Re: FreeBSD / dovecot 2.2.27 / libwrap

[Jim Pazarena]

It works !

It was THAT easy !

Can you suggest how to replace the hair I pulled out ? :-)


On 2016-12-29 5:27 PM, Larry Rosenman wrote:

login_access_sockets = tcpwrap

service tcpwrap {
   unix_listener login/tcpwrap {
 group = $default_login_user
 mode = 0600
 user = $default_login_user
   }
}



On Thu, Dec 29, 2016 at 7:21 PM, Jim Pazarena <dove...@paz.bz> wrote:


I have compiled dovecot2 for FreeBSD with the tcpwrap option.

A tcpwrap binary gets built and resides in the FreeBSD directory
/usr/local/libexec/dovecot

an examination of the compiled options (using the FreeBSD pkg install
dovecot2) confirms:   LIBWRAP : on

yet, when I adjust dovecot.conf with:  login_access_sockets = tcpwrap

I get the following logged error message:

20161229 17:02:49 imap-login: Error: connect(tcpwrap) failed: No such file
or directory

Is there any way to turn up some super logging so that I can find just
what dovecot feels is the failure ?

Or, does anyone have an idea how to figure this out? What little hair I
have is rapidly getting pulled out in frustration!

Thank you.



--
Jim Pazarena dove...@paz.bz






--
Jim Pazarena dove...@paz.bz

FreeBSD / dovecot 2.2.27 / libwrap

[Jim Pazarena]

I have compiled dovecot2 for FreeBSD with the tcpwrap option.

A tcpwrap binary gets built and resides in the FreeBSD directory 
/usr/local/libexec/dovecot


an examination of the compiled options (using the FreeBSD pkg install 
dovecot2) confirms:   LIBWRAP : on


yet, when I adjust dovecot.conf with:  login_access_sockets = tcpwrap

I get the following logged error message:

20161229 17:02:49 imap-login: Error: connect(tcpwrap) failed: No such 
file or directory


Is there any way to turn up some super logging so that I can find just 
what dovecot feels is the failure ?


Or, does anyone have an idea how to figure this out? What little hair I 
have is rapidly getting pulled out in frustration!


Thank you.



--
Jim Pazarena dove...@paz.bz

dovecot / tcp-wrappers / FBSD 10.3

[Jim Pazarena]

Can anyone share the proper config to get wrappers working in dovecot on 
FreeBSD?


The dovecot examples do not seem to work, and I thought perhaps FBSD 
needs slightly different configs.


I've compiled with:   -DHAVE_LIBWRAP

which I presume is the first step.

The example for dovecot.conf in uncommenting:

login_access_sockets = tcpwrap

merely causes a log error of "imap-login: Error: connect(tcpwrap) 
failed: No such file or directory"



Suggestions/Direction much appreciated.

file/folder perms permissions

[Jim Pazarena]

Forgive me if I am blind, but I cannot find default folder permissions.

For the home directories, with the sub of mail: and deeper, I see some 
files with 660, some with 600, some folders with 770 some with 660


I am a bit confused. I manually messed with some files, and my MUA 
complained about permissions. So I got that mess fixed, and in doing so 
I noticed the seemingly contradictory permissions.


Thanks!

Fwd: Re: IP drop list

[Jim Pazarena]

On 2015-03-02 2:02 AM, Jochen Bern wrote:

On 03/01/2015 08:53 AM, Jim Pazarena wrote:

I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?

I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops [...]


The inherent assumption here is that dovecot, using a flat file, will
be able to process the block list more effectively than the firewall,
which is a tool written for the *purpose* but supposedly unable to even
*try* due to the list's size. That sounds ... counterintuitive.


I am the original poster and just came back to this thread. When the
first couple replies were fail2ban I lost interest.

The reason I contemplated a flat text scan by dovecot is because, for
the most part, my dovecot is low volume. So even if parsing a flat text
file is less 'efficient' than a firewall insertion, it WOULD serve to
defeat dictionary attacks rather readily. I already have a routine which
scans my dovecot logs for goofy attacks such as dictionary or 12345
attempts. And since the attacks are pop/IMAP only, that is the only
avenue which I wanted to defeat.

