sasl service for other app
can dovecot run as a general sasl service for other apps? such as webdav. Thanks.
how to clean virtual users correctly
Hello I removed the user in static userdb file, and deleted /var/mail/vhosts/$domain/$user dir. when I recreated the user, the system dirs (sent, draft etc) disappeared. Anything wrong here? Thank you. -- Henry R https://openmbox.net/
Re: N-way replication, multiple masters
1 GB data per day is very little volume ,I think dovecot replication, rsync
also suitable.
Hi
Mail replication – honestly, I don’t have any hard metrics for that. I’m
anticipating its less than 1 GB per day.
Link speed – being AWS inter AZ its 100Mbps-1GBps. I’m conscious if I go inter
region the strategy may need to change.
Thanks
Raymond
Raymond Sellars () 在 2021年6月17日星期四
上午11:30:23 [GMT+8] 寫道:
#yiv6469694122 #yiv6469694122 -- _filtered {} _filtered {} _filtered {}
_filtered {} _filtered {}#yiv6469694122 #yiv6469694122
p.yiv6469694122MsoNormal, #yiv6469694122 li.yiv6469694122MsoNormal,
#yiv6469694122 div.yiv6469694122MsoNormal
{margin:0cm;font-size:11.0pt;font-family:sans-serif;}#yiv6469694122 a:link,
#yiv6469694122 span.yiv6469694122MsoHyperlink
{color:blue;text-decoration:underline;}#yiv6469694122
span.yiv6469694122EmailStyle19
{font-family:sans-serif;color:#1F497D;font-weight:normal;font-style:normal;}#yiv6469694122
.yiv6469694122MsoChpDefault {font-size:10.0pt;} _filtered {}#yiv6469694122
div.yiv6469694122WordSection1 {}#yiv6469694122
Hi
Mail replication – honestly, I don’t have any hard metrics for that. I’m
anticipating its less than 1 GB per day.
Link speed – being AWS inter AZ its 100Mbps-1GBps. I’m conscious if I go inter
region the strategy may need to change.
Thanks
Raymond
From: Henry
Sent: Thursday, 17 June 2021 3:20 PM
To: Raymond Sellars
Subject: Re: N-way replication, multiple masters
How many data for mail replication ?
and the link speed?
Raymond Sellars () 在 2021年6月17日星期四 上午11:10:23
[GMT+8] 寫道:
Re: Re: nginx configuration to pass x-originating-ip
Hello, Does anyone has a solution about it? Thanks
Re: last login plugins
Dear Aki,
For a very busy server ,if using post login script for record last login ,what
is the difference between post login script and last login plugins about
performance and limitation ? thanks
https://wiki.dovecot.org/PostLoginScripting
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/
Henry () 在 2021年3月3日星期三 下午06:04:14 [GMT+8] 寫道:
oh! cannot see the last_login_key at logging
Mar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Added userdb setting:
plugin/quota_rule=*:backend=19922944SMar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Effective uid=89, gid=89,
home=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Quota root: name=User quota backend=maildir args=Mar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Quota rule: root=User quota mailbox=* bytes=19922944 messages=0Mar 3 17:57:10
cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Quota grace:
root=User quota bytes=1992294 (10%)Mar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
location=maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailMar
3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: maildir++:
root=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir,
index=/home/vpopmail/domains/2/6/x/testing.com/email, indexpvt=, control=,
inbox=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, alt=Mar 3
17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: quota:
quota_over_flag check: quota_over_script unset - skippingMar 3 17:57:10
cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox INBOX:
Mailbox opened because: STATUSMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox INBOX:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Drafts:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Sent: Mailbox
opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Trash:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox 寄件備份: Mailbox
opened because: SELECT
Aki Tuomi () 在 2021年3月3日星期三 下午05:51:55 [GMT+8]
寫道:
Can you enable `mail_debug=yes` and see what the last_login_key value is when
imap session starts? It should show up on logs.
Aki
> On 03/03/2021 11:12 Henry wrote:
>
>
> but when I remove the last_login_key at plugins, error log as below
>
>
>
> Error: last_login_dict: Failed to write value: dict-server returned failure:
> sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com
> (reply took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in
> locks, async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago,
> took 0.000 secs))
>
>
>
> Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8] 寫道:
>
>
> Looks promising, can you try removing "plugin { last_login_key=.. }" from
> your configuration file completely and see if it works then?
>
> Aki
>
>
> > On 03/03/2021 10:17 Henry wrote:
> >
> >
> > Dear Aki
> >
> >
> > Below for output, it is normal?
> >
> > [root@cnt8-testing dovecot]# doveadm user em...@testing.com
> >
> > doveadm user em...@testing.com
> > field value
> > uid 89
> > gid 89
> > home /home/vpopmail/domains/2/6/x/testing.com/email
> > mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email
> > quota_rule *:bytes=19922944
> > last_login_key last-login/em...@testing.com/testing.com///0
> >
> >
> >
> >
> >
> > Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8]
> > 寫道:
> >
> >
> > Did you try
> >
> > doveadm user account
> >
> > to see that last_login_key appears in output in correct form?
> >
> > Aki
> >
> >
> > On March 2, 2021 2:44:43 PM UTC, Henry wrote:
> > > Dear Aki,
> > >
> > > I try it as your recommend but still no luck, same error
> > >
> > > Error: Failed to expand plugin setting last_login_key =
> > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
> > >
> > > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error
> > > as below
> > >
> > > Error: last_login_dict: Failed to write value: dict-server returned
> > > failure: sql dict set: Invalid/unmapped key: shared/last-login/
> > >
> > >
Re: About TLS variables
Then the information variables can be pass to post-login script? Aki Tuomi () 在 2021年3月4日星期四 下午02:58:44 [GMT+8] 寫道: This information is not passed currently to auth process, so no, it's not currently possible. Aki > On 04/03/2021 08:34 Henry wrote: > > > Hello, > > I found the Variable %c only has TLS, Can it be using "TLSv1, > TLSv1.1,TLSv1.2,TLSv1.3" instead of only TLS like as dovecot logging, this is > really a most meaningful , thanks > > > > Variable%c > Long namesecured > Description“TLS” with established SSL/TLS connections, “TLS handshaking”, or > “TLS [handshaking]: error text” if disconnecting due to TLS error. “secured” > with localhost connections. Otherwise empty. > > > > > >
About TLS variables
Hello, I found the Variable %c only has TLS, Can it be using "TLSv1, TLSv1.1, TLSv1.2, TLSv1.3" instead of only TLS like as dovecot logging, this is really a most meaningful , thanks Variable %cLong name securedDescription “TLS” with established SSL/TLS connections, “TLS handshaking”, or “TLS [handshaking]: error text” if disconnecting due to TLS error. “secured” with localhost connections. Otherwise empty.
Re: last login plugins
oh! cannot see the last_login_key at logging
Mar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Added userdb setting:
plugin/quota_rule=*:backend=19922944SMar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Effective uid=89, gid=89,
home=/home/vpopmail/domains/2/6/x/testing.com/emailMar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Quota root: name=User quota backend=maildir args=Mar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Quota rule: root=User quota mailbox=* bytes=19922944 messages=0Mar 3 17:57:10
cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Quota grace:
root=User quota bytes=1992294 (10%)Mar 3 17:57:10 cnt8-testing
dovecot[650754]: imap(em...@testing.com)<650774>: Debug:
Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
location=maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailMar
3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: maildir++:
root=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir,
index=/home/vpopmail/domains/2/6/x/testing.com/email, indexpvt=, control=,
inbox=/home/vpopmail/domains/2/6/x/testing.com/email/Maildir, alt=Mar 3
17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: quota:
quota_over_flag check: quota_over_script unset - skippingMar 3 17:57:10
cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox INBOX:
Mailbox opened because: STATUSMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox INBOX:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Drafts:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Sent: Mailbox
opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox Trash:
Mailbox opened because: SELECTMar 3 17:57:10 cnt8-testing dovecot[650754]:
imap(em...@testing.com)<650774>: Debug: Mailbox 寄件備份: Mailbox
opened because: SELECT
Aki Tuomi () 在 2021年3月3日星期三 下午05:51:55 [GMT+8]
寫道:
Can you enable `mail_debug=yes` and see what the last_login_key value is when
imap session starts? It should show up on logs.
Aki
> On 03/03/2021 11:12 Henry wrote:
>
>
> but when I remove the last_login_key at plugins, error log as below
>
>
>
> Error: last_login_dict: Failed to write value: dict-server returned failure:
> sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com
> (reply took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in
> locks, async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago,
> took 0.000 secs))
>
>
>
> Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8] 寫道:
>
>
> Looks promising, can you try removing "plugin { last_login_key=.. }" from
> your configuration file completely and see if it works then?
>
> Aki
>
>
> > On 03/03/2021 10:17 Henry wrote:
> >
> >
> > Dear Aki
> >
> >
> > Below for output, it is normal?
> >
> > [root@cnt8-testing dovecot]# doveadm user em...@testing.com
> >
> > doveadm user em...@testing.com
> > field value
> > uid 89
> > gid 89
> > home /home/vpopmail/domains/2/6/x/testing.com/email
> > mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email
> > quota_rule *:bytes=19922944
> > last_login_key last-login/em...@testing.com/testing.com///0
> >
> >
> >
> >
> >
> > Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8]
> > 寫道:
> >
> >
> > Did you try
> >
> > doveadm user account
> >
> > to see that last_login_key appears in output in correct form?
