Re: doveadm fts lookup: Is "search query" documented anywhere?

2023-08-07 Thread Graham Leggett via dovecot 
On 05 Aug 2023, at 14:18, Aki Tuomi  wrote:

> Did you look at https://doc.dovecot.org/3.0/man/doveadm-search-query.7/ 
> 
I did not - the page https://doc.dovecot.org/3.0/man/doveadm-fts.1/ has no link 
to the above, and https://doc.dovecot.org/3.0/man/doveadm-search-query.7/  has 
no link back to https://doc.dovecot.org/3.0/man/doveadm-fts.1/, and so google 
doesn;t link these pages.

Can you update the man pages to include the links in the “see also” section?

Regards,
Graham
—


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

doveadm fts lookup: Is "search query" documented anywhere?

2023-08-05 Thread Graham Leggett via dovecot 
Hi all,

According to the —help option for doveadm fts, there is a “lookup” option as 
follows:

[root@aurora ~]# doveadm fts --help
usage: doveadm [-Dv] [-f ] fts  []
  expand   [-u |-A] [-S ] 
  lookup   [-u |-A] [-S ] 
  optimize [-u |-A] [-S ] []
  rescan   [-u |-A] [-S ] []
  tokenize [-u |-A] [-S ] 

The option does not appear to be documented anywhere (eg 
https://doc.dovecot.org/3.0/man/doveadm-fts.1/), and “search query” doesn’t 
appear to be defined.

Guessing that it might be just plain text, I tried searching for a known word, 
but this failed as follows:

[root@aurora ~]# doveadm fts lookup -u t...@example.com sweet
Fatal: Unknown argument SWEET

Anyone know?

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Dovecot shared folders - examples of the "doveadm acl" command?

2023-08-05 Thread Graham Leggett via dovecot 
On 30 Jul 2023, at 16:47, Benny Pedersen  wrote:

>> Does anyone have a concrete example of “doveadm acl” to grant someone
>> access to a shared folder?
> 
> https://doc.dovecot.org/search/?q=acl

Unfortunately the search query above doesn’t return any examples of the doveadm 
acl command.

For the record, you can do this:

doveadm acl add -u sha...@example.com INBOX user=j...@example.com create delete 
expunge insert lookup read write write-deleted write-seen
doveadm acl add -u sha...@example.com INBOX user=j...@example.com create delete 
expunge insert lookup read write write-deleted write-seen

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Dovecot shared folders - examples of the "doveadm acl" command?

2023-07-30 Thread Graham Leggett via dovecot 
Hi all,

The old wiki has been taken down, and all the links I can find through google 
are now broken.

Does anyone have a concrete example of “doveadm acl” to grant someone access to 
a shared folder?

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Accessing SSL parameters via dovecot variables

2023-07-26 Thread Graham Leggett via dovecot 
On 24 Jul 2023, at 17:04, Michael Peddemors  wrote:

> On 2023-07-21 06:42, Graham Leggett via dovecot wrote:
>> Hi all,
>> Dovecot supports variables, which can be used in filters.
>> Does the SSL code expose variables linked to the client certificate?
>> The answer today appears to be no, and if that’s true I plan to patch it, 
>> but just need to confirm I am not missing something.
> 
> A little more in-site into what you are looking for might help.
> Dovecot does expose a method, we use if for our 'Fingerprinting' system..

We identify devices by the explicit certificate they present with, rather than 
the contents of the certificate they present with.

The following PR adds the ability to use the certificate itself as a username:

https://github.com/dovecot/core/pull/202

The format of the username is CertificateExactAssertion as defined in RFC4523 
appendix A.1.

This matches the SSL_CLIENT_CERT_RFC4523_CEA variable exposed by Apache httpd.

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Filtering by SASL auth mechanism

2023-07-26 Thread Graham Leggett via dovecot 
Hi all,

I want dovecot to behave differently depending on what SASL mechanism was used. 
Most specifically, if EXTERNAL, I want auth_ssl_username_from_cert to be yes, 
but no otherwise.

There is a filtering mechanism that supports protocol, remote, etc.

https://doc.dovecot.org/configuration_manual/config_file/

Would it make sense to add a SASL mechanism filter like this:

mechanism external {
  # …
}

Regards,
Graha
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

SASL External and LDAP - Login attempt with empty password

2023-07-25 Thread Graham Leggett via dovecot 
Hi all,

I am trying to configure dovecot to accept SASL EXTERNAL authentication with a 
client certificate and no password.

