Re: MySQL connection with SSL

[Gandalf Corvotempesta via dovecot]

Il giorno gio 16 mag 2024 alle ore 16:35 Stuart Henderson via dovecot
 ha scritto:
> Wrong bit of the manual. See the sample dovecot-sql.conf.ext or
> https://doc.dovecot.org/configuration_manual/authentication/sql/#id10

Seems much easier with this... I'll try tomorrow
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: MySQL connection with SSL

[Gandalf Corvotempesta via dovecot]

Il giorno gio 16 mag 2024 alle ore 15:58 Aki Tuomi
 ha scritto:
> I don't think dovecot will read your .my.cnf̣.
>
> See supported options at https://doc.dovecot.org/settings/plugin/sql-mysql/

Probably "client_flags" is what i need to use but:
1. i don't know the int value for CLIENT_SSL (and mysql docs arent'
clear on this)
2. mysql docs tell to not set the CLIENT_SSL in a client application
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: MySQL connection with SSL

[Gandalf Corvotempesta via dovecot]

Il giorno gio 16 mag 2024 alle ore 15:34 Christopher Wensink
 ha scritto:
>
> See here for the documentation for dovecot:
>
> https://doc.dovecot.org/admin_manual/ssl/

This has nothing to do with mysql connection.

What i've asked for is how to tell dovecot to connect to a mysql
server by using an ssl connection (the native mysql ssl connection),
not how to enable ssl in smtp/imap/pop3/whatever
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: MySQL connection with SSL

[Gandalf Corvotempesta via dovecot]

Il giorno gio 16 mag 2024 alle ore 15:12 Christopher Wensink via
dovecot  ha scritto:
> Yes.
>
> https://dev.mysql.com/doc/refman/8.3/en/using-encrypted-connections.html

This is for using ssl with native mysql client.
Dovecot uses the native library or has a embedded mysql library ?

because my .my.cnf is already set to use ssl as preferred, but dovecot
doesn't connect with ssl.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

MySQL connection with SSL

[Gandalf Corvotempesta via dovecot]

Hi all
is possible to tell dovecot to use a mysql connection with SSL ?

My new remote mysql server only allows ssl connections
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

so it's not possible without using lua?
i think this is a bug honestly

Il mer 17 apr 2024, 16:16 Gandalf Corvotempesta <
gandalf.corvotempe...@gmail.com> ha scritto:

> Il giorno mer 17 apr 2024 alle ore 15:31 Aki Tuomi
>  ha scritto:
> > If you have version with Lua support, you can make a passdb with lua
> that base64 encodes the plain password. Then it should work.
>
> I'm not using lua currently, and i'm planning to move the server to a
> new one with users on DB, that's why i'm looking for a quick
> workaround,
> just to migrate all password to the new schema before the server migration.
>
> Is not possible to use a plain passdb file ? If not, even with a dirty
> workaround, i'll do the schema change on the new server with accounts
> on DB
> but i really prefere to do this before, not after the migration.
>
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

Il giorno mer 17 apr 2024 alle ore 15:31 Aki Tuomi
 ha scritto:
> If you have version with Lua support, you can make a passdb with lua that 
> base64 encodes the plain password. Then it should work.

I'm not using lua currently, and i'm planning to move the server to a
new one with users on DB, that's why i'm looking for a quick
workaround,
just to migrate all password to the new schema before the server migration.

Is not possible to use a plain passdb file ? If not, even with a dirty
workaround, i'll do the schema change on the new server with accounts
on DB
but i really prefere to do this before, not after the migration.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

Il giorno mer 17 apr 2024 alle ore 14:22 Benny Pedersen via dovecot
 ha scritto:
> i am not an expert in postlogin scripts, but please show it

The issue is not the postlogin script, but dovecot. It's dovecot that
tries to expand a variable BEFORE sending it to the script

userdb {
  args = username_format=%u /etc/dovecot/passwd
  driver = passwd-file
  #default_fields = plain_pass=%w
}

> if it not working simple remove % in passwords would not solve it ?