This question garnered lots and lots of responses and I appreciate them
all and read them all. And out of all the responses I think I will
pursue the ipset routine. It seems easy enough and can act at the
firewall level. The DNS RBL would be cool.

I am also cognizant that 45,000 SHOULD have a TTL. However, these were
IPs attempting to fetch email with obviously hacker type passwords.
If, later, a given IP is re-assigned to a 'legitimate' person, they
would still be able to send an email to me ' postmaster@ ' asking
about an inability to fetch email.

But parsing the flat text file would STILL be my preference. I'll look
at the source and see if I can figure out where to inject such code.
Like I said, my dovecot is low volume, so a fraction of a second at
connection time is low impact. Considering that the flat text file
may hang around in the memory cache it could even be less impact than
low.

IP drop list

[Jim Pazarena]

I wonder if there is an easy way to provide dovecot a flat text file of 
ipv4 #'s which should be ignored or dropped?


I have accumulated 45,000+ IPs which routinely try dictionary and 
12345678 password attempts. The file is too big to create firewall 
drops, and I don't want to compile with wrappers *if* dovecot has an 
easy ability to do this. If dovecot could parse a flat text file of IPs 
and drop connections it would sure put a dent in these attempts.


Thanks.

[Dovecot] password encryption

[Jim Pazarena]

I have just come to the realization that password encryption using the 
crypt function in linux, ONLY USES THE FIRST 8 CHARS. I have written 
routines using crypt allowing 16+ chars, and find that anything past 8 
is ignored. Wow.


Is there a way around this that can be used in dovecot, as well as 
encryption routines for an email front end? (not system users).


It's the integration with dovecot which is the most important.

Re: [Dovecot] IMAP vs. POP3

[Jim Pazarena]

On 2011-04-28 10:31 AM, Matt wrote:

Does IMAP create much additional system load vs. POP3?


I would say it adds considerable load to the server.
The beauty is that multiple computers can synchronize all mail
folders INCLUDING the Outbox/Sent folder to the common archive,
which becomes the mail server itself.

Is see little advantage if a single computer is involved other
than using the mail server as a backup.

Even with a single computer however, if one uses (also) a webmail
client such as roundcube etc, then IMAP once again permits
synchronizing between the webmail and the single computer.

In an environment such as mine, 2 laptops, a desktop, and
at times, webmail, it is a necessity. These days (also) mobile
mail such as on an iPhone is handier with IMAP.

Weigh all this against more drive space required, and more resources
such as extra processes running on the server.

[Dovecot] dovecot genesis v2.0.X ~ FreeBSD

[Jim Pazarena]

On 2010-10-18 9:47 AM, Jim Pazarena wrote:

V2 of dovecot has had the following releases (to recap)

2.0.0 2010-08-16
2.0.1 2010-08-24
2.0.2 2010-09-08
2.0.3 2010-09-17
2.0.4 2010-09-26
2.0.5 2010-10-01

2.0.6 2010-10-25
2.0.7 2010-11-12

FreeBSD added dovecot2 to the ports recently (finally)
Thank-you,  yay!

[Dovecot] dovecot genesis v2.0.X

[Jim Pazarena]

V2 of dovecot has had the following releases (to recap)

2.0.0  2010-08-16
2.0.1  2010-08-24
2.0.2  2010-09-08
2.0.3  2010-09-17
2.0.4  2010-09-26
2.0.5  2010-10-01

I am on FreeBSD, and the port committers want to wait till
dovecot V2 stabilizes prior to adding it to the FreeBSD
ports base.

So, my question is, respectfully, is dovecot V2.0.5 stable enough
for prime-time on a busy ISP mail server? I'll install it myself
independent of the FreeBSD ports tree if so.