I have tried the following configuration:

passdb {
  driver = ldap

  # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
  args = /etc/dovecot/dovecot-ldap-external.conf.ext

  mechanisms = external

  default_fields = noauthenticate=y
}

In the logs I see dovecot correctly negotiate SASL EXTERNAL, but eventually we 
reach this line and we fail:

https://github.com/dovecot/core/blob/34a18f5a79bf7eca58e55aff3e1fe69468292d0f/src/auth/passdb-ldap.c#L184

Which is in turn reached by following this code:

https://github.com/dovecot/core/blob/34a18f5a79bf7eca58e55aff3e1fe69468292d0f/src/auth/passdb-ldap.c#L275

In theory, if I understand this correctly, what is missing is a field to say 
“don’t try check any password”, which field is this supposed to be? 
“nopassword”? “noauthenticate”?

I am happy to patch this, but need some guidance as what the correct approach 
is.

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Dovecot pigeon/sieve and SELinux

2023-07-21 Thread Graham Leggett via dovecot 
Hi all,

I am in the process of migrating a dovecot installation from RHEL8 to RHEL9, 
this time round I am trying to get everything to work in selinux enforcing mode.

First error I am stuck on is as follows:

Error: sieve: file storage: Failed to stat sieve storage path: 
stat(/var/lib/dovecot/sieve/vacation.sieve) failed: Permission denied 
(euid=377(vmail) egid=376(vmail) missing +x perm: /var/lib/dovecot, we're not 
in group 97(dovecot), dir owned by 97:97 mode=0750)

It appears that the vmail user cannot access /var/lib/dovecot, because under 
RHEL9 the permissions are hidden to the world.

[root@seawitch dovecot]# ls -al /var/lib/dovecot
total 12
drwxr-x---.  3 dovecot dovecot   36 Jul 21 17:51 .

Am I correct in interpreting the error message as meaning that 
/var/lib/dovecot/sieve is not a correct directory for global sieve scripts, and 
they need to go somewhere else?

If they do need to go somewhere else, in the world of enforcing selinux, where 
do they go?

While dovecot-selinux is documented, sieve is not mentioned:

https://linux.die.net/man/8/dovecot_selinux

So, let’s work around the above error by adding the vmail user to the dovvecot 
group. Is this even a good idea?

/usr/sbin/usermod -a -G dovecot vmail

Now we hit the next error:

Error: sieve: file storage: Failed to stat sieve storage path: 
stat(/var/lib/dovecot/sieve/vacation.sieve) failed: Permission denied 
(euid=380(vmail) egid=378(vmail) missing +w perm: 
/var/lib/dovecot/sieve/vacation.sieve 
stat(/var/lib/dovecot/sieve/vacation.sieve) failed: Permission denied, dir 
owned by 0:0 mode=0755)

This error is weird. Dovecot is trying to open the original vacation.sieve 
source file for write - why?

We have pre-compiled all the global sieve scripts:

[root@marcopolo ~]# ls -al /var/lib/dovecot/sieve/
total 36
drwxr-xr-x. 5 rootroot4096 Jul 21 17:29 .
drwxr-x---. 3 dovecot dovecot   36 Jul 21 17:29 ..
-rwxr-xr-x. 1 rootroot 284 Jul 21 08:47 junk.sieve
-rw-r--r--. 1 rootroot 277 Jul 21 17:29 junk.svbin
-rwxr-xr-x. 1 rootroot 316 Jul 21 08:47 report-ham.sieve
-rw-r--r--. 1 rootroot 476 Jul 21 17:29 report-ham.svbin
-rwxr-xr-x. 1 rootroot 201 Jul 21 08:47 report-spam.sieve
-rw-r--r--. 1 rootroot 382 Jul 21 17:29 report-spam.svbin
drwxr-xr-x. 2 rootroot   6 Jul 21 08:47 sieve-execute
drwxr-xr-x. 2 rootroot   6 Jul 21 08:47 sieve-filter
drwxr-xr-x. 2 rootroot   6 Jul 21 08:47 sieve-pipe
-rwxr-xr-x. 1 rootroot 309 Jul 21 08:47 vacation.sieve
-rw-r--r--. 1 rootroot 558 Jul 21 17:29 vacation.svbin

Is the error perhaps inaccurate, and it’s trying to open a temp file for write, 
failing (correctly, it has no business opening a temp file for write at this 
point), and then claiming the failure on the temp file is a failure on the 
source file?

So to sum up:

- In an SELinux world of Redhat, what directory do global sieve scripts go?
- What permissions and selinux context are required on the global sieve scripts 
directory?

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Accessing SSL parameters via dovecot variables

2023-07-21 Thread Graham Leggett via dovecot 
Hi all,

Dovecot supports variables, which can be used in filters.

Does the SSL code expose variables linked to the client certificate?

The answer today appears to be no, and if that’s true I plan to patch it, but 
just need to confirm I am not missing something.