Seriously ? oviously asking all customers to change their password to
remove a char is not a solution..

Il giorno mer 17 apr 2024 alle ore 14:22 Benny Pedersen via dovecot
 ha scritto:
>
> Gandalf Corvotempesta via dovecot skrev den 2024-04-17 08:31:
> > im following the docs to change the password schema
> >
> > docs says that i have to pass the clear password to the post login
> > script
> > but using %w doesn't work if the clear password has a "%" inside as
> > it's
> > being expanded as variabile
> >
> > in example with a password "test%Ypass" dovecot is trying to expand %Y
> > before passing it to the post login script
>
> i am not an expert in postlogin scripts, but please show it
>
> if it not working simple remove % in passwords would not solve it ?
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

im following the docs to change the password schema

docs says that i have to pass the clear password to the post login script
but using %w doesn't work if the clear password has a "%" inside as it's
being expanded as variabile

in example with a password "test%Ypass" dovecot is trying to expand %Y
before passing it to the post login script


Il mer 17 apr 2024, 08:24 Aki Tuomi  ha scritto:

> Can you explain what you are trying to do?
>
> Aki
>
> On 16/04/2024 21:36 EEST Gandalf Corvotempesta via dovecot <
> dovecot@dovecot.org> wrote:
>
>
> guys any help ?
> Is not possible to change the password schema when using passwd file ?
>
> Il giorno sab 13 apr 2024 alle ore 14:48 Gandalf Corvotempesta
>  ha scritto:
> >
>
> any clue?
>
> Il gio 11 apr 2024, 21:57 Gandalf Corvotempesta <
> gandalf.corvotempe...@gmail.com> ha scritto:
> >
>
> >> I'm following the guide for changing the password schema.
> >> Everything works as expected (i'm using a static passwd file), but
> >> when the plain password has a % inside, dovecot is trying to expand
> >> that, triggering an error:
> >>
> >> Apr 11 21:33:55 mail02 dovecot: pop3(x)<3962994><4soGPNcVXsoln9W6>:
> >> Error: Failed to expand plugin setting plain_pass = 'x%Yxx!%':
> >> Unknown variable '%Y'
> >>
> >> How can I block the variable expansion inside %w ?
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
>
>
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

guys any help ?
Is not possible to change the password schema when using passwd file ?

Il giorno sab 13 apr 2024 alle ore 14:48 Gandalf Corvotempesta
 ha scritto:
>
> any clue?
>
> Il gio 11 apr 2024, 21:57 Gandalf Corvotempesta 
>  ha scritto:
>>
>> I'm following the guide for changing the password schema.
>> Everything works as expected (i'm using a static passwd file), but
>> when the plain password has a % inside, dovecot is trying to expand
>> that, triggering an error:
>>
>> Apr 11 21:33:55 mail02 dovecot: pop3(x)<3962994><4soGPNcVXsoln9W6>:
>> Error: Failed to expand plugin setting plain_pass = 'x%Yxx!%':
>> Unknown variable '%Y'
>>
>> How can I block the variable expansion inside %w ?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

any clue?

Il gio 11 apr 2024, 21:57 Gandalf Corvotempesta <
gandalf.corvotempe...@gmail.com> ha scritto:

> I'm following the guide for changing the password schema.
> Everything works as expected (i'm using a static passwd file), but
> when the plain password has a % inside, dovecot is trying to expand
> that, triggering an error:
>
> Apr 11 21:33:55 mail02 dovecot: pop3(x)<3962994><4soGPNcVXsoln9W6>:
> Error: Failed to expand plugin setting plain_pass = 'x%Yxx!%':
> Unknown variable '%Y'
>
> How can I block the variable expansion inside %w ?
>
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Variable expansion on %w

[Gandalf Corvotempesta via dovecot]

I'm following the guide for changing the password schema.
Everything works as expected (i'm using a static passwd file), but
when the plain password has a % inside, dovecot is trying to expand
that, triggering an error:

Apr 11 21:33:55 mail02 dovecot: pop3(x)<3962994><4soGPNcVXsoln9W6>:
Error: Failed to expand plugin setting plain_pass = 'x%Yxx!%':
Unknown variable '%Y'

How can I block the variable expansion inside %w ?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

imap/pop proxy

[Gandalf Corvotempesta via dovecot]

Hi all
first time user as dovecot imap/pop3 proxy.

