > remove the inserted record from the dict_expire table. > But anyway, I will test it for a few days first. Hmm.. odd that it removed it. Run it with a --test and it should tell you what it is doing. Did it remove the message from the Trash too as well as the db entry? signature.asc Description: OpenPGP digital signature
Re: [Dovecot] expire-plugin: configuration dict-server
Dino Ming wrote: > Dear Eric, > > I've enabled the mysql query log, and there does not have any query > when I deleting or moving message. > So, I'm wondering is it have some compile time flag to enable this > perhaps ? Hmm.. shouldn't be any flags needed besides --with-mysql and --with-sql. I wonder if it has to do with the namespace. Try changing expire: Trash 2 to expire: INBOX.Trash 2 I'm not sure how (if) namespaces effect the expire plugin. Timo may be able to shed more light. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] expire-plugin: configuration dict-server
Jens Meyer wrote: > Hello Eric, > > thank you very much for your prompt and helpful reply! > > The connect seem to work fine now. > > Please allow me two additional questions: > Is it correct that this database-table is only a "caching-table" which > is empty at first and will be filled later? It is not necessary to > adapt the SQL-statement to my user-configuration, is it?! Correct. The table is filled when the message is moved to one of the folders that is marked as an Expire folder. That folder is added to the table with a timestamp like so: $ echo "select * from mail.expire where path like 'eric%'" | mysql -u root -p Enter password: usernamepathtimestamp [EMAIL PROTECTED]/Junk 1217943338 [EMAIL PROTECTED]/Trash1217941084 > > Is it necessary to reference the foldernames with "INBOX.Trash" or > only "Trash"? For Sieve I have to use "INBOX.Trash". > Use INBOX.Trash if the trash folder you're looking to clear out is a subfolder of your Inbox. > Actually nothing happens when trying the plugin with "dovecot > --exec-mail ext /usr/libexec/dovecot/expire-tool --test". Do you have the plugin loaded in the imap protocol section? protocol imap { ... mail_plugins = fts fts_squat quota imap_quota expire ... } If you do then the table should get updated when you move a message into the trash folder. If you've got the plugin set correctly and you're still not getting anything written into the table you can restart mysql with query logging on: http://dev.mysql.com/doc/refman/5.0/en/query-log.html Then move a message to one of the expire folders and see what query is run on the database and if it's not succeeding due to an error. signature.asc Description: OpenPGP digital signature
Re: [Dovecot] expire-plugin: configuration dict-server
Jens Meyer wrote: > > Unfortunately I have problems with the dictionary: > --> > dovecot: Aug 05 13:30:25 Error: dict: Unknown dict module: db > dovecot: Aug 05 13:30:25 Error: dict: Failed to initialize dictionary > 'expire' > Looking at the rpm it doesn't look like it has bdb support built in. But it sounds like you want to use Mysql so that's alright. > > Are there any further tipps how to use the expire-plugin with > mysql-connection (i.e. database-scheme, SQL-Select)? You will need to setup your configuration like this: dovecot.conf: dict { ... expiredict = mysql:/opt/dovecot/etc/dovecot-dict-expire.conf ... } plugin { ... expire = Trash 7 Trash/* 7 Spam 3 Junk 3 expire_dict = proxy::expiredict ... } dovecot-dict-expire.conf: connect = host= dbname= user= password= table = expire select_field = timestamp where_field = path username_field = username Then you'll want to create the table like so: create table expire( username varchar(255) not null, path varchar(100) not null, timestamp integer, primary key (username, path))engine=innodb; That should work for you. Of course enter in your correct config location and your specific expire settings. -Eric signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Expire plugin with Mysql
Dino Ming wrote: > Here is my dict.conf file > > connect = host=sql dbname=vmail user=xx password=xx > table = dict_expire > select_field = timestamp > where_field = path > username_field = username > That looks good > How can I debug the imap and check why the table didn't got updated > when we delete email ? When I was having issues previous with mysql quota I turned on mysql query logging to see what exactly was being done on the database side, and discovered what the errors were. You may want to give it a shot: http://dev.mysql.com/doc/refman/5.0/en/query-log.html
Re: [Dovecot] Dovecot load balancing
Thomas Hummel wrote: > On Thu, Jul 31, 2008 at 03:26:06PM +0200, Thomas Hummel wrote: > >> I don't quite understand the proxy_maybe option : >> > > The proxy_maybe allows you to have a user log into a server that is both doing proxy logins for another host as well as local logins. So User A connects into server 1, they live on server 2 so server 1 proxies the connection onto server 2. User B connects into server 1 and they live on server 1, so proxy_maybe allows the connect to be made direct even though their proxy setting says they go to a specific host (which happens to be server 1) > Also, 2 things which aren't quite clear to me in the Wiki : > > a) Password forwarding > > Make sure that the authentication succeeds with any given password. You can > do this by using empty passwords. v1.1+ requires also that you return > nopassword field. > > -> Does that mean that the proxy has to accept only empty passwords and that >that's the actual imap server that will deal with the actual password ? > The destination host must be set to allow plain text passwords. > b) The connections created to the destination server can't be TLS/SSL > encrypted. > > Does it still work if the client is using SSL/TLS to connect to the proxy ? > > Yes the initial connection can be done using SSL/TLS. What happens is the proxy will do the auth for the user using their password and if it succeeds and they have a proxy attribute setup then the connect is made to the destination host using a plaintext connection. What you can do is setup a dovecot proxy host(s) that has no users assigned to that server and allows only SSL/TLS connections, then on the backend a bunch of servers that users get assigned to but they cannot have: disable_plaintext_auth = yes in the configuration.