Regards,
Graham
—

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Dovecot and certificates/keys on PKCS11 smartcards/HSMs

2021-11-16 Thread Graham Leggett 
Hi all,

To configure SSL on dovecot using certificates and keys in files on disk, you 
specify the following:

# Preferred permissions: root:root 0400
ssl_cert = https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatefile:

# Example use of a certificate and private key from a PKCS#11 token:
SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45”

Regards,
Graham
—

Error: Mailbox INBOX: Transaction commit failed: FTS transaction commit failed: transaction context

2020-10-22 Thread Graham Leggett 
Hi all,

While trying to reindex a large mailbox to take advantage of Apache Tika, 
dovecot logs the following message:

Error: Mailbox INBOX: Transaction commit failed: FTS transaction commit failed: 
transaction context

The message is vague in that a transaction has failed, but nowhere does it say 
what the transaction boundaries are.

Did the transaction affect the indexing of one message, or many messages?

Did the indexing of the whole mailbox get aborted and rolled back, or just a 
single message?

A wide question. How do I ensure that my shiny new dovecot index gets 
completely reindexed? How do I know if dovecot is indexing just the new 
messages, and ignoring the existing messages?

Regards,
Graham
—

Re: How do I enable sieve trace debugging?

2020-10-14 Thread Graham Leggett 
On 14 Oct 2020, at 19:15,   wrote:

> 😃 nice, thats my question :D
> 
> If I remember correctly a log was created, but not under var/log but in the 
> home directory of the mail user. For example /var/mail/user1/sieve.

I haven't been able to make any sieve logging appear anywhere. Does anyone know 
if trace logging works as documented, or if there are extra steps?

> And not everything was logged, only serious errors. But I can not remember 
> exactly what happened...
> 
> we have solved this with sieve extprogramms and the - ubuntu - logger 
> http://manpages.ubuntu.com/manpages/xenial/man1/logger.1.html
> 
> So we run the logger each time the sieve fire. But be aware, sieve 
> extprogramms dont run with older dovecot versions.
> 
> The exact code i do not have at hand now -> if you need more information 
> about this solution, just write me private, i can check this tomorow and may 
> give you a useful tip.

Thank you for this - by luck I stumbled on a misnamed mailbox that was causing 
my scripts to be ignored. Now that the bash scripts are being run I can get 
them to log to syslog, but sieve is still silent on what it is doing.

Regards,
Graham
—

How do I enable sieve trace debugging?

2020-10-14 Thread Graham Leggett 
Hi all,

I want to enable trace debugging for sieve. Most specifically, I want to know 
what sieve scripts are running, and whether they’re doing anything.

I cannot get anything other than dead silence from dovecot with respect to 
sieve.

I have tried the same as asked in this question: 
https://unix.stackexchange.com/questions/550618/dovecot-sieve-trace-does-not-create-a-log

In my case, the config looks like this:

  ## TRACE DEBUGGING
  # Trace debugging provides detailed insight in the operations performed by
  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
  # IMAPSIEVE plugin. 
  #
  # WARNING: On a busy server, this functionality can quickly fill up the trace
  # directory with a lot of trace files. Enable this only temporarily and as
  # selective as possible.
  
  # The directory where trace files are written. Trace debugging is disabled if
  # this setting is not configured or if the directory does not exist. If the 
  # path is relative or it starts with "~/" it is interpreted relative to the
  # current user's home directory.
  sieve_trace_dir = /tmp/sieve-trace
  
  # The verbosity level of the trace messages. Trace debugging is disabled if
  # this setting is not configured. Possible values are:
  #
  #   "actions"- Only print executed action commands, like keep,
  #  fileinto, reject and redirect.
  #   "commands"   - Print any executed command, excluding test commands.
  #   "tests"  - Print all executed commands and performed tests.
  #   "matching"   - Print all executed commands, performed tests and the
  #  values matched in those tests.
  sieve_trace_level = actions,command,tests,matching
  
  # Enables highly verbose debugging messages that are usually only useful for
  # developers.
  sieve_trace_debug = yes

This looks sensible, syslog would be a great place to log, but nothing related 
to sieve appears.

[root@gatekeeper dovecot]# doveadm log find
Looking for log files from /var/log
Debug: /var/log/maillog
Info: /var/log/maillog
Warning: /var/log/maillog
Error: /var/log/maillog
Fatal: /var/log/maillog

Regards,
Graham
—

Strange permissions error - Failed to stat sieve storage path

2020-10-14 Thread Graham Leggett 
Hi all

I have dovecot-lda set up to run as vmail:vmail, with some sieve scripts in 
/var/lib/dovecot/sieve.