> >
> > Aki
> >
> >
> > On March 2, 2021 2:44:43 PM UTC, Henry wrote:
> > > Dear Aki,
> > >
> > > I try it as your recommend but still no luck, same error
> > >
> > > Error: Failed to expand plugin setting last_login_key =
> > > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
> > >
> > > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error
> > > as below
> > >
> > > Error: last_login_dict: Failed to write value: dict-server returned
> > > failure: sql dict set: Invalid/unmapped key: shared/last-login/
> > >
> > >
Re: last login plugins
but when I remove the last_login_key at plugins, error log as below
Error: last_login_dict: Failed to write value: dict-server returned failure:
sql dict set: Invalid/unmapped key: shared/last-login/em...@testing.com (reply
took 0.006 secs (0.000 in dict wait, 0.002 in other ioloops, 0.001 in locks,
async-id reply 0.000 secs ago, started on dict-server 0.000 secs ago, took
0.000 secs))
Aki Tuomi () 在 2021年3月3日星期三 下午04:23:20 [GMT+8]
寫道:
Looks promising, can you try removing "plugin { last_login_key=.. }" from your
configuration file completely and see if it works then?
Aki
> On 03/03/2021 10:17 Henry wrote:
>
>
> Dear Aki
>
>
> Below for output, it is normal?
>
> [root@cnt8-testing dovecot]# doveadm user em...@testing.com
>
> doveadm user em...@testing.com
> field value
> uid 89
> gid 89
> home /home/vpopmail/domains/2/6/x/testing.com/email
> mail maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/email
> quota_rule *:bytes=19922944
> last_login_key last-login/em...@testing.com/testing.com///0
>
>
>
>
>
> Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8] 寫道:
>
>
> Did you try
>
> doveadm user account
>
> to see that last_login_key appears in output in correct form?
>
> Aki
>
>
> On March 2, 2021 2:44:43 PM UTC, Henry wrote:
> > Dear Aki,
> >
> > I try it as your recommend but still no luck, same error
> >
> > Error: Failed to expand plugin setting last_login_key =
> > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
> >
> > If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error
> > as below
> >
> > Error: last_login_dict: Failed to write value: dict-server returned
> > failure: sql dict set: Invalid/unmapped key: shared/last-login/
> >
> >
Re: last login plugins
Dear Aki
Below for output, it is normal?
[root@cnt8-testing dovecot]# doveadm user em...@testing.com
doveadm user email@testing.comfield valueuid 89gid 89home
/home/vpopmail/domains/2/6/x/testing.com/emailmail
maildir:~/Maildir:INDEX=/home/vpopmail/domains/2/6/x/testing.com/emailquota_rule
*:bytes=19922944last_login_key last-login/em...@testing.com/testing.com///0
Aki Tuomi () 在 2021年3月2日星期二 下午10:47:39 [GMT+8]
寫道:
Did you try
doveadm user account
to see that last_login_key appears in output in correct form?
Aki
On March 2, 2021 2:44:43 PM UTC, Henry wrote:
Dear Aki,
I try it as your recommend but still no luck, same error
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as
below
Error: last_login_dict: Failed to write value: dict-server returned failure:
sql dict set: Invalid/unmapped key: shared/last-login/
There is any error in my configuration? thanks for your help.
## dovecot.confuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
= sql}plugin {
quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is
full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
## dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain)
AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \
userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home
,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits
ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d'
AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1)
OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR
('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND
COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND
(pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1));
user_query = \
SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=',
REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \
'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name
= '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND
('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or
'%a'!='993' or !(pw_gid & 8))
#
Henry () 在 2021年2月28日星期日 下午05:24:45 [GMT+8] 寫道:
Dear Aka
Still no luck, same errorError: Failed to expand plugin setting last_login_key
= 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as
belowError: last_login_dict: Failed to write value: dict-server returned
failure: sql dict set: Invalid/unmapped key: shared/last-login/
#dovecot.confuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
= sql}plugin {
quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is
full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
# dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain)
AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \
userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home
,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits
ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d'
AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1)
OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR
('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND
COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND
(pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1));
user_query = \
SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=',
REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \
'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name
= '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND
('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or
'%a'!='993' or !(pw_gid & 8))
Aki Tuomi () 在 2021年2月28日星期日 下午04:55:04 [GMT+8]
寫道:
You need to put it in the sql query. SELECT ..., 'last-login/%u/%d/%r/%l/%a'
AS last_login_key
Aki
On February 28, 2021 8:12:39 AM UTC, Henry wrot
Re: last login plugins
Dear Aki,
I try it as your recommend but still no luck, same error
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as
below
Error: last_login_dict: Failed to write value: dict-server returned failure:
sql dict set: Invalid/unmapped key: shared/last-login/
There is any error in my configuration? thanks for your help.
## dovecot.confuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
= sql}plugin {
quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is
full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
## dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain)
AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \
userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home
,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits
ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d'
AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1)
OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR
('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND
COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND
(pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1));
user_query = \
SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=',
REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \
'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name
= '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND
('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or
'%a'!='993' or !(pw_gid & 8))
#
Henry () 在 2021年2月28日星期日 下午05:24:45 [GMT+8] 寫道:
Dear Aka
Still no luck, same errorError: Failed to expand plugin setting last_login_key
= 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as
belowError: last_login_dict: Failed to write value: dict-server returned
failure: sql dict set: Invalid/unmapped key: shared/last-login/
#dovecot.confuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
= sql}plugin {
quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is
full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
# dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain)
AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \
userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home
,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits
ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d'
AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1)
OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR
('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND
COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND
(pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1));
user_query = \
SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=',
REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \
'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name
= '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND
('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or
'%a'!='993' or !(pw_gid & 8))
Aki Tuomi () 在 2021年2月28日星期日 下午04:55:04 [GMT+8]
寫道:
You need to put it in the sql query. SELECT ..., 'last-login/%u/%d/%r/%l/%a'
AS last_login_key
Aki
On February 28, 2021 8:12:39 AM UTC, Henry wrote:
> current config as below:
>userdb { driver = prefetch}userdb { args =
>/etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota =
>maildir:User quota
> last_login_dict = proxy::lastlogin
> last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success
>= DUNNO
> quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2
>Mailbox is full"}
>###
>If I changed as below no help,still no pass the Variable to
>last_loginuserdb { driver = prefetch}userdb { args =
>/etc/dovecot/dovecot-sql.conf.ext driver = sql}userdb {
Re: last login plugins
Dear Aka
Still no luck, same errorError: Failed to expand plugin setting last_login_key
= 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I remark #last_login_key = last-login/%u/%d/%r/%l/%a at plugin , error as
belowError: last_login_dict: Failed to write value: dict-server returned
failure: sql dict set: Invalid/unmapped key: shared/last-login/
#dovecot.confuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver
= sql}plugin {
quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is
full"}dict { lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
# dovecot-sql.conf.extpassword_query = SELECT CONCAT(pw_name, '@', pw_domain)
AS user,pw_passwd AS password, concat('*:backend=', pw_shell) as \
userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home
,'last-login/%u/%d/%r/%l/%a' AS last_login_key FROM vpopmail LEFT JOIN limits
ON vpopmail.pw_domain = \limits.domain WHERE pw_name = '%n' AND pw_domain='%d'
AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1)
OR \('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR
('%s' = 'imap' AND ('%r'='127.0.0.1') AND \(pw_gid & 4)<>4 AND
COALESCE(disable_webmail,0)!=1) OR ('%s' = 'imap' AND ('%r'!='127.0.0.1') AND
(pw_gid & 8)<>8 AND COALESCE(disable_imap,0)!=1));
user_query = \
SELECT pw_dir AS home, \ 89 AS uid, \ 89 AS gid, \ CONCAT('*:bytes=',
REPLACE(SUBSTRING_INDEX(pw_shell, 'S', 1), 'NOQUOTA', '0')) AS quota_rule, \
'last-login/%u/%d/%r/%l/%a' AS last_login_key \ FROM vpopmail \ WHERE pw_name
= '%n' AND pw_domain = '%d' \ AND ('%a'!='995' or !(pw_gid & 2)) \ AND
('%r'!='[WEBMAIL-IP]' or !(pw_gid & 4)) \ AND ('%r'='[WEBMAIL-IP]' or
'%a'!='993' or !(pw_gid & 8))
Aki Tuomi () 在 2021年2月28日星期日 下午04:55:04 [GMT+8]
寫道:
You need to put it in the sql query. SELECT ..., 'last-login/%u/%d/%r/%l/%a'
AS last_login_key
Aki
On February 28, 2021 8:12:39 AM UTC, Henry wrote:
> current config as below:
>userdb { driver = prefetch}userdb { args =
>/etc/dovecot/dovecot-sql.conf.ext driver = sql}plugin { quota =
>maildir:User quota
> last_login_dict = proxy::lastlogin
> last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success
>= DUNNO
> quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2
>Mailbox is full"}
>###
>If I changed as below no help,still no pass the Variable to
>last_loginuserdb { driver = prefetch}userdb { args =
>/etc/dovecot/dovecot-sql.conf.ext driver = sql}userdb { driver =
>static args = last_login_key=last-login/%u/%d/%r/%l/%a}
>###If I changed as below will trouble ,cannot restart dovecotuserdb {
>driver = prefetch}userdb { args =
>/etc/dovecot/dovecot-sql.conf.ext last_login_key=last-login/%u/%d/%r/%l/%a
>driver = sql}
>
>
>
>
>
>Aki Tuomi () 在 2021年2月28日星期日 下午03:56:09
>[GMT+8] 寫道:
>
> It goes into the arguments section...
