Re: how to disable port 143
We use fail2ban also. It's good for automatically updating the Linux firewall based on the system logs. However, if you just want to block one port for everyone you can do it yourself with one firewall rule. For instance, if you have a database server that should only be accessed by systems on the LAN. you can put in a rule to accept any computers on the LAN followed by a rule to refuse all connect requests. That way even if a hacker gets your database password he can't get into the system. Jerry On 6/9/2024 11:22 PM, Jeff Peng wrote: We already have thousands of fw rules by fail2ban :) On 2024-06-10 10:44, Jerry Stuckle via dovecot wrote: If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot installation and ssl certificates
Hi, all, First of all, I will admit I am totally a noob with Dovecot. I am trying to install it on Debian and am somewhat lost. Right now this is a test system on our LAN. I'm starting with POP3 (because it's easy to handle from the CLI). I have it working from localhost - I can telnet to port localhost 110 and access emails (of course I can't do this from a remote system because it requires SSL). Trying to access this from a remote system with Thunderbird is not working. /var/log/mail.log shows the following: 2024-03-03T22:18:54.887061-05:00 debian-server dovecot: pop3-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=206.223.85.12, lip=206.223.85.137, TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session= I tried to create a certificate with mkconf.sh but obviously don't have the right information in the configuration file and/or didn't get the files in the right place (I've seen different places they should be). I need help. First of all, an explanation as to how to configure the dovecot-openssl.cnf file (an example with actual values - real or fake - would be a real help). Second, where does this go? Note that for right now I'm trying to just get one domain working but eventually this will serve at least 4 domains. Once I get the first domain working, thoughts about how to get multiple domains working would also be appreciated. I know we noobs are a PITA but I really appreciate the help. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: auth between postfix and dovecot?
On Sun, 24 Apr 2022 09:06:11 +0800, ミユナ (alice) stated: >Shawn Heisey wrote: >> My setup is virtual users in a postfixadmin database. Dovecot does >> all authentication, even with posfix. I believe the config snippets >> I have included below are the relevant things that make it possible >> for postfix to talk to dovecot for mail delivery and authentication. >> >> Mail sent from localhost on port 25 does not require authentication >> on my system, because 127.0.0.0/8 is in postfix's mynetworks config >> and port 25's access restrictions include permit_mynetworks. >> Anything sent via submission (port 587) does require auth, even from >> trusted networks. If you can configure your webmail to use >> submission instead of smtp, maybe that can be authenticated. You'll >> need to consult support resources for your webmail to see if that is >> possible. I can say for sure that roundcube can do it ... I have >> roundcube configured to talk to port 587, which as mentioned, ALWAYS >> requires authentication. >> >> When postfix sends mail to dovecot for delivery, I'm pretty sure >> that happens without authentication. It's LMTP via unix socket, not >> something an outside client can access directly. > > >Thank you. that's good suggestion. > >regards. These URLs might prove useful. https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/#lmtp-server https://doc.dovecot.org/configuration_manual/howto/postfix_dovecot_lmtp/ I also use Postfix/Dovecot with LMTP. -- Jerry
Re: What imap ssl/auth settings work best with MS Outlook?
On Thu, 29 Apr 2021 09:51:13 -0400, Steve Dondley stated: >On 2021-04-29 09:40 AM, Steve Dondley wrote: >>> I am using Outlook without any problems what so ever. >>> >>> It sounds to me like you are setting up Outlook to use port 465. In >>> the >>> setup screen, set the port to either "25" or "587". I am using "587" >>> with "starttls" Your "incoming mail port" will depend on how you >>> have Dovecot configured. I use port "143" with "starttls" for >>> Outlook. YMMV depending on your configuration. >>> >>> You might want to consider posting the output of "doveconf -a" and >>> how you have Outlook configured. >> >> To get things working with the client I had to set >> "disable_plaintext_auth = no" and have them use port 143. Obviously, >> this is not ideal. I could not get 993 working at all with the >> client's version of outlook. However, on MS 365, outlook works just >> fine. >> >> It's insane. > >OK, I had changed "ssl = yes" to "ssl = required" so having >"disable_plaintext_auth" is not such a big deal. > >But I would still love to know why port 993 wasn't working at all for >this client. Posting the exact error message(s) would be helpful. Any logs would also be appreciated. I believe Outlook could be started in "debug" mode. Check this URL out: https://docs.microsoft.com/en-us/office/dev/add-ins/testing/attach-debugger-from-task-pane Good Luck -- Jerry pgpvdTCvY4b9K.pgp Description: OpenPGP digital signature
Re: What imap ssl/auth settings work best with MS Outlook?
On Thu, 29 Apr 2021 05:22:45 -0400, Steve Dondley stated: >On 2021-04-29 01:45 AM, @lbutlr wrote: >> On 28 Apr 2021, at 12:49, Steve Dondley wrote: >>> I repeatedly have a hell of a time getting clients' Outlook >>> software working well with Dovecot. It's hard for me to test myself >>> since I don't have Outlook and it would be impossible to keep up >>> with all the different versions anyway. >> >> How old is the version of Outlook they are using? Office 2010 is a >> disaster, and if I recall correctly 2014 has many issues as well. > >I'm not sure. It's fairly recent though. > >Some more nuttiness: I bit the bullet and downloaded a trial version >of MS 365 and downloaded the Outlook desktop. On my mac, at least, >there are two different interfaces/version of Outlook: the "old" >Outlook and a "new," more minimalist version. You can switch between >the versions easily. > >On the "old" outlook, I was able to get things set up without issue. >But with the "new" outlook, I couldn't send email or set up a new >account. > >It turns out I had to enable the smtp_tls_wrappermode setting to get >it working with the "new" Outlook. See >http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode > >I thought the wrapper setting was just for the long dead Outlook >Express mail client. But now I'm wondering if I need this setting for >some versions of Outlook. > > >> Even so, it's terrible software that is designed to 'encourage' users >> to use Exchange Servers for mail instead of real email servers. > >I'm not conspiracy theorist, but I can't help but come to the same >conclusion. > >I am totally unfamiliar with Exchange servers. What do they offer, >exactly, that dovecot/postfix does not (besides a revenue stream for >MS)? I am using Outlook without any problems what so ever. It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration. You might want to consider posting the output of "doveconf -a" and how you have Outlook configured. -- Jerry pgp1CQlXpKV_Z.pgp Description: OpenPGP digital signature
RE: Outlook with Dovecot
Re: Unable to access mail via Outlook
On Tue, 13 Oct 2020 09:48:16 +0300, Odhiambo Washington stated: >Hola, > >Dovecot- 2.3.11.3 with mdbox. > >I have a situation where I can access (view) the e-mails when I use a >web-based IMAP client, but NOT M$ Outlook (configured for IMAP). >Is there an easy way to solve this? >When I send an e-mail to the mailbox address, I can see it on the >webmail, but not on Outlook. What version of MS Outlook are you using? -- Jerry
Re: Outlook problems on Apple systems(Mac os)
On Tue, 8 Sep 2020 09:57:59 +0800, h...@cndns.com stated: >Dovecot is on version 2.2.36. I tested it. Outlook on the Apple system >successfully logged in with the imap protocol, and then sent the LIST >command and outlook did not send any further. Dovecot returns the >results as follows: > >A003 OK LIST completed (0.001 + 0.000 secs). > > >There is no problem with version 2.1.17 using dovecot before. The >information returned by dovecot in version 2.1.17 is as follows: > >A003 OK LIST completed. > > >I suspect that the feedback of the following information causes >Outlook to not recognize it normally: > >(0.001 + 0.000 secs) What version of Outlook? -- Jerry pgpcCgWa26hyA.pgp Description: OpenPGP digital signature
Re: Outlook vs Thunderbird
On Mon, 6 Jul 2020 23:49:08 -0600, @lbutlr stated: >On 06 Jul 2020, at 15:48, The Doctor wrote: >> Got a client that usually uses Outlook I think 2010. This person >> tends to move their e-mails to certain folers. On Thunderbird, the >> move shows. Not on Outlook. >> >> Any explanation? > >Since the move works fine in Thunderbrd (and I assume any other client >will see the same), the problem is with Outlook 2010. Perhaps a gentle >reminder that it is currently 2020? > >I moved the last holdout client off 2010 about 2 or 3 yers ago after >having many many problems with it that could not be easily fixed >because the software was no longer supported and I pointed out they >were sending more money paying me to try to fix it than it would cost >them to pay for Office 365 (small business, obviously). +1 -- Jerry pgpOeu27PTyxZ.pgp Description: OpenPGP digital signature
Re: fail2ban setup centos 7 not picking auth fail?
On Thu, 21 May 2020 23:22:04 -0700, lists stated: >I use SSHGuard on well ssh (doh!), but supposedly you can use it for >postfix and dovecot also. I can tell you it is well supported. I am >on Centos 7 using firewalld. SSHGuard works fairly well with Postfix; however, it is virtually useless with Dovecot. It never picks up on "auth fail" and a few others. I have submitted documentation and requests to SSHGuard, but they have never acted upon them, other than to say that they will look into it. -- Jerry pgpWSAh1HZO0c.pgp Description: OpenPGP digital signature
Re: Ms Exchange vs dovecot
On 09 May 2020 13:36:00 +0200, Michael Hirmke stated: >Hi Marc, > >>I have recently been working/testing with exchange 2016 and started >>thinking if I should even migrate to this platform. I assume more >>people here have experience with exchange and this idea. > >I was an Exchange admin for years and even had an Exchange server at >home for about 20 years - just for fun and for testing purposes. >Three months ago I migrated to dovecot and baikal - and dropped >Exchange completely. >This worked flawless, so *I* don't miss Exchange at all. > >But: > >You can't compare dovecot with Exchange, because dovecot is a mail >server, Exchange is a groupware server. This is why I added a baikal >server to my infrastructure. Baikal is a Cal- and CardDAV server, that >can replace the calendar und contact parts of Exchange. >Nevertheless you loose many features of an Exchange server after >migrating to such a setup, so if your users got used to these feature, >it wouldn't be possible to drop Exchange. It is only feasable for small >environments with few people or in a new environment, where nobody has >used an Exchange Server until now. IMHO. >This was not your question, it is meant as background information, if >you wouldn't already know that. > >For your environment I can't tell if it is possible to migrate to >Exchange, because you didn't write, if you already have an Active >Directory in place, which is necessary for Exchange on premise. >If you want to use Microsoft's Azure AD and the Exchange cloud services >on top, you have to migrate your users to Azure AD. In any case you >need an Active Directory for Exchange server. > >>I was wondering if this is possible with a dovecot setup > >> 1. public folder can be implemented with a public mailbox? > >Yes, but public folders in Exchange are dying for years. >They still exist, but are only supported so so. >Public mailboxes in dovecot are supported full fledged. > >> 2. authorize users via groups access to mailboxes/folders of the >> public >>folder/mailbox. I think I saw ACL's with dovecot, does this compare to >>'folder permissions' > >Not really, but I'm not an expert for permissions on public mailboxes. > >> 3. is it possible with sieve to apply a rule on any mailbox/folder? >>Thus if I 'drag' a message to a folder, the sieve rule is activated? > >You can configure a folder to act on incoming mail in the folder >properties. I never tested, though, if "incoming" also applies when >copying to a folder. > >Bye. >Michael. Thank you, Michael, for an intelligent and reasoned response. The last thing this forum needs are the rantings of some anarchist with dreams of socialism. In any event, I question why the OP is interested in Exchange 2016? It has already been surpassed by MS Exchange 2019. I would seriously question the wisdom of using any outdated software, especially if it happens to be in a 'mission-critical' position. Perhaps this URL might be of interest to the OP. https://docs.microsoft.com/en-us/Exchange/new-features/new-features?view=exchserver-2019 I do agree that DOVECOT != MS EXCHANGE. They are two very different animals. I have never liked having to use multiple applications to achieve the same results I can with an 'all-in-one,' but that is just my personal preference. For the record, I do use 'dovecot' for my home network. Using MS Exchange would be massive overkill. -- Jerry pgpkBcBBK0Pc2.pgp Description: OpenPGP digital signature