The sieve scripts fail to be found with the following (detailed and very 
helpful) error message:

Oct 14 16:13:33 gatekeeper dovecot[8109]: 
lda(minf...@example.com)<8109>: Error: sieve: file 
storage: Failed to stat sieve storage path: 
stat(/var/lib/dovecot/sieve/vacation.sieve) failed: Permission denied 
(euid=387(vmail) egid=387(vmail) missing +x perm: /var/lib/dovecot, we're not 
in group 97(dovecot), dir owned by 97:97 mode=0750)

In this case, the user vmail is a member of the dovecot group:

[root@gatekeeper dovecot]# cat /etc/group | grep vmail
mail:x:12:postfix,vmail,opendmarc,opendkim,openarc
dovecot:x:97:vmail
vmail:x:387:
[root@gatekeeper dovecot]# sudo su - vmail
Last login: Wed Oct 14 16:15:48 SAST 2020 on pts/0
[vmail@gatekeeper ~]$ wc -c /var/lib/dovecot/sieve/vacation.svbin 
530 /var/lib/dovecot/sieve/vacation.svbin

Does dovecot-lda do anything odd with respect to group memberships?

Regards,
Graham
—

Re: [EXT] How do I make "vnd.dovecot.environment" available?

2020-09-25 Thread Graham Leggett 
On 24 Sep 2020, at 22:07, Sami Ketola  wrote:

> I think this should be
> 
> require ["environment"];
> 
> instead.

I eventually stumbled on a syntax that worked. Putting all of this in one place:

- You need to turn on the sieve_extprograms plugin:

  sieve_plugins = sieve_extprograms

- Then you need to enable vnd.dovecot.environment:

  sieve_global_extensions = +vnd.dovecot.environment

- Then you need to pull the extra fields you want out of the userdb, and those 
fields must be prefixed with “sieve_env_”, like this example for LDAP:

  user_attrs = 
mailMessageStore=home=%$,=sieve_env_mail_auto_reply_mode=%{ldap:mailAutoReplyMode},=sieve_env_mail_auto_reply_text=%{ldap:mailAutoReplyText}

- Then you need to add a requirement on “vnd.dovecot.environment” to the sieve 
script.

- Then, to access the variables in the sieve script, you need to drop the 
“sieve_env_” part, and add the prefix “env.vnd.dovecot.config.”. There are 
various docs floating around that reference the above variable without the 
leading “env.” - this must be there too.

- The resulting sieve looks like this:

require ["fileinto", "mailbox"];
require ["vacation", "variables"];
require ["vnd.dovecot.environment"];

# fileinto: for putting mail into a imap folder
# mailbox: for creating imap folder if not exists
#
if header :contains "X-Spam-Flag" "YES" {
# move mail into folder Junk, create folder if not exists
fileinto :create "Junk";
stop;
}

if string :matches "${env.vnd.dovecot.config.mail_auto_reply_mode}" "reply" {
if header :matches "subject" "*" {
vacation :subject "AutoReply: ${1}"
"${env.vnd.dovecot.config.mail_auto_reply_text}";
}
}

- The output of sieve-test looks like this. The handle is weird, but I’m 
assuming there is method in the madness somehow:

sieve-test(root): Debug: sieve: Pigeonhole version 0.5.8 (b7b03ba2) initializing
sieve-test(root): Debug: sieve: include: sieve_global is not set; it is 
currently not possible to include `:global' scripts.
sieve-test(root): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 
0.5.8 (b7b03ba2) loaded
debug: file storage: Using Sieve script path: 
/var/lib/dovecot-sieve/default.sieve.
debug: file script: Opened script `default' from 
`/var/lib/dovecot-sieve/default.sieve'.
debug: Script binary /var/lib/dovecot-sieve/default.svbin successfully loaded.
debug: binary save: not saving binary /var/lib/dovecot-sieve/default.svbin, 
because it is already stored.

Performed actions:

 * send vacation message:
=> seconds : 604800
=> subject : AutoReply: Test1
=> handle  : ${env.vnd.dovecot.config.mail_auto_reply_text}AutoReply: 
${1}

START MESSAGE
I am truly away...
END MESSAGE

Implicit keep:

 * store message in folder: INBOX

sieve-test(root): Info: final result: success

Regards,
Graham
—

Re: How do I make "vnd.dovecot.environment" available?

2020-09-24 Thread Graham Leggett 
On 24 Sep 2020, at 20:45, Sami Ketola  wrote:

> can you link your doveconf -n and the sieve script?

The user’s detail are:

[root@gatekeeper ~]# doveadm user minf...@example.com
field   value
uid vmail
gid vmail
home/home/vmail/minf...@example.com/
mailmaildir:~/mail
mail_auto_reply_modereply
mail_auto_reply_textI am truly away...