>
>Not having your config, I have to guess, but e.g.
>
>userdb {
> driver = static
> args = last_login_key=last-login/%u/%d/%r/%l/%a
>}
>
>And similarly with other drivers, depending what you use.
>
>Aki
>
>> On 28/02/2021 09:53 Henry wrote:
>>
>>
>>
>> Dear Aka,
>>
>> If in userdb, set
>>
>> last_login_key=last-login/%u/%d/%r/%l/%a
>>
>> then cannot restart dovecot the error below :
>>
>> master: Error: Error reading configuration: Error in configuration
>file /etc/dovecot/dovecot.conf line 45: Unknown setting: userdb {
>last_login_key
>>
>> #
>> If in userdb, set
>> default_fields = last_login_key = last-login/%u/%d/%r/%l/%a
>> Error:
>> auth: Fatal: Invalid userdb template last_login_key =
>last-login/%u/%d/%r/%l/%a - key must not be empty
>>
>>
>> what is my wrongs about? thanks
>>
>>
>> Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51
>[GMT+8] 寫道:
>>
>>
>> In your userdb, set
>>
>> last_login_key=last-login/%u/%d/%r/%l/%a
>>
>> Then it will expand into what you want, and will be imported into
>user's environment.
>>
>> Aki
>>
>>
>> > On 28/02/2021 05:57 Henry wrote:
>> >
>> >
>> > like capture local_port, I using %a will got below error
>> >
>> > Error: Failed to expand plugin setting last_login_key =
>'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
>> >
>> >
>> > If I using any of $local_port ,'$local_port', "$local_port",
>`$local_port`
Re: last login plugins
current config as below:
userdb { driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql}plugin { quota = maildir:User quota
last_login_dict = proxy::lastlogin
last_login_key = last-login/%u/%d/%r/%l/%a quota_status_success = DUNNO
quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox
is full"}
###
If I changed as below no help,still no pass the Variable to last_loginuserdb {
driver = prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver =
sql}userdb { driver = static args = last_login_key=last-login/%u/%d/%r/%l/%a}
###If I changed as below will trouble ,cannot restart dovecotuserdb { driver =
prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf.ext
last_login_key=last-login/%u/%d/%r/%l/%a driver = sql}
Aki Tuomi () 在 2021年2月28日星期日 下午03:56:09 [GMT+8]
寫道:
It goes into the arguments section...
Not having your config, I have to guess, but e.g.
userdb {
driver = static
args = last_login_key=last-login/%u/%d/%r/%l/%a
}
And similarly with other drivers, depending what you use.
Aki
> On 28/02/2021 09:53 Henry wrote:
>
>
>
> Dear Aka,
>
> If in userdb, set
>
> last_login_key=last-login/%u/%d/%r/%l/%a
>
> then cannot restart dovecot the error below :
>
> master: Error: Error reading configuration: Error in configuration file
> /etc/dovecot/dovecot.conf line 45: Unknown setting: userdb { last_login_key
>
> #
> If in userdb, set
> default_fields = last_login_key = last-login/%u/%d/%r/%l/%a
> Error:
> auth: Fatal: Invalid userdb template last_login_key =
> last-login/%u/%d/%r/%l/%a - key must not be empty
>
>
> what is my wrongs about? thanks
>
>
> Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51 [GMT+8]
> 寫道:
>
>
> In your userdb, set
>
> last_login_key=last-login/%u/%d/%r/%l/%a
>
> Then it will expand into what you want, and will be imported into user's
> environment.
>
> Aki
>
>
> > On 28/02/2021 05:57 Henry wrote:
> >
> >
> > like capture local_port, I using %a will got below error
> >
> > Error: Failed to expand plugin setting last_login_key =
> > 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
> >
> >
> > If I using any of $local_port ,'$local_port', "$local_port", `$local_port`
> >
> > I got the database update as $local_port ,'$local_port', "$local_port",
> > `$local_port` at the field column record.
> >
> >
> >
> > Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道:
> >
> >
> > I already try using other variables , I found it only support "Mail service
> > user variables", no support "Login variables" and "Authentication variables"
> >
> > below the error when I try to using "Login variables" and "Authentication
> > variables"
> >
> > Error: Failed to expand plugin setting last_login_key =
> > 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k'
> > Error: Failed to expand plugin setting last_login_key =
> > 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'
> > Error: Failed to expand plugin setting last_login_key =
> > 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m'
> >
> > I using centos 8 and dovecot-2.3.13-2.x86_64,
> >
> >
> > thanks
> >
> > Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8]
> > 寫道:
> >
> >
> > last_login supports some of the variables.
> >
> >
> > Mail service and mail user variables are supported.
> >
> > You can try export the auth variables as userdb variables and use
> > $variablename.
> >
> > Aki
> >
> >
> > On 27 February 2021 7.29.10 EET, Henry wrote:
> > >
> > >Anyone know then last_login plugins do support standard auth variables
> > >in var-expand?like %k %a variables.
> > >I need logging other fields such as port 143 or 993, and tls 1.1 or tls
> > >1.3, client hostname,
> > >any patch for this? thanks
> > >
> > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> > > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道:
> > >
> > >but I need logging other fields such as port 143 or 993, and tls 1.1 or
> > >tls 1.3, client hostname, what should I do it ?
> > >https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> > >
> > >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10
> > >[GMT+8] 寫道:
> > >
> > >
> > >> On 18/02/2021 08:57 Henry wrote:
> > >>
> > >>
> > >>
> > >>
> > >> Anyone kwon the last-login plugins can using Authentication variables
> > >such as %m mechanism, %a local_port .
> > >> we want to record this in DB, thanks
> > >
> > >You can use this syntax to add further fields for last_login plugin.
> > >
> > > map {
> > > pattern = shared/last-login/$user/$domain
> > > table = last_login
> > > value_field = last_login
> > > value_type = uint
> > >
> > > fields {
> > > username = $user
> > > domain = $domain
> > > rip = $rip
> > > }
> > >}
> > >
> > >Aki
> >
> > >
> >
> > --
> > Sent from my Android device with K-9 Mail. Please excuse my brevity.
> >
Re: last login plugins
Dear Aka,
If in userdb, set
last_login_key=last-login/%u/%d/%r/%l/%a
then cannot restart dovecot the error below :
master: Error: Error reading configuration: Error in configuration file
/etc/dovecot/dovecot.conf line 45: Unknown setting: userdb { last_login_key
#
If in userdb, set
default_fields = last_login_key = last-login/%u/%d/%r/%l/%aError:auth:
Fatal: Invalid userdb template last_login_key = last-login/%u/%d/%r/%l/%a - key
must not be empty
what is my wrongs about? thanks
Aki Tuomi () 在 2021年2月28日星期日 下午02:56:51 [GMT+8]
寫道:
In your userdb, set
last_login_key=last-login/%u/%d/%r/%l/%a
Then it will expand into what you want, and will be imported into user's
environment.
Aki
> On 28/02/2021 05:57 Henry wrote:
>
>
> like capture local_port, I using %a will got below error
>
> Error: Failed to expand plugin setting last_login_key =
> 'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
>
>
> If I using any of $local_port ,'$local_port', "$local_port", `$local_port`
>
> I got the database update as $local_port ,'$local_port', "$local_port",
> `$local_port` at the field column record.
>
>
>
> Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道:
>
>
> I already try using other variables , I found it only support "Mail service
> user variables", no support "Login variables" and "Authentication variables"
>
> below the error when I try to using "Login variables" and "Authentication
> variables"
>
> Error: Failed to expand plugin setting last_login_key =
> 'last-login/%u/%d/%r/%l/%k': Unknown variable '%k'
> Error: Failed to expand plugin setting last_login_key =
> 'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'
> Error: Failed to expand plugin setting last_login_key =
> 'last-login/%u/%d/%r/%l/%m': Unknown variable '%m'
>
> I using centos 8 and dovecot-2.3.13-2.x86_64,
>
>
> thanks
>
> Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8]
> 寫道:
>
>
> last_login supports some of the variables.
>
>
> Mail service and mail user variables are supported.
>
> You can try export the auth variables as userdb variables and use
> $variablename.
>
> Aki
>
>
> On 27 February 2021 7.29.10 EET, Henry wrote:
> >
> >Anyone know then last_login plugins do support standard auth variables
> >in var-expand?like %k %a variables.
> >I need logging other fields such as port 143 or 993, and tls 1.1 or tls
> >1.3, client hostname,
> >any patch for this? thanks
> >
> >https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> > Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道:
> >
> >but I need logging other fields such as port 143 or 993, and tls 1.1 or
> >tls 1.3, client hostname, what should I do it ?
> >https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> >
> >Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10
> >[GMT+8] 寫道:
> >
> >
> >> On 18/02/2021 08:57 Henry wrote:
> >>
> >>
> >>
> >>
> >> Anyone kwon the last-login plugins can using Authentication variables
> >such as %m mechanism, %a local_port .
> >> we want to record this in DB, thanks
> >
> >You can use this syntax to add further fields for last_login plugin.
