Re: [Dovecot] Size of Mailbox affecting the sending of mail?
Hi all, Having set up my mail server (Dovecot/Postfix), users are experiencing long delays (a couple of minutes) when sending mail from mail client such as Thunderbird - this increases with attachments. Having had a While in the first place sending e-mail has to do with SMTP and not IMAP, most mail client programs are configured to save a copy of an e-mail using FCC (file carbon copy) by putting this copy via IMAP into some Sent folder. And here you are: this may explain the long delays, esp. if on some asymmetric connection like DSL with low upstream bandwith. Just my 2c Cheers and have a nice weekend -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY
Re: [Dovecot] Outlook 2010 very slow when using IMAP - are thereany tweaks?
Hi there, as I recall you are using OL2010 in an enterprise environment? In many cases home directories etc. are residing then on network shares. And that’s where .pst files and .ost files most probably are being written, too. When profiles are being configured writing incoming mails to .pst files (so you have a local copy), you will run in a situation, MS does not support/recommend, as this slows down (yes, confirmed) the client and may have negative side effects to others on that share: http://support.microsoft.com/kb/297019/en-us Cheers Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg
Re: [Dovecot] Performance-Tuning
Hi there, I never tried it, but it should be possible to provide the mail_location from the user repsoitory (LDAP, SQL, whatever) Actually this works :-) Our userdb looks similar to: account1:xyz:000:000::/account1s/home/dir::userdb_mail=maildir:/account1s/home/dir/Maildir account2:xyz:000:000::/account2s/home/dir::userdb_mail=mdbox:/ account2s/home/dir http://wiki2.dovecot.org/UserDatabase/ExtraFields Concerning Maildir backups: what about a backup-to-disc-to-tape scheme using snapshots for the to-disc part and something like perpetual incrementals afterwards for the top-tape (secondary store) ? Regards Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de So you can keep your global config, and use a script to convert one mailbox after another, and add a mail_location extra userdb field in the user repository to overwrite the global setting on a per-user-basis. Regards, Oliver
[Dovecot] Dovecot 2 + Director: IMAP+GSSAPI and LMTP-proxying
Hi all,
I have a setup of some nodes running Dovecot 2.0.13 and Postfix 2.5.6
with storage in NFS and authentication happening with PAM.
Poking around in the wiki, I tried out different possibilities but now
I am stuck -- and are hoping for your (enlightening) comments and tips.
My planned setup for IMAP and LMTP is like this:
IMAP
1. A loadbalancer directs new sessions to a Dovecot-Director instance;
this extra amount of traffic routing is mostly done for automatic
handling in case of a failing Director node; this works fine, the
same IP will end always on the same backend, but user-based Directory
proxying seems more appropriate, especially taking the NFS-setup and
the delivery process into account
2. Then the Director decides where to direct the user's session; this
works fine when I let the backend servers do the authentication work
3. The backend Dovecot server will happily provide the user's e-mail
For now my section for the passdb in the Director instance is
passdb {
driver = static
args = proxy=y nopassword=y
}
So the backend will do the authentication of the session. But this setup
inhibits using Kerberos, as the TGT is not forwarded to the backend
server.
I would very much like to provide GSSAPI/Kerberos authentication, which
already works fine with the backend servers being directly connected by
mail clients. The backend servers are using the PAM driver.
I could not figure out, how to setup the passdb entry for the director
instance to use PAM (this way enabling GSSAPI/Kerberos) and also giving
back the necessary proxy=y to make director proxying the IMAP session.
Is this setup feasible at all?
LMTP
1. Postfix accepts incoming e-mail and decides, which e-mail will go
the LMTP-way to be deliverd into a Dovecot mailbox with something
like
virtual_transport = lmtp:inet:DOVECOT-DIRECTORS-IP:LMTP-PORT-ABC
2. the Dovecot Director instance accepts the LMTP connections and
will proxy this to the appropriate==user's current backend server
For now Postfix delivers e-mails using LMTP to the _backend_ w/o
proxying and everything like SIEVE-filtering works fine:
virtual_transport = lmtp:inet:DOVECOT-BACKENDS-IP:LMTP-PORT-XYZ
But when I use the Director's IP/Port combination for LMTP, I see
an error 554 5.4.6 t...@addr.ess Proxying loops to itself.
Where may I specify the port number of the backend server's
LMTP-port? I suspect that the missing port number implies that
the receiving LMTP-backend server uses the same port and so
this would lead to a loop, hence the loop error?!
I browsed the Wiki and the archives but still cannot find the
information I am looking for.
Any hints on that?
Cheers,
Dirk
And here's the director.conf (via doveconf -n):
# 2.0.13: /dovecot/code/etc/dovecot-director/director.conf
# OS: SunOS 5.10 sun4v
auth_debug = yes
auth_verbose = yes
base_dir = /var/run/director/
debug_log_path = /var/adm/dovecot-director.debug
director_mail_servers = LOCAL-BACKEND-IP
director_servers = PUBLIC-DIRECTOR-IP
lmtp_proxy = yes
login_greeting = Dovecot Director ready.