Re: Disable Dovecot LDA
On Thu, 2 Apr 2020 13:18:14 +, Adam Raszkiewicz stated: >Desired flow looks like: > >Dovecot -> Postfix --> Relay Server -┐ >Dovecot <-- LMTP/LDA <-- Postfix <-┘ > >Top part of that flow works fine - a message will get to the relay >server and it will be send back to the postfix for a local delivery >but then it will start to loop back to the relay server instead hand >over to LMTP/LDA. > >For some reason Postfix doesn't know that a...@localdomain.com is >located on Dovecot and it will try to send it back to the relay >server. I have the same problem explained here: >https://serverfault.com/questions/1010325/postfix-via-relay-server-and-lmtp-configuration-for-incoming-delivery-to-local-m > >Thanks for any help! >~Adam > >On 4/1/20, 6:45 PM, "dovecot on behalf of Dauser Martin Johannes" > wrote: > >On Dienstag, 31. März 2020 21:14:26 CEST Adam Raszkiewicz wrote: >> But then it loops again when get back to the postfix as an >> incoming message (doesn't know that a...@localdomain.com is >> located on that Dovecot) >+ >> Is there any way to disable Dovecot LDA? I want to always send >> email via postfix and relay server even it will be a local >> delivery within the Dovecot server >> >>Thanks, >>Adam > >Why should a disabled LDA or a relayhost help in this matter? > Honestly, who is sending what to where anyway? > >I mean Dovecot is an IMAP-Server: It receives emails from Postfix > and mailclients connect to Dovecot to get these mails. When a > mailclient sends an email it connects to Postfix not to Dovecot, so a > delivery "within Dovecot" isn't really happening. Dovecot's LDA has > options to send (bounce) mails back to Postfix. I guess loops occur > there? >WHO doesn't know that a...@localdomain.com is located on Dovecot > -- Dovecot itself (= unknown recipient or perhaps permission problems > while saving the mail) or Postfix (= no transport to Dovecot)? > >Martin This question really belongs on the 'postfix' forum. Have you read <http://www.postfix.org/DEBUG_README.html> or better still, <http://www.postfix.org/DEBUG_README.html#mail>. The "postfinger" tool is the best way. -- Jerry pgpddSbXQSgBz.pgp Description: OpenPGP digital signature
Re: Headsup on feature removal - password
On Wed, 18 Mar 2020 09:51:51 -0400, Hendrik Boom stated: >Was there any reason for this message to be HTML-only? Was there any reason to 'top post' and include the HTML text? -- Jerry pgp8kPbePAcFr.pgp Description: OpenPGP digital signature
Re: Dovecot - spam training through Outlook
On Fri, 6 Mar 2020 14:23:09 +0100, Claudius stated: >On 05.03.2020 17:50, Jerry wrote: >> Again, these are obsoleted versions of MS Outlook. The latest >> official release is the 2019 version. I am actually using the beta >> version, but I doubt that it would make much difference. I would >> highly recommend updating to the latest version and then retrying >> the script. If it still fails, then file a bug report. >> >> I actually read the posts in the link you supplied. The last post was >> in regards to Outlook 2013, and it is nearly three years old. >> Complaining about the the operation of an old version is like >> beating a dead horse. >> >Did you verify that the issue is gone in the new version or are you >just pitching Outlook to me? Actually, I have the beta version of Outlook. However, since I don't use it in the same manner as you do, I obviously have not proof either way as 6to its behavior. Microsoft maintains several chat forums that offer advice. I have used several of them myself. Your question might best be asked, and hopefully answered there. >As I said we don't use it anymore. Last I saw this issue hasn't been >resolved in any recent Outlook version. > >Also Outlook 2013 is still supported until 2023 so I don't know what >you are complaining about people complaining. I am not complaining, just pointing out that it is by no means current. Microsoft, as well as many other software authors, rarely back-ports a non-security feature unless it is a real show-stopper. This obviously is not. >>Good luck. > >Thanks, same to you. -- Jerry pgpGUC95BLB_p.pgp Description: OpenPGP digital signature
Re: Dovecot - spam training through Outlook
On Thu, 5 Mar 2020 17:08:48 +0100, Claudius stated: >On 05.03.2020 16:26, Jerry wrote: >> On Thu, 5 Mar 2020 12:53:32 +0100, Claudius stated: >>> There are multiple bug reports about this and MS seems to have >>> fixed it once in Outlook 2010 but broke it again sometime later. >> Outlook 2010 is ancient. Exactly where did you find these bug >> reports? Have you tried submitting a new bug report? I assume you >> are using the latest version of MS Outlook. >> >I think I was confusing it with the last working version. 2010 didn't >have the issue. 2013 has/had it. > >Here is the thread I bookmarked when trying to resolve this before >giving up and shelving it: >https://social.msdn.microsoft.com/Forums/en-US/8eafe714-8a8c-44bc-9228-d6a68731494f/outlook-2013-behavior-as-an-imap-client > >I think nothing has been fixed as Outlook still does APPEND. Again, these are obsoleted versions of MS Outlook. The latest official release is the 2019 version. I am actually using the beta version, but I doubt that it would make much difference. I would highly recommend updating to the latest version and then retrying the script. If it still fails, then file a bug report. I actually read the posts in the link you supplied. The last post was in regards to Outlook 2013, and it is nearly three years old. Complaining about the the operation of an old version is like beating a dead horse. Good luck. -- Jerry pgpdbSPufGTdY.pgp Description: OpenPGP digital signature
Re: Dovecot - spam training through Outlook
On Thu, 5 Mar 2020 12:53:32 +0100, Claudius stated: >There are multiple bug reports about this and MS seems to have fixed it >once in Outlook 2010 but broke it again sometime later. Outlook 2010 is ancient. Exactly where did you find these bug reports? Have you tried submitting a new bug report? I assume you are using the latest version of MS Outlook. -- Gerard pgpJr0wwk8_WS.pgp Description: OpenPGP digital signature
Re: Dovecot 2.3.9 fails on FreeBSD
On Wed, 4 Dec 2019 18:54:52 +0100, Pascal Christen via dovecot stated: >He's the maintainer ;) > >> The official FreeBSD ports system does not even have the Dovecot >> 2.3.9 port available yet. I think it is a little premature to start >> making changes or modifications until the port maintainer has had a >> chance to avail himself of the problem, if one exists. My original reply was supposed to be direct at "". I think that somehow that got lost in the transmission. I had not even seen Larry's response at that time. In any case, I did not mean any disrespect to anyone. -- Jerry
Re: Dovecot 2.3.9 fails on FreeBSD
On Wed, 4 Dec 2019 18:06:58 +0100, Pascal Christen via dovecot stated: >Hi > >I've just tried to build the latest Dovecot 2.3.9 on FreeBSD 11.3. >Without success...It fails on the following commit which was introduced >in 2.3.9: >https://github.com/dovecot/core/commit/c85f1bc3ce612c736c9d2c468cc08306db1b5851 > >Following output is the build log: https://pastebin.com/3nvSeDn8 > >So I guess it has to do with some changes FreeBSD made: >https://reviews.freebsd.org/D18630 > > >What do you guys think? > > >Greetings Pascal The official FreeBSD ports system does not even have the Dovecot 2.3.9 port available yet. I think it is a little premature to start making changes or modifications until the port maintainer has had a chance to avail himself of the problem, if one exists. -- Jerry
Re: Dovecot eBook
On Sat, 20 Jul 2019 09:55:25 -0700, Chris Bennett via dovecot stated: >On Sat, Jul 20, 2019 at 02:32:34AM -0600, LuKreme via dovecot wrote: >> On Jul 19, 2019, at 19:29, Peter Fraser via dovecot >> wrote: >> > I have a strange question. I bought the Dovecot Book off Amazon. I >> > can easily prove it with a picture and/or my receipt off Amazon. I >> > still have it o my library but I don’t like to travel around with >> > it. Is there a way for me to get a PDF copy? I just checked Amazon >> > and there is still no PDF version available there. >> >> Tedious, but scan the book. I have done this with my iPhone and it >> resulted in a very good copy that was fully OCRed > >I will double check, but there is software in OpenBSD (Linux too), that >can quickly change ebook to pdf. No hassle and you can boot OpenBSD off >of a usb stick. > >Chris Bennett There are several on-line converters available. This is one: https://ebook.online-convert.com/convert-to-pdf There are also numerous programs available; however, they are all Windows based as far as I can tell. -- Jerry pgpHtd8yxZxD8.pgp Description: OpenPGP digital signature
Re: Pigeonhole-0.5.7 fails to build from sources
On Sat, 13 Jul 2019 02:34:09 +0300, Lefteris Tsintjelis via dovecot stated: >Solution is to uninstall the port and then build. If dovecot is >already installed it will not build. > >On 13/7/2019 0:08, Lefteris Tsintjelis via dovecot wrote: >> Latest update fails to build from sources in FreeBSD 12-STABLE >> >> --- lda-sieve-plugin.lo --- >> lda-sieve-plugin.c:82:27: error: variable has incomplete type >> 'struct smtp_submit_input' >> struct smtp_submit_input submit_input; I am using 'poudriere' on a FreeBSD 12.0-RELEASE-p7, and both dovecot and pigeonhole build and install correctly. You do have to restart dovecot after the update though. -- Jerry
Unknown error message
dovecot 2.3.6 (7eab80676) FreeBSD 12.0-RELEASE-p5 amd64 I have recently been finding error messages similar to the following in my Dovecot log file: May 26 06:58:32 imap(ger...@seibercom.net)<87791>: Error: stat(/var/mail/vmail/seibercom.net/gerard/.dovecot.sieve/tmp) failed: Not a directory The message is correct as there is no such directory. The question is why has it suddenly started appearing? I checked my maillog file, and there are no messages being transmitted to Dovecot when that error message is created. Neither is there any mail with that ID number either. Could this be someone attempting to hack into my system? Thanks! -- Jerry pgpsfqHD9p6rE.pgp Description: OpenPGP digital signature
Re: smtputf8
On Fri, 10 May 2019 15:27:03 +0300, Aki Tuomi stated: >On 10.5.2019 13.16, Jerry via dovecot wrote: >> On Thu, 9 May 2019 22:25:59 +0200, Admin via dovecot stated: >> >>>> Am 09.05.2019 um 22:15 schrieb Jerry via dovecot >>>> : >>>> >>>> I am trying to find out if Dovecot supports "smtputf8". Obviously, >>>> I am looking in the wrong places, but I just cannot find a >>>> definitive answer. >>> Have a look at this recent discussion: >>> >>> http://dovecot.2317879.n4.nabble.com/SMTPUTF8-support-td67266.html> >> Okay, if I am interpreting that correctly, Dovecot does not support >> "smtputf8". Are there any plans to make Dovecot fully support it? >> >> Thanks! >> >Yes, there are plans to work on this in near future. > >Aki Great :) -- Jerry pgpNPnkgmnyZ9.pgp Description: OpenPGP digital signature
Re: smtputf8
On Thu, 9 May 2019 22:25:59 +0200, Admin via dovecot stated: >> Am 09.05.2019 um 22:15 schrieb Jerry via dovecot : >> >> I am trying to find out if Dovecot supports "smtputf8". Obviously, I >> am looking in the wrong places, but I just cannot find a definitive >> answer. >Have a look at this recent discussion: > >http://dovecot.2317879.n4.nabble.com/SMTPUTF8-support-td67266.html> Okay, if I am interpreting that correctly, Dovecot does not support "smtputf8". Are there any plans to make Dovecot fully support it? Thanks! -- Jerry pgpncqU73VF3h.pgp Description: OpenPGP digital signature
smtputf8
I am trying to find out if Dovecot supports "smtputf8". Obviously, I am looking in the wrong places, but I just cannot find a definitive answer. Thanks! -- Jerry pgpvijdRHHK3h.pgp Description: OpenPGP digital signature
Re: Using lmtp to authenticate email users
On Thu, 28 Mar 2019 05:22:37 -0700, Patrick Mahan via dovecot stated: >FreeBSD 11.2 >Postfix 3.3.2 >Dovecot 2.3.4 > >I am trying to use dovecot lmtp with postfix to verify authentication >of incoming email and to avoid being a spam relay (an issue I was >having using sendmail as my MTA). > >I am getting the following log message in /var/log/maillog: > >Mar 30 20:31:38 ns postfix/smtpd[40373]: NOQUEUE: reject: RCPT from >mail-eopbgr750091.outbound.protection.outlook.com[40.107.75.91]: 450 >4.1.1 < ma...@mahan.org>: Recipient address rejected: unverified >address: host ns.mahan.org[private/dovecot-lmtp] said: 550 5.1.1 > User doesn't exist: ma...@mahan.org (in reply to >RCPT TO command); from=< pma...@silver-peak.com> to= >proto=ESMTP helo=< NAM02-BL2-obe.outbound.protection.outlook.com> > >'mahan' does exist on ns.mahan.org. So I am confused to why lmtp is >failing to find this username. > >Thanks, > >Patrick > You probably shuld be asking this on the Postfix forum. Have you read <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>? You also have "smtpd_reject_unlisted_recipient" options. You really need to post the output of "postconf -nf" and perhaps "postconf -Mf". -- Jerry
Re: Error configuring unix_listener stats-writer
On Sun, 17 Feb 2019 10:47:29 +0100, Peter Nabbefeld via dovecot stated:
>Hello,
>
>I've got a very strange problem:
>When I try to configure the stats-writer socket, I'm told the
>configuration is a duplicate, though none exists in the configuration
>files. So I'd guess the configuration is set either built-in or
>implicitly.