> >
> > map {
> > pattern = shared/last-login/$user/$domain
> > table = last_login
> > value_field = last_login
> > value_type = uint
> >
> > fields {
> > username = $user
> > domain = $domain
> > rip = $rip
> > }
> >}
> >
> >Aki
>
> >
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
Re: last login plugins
like capture local_port, I using %a will got below error
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%a': Unknown variable '%a'
If I using any of $local_port ,'$local_port', "$local_port", `$local_port`
I got the database update as $local_port ,'$local_port', "$local_port",
`$local_port` at the field column record.
Henry () 在 2021年2月27日星期六 下午10:57:27 [GMT+8] 寫道:
I already try using other variables , I found it only support "Mail service
user variables", no support "Login variables" and "Authentication variables"
below the error when I try to using "Login variables" and "Authentication
variables"
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%k': Unknown variable '%k'
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'Error: Failed to expand
plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%m': Unknown variable
'%m'
I using centos 8 and dovecot-2.3.13-2.x86_64,
thanks
Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8]
寫道:
last_login supports some of the variables.
Mail service and mail user variables are supported.
You can try export the auth variables as userdb variables and use
$variablename.
Aki
On 27 February 2021 7.29.10 EET, Henry wrote:
>
>Anyone know then last_login plugins do support standard auth variables
>in var-expand?like %k %a variables.
>I need logging other fields such as port 143 or 993, and tls 1.1 or tls
>1.3, client hostname,
>any patch for this? thanks
>
>https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道:
>
>but I need logging other fields such as port 143 or 993, and tls 1.1 or
>tls 1.3, client hostname, what should I do it ?
>https://doc.dovecot.org/configuration_manual/config_file/config_variables/
>
>Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10
>[GMT+8] 寫道:
>
>
>> On 18/02/2021 08:57 Henry wrote:
>>
>>
>>
>>
>> Anyone kwon the last-login plugins can using Authentication variables
>such as %m mechanism, %a local_port .
>> we want to record this in DB, thanks
>
>You can use this syntax to add further fields for last_login plugin.
>
> map {
> pattern = shared/last-login/$user/$domain
> table = last_login
> value_field = last_login
> value_type = uint
>
> fields {
> username = $user
> domain = $domain
> rip = $rip
> }
>}
>
>Aki
>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: last login plugins
I already try using other variables , I found it only support "Mail service
user variables", no support "Login variables" and "Authentication variables"
below the error when I try to using "Login variables" and "Authentication
variables"
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%k': Unknown variable '%k'
Error: Failed to expand plugin setting last_login_key =
'last-login/%u/%d/%r/%l/%b': Unknown variable '%b'Error: Failed to expand
plugin setting last_login_key = 'last-login/%u/%d/%r/%l/%m': Unknown variable
'%m'
I using centos 8 and dovecot-2.3.13-2.x86_64,
thanks
Aki Tuomi () 在 2021年2月27日星期六 下午07:32:38 [GMT+8]
寫道:
last_login supports some of the variables.
Mail service and mail user variables are supported.
You can try export the auth variables as userdb variables and use
$variablename.
Aki
On 27 February 2021 7.29.10 EET, Henry wrote:
>
>Anyone know then last_login plugins do support standard auth variables
>in var-expand?like %k %a variables.
>I need logging other fields such as port 143 or 993, and tls 1.1 or tls
>1.3, client hostname,
>any patch for this? thanks
>
>https://doc.dovecot.org/configuration_manual/config_file/config_variables/
> Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道:
>
>but I need logging other fields such as port 143 or 993, and tls 1.1 or
>tls 1.3, client hostname, what should I do it ?
>https://doc.dovecot.org/configuration_manual/config_file/config_variables/
>
>Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10
>[GMT+8] 寫道:
>
>
>> On 18/02/2021 08:57 Henry wrote:
>>
>>
>>
>>
>> Anyone kwon the last-login plugins can using Authentication variables
>such as %m mechanism, %a local_port .
>> we want to record this in DB, thanks
>
>You can use this syntax to add further fields for last_login plugin.
>
> map {
> pattern = shared/last-login/$user/$domain
> table = last_login
> value_field = last_login
> value_type = uint
>
> fields {
> username = $user
> domain = $domain
> rip = $rip
> }
>}
>
>Aki
>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: last login plugins
Anyone know then last_login plugins do support standard auth variables in
var-expand?like %k %a variables.
I need logging other fields such as port 143 or 993, and tls 1.1 or tls 1.3,
client hostname,
any patch for this? thanks
https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Henry () 在 2021年2月19日星期五 下午12:15:10 [GMT+8] 寫道:
but I need logging other fields such as port 143 or 993, and tls 1.1 or tls
1.3, client hostname, what should I do it ?
https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 [GMT+8]
寫道:
> On 18/02/2021 08:57 Henry wrote:
>
>
>
>
> Anyone kwon the last-login plugins can using Authentication variables such as
> %m mechanism, %a local_port .
> we want to record this in DB, thanks
You can use this syntax to add further fields for last_login plugin.
map {
pattern = shared/last-login/$user/$domain
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
}
}
Aki
Re: last login plugins
but I need logging other fields such as port 143 or 993, and tls 1.1 or tls
1.3, client hostname, what should I do it ?
https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Aki Tuomi () 在 2021年2月18日星期四 下午03:04:10 [GMT+8]
寫道:
> On 18/02/2021 08:57 Henry wrote:
>
>
>
>
> Anyone kwon the last-login plugins can using Authentication variables such as
> %m mechanism, %a local_port .
> we want to record this in DB, thanks
You can use this syntax to add further fields for last_login plugin.
map {
pattern = shared/last-login/$user/$domain
table = last_login
value_field = last_login
value_type = uint
fields {
username = $user
domain = $domain
rip = $rip
}
}
Aki
last login plugins
Anyone kwon the last-login plugins can using Authentication variables such as %m mechanism, %a local_port . we want to record this in DB, thanks
unsubscibe
unsubscribe smime.p7s Description: S/MIME cryptographic signature
unsubcribe
smime.p7s Description: S/MIME cryptographic signature
Re: sieve redirect to foreign email gets “Relay access denied”
On 22-09-2014 23:50, Reindl Harald wrote:
[...] you need to provide more informations about your setup and if
possible avoid mask IP addresses - where does the smtpd live, where
is dovecot and how did you configure the relay at all what postfix
version? in case of a recent version - smtpd_relay_restrictions is
configured?
ok here comes the data
the sieve rule is simple
if header :contains [subject] [redirect] {redirect
he...@gmail.com; stop;}
first of all the main issue is the sieve redirect to a email address
on a foreign server. In our case gmail.
(sieve is a part of dovecot, and I found no possibility to make sieve
more verbose.)
I can make postfix verbose but it just say that relay is not permitted.
to test sieve and the rule I send a email from he...@live.de (Hotmail)
to my account on the server. he...@example.net and expect it to be
redirected to he...@gmail.com
The only interesting line in the log-file is still
NOQUEUE: reject: RCPT from mail.example.net[62.78.xxx.xxx]: 554 5.7.1
he...@gmail.com: Relay access denied; from=he...@live.de
to=he...@gmail.com proto=ESMTP helo=mail.example.net
it say that sieve is trying to make a email FROM he...@live.de TO
he...@gmail.com and send it via mail.example.net.
*this is crazzy.*
I think that this is the reason why I get the relay not permitted.
afaik it should envelope the email using he...@example.net
Even I transform my own server in a open relay and send the email like
sieve want it to be redirected it will be rejected by the destination
server because my server is no authority for gmail.
Does somebody know how I can teach sieve to send as envelope ?
Re: sieve redirect to foreign email gets “Relay access denied”
On 23-09-2014 12:31, Reindl Harald wrote: [...] no reason for that: smtpd_data_restrictions = reject_unauth_pipelining its goood, the reason is to block clients who speak to early like spammers for example. http://www.postfix.org/postconf.5.html#reject_unauth_pipelining This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries.
sieve redirect to foreign email gets “Relay access denied”
I have a postfix mail server with sql authentication and I want to
implement sieve on it.
Sieve is working relative good, rules who contain 'fileinto' are
executed perfectly.
The problem is the redirect to other servers.
I configured a rule in Sieve to redirect any email containing redirect
in subject to a specified foreign destination. #
So practically a email coming from sen...@live.de for the local user
testu...@server.net should be redirected to destinat...@gmail.com when
the subject contains redirect
if header :contains [subject] [redirect] {redirect
destinat...@gmail.com; stop;}
when I test it I get the following log entry
/postfix/smtpd[32114]: NOQUEUE: reject: RCPT from
mail.server.net[xx.xx.xx.xx]: 554 5.7.1 destinat...@gmail.com:
Relay access denied; from=sen...@live.de
to=destinat...@gmail.com proto=ESMTP helo=mail.server.net/
How can I tell postfix to let dovecot/sieve relay the email?
can somebody give a hint?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 15
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = mail/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.server.net, localhost
myhostname = mail.server.net
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_recipient_domain, reject_unverified_recipient,
reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_domains =
mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot/dovecot.debug.log
disable_plaintext_auth = no
first_valid_gid = 99
first_valid_uid = 99
hostname = maxi.zp1.net
info_log_path = /var/log/mail.info
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = xxx.xxx.xxx.xxx
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready, Sir.
mail_debug = yes
mail_gid = 99
mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/
mail_plugins = acl
mail_uid = 99
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
location = maildir:/var/mail/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
type = private
}
passdb {
sieve redirect to foreign email gets “Relay access denied”
I have a postfix mail server with sql authentication and I want to
implement sieve on it.