As i'm migrating some mailboxes to a new server, i would like to move
a couple at once, not everything (more than 10k).

The quickest way would be to setup the current (and old) dovecot
server as pop3/imap server AND proxy.

I'm thinking to start returning proxy_maybe in the password DB query,
pointing to the mailbox server.
If the mailbox server is migrated to the new one, proxy_maybe will
point to the remote server, if the mailbox is still on the old server,
proxy_maybe will point to localhost.

Is this enough ? Password auth should be done on the "remote" server
and not by the proxy itself.

Ideas ?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Gandalf Corvotempesta via dovecot]

in my case, 99% of mailboxes are imap

Il gio 11 apr 2024, 00:08 Michael Peddemors via dovecot 
ha scritto:
 Of course, anyone who is stilling using POP (Leave on Server)
 presents a
 different challenge.. Depending on the client, and how the client
 treated the UID of the message..

 The rest should present no issue..

 On 2024-04-10 14:25, Kirill Miazine via dovecot wrote:
 >
 >
     > • Gandalf Corvotempesta via dovecot [2024-04-10 23:18]:
 >> Il giorno mer 10 apr 2024 alle ore 23:12 Kirill Miazine via
 dovecot
 >>  ha scritto:
 >>> UIDVALIDITY change
 >>
 >> In which case uidvalidity would change ?
 >
 > if you do rsync, it doesn't. UIDVALIDITY is stored in dovecot-
 uidlist in
 > maildirs, as described in
 > https://doc.dovecot.org/admin_manual/mailbox_formats/maildir/#imap-
 uid-mapping
 > ___
 > dovecot mailing list -- dovecot@dovecot.org
 > To unsubscribe send an email to dovecot-le...@dovecot.org


 --
 "Catch the Magic of Linux..."
 -
 ---
 Michael Peddemors, President/CEO LinuxMagic Inc.
 Visit us at http://www.linuxmagic.com @linuxmagic
 A Wizard IT Company - For More Info http://www.wizard.ca
 "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
 -
 ---
 604-682-0300 Beautiful British Columbia, Canada

 ___
 dovecot mailing list -- dovecot@dovecot.org
 To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Gandalf Corvotempesta via dovecot]

Il giorno mer 10 apr 2024 alle ore 23:12 Kirill Miazine via dovecot
 ha scritto:
> UIDVALIDITY change

In which case uidvalidity would change ?
Manually changes in config file ?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Gandalf Corvotempesta via dovecot]

Il giorno mer 10 apr 2024 alle ore 22:32 Marc via dovecot
 ha scritto:
> Why? The whole idea about having a LTS distribution is that you almost never 
> need to do this? It is not like the imap/pop/smtp standards are having yearly 
> innovations. Or is this a service you provide for clients?

In my case the server migration has to be done because the old
datacenter is closing and i have to move all datas to a new server on
a different location.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Gandalf Corvotempesta via dovecot]

Il giorno mer 10 apr 2024 alle ore 21:40 Kirill Miazine via dovecot
 ha scritto:
> What you describe is exactly what I have been doing since ... forever
>
> - reduce TTL
> - setup new server
> - rsync
> - stop ALL mail services on old server (also anything which might be
> doing deliveries, this is important), kill client connections, if any
> - rsync again
> - update DNS
> - start mail service on new server
> - verify
> - increase TTL

this is what i've planned, but I have to be 1% sure that clients
wont re-download all messages again.
What could trigger a new re-download of message ?
The new server would be able to handle the mails stored with the old
hostname and at the same time handle
the mails stored with the new hostname (and thus different file name)
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Gandalf Corvotempesta via dovecot]

Guys, any help?
Also, what would happen if the new server has a different hostname ?