>
>I've put the following into conf.d/10-master.conf:
>service auth {
> unix_listener auth-userdb {
> }
>
> unix_listener stats-writer {
> user = vmail
> group = vmail
> mode = 0666
> }
>}
>
>BTW, using imap for mail traffic.
>
>Is there any tool displaying an "effective" config tree (i.e., a tool
>displaying the resulting configuration from every file, displaying the
>original file and line number)? "dovecot -a" only displays all
>configurations, but without source reference, so it's impossible to
>find out about the details. :-(
>
>Kind regards
>
>Peter
"doveconf -n" should do what you want. Post the "entire output" from
that command here so we an analyze it.
--
Jerry
pgp_Lx8fJvAZQ.pgp
Description: OpenPGP digital signature
Re: Sieve "OOO" configuration
On Sat, 05 Jan 2019 11:40:52 -0500, James Cassell stated: >On Sat, Jan 5, 2019, at 11:26 AM, Jerry wrote: >> I am able to get sieve issuing an "out of office"message correctly. >> However, I want to configure it to send an "OOO" message only during >> certain dates, say on weekends, or only between certain hours. I can >> do that manually; however, was wondering if there is any automatic >> method available that could handle this chore. >Look at the currentdate test >https://tools.ietf.org/html/rfc5260#section-5 > > >V/r, >James Cassell Wow, that looks to be just what I wanted. I will experiment with it a little bit and see if I can get it working the way I want. Thanks! -- Jerry
Sieve "OOO" configuration
I am able to get sieve issuing an "out of office"message correctly. However, I want to configure it to send an "OOO" message only during certain dates, say on weekends, or only between certain hours. I can do that manually; however, was wondering if there is any automatic method available that could handle this chore. Thanks! -- Jerry
Re: 2.3.4 doesnt compile on FreeBSD 11.2 using clang
On Sat, 29 Dec 2018 00:51:53 +, Chris stated: >extract below, this has already been reported a while back but still >no new patch, so this email is to serve as a reminder, if someone >manually fixes it for the ports tree, I dont consider that a fix, >ideally we need this fixed in the source code, as not everyone will >install it from ports. > >Chris > >"clang40 -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib >-I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings >-I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/var/run/dovecot"\" >-DPKG_STATEDIR=\""/var/lib/dovecot"\" -DSYSCONFDIR=\""/etc/dovecot"\" >-DBINDIR=\""/usr/bin"\" -I/usr/local/include -std=gnu99 >-fdiagnostics-color -Wl,-rpath=/usr/local/llvm40/lib -O2 -pipe >-march=native -fno-strict-aliasing -fstack-protector-strong >-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes >-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 >-Wbad-function-cast -Wno-duplicate-decl-specifier -Wstrict-aliasing=2 >-I/usr/local/include -MT test-event-stats.o -MD -MP -MF >.deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c >clang-4.0: warning: -Wl,-rpath=/usr/local/llvm40/lib: 'linker' input >unused [-Wunused-command-line-argument] >test-event-stats.c:101:8: warning: implicit declaration of function >'kill' is invalid in C99 [-Wimplicit-function-declaration] >(void)kill(stats_pid, SIGKILL); > ^ >test-event-stats.c:101:24: error: use of undeclared identifier >'SIGKILL' >(void)kill(stats_pid, SIGKILL); > ^ >1 warning and 1 error generated. >gmake[2]: *** [Makefile:656: test-event-stats.o] Error 1 >gmake[2]: Leaving directory >'/usr/local/directadmin/custombuild/dovecot-2.3.4/src/lib-master' >gmake[1]: *** [Makefile:565: install-recursive] Error 1 >gmake[1]: Leaving directory >'/usr/local/directadmin/custombuild/dovecot-2.3.4/src' >gmake: *** [Makefile:683: install-recursive] Error 1" One of the purposes of the "ports tree" is to correct problems with the "source code". Perhaps you could more fully explain why you choose not to install from the "ports system"? Is there a specific problem you are trying to correct or a feature not available that you require? -- Jerry
Re: argonid and dovecote
On Thu, 6 Dec 2018 19:05:59 +, Larry Rosenman stated: >On 12/6/18, 1:03 PM, "dovecot on behalf of Jerry" > wrote: > >On Thu, 6 Dec 2018 18:38:32 +, Larry Rosenman stated: > >>Because it is a PASSWORD hash, not an authentication mechanism. > >Okay, that make sense. Perhaps, a note about that somewhere might prove >useful. > >-- >Jerry >Where on the wiki would you suggest that be put? I think that what was confusing, at least for me, is that the "doveadm-pw" man page says: -l List all supported password schemes and exit successfully. There are up to three optional password schemes: BLF-CRYPT Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their availability depends on the system's currently used libc. I had assumed, obviously incorrectly, that I had to enter the scheme into the dovecot conf file as indicated earlier. Perhaps, for people like me that are not the sharpest knife in the drawer, a notation to that affect might prove useful. Just my 2 ¢. -- Jerry
Re: argonid and dovecote
On Thu, 6 Dec 2018 18:38:32 +, Larry Rosenman stated: >Because it is a PASSWORD hash, not an authentication mechanism. Okay, that make sense. Perhaps, a note about that somewhere might prove useful. -- Jerry
Re: argonid and dovecote
On Thu, 6 Dec 2018 18:16:05 +, Larry Rosenman stated: >Update to the latest port in the HEAD ports tree > >On 12/6/18, 11:44 AM, "dovecot on behalf of Jerry" > wrote: > >on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play >nice with "argonid" encryption. > >In the "10-auth.conf" file, I tried: > >auth_mechanisms = plain argon2id > >Upon restarting dovecot, I received an error message when attempting to >actually it: > >auth: FATAL: Unknown authentication mechanism "ARGON2ID" > >Output from doveadm pw -l > >doveadm pw -l >SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT > SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT > CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 >PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 > >I assume I am making a stupid mistake, but I do not know what it is. > >-- >Jerry I have the latest port. I discovered that I do not have to list "argon2id" in "auth_mechanisms", although that does seem strange. -- Jerry
argonid and dovecote
on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play nice with "argonid" encryption. In the "10-auth.conf" file, I tried: auth_mechanisms = plain argon2id Upon restarting dovecot, I received an error message when attempting to actually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, but I do not know what it is. -- Jerry
Re: dovecot and argon2 encryption
On Tue, 4 Dec 2018 12:22:15 +, Larry Rosenman stated: >On 12/4/18, 1:14 AM, "dovecot on behalf of Aki Tuomi" > wrote: > > >On 3.12.2018 22.24, Jerry wrote: >> I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 >> installed. I was playing around with different encryption schemes. >> >> doveadm pw -l >> SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT >> CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN >> SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 >> PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 >> >> There is no mention of "argon2" shown. Now, from the command line I >> can enter this command: >> >> ~ $ echo -n "Secret-Password" | argon2 somesalt >> Type: Argon2i >> Iterations: 3 >> Memory: 4096 KiB >> Parallelism:1 >> Hash: >> e6432f595e88c7c54c30d530b0fc7d9953510e5ccf295359258f4ea22a3d >> Encoded: >> > $argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$5kMvWV6ZmYjHxUww1TCw/H2ZU1EOXM8pU1klj06iKj0 >> 0.039 seconds Verification ok >> >> However, this fails: >> >> doveadm pw -p "Secret-Password" -s argon2 >> Fatal: Unknown scheme: ARGON2 >> >> I have tried different ways to enter "argon2", but nothing works. Can >> someone tell me what I am doing wrong? >> >> Thanks :) >> >Argon support is present if dovecot is compiled with `--with-sodium` and >you have sodium development packages installed. > >Aki > > >I'm the dovecot maintainer for FreeBSD, and I just committed an update to >the port to include a libsodium option. Thank you. I am installing it now. -- Jerry
dovecot and argon2 encryption
I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 There is no mention of "argon2" shown. Now, from the command line I can enter this command: ~ $ echo -n "Secret-Password" | argon2 somesalt Type: Argon2i Iterations: 3 Memory: 4096 KiB Parallelism:1 Hash: e6432f595e88c7c54c30d530b0fc7d9953510e5ccf295359258f4ea22a3d Encoded: $argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$5kMvWV6ZmYjHxUww1TCw/H2ZU1EOXM8pU1klj06iKj0 0.039 seconds Verification ok However, this fails: doveadm pw -p "Secret-Password" -s argon2 Fatal: Unknown scheme: ARGON2 I have tried different ways to enter "argon2", but nothing works. Can someone tell me what I am doing wrong? Thanks :) -- Jerry
Re: v2.3.4 released
On Fri, 23 Nov 2018 10:45:56 -0500, Brad Smith stated: >On 11/23/2018 9:31 AM, The Doctor wrote: > >> On Fri, Nov 23, 2018 at 04:06:53PM +0300, Odhiambo Washington wrote: >>> On Fri, 23 Nov 2018 at 15:29, Timo Sirainen wrote: >>> >>>> https://dovecot.org/releases/2.3/dovecot-2.3.4.tar.gz >>>> https://dovecot.org/releases/2.3/dovecot-2.3.4.tar.gz.sig >>>> Binary packages in https://repo.dovecot.org/ >>>> >>>> * The default postmaster_address is now "postmaster@>>> server hostname>". If username contains the @domain part, that's >>>> used. If not, then the server's hostname is used. >>>> * "doveadm stats dump" now returns two decimals for the "avg" field. >>>> >>>> + Added push notification driver that uses a Lua script >>>> + Added new SQL, DNS and connection events. >>>> See https://wiki2.dovecot.org/Events >>>> + Added "doveadm mailbox cache purge" command. >>>> + Added events API support for Lua scripts >>>> + doveadm force-resync -f parameter performs "index fsck" while opening >>>> the index. This may be useful to fix some types of broken index >>>> files. This may become the default behavior in a later version. >>>> - director: Kicking a user crashes if login process is very slow >>>> - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages >>>> unless QUIT is sent. >>>> - auth: Fix crypt() segfault with glibc-2.28+ >>>> - imap: Running UID FILTER script with errors assert-crashes >>>> - dsync, pop3-migration: POP3 UIDLs weren't added to >>>> dovecot.index.cache while mails were saved. >>>> - dict clients may have been using 100% CPU while waiting for dict >>>> server to finish commands. >>>> - doveadm user: Fixed user listing via HTTP API >>>> - All levels of Cassandra log messages were logged as Dovecot errors. >>>> - http/smtp client may have crashed after SSL handshake >>>> - Lua auth converted strings that looked like numbers into numbers. >>>> >>>> >>> FreeBSD 11.2 (amd64): >>> >>> gmake[2]: Entering directory >>> '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4/src/lib-master' >>> gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns >>> -I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream >>> -DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\" >>> -DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\" >>> -DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\" >>> -DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 >>> -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W >>> -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith >>> -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime >>> -Wstrict-aliasing=2 -I/usr/local/include -MT test-event-stats.o -MD -MP >>> -MF .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c >>> test-event-stats.c: In function 'kill_stats_child': >>> test-event-stats.c:101:2: warning: implicit declaration of function 'kill' >>> [-Wimplicit-function-declaration] >>>(void)kill(stats_pid, SIGKILL); >>>^ >>> test-event-stats.c:101:24: error: 'SIGKILL' undeclared (first use in this >>> function) >>>(void)kill(stats_pid, SIGKILL); >>> ^ >>> test-event-stats.c:101:24: note: each undeclared identifier is reported >>> only once for each function it appears in >>> gmake[2]: *** [Makefile:656: test-event-stats.o] Error 1 >>> gmake[2]: Leaving directory >>> '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4/src/lib-master' >>> gmake[1]: *** [Makefile:565: install-recursive] Error 1 >>> gmake[1]: Leaving directory >>> '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4/src' >>> gmake: *** [Makefile:683: install-recursive] Error 1 >>> >> Looks like our porters will have their hands full. > >Complete over exaggeration. Dovecot 2.3.4 and Dovecot Pigeonhole 0.5.4 are already in the FreeBSD ports system and both install and work fine, at least on my 11.2-RELEASE-p4 amd64 machine. If you are rolling your own, then you have to expect occasional problems. -- Jerry
Re: Renewal of Let's Encrypt Certificates in Dovecot
