Re: Dovecot Oy merger with Open-Xchange AG
Am 2015-04-02 um 18:24 schrieb Reindl Harald: > Am 02.04.2015 um 18:19 schrieb Jogi Hofmüller: >> Am 2015-04-02 um 17:49 schrieb Reindl Harald: >>> Am 02.04.2015 um 14:30 schrieb Edwardo Garcia: >>>> On 4/1/15, Reindl Harald wrote: >>>>> Am 01.04.2015 um 14:33 schrieb Bernd Petrovitsch: >>>>>> On Mit, 2015-04-01 at 13:07 +0200, Reindl Harald wrote: >>>>>>> Am 01.04.2015 um 13:04 schrieb Bernd Petrovitsch: >>>>>>> that is simple not true - if it would be true linux distributions >>>>>>> would >>>>>> >>>>>> Define "true Linux distribution". >>>>> >>>>> who the fuck was talking abiut "true Linux distribution"? >>>> >>>> you were cockhead >>> >>> no and if someone can't read a simple paragraph beause a missing comma >>> it's not a compliment for him >> >> Your sentence was not really entirely precise. > > it was in the context > >> What's the harm in saying sorry instead of barking at people? > > sorry for what? For not being precise (enough). If someone doesn't understand you you could try expressing whatever you meant to say in a different/better way. Cheers, -- j.hofmüller aka Thesix >-<#!&$@@@? http://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
Re: Dovecot Oy merger with Open-Xchange AG
Am 2015-04-02 um 17:49 schrieb Reindl Harald: > Am 02.04.2015 um 14:30 schrieb Edwardo Garcia: >> On 4/1/15, Reindl Harald wrote: >>> Am 01.04.2015 um 14:33 schrieb Bernd Petrovitsch: On Mit, 2015-04-01 at 13:07 +0200, Reindl Harald wrote: > Am 01.04.2015 um 13:04 schrieb Bernd Petrovitsch: > that is simple not true - if it would be true linux distributions > would Define "true Linux distribution". >>> >>> who the fuck was talking abiut "true Linux distribution"? >> >> you were cockhead > > no and if someone can't read a simple paragraph beause a missing comma > it's not a compliment for him Your sentence was not really entirely precise. What's the harm in saying sorry instead of barking at people? Cheers, -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ signature.asc Description: OpenPGP digital signature
Re: from Cyrus to Dovecot, seen status on cyrus.index files
Hi, Am 2015-01-23 um 14:25 schrieb Norberto Bensa: > I've used dsync but it's too slow. Yes, that's also what we experienced and why we went to cyrus2dovecot. > Also, I have some users with shared mailboxes. Those mailboxes get > duplicated. Either this is the way it works or I'm doing something wrong. > If I could get dsync to not duplicate shared mailboxes, I think I could use > it. Duplication was not a problem when we migrated. The side effect we had was that all mail in a shared mailbox was marked new for all the sharers. We could not get cyrus2dovecot to use user's flags for shared mailboxes. Apart from that everything worked really well. Regards, -- J.Hofmüller Ein literarisches Meisterwerk ist nur ein Wörterbuch in Unordnung. - Jean Cocteau signature.asc Description: OpenPGP digital signature
Re: from Cyrus to Dovecot, seen status on cyrus.index files
Hi, Am 2015-01-23 um 09:36 schrieb Heiko Schlichting: >> Does anyone use cyrus2dovecot for migrations? > > Yes, but this software which is not related to the one you mention: > > http://www.cyrus2dovecot.sw.fu-berlin.de/ The two are identical. Apparently someone put cyrus2dovecot on github. Maybe it will change in the future. However, we recently migrated from cyrus to dovecot using this piece of software. The thing you are looking for is probably the switch -S, --cyrus-seen=PATH with which you tell the script where to find the cyrus seen.db. Using this we had no problems with seen flags for regular mailboxes. But migrating shared mailboxes was a PITA ... so if you have these, be prepared for troubles. Regards, -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ signature.asc Description: OpenPGP digital signature
Re: LMTP proxying
Hi Ralf, Am 2014-09-24 um 13:52 schrieb Ralf Hildebrandt: > But my next issue is that there's no "default port for LMTP", but how > can I adapt the query in such a way that the default port 24 is being > used ONLY FOR LMTP? We solved that by setting up a second LDAP passdb for lmtp that supplies the following values (all in one line): pass_attrs = uid=user,=nopassword,proxy=proxy,proxyhost=host,=port=24\ =starttls=any-cert This way our LMTP proxy works fine. Regards, -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ signature.asc Description: OpenPGP digital signature