Thanks,

Re: [Dovecot] dovecot genesis v2.0.X

[Jim Pazarena]

On 10/18/2010 2:12 PM, Jerry wrote:


Five updates in something like 63 days is certainly not encouraging. I
am sure that Timo is doing the best he can; however, unless you had
some over whelming need to update, and I would really like to know what
this is, I would recommend waiting. By the way, I am also using
FreeBSD-8.1/amd64. Until Dovecot can go a few months without a patch
being issued, I think I'll wait. I certainly don't need any clients
waking me up at 3 o'clock in the morning.


Mail folders containing both messages and sub-folders is what I/my clients 
desire.

http://wiki2.dovecot.org/MboxChildFolders?highlight=%28folder%29 with mbox.

[Dovecot] mbox vs maildir

[Jim Pazarena]

I've had clients 'request' nested folders, and it would seem that
maildir is designed with that ability while with mbox it is difficult
and.or impossible to implement (nested can be achieved; but not nested
AND populated in each nest level).

My question is, is one format 'better' than the other? It would
take a fair bit of time to convert my system to maildir and I would
want to feel comfortable that this would be a true 'upgrade' in
abilities, rather than simply a change to accommodate nested folders.

Thanks,

Re: [Dovecot] Failed IMAP Login Attempts in Logs

[Jim Pazarena]

On Tue, 5 Jan 2010 11:09:07 -0500, Carlos Williams carlosw...@gmail.com
wrote:
 I had a user telling me that they can't login to the Postfix email
 server via Webmail (RoundCube) and I decided to see if I could locate
 this issue in the logs and understand if the user was simply using a
 wrong password credential and or something more serious. More than
 likely the person is just using a wrong password but in search of this
 on my logs, I don't understand why Dovecot doesn't log failed login
 attempts.
 
 Is there a log level or something I am not searching for that will
 allow me to see failed or invalid logins for Dovecot (IMAP)?

# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
#auth_debug_passwords = no
auth_debug_passwords = yes

[Dovecot] nested folders

[Jim Pazarena]

using both thunderbird and roundcube with dovecot IMAP, I can create
all the folders I desire, but cannot create subfolders; I also cannot
delete a folder once created.

I get a very un-informative error message from each. Is there a special
setting required to permit sub-folder creation? folder deletion?

I've got 770 mail:mail virtual_user_home
 770 mail:mail  mail_sub-directory
 770  mail:mail   .imap
 660  mail:mail   .subscriptions
  700 mail:mail  Drafts
  700 mail:mail  INBOX
  700 mail:mail  Junk
  700 mail:mail  Sent
  700 mail:mail  Trash

Suggestions would be appreciated. Thanks!

Re: [Dovecot] basic understanding of imap in dovecot

[Jim Pazarena]

Timo Sirainen wrote:

On Wed, 2009-12-23 at 10:44 -0800, dove...@paz.bz wrote:

My MTA (exim) delivers email to:   /mail/user
dovecot, sucks that mail from /mail/user TO
/home/user/mail/filenamesoffolders


No, it doesn't suck any email (by default anyway).


I suppose my question is, is there a way to have dovecot empty/parse the
original exim mailbox
so that the customer email isn't sitting in two spots,


Dovecot should be using the mailbox directly without copying it.

So you've misunderstood something, but without more information I can't
really guess what it is.


You are sure a patient person !!

I tested my setup, and confirmed that dovecot isn't doing the things
which I suspected it was doing.

What is 'causing' this odd behavior is my use of Thunderbird MUA.
I created a new 'imap' account on Thunderbird, and started copying
the email from the old POP account into my Thunderbird 'IMAP' account.
It appears that it is Thunderbird which is uploading the email BACK to
the mail server as I copy it from the POP to the IMAP account within it.

Not sure if this is the 'correct' behavior for an MUA -- uploading back
to the server, but that IS why the home/user/mail directory is getting
populated... from Thunderbird uploads.

Can anyone point me at a tutorial on the 'abilities' of IMAP?