On Thu, 11 Oct 2018 12:39:07 +0200, Miloslav Hůla stated: >Dne 2018-10-11 v 10:55 Ignacio Garcia napsal(a): >> Hi there. I've been using Dovecot for quite some time now but I just >> started using Let's Encrypt certs. Since LE certs are renewed >> automatically without user intervention I'm wondering if I will need to >> restart dovecot after that renewal... >> >> Has anybody had any experience with that? >> >> Thanks so much for your help! >> >> Ignacio > > From my experience, restart is required. > >On Debian Strech, I edited cron job to: > >certbot -q renew --renew-hook 'service dovecot restart' --renew-hook >'service postfix reload' > >Milo > This works fine for me: certbot renew --deploy-hook "service dovecot restart" -- Jerry
Re: Dovecot -v 2.2.27 (c0f36b0): Outgoing mail server fails
On Sat, 6 Oct 2018 11:00:17 -0500, Tommy Lane stated: >Hello Everyone, > I'm having an issue with a recent install of postfix and Dovecot. I can > authenticate without any issues for "incoming" mail server, but when I > attempt to send an email from the account my client gives an auth error. > the server shows that I was authed using plain-auth, which I would also > like to change as these machines are accross the open internet. > >Any help would be greatly appreciated. > >-Tommy Log files would help. Also, the output of "dovecot -n" might prove useful. -- Jerry
Re: outlook idiocy - IMAP folders with /
>On Tue, Oct 2, 2018 at 09:59, Wojciech Puchar wrote: >>> >>> As I have no control over their minds, hands, and client software, I wish >>> I could enforce the policy from the server, returning an error message to >>> the client. >>> >>> On its turn, this requires the client to listen to such server messages, >>> operated by a smarter user. >>> >>> At the end of the day, it feels like we are re-discovering the wheel, as >>> such problems should have been addressed and solved long ago by an RFC. >>> >>> Listescape is a welcome patch. Let see if it works. I just have to select >>> a character that no user could type and still practical for the >>> filesystem to use... >>> >>> >>> On Mon, Oct 1, 2018 at 10:07, Timo Sirainen wrote: >>> On 28 Sep 2018, at 16.44, Wojciech Puchar wrote: >>> >>> user attempts to create folders with / dovecot naturally cannot create it >>> so it returns error but outlook of course "create" it and keep data in >>> local store only. data is lost when you remove local store .pst file. >>> >>> The question is - can dovecot be configured so it will automatically >>> replace slash in name with something else? >>> >>> >>> https://wiki2.dovecot.org/Plugins/Listescape maybe? >> >> the problem with pseudomail pseudoprogram outlook is that it simply >> ignores error and shows folder created, then even allow to store messages >> in it (store it locally in temporary file). >> >> When file is deleted messages are lost. >> >On Tue, 02 Oct 2018 11:29:40 +, Rupert Gallagher stated: >I think we need a public compliance test, similar to html and ssl, then >people would start questioning the quality of their own client, and migrate >to better ones. When Micro$oft will eventually feel the pinch, then they >will start fixing their $hit. People have the power! (I like that song.) Nobody is going to stop using Outlook because some *.nix user has gotten his shorts up in a knot. Now, I did ask this question on a MS Outlook Tech Forum. One of the first responses I got was to ask exactly what Dovecot's response was to the attempt to create this folder; i.e., what error message or code was returned by Dovecot. I don't have the answer to that. If someone can supply me with the complete and accurate return code I will post that and see what transpires. By the way, could we please do away with the "TOP POSTING" on this thread. It seems rather counter productive to be bitching about the behavior of MS Outlook while a poster posts in an unsatisfactory manner. -- Jerry
Storing Messages in the cloud
A colleague asked me if it was possible for Dovecot to store messages in the cloud. I have not heard of it being done and therefore assume it is not possible, but I thought I would ask regardless. I tried checking on the “One Drive” forum; however, I have not received any response back yet. Thanks! -- Jerry
New error message with Dovecot/Pigeonhole
FreeBSD 11.1 / amd64 dovecot --version 2.3.2 (582970113) Pigeonhole version 0.5.2 (7704de5e) I have run 'sieve-test" many times to check out changes in my "sieve" scripts. This morning, it suddenly started issuing this error message: sieve-test(root): Fatal: Couldn't drop privileges: User is missing UID (see mail_uid setting) I am not sure what is wrong or how to correct it, since it never happened before. -- Jerry "Ainsi sera, groigne qui groigne"
Re: outlook hangs using TLS
On Fri, 08 Jun 2018 21:00:29 +0200, ivanb.dsol stated:
> Original message
>From: Jerry
>Date: 6/8/18 20:59 (GMT+01:00)
>To: Dovecot Mailing List
>Subject: Re: outlook hangs using TLS
>
>On Fri, 8 Jun 2018 18:19:14 +0100, Vladimir Tiukhtin stated:
>>On 08/06/18 18:17, Jerry wrote:
>>> On Fri, 8 Jun 2018 17:54:28 +0100, Vladimir Tiukhtin stated:
>>>
>>>> I am using dovecot 2.2.10 on CentOS 7
>>>>
>>>> Any Outlook versions (2007, 2010, 2013...) hang if I tried to use TLS,
>>>> it works if I switch in client TLS to SSL. Thunderbird works perfect
>>>> both scenarios
>>> {snip}
>>>
>>> Seriously, those versions of Outlook are both old and no longer supported.
>>> In any case, you have already answered your question; ie, use SSL.
>
>>I have tested just now on outlook 2016 - same issue. TLS makes it hanged
>
>I am using Outlook 2016 on a Windows 10 Pro amd64 system. Dovecot is running
>on a FreeBSD 11.1 machine. Dovecot version: 2.3.1 (8e2f634). It is working
>fine. What port numbers and authentication types are you employing?
>Sent from my Samsung Galaxy smartphone.
>A vide se postovi i kategorije... to sam propustio... obrisacu... pa
>javljam
I don't speak that language. According to Google Translate, that means, "And
you can see the posts and categories... I missed it... deleted... so I'm
reporting" I don't understand what you are referring to.
--
Jerry
Re: outlook hangs using TLS
On Fri, 8 Jun 2018 18:19:14 +0100, Vladimir Tiukhtin stated:
>On 08/06/18 18:17, Jerry wrote:
>> On Fri, 8 Jun 2018 17:54:28 +0100, Vladimir Tiukhtin stated:
>>
>>> I am using dovecot 2.2.10 on CentOS 7
>>>
>>> Any Outlook versions (2007, 2010, 2013...) hang if I tried to use TLS,
>>> it works if I switch in client TLS to SSL. Thunderbird works perfect
>>> both scenarios
>> {snip}
>>
>> Seriously, those versions of Outlook are both old and no longer supported.
>> In any case, you have already answered your question; ie, use SSL.
>I have tested just now on outlook 2016 - same issue. TLS makes it hanged
I am using Outlook 2016 on a Windows 10 Pro amd64 system. Dovecot is running
on a FreeBSD 11.1 machine. Dovecot version: 2.3.1 (8e2f634). It is working
fine. What port numbers and authentication types are you employing?
--
Jerry
Re: outlook hangs using TLS
On Fri, 8 Jun 2018 17:54:28 +0100, Vladimir Tiukhtin stated:
>I am using dovecot 2.2.10 on CentOS 7
>
>Any Outlook versions (2007, 2010, 2013...) hang if I tried to use TLS,
>it works if I switch in client TLS to SSL. Thunderbird works perfect
>both scenarios
{snip}
Seriously, those versions of Outlook are both old and no longer supported. In
any case, you have already answered your question; ie, use SSL.
--
Jerry
Re: doveconf error upon boot up
On Tue, 10 Apr 2018 11:08:20 -0400, David Mehler stated:
>Can you send a complete doveconf -n and your dovecot startup lines in
>/etc/rc.conf?
/etc/rc.conf
## Dovecot
dovecot_enable="YES"
# 2.3.1 (8e2f634): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.1 (d9bc6dfe)
# OS: FreeBSD 11.1-RELEASE-p9 amd64 zfs
# Hostname: localhost
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = yes
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
login_greeting = Seibercom NET Here
mail_location = maildir:/var/mail/vmail/%d/gerard
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
subscriptions = yes
type = private
}
passdb {
args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users/passwd
driver = passwd-file
}
plugin {
sieve_default = /usr/local/etc/dovecot/sieve/default.sieve
sieve_global = /usr/local/etc/dovecot/sieve/default.sieve
sieve_vacation_send_from_recipient = yes
}
postmaster_address = postmas...@seibercom.net
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert =
doveconf error upon boot up
FreeBSD 11.1-RELEASE-p9 amd64 doveconf # 2.3.1 (8e2f634): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.1 (d9bc6dfe) # OS: FreeBSD 11.1-RELEASE-p9 amd64 zfs # Hostname: localhost I can send the entire output if necessary. Error message upon boot up: doveconf: error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory Starting dovecot. Dovecot appears to start correctly There is a link in the "/var/run/dovecot directory for dovecot.conf" lrwx-- 1 root wheel 35B 2018-04-10 10:21:52 EDT dovecot.conf@-> /usr/local/etc/dovecot/dovecot.conf This error message has only started since the update to the latest version of dovecot. I am assuming it is just a harmless error message; however, I would like to confirm that hypothesis. -- Jerry
Re: Outlook 2016 & IMAP Trouble with dovecot
On Tue, 6 Mar 2018 10:22:36 +0100, Jakob Curdes stated: >> Thanks, >> >> that means that outlook is useless as an Imap client then . This is >> the whole idea behind >> imap, to be able to do work while off-line and sync changes when >> on-line or I get it wrong ? >> >> thanks anyway > >I would see it a bit more general: Outlook is mostly useless as email >client in general (not looking at the groupware functionality). Even >with Exchange or other server types, many simple things do not work >reliably and never get fixed. >And the simplest things are impossible, e.g. displaying the full email >address of a sender instead of the name only (to make it harder to spoof >senders). I suspect 2016 is the 2nd-last version of Outlook to be >released and from then on it will be browser-only. >That said, IMAP support is "strange" and has always been - OL trusts its >own .ps ort .ost file more than the server which circumvents the general >idea of IMAP. If you need Outlook, avoid IMAP and if you need IMAP, >avoid Outlook > >JC What version of Outlook are you using? I have "2016 (16.0.9029.2016) 32-bit installed and it does not exhibit the problems that you allege it does? Have you ever tried any of the MS Forums? https://social.technet.microsoft.com/Forums/en-US/home https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook http://answers.microsoft.com/en-us/office/forum/outlook There are others of course, and I have had good success in the past getting answers. In my experience, the source of the problem is usually PEBKAC. -- Jerry
Re: v2.3.0 release candidate released
On Thu, 21 Dec 2017 13:50:06 +0300, Odhiambo Washington stated: >On 21 December 2017 at 01:16, Michael Grimm wrote: > >> Hi, >> >> Odhiambo Washington wrote: >> >> > What am I missing here: >> > >> > OS = FreeBSD 8.4 >> > >> > Here is how it fails during `gmake`: >> >> [snip] >> >> Hmm, FBSD 8.4 has reached End of Life a long time ago, namely on August 1, >> 2015. It has not seen security updates ever since :-( >> >> Thus, I am just curious: but why can't you upgrade to either 10.x or 11.x? >> >> Regards, >> Michael >Hi Michael, > >I know about that EoL, but I do believe it has nothing to do with the >failure to compile Dovecot, or does it? > >I am moving to new hardware and latest FreeBSD version soon. In the >meantime, I need to run Dovecot on it. FreeBSD is a very finicky creature. I have had problems in the past where newer programs either would not compile or failed to work as intended on older versions of FreeBSD. My advice to you would be to upgrade to the latest stable version of FreeBSD. Do it in a clean environment. Don't try and upgrade over an old installation. I have seen too many instances where old crap was left around and caused headaches later. I usually reformat the drive(s) first, but that is your call. Good luck! -- Jerry
Re: Sieve with LDA
On Sat, 16 Dec 2017 18:17:39 -0800, Doug Hardie stated: >I found an email that sieve stored in Deleted Messages incorrectly. The log >messages show sieve doing that, but don't give me any indication of which >sieve rule caused the problem. I went through it manually, but didn't see >anything that matched. I seem to recall that there was a way to use >sieve-test to show the rules and how they were applied, but I can't seem to >get it to do that now. > It depends on how much info you want. Read the "man sieve-test" for more info. sieve-test -d- "script file" "mail-file" That will give you the most complete info. Omit the "-d-" for an abbreviated output. -- Jerry
Re: Need help in understanding auth digest-md5 and realm
On Fri, 27 Oct 2017 21:35:16 +0300 (EEST), Aki Tuomi stated: >We actually discovered that Android has a bug with DIGEST-MD5, which Google >refuses to fix. Also DIGEST-MD5/CRAM-MD5 etc are not really good idea with >SSL anyways Could you actually describe what that bug is? I actually know someone at Google and they might be able to get it investigated and perhaps corrected. The more info you could supply, the better. Thanks :) -- Jerry
Re: Outlook 2016 SSO with GSSAPI auth?