Re: migration from cyrus with dsync sieve problem
Hi Alessandro, Am 2014-09-15 um 16:07 schrieb Alessandro Bono: > i'm migrating a cyrus imapd server to dovecot with dsync > everyting seems working but sieve rules are not copied to dovecot server > I searched for documentation but without any luck > I use the configuration below with We are in the process of doing the same here. After first trials with dsync we went to migrating with cyrus2dovecot. For migrating sieve scripts we wrote a simple shell script. The main reason why we abandoned dsync is that it was just painfully slow. I don't remember if it did (attempt) to syn sieve scripts. One thing that we still could not solve is that when migrating shared folders, all flags for all mail are set to unread. Would be interesting if you use shared mailboxes and how you tackle this topic. Cheers, -- J.Hofmüller Im Übrigen bin ich der Meinung, das Joanneum muss zerschlagen werden! - Barbara Fischer signature.asc Description: OpenPGP digital signature
Re: preserving flags for shared mailbox when migrating from cyrus to dovecot
Hi Teemu, all, Am 2014-09-10 13:49, schrieb Teemu Huovila: > I looked at the dovecot -n output attached to your previous mail and > I think I spotted some issues. > (...) > The INDEX and INDEXPVT are identical, which means there is no private > index. Having the CONTROL defined is also questionable. I suggest you > try defining location like this: > > location = > maildir:/srv/vmail/%%u/Maildir:INDEXPVT=/srv/vmail/%u/shared/%%u Did that, and didn't change anything. I still have now way to sync flags for shared mailboxes from the old mail server. > Also, to make subscriptions work sensibly, set the shared namespace > subscriptions = no and then add a placeholder namespace with an empty > prefix to contain just the private subscriptions: > > namespace { > prefix = > hidden = yes > list = no > subscriptions=yes >} Alright, thanks for the hint. Cheers, -- J.Hofmüller Im Übrigen bin ich der Meinung, das Joanneum muss zerschlagen werden! - Barbara Fischer signature.asc Description: OpenPGP digital signature
Re: preserving flags for shared mailbox when migrating from cyrus to dovecot
Hi Timo, all, Am 2014-08-20 14:16, schrieb Timo Sirainen: > I think you can first migrate the shared mailbox's mails as whatever > user. Then use doveadm sync -1 (and maybe -m shared/foo to sync only > the one mailbox) to migrate the message flags. Well, I tried that in several different ways, all without any success. Let's assume the user is called jane and she has a subscription for the shared mailbox doe I tried the following: doveadm sync -1 -R -u jane -m shared.doe imapc: I also tried using the namespace switch: doveadm sync -1 -R -u jane -n shared imapc: again no success. The shared mailbox stays available and working but the flags will not be synced to the state they had on the original server. I also tried it without -R but that didn't get me anywhere either and should be wrong anyways AFAICT. Any further ideas anyone or should I prepare our shared mailbox users that all their email will be unread after migration? Cheers, -- j.hofmüller We are all idiots with deadlines. - Mike West signature.asc Description: OpenPGP digital signature
Re: Escape comma in the LDAP passdb subquery configuration
Hi, Am 2014-09-01 15:27, schrieb Francesco Fiore: > pass_attrs = > @mail=mail=%{login_user},dc=%{login_domain},dc=example,dc=com,\ >=proxy=y,\ >=host=%{ldap:mailHost@mail} > > In the previous example, the problem is the use of "," for DN > representation, which is also the separator for the attribute template I see. Have you tried using a different filter instead of dynamic arguments in pass_attrs? Cheers, -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature
Re: quota for subfolder with prefix=INBOX.
Hi, Am 2014-09-02 22:04, schrieb Jiri Bourek: > Yes. The grace value only protects the system from receiving huge last > message. Alright then, back to the $subject. Who has a clue on how to get extended quota for subfolders working when using prefix=INBOX.? Cheers, -- J.Hofmüller Nisiti-Abie Nathan, 1927-2008 signature.asc Description: OpenPGP digital signature
Re: quota for subfolder with prefix=INBOX.
