Re: [Dovecot] Size of Mailbox affecting the sending of mail?
Hi all, Having set up my mail server (Dovecot/Postfix), users are experiencing long delays (a couple of minutes) when sending mail from mail client such as Thunderbird - this increases with attachments. Having had a While in the first place sending e-mail has to do with SMTP and not IMAP, most mail client programs are configured to save a copy of an e-mail using FCC (file carbon copy) by putting this copy via IMAP into some Sent folder. And here you are: this may explain the long delays, esp. if on some asymmetric connection like DSL with low upstream bandwith. Just my 2c Cheers and have a nice weekend -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY
Re: [Dovecot] Outlook 2010 very slow when using IMAP - are thereany tweaks?
Hi there, as I recall you are using OL2010 in an enterprise environment? In many cases home directories etc. are residing then on network shares. And that’s where .pst files and .ost files most probably are being written, too. When profiles are being configured writing incoming mails to .pst files (so you have a local copy), you will run in a situation, MS does not support/recommend, as this slows down (yes, confirmed) the client and may have negative side effects to others on that share: http://support.microsoft.com/kb/297019/en-us Cheers Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg
Re: [Dovecot] Performance-Tuning
Hi there, I never tried it, but it should be possible to provide the mail_location from the user repsoitory (LDAP, SQL, whatever) Actually this works :-) Our userdb looks similar to: account1:xyz:000:000::/account1s/home/dir::userdb_mail=maildir:/account1s/home/dir/Maildir account2:xyz:000:000::/account2s/home/dir::userdb_mail=mdbox:/ account2s/home/dir http://wiki2.dovecot.org/UserDatabase/ExtraFields Concerning Maildir backups: what about a backup-to-disc-to-tape scheme using snapshots for the to-disc part and something like perpetual incrementals afterwards for the top-tape (secondary store) ? Regards Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de So you can keep your global config, and use a script to convert one mailbox after another, and add a mail_location extra userdb field in the user repository to overwrite the global setting on a per-user-basis. Regards, Oliver
[Dovecot] Dovecot 2 + Director: IMAP+GSSAPI and LMTP-proxying
Hi all, I have a setup of some nodes running Dovecot 2.0.13 and Postfix 2.5.6 with storage in NFS and authentication happening with PAM. Poking around in the wiki, I tried out different possibilities but now I am stuck -- and are hoping for your (enlightening) comments and tips. My planned setup for IMAP and LMTP is like this: IMAP 1. A loadbalancer directs new sessions to a Dovecot-Director instance; this extra amount of traffic routing is mostly done for automatic handling in case of a failing Director node; this works fine, the same IP will end always on the same backend, but user-based Directory proxying seems more appropriate, especially taking the NFS-setup and the delivery process into account 2. Then the Director decides where to direct the user's session; this works fine when I let the backend servers do the authentication work 3. The backend Dovecot server will happily provide the user's e-mail For now my section for the passdb in the Director instance is passdb { driver = static args = proxy=y nopassword=y } So the backend will do the authentication of the session. But this setup inhibits using Kerberos, as the TGT is not forwarded to the backend server. I would very much like to provide GSSAPI/Kerberos authentication, which already works fine with the backend servers being directly connected by mail clients. The backend servers are using the PAM driver. I could not figure out, how to setup the passdb entry for the director instance to use PAM (this way enabling GSSAPI/Kerberos) and also giving back the necessary proxy=y to make director proxying the IMAP session. Is this setup feasible at all? LMTP 1. Postfix accepts incoming e-mail and decides, which e-mail will go the LMTP-way to be deliverd into a Dovecot mailbox with something like virtual_transport = lmtp:inet:DOVECOT-DIRECTORS-IP:LMTP-PORT-ABC 2. the Dovecot Director instance accepts the LMTP connections and will proxy this to the appropriate==user's current backend server For now Postfix delivers e-mails using LMTP to the _backend_ w/o proxying and everything like SIEVE-filtering works fine: virtual_transport = lmtp:inet:DOVECOT-BACKENDS-IP:LMTP-PORT-XYZ But when I use the Director's IP/Port combination for LMTP, I see an error 554 5.4.6 t...