On Tue, 24 Oct 2017 16:59:51 -0500, Robert Giles stated: >Hi folks, > >I've been sifting through various threads on GSSAPI and NTLM support, >and I'm wondering if anyone out there can confirm or deny GSSAPI IMAP >auth support in Microsoft Outlook 2016 (Windows)? Perhaps there's some >magic registry key to change IMAP auth from PLAIN to GSSAPI? > >We're trying to do single sign-on + e-mail for Windows domain users; >Thunderbird GSSAPI works fine, of course, but Outlook 2016 is the >policy-mandated e-mail client for this particular environment (Windows >10 client desktop, Windows Server 2012 R2 AD, RHEL7 Dovecot). > >It seems that Outlook 2016 might also support NTLMv1 / GSS-SPNEGO out of >the box for IMAP accounts, but NTLMv1 is - rightly - disabled in this >environment (and I also see 'NT_STATUS_UNSUCCESSFUL' reported by >/usr/bin/ntlm_auth back to the Dovecot auth worker). > >Thanks for any ideas out there! In the past, I have had pretty good success posting a question regarding MS Outlook on these tech forums. https://social.technet.microsoft.com/Forums/office/en-us/home?forum=outlook https://answers.microsoft.com/en-us/msoffice/forum?tab=all&auth=1 YMMV of course. Jerry
Re: General IMAP question
IMAP has always worked fine with mbox format. Dovecot, WU IMAP, plus others
Jerry
On 09/ 1/17 08:17 AM, Scott Techlist wrote:
That is, where will the IMAP account's mail "go"? Right now it goes to
/var/mail/[localusername]. Maybe incorrectly, I assumed IMAP required Maildir
format? How are folders handled with this setting?. The one IMAP account would
be used for spamassassin training, it would need 2 shared/public folders
("spam", "ham").
[SUMMARY] trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
I'm done. Good to go. Good compile + new binaries all built against the latest OpenSSL libraries. Big thank you to James, Joseph Tam and Aki Tuomi who game me pointers and kept me in the right direction. These are the settings that made everything work for me. First, needed a current, up-to-date version of OpenSSL in place. Generally pretty easy task. I discovered that OpenSSL will not create shared libraries on Solaris using GNU make. No problem, everything worked just fine using the system /usr/ccs/bin/make . Back to Dovecot. Environmental variables - this is what I needed for my system. Although I'm a Sys V guy, never cared for the /opt thing, and ended up adopting /Applications from NeXT . setenv CPPFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" setenv LDFLAGS "-L/Applications/openssl-1.0.2l.32/lib" setenv SSL_CFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" setenv SSL_LIBS "-R/Applications/openssl-1.0.2l.32/lib -L/Applications/openssl-1.0.2l.32/lib" setenv LIBS "-lcrypto -lssl" setenv LD_LIBRARY_PATH "/Applications/openssl-1.0.2l.32/lib:/usr/lib:/usr/local/lib:/usr/xpg4/lib:/usr/openwin/lib:/usr/dt/lib" Config statement: ./configure \ --prefix=/Applications/dovecot-2.2.32.32 \ --with-ssl=openssl \ --with-ssldir=/Applications/dovecot-2.2.32.31/certs From there, it was run "make" then wait for the compile to finish. It had been a while since I did a fresh Dovecot compile, and in the past, I had just used the system provided OpenSSL install. This took a bit more work. Hope this can help out someone else in the future. Thank you, Jerry
Re: trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
On 08/25/17 04:08 PM, Joseph Tam wrote: # ./configure \ --prefix=/Applications/dovecot-2.2.31.32 \ --with-ssl=openssl \ --with-ssldir=/Applications/dovecot-2.2.31.32/certs \ --with-storages=mbox,maildir,imapc,pop3c I believe "--with-storages" option is now obsolete: all the storage backends are built, whether you ask for it or not. Thanks again Joseph. Left this off the last reply. Regarding storages, OK, I will leave this configure option off for future build attempts.
Re: trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
Hello Joseph, Thanks for the reply. Please see inline comments: On 08/25/17 04:08 PM, Joseph Tam wrote: I would also check where the "... is not portable!" messaage is generated. If it's done by the configure script, you can look at the test to give you a hint as to why this message was generated. James (from the 1st reply) comments that this is a common output and is of no concern. Wondering if someone else can validate? For my setup, I did much the same as you but didn't have to set the SSL_CFLAGS, SSL_LIBS environment variables, nor did I set the --with-ssldir configure option (although your setup may need it). I did this stuff specifically because the system has some old OpenSSL 0.9.7* stuff that is obviously obsolete and insecure, but cannot be removed. In short, I did not want for the Dovecot configure script to find or try to use any of that stuff. Maybe check output of file /Applications/openssl-1.0.2l.32/lib/libssl.so.1.0.0 # file /Applications/openssl-1.0.2l.32/lib/libssl.so.1.0.0 /Applications/openssl-1.0.2l.32/lib/libssl.so.1.0.0:ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped, no debugging information available # ls -l /Applications/openssl-1.0.2l.32/lib/libssl.so.1.0.0 -r-xr-xr-x 1 root root 424708 Aug 25 16:17 /Applications/openssl-1.0.2l.32/lib/libssl.so.1.0.0 # just to make sure your library's arhitecture matches your expectation. # ./configure \ --prefix=/Applications/dovecot-2.2.31.32 \ --with-ssl=openssl \ --with-ssldir=/Applications/dovecot-2.2.31.32/certs \ --with-storages=mbox,maildir,imapc,pop3c I believe "--with-storages" option is now obsolete: all the storage backends are built, whether you ask for it or not. Joseph Tam
a bit further along - back to Dovecot compile - Re: trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_set_tmp_dh_callback SSL_get_current_compression [224] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_current_compression SSL_set_info_callback [128] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_set_info_callback SSL_connect [228] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_connect SSL_shutdown [227] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_shutdown SSL_CTX_set_client_CA_list [24]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_set_client_CA_list SSL_use_certificate [5] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_use_certificate SSL_CTX_use_certificate [165] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_use_certificate SSL_CTX_ctrl [48]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_ctrl SSL_CTX_free [141] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_free SSL_get_current_cipher [186] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_current_cipher SSL_get_ex_data_X509_STORE_CTX_idx [84]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_ex_data_X509_STORE_CTX_idx SSL_state_string_long [160] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_state_string_long SSL_alert_desc_string_long [52]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_alert_desc_string_long SSL_get_version [136] | 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_version SSL_get_ex_data [40]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_ex_data [84]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_get_ex_data_X509_STORE_CTX_idx SSL_set_cipher_list [85]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_set_cipher_list SSL_set_ex_data [15]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_set_ex_data SSL_CTX_set_cipher_list [97]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_set_cipher_list SSL_set_verify [88]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_set_verify SSL_CTX_set_tmp_rsa_callback [47]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_CTX_set_tmp_rsa_callback SSL_library_init [27]| 0| 0|NOTY |GLOB |0|UNDEF |SSL_library_init is this the correct and expected output from /usr/ccs/bin/nm On 08/25/17 08:36 AM, James wrote: On 25/08/2017 04:52, Jerry Kemp wrote: ERR_clear_error is in libcrypto: $ nm -D path/to/libcrypto.so.1.0.0 | grep ERR_clear_error [3834] |920944| 140|FUNC |GLOB |3|11 |ERR_clear_error Check that your link flags have a -L to libcrypto (ultimately a run path too). Check libtool is not changing your flags because it thinks it knows better. Extract the link commands from your log/output and run manually, add/remove compiler flags, change link paths, hopefully you will find the fault. James.
a bit further along - OpenSSL - Re: trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
a bit further along, but not quite there yet! Hello James, thanks for kicking me off in the right direction. Couple of additional details, using GCC for a compiler. And, at least for now I am going to focus on the 32 bit compile. I do not ever see dovecot handling Gb sized files on this box. Also, you were dead on regarding the libcrypto.so stuff. Had a big problem jumping back to my newly compiled OpenSSL stuff. In short, regardless of the successful "make test", I was only producing a libcrypto.a, and not the libcrypto.so* file(s). It appears that OpenSSL does *NOT* like GNU make, and apparently, GNU make will not produce OpenSSL shared libraries on Solaris. A recompile using the system "/usr/ccs/bin/make" successfully produced the shared files I needed. .. /Applications/openssl-1.0.2l.32/lib 578 # ls -l total 7094 drwxr-xr-x 2 root root 14 Aug 25 16:17 engines -rw-r--r-- 1 root root 2933668 Aug 25 16:17 libcrypto.a lrwxrwxrwx 1 root root 18 Aug 25 16:17 libcrypto.so -> libcrypto.so.1.0.0 -r-xr-xr-x 1 root root 1895472 Aug 25 16:17 libcrypto.so.1.0.0 -rw-r--r-- 1 root root 551312 Aug 25 16:17 libssl.a lrwxrwxrwx 1 root root 15 Aug 25 16:17 libssl.so -> libssl.so.1.0.0 -r-xr-xr-x 1 root root 424708 Aug 25 16:17 libssl.so.1.0.0 drwxr-xr-x 2 root root 5 Aug 24 02:41 pkgconfig /Applications/openssl-1.0.2l.32/lib 579 # .. reference Marc Girod-2's 19 Oct 2006 1101 post here <http://openssl.6102.n7.nabble.com/Solaris-installation-Text-relocation-remains-td8346.html> '/usr/ccs/bin/make test' against the new compile was successful Please reference follow on email "back to Dovecot" Thank you. On 08/25/17 08:36 AM, James wrote: On 25/08/2017 04:52, Jerry Kemp wrote: Hello Jerry, attempting to compile dovecot 2.2.31 on Sun/Oracle Solaris 10 SPARC. It worked for me so you should make it to your goal. configure goes fine. First sign of problems during compile is with this warning: ... *** libssl_iostream_openssl.so is not portable! That's just libtool whinging. I see the same. system ZLIB library is/was 32 bit, and if there is a 64 bit version provided by Sun/Oracle, neither myself or the "configure" script could locate it. Not a big detail, ZLIB is an easy compile, just trying to share all relevant data. $ file /usr/lib/64/libz.so /usr/lib/64/libz.so:ELF 64-bit MSB dynamic lib SPARCV9 Version 1, dynamically linked, not stripped, no debugging information available The compiler should find by itself $ cc -m64 junk.c -lz $ ldd a.out libz.so.1 => /usr/lib/64/libz.so.1 libc.so.1 => /lib/64/libc.so.1 libm.so.2 => /lib/64/libm.so.2 /platform/SUNW,Sun-Blade-1000/lib/sparcv9/libc_psr.so.1 ...but I build my own zlib and use a 32-bit dovecot anyway. Undefined first referenced symbol in file ERR_clear_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_load_error_strings ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_ctrl_get_write_guarantee ... ld: fatal: symbol referencing errors. No output written to .libs/test-http-client collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `test-http-client' ERR_clear_error is in libcrypto: $ nm -D path/to/libcrypto.so.1.0.0 | grep ERR_clear_error [3834] |920944| 140|FUNC |GLOB |3|11 |ERR_clear_error Check that your link flags have a -L to libcrypto (ultimately a run path too). Check libtool is not changing your flags because it thinks it knows better. Extract the link commands from your log/output and run manually, add/remove compiler flags, change link paths, hopefully you will find the fault. James.
trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
attempting to compile dovecot 2.2.31 on Sun/Oracle Solaris 10 SPARC. configure goes fine. First sign of problems during compile is with this warning: ... *** libssl_iostream_openssl.so is not portable! ... actual ERRORS - Soon, compile errors out with undefined symbols. Output at bottom of note. ... additional system information. OpenSSL - just prior to dovecot compile attempt, I downloaded and successfully compiled OpenSSL version 1.0.2l (to include a successful "make test" ) in directory /Applications/openssl-1.0.2l.32 , want to link against current code and not mess with system provided SSL stuff in /usr/sfw/* ENV setting and configure command line prior to compile - # setenv CPPFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" # setenv LDFLAGS "-L/Applications/openssl-1.0.2l.32/lib" # setenv SSL_CFLAGS "-I/Applications/openssl-1.0.2l.32/include -I/Applications/openssl-1.0.2l.32/include/openssl" # setenv SSL_LIBS "-R/Applications/openssl-1.0.2l.32/lib -L/Applications/openssl-1.0.2l.32/lib" # ./configure \ --prefix=/Applications/dovecot-2.2.31.32 \ --with-ssl=openssl \ --with-ssldir=/Applications/dovecot-2.2.31.32/certs \ --with-storages=mbox,maildir,imapc,pop3c . What is the .32 stuff I see appended to directories? I did a 32 bit compile of the latest OpenSSL, then , the data shown here is also for a 32 bit dovecot build to link against the 32 bit OpenSSL build. I have been fighting this for a few days, and had also done an identical 64 bit OpenSSL, then dovecot build. The 64 bit dovecot build failed in the same way and place. Additionally, when I did the 64 bit compile, I ended up pulling down a current copy of ZLIB, and doing a 64 bit compile of that library also, and installing it under /Applications then linking against that. the system ZLIB library is/was 32 bit, and if there is a 64 bit version provided by Sun/Oracle, neither myself or the "configure" script could locate it. Not a big detail, ZLIB is an easy compile, just trying to share all relevant data. . Try again with the latest code. I have been working/fighting 2.2.31 for a couple of days. I see earlier today, dovecot 2.2.32 was released earlier today, so before anyone runs to put on their "*L*" cap and advise me to pull down the latest code, I already did that, and the compile errors out in the same place. . If your still reading, thank you, just want to provide as many relevant details as possible. Again, symbol errors from compile are at bottom. TIA for any helpful comments or suggestions, Jerry ... Undefined first referenced symbol in file ERR_clear_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_load_error_strings ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_ctrl_get_write_guarantee ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so EVP_PKEY_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_use_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_peer_certificate ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_CIPHER_get_bits ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_CIPHER_get_name ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so DH_generate_parameters ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so sk_value ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so PEM_X509_INFO_read_bio ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_NAME_oneline ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ERR_get_error_line_data ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_write ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_NAME_get_text_by_NID ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_ex_new_index ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_get_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ENGINE_init ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ENGINE_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_ctrl_pending ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_INFO_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_get_ext_d2i ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ERR_get_error ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so PEM_read_bio_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so OPENSSL_add_all_algorithms_noconf ../lib-ssl-iostream/.libs/libssl_iostream_open
LMTP and Postfix
I am setting up a new system that will be using Dovecot with Postifx. I am planning on using LMTP. I read the wiki and and found the settings I need to make in Dovecot and the Postfix main.cf file. However, I saw nothing about the Postfix master.cf file. Do I need to make and changes to it also? Thanks -- Jerry
Re: pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017 11:04:40 +0100, Sebastian Arcus stated: >On 21/08/17 10:37, Gedalya wrote: >> On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote: >>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>> 993 over 143? or? >> There is no concrete answer. There are various opinions and feelings about >> this. The opinion againt 993/995 is that these are not standard ports, > >Out of curiosity, is there a source for this? It's the first time I hear >that 993/995 are not standard ports - and searching on the Internet, I >can't find any evidence to back it up? Also, pretty much all email >software has been using them for the past 20 years or so. It seems like >a curiously high rate of adoption for a non-standard :-) One of the places I have found extremely useful over the years is: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers It lists the port number, TCP & UDP, description and IANA Status. It also lists multiple use ports; such as 465. Port TCP UDP Description IANA status 143 TCP Assigned Internet Message Access Protocol (IMAP) managementOfficial 465 TCP URL Rendezvous Directory for SSM (Cisco protocol) Official 465 TCP Authenticated SMTP over TLS/SSL (SMTPS) Unofficial 993 TCP Assigned Internet Message Access Protocol over TLS/SSL (IMAPS) Official 995 TCP UDP Post Office Protocol 3 over TLS/SSL (POP3S) Official -- Jerry
Re: Modify stored mail contents?
>> On Sat, 22 Jul 2017 12:51:15 +0200, Evan Martin stated: >> >>> Is there a safe way to modify the contents of emails stored by >>> Dovecot? I'll probably only want to change the message bodies, not >>> the headers, if that matters. Looking for ways to do this both for >>> existing emails and new emails as they are received (though anything >>> that works for existing emails can probably just be run again for >>> new emails.) My mail storage is currently mdbox, but I could >>> migrate to another format if that helps. > On 22/07/2017 3:56 PM, Jerry wrote: >> You could just view the message in your MUA and then save it to >> another drive, or whatever. Then, using a text editor, you could >> modify it to your hearts content. >> >> Exactly, what problem are you trying to address? On Sat, 22 Jul 2017 16:05:19 +0200, Evan Martin stated: > Yes, obviously clients can save messages. I meant: to modify messages > in bulk, on the server, replacing the existing message bodies stored > by Dovecot. I am not understanding what problem you are trying to alleviate. Are these your messages or those of your clients? -- Jerry
Re: Modify stored mail contents?
On Sat, 22 Jul 2017 12:51:15 +0200, Evan Martin stated: >Is there a safe way to modify the contents of emails stored by >Dovecot? I'll probably only want to change the message bodies, not the >headers, if that matters. Looking for ways to do this both for >existing emails and new emails as they are received (though anything >that works for existing emails can probably just be run again for new >emails.) My mail storage is currently mdbox, but I could migrate to >another format if that helps. You could just view the message in your MUA and then save it to another drive, or whatever. Then, using a text editor, you could modify it to your hearts content. Exactly, what problem are you trying to address? -- Jerry
Re: sieve vacation message if ....
On Fri, 23 Jun 2017 16:25:24 +0200, Stephan Bosch stated:
>Op 23-6-2017 om 16:15 schreef Larry Rosenman:
>> On 6/23/17, 9:13 AM, "dovecot on behalf of Jerry"
>> wrote:
>>
>> On Fri, 23 Jun 2017 14:46:21 +0200, Stephan Bosch stated:
>>
>> >Op 21-6-2017 om 19:16 schreef lejeczek:
>> >> hi fellas
>> >>
>> >> generic construct for(if possible): reply vacation message if
>> >> address is not from add1@com1 add2@com2
>> >>
>> >> would you share?
>> >
>> >require "vacation";
>> >
>> >if not address "from" ["add1@com1", "add2@com2"] {
>> > vacation "I am on vacation.";
>> >}
>> >
>> >Regards,
>> >
>> >Stephan.
>>
>>
>> I have used this myself. I have always wondered though is it
>> possible to have a vacation message only sent on a weekend. This is
>> the scenario. My office closes on Friday at 4pm and does not reopen
>> until Monday at 9am. I would like to automate a way to have a
>> message sent that states that to customers who send us emails on the
>> weekend. Right now I have to do it manually. Is there another way to
>> do it?
>> Thanks!
>>
>> Look at the “date” extension:
>> https://tools.ietf.org/html/rfc5260#section-4
>
>Specifically, use the "currentdate" test described in Section 5.
>
>Regards,
>
>Stephan.
Thanks. I was not aware that test even existed.
--
Jerry
Re: sieve vacation message if ....
On Fri, 23 Jun 2017 14:46:21 +0200, Stephan Bosch stated:
>Op 21-6-2017 om 19:16 schreef lejeczek:
>> hi fellas
>>
>> generic construct for(if possible): reply vacation message if
>> address is not from add1@com1 add2@com2
>>
>> would you share?
>
>require "vacation";
>
>if not address "from" ["add1@com1", "add2@com2"] {
> vacation "I am on vacation.";
>}
>
>Regards,
>
>Stephan.
I have used this myself. I have always wondered though is it possible
to have a vacation message only sent on a weekend. This is the scenario.
My office closes on Friday at 4pm and does not reopen until Monday at
9am. I would like to automate a way to have a message sent that states
that to customers who send us emails on the weekend. Right now I have
to do it manually. Is there another way to do it?
Thanks!
--
Jerry
Re: my domain in both my destination and virtual_mailbox_domains?
On Thu, 20 Apr 2017 03:02:26 +, Michael Segel stated: >I’m doing a new dovecot mail server for my domain. Here’s yet another >thing I mucked up. > >I wanted to set up virtual mailboxes. One reason was that I wanted to >set up virtual users for the domain so I don’t need to create user >accounts just mail accounts. I followed one of the many examples / >tutorials out there and I end up with the following warning message. > >postfix/trivial-rewrite[8818]: warning: do not list domain >..com in BOTH mydestination and >virtual_mailbox_domains > >I checked my configuration, I don’t see where I’ve set up anything for >mydestination in postfix. > >I’m trying to work thru the log file issues that I can find… this is >just one more. > >To add to the confusion, I’m using webmin as my server admin UI to >make life easier… yet it seems to much things up a bit This is a Dovecot list, not a Postfix list. At the very least, you need to post the complete output of "postconf -nf" assuming a version of Postfix >= 2.9, or else just omit the "n" parameter. While you are at it, include the output of "dovecot -n" -- Jerry
Re: help
On Wed, 19 Apr 2017 13:20:09 + (UTC), Bhushan Bhosale stated: >Dear Team > >I have faced issue with email downloading in the email client by using >pop3 SSL port 995 in dovecot v2.1.17 for outlook client 2016 on >production environment. > >As per my troubleshooting on my test environment, I have upgraded >dovecot version v2.2.28, and changed paramer "ssl_dh_parameters_length >= 2048" and "verbose_ssl = yes", The issue seems to be resolved in >dovecot v2.2.28. > >What can i do to resolve this issue in dovecot v2.1.17 in Production >environment? Kindly help. > >Thanks a lot in advance. >Regards, >Bhushan Bhosale I am sort of confused here. Outlook 2016 fully supports POP3 on port 110 with TLS. In fact, that is how I use to use it before changing to IMAP. What exactly is your problem? -- Jerry
Re: Getting error on port 995
On Sat, 1 Apr 2017 12:43:29 + (UTC), Bhushan Bhosale stated: >Dear Team, >I'm getting issue with port 995 by using Microsoft Outlook 2016 only. >The error on Microsoft Outlook showing "Your server does not support >the connection encryption type. Try changing the encryption method". >The error is only who is using Microsoft outlook2016. Kindly help. >Thanks and Regards, Bhushan Bhosale Well, it is telling you that you have a problem with the type of encryption you are using. It would help to debug this problem is you posted the output of "dovecot -n". -- Jerry
Deploying Diffie-Hellman for TLS
I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_prefer_server_ciphers = yes (Dovecot 2.2.6 or greater) DH parameters #regenerates every week ssl_dh_parameters_length = 2048 Contrary to what the site recommends, I would have thought that changes should be made in the "10-ssl.conf" file. I am running "Dovecot 2.2.28" on a FreeBSD-11 machine with OpenSSL 1.0.2k, if that makes any difference. Thanks -- Jerry
Backing Up and Restoring mailboxes
I am going to be wiping clean my system and doing a complete upgrade. I have dovecot installed. I want to back up the mail system, and then be able to restore it. I thought that I could do this. doveadm -Dv backup -u u...@example.com maildir:~/DoveBU Then I was going to gunzip that directory and put it onto a USB Drive. Now, after updating the system, I thought that I could just unzip the file from the USB drive. My question is, what command do I run to return the files to the same place they were originally. Assuming the structure was: "/var/mail/vmail/", what would I do? Thanks -- Jerry
Re: Postfix Ignoring lmtp, delivering straight to maildir
On Wed, 15 Mar 2017 10:31:17 -0700, Doug Barton stated: >I considered sending to the postfix list instead, and would be happy >to do that if it's more appropriate. If you do decide to submit your problem to Postfix, and I think you should, please follow the directions at http://www.postfix.com/DEBUG_README.html, and more specifically http://www.postfix.com/DEBUG_README.html#mail. Nothing pisses off Postfix members more than posting what "YOU" think the main.cf and master.cf are rather than what Postfix is actually interpreting it to be. Include your Postfix version and OS. That includes including actual log entries, not just a one line snippet. Also, be sure to explain exactly what it is you want to accomplish. They are not mind readers. Good luck. -- Jerry
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry
Re: Dovecot 2.2.27 > 2.2.24 downgrade errors
On Mon, 12 Dec 2016 14:49:18 +0200, Mart Pirita stated: >Hello. > >Due win10 issue I had to downgrade 2.2.27 > 2.2.24 and now some >gettings errors for some users: > >Dec 12 14:42:17 server dovecot: imap(user): Panic: file >mail-index-sync-keywords.c: line 227 (keywords_update_records): >assertion failed: (data_offset >= sizeof(struct mail_index_record)) >Dec 12 14:42:17 star dovecot: imap(senefelder): Error: Raw backtrace: >/usr/lib/dovecot/libdovecot.so.0 [0x40185760] -> >/usr/lib/dovecot/libdovecot.so.0 [0x401863a6] -> >/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x4018590c] -> >/usr/lib/dovecot/libdovecot-storage.so.0 [0x400d80cf] -> >/usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_keywords+0x182) >[0x400d829a] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0x400d9405] >-> /usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_record+0x2f) >[0x400d98cb] -> >/usr/lib/dovecot/libdovecot-storage.so.0(mail_index_sync_map+0x31c) >[0x400d9d24] -> >/usr/lib/dovecot/libdovecot-storage.so.0(mail_index_map+0x9e) >[0x400d17a2] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0x400e5f3f] >-> /usr/lib/dovecot/libdovecot-storage.so.0 [0x400e6241] -> >/usr/lib/dovecot/libdovecot-storage.so.0(mail_index_open+0x86) >[0x400e635e] -> >/usr/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_open+0xa4) >[0x400c19e4] -> /usr/lib/dovecot/libdovecot-storage.so.0 [0x40076cce] >-> /usr >Dec 12 14:42:17 server dovecot: imap(user): Fatal: master: >service(imap): child 1090 killed with signal 6 (core dumps disabled) > > >I did stop dovecot, removed all dovecot-* and dovecot.* files from user >Maildir, still sameerrors. > > >Please advise? I am not sure what your problem is. I have Dovecot 2.2.27 installed on a FreeBSD-11 machine. I also have Windows 10 PRO 64 bit, version 1607, and Outlook 2016. It is now and has been working just fine. Somehow you have something bonked on your system(s). -- Jerry
Backing up dovecot mailboxes
Does anyone have a working solution as to how I can use "doveadm backup" to back up a virtual users mailbox to a removable USB device. I keep receiving numerous errors and no files are backed up although the directories are created. -- Jerry
Re: Backing up and Importing IMAP folders
On Sat, 22 Oct 2016 05:16:07 -0400, Jerry stated: >On Thu, 20 Oct 2016 20:36:35 +0300, Konstantin Khomoutov stated: > >>On Thu, 20 Oct 2016 16:57:45 +0300 (EEST) >>Aki Tuomi wrote: >> >>[...] >>> > Alternatively you can use `dsync` to perform backup with a native >>> > Dovecot tool. It's able to sync mailboxes of any Dovecot user -- >>> > including synchronizing a mailbox to an empty (yet) spool. >>> > You'll need to do a bit of shell scripting which would spin around >>> > calling `doveadm user *` and feeding its output to something like >>> > >>> > while read user; do \ >>> > dest="/var/backup/dovecot/$user"; >>> > mkdir -p "$dest" && chown vmail:vmail "$dest" \ >>> > && chmod 0755 "$dest" >>> > dsync -u "$user" backup "maildir:$dest" \ >>> > done >>> > >>> > Note that you will only need this if you don't want to shut down >>> > Dovecot to copy its mail spool out. >>> >>> You can also use doveadm backup -A maildir:%u/ >> >>Could you please elaborate? >> >>I have a typical "virtual users" setup where I do have >> >> mail_home = /var/local/mail/%Ln >> mail_location = maildir:~/mail >> >>and everything is stored with uid=vmail / gid=vmail (much like >>described in the wiki, that is). >> >>I'd like to use a single call to `doveadm backup -A ...` to back up >>the whole /var/local/mail/* to another location >>(say, /var/backups/dovecot/) so that is has the same structure, just >>synchronized with the spool. (The purpose is to then backup the >>replica off-site). >> >>I tried to call >> >> doveadm backup -A maildir:/var/backups/dovecot/%u >> >>and it created a directory "/var/backups/dovecot/%u" (with literal >>"%u", that is), created what appeared to be a single mailbox structure >>under it and after a while scared a heck out of me with a series of >>error messages reading >> >>dsync(user1): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX >>can't be deleted. >>dsync(user2): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX >>can't be deleted. >>... >> >>for each existing user. >> >>It appears that it luckily failed to delete anything in the source >>directory (though I have no idea what it actually tried to do). >> >>Reading the doveadm-backup(1) multiple times still failed to shed a >>light for me on how to actually backup the whole maildir hierarchy for >>all existing users. >> >>So, the question: how do I really should go about backing up the whole >>mailbox hierarchy in the case of virtual users? > >I am experiencing the same problem as Konstantin. Is this a bug or >expected behavior. Has anyone looked into this?