Sieve is working relative good, rules who contain 'fileinto' are
executed perfectly.
The problem is the redirect to other servers.
I configured a rule in Sieve to redirect any email containing redirect
in subject to a specified foreign destination. #
So practically a email coming from sen...@live.de for the local user
testu...@server.net should be redirected to destinat...@gmail.com when
the subject contains redirect
if header :contains [subject] [redirect] {redirect
destinat...@gmail.com; stop;}
when I test it I get the following log entry
/postfix/smtpd[32114]: NOQUEUE: reject: RCPT from
mail.server.net[xx.xx.xx.xx]: 554 5.7.1 destinat...@gmail.com:
Relay access denied; from=sen...@live.de
to=destinat...@gmail.com proto=ESMTP helo=mail.server.net/
How can I tell postfix to let dovecot/sieve relay the email?
can somebody give a hint?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 15
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = mail/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.server.net, localhost
myhostname = mail.server.net
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_recipient_domain, reject_unverified_recipient,
reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_domains =
mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot/dovecot.debug.log
disable_plaintext_auth = no
first_valid_gid = 99
first_valid_uid = 99
hostname = maxi.zp1.net
info_log_path = /var/log/mail.info
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = xxx.xxx.xxx.xxx
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready, Sir.
mail_debug = yes
mail_gid = 99
mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/
mail_plugins = acl
mail_uid = 99
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
location = maildir:/var/mail/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
type = private
}
passdb {
Re: sieve redirect to foreign email gets “Relay access denied”
Am 22.09.2014 um 22:19 schrieb Henry Stack:
/ I have a postfix mail server with sql authentication and I want to implement
sieve on it.
//
// Sieve is working relative good, rules who contain 'fileinto' are executed perfectly.
// The problem is the redirect to other servers.
// I configured a rule in Sieve to redirect any email containing redirect
in subject to a specified foreign
// destination. #
// So practically a email coming fromsender at live.de
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot for the local usertestuser at
server.net http://dovecot.org/cgi-bin/mailman/listinfo/dovecot should be redirected
to
// destination at gmail.com http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
when the subject contains redirect
//
// if header :contains [subject] [redirect] {redirect
// destination at gmail.com
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot; stop;}
//
// when I test it I get the following log entry
//
// /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from
// mail.server.net[xx.xx.xx.xx]: 554 5.7.1 destination at gmail.com
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot:
// Relay access denied; from=sender at live.de
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
// to=destination at gmail.com
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot proto=ESMTP
helo=mail.server.net
/
* you have mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
* you masked the IP so likely it's not 127.0.0.1
* just use your local MTA or add the machine to mynetworks
Thanks for the hint.
I tried it, I added the IP to mynetworks and it is still not working,
still*Relay access denied;*
Henry
Re: [Dovecot] Problem Authenticating with Master User
Timo,
That worked. I appreciate it.
Original Message
Subject: Re: [Dovecot] Problem Authenticating with Master User
From: Timo Sirainen t...@iki.fi
To: Dovecot Mailing List dovecot@dovecot.org
Date: 04/29/2011 03:34 AM
On 29.4.2011, at 6.19, Henry Franco wrote:
So I removed the passdb's and the pass=yes since it doesn't work with PAM but
I'm still not having any luck. Any suggestions? I'm open.
Oh, I didn't notice earlier:
auth default_with_listener:
..
auth default:
Don't use two auth {} blocks. That's the one causing this.
[Dovecot] Problem Authenticating with Master User
Dovecot provides a master login (a master user name and password that can log into all user accounts). I've setup Dovecot as per: http://wiki1.dovecot.org/Authentication/MasterUsers Here's my problem. The only way I can authenticate successfully is if I try to authenticate through telnet twice. Also, imapsync (the tool I need to use to migrate over emails from Dovecot to other mail server) won't work because of this. $ telnet mail01.server.com 143 Trying 10.10.10.12... Connected to mail01.server.com. Escape character is '^]'. * OK Dovecot ready. 1 login u...@server.com*master my_password 1 NO Authentication failed. 1 login u...@server.com*master my_password 1 OK Logged in.
Re: [Dovecot] Problem Authenticating with Master User
# dovecot -n # 1.1.20: /etc/dovecot.conf # OS: Linux 2.6.18-8.el5xen x86_64 CentOS release 5.2 (Final) ext3 protocols: imaps imap listen: * ssl_ca_file: /etc/ssl/ca/ca-bundle.crt ssl_cert_file: /etc/ssl/crt/server.crt ssl_key_file: /etc/ssl/key/server.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_processes_count: 64 login_max_processes_count: 2048 valid_chroot_dirs: /home/vmail/domains max_mail_processes: 4096 first_valid_uid: 102 last_valid_uid: 102 first_valid_gid: 102 last_valid_gid: 102 mail_uid: vmail mail_gid: vmail mail_location: maildir:/home/vmail/domains/%d/%n lda: postmaster_address: postmas...@server.com auth_socket_path: /var/run/dovecot-auth-master global_script_path: /home/vmail/domains/server.com/sieve mail_plugins: cmusieve auth default_with_listener: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot-auth-master mode: 384 user: vmail group: vmail auth default: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/dovecot.master pass: yes master: yes passdb: driver: shadow passdb: driver: pam passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf-- On Apr 28, 2011, at 5:27 PM, Timo Sirainen wrote: On 29.4.2011, at 0.25, Henry Franco wrote: The only way I can authenticate successfully is if I try to authenticate through telnet twice. Also, imapsync (the tool I need to use to migrate over emails from Dovecot to other mail server) won't work because of this. dovecot -n output?
Re: [Dovecot] Problem Authenticating with Master User
So I removed the passdb's and the pass=yes since it doesn't work with PAM but I'm still not having any luck. Any suggestions? I'm open. $ telnet mail01.server.com 143 Trying 10.10.10.12... Connected to mail01.server.com. Escape character is '^]'. * OK Dovecot ready. 1 login u...@server.com*master my_password 1 NO Authentication failed. 1 login u...@server.com*master my_password 1 OK Logged in. # dovecot -n # 1.1.20: /etc/dovecot.conf # OS: Linux 2.6.18-8.el5xen x86_64 CentOS release 5.2 (Final) ext3 protocols: imaps imap listen: * ssl_ca_file: /etc/ssl/ca/ca-bundle.crt ssl_cert_file: /etc/ssl/crt/server.crt ssl_key_file: /etc/ssl/key/server.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_processes_count: 64 login_max_processes_count: 2048 valid_chroot_dirs: /home/vmail/domains max_mail_processes: 4096 first_valid_uid: 102 last_valid_uid: 102 first_valid_gid: 102 last_valid_gid: 102 mail_uid: vmail mail_gid: vmail mail_location: maildir:/home/vmail/domains/%d/%n lda: postmaster_address: postmas...@server.com auth_socket_path: /var/run/dovecot-auth-master global_script_path: /home/vmail/domains/server.com/sieve mail_plugins: cmusieve auth default_with_listener: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 master: path: /var/run/dovecot-auth-master mode: 384 user: vmail group: vmail auth default: master_user_separator: * verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /etc/dovecot.master master: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: passwd userdb: driver: ldap args: /etc/dovecot-ldap.conf On Apr 28, 2011, at 5:36 PM, Timo Sirainen wrote: On 29.4.2011, at 0.31, Henry Franco wrote: passdb: driver: passwd-file args: /etc/dovecot.master pass: yes master: yes pass=yes doesn't work properly with PAM. passdb: driver: shadow passdb: driver: pam passdb: driver: ldap args: /etc/dovecot-ldap.conf You also seem to have too many passdbs. You should probably remove either shadow or pam.
[Dovecot] Particular user post-login hang
/home/mailusers/username/.imap/INBOX/dovecot.index.log
imap6574 username memREG9,0 1980063 35835914
/home2/local/lib/dovecot/libdovecot.so.0.0.0
imap6574 username memREG9,0 4911010 35835915
/home2/local/lib/dovecot/libdovecot-storage.so.0.0.0
imap6574 username memREG3,127274 654816
/lib/libsafe.so.2.0.16
imap6574 username memREG3,199790 654754
/lib/ld-2.3.5.so
imap6574 username0w CHR1,3 327760 /dev/null
imap6574 username1w CHR1,3 327760 /dev/null
imap6574 username2w FIFO0,5 1548069248 pipe
imap6574 username3w FIFO0,5 1548064788 pipe
imap6574 username4r FIFO0,5 1548414049 pipe
imap6574 username5w FIFO0,5 1548069260 pipe
imap6574 username6u unix 0xe481b180 1548069218
/usr/local/var/run/dovecot/login/imap
imap6574 username7w FIFO0,5 1548414049 pipe
imap6574 username8u 0,60 9 unknown inode
type
imap6574 username9u REG9,0173806897709
/home2/home/mailusers/username/.imap/INBOX/dovecot.index.log
imap6574 username 10u IPv4 1548412828 TCP
localhost:144-localhost:38067 (ESTABLISHED)
imap6574 username 11u REG9,0 2632 30130623
/home2/home/mailusers/username/.imap/INBOX/dovecot.index
imap6574 username 12u REG9,0 109568 30130578
/home2/home/mailusers/username/.imap/INBOX/dovecot.index.cache
imap6574 username 13u REG9,0 104724989257043
/home2/var/spool/mail/username
Any pointers?