Hi, Am 2014-09-02 15:26, schrieb Jiri Bourek: > I think your question is answered by first sentence in > http://wiki2.dovecot.org/Quota/Configuration#Quota_grace I guess I totally misunderstood the quota_grace option then. To be clear: if the last mail brings the user just 1% over quota it doesn't matter that I e.g. set quota_grace = 10 %% because every further email will just be denied. Too bad the extended quota for subfolders don't work in our setup (see my initial email). Cheers, -- J.Hofmüller Nisiti-Abie Nathan, 1927-2008 signature.asc Description: OpenPGP digital signature
Re: quota for subfolder with prefix=INBOX.
Hi all, Since I did not manage to get quota for individual subfolders working I tried toying with quota_grace, which also does not work for me :( My approach was this: plugin { quota = maildir:User quota quota_grace = 20%% quota_rule = *:storage=5M } I expected normal delivery of email when user is at 103% quota but the new email (even tiny ones with less than 1K) get's rejected with reason 'over quota'. Is this what dovecot is supposed to do or did I do something wrong? Regards, -- j.hofmüller We are all idiots with deadlines. - Mike West signature.asc Description: OpenPGP digital signature
quota for subfolder with prefix=INBOX.
Hi all, We use prefix=INBOX. in order to keep things as they were on the old server. Now I started playing with quota and have trouble getting the additional quota for Trash and/or Junk working. My expectation was that once a user is over quota and moves email to trash sh/e should be able to receive new email again. That's what I cannot get to work with our setup. Attached you find the config that I thought should be working. The numbers are ridiculously low but that's just for testing. Here is some output from doveadm doveadm quota get -u user Quota name TypeValue Limit % User quota STORAGE 5422 5120105 User quota MESSAGE18 - 0 doveadm mailbox status -u user "messages vsize" "*" INBOX messages=13 vsize=3147033 doveadm mailbox status -u user "messages vsize" "INBOX.*" INBOX.Drafts messages=0 vsize=0 INBOX.Sent messages=0 vsize=0 INBOX.Trash messages=5 vsize=2475790 INBOX.Junk messages=0 vsize=0 Regards, -- j.hofmüller We are all idiots with deadlines. - Mike West # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid btrfs auth_verbose = yes disable_plaintext_auth = no imapc_features = rfc822.size fetch-headers imapc_host = hornet.mur.at imapc_list_prefix = INBOX imapc_master_user = cyrus imapc_password = secret imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no imapc_user = %u lmtp_proxy = yes lmtp_save_to_detail_mailbox = yes login_greeting = Dovecot is spitze! mail_location = maildir:/srv/vmail/%n/Maildir mail_plugins = " acl quota" mail_prefetch_count = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/%%n/Maildir:INDEX=/srv/vmail/%n/shared/%%n:CONTROL=/srv/vmail/%n/shared/%%n:INDEXPVT=/srv/vmail/%n/shared/%%n prefix = shared.%%n. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/deny.%s deny = yes driver = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db quota = maildir:User quota quota_rule = *:storage=5M quota_rule2 = INBOX.Trash:storage=+5M quota_rule3 = INBOX.Junk:storage=+5M sieve = /srv/vmail/%u/sieve/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/%u/sieve sieve_global_dir = /srv/vmail/sieve/ } postmaster_address = postmas...@mur.at protocols = " imap lmtp sieve pop3" quota_full_tempfail = yes service auth { unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 256 } ssl_cert = signature.asc Description: OpenPGP digital signature
Re: LMTP and passdb deny=yes not working
Hi Am 2014-08-27 16:04, schrieb Jogi Hofmüller: > Guess I will have to take a look at the -- not yet tried -- quota > solution ... Nice! In combination with 'quota_full_tempfail = yes' that finally does what we need/want! Thanks and cheers, -- J.Hofmüller Ein literarisches Meisterwerk ist nur ein Wörterbuch in Unordnung. - Jean Cocteau signature.asc Description: OpenPGP digital signature
Re: LMTP and passdb deny=yes not working
Hi, Am 2014-08-27 15:20, schrieb Steffen Kaiser: > you have lots of userdb's in your config. If you use %s in the general > ones, I would remove the special ones in the "lmtp" section at all. True. I cleaned them up a little. > userdb { > args = /etc/dovecot/deny/%s/deny-user > default_fields = uid=vmail gid=vmail home=/tmp/non-existant-name > driver = passwd-file > } No dice. > Just use one userdb: > > userdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > > Then extent your userdb query by: > > (&(original query)(!(attr=%s))) Huh, we're getting somewhere! > choose any attr'ibute with text, such as description, that does no harm > to other services. Then the LMTP service should get no hit and should, > IMHO, tempfail the delivery. Thing is that it does not tmpfail but it says: 550 5.1.1 User doesn't exist. But I guess that is correct. My reasoning is the following: The above method effectively disables a user's account. So from the point of view of lmtp/imap/pop3 the user does not exist. In case of lmtp it is totally appropriate to deny delivery instead of tmpfailing. Guess I will have to take a look at the -- not yet tried -- quota solution ... Thanks so far! Cheers, -- j.hofmüller Gerüchtegenerator http://plagi.at/geruecht signature.asc Description: OpenPGP digital signature