Il giorno dom 10 mar 2024 alle ore 14:28 Gandalf Corvotempesta
 ha scritto:
>
> Hi guys
> I have to migrate around 10k mailboxes from dovecot 2.13 to (i think)
> the same version but on a different server.
>
> I have to reduce as much as possible the inconveniences to the users,
> at least in this (temporary) phase.
>
> What do you suggest to move everything ? Same config, same maildir
> location and rsync everything ?
>
> Better ideas ? i've thought to use the exact same config on both
> servers, then start multiple rsync to sync as much as possible and
> when ready, drop the old dovecot in the old server, rsync the latest
> changes, and then move the dns pointment from the old ip to the new
> one.
>
> But what about the MUA downloading emails ? I think this would be
> safe...or there is a chance that some MUA would re-download everything
> ? This would be unacceptable.
>
> thank you
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Archive maildir

[Gandalf Corvotempesta via dovecot]

Il giorno mer 13 feb 2019 alle ore 14:02 @lbutlr via dovecot
 ha scritto:
> Why would the script be looking at the contents of the messages at all?  css having to "deal" with the subject? If you are using maildir, you have the 
> timestamp in the filename, and you can easily sort a message into .mm 
> folders from there. You can also, considering the size of the mail isn't in 
> the multi terabyte range, just use filtering to do this for you (filtering of 
> tour choice, I'd guess most any filtering could handle it).

The script isn't made by me and i'm not a python programme, thus, i'll
keep it as-is

I really prefere a bash one-liner..

Re: Archive maildir

[Gandalf Corvotempesta via dovecot]

Il giorno mer 13 feb 2019 alle ore 11:09 Aki Tuomi
 ha scritto:
> with 2.3.4 you could use the new FILTER command over IMAP to run sieve script.

It's a very very old server, i'm not on 2.4.x
I've managed to make this working:
https://gist.github.com/fwenzel/280896

is working properly. I had to make just 1 fix: keep the original
filename when archiving and not changing to something else

Archive maildir

[Gandalf Corvotempesta via dovecot]

Hi to all
We have a maildir with about 180GB of emails.
We have to archive them to a structure like: .Archive.YYY./MM.folder

Are you aware of a script doing this ? I've found a perl script that
doesn't spit in year and month and a very, very, very, very, very old
python script that:
1) doesn't manage base64 encoded subject properly
2) doesn't work with python 3.x (that is able to manage base64 encoded
subject properly

Any idea ?

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 12:02 Aki Tuomi 
ha scritto:
> To be strict, 'end to end' would mean that the SENDER would encrypt it
> on his station, and RECEIVER would only decrypt it on his station.
> Everything else is not end-to-end =)

Yes, of course, but this solution with GPG where dovecot is able to encrypt
mails with GPG key
will increase the overall security, but still allows to read all email
(just before the encryption) with
some malwares and so on.

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 11:19  ha scritto:
> I personally use gpgit https://github.com/EtiennePerot/gpgit
> Which does the encryption of messages. Then I use a sieve script which
> calls gpgit for every msg and encrypts before saving into mailbox

If I understood properly, for this to work, a public key must be stored on
server,
so that every message is encrypted. Then, on each MUA, the private key must
be
present, so that each MUA is able to decrypt the encrypted message, right ?

Re: end-to-end encryption

[Gandalf Corvotempesta]

Il giorno mer 16 mag 2018 alle ore 06:09 Aki Tuomi 
ha scritto:
> You could probably automate this with sieve and e.g. GnuPG, which would
mean that all your mails are encrypted without server having key to decrypt
this.

Any guide or sample to look for ?

end-to-end encryption

[Gandalf Corvotempesta]

Hi to all
I was looking at protonmail.com
Is possible to implement and end-to-end encryption with dovecot, where
server-side there is no private key to decrypt messages?