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
passdb {
args = proxy=y nopassword=y
driver = static
}
protocols = imap lmtp
service auth-worker {
user = root
}
service auth {
client_limit = 6000
unix_listener auth-userdb {
mode = 0644
user = vmail
}
}
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
executable = imap-login director
inet_listener imap {
port = 10143
}
inet_listener imaps {
port = 10993
ssl = yes
}
process_min_avail = 1
}
service imap {
process_limit = 1024
}
service lmtp {
inet_listener lmtp {
address = LOCAL-DIRECTOR-IP
port = 24242
}
}
ssl_cert = /dovecot/code/dovecot-homedir/dovecot.crt
ssl_key = /dovecot/code/dovecot-homedir/dovecot.key
syslog_facility = local0
protocol lmtp {
auth_socket_path = director-userdb
}
--
Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY
IT Information Fabrics Member of the Helmholtz Association
D-22603 HamburgNotkestrasse 85 / 22607 Hamburg
T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de
[Dovecot] Question about lda auth_socket_path
Hi all,
storing e-mails (using postfix) via dovecot-lda fails and I assume this
is related with a auth_socket configuration problem. But I am at a dead
end, so perhaps anybody has got a hint for me:
This is dovecot-2.0.8 on Solaris 10:
10-auth.conf and its include:
-
...
userdb {
driver = static
args = uid=104 gid=104 home=/some/path/%u
}
Relevant parts of 10-mail.conf:
-
...
auth_socket_path = /var/run/dovecot/auth-userdb
Relevant parts of 10-master.conf:
-
...service auth {
unix_listener auth-userdb {
mode = 0644
user = vmail
#group =
}
}
service auth-worker {
user = root
}
Relevant parts of 15-lda.conf:
-
...
protocol lda {
# Space separated list of plugins to load (default is global
mail_plugins).
#mail_plugins = $mail_plugins
}
# ls -l /var/run/dovecot/auth-userdb
srw-r--r-- 1 vmailroot 0 Jan 12 15:49
/var/run/dovecot/auth-userdb
Using dovecot-lda for mail delivery or doveadm for user inquirement
fails:
via debug_log_path:
---
Jan 12 16:04:14 auth: Debug: Loading modules from directory:
/dovecot/code/dovecot-2.0.8/lib/dovecot/auth
Jan 12 16:04:14 auth: Debug: passwd-file /store1/db/masterusers.passwd:
Read 1 users
Jan 12 16:04:14 auth: Debug: master in: USER1 djahnke
service=lda
Jan 12 16:04:14 auth: Debug: password(djahnke): passdb doesn't support
credential lookups
Jan 12 16:04:14 auth: Debug: master out: FAIL 1
Jan 12 16:04:14 lda: Debug: auth input:
via syslog:
---
Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.error] auth: Error:
static(djahnke): passdb doesn't support lookups, can't verify user's
existence
Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.error] lda: Error:
user djahnke: Auth USER lookup failed
Jan 12 16:04:14 deliver1 dovecot: [ID 583609 local0.crit] lda: Fatal:
Internal error occurred. Refer to server log for more information.
When I use allow_all_users=yes everything works fine, so I think
somehow the communication with the socket fails. I cannot see what
I have missed :-(
Any suggestions what I should look for / configure ?
Any help appreciated,
cheers,
Drik
--
Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY
IT Information Fabrics Member of the Helmholtz Association
D-22603 HamburgNotkestrasse 85 / 22607 Hamburg
T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de
[Dovecot] v 1.1.13 / GSSAPI / Timeout waiting for handshake from auth server
Dear all, I am trying to setup Dovecot with GSSAPI support. For testing purposes gssapi is the only method allowed for login. As I cannot login to my mailbox, I'vo got two questions about the following log entries: dovecot: Info: auth-worker(default): passwd-file /dovecot/store/db/test-userdb: Read 3 users dovecot: Info: auth(default): new auth connection: pid=3915 dovecot: Info: auth(default): client in: AUTH 1 GSSAPI service=imap lip=131.169.*.* rip=131.169.*.* lport=143 rport=35779 dovecot: Info: auth(default): gssapi(?,131.169.40.218): Obtaining credentials for i...@my.host.name dovecot: Error: imap-login: Timeout waiting for handshake from auth server. my pid=3918, input bytes=0 1. I am puzzled about the credentials i...@my.host.name being obtained; shouldn't this be something like imap/my.host.n...@my.realm ? 2. what does Timeout waiting for handshake from auth server. mean? Who is trying to handshake with whom? Any ideas? Best regards, Dirk -- Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY IT Information Fabrics Member of the Helmholtz Association D-22603 HamburgNotkestrasse 85 / 22607 Hamburg T: +49-40-899.81760 F: +49-40-899.41760 dirk.jahnke-zumbu...@desy.de smime.p7s Description: S/MIME cryptographic signature