Re: LMTP and passdb deny=yes not working
Hi, Am 2014-08-26 16:48, schrieb Gregory Finch: > I don't think that LMTP/LDA use passdb. I'm pretty sure that they use > userdb only. > > The delivery agents just need to lookup if the recipient exists and > where to store the mail. OK, good point. Now I tried to disable LMTP for one user by means of a special userdb that would return 'return-fail' when it finds a user. I figured then LMTP would reject the message. Not so much though ... this is the special userdb I am using. The default fields are there to keep error messages in logs low. userdb { driver = passwd-file args = /etc/dovecot/deny/%s/deny-user default_fields = uid=vmail gid=vmail home=/tmp/%Ln result_success = return-fail } Attached you find the config I tested. Cheers, -- J.Hofmüller Im Übrigen bin ich der Meinung, das Joanneum muss zerschlagen werden! - Barbara Fischer # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid btrfs auth_debug = yes auth_verbose = yes disable_plaintext_auth = no imapc_features = rfc822.size fetch-headers imapc_host = hornet.mur.at imapc_list_prefix = INBOX imapc_master_user = user imapc_password = secret imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no imapc_user = %u lmtp_proxy = yes lmtp_save_to_detail_mailbox = yes login_greeting = Dovecot is spitze! mail_location = maildir:/srv/vmail/%n/Maildir mail_plugins = acl mail_prefetch_count = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/%%n/Maildir:INDEX=/srv/vmail/%n/shared/%%n:CONTROL=/srv/vmail/%n/shared/%%n:INDEXPVT=/srv/vmail/%n/shared/%%n prefix = shared.%%n. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/deny/%s/deny-user deny = yes driver = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = /srv/vmail/%u/sieve/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/%u/sieve sieve_global_dir = /srv/vmail/sieve/ } protocols = " imap lmtp sieve pop3" service auth { unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 256 } ssl_cert = signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Dear Steffen, Finally managed to test your suggestions ... Am 2014-07-31 09:11, schrieb Steffen Kaiser: > On Thu, 31 Jul 2014, Steffen Kaiser wrote: >> How about adding another userdb { driver = passwd-file args = >> /.../%s/file >> } as the first one, which disables the access to the one user's mail >> storage currently migrated. %s would be lmtp, imap, pop3 and doveadm, >> IMHO. Make sure, doveadm sees no user in this userdb, but the others do, >> e.g. symlink the appropriate files and keep /.../doveadm/file >> zero-length, in order to fall back to LDAP always. I tried that now and did not get any useful results; meaning that I did not manage to block a user from using any of the services. While imap acknowledges finding the user in said file, lmtp doesn't even bother to look there. Both services however continue to work. I tried various return values for the userdb lookup but lmtp just seems to ignore everything. imap can be disabled easily by means of a passdb that has deny = yes set. This is really starting to drive me mad ... >> a) >> Besides the %s-way, there must be a way to have doveadm override the >> settings in: > >> userdb { >> driver = passwd-file >> args = /.../file >> } > >> in the line of: >> doveadm -o userdb[*]/args=/dev/null Quite frankly I don't fully understand what you mean by this. > Maybe, you need not no other userdb, but you can make use of %s in your > LDAP userdb - filter, e.g. > > user_filter = (&(objectClass=posixAccount)(uid=%u)(!(deniedService=%Ls))) Didn't try that one since I figure if passwd-file does not work why should LDAP work? Thanks for your suggestions anyway :) Cheers, -- j.hofmüller We are all idiots with deadlines. - Mike West signature.asc Description: OpenPGP digital signature
Re: LMTP and passdb deny=yes not working
Hi all, Nobody with an idea on the ltmp passdb question? I would really love to find out if I am doing something wrong or if this just does not work as I expect it. Cheers, -- j.hofmüller We are all idiots with deadlines. - Mike West signature.asc Description: OpenPGP digital signature
LMTP and passdb deny=yes not working