If I understood properly, on protonmail the private key is encrypted with
user's password, so that only an user is able to decrypt the mailbox.

Anything similiar ?

Re: IMAP proxy

[Gandalf Corvotempesta]

2017-12-15 18:21 GMT+01:00 Aki Tuomi :
> Return from passdb, 'proxy host=your-new-host port=143 ssl=starttls'

So, instead of returning the current db output: "user, password,
userdb_mail, userdb_sieve, .."
is enough to only return "proxy host=your-new-host port=143 ssl=starttls" ?

Will dovecot automatically proxy pop3/imap on the new server ?

What about LDA ?

IMAP proxy

[Gandalf Corvotempesta]

I'm migrating an old server to another old server (same dovecot
version in both servers)
The migration itself is straightforward, stop dovecot on the old
server, migrate everything via rsync, start dovecot to the new server.

There is only one step left: change the dns configuration, pointing
from the old server to the newer one.
As most of domains are not managed by me and some other domains are
pointing to our server via IP, I can't simply change the A record or
wait for all users to change their domain configuration.

TL;DR: is possible to use dovecot as IMAP proxy so that even after
changing our dns records, any user directly connecting to my old
server would be proxied to the newer one automatically ?

Any additional software or only a configuration change is required ?

Server migration

[Gandalf Corvotempesta]

I've asked this before, but now it's time to move one server to
another, I can't delay the operation anymore (the older server is
failing)

Both server are pretty old: 1.2.15

Probably, faster way would be to rsync all mailboxes from the older
server to the newer one.
I can start migrating everything while running then, stop the older
server and sync only what is changed, keeping downtime at minimum.

Any better solution ?


No, server upgrade is not possible. Not at this time. It's too time
consuming and I have to move asap.

Server migration

[Gandalf Corvotempesta]

Hi to all.
It's time to migrate an old server to a newer platform

Some questions:
1) what happens by changing the pop3/IMAP server on the client?
Is the client (Outlook, Thunderbird,...) smart enough to not download every
message again?
I'm asking this because the easier way to migrate would be move all
mailboxes to the new server and then change the hostname on the client

2) what if I add a dovecot proxy on the new server, proxing back all
requests to the older one, if the mailbox is still not migrated?
Would the whole pop3/IMAP transaction happen through the proxy or there is
something an http redirect (or anything similiar to the SIP protocol) ?

3) I think the response to this is no: is dovecot able to log the hostname
used for the connection? I have multiple domains pointing to the same IP.
Something like the Host header in Http.

Re: Upgrade from 1.2 to 2.2

[Gandalf Corvotempesta]

2017-02-15 13:41 GMT+01:00 Aki Tuomi :
> Btw, I think the most safe option would be to make *new* server
> (advantage to upgrade the platform here too) and migrate users to the
> new server instead of upgrading. Just my 2c.

Probably, yes.

Re: Upgrade from 1.2 to 2.2

[Gandalf Corvotempesta]

2017-02-15 13:27 GMT+01:00 Aki Tuomi :
> For good pointers, see http://wiki.dovecot.org/Upgrading
>
> it's not complete, but it should give you some idea.

I've already read that, and as wrote previously, everything broke down.
dovecont -n wasn't able to convert the configuration file and dovecot
wasn't started properly.
The only way to fix was to downgrade.

As this is a production server, I would like to avoid this kind of issue.

Upgrade from 1.2 to 2.2

[Gandalf Corvotempesta]

Hi,
I have a production server running Debian Squeeze with Dovecot 1.2
I would like to upgrade everything to Jessie, running 2.2

Last time I did something similiar, but from Lenny to Squeeze, the
whole dovecot installation broke.

Any suggestion on how to upgrade everything ? Can I test our current
configuration with a newer dovecot version to be sure that everything
would be converted properly with
"doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf" ?