@addr.ess Proxying loops to itself. Where may I specify the port number of the backend server's LMTP-port? I suspect that the missing port number implies that the receiving LMTP-backend server uses the same port and so this would lead to a loop, hence the loop error?! I browsed the Wiki and the archives but still cannot find the information I am looking for. Any hints on that? Cheers, Dirk And here's the director.conf (via doveconf -n): # 2.0.13: /dovecot/code/etc/dovecot-director/director.conf # OS: SunOS 5.10 sun4v auth_debug = yes auth_verbose = yes base_dir = /var/run/director/ debug_log_path = /var/adm/dovecot-director.debug director_mail_servers = LOCAL-BACKEND-IP director_servers = PUBLIC-DIRECTOR-IP lmtp_proxy = yes login_greeting = Dovecot Director ready. mail_debug = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = proxy=y nopassword=y driver = static } protocols = imap lmtp service auth-worker { user = root } service auth { client_limit = 6000 unix_listener auth-userdb { mode = 0644 user = vmail } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director inet_listener imap { port = 10143 } inet_listener imaps { port = 10993 ssl = yes } process_min_avail = 1 } service imap { process_limit = 1024 } service lmtp { inet_listener lmtp { address = LOCAL-DIRECTOR-IP port = 24242 } } ssl_cert = /dovecot/code/dovecot-homedir/dovecot.crt ssl_key = /dovecot/code/dovecot-homedir/dovecot.key syslog_facility = local0 protocol lmtp { auth_socket_path = director-userdb } -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de
[Dovecot] Question about lda auth_socket_path
Hi all, storing e-mails (using postfix) via dovecot-lda fails and I assume this is related with a auth_socket configuration problem. But I am at a dead end, so perhaps anybody has got a hint for me: This is dovecot-2.0.8 on Solaris 10: 10-auth.conf and its include: - ... userdb { driver = static args = uid=104 gid=104 home=/some/path/%u } Relevant parts of 10-mail.conf: - ... auth_socket_path = /var/run/dovecot/auth-userdb Relevant parts of 10-master.conf: - ...service auth { unix_listener auth-userdb { mode = 0644 user = vmail #group = } } service auth-worker { user = root } Relevant parts of 15-lda.conf: - ... protocol lda { # Space separated list of plugins to load (default is global mail_plugins). #mail_plugins = $mail_plugins } # ls -l /var/run/dovecot/auth-userdb srw-r--r-- 1 vmailroot 0 Jan 12 15:49 /var/run/dovecot/auth-userdb Using dovecot-lda for mail delivery or doveadm for user inquirement fails: via debug_log_path: --- Jan 12 16:04:14 auth: Debug: Loading modules from directory: /dovecot/code/dovecot-2.0.8/lib/dovecot/auth Jan 12 16:04:14 auth: Debug: passwd-file /store1/db/masterusers.passwd: Read 1 users Jan 12 16:04:14 auth: Debug: master in: USER1 djahnke service=lda Jan 12 16:04:14 auth: Debug: password(djahnke): passdb doesn't support credential lookups Jan 12 16:04:14 auth: Debug: master out: FAIL 1 Jan 12 16:04:14 lda: Debug: auth input: via syslog: --- Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.error] auth: Error: static(djahnke): passdb doesn't support lookups, can't verify user's existence Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.error] lda: Error: user djahnke: Auth USER lookup failed Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.crit] lda: Fatal: Internal error occurred. Refer to server log for more information. When I use allow_all_users=yes everything works fine, so I think somehow the communication with the socket fails. I cannot see what I have missed :-( Any suggestions what I should look for / configure ? Any help appreciated, cheers, Drik -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de
[Dovecot] v 1.1.13 / GSSAPI / Timeout waiting for handshake from auth server
Dear all, I am trying to setup Dovecot with GSSAPI support. For testing purposes gssapi is the only method allowed for login. As I cannot login to my mailbox, I'vo got two questions about the following log entries: dovecot: Info: auth-worker(default): passwd-file /dovecot/store/db/test-userdb: Read 3 users dovecot: Info: auth(default): new auth connection: pid=3915 dovecot: Info: auth(default): client in: AUTH 1 GSSAPI service=imap lip=131.169.*.* rip=131.169.*.* lport=143 rport=35779 dovecot: Info: auth(default): gssapi(?,131.169.40.218): Obtaining credentials for i...@my.host.name dovecot: Error: imap-login: Timeout waiting for handshake from auth server. my pid=3918, input bytes=0 1. I am puzzled about the credentials i...@my.host.name being obtained; shouldn't this be something like imap/my.host.n...@my.realm ? 2. what does Timeout waiting for handshake from auth server. mean? Who is trying to handshake with whom? Any ideas? Best regards, Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de smime.p7s Description: S/MIME cryptographic signature