Hi all, I start this on in a new thread. I setup the deny-user setting to temporarily prevent users from logging in and (that would be great) also stop mail delivery for said user. All this is because of our upcoming migration. Now it seems that lmtp is ignoring this setting. This is from the logfile: Aug 21 13:01:00 klee dovecot: lmtp(pid): Connect from IP Aug 21 13:01:00 klee dovecot: auth: passwd-file(fischer,IP): User found from deny passdb Aug 21 13:01:00 klee dovecot: lmtp(pid, fischer): 2UErAGzR9VMBPQAAGyzfLQ: sieve: msgid=unspecified: stored mail into mailbox 'INBOX' Aug 21 13:01:00 klee dovecot: lmtp(pid): Disconnect from 172.16.16.205: Successful quit So lmtp seems to find the user and correctly states the fact but then stores the email anyhow. Is this intended or did I hit a bug? Or do I have an error in my config? Cheers, -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid btrfs auth_verbose = yes disable_plaintext_auth = no imapc_features = rfc822.size fetch-headers imapc_host = hornet.mur.at imapc_list_prefix = INBOX imapc_master_user = cyrus imapc_password = secret imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no imapc_user = %u lmtp_proxy = yes lmtp_save_to_detail_mailbox = yes login_greeting = Dovecot is spitze! mail_location = maildir:/srv/vmail/%n/Maildir mail_plugins = acl mail_prefetch_count = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/%%n/Maildir:INDEX=/srv/vmail/%n/shared/%%n:CONTROL=/srv/vmail/%n/shared/%%n:INDEXPVT=/srv/vmail/%n/shared/%%n prefix = shared.%%n. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/deny-users deny = yes driver = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = /srv/vmail/%u/sieve/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/%u/sieve sieve_global_dir = /srv/vmail/sieve/ } protocols = " imap lmtp sieve pop3" service auth { unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 256 } ssl_cert = signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Hi, Sorry for warming up this thread, but Am 2014-07-31 13:34, schrieb Michael Grimm: > In the meantime I use something like to block users during maintainance: > > # temporary blocks > passdb { > driver = passwd-file > deny = yes > args = /path/to/deny-users > } > > # regular > passwd { > driver = sql > args = /path/to/dovecot-sql.conf > } > > /path/to/deny-users holds username to block. This is really cool and works perfect for imap/pop. It doesn't work for LMTP, although it acknowledges that the user has been found in the deny passdb: Aug 21 13:01:00 klee dovecot: lmtp(pid): Connect from IP Aug 21 13:01:00 klee dovecot: auth: passwd-file(fischer,IP): User found from deny passdb Aug 21 13:01:00 klee dovecot: lmtp(pid, fischer): 2UErAGzR9VMBPQAAGyzfLQ: sieve: msgid=unspecified: stored mail into mailbox 'INBOX' Aug 21 13:01:00 klee dovecot: lmtp(pid): Disconnect from 172.16.16.205: Successful quit Is this what is supposed to happen (since LMTP doesn't use authentication)? Regards, -- J.Hofmüller ich zitiere wie Espenlaub. https://twitter.com/TheGurkenkaiser/status/463444397678690304 signature.asc Description: OpenPGP digital signature
Re: preserving flags for shared mailbox when migrating from cyrus to dovecot
Hi, Am 2014-08-20 14:16, schrieb Timo Sirainen: > I think you can first migrate the shared mailbox's mails as whatever > user. Then use doveadm sync -1 (and maybe -m shared/foo to sync only > the one mailbox) to migrate the message flags. Just to make sure I got you right: The shared mailbox has been migrated to dovecot correctly. I call it 'sharedbox' for now. The user's mail has also been migrated correctly. Let's call her/him 'user'. Then I would run doveadm sync -1 -u user -m shared.sharedbox imapc: to sync the flags for user 'user'. Correct? > You need to run that > separately for all the users who have access to the shared mailbox. Makes sense. > Of course Dovecot will also need to be configured properly to have > private seen flags for users (only private seen flags are currently > possible in Dovecot, I'm not sure how they are in Cyrus). We have individual flags for shared mailboxes now and configured dovecot accordingly (see dovecot -n output attached). Thanks so far! I hope this will work! Cheers, -- J.Hofmüller Im Übrigen bin ich der Meinung, das Joanneum muss zerschlagen werden! - Barbara Fischer # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid btrfs auth_debug = yes auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@+ auth_verbose = yes disable_plaintext_auth = no imapc_features = rfc822.size fetch-headers imapc_host = hornet.mur.at imapc_list_prefix = INBOX imapc_master_user = cyrus imapc_password = secret imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no imapc_user = %u lmtp_proxy = yes lmtp_save_to_detail_mailbox = yes login_greeting = Dovecot is spitze! mail_debug = yes mail_location = maildir:/srv/vmail/%u/Maildir mail_plugins = acl mail_prefetch_count = 20 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/%%u/Maildir:INDEX=/srv/vmail/%u/shared/%%u:CONTROL=/srv/vmail/%u/shared/%%u:INDEXPVT=/srv/vmail/%u/shared/%%u prefix = shared.