The sieve script is:

[root@gatekeeper ~]# cat /var/lib/dovecot-sieve/default.sieve 
#

require ["fileinto", "mailbox"];
require ["vacation", "variables"];
require ["vnd.dovecot.environment"];

# fileinto: for putting mail into a imap folder
# mailbox: for creating imap folder if not exists
#
if header :contains "X-Spam-Flag" "YES" {
# move mail into folder Junk, create folder if not exists
fileinto :create "Junk";
stop;
}

#if string :matches "${vnd.dovecot.mail_auto_reply_mode}" "reply" {
if header :matches "subject" "*" {
vacation :subject "AutoReply: ${1}"
"${vnd.dovecot.mail_auto_reply_text}";
}
#}

The dovecot -n is:

[root@gatekeeper ~]# dovecot -n
# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.8 (b7b03ba2)
# OS: Linux 4.18.0-193.19.1.el8_2.x86_64 x86_64 CentOS Linux release 8.2.2004 
(Core)  
# Hostname: gatekeeper.horizonmarine.co.za
first_valid_uid = 201
mail_gid = vmail
mail_location = maildir:~/mail
mail_plugins = acl
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
mbox_write_locks = fcntl
namespace {
  list = children
  location = maildir:%%h/mail:INDEXPVT=~/shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_default = /var/lib/dovecot-sieve/default.sieve
  sieve_global_extensions = +vnd.dovecot.environment
  sieve_plugins = sieve_extprograms
}
protocols = lmtp imap pop3 submission
service imap-login {
  inet_listener imap {
address = 127.0.0.1, ::1
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service imap {
  vsz_limit = 1 G
}
service pop3-login {
  inet_listener pop3 {
address = 127.0.0.1, ::1
  }
  inet_listener pop3s {
port = 995
ssl = yes
  }
}
service submission-login {
  inet_listener submission {
port = 587
  }
  inet_listener submissions {
haproxy = no
port = 465
reuse_port = no
ssl = yes
  }
}
ssl = required
ssl_cert =  seconds : 604800
=> subject : AutoReply: Test1
=> handle  : ${vnd.dovecot.mail_auto_reply_text}AutoReply: 
${1}

START MESSAGE

END MESSAGE

Implicit keep:

 * store message in folder: INBOX

sieve-test(root): Info: final result: success

The variable “vnd.dovecot.mail_auto_reply_text” is the trouble - it’s not being 
resolved, and I have no idea what the format of the variable should be.

Regards,
Graham
—

How do I make "vnd.dovecot.environment" available?

2020-09-24 Thread Graham Leggett 
Hi all,

According to the docs at https://wiki.dovecot.org/Pigeonhole/Sieve, some 
extensions are not available by default.

The docs tell me the sieve_plugins, sieve_extensions and/or 
sieve_global_extensions configs are involved, but I can find no authoritative 
documentation as to what the values should be.

What values must I use to make “vnd.dovecot.environment” available?

Adding "sieve_global_extensions = +vnd.dovecot.environment” to 90-sieve.conf 
seems to not be enough.

[root@gatekeeper ~]# sievec -D /var/lib/dovecot-sieve/default.sieve 
sievec(root): Debug: sieve: Pigeonhole version 0.5.8 (b7b03ba2) initializing
sievec(root): Debug: sieve: include: sieve_global is not set; it is currently 
not possible to include `:global' scripts.
sievec(root): Debug: sieve: file storage: Using Sieve script path: 
/var/lib/dovecot-sieve/default.sieve
sievec(root): Debug: sieve: file script: Opened script `default' from 
`/var/lib/dovecot-sieve/default.sieve'
default: line 5: error: require command: unknown Sieve capability 
`vnd.dovecot.environment'.
default: line 19: error: referring to variable in unknown namespace 'vnd'.
default: error: validation failed.
sievec(root): Fatal: failed to compile sieve script 
'/var/lib/dovecot-sieve/default.sieve'

Regards,
Graham
—

Re: Vacation sieve explained: how does it work?

2020-09-24 Thread Graham Leggett 
On 23 Sep 2020, at 21:51, @lbutlr  wrote:

> If people cannot deal with a delay of a minute or five, increase the interval 
> to 12 hours, or even better, "changes will take affect at 6am the next 
> business day."
> 
> That'll learn ‘em.

We like our users, and they like us :)

We’re pulling the value of the vacation message like this:

user_attrs = 
mailMessageStore=home=%$,=mail_auto_reply_mode=%{ldap:mailAutoReplyMode},=mail_auto_reply_text=%{ldap:mailAutoReplyText}

So far the sieve that I have looks like this:

#

require ["fileinto", "mailbox"];
require ["vacation", "variables"];

# fileinto: for putting mail into a imap folder
# mailbox: for creating imap folder if not exists
#
if header :contains "X-Spam-Flag" "YES" {
# move mail into folder Junk, create folder if not exists
fileinto :create "Junk";
stop;
}

if string :matches "${mail_auto_reply_mode}" "reply" {
if header :matches "subject" "*" {
vacation :subject "AutoReply: ${1}"
"${mail_auto_reply_text}";
}
}