Thanks
Henry
--
CONFIG:
---
auth_debug = yes
auth_mechanisms = plain login
default_login_user = nobody
first_valid_uid = 200
listen = *
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = mbox:~/.:INBOX=/var/mail/%u
passdb {
driver = shadow
}
protocols = imap
service imap-login {
inet_listener imap {
port = 144 # 143 is for imap proxy
}
}
ssl = no
userdb {
driver = passwd
}
Re: [Dovecot] Particular user post-login hang
On 31.1.2011, at 13.15, Henry C. wrote: In a nutshell: User authenticates OK, then the imap process hangs. imap process, or the client?.. Thanks for the quick feedback. The imap process is waiting on the event poll, so I suppose it's not really hung. Who/what process is talking on the other end? I can then do some more scratching around... Rawlog looks good ... epoll_wait(0x8, 0x806c4f8, 0x6, 0x1b708d Dovecot is just waiting for more commands here. To me everything here points to a client problem. By client, I presume you're referring to the process which is talking to imap (or some other process/intermediary)? That'll be the imap-proxy. Only problem is everything works flawlessly if I login with a different user, using the same software/etc. Thanks
Re: [Dovecot] Particular user post-login hang
On Mon, January 31, 2011 16:06, Timo Sirainen wrote: On 31.1.2011, at 13.50, Henry C. wrote: Rawlog looks good ... epoll_wait(0x8, 0x806c4f8, 0x6, 0x1b708d Dovecot is just waiting for more commands here. To me everything here points to a client problem. By client, I presume you're referring to the process which is talking to imap (or some other process/intermediary)? From imap process's point of view that would be the IMAP client. Or if it's SSL connection then it's imap-login process that's proxying the SSL traffic. That'll be the imap-proxy. Which proxy? Dovecot or something else? up-imapproxy (http://squirrelmail.org/download.php#imap_proxy). However, I tried bypassing the proxy completely and connected directly. It does the same thing. Only problem is everything works flawlessly if I login with a different user, using the same software/etc. Which client? Squirrelmail - sorry should have mentioned that from the start. What's odd is that this only seems to occur with this one particular login. Everything else I've tested with works fine.
Re: [Dovecot] Alternate mail_location prefix for homedir
So I guess by ~/. you mean same as ~/ which is also the same as ~. The problem with that is, as always, that users can store mails everywhere in the home directory and there may be other non-mail files in there messing things up. I understand and agree with your second sentence. The issue though is that if I use '~' or '~/' without the '.' suffix I get the following error: Error: user henry: Initialization failed: Initializing mail storage from mail_location setting failed: No home directory for system user. Can't expand ~ for mail root dir in: ~:INBOX=/var/mail/henry It seems to have a problem expanding '~' or '~/', but not '~/.' Regards Henry
[Dovecot] Alternate mail_location prefix for homedir
Hi, I'm switching from UW-imap to dovecot 2.0.1 and was wondering about the mail_location config: mail_location = mbox:~/.:INBOX=/var/mail/%u Notice '.' in '~/.' above. This seems to resolve the ~/mail problem when switching from UW-imap (ie, no 'mail' prefix). doc/wiki/Migration.UW.txt doesn't mention using '~/.', so I was wondering whether there are any gotchas anyone can think of. Thanks Henry
Re: [Dovecot] SELinux
Am Montag, den 08.06.2009, 12:58 -0700 schrieb Kenneth Porter: I've temporarily got SELinux set to permissive mode on a fresh install on CentOS 5. It was blocking Dovecot's access to ~/mail because the files were labeled file_t. What's the correct way to label these? restorecon path Henry
Re: [Dovecot] Under POP attack - now to prevent?
Am Freitag, den 05.06.2009, 12:04 +1000 schrieb James Brown: Looks like we are under a dictionary login attack on our POP server: Jun 5 11:48:20 mail dovecot[2620]: pop3-login: Aborted login (auth failed, 1 attempts): user=audrey, method=PLAIN, rip=85.189.169.94, lip=192.168.1.9 Since the attacker is playing nice you could also limit the maximum connection attempts to the pop3 port in a given timeframe. And if that limit is reached block the ip for a certain amount of time. If you firewall with netfilter, hashlimit is your friend. Interesting for me is that you are on v1.2RC4. Timo wrote yersterday that with v1.2+ after every login failure the delay for the next attempt should grow. When I take a look at your timestamps this is obviously not working on your system. Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Freitag, den 05.06.2009, 09:24 +0200 schrieb Lenthir: Timo Sirainen pisze: On Jun 4, 2009, at 10:01 AM, Lenthir wrote: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 [127.0.0.1] server ready user krzys +OK User name accepted, password please pass wew -ERR Bad login / Bledne haslo lub login. Connection closed by foreign host. That's not Dovecot. I'm sorry to said that, but this is Dovecot... Maybe with little modifications, but this is Dovecot :) Could you elaborate what kind of modifications you made? Especially the connection closing is of real interest for me. thanks Henry
[Dovecot] Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted login: user=test,.. The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT -Only the last try gets logged. If I enable auth_verbose every attempt gets logged, but if I read the docs correctly this option should only be used for figuring out why authentication isn't working. Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it? This would be perfect since an easy iptables/hashlimit would avoid such a brute force attack. Any other Ideas? Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 14:53 +0200 schrieb Cédric Laruelle: Reproduced on 1.1.14 too and really problematic for me Curious question: Why is it so problematic for you? As stated in my original post you only have to set auth_verbose to yes to get it logged. With that you can always block the attacker with a little script (fail2ban,..). Henry -Message d'origine- De : dovecot-bounces+laruellec=aiderdonner@dovecot.org [mailto:dovecot-bounces+laruellec=aiderdonner@dovecot.org] De la part de Noel Butler Envoyé : jeudi 4 juin 2009 12:48 À : henry ritzlmayr Cc : dovecot@dovecot.org Objet : Re: [Dovecot] Dovecot under brute force attack - nice attacker On Thu, 2009-06-04 at 12:16 +0200, henry ritzlmayr wrote: Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted login: user=test,.. The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT -Only the last try gets logged. Verified with 1.1.6 as well, nice catch Henry.
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it? I think the growing delay is a better idea. The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? This would be much easier to detect/monitor on an upfront firewall/IDS. I agree that each service should care about its own security but some of us have certain sw/hw in front which also should be able to detect such an attempt. By just delaying the next try I guess it will be tough to detect this upfront. Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 18:27 +0200 schrieb Steve: The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? Is that not the wrong approach? I mean: all you wanted is to have a log entry showing when there was a username/password mismatch when logging in. And you found out that with normal logging options that log entry only shows up if the connection get's disconnected. Right? So would it not be better to have an option to log ANY username/password login mismatch even if the user/attacker does not disconnect? Right, logging a wrong username/password should always be done. That's one reason why I favor a disconnect. Almost any service logs a disconnect - so does dovecot. This would be much easier to detect/monitor on an upfront firewall/IDS. A disconnect on TCP/IP level is easier to detect/monitor? How? Without logging or without inspecting the communication channel you are pretty much lost. Correct me if I am wrong. Any serious firewall those days has the capability to track the amount of connection attempts on any port without knowing whats in the packet. By just delaying the next try within the service the firewall would have to inspect the packets to know whats going on. So by disconnecting an intruder (and forcing him to reconnect) its easy to detect such an attack on the firewall/IDS by just counting the amount of connects in a given timeframe. Within iptables for example this can accomplished with --hashlimit 5/Minute. Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 09:51 -0700 schrieb Mark Sapiro: On Thu, Jun 04, 2009 at 12:16:00PM +0200, henry ritzlmayr wrote: The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT -Only the last try gets logged. I see the same thing with Dovecot 1.2.rc4 on CentOS 5, but pam logs every failed attempt: Jun 4 09:37:40 sbh16 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Jun 4 09:37:40 sbh16 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=zzz rhost=127.0.0.1 Jun 4 09:38:05 sbh16 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Jun 4 09:38:05 sbh16 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=mmm rhost=127.0.0.1 So, fail2ban will block based on the pam log. Good to know. We have ldap here, but it certainly would be possible to do the authentication through pam-ldap. thanks Henry
Re: [Dovecot] Dovecot under brute force attack - nice attacker
Am Donnerstag, den 04.06.2009, 12:23 -0400 schrieb Timo Sirainen: On Thu, 2009-06-04 at 18:13 +0200, henry ritzlmayr wrote: Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it? I think the growing delay is a better idea. The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? Yes, more settings in config file does hurt. There are way too many of them already. But passdb could perhaps return disconnect field if authentication failed.. I am not that familiar with returning extra fields using passdb, but wouldn't this be even more complicated. Since pam for example doesn't even support this and it also depends on the password database ( as read on http://wiki.dovecot.org/PasswordDatabase/ExtraFields )? Henry
[Dovecot] Mapping usernames
Greets,
We're using Dovecot 1.0.7 (which comes with CentOS 5.x).
I have successfully configured dovecot to change a username from a...@123.com
to realname1_abc for a machine which only has a single domain (using
auth_username_format=realname1_%Ln).