Thank you

Re: Dovecot proxy

[Gandalf Corvotempesta]

2016-11-17 9:11 GMT+01:00 Gandalf Corvotempesta
<gandalf.corvotempe...@gmail.com>:
> Hi to all
> I have some *production* pop3/inappropriate server that i would like to move
> under a proxy
>
> Some questions:
> 1. Keeping the same original hostname on the proxy (in example
> mail.mydomain.tld)
> and changing the hostname on the imap server, makes some troubles like MUA
> redownloading all the messages?
> Is dovecot (running on the imap server) happy seeing the hostname change?
> What about maildirs, where the hostname is wrote on the mail file?
>
> 2. Dovecot proxy will proxy the whole pop3/imap traffic or only the login
> auth?
> I don't want to expose the mailservers to internet, all imap session must be
> proxied through the proxy.
> this because I'll use local IPs on each mail server.

Any advice on this, particurally on question 2 ?
The only way to get the real mailserver IP address is doing a
succesfull auth via proxy
or even in case of login failure the response is caming from the real
mail server ?

Dovecot proxy

[Gandalf Corvotempesta]

Hi to all
I have some *production* pop3/inappropriate server that i would like to
move under a proxy

Some questions:
1. Keeping the same original hostname on the proxy (in example
mail.mydomain.tld)
and changing the hostname on the imap server, makes some troubles like MUA
redownloading all the messages?
Is dovecot (running on the imap server) happy seeing the hostname change?
What about maildirs, where the hostname is wrote on the mail file?

2. Dovecot proxy will proxy the whole pop3/imap traffic or only the login
auth?
I don't want to expose the mailservers to internet, all imap session must
be proxied through the proxy.
this because I'll use local IPs on each mail server.

3. Performance for the proxy server?
The same as the mailserver or higher due to the missing email computation?
In example,  the proxy doesn't have to access disks or emails data but has
only
to transmit what the mailserver osd saying

4. Like question 3, any real users for the proxy?
I would like to know some info about hardware and userbase (in example:
dual quad xeon 5600, 32Gb ram, 10.000 concurrent sessions)
In my case I'm planning for about 100 active sessions. Can i use a small
EC2 instance?

Re: Dovecot Proxy and Director

[Gandalf Corvotempesta]

2016-10-29 17:02 GMT+02:00 Aki Tuomi :
> You could use private ip addresses backends so you don't even need to expose 
> them to internet at all.

This means creating a VPN between my local DC with Dovecot servers and
the cloud service provider with proxies.

Dovecot Proxy and Director

[Gandalf Corvotempesta]

Hi,
just a simple question: by using a directory and a proxy, I would be
able to totally hide the pop3/imap server ip addresses from outside?
I'm asking this because I would like to hide the real server IP for
security reasosn (DDoS and so on).

The proxy would be placed on servers with high bandwidth while the
pop3/imap dovecot servers are placed in a small datacenter that would
go down easily in case of attack

Re: Server migration

[Gandalf Corvotempesta]

2016-10-27 14:36 GMT+02:00 Timo Sirainen :
> imapsync will change IMAP UIDs and cause clients to redownload all mails. 
> http://wiki2.dovecot.org/Migration/Dsync should work though.

Just to be sure: dsync from the *new* node would connect via IMAP to
the older node and transfer everything ?
By running this:

doveadm -o mail_fsync=never sync -1 -R -u user@domain imapc:

should be OK if newer mails are arrived on the new server ?

Re: Server migration

[Gandalf Corvotempesta]

2016-10-26 8:57 GMT+02:00 Aki Tuomi :
> If you are moving from 1.x to 2.x, I think you should make some trials
> first, and preferably move the user one at a time, blocking access to
> old server/new server during move. It is very forklift upgrade, much danger.

Yes, I'll do some test migration before moving the whole server.
Maildir structure isn't changed between 1.x and 2.x, thus all emails
should be safe.
I have to test the new 2.2 configuration to see if existing users are
able to log-in but how
can I test if existing client would be able to preserve the mail ids
without downloading everything again?