And sieve-test looks like this:

sieve-test(root): Debug: sieve: Pigeonhole version 0.5.8 (b7b03ba2) initializing
sieve-test(root): Debug: sieve: include: sieve_global is not set; it is 
currently not possible to include `:global' scripts.
debug: file storage: Using Sieve script path: 
/var/lib/dovecot-sieve/default.sieve.
debug: file script: Opened script `default' from 
`/var/lib/dovecot-sieve/default.sieve'.
debug: Script binary /var/lib/dovecot-sieve/default.svbin successfully loaded.
debug: binary save: not saving binary /var/lib/dovecot-sieve/default.svbin, 
because it is already stored.

Performed actions:

  (none)

Implicit keep:

 * store message in folder: INBOX

sieve-test(root): Info: final result: success

Effectively no vacation message was detected.

Is the variable syntax or ${mail_auto_reply_text} correct, or is there a 
namespace I should be using?

Regards,
Graham
—

Re: Vacation sieve explained: how does it work?

2020-09-23 Thread Graham Leggett 
On 23 Sep 2020, at 15:37, Sami Ketola  wrote:

> Pigeonhole can read sieve scripts from ldap too 
> https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration/LDAP 
> 

Thanks for confirming this - it will need some updates to our LDAP, but this is 
another thing for us to try.

Regards,
Graham
—

Re: Vacation sieve explained: how does it work?

2020-09-23 Thread Graham Leggett 
On 23 Sep 2020, at 14:29, Marc Roos  wrote:

> You can do whatever you like, as long as the result is this 'text' file. 
> I have also bash file that modifies this file for users. You can make a 
> 5 min cron job that detects changes in ldap and then creates the sieve 
> rule.

I've tried the cronjob approach before, and people didn’t like the delay.

I have found the extra fields being queried from the userdb, 

user_attrs = 
mailMessageStore=home=%$,=mail_auto_reply_mode=%{ldap:mailAutoReplyMode},=mail_auto_reply_text=%{ldap:mailAutoReplyText}

Is it possible to confirm how the mail_auto_reply_mode variable would be 
available in sieve? Is it just a case of referring to ${mail_auto_reply_mode} 
or is there more to it than that?

Regards,
Graham
—

Re: Vacation sieve explained: how does it work?

2020-09-23 Thread Graham Leggett 
On 23 Sep 2020, at 14:07, Marc Roos  wrote:

> It is just a sieve rule.
> 
> 1. 
> On disk default file .dovecot.sieve
> 
> 2. I am using roundcube webmail for that.
> 
> 3. with if false # true
> # rule:[Out of Office]
> if true
> {
> vacation :days 1 :subject "Test" "test test";
> }

Is there a way to inject variables from the userdb into the above?

For example, if I was to pass the vacation message attribute through the userdb 
lookup, could I then test if the variable was present, and then embed that 
variable in the message?

Regards,
Graham
—

Vacation sieve explained: how does it work?

2020-09-23 Thread Graham Leggett 
Hi all,

I have a legacy system that uses gnarwl to handle vacation messages, most 
specifically the vacation messages are stored in LDAP. We have a web based tool 
that allows people to update their vacation message, all they’re doing is 
modifying LDAP.

I am trying to find out if dovecot’s vacation sieve can do the same thing. I am 
struggling however to find something that describes to me how dovecot vacation 
sieve is configured. Is there a howto or walkthrough anywhere?

Specific burning questions:

- If I was to configure the dovecot vacation sieve, where is the body of each 
vacation message stored? File on disk? In a store like an LDAP store? Somewhere 
else?

- How is the body of vacation message modified? Does this happen through the 
IMAP protocol, a command line tool, something else?

- How is the vacation message switched on and off? Does this happen through the 
IMAP protocol, a command line tool, or something else?

The docs at https://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/Vacation 
describe how to control how often the vacation messages are sent, but very 
little else. I am very confused :(

Regards,
Graham
—

Re: [Dovecot] Turning on autocreate of maildirs - how?

2014-03-12 Thread Graham Leggett 
On 12 Mar 2014, at 8:23 AM, Steffen Kaiser  
wrote:

> What's your UserDB? In some message you've mentioned LDAP. With "Attribute 
> templates" you can prefix the location with "maildir:". If you do not return 
> mail in the userdb, the global mail_location is used.

Turns out this was the key - when I changed

user_attrs = mailMessageStore=mail

to

user_attrs = mailMessageStore=mail=maildir:%$

the autocreate started working successfully with the original path values, and 
maildrop is happy.

Thanks you for this, I appreciate it.

Regards,
Graham
--

Re: [Dovecot] Turning on autocreate of maildirs - how?