However, I'm pulling my hair out trying to get dovecot to handle multiple
domains (the machine has existing /etc/passwd /etc/shadow and
/etc/mail/virtusertable users). On an older machine, I simply hacked the
source code to perform a berkeley DB lookup in /etc/mail/virtusertable.db for
the realname[a-z0-9]_xx. This time round, though, I'm trying to do this
cleanly.
I've been reading the docs/wiki/etc but I now can't see the forest for the
trees. This is what I've got so far:
In /etc/dovecot.conf:
...
auth default {
userdb passwd-file {
args = /etc/dovecot.passwd
}
passdb passwd-file {
args = /etc/shadow
#args = /etc/dovecot.passwd
}
}
/etc/dovecot.passwd contains:
realnamea_abc:{PLAIN-MD5}$1$Vjkfhaa::userdb_user=...@123.com
I've been fiddling around blindly with all kinds of settings in userdb {}
above, but I always get the error:
passwd-file(a...@123.com,:::127.0.0.1): unknown user, amongst others.
In a nutshell, I want to allow a user to login with a...@123.com, this name
must be mapped to a real system user (eg, using /etc/dovecot.passwd), then
authenticated against /etc/shadow or the MD5 password in /etc/dovecot.passwd
I would appreciate any kind of pointers or advise here. It would have been
nice if vpopmail allowed me to call an external perl script where I could
perform the username mapping, but alas, this is not possible.
Thanks
Henry
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.4.5 (GNU/Linux)
mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU
dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7
Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs
V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz
n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu
LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n
sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F
ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y
PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py
aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI
eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM
w49UeHQ=
=qgmL
-END PGP PUBLIC KEY BLOCK-
Re: [Dovecot] Mapping usernames
On Thu 12/02/09 18:36 , Timo Sirainen t...@iki.fi sent:
a...@123.com:.
...:user=realnamea_abc
Thanks Timo,
Unfortunately this is still not working. Any further comments would be
appreciated.
I've tried it two ways:-
ATTEMPT 1
/etc/dovecot.conf:
auth default {
userdb passwd-file {
args = /etc/dovecot.passwd
}
passdb passwd-file {
args = scheme=plain-md5 username_format=%u /etc/dovecot.passwd
}
}
/etc/dovecot.passwd:
b...@vh1.com:$1$Vh6a...::userdb_user=vh1_bob
Error:
auth(default): passwd-file(b...@vh1.com,:::127.0.0.1): no passwd file:
scheme=plain-md5 username_format=...@vh1.com /etc/dovecot.passwd
ATTEMPT 2
/etc/dovecot.conf:
auth default {
userdb passwd-file {
args = /etc/dovecot.passwd
}
passdb passwd-file {
args = /etc/dovecot.passwd
}
}
/etc/dovecot.passwd:
b...@vh1.com:{PLAIN-MD5}$1$Vh6a...::userdb_user=vh1_bob
Error:
auth(default): passwd-file(b...@vh1.com,:::127.0.0.1): unknown user
I'm missing something obvious, I'm sure of it.
Any pointers appreciated.
Thanks
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.4.5 (GNU/Linux)
mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU
dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7
Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs
V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz
n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu
LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n
sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F
ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y
PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py
aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI
eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM
w49UeHQ=
=qgmL
-END PGP PUBLIC KEY BLOCK-
Re: [Dovecot] Mapping usernames [RESOLVED]
Resolved. For others, this is the simple solution which works for me:
/etc/dovecot.conf:
auth default {
userdb passwd-file {
args = /etc/passwd
}
passdb passwd-file {
args = scheme=MD5-CRYPT /etc/dovecot.passwd
}
}
/etc/dovecot.passwd:
b...@vhost.com:$1$yAOjs09l$...::userdb_user=vabc_bob
(the encrypted password $1$yAOjs09l$... comes from /etc/shadow)
/etc/passwd:
vabc_bob:x:20838:2362:bob:/home/mailusers/vabc_bob:/sbin/nologin
abc could also be the domain (vhost), but this might be too large for
really long domain names. So we rather use a short unique prefix for each
domain.
Cheers
Henry
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.4.5 (GNU/Linux)
mOIESXlwDRECAOycneJPOwSkETRkjJZdArag8V2rKOR2IUwlDOydIZXv/ITDlWDU
dookzEdWh7Ektf1Jlh+YbPNEGoPpQunL8O8AoJbWmNkpoX7jP0Sw/5rDN2eKGHR7
Af9mxTqQ/j3C5LkrTRo9iCTt1TxoqPi6R/w0KkIAuTXBq6j+vIFJcOFgABlMQoXs
V2crh1BUCmXVsV1puRJsLWKbAf4uL0V+N8WF4rvWHmJiYjgDn6exv3XHS0F6NhRz
n1KVnV0XDWMDq/B/tmj4L2JYxEzWzeNulC5yQBOdx/dLU12XtCNIZW5yeSAoemVu
LmNvLnphKSA8aGVucnlAemVuLmNvLnphPohgBBMRAgAgBQJJeXANAhsjBgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQCHhhdg2iQafVGACdEMtEuUGIW2XJyn9Fig7n
sX4qzb4An0PGStBZvAP2qtzYP3SGlzsllzLjuI0ESXlwDRACAMsi4nl8/Yar2m9F
ex4dFDgWylLgScQrEhhb2xN0Upcglm60nHQD7c1rP+63Iu+lU0eWvyr8o3JTCN4y
PpoGMOMAAwUCAIUnLDMW/tz+qsYaOPyoh7HdAYqcrvVar7t+eKpihNBqfP4CT2Py
aRVMN6cSJj9NKZDW6b0QQSCGgN7PpzrLqf6ISQQYEQIACQUCSXlwDQIbDAAKCRAI
eGF2DaJBpxeiAJ9cNiuaftSoWke75RT1pn7qoibFfgCdHl6BgP9f450/oziDwaMM
w49UeHQ=
=qgmL
-END PGP PUBLIC KEY BLOCK-
Re: [Dovecot] Can not Create Maildir using userdb
Dear Tim,
Thank you for your clue. And I'm now able to do what I've been dreaming of :D
Kind Regards,
Henry Yonathan
All successful communication is Hypnosis - Milton H. Erickson
- Original Message -
From: Timo Sirainen [mailto:t...@iki.fi]
To: Dovecot Mailing List [mailto:dove...@dovecot.org]
Subject: Re: [Dovecot] Can not Create Maildir using userdb
On Tue, 2009-01-13 at 10:27 +0700, Henry Yonathan wrote:
Thank you for your reply.
So, you mean that both user_query and password_query should have the
same amount of parameter and the mail parameter from user_query should
have the exact parameter as userdb_mail from password_query?
And also I've to turn on userdb prefetch {}
password_query also needs to return the password. But other than that,
yes.
Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia.
Kunjungi website http://www.bookoopedia.com.
Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet.
Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
Re: [Dovecot] Can not Create Maildir using userdb sql
I dont think mail_location:/home/vmail/%d/%n/Maildir should be terminated with
an /
Because I've try to use the mail_location with userdb static, dovecot still
able to create the directory anyway.
OK, below are my dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=email user= password=
default_pass_scheme = PLAIN-MD5
password_query = SELECT email AS user, password, CONCAT('/home/vmail/%d/%n/',
maildir) AS userdb_home, CONCAT('maildir:/home/vmail/%d/%n/', maildir) AS
userdb_mail, 5000 AS userdb_uid, 5000 AS userdb_gid FROM view_users WHERE email
= '%u';
user_query = SELECT '/home/vmail/%d/%n' AS home, '/home/vmail/%d/%n/Maildir' AS
mail, 5000 AS uid, 5000 AS gid, CONCAT('maildir:storage=', ROUND(quota/1024))
AS quota FROM view_users WHERE email = '%u';
Kind Regards,
Henry Yonathan
All successful communication is Hypnosis - Milton H. Erickson
Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia.
Kunjungi website http://www.bookoopedia.com.
Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet.
Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
Re: [Dovecot] Can not Create Maildir using userdb
Thank you for your reply.
So, you mean that both user_query and password_query should have the same
amount of parameter and the mail parameter from user_query should have the
exact parameter as userdb_mail from password_query?
And also I've to turn on userdb prefetch {}
Kind Regards,
Henry
From: Timo Sirainen [mailto:t...@iki.fi]
To: Dovecot Mailing List [mailto:dove...@dovecot.org]
Subject: Re: [Dovecot] Can not Create Maildir using userdb sql
On Jan 12, 2009, at 8:38 PM, Henry Yonathan wrote:
password_query = SELECT email AS user, password, CONCAT('/home/vmail/
%d/%n/', maildir) AS userdb_home, CONCAT('maildir:/home/vmail/%d/
%n/', maildir) AS userdb_mail, 5000 AS userdb_uid, 5000 AS
userdb_gid FROM view_users WHERE email = '%u';
Here you're trying to use prefetch userdb by returning userdb_*
fields. But they're different than here:
user_query = SELECT '/home/vmail/%d/%n' AS home, '/home/vmail/%d/%n/
Maildir' AS mail, 5000 AS uid, 5000 AS gid,
CONCAT('maildir:storage=', ROUND(quota/1024)) AS quota FROM
view_users WHERE email = '%u';
They should contain the exact same values. Here userdb_mail isn't
prefixed with maildir:, which is your main problem. Also here you're
specifying quota field but in password_query you're not specifying
userdb_quota at all.
passdb:
driver: sql
args: /etc/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot-sql.conf
And finally you're not currently even using prefetch userdb so Dovecot
ignores all the userdb_* fields you're returning in password_query.