Re: Backing up and Importing IMAP folders
On Thu, 20 Oct 2016 20:36:35 +0300, Konstantin Khomoutov stated: >On Thu, 20 Oct 2016 16:57:45 +0300 (EEST) >Aki Tuomi wrote: > >[...] >> > Alternatively you can use `dsync` to perform backup with a native >> > Dovecot tool. It's able to sync mailboxes of any Dovecot user -- >> > including synchronizing a mailbox to an empty (yet) spool. >> > You'll need to do a bit of shell scripting which would spin around >> > calling `doveadm user *` and feeding its output to something like >> > >> > while read user; do \ >> > dest="/var/backup/dovecot/$user"; >> > mkdir -p "$dest" && chown vmail:vmail "$dest" \ >> > && chmod 0755 "$dest" >> > dsync -u "$user" backup "maildir:$dest" \ >> > done >> > >> > Note that you will only need this if you don't want to shut down >> > Dovecot to copy its mail spool out. >> >> You can also use doveadm backup -A maildir:%u/ > >Could you please elaborate? > >I have a typical "virtual users" setup where I do have > > mail_home = /var/local/mail/%Ln > mail_location = maildir:~/mail > >and everything is stored with uid=vmail / gid=vmail (much like >described in the wiki, that is). > >I'd like to use a single call to `doveadm backup -A ...` to back up the >whole /var/local/mail/* to another location >(say, /var/backups/dovecot/) so that is has the same structure, just >synchronized with the spool. (The purpose is to then backup the >replica off-site). > >I tried to call > > doveadm backup -A maildir:/var/backups/dovecot/%u > >and it created a directory "/var/backups/dovecot/%u" (with literal >"%u", that is), created what appeared to be a single mailbox structure >under it and after a while scared a heck out of me with a series of >error messages reading > >dsync(user1): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX >can't be deleted. >dsync(user2): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX >can't be deleted. >... > >for each existing user. > >It appears that it luckily failed to delete anything in the source >directory (though I have no idea what it actually tried to do). > >Reading the doveadm-backup(1) multiple times still failed to shed a >light for me on how to actually backup the whole maildir hierarchy for >all existing users. > >So, the question: how do I really should go about backing up the whole >mailbox hierarchy in the case of virtual users? I am experiencing the same problem as Konstantin. Is this s bug or expected behavior. -- Jerry
Backing up and Importing IMAP folders
I am running Dovecot with Postfix on a FreeBSD machine. There are problems with the drive and I cannot depend on it. Dovecot saves all mail in IMAP format. I want to back up the mail folders, install a new HD, install the latest FreeBSD OS and then reinstall my programs. Reinstalling Dovecot is simple, but how do I reinstall the IMAP folders? Can Dovecot backup the folders onto a CD and then import them when I reinstall it? My mail is kept under “/var/mail/vmail”. Should I just back up that entire directory structure and then restore it later? Thanks! -- Jerry
Re: Outlook 2010 woes
On Thu, 13 Oct 2016 08:36:23 -0500, Bryan Holloway stated: >I also extended the "Server Timeout" setting in OT2010 to 10 minutes, >which doesn't seem to help either. (!) Outlook 2010 is a very old version. Why not update to the 2016 version. I am running it without any problems. If you do update, remember to remove the old version completely first. -- Jerry
Re: shared folders
On Mon, 3 Oct 2016 12:23:30 +0200, Scherff stated: >Hi, >i am stuck. Try to install shared folders - dovecot is running fine. >ACL is working. But i can't get running the shared folders. Maybe >someone can help. > >This are the relevant conf. I think i have some mistake there - >perhaps in location - changed try and error - stuck: What you are posting is not necessarily what Dovecot is seeing. Please post the complete output of "dovecot -n" -- Jerry
Re: FreeBSD port
On Mon, 26 Sep 2016 13:21:12 -0600, The Doctor stated: >Is the person responsible for the FreeBSD port on this list? > >There might be a minor bug in a small piece of correction code issues >in the last 4 days. The maintainers email address is: . Why don't you just contact him directly, or CC him via this forum? -- Jerry
Re: Client app says my chained Comodo cert is invalid
> On 2016 Jul 27, at 15:20, Joseph Tam wrote: > > Well, yes, that's what you would expect. You've told your mail client > to connect to "45.56.81.181", the client starts the SSL negotiation > and finds the certificate is made out for "sheepsystems.com", and your > mail client complains about the mismatch (a possible MITM attack). > This is what you want SSL enabled system to do. Very sensible - I hadn’t thought of that. > Since 45.56.81.181 does not map to "sheepsystems.com" yet, you can > short-circuit DNS and add a direct mapping to your Mac by adding this > to /etc/hosts: > > 45.56.81.181 sheepsystems.com > > then reconfiguring your mail client to use the server "sheepsystems.com". > This will appease the SSL constraint. I did that, and it appears working now – logging in, finding no messages and logging out. Of course, I’d been using that private/etc/hosts patch to test my new web pages, but it didn’t seem to work with email – it was still hitting my existing server. It now appears that, with Mail.app, unlike with Safari and Firefox, one must flush the DNS cache (sudo killall -HUP mDNSResponder), and/or relaunch Mail.app, after changing /private/etc/hosts. > Don't know [those log entries] this is about -- probably your Mac bailing out > on authentication. Yes, that’s what I thought - when it didn’t like the cert it just aborted and the server logged a timeout. Well, definitely you’ve gotten me over one hurdle and I’m on to the next one :) Thank you, Joseph!
Re: Client app says my chained Comodo cert is invalid
> On 2016 Jul 27, at 15:20, Joseph Tam wrote: > > Well, yes, that's what you would expect. You've told your mail client > to connect to "45.56.81.181", the client starts the SSL negotiation > and finds the certificate is made out for "sheepsystems.com", and your > mail client complains about the mismatch (a possible MITM attack). > This is what you want SSL enabled system to do. Very sensible - I hadn’t thought of that. > Since 45.56.81.181 does not map to "sheepsystems.com" yet, you can > short-circuit DNS and add a direct mapping to your Mac by adding this > to /etc/hosts: > > 45.56.81.181 sheepsystems.com > > then reconfiguring your mail client to use the server "sheepsystems.com". > This will appease the SSL constraint. I did that, and it appears working now – logging in, finding no messages and logging out. Of course, I’d been using that private/etc/hosts patch to test my new web pages, but it didn’t seem to work with email – it was still hitting my existing server. It now appears that, with Mail.app, unlike with Safari and Firefox, one must flush the DNS cache (sudo killall -HUP mDNSResponder), and/or relaunch Mail.app, after changing /private/etc/hosts. > Don't know [those log entries] this is about -- probably your Mac bailing out > on authentication. Yes, that’s what I thought - when it didn’t like the cert it just aborted and the server logged a timeout. Well, definitely you’ve gotten me over one hurdle and I’m on to the next one :) Thank you, Joseph!
Client app says my chained Comodo cert is invalid
I’ve configured Dovecot and Postfix on a new VPS running Ubuntu 16.04, using
Linode’s tutorial [1], to require authentication and SSL encryption for both
POP3 and SMTP. All looks OK to me except, when my email client app (macOS
Mail.app) tries to log in, it says that my cert is invalid.
The trouble appears when I attempt to configure a client account in Mail.app on
my Mac. For the POP server name, I enter my VPS’ “45.56.81.181", because
public DNS is still pointing to my existing host. I set the account to use the
Apple TLS certificate, and then click to save this new account info. Before
saving, Mail.app checks my entries by attempting to log in. The result is:
“The identify of server 45.56.81.181 cannot be verified. The certificate for
this server is invalid.” At the same time, on my new server, some entries
appear in /var/log/mail.log [2].
The certificate in question is a new PositiveSSL/Comodo cert I bought the other
day. It works OK for serving web pages - I mean, on this same Mac, when I
visit my under-construction site at https://45.56.81.181 in Safari or Firefox,
I get the padlock icon and no warnings.
Comodo gave me two two files, a “.crt” which contains my cert, and a
“.ca-bundle.crt” which contains their certs. Per Dovecot documentation, I
concatenated these into a “chained” file containing all 3 certs, starting with
mine. In /etc/dovecot/conf.d/10-ssl.conf, I set ssl_cert = this “chained” file.
I tried adding the two original cert files to macOS Keychain.app with “Always
trust” but that did not help.
Being new at this, I would appreciate any suggestions. My `dovecot -n` output
is below [3].
Thank you very much!
Jerry Krinock
[1]
https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
**
[2] /var/log/mail.log entries when client attempts login
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL: where=0x10, ret=1:
before/accept initialization [24.4.251.228]
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL: where=0x2001, ret=1:
before/accept initialization [24.4.251.228]
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL: where=0x2001, ret=1:
unknown state [24.4.251.228]
Jul 27 12:22:19 bird dovecot: message repeated 6 times: [ pop3-login: Debug:
SSL: where=0x2001, ret=1: unknown state [24.4.251.228]]
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL: where=0x2002, ret=-1:
unknown state [24.4.251.228]
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL: where=0x2002, ret=-1:
unknown state [24.4.251.228]
Jul 27 12:22:19 bird dovecot: pop3-login: Warning: SSL failed: where=0x2002:
unknown state [24.4.251.228]
Jul 27 12:22:19 bird dovecot: pop3-login: Debug: SSL error: Disconnected
Jul 27 12:22:19 bird dovecot: pop3-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=24.4.251.228, lip=45.56.81.181, TLS handshaking:
Disconnected, session=<8HuX76I4p8gYBPvk>
Yes, 24.4.251.228 is the IP address of my Mac.