2014-03-11 Thread Graham Leggett 
On 11 Mar 2014, at 7:32 PM, Graham Leggett  wrote:

> Giving the different prefix a try on a test account, a mailbox directory is 
> created, but the rest of the maidir directories (new, cur, tmp) aren't 
> created, and the error below is returned.
> 
> The key is the message "Error: user t...@sharp.fm: Initialization failed: 
> namespace configuration error: There can be only one namespace with inbox=yes"

This is somewhat of a moot point - the addition of maildir: breaks maildrop:

Mar 11 17:35:36 monica postfix/pipe[25561]: 10E29804B4: to=, 
relay=maildrop, delay=0.21, delays=0.15/0.02/0/0.03, dsn=4.3.0, status
=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to 
change to home directory. )

Is there a way to get dovecot autocreate to work without fiddling with the 
paths? For example, declare a global maildir default?

Regards,
Graham
--

Re: [Dovecot] Turning on autocreate of maildirs - how?

2014-03-11 Thread Graham Leggett 
On 11 Mar 2014, at 6:25 PM, Graham Leggett  wrote:

> For years the trailing slash has indicated the mailbox format as maildir, and 
> dovecot has been happily autodetecting these maildirs without a problem.
> 
> In our case in addition to dovecot we have a combination of postfix and a 
> legacy courier-imap, how will these the be affected by the addition of 
> "maildir:"?
> 
> What I don't understand is why autocreate is ignoring the long standing 
> convention that the trailing slash indicates maildir, and whether this is 
> intentional or whether there is some reason for it.

Giving the different prefix a try on a test account, a mailbox directory is 
created, but the rest of the maidir directories (new, cur, tmp) aren't created, 
and the error below is returned.

The key is the message "Error: user t...@sharp.fm: Initialization failed: 
namespace configuration error: There can be only one namespace with inbox=yes"

Mar 11 17:27:20 monica dovecot: imap: Debug: Added userdb setting: 
mail=maildir:/home/vmail/t...@sharp.fm/
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Debug: Effective uid=517, 
gid=517, home=
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=maildir:/home/vmail/t...@sharp.fm/
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Debug: maildir++: 
root=/home/vmail/t...@sharp.fm, index=, indexpvt=, control=, 
inbox=/home/vmail/t...@sharp.fm, alt=
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Debug: Namespace : 
type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:/home/vmail/t...@sharp.fm/
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Debug: maildir++: 
root=/home/vmail/t...@sharp.fm, index=, indexpvt=, control=, 
inbox=/home/vmail/t...@sharp.fm, alt=
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Error: user t...@sharp.fm: 
Initialization failed: namespace configuration error: There can be only one 
namespace with inbox=yes
Mar 11 17:27:20 monica dovecot: imap(t...@sharp.fm): Error: Invalid user 
settings. Refer to server log for more information.

I have two namespaces defined, I am assuming this is wrong:

namespace inbox {
  inbox = yes
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = no
special_use = \Sent
  }
  mailbox Junk {
auto = create # autocreate Spam, but don't autosubscribe
special_use = \Junk
  }
  mailbox virtual/All { # if you have a virtual "All messages" mailbox 
auto = no
special_use = \All
  }
}

namespace {
  type = private
  separator = .
  prefix = INBOX.
  inbox = yes
}

Regards,
Graham
--

Re: [Dovecot] Turning on autocreate of maildirs - how?

2014-03-11 Thread Graham Leggett 
On 11 Mar 2014, at 6:18 PM, Jeroen Massar  wrote:

> On 2014-03-11 17:04, Graham Leggett wrote:
> [..]
> 
>> Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Error: user 
>> t...@sharp.fm: Initialization failed: Namespace '': Ambiguous mail location 
>> setting, don't know what to do with it: /home/vmail/t...@sharp.fm/ (try 
>> prefixing it with mbox: or maildir:)
> 
> This line is important the important one and tells you what to do.
> 
> (effectively dovecot does not know the format of the mail directory
> hence it does not know how to create it…)

For years the trailing slash has indicated the mailbox format as maildir, and 
dovecot has been happily autodetecting these maildirs without a problem.

In our case in addition to dovecot we have a combination of postfix and a 
legacy courier-imap, how will these the be affected by the addition of 
"maildir:"?

What I don't understand is why autocreate is ignoring the long standing 
convention that the trailing slash indicates maildir, and whether this is 
intentional or whether there is some reason for it.

Regards,
Graham
--

[Dovecot] Turning on autocreate of maildirs - how?

2014-03-11 Thread Graham Leggett 
Hi all,

I have a dovecot v2.2.7 installation, and I would like dovecot to autocreate 
the Maildir mailbox when those mailboxes don't exist. Following the 
instructions at http://wiki2.dovecot.org/MailboxSettings have had no effect, 
the errors below are reported.