For enabling prefetch see http://wiki.dovecot.org/UserDatabase/Prefetch
Belanja buku lewat internet, GRATIS ONGKOS KIRIM ke seluruh Indonesia.
Kunjungi website http://www.bookoopedia.com.
Hipokuku.com - Cara Baru Isi Pulsa Lewat Internet.
Kunjungi website http://www.hipokuku.com untuk informasi selengkapnya.
[Dovecot] Multiple network interface question
Hi all, Sorry if this question has been posted before. I have dug through the archives but haven't found any relevant answers to this question. I am running Dovecot on a server that serves a number of (virtual) domains each with a number of (virtual) users. To read mail I am providing a webmail client and have configured HTTPS connections using reverse DNS so that each domain has its own IP address and that each IP address gets mapped to a different virtual host. Each virtual host presents and HTTPS connection particular to their own domain using the SSL certificate for that domain so that each user only sees his or her own domain throughout. Is it possible to configure Dovecot so that mail-clients like Thunderbird or Outlook can connect via the default port using their own domain (maybe also using reverse DNS) and be presented with an SSL connection particular to that domain (i.e. using that domains certificate)? Any comments welcome. Thanks in advance, -Mike
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
quote who=Jack McKinney So why is dovecot searching for uid? I am not asking it to; in fact, my pass_attrs field is empty. Im' no tsure, I was hoping someone else would know why. Is it a hard coded default? Also, I have switched around my setup to not use auth_bind: hosts = ldap.lrtz dn = cn=varmail,ou=users,dc=lorentz,dc=com dnpass = *** ldap_version = 3 auth_bind = no pass_attrs = userPassword=password pass_filter = ((objectClass=inetOrgPerson)(mail=%Lu)) base = ou=users, dc=%Dd scope = onelevel With this configuration, it becomes inconsistant. Sometimes my client authenticates, and sometimes my client goes through the same timeout as below. I have not had time to run enough trials to prove this, but it seems like this new configuration works for the first connection made to dovecot, and then times out on subsequent connections. If I restart dovecot, then I get one successful connection again, and then the others fail. I am not certain on this, however. I seem to remember the first connection timing out on one run... On Wed, 2008-04-16 at 23:20 +0100, Gavin Henry wrote: quote who=Jack McKinney No, it isn't. I have verified the connection with openssl s_client. Besides, the server is receiving the username [EMAIL PROTECTED], so the connection has already been made by this time. What is happening every time is that dovecot sends the correct query to OpenLDAP (as noted in the log below), OpenLDAP receives that query (according to its log) and responds with one match, but dovecot never seems to see that response. 180 seconds after the auth fails, dovecot drops the connection with the IMAP client for inactivity. I've gone back to your first post, and you slapd logs show: Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base=ou=users,dc=lorentz,dc=com scope=1 deref=0 filter=((objectClass=inetOrgPerson)(mail=jackmc at lorentz.com)) Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Which shows the correct filter, but the requested attribute to return is uid, which is _not_ in your entry: # Jack McKinney, users, lorentz.com dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Jack McKinney givenName: Jack McKinney sn: McKinney mail: jackmc at lorentz.com Try the same search again, but using (note uid on end): ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel '((objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid It should be empty, hence why dovecot isn't getting anything. -- Jack McKinney GPG 1024D/99C6A174 [EMAIL PROTECTED] YM:lfaatsnat2006 AIM:jackmclorentz Beware geeks bearing diffs
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
My config is almost exactly the same as yours, except that I use static userdb and I do not have (nor do I understand the need for; see my previous post) pass_attrs. I tried putting them in matching yours, but it still fails the same way: OpenLDAP receives the query and (according to its logs) responds with nentries=1 (i.e., exactly one match, as expected). However, dovecot never sees the response from OpenLDAP. What do you see in the dovecot logs with auth debug on?
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
quote who=Jack McKinney Apr 3 08:13:21 fourier dovecot: auth(default): new auth connection: pid=15774 Apr 3 08:13:30 fourier dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=x.x.x.x^Irip=y.y.y.y^Iresp=hidden Apr 3 08:13:30 fourier dovecot: auth(default): ldap([EMAIL PROTECTED],y.y.y.y): bind search: base=ou=users, dc=lorentz,dc=com filter=((objectClass=inetOrgPerson)([EMAIL PROTECTED])) Apr 3 08:16:30 fourier dovecot: imap-login: Disconnected: Inactivity: method=PLAIN, rip=y.y.y.y, lip=x.x.x.x, TLS This isn't a TLS mismatch kidn of thing is it?
Re: [Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
quote who=Jack McKinney No, it isn't. I have verified the connection with openssl s_client. Besides, the server is receiving the username [EMAIL PROTECTED], so the connection has already been made by this time. What is happening every time is that dovecot sends the correct query to OpenLDAP (as noted in the log below), OpenLDAP receives that query (according to its log) and responds with one match, but dovecot never seems to see that response. 180 seconds after the auth fails, dovecot drops the connection with the IMAP client for inactivity. I've gone back to your first post, and you slapd logs show: Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base=ou=users,dc=lorentz,dc=com scope=1 deref=0 filter=((objectClass=inetOrgPerson)(mail=jackmc at lorentz.com)) Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Which shows the correct filter, but the requested attribute to return is uid, which is _not_ in your entry: # Jack McKinney, users, lorentz.com dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Jack McKinney givenName: Jack McKinney sn: McKinney mail: jackmc at lorentz.com Try the same search again, but using (note uid on end): ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel '((objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid It should be empty, hence why dovecot isn't getting anything.
[Dovecot] Shared folders and LDAP?
Dear All, Is it possible to store shared folder lists in an LDAP Directory along with your virtual users? Will check the wiki too. Thanks, Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
Re: [Dovecot] Shared folders and LDAP?
quote who=Timo Sirainen On Thu, 2007-07-19 at 10:17 +0100, Gavin Henry wrote: quote who=Timo Sirainen On Thu, 2007-07-19 at 07:56 +0100, Gavin Henry wrote: Dear All, Is it possible to store shared folder lists in an LDAP Directory along with your virtual users? You could have LDAP return namespaces. First define a private namespace in dovecot.conf, and then return another from LDAP. You'd have to return fields like: namespace_2=maildir:/shared/boxes namespace_2_prefix=Shared/ Or you could just configure the second namespace in dovecot.conf as well and just override the location with namespace_2. Sounds all good, but I can't find any info about LDAP lookups for namespaces on the wiki. This isn't specific to either namespaces or LDAP. You can override any setting with any userdb (that's documented, http://wiki.dovecot.org/UserDatabase/ExtraFields). The internal names for namespace settings aren't documented anywhere though, and they're going to change in Dovecot v2.0. Ah, ok. Thanks. If this is a often requested feature, should we do a dovecot.schema file for these kind of things. I'd be willing to develop/discuss one and contribute it. First I've heard. :) ;-)
[Dovecot] Stop Maildir appending to path
dovecot -n: # /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_listen: 208.xxx.xxx.xxx login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_extra_groups: mail mail_debug: yes auth default: passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: static args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 master: path: /var/run/dovecot/auth-master mode: 384 user: vmail -- dovecot version: 1.0.rc15 -- Debian Etch (Stable) on AMD64
[Dovecot] Stop Maildir appending to path
Dovecot is working perfectly except for one problem. I have local
users and virtual users. Local users are ~/Maildir. And virtual users
are /home/vmail/domain/user. The problem is, it keeps trying to fetch
virtual mail at /home/vmail/domain/user/Maildir. It doesn't exist the
user/ dir is the Maildir.
To get around this, I have to make symlinks on each virtual email.
What should I check? How do I make it stop appending Maildir to my
virtual users path?
If I set mail_location to the virtual user path, it works fine. But I
won't be able to get local mail.
So I... have mail_location pointing to local users ~/Maildir while
UserDatabase/Extrafields feature will overwrite the path for virtual
users.
dovecat-sql.conf:
password_query = SELECT email as user, password, CONCAT('/home/
vmail/', path) as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid
FROM view_users WHERE email='%u';
Re: [Dovecot] LDAP for Virtual Domains
quote who=Bryan Vyhmeister
Is anyone using LDAP along with Dovecot where mail is being accessed
in the form of /var/vmail/${domain}/${user}? I have not figured out
how to extract the domain from LDAP in order to make this work. I
know this is sparse information but maybe there is an easy fix. If
not, I can post more information.
Bryan
What config have you tried?
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E [EMAIL PROTECTED]
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Re: [Dovecot] v1.0.0 released
quote who=Daniel L. Miller Timo Sirainen wrote: http://dovecot.org/releases/dovecot-1.0.0.tar.gz http://dovecot.org/releases/dovecot-1.0.0.tar.gz.sig It took almost 5 years, but it's finally ready. I'm not expecting to release v1.0.1 anytime soon, unless someone's been sitting on a major bug just waiting for v1.0 to be released. :) Congratulations! Well done! Likewise from me! Well done. Gimme a call next time you're in Vegas! -- Daniel
Re: [Dovecot] 1.0.rc30 released
quote who=Timo Sirainen http://dovecot.org/releases/dovecot-1.0.rc30.tar.gz http://dovecot.org/releases/dovecot-1.0.rc30.tar.gz.sig So, this is it. Unless you can find a new and important bug within a week, this release is the same as v1.0. I'll only update the version number and NEWS file. Yeah -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