%%u. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = /srv/vmail/%u/sieve/.dovecot.sieve sieve_default = /srv/vmail/sieve/default.sieve sieve_dir = /srv/vmail/%u/sieve sieve_global_dir = /srv/vmail/sieve/ } protocols = " imap lmtp sieve pop3" service auth { unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 256 } ssl_cert = signature.asc Description: OpenPGP digital signature
preserving flags for shared mailbox when migrating from cyrus to dovecot
Dear all, Despite all the progress we are making in our attempt to make the migration as smooth and transparent for our users there are still some important unsolved issues. One thing that I can't figure out is how to preserve a user's flags that s/he has for mail in a shared mailbox. So far we tried 'doveadm backup -R' as well as the cyrus2dovecot script from here [1]. Both work well for individual mailboxes but do not migrate subscriptions for shared mailboxes and -- more importantly -- flags for mail in a shared mailbox. Reconstructing subscriptions is quite easy but I have no clue on how to reconstruct a user's flags. Any hint is greatly appreciated! [1] http://cyrus2dovecot.sw.fu-berlin.de/index.html -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Hi Jiri, all, Am 2014-07-31 12:33, schrieb Jiri Bourek: > As far as I know you can do the warm - cold with dsync too. First you do > backup on live (i.e. accessible for both imap and delivery) mailbox. > This takes a long time on big mailbox, but that should not be an issue > since the mailbox can be used normally. That's exactly what I was trying to describe in one of my previous emails (subject: incremental mailbox syncs for quick migration). Great to hear that this solution seems viable :) > When it's done, you disable the mailbox (again, both imap and delivery) > and repeat the backup, which should be relatively fast now. When that's > done, enable mailbox on new storage and you're done. Right, just as I thought. > I don't think it's possible to have the mailbox available all the time > during migration. Well, it's possible, but it seems like recipe for > trouble. Agreed. Just trying to keep the downtime as short as possible. Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Hi Harald, all, Am 2014-07-30 17:36, schrieb Reindl Harald: > normally you announce a mainantaince window for such migrations That's what we do. > why do you need dsync at all for such a migration? Migrating from cyrus to dovecot in a transparent manner. Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Hi all, Thanks for your replies. Am 2014-07-30 12:02, schrieb Jiri Bourek: > On 30.7.2014 11:27, Reindl Harald wrote: >> just shutdown the MTA so you don't receive new mail >> senders will defer and deliver later I would like to stay away from this option since we plan on doing a transparent migration that will take a few nights. Turning MTA off every night seems a bit drastic. > Or better - disable LMTP service in Dovecot. Incoming mail will stay on > your MTA and when you're done, you just tell it to deliver everything > that piled up in the queue in the meantime Better but still not perfect ;) We have users that work late and I am sure they would complain when they don't receive email during migration nights. Still thinking ... Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
Re: LMTP during dsync migration
Hi Jiri, all, Thanks for your reply. Am 2014-07-29 16:13, schrieb Jiri Bourek: > Considering you're planning to use doveadm backup, you can't deliver > into the new mailbox. From dsync man page: Yes, this is the way we plan to migrate the mailboxes. > backup - Backup mails from default mail location to location2 (or vice > versa, if -R parameter is given). No changes are ever done to the source > location. Any changes done in destination are discarded. > Unless I misunderstood something, this means that if you deliver > messages to the new mailbox, next run of doveadm backup will remove them. We are not planning on multiple runs of doveadm backup. The question is what to do with LMTP _while_ the doveadm backup migration is happening? At the time when mailbox X get's migrated, the settings used for the proxy will be removed, so user X cannot access the mailbox on the old server anymore. Given the size of some of the mailboxes chances are quite high that there will be delivery attempts _during_ the migration process. That's what I am thinking about. Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