As soon as I create the Maildir manually with maildirmake fetching mail starts 
working fine, so all of the messages about the directory being ambiguous seem 
to be a red herring.

Anyone know how to turn this on?

Mar 11 16:02:37 monica dovecot: imap: Debug: Added userdb setting: 
mail=/home/vmail/t...@sharp.fm/
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: Effective uid=517, 
gid=517, home=
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes 
location=/home/vmail/t...@sharp.fm/
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: mdbox autodetect: 
stat(/home/vmail/t...@sharp.fm/storage) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: sdbox autodetect: 
stat(/home/vmail/t...@sharp.fm/mailboxes) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: maildir autodetect: 
stat(/home/vmail/t...@sharp.fm/cur) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: mbox autodetect: 
INBOX file: stat(/home/vmail/t...@sharp.fm) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: mbox autodetect: 
has .imap/: stat(/home/vmail/t...@sharp.fm/.imap) failed: No such file or 
directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: mbox autodetect: 
has inbox: stat(/home/vmail/t...@sharp.fm/inbox) failed: No such file or 
directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: mbox autodetect: 
has mbox: stat(/home/vmail/t...@sharp.fm/mbox) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Debug: sdbox autodetect: 
stat(/home/vmail/t...@sharp.fm/mailboxes) failed: No such file or directory
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Error: user t...@sharp.fm: 
Initialization failed: Namespace '': Ambiguous mail location setting, don't 
know what to do with it: /home/vmail/t...@sharp.fm/ (try prefixing it with 
mbox: or maildir:)
Mar 11 16:02:37 monica dovecot: imap(t...@sharp.fm): Error: Invalid user 
settings. Refer to server log for more information.

Regards,
Graham
--

[Dovecot] Dovecot proxying with LDAP - an example?

2013-12-22 Thread Graham Leggett 
Hi all,

I have been struggling trying to understand the syntax to configure dovecot as 
a proxy against an LDAP server.

As a single server dovecot works great. Now I want to add the "mailHost" 
attribute which, if present, should indicate the DNS name of the host that 
contains the person's mailbox. If the mailHost matches the local hostname, the 
mailbox should be served locally as it already does now. If the mailHost is not 
the local hostname, dovecot should proxy the request to the given server using 
SSL on port 993.

The docs at http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy suggest 
that proxy_always is what I am looking for, but I cannot find any worked 
examples of how this might work. Has anyone attempted this before? What I have 
so far is this, but no proxying seems to take place:

pass_attrs = mail=user,userPassword=password,\
  mailMessageStore=userdb_mail,=proxy_always=y,mailHost=host,=ssl=yes

Can anyone confirm?

I am using dovecot v2.0.9 as provided out the box by RHEL6.

Regards,
Graham
--

Re: [Dovecot] OT: Large corporate email systems - Exchange vs open source *nix based

2013-12-11 Thread Graham Leggett 
On 11 Dec 2013, at 12:36 PM, Stan Hoeppner  wrote:

> The decision whether to stick with FLOSS or move to Exchange boils down
> to a few things, assuming management is making the decision, not the IT
> department.

Why would you hire an IT department but then not allow the IT department to be 
making the IT decisions?

Regards,
Graham
--

Re: [Dovecot] IMAP proxy - can it detect parodying to itself?

2012-11-26 Thread Graham Leggett 
On 26 Nov 2012, at 4:24 PM, Graham Leggett  wrote:

> I have some IMAP servers fronted with separate perdition processes, and it 
> would be ideal if I could collapse this down to having dovecot do both the 
> IMAP proxying and the IMAP serving at the same time on the same IP addresses.

A heartfelt thanks to Apple Autocorrect for changing "parodying", oops, I meant 
"parodying", aargh, I meant "p r o x y i n g", to parodying in the subject of 
this message.

Regards,
Graham
--



smime.p7s
Description: S/MIME cryptographic signature

[Dovecot] IMAP proxy - can it detect parodying to itself?

2012-11-26 Thread Graham Leggett 
Hi all,

I have some IMAP servers fronted with separate perdition processes, and it 
would be ideal if I could collapse this down to having dovecot do both the IMAP 
proxying and the IMAP serving at the same time on the same IP addresses.

One of the fields in my LDAP entries contains the canonical name of the server 
that hosts their mailbox, and if I follow the manual at 
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields#LDAP I could add the host 
field to enable proxying.

My question is whether dovecot has the ability to notice whether dovecot is 
being asked to proxy to itself, in other words the value of "host" is the 
current dovecot server, and when this happens, ignore the proxy and just be a 
straight IMAP server, because the user has connected to the right box already.

Is this possible?

Regards,
Graham
--



smime.p7s
Description: S/MIME cryptographic signature