**
[3] Output from `dovecot -n`
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.5.5-x86_64-linode69 x86_64 Ubuntu 16.04 LTS ext4
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
}
}
ssl = required
ssl_cert =
Re: an e-mail client for dovecot ?
On Sat, 16 Jul 2016 07:27:15 -0700, Dave Stevens stated: >On Sat, 16 Jul 2016 08:02:33 + (UTC) >Spyros Tsiolis wrote: > >> Hello all, >> >> For some years now, I've been using Thunderbird for dovecot. >> I am not very satisfied with t/b so I thought of using m/s outlook >> but then I thought that I want to distance my clients from office >> products. >> >> I have a newly created dovecot installation on a very small site. >> Three nodes, all x86 Windows 7 professional with an ubuntu v14.04 >> server (x86 again) running dovecot 1.2.17. >> >> The clients there use dovecot as an imap server, so they have a >> real-world e-mail account each and whatever they want to keep , they >> store by gradding-and-dropping to the imap (local / archive) account. >> >> Since I have quite some experiece with thunderbird, I know most of >> its shortcomings; So I thought if there's an alternative (better?) >> imap mail client for x86 windows 7 systems than t/b. >> >> Even better if there's an alternative client that is also supporeted >> under linux . >> >> Any ideas are welcome, >> >> TIA, >> >> s.t. > >I use Claws and like it a lot. Has plugins for extensions, very fast to >work with. > >Dave I like "claws-mail" also; however, it does have some particular quirks. The most annoying one is that it is not a fully "multi-threaded" application. This can make it extremely annoying when sending or receiving mail. -- Jerry
Re: Sieve + Vacation
On Mon, 02 May 2016 18:15:11 +0200, Benny Pedersen stated: >On May 1, 2016 4:00:15 PM Jerry wrote: > >> I am not sure if this is possible. When I use "vacation" in a sieve >> script, it always sends the response using "<>". I need it to send >> the response using a specific address. Is this possible? >> >> Thanks :) > >Why not just talk with Eliza abort it ?, maybe she know Siri >usefullness aswell?, sorry could not resist here I have no idea what you are talking about. -- Jerry
Sieve + Vacation
I am not sure if this is possible. When I use "vacation" in a sieve script, it always sends the response using "<>". I need it to send the response using a specific address. Is this possible? Thanks :) -- Jerry
Moving to as new server
I will shortly have to replace the OS on my machine. For various reasons, I will not be able to use a program like “imapsync” to transfer my documents to a new server. All of the mail folders on my present PC are stored under “/var/mail/vmail”. If I copied all of the folders under “vmail” and moved them to the new PC, would Dovecot be able to access them normally? Dovecot would not be running while I moved the files. Thanks
Re: Dovecot and Windows Live Mail 2012?
On Wed, 13 Apr 2016 18:45:24 -0400, David Mehler stated: >Hello, > >I'm using self-signed certificates, but my CA public key is imported. > >I checked the logs and was getting an error about no authentication >which is probably why it was failing. I then switched to 587 and 993 >ports and now it works, but it's very intermediant, sometimes it >works, other times not. > >If there's a better free windows email client, (please not >thunderbird), that doesn't have these Microsoft-isms i'd appreciate >knowing about it. > >Thanks. >Dave. 99% of all the problems I have witnessed with a Windows based MUA is due to a firewall misconfiguration. Check there first. Also, check the official documentation for the application, etc. Outlook.com uses 587 and 993 by default, assuming an IMAP connection. Please see this URL for complete instructions. https://www.outlook-apps.com/outlook-com-pop-settings/ -- Jerry
Re: mail filter plugin script doesn't effective
On Thu, 31 Mar 2016 20:32:57 +0530, use experience stated: >BTW, I have tried modifying as follows, but still I script doesn't >effective. Please stop top-posting. It is really annoying. Also, why are your posts all double spaced? Anyway, I found two URLs that might be of interest to you. http://wiki.dovecot.org/PostLoginScripting http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms Good luck -- Jerry
Re: mail filter plugin script doesn't effective
On Thu, 31 Mar 2016 19:56:04 +0530, use experience stated:
>> unix_listener auth-userdb {
>>
>> mode = 0777
>>
>> }
Try adding:
user = vmail
group = vmail
Why are you using mode = 0777? I never use more than 0666. Usually just
0660 and all works well. Try to include the "group" in your definitions.
Restart dovecot and see what happens.
Re: Dovecot mail-filter execution error.
On Thu, 31 Mar 2016 13:28:50 +0530, use experience stated: >Hello, > > >While using mail-filter plugin, I am getting following error. Please >help me. > > >Mar 31 07:48:31 ip-172-31-29-173 dovecot: lda: Error: userdb lookup: >connect(/var/run/dovecot/auth-userdb) failed: Connection refused > >Mar 31 07:48:31 ip-172-31-29-173 dovecot: lda: Fatal: Internal error >occurred. Refer to server log for more information. Including the output of "dovecot -n" would aid us in diagnosing your problem. -- Jerry
Re: Need help solving issue
On Sat, 26 Mar 2016 17:28:29 + (UTC), MARIA jamieson stated: >Yes, I am trying it over ssl. Everything works as in I can connect to >my mail server and establish an ssl connection. There's no error with >SSL. It's just auth mechanism having a environment corruption error. >I am not the only one. You can google around and find many run into >this situation and no one could help. Most just delete the dovecot and >postfix and start over again. However, I cannot afford that because it >took me at least 3 months to setup dovecot correctly with postfix to >use virtual users. I don't have the time to spend another 3 months to >set it up. The problem lies with auth and I think this is the only >issue and it has to be that something is missing either in the configs >or a file was deleted or link to it was broken. I am sure after fixing >this issue. I will have a working mail system again. Postfix offers excellent debugging strategies. <http://www.postfix.org/DEBUG_README.html>. Have you read it? Pay particular attention to: <http://www.postfix.org/DEBUG_README.html#mail>. Note item #8, "If the problem is SASL related, consider including the output from the saslfinger tool. This can be found at http://postfix.state-of-mind.de/patrick.koetter/saslfinger/."; Give that a shot then report back the results. -- Jerry
Re: TLS handshake issue
On Thu, 17 Mar 2016 13:56:22 -0700, John Oliver replied: > With our old mail server, it "just works"... after going through the > mail setup, we don't need to do anything fancy. I can't help but > imagine that there's some other difference in the default configs. > I'll have to dump the configs of both and do a diff and hope there > aren't so many differences I can't pick out what may be relevant > here... Could you post the unobfuscated output of "dovecot -n" so we can see what your actual configuration is? -- Jerry
Problem configuring sieve
This is a fresh installation of dovecot on a FreeBSD 11 system. Trying
to run the following command produces this error:
sievec ./default.sieve
sievec(root): Debug: Loading modules from directory: /usr/local/lib/dovecot
sievec(root): Error: Couldn't load required plugin
/usr/local/lib/dovecot/lib90_sieve_plugin.so: Can't load plugin sieve_plugin:
Plugin is intended to be used only by binaries: lda lmtp (we're sievec)
sievec(root): Fatal: Internal error occurred. Refer to server log for more
information.
*** Error code 89
This is my configuration:
# 2.2.22 (fe789d2): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.12 (c1c0a23)
# OS: FreeBSD 11.0-CURRENT amd64 zfs
auth_mechanisms = plain login
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:/var/mail/vmail/%d/gerard
mail_plugins = sieve
mail_save_crlf = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users/passwd
driver = passwd-file
}
plugin {
sieve_default = /usr/local/etc/dovecot/sieve/default.sieve
}
postmaster_address = postmas...@seibercom.net
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
ssl_cert =
Dumb question: dovecot include file
Dovecot has an include file option. What I am not sure of is why those files use both a *.conf and *.conf.ext extension. I assume both types are included by using the !include .conf or !include .conf.ext syntax. -- Jerry
Re: Dovecot CalDAV server
On Fri, 11 Sep 2015 00:43:16 +0300, Timo Sirainen stated: >I've been once in a while over the years thinking about implementing CalDAV >(and CardDAV) to Dovecot. It might be time to start that soon. Does anyone >have any suggestions? So far my main goals would be: > > - scalable, of course > - configurable storage (object storage, regular fs, maybe some key-value > dbs, maybe storing as emails) > - efficient indexes (potentially using key-value dbs? or maybe just local > files. not sure yet what kind of indexing is needed) > - have it work with dsync (= replication & migration) > >Some things I wonder about: > > - Maybe there is already some code out there that could be used to > implement it faster? > - Maybe even use something else besides C to implement it.. Then again that > makes integration to Dovecot more difficult. > - Is anybody interested in helping to develop this? :) I think I still have > too much other work that I won't spend a lot of time coding it.. > >One thing that makes this easier is that Open-Xchange has already >implemented a CalDAV server, so they can help to avoid the biggest design >mistakes. (There are a couple of reasons why they'd want to replace that.) The RFCs 6352 & 4791 are all ready in place. As long as everything stays in compliance, I think it would be a wonderful idea. And yes I would stick with "C". -- Jerry pgpHXrWH65yWb.pgp Description: OpenPGP digital signature
Re: How to "Windows Authenticate"
On Tue, 08 Sep 2015 21:21:13 -0500, Rick Romero stated: >I hate Exchange - I have a nagging 45 second delay on OWA logins ever since >I had to setup multiple NICs to get Outlook to stop complaining about >certs, and today while trying to fix that issue, AD decided to stop >replicating one of my trusted domains (and began rejecting auths for linked >mailboxes from that domain) and in short I really just hate that >environment with every fiber of my being and would love to see a decent >free Exchange replacement on *nix. The only time I have had a problem with certs, is when they are "self signed". -- Jerry pgphEXabkUb7V.pgp Description: OpenPGP digital signature
Re: Public folder subscriptions with Outlook
On Tue, 8 Sep 2015 11:16:52 +0100, Paul Tansom stated: >This is more an Outlook issue than Dovecot, but given that it is connected to >Dovecot I figured there would be a good pool of knowledge here that increases >the likelihood that somebody knows the answer :) > >I have a Dovecot server setup with a public folder and keep getting >complaints that Outlook users don't see new folders created by other people. >In Thunderbird it is simply a case of unchecking the box to only show >subscribed folders, but I can't find a way to do this in Outlook. The only >thing I can think of is putting a script on the server to check for new >folders and update each users subcriptions file, but I'm not completely >happy with that solution! > >Any suggestions welcome. What version of Outlook? -- Jerry pgpUkYX17nsFN.pgp Description: OpenPGP digital signature
Re: Outlook 2013 not fetching new mail/synchronization issues
On Thu, 2 Jul 2015 13:16:06 +0300, Dragos Pacher stated:
>I also set IMAP on 143 TLS, removed Root folder path and left everything
>unchecked in outlook delete.
>
>Emails are still not fetching.
>
>Any other ideas ?
Have you use any other MUA to download emails prior to Outlook? Is any other
MUA running in the background when attempting to use Outlook? I have no idea
at this point what your problem is. I have a basic Dovecot configuration, and
it seems to work fine with Outlook 2013. This is the Dovecot config:
# 2.2.18: /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: FreeBSD 10.1-RELEASE-p10 amd64 ufs
auth_mechanisms = plain login cram-md5 digest-md5
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
mail_location = maildir:/var/mail/vmail/%d/gerard
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave duplicate
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%u /usr/local/etc/dovecot/user/passwd
driver = passwd-file
}
passdb {
args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd
driver = passwd-file
}
passdb {
args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd
driver = passwd-file
}
plugin {
sieve_global_dir = /usr/local/etc/dovecot/sieve/
sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve
}
postmaster_address = postmas...@seibercom.net
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert =
(near the bottom of the list).It requires a restart of Outlook.
Have you on the folder name and then "IMAP Folders" and
seeing if al of the folders are present? You could try the same thing only
check "Update Folder List". Also check "Account Property's"
pgpLDm7G1j75n.pgp
Description: OpenPGP digital signature
Re: Outlook 2013 not fetching new mail/synchronization issues
On Tue, 30 Jun 2015 14:44:07 +0300, Dragos Pacher stated: >I would say Outlook is standard IMAP configuration: >IMAP, 993 SSL, root folder path: "INBOX." and timeout on 1 minute. I assume you are actually subscribed to those folders. You might want to check. Also, why do you have a root folder path? I don't and it works fine. Also, the "." after "INBOX " might be causing a problem. Have you tried remove the folder path, restarting Outlook and seeing what transpires? By the way, I am using port 143 with TLS for incoming mail. Works fine. Also, I have left everything unchecked in the "Deleted Items" section. Just an idea. -- Jerry