LMTP during dsync migration
Hi all, Another question regarding migration. While migrating a mailbox with dsync is it safe to deliver mail via LMTP to the new (target) mailbox or is it wiser to deactivate LMTP delivery to this mailbox until it's fully migrated? And what methods could I use to stop delivery to a mailbox during migration? Our user data is stored on an LDAP server. Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
incremental mailbox syncs for quick migration
Hi all, We are facing quite large mailboxes (>10GB) in our migration from cyrus to dovecot. I did a test on one mailbox and repeated the sync a couple of times with the expected result that the second, third, etc. sync took only seconds compared to minutes for the first sync. We use this command to sync a mailbox: doveadm backup -R -u USER imapc: Are there any problems to be expected when we first do a sync for all mailboxes but do not migrate the users right away but instead do the actual migration using a second sync? Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
problem migrating shared folders from cyrus to dovecot
Hi all, We face a problem migrating shared mailboxes from an old cyrus server to dovecot. Whereas migrating regular users works like a charm, the shared mailboxes cannot be migrated. dsync/doveadm states: "Error: Failed to access mailbox INBOX: Mailbox does not exist". This is somehow true since the shared mailboxes live not under user.mailbox but rather under shared.mailbox (cyrus special). Has anyone a solution for this peculiar problem? Cheers, -- j.hofmüllerhttp://thesix.mur.at/ signature.asc Description: OpenPGP digital signature
imap/pop3/lmtp proxy question/problem
Dear list, We are finally back to our task of migrating from cyrus to dovecot. dovecot mostly does what we want in terms of POP3/IMAP server. Now we are preparing for migration. The plan is to use dovecot as proxy for not-yet migrated accounts. This works wonderfully for IMAP but not for LMTP. Here's what I find in the logs when I try to deliver e-mail to the dovecot lmtp port: Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Jun 25 19:03:06 klee dovecot: lmtp(5037): Connect from IP-address Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: user USER: Auth PASS lookup returned temporary failure: reason=Configured passdbs don't support crentials lookups Jun 25 19:03:06 klee dovecot: lmtp(5037): Debug: auth input: reason=Configured passdbs don't support crentials lookups Delivery works fine without proxy (lmtp_proxy = no). What I would need to do is to configure the proxy part so that POP3/IMAP uses the accounts username/password and LMTP uses a special account to deliver e-mail. This is dovecot-ldap.auth (the =proxy=y will be replaced by a field from ldap once the tests work): uris = ldaps://our.ldap.server/ tls = no auth_bind = yes base = dc=mur,dc=at deref = never scope = subtree user_attrs = =home=/srv/vmail/mail/%Lu,=uid=999,=gid=999 user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password,=proxy=y,=host=our.imap.server,=starttls=yes iterate_attrs = uid=user iterate_filter = (objectClass=posixAccount) dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.14-1-amd64 x86_64 Debian jessie/sid auth_verbose = yes disable_plaintext_auth = no lmtp_proxy = yes login_greeting = Dovecot is spitze! mail_debug = yes mail_location = maildir:/srv/vmail/mail/%u mail_plugins = acl namespace { hidden = no inbox = no list = children location = maildir:/srv/vmail/mail/%%u:INDEX=/srv/vmail/mail/%u/shared/%%u prefix = shared.%%u. separator = . subscriptions = yes type = shared } namespace inbox { hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" service auth { unix_listener auth-userdb { group = vmail user = vmail } } service lmtp { inet_listener lmtp { address = 172.16.16.78 port = 24 } user = vmail } ssl_cert = http://plagi.at/geruecht signature.asc Description: OpenPGP digital signature
Re: [Dovecot] proxy, userdb and passdb
Dear Alex et al > Did you happen to have this working? Could you share how? So far it's not working yet. We are currently exploring more recent dovecot versions (2.2.9 AFAIR) but had to do some other work to keep the mailsystem running. Now we have more time to work on migration and will post any useful results (or more questions, whatever comes first). Cheers! -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature
[Dovecot] LMTP, TLS/SSL, authentication, proxy