Jim

Re: [Dovecot] commercial help

[Jim Pazarena]

Timo Sirainen wrote:

On Nov 27, 2009, at 1:18 AM, Jim Pazarena wrote:


I am on FreeBSD with Dovecot  1.2.4
I need to have both POP3  IMAP working to replace vm-pop3d (which was POP3 
only).
Local users are:  mbox:/home/%u/mail/:INBOX=/mail/%u  with password in 
/etc/passwd

..

Virtual users (which vm-pop3d handled readily)
are mbox:/home/VIRTUAL/%d/%u:INBOX/mail/VIRTUAL/%d/%u   
   with password in /exim/etc/VIRTUAL/%d/passwd


Probably would be easiest if you just got rid of system users and had everyone 
use virtual users to access their mails.. But if you want to do it like this, 
you probably need to do something like:



this is a lot easier!

Is there a way to have dovecot 'tack on' a default @domain.name if the user
submits a username only?

for example, if the user submits joe (instead of j...@qcislands.net),
dovecot tries /home/VIRTUAL//joe/mail/VIRTUAL//joe

I would like a 'default' of /home/VIRTUAL/qcislands.net/joe  etc

thanks!

[Dovecot] commercial help

[Jim Pazarena]

   Contact info

   * Author: Timo Sirainen, t...@iki.fi mailto:t...@iki.fi.
   * Please use the Dovecot mailing list
 http://www.dovecot.org/mailinglists.html for questions about
 Dovecot. You don't have to subscribe to it.
   * Depending on your needs, commercial support may be available. Send
 a mail if you're interested.

according to the above (from the dovecot.org webpage), commercial 
support may be available.
After spending the better part of today trying unsuccessfully, I am 
ready to Send a mail if you're interested.

But I do not know WHO to send it to.
Likely Timo, but I do not want to be presumptuous.

I am on FreeBSD with Dovecot  1.2.4
I need to have both POP3  IMAP working to replace vm-pop3d (which was 
POP3 only).
Local users are:  mbox:/home/%u/mail/:INBOX=/mail/%u  with password in 
/etc/passwd


Virtual users (which vm-pop3d handled readily)
are mbox:/home/VIRTUAL/%d/%u:INBOX/mail/VIRTUAL/%d/%u 
 with password in 
/exim/etc/VIRTUAL/%d/passwd


It is worth it to me to pay a knowledgeable person to create the correct 
conf file to make this happen.

Who should I contact?

Thanks,
Jim Pazarena

[Dovecot] system virtual setup

[Jim Pazarena]

No one replied to my original email, and I was hoping if I re-phrase my question
I can get an answer.

I would like dovecot to provide system email
(located at /mail/%u with system password and /home/%u)
and also virtual email
(/u/mail/VIRTUAL/%d/%u with password found at /u/exim/etc/VIRTUAL/%d/passwd).
NO home space, but I would consider /home/%d/%u

This I think has something to do with namespace, but the docs are too vague for
me to understand. Can anyone help me out?
I would very much appreciate it.
I would even consider PAYING someone to set me straight.

I am looking to migrate away from vm-pop3d. initially with POP3 and ultimately 
into IMAP.

Thanks!

[Dovecot] setting up both system password users AND virtual users

[Jim Pazarena]

I'm afraid that I am a rookie at dovecot, and cannot seem to figure the 
configuration
for a dual system  virtual setup. For now I am using POP3 ---only---

I've got the system working, but cannot figure out how to add the virtual 
system.
The docs aren't quite clear enough for me to understand.

The wiki example for dynamic passwd-file locations
shows:  mail_location = maildir:/home/%d/%n/Maildir
userdb passwd-file  etc etc

I am using mbox, not maildir, AND I've already used mail_location for my system 
accounts
with the following line:
mail_location = mbox:~/mail/:INBOX=/mail/%u

In the case of my virtual users, the mail is stored in INBOX=/mail/VIRTUAL/%d/%u
and the password file is stored in /exim/etc/VIRTUAL/%d/passwd

would someone kindly help me with this?
thanks!