Re: Server migration

[Gandalf Corvotempesta]

Il 26 ott 2016 8:30 AM, "Aki Tuomi"  ha scritto:
> I would recommend using same major release with replication.
>
> If you are using maildir++ format, it should be enough to copy all the
> maildir files over and start dovecot on new server.
>

This is much easier than dovecot replication as i can start immedialy with
no need to upgrade the old server

my only question is: how to manage the email received on the new server
during the last rsync phase?
As i wrote previously,  i have some huge maildirs where rsync take hours to
scan all files
i can't keep the server down for hours or customers won't receive any new
emails, so, after the initial sync i have to move the mailbox on the new
server (only for deliveries) . In this way I'll not loose any emails but
the new servers as newer data than the old server.
When doing rsync with --delete, the news mails would be removed

A solution could be to disable customer access to the new server and put
"new" directory in rsync exclude. Doing this won't delete the newly
received emails as the "new" directory isn't synced.
and no one osd able to move from new to cur as users are blocked for login.

Shared storage for dovecot cluster

[Gandalf Corvotempesta]

As I'm planning some server migrations and a new mail architecture,  i
would like to create an HA cluster

Any advice on which kind of shared storage should i use? Are gluster
performances with small files enough for dovecot? Any other solution?

It's mandatory to avoid any splibrains or similiar thus the replication
must be done on at least 3 storage servers.

Re: Server migration

[Gandalf Corvotempesta]

Il 24 ott 2016 5:11 PM, "Michael Seevogel"  ha scritto:
> I meant your old server. With "old" I was expecting something like Debian
Sarge or SuSE Linux 9.3. That would have been really old, but since you are
on Debian Squeeze, I would definitely choose the way with an upgraded
Dovecot version and its replication service.

Is 2.1 from squeeze-backports enough to start the replication over a newer
server with dovecot 2.2? Is this supported or both server must run the same
version?

I've looked around but the replication system is still not clear to me.
Any howto explaining this in details?

Re: Server migration

[Gandalf Corvotempesta]

2016-10-24 14:47 GMT+02:00 Michael Seevogel :
> P.S. You should think about to use on the new server mdbox as mailbox
> format.
> That's kinda a hybrid of mbox and maildir and benefits of features of both
> its predecessors. However, backup and restoring is in case of mdbox "a bit"
> different. Just have a read...

No, I don't like that format, for this:
This also means that you must not lose the dbox index files, they
can't be regenerated without data loss

additionally, this means to change even our LDA, as neither Exim or
Postfix are able to deliver messages.

Re: Server migration

[Gandalf Corvotempesta]

2016-10-24 14:47 GMT+02:00 Michael Seevogel :
> If your server OS supports newer Dovecot versions then I would highly
> suggest you to upgrade to Dovecot 2.2.xx (or at least to the latest 2.1) and
> set up Dovecot's replication[1] feature.

Are you talking about the new server or the older one that I have to replace?
The new server has to be installed from scratch, so, yes, I can use Dovecot 2.2
from Jessie

The "old" server is based on Squeeze, I can upgrade that to Wheezy and install
Dovecot 2.2 from wheezy-backports but I have huge trouble when I've tried to
do the same on a similiar server. I was unable to upgrade the dovecot
configuration
by following the documentation as this didn't work:

doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf

I had an empty  dovecot-2.conf file, no warning or output at all. It
did nothing.

> With this method you can actually archieve a smooth migration while your
> current server replicates all emails in real time to your new server,
> including new incoming emails and also mailbox changes to your new server
> and when the migration is done you'll just have to change your DNS and
> disable the Replication service.

Cool.
Any guide about this ?
Should I start the replication on one side and wait for finish before
pointing the mailbox to the new server?