Folks, Several questions packed into one email ;) Can dovecot use TLS/SSL on LTMP inet socket? Can I configure dovecot to only let an authenticated user deliver mail via LMTP? Can I tell dovecot to use a user/password for proxying LMTP connections? All this is related to my quest to move from cyrus to dovecot transparently to our users. And if any of the above questions can be answered with yes, I would appreciate the odd hint on howto configure that :) Thanks in advance! -- j.hofmüller aka Thesix http://users.mur.at/thesix/
Re: [Dovecot] proxy, userdb and passdb
Hi Steffen, Am 2013-10-22 10:05, schrieb Steffen Kaiser: see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields Did, thanks. The errors I mentioned in my previous post are gone. Still, proxying does not work as expected. Instead I get strange warnings: Oct 22 12:06:51 server dovecot: auth-worker(PID): Warning: userdb passwd: Move templates args to override_fields setting This is the proxy-userdb file's content (I removed the UID and IP address): user:::proxy=y host=IP-ADDRESS starttls=y nopassword=y However, a userdb does never override passdb setting (as I understand your wording), because the userdb kicks in later, you should post your config. Here it comes: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.10-3-amd64 x86_64 Debian jessie/sid mail_location = maildir:~/Maildir mail_plugins = acl namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ subscriptions = no type = shared } namespace inbox { hidden = yes inbox = yes list = no location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = session=yes driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp pop3" ssl_cert = http://sat.mur.at/
[Dovecot] proxy, userdb and passdb
Dear all, We are getting closer to the migration of our mailsystem. Now I have a special question. We are successfully using passdb { driver = pam } and that is good. Now, how would I tell dovecot to proxy certain users (the ones not yet migrated) to the old server? My attempts to configure an additional userdb failed since this seems to override the passdb setting. Grateful for any hints! Cheers, -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Transparent Migration from cyrus to dovecot
Dear Christian, Am 2013-10-10 17:06, schrieb Christian Rohmann: > I work for NetCologne GmbH, an ISP in Cologne, Germany. I did a talk > "Austausch einer ISP-Mailplattform ohne Downtime" at the mail server > conference the Heinlein-Support company held in Berlin in 2011. > > https://www.youtube.com/watch?v=kLQOkiBebU0 Thanks for the video! Unfortunately most things that allowed you to do migration in the file system don't apply for us (e.g. we have mailboxes in the GB range). So I think we will go for dsync and dovecot's proxy features ;) Regards, -- j.hofmüller mur.sat -- a space art projecthttp://sat.mur.at/ signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Transparent Migration from cyrus to dovecot
Hi Ed, Thanks for the encouragement! Am 2013-10-06 22:56, schrieb Ed W: > Make use of the proxy feature. You can add a "server" entry into your > userdb, that way you can literally move users over one by one and flip > their server location. You can easily test individual users and move > them over individually. One question still remains in my head. The migration/dsync page [1] states that 'The source IMAP/POP3 mailboxes shouldn't be modified while dsync is running. Also "dsync backup" means that if the destination has any changes that don't exist in source IMAP server, the changes are deleted.' So how does the setup behave *while* I migrate a user's mail? I figured that I would start with a proxy entry for every user. Then disabling proxy for the first mailbox and start migrating it. So new mail would be delivered to the newly created dovecot mailbox while all the mail from the old server would start appearing. From the quote above I take it that new mail *could* disappear. OK, this is all still theory since I have not done any tests. However, the more I know beforehand, the better the process will work, I hope ;) [1] http://wiki2.dovecot.org/Migration/Dsync Cheers! -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature
[Dovecot] Transparent Migration from cyrus to dovecot
Hi dovecot people, We are in the process of preparing the migration from a cyrus 2.1 installation to dovecot. Dovecot will be installed on new hardware, so we have separated servers that can/will exist in parallel for a while. Our goal is to do the migration without interrupting the service for our users too much. Currently we tend to using dsync. So I am asking for best practice suggestions, tips and hints from people who have done such a thing before. Curiously awaiting your replies ;) Cheers! PS: I am subscribed to the list. So no need to include my address in replies. Thanks! -- j.hofmüller Optimism doesn't alter the laws of physics. - Subcommander T'Pol signature.asc Description: OpenPGP digital signature