> If you don't want or cannot set up replication you could still do a one-shot
> migration via Dovecot's dsync[2] on the new server, pulling the mails from
> the old. 50GB isn't that much as long as your two servers are at least
> connected with 100 Mbit to the inet. You may want to block for the time of
> the migration via iptables your users accessing Dovecot. However, under the
> bottom-line, if this is really necessary depends on you and the needs of
> your mailusers/customers.

I can't block the whole server. I have to migrate 1 user at once.
But I can disable the pop3/imap access for that user, so noone is
changing the files during the migration
(except for the postfix/exim delivery agent)

> P.S. You should think about to use on the new server mdbox as mailbox
> format.
> That's kinda a hybrid of mbox and maildir and benefits of features of both
> its predecessors. However, backup and restoring is in case of mdbox "a bit"
> different. Just have a read...
>
>
> [1] http://wiki.dovecot.org/Replication
> [2] http://wiki2.dovecot.org/Migration/Dsync

Thank you

Re: Server migration

[Gandalf Corvotempesta]

2016-10-24 11:23 GMT+02:00 Karol Augustin :
> When I am doing this I just turn off both servers for the third sync.
> Its short enough to not cause much problem. And then after third sync I
> start the new server and all clients can connect to it so I also
> mitigate any problems resulting from clients that would be still
> connected to the old server. The last issue depends on the way you force
> everyone to use new server (DNS, routing, etc).

The speed for third sync depends on the number of files to be scanned.
I have mailboxes with tons of very small emails, thus even if the first two sync
has transferred all datas, the scan made by rsync to check which files
needs to be transferred
requires many hours.

My own mailbox has 80GB of mails. I can sync everything on a new
server and then start
a new rsync phase. this new phase requires exactly 1 hours and 49
minutes (as I can see from
the last night backup). Transferred data: 78MB. 1 hours and 49 minutes
to transfer only 78MB.

> Remember that beside the new emails that could arrive during sync you
> have also all sorts of user-generated operations as move, delete etc. So
> if you just do 3rd rsync without --delete you can end up duplicating
> users' emails if they move them during procedure.

By shutting down both servers, the "--delete" argument could be used
with no issues.

Server migration

[Gandalf Corvotempesta]

Hi
i have to migrate, online, a dovecot 1.2.15 to a new server. Which is the
best way to accomplish this?

I have 2 possibility:
1) migrate from the very old server to a newer server with the same dovecot
version
2) migrate from the very old server to a new server with the latest dovecot
version

can i simply use rsync to sync everything and, when the sync is quick, move
the mailbox from the old server to the new server? My biggest concern is
how to manage the the emails that are coming during the server switch.

Let's assume a 50gb maildir , the first sync would require hours to
complete (tons of very small files) do i can't shutdown the mailbox. The
second sync would require much less time and would also sync the email
received during the first sync (but the mailbox is still receiving new
emails)
now, as third phase, i can move the mailbox to the new server (by changing
the postfix configuration) so that all new emails are received on the new
server and then start the last rsync (by removing the --delete flag or any
new emails would be deleted as not existsnt on the older server)

Any better solution?

Re: Move dovecot between servers

[Gandalf Corvotempesta]

2016-08-30 10:49 GMT+02:00 Aki Tuomi :
> Hi!
>
> See http://wiki2.dovecot.org/Upgrading

I know this guide but last time i had to upgrade between 1.2 to 2.0 it
was totally a mess, as

doveconf -n -c /etc/dovecot/dovecot.conf > dovecot-2.conf

didn't output anything.

additionally, this is for upgrading, but what about mailbox migration
(via rsync)? Dovecout would preserve the UID and anything else to
avoid a new download on clients?

Move dovecot between servers

[Gandalf Corvotempesta]

Hi to all
I have a very old dovecot server (1.2.15) with about 195GB used and
1081 email accounts.
I have to move this server to another one with contextual dovecot upgrade.

Anyone did this before? Any advice? Obviously, existing emails *must
not* be downloaded twice by existing clients (outlook, thunderbird,
...)

I have no access to customer's clients, only to my server.