Re: BINARY capability not working correctly?
On Sat, Sep 19, 2015 at 6:27 PM, Michael M Slusarz wrote: > > Probably this: http://markmail.org/message/abjg72sw7ii5ty5x > > Trivial to workaround in client code, so no need to disable BINARY outright > on a client. > It seems that you were right. Updating dovecot from version 2.2.10 to 2.2.18 corrected the problem. The fix is in 2.2.13. Thanks a lot! - Jouko
BINARY capability not working correctly?
Hello, I have trouble with some attachments not working on Horde and Roundcube. I made a ticket to Roundcube webmail and they tracked down it to Dovecot not responding correctly to BINARY FETCH: http://trac.roundcube.net/ticket/1490532 What is causing Dovecot to answer NIL? Is there an issue in Dovecot? If I want to disable to BINARY capability in Dovecot I need to use imap_capabilities. I found out that I could add capabilities with syntax imap_capabilities= +FOO but it seems I can't use similar syntax (imap_capabilities= -FOO) to remove capabilities? If I list all capabilities like: imap_capabilities= IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE MOVE QUOTA I understood that this will result in listing all capabilities already pre-login. Is this a problem? Thanks, Jouko Nikula
Re: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery
>>> However, I would look at the cause of the "insufficient privileges": >>> it is a symptom of something that could lead to other problems. >> >> >> The cause is that I have not given lmtp read access to mail/home dir. >> :-) So this is intentional. > > > That is bizarre -- I can't think of how you can profit from denying read > access to indices, but allow write access, and also allow read access > to the mailboxes. > > Joseph Tam Now in my configuration LMTP does not have read access to the mailboxes. So it can only read the CONTROL files and write all files. In my opinion this means added security. And thanks a lot to everyone for your help!
Re: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery
On Thu, Apr 3, 2014 at 1:36 AM, Joseph Tam wrote: > > Jouko Nikula writes: > >> Is there a way to use LMTP (or LDA) so that maildir index and >> dovecot-uidlist are not updated? >> >> My setup is such that mail delivery sees user's maildir as write only. This >> setup works well when using postfix for mail delivery, but when I try to >> switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist >> and fails on insufficient privileges. Is there a way around this without >> exposing the maildir and mail home for read access? > > > You could create MEMORY indices e.g. > > mail_location = maildir:~/Maildir:INDEX=MEMORY > > which will allow all the other processing like sieve to work. > I now used: mail_location = maildir:~/mail:INDEX=MEMORY:CONTROL=/var/mail/%d/ctrl/%u and for sieve: plugin { sieve = /var/mail/%d/ctrl/%u/dovecot.sieve sieve_dir = /var/mail/%d/ctrl/%u/ } I also have two dovecot instances. One is responsible for imap/pop3 and other is responsible for sasl and and lmtp. The latter uses configuration above and the former differs on the mail location so that it does not have the INDEX=MEMORY setting: mail_location = maildir:~/mail:CONTROL=/var/mail/%d/ctrl/%u Do you see problems in this setup? My understanding is that now I'm wasting little bit CPU on creating indices for new mail, but I nevertheless have working and stored indices on the dovecot's imap instance. > However, I would look at the cause of the "insufficient privileges": > it is a symptom of something that could lead to other problems. > > Joseph Tam The cause is that I have not given lmtp read access to mail/home dir. :-) So this is intentional.
Re: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery
I would like to use sieve plugin for server side filtering and I've understood that LMTP/LDA is required for this. On Wed, Apr 2, 2014 at 5:48 PM, Tom Hendrikx wrote: > On 04/02/2014 12:27 PM, Jouko Nikula wrote: > > Hello all, > > > > Is there a way to use LMTP (or LDA) so that maildir index and > > dovecot-uidlist are not updated? > > > > My setup is such that mail delivery sees user's maildir as write only. > This > > setup works well when using postfix for mail delivery, but when I try to > > switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist > > and fails on insufficient privileges. Is there a way around this without > > exposing the maildir and mail home for read access? > > > > Regards, > > Jouko Nikula > > > > When indexes cannot be updated upon delivery, there is no real benefit > in using dovecot's delivery mechanisms. So you could just simply let > postfix deliver the messages. > > Tom >
[Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery
Hello all, Is there a way to use LMTP (or LDA) so that maildir index and dovecot-uidlist are not updated? My setup is such that mail delivery sees user's maildir as write only. This setup works well when using postfix for mail delivery, but when I try to switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist and fails on insufficient privileges. Is there a way around this without exposing the maildir and mail home for read access? Regards, Jouko Nikula
Re: [Dovecot] SHA512-CRYPT scheme fails password verification
On Wed, Dec 25, 2013 at 2:07 PM, Darren Pilgrim wrote: > > You're being bitten by shell interpretation/expansion. You need to make the > hash an uninterpretted literal (in bourne-type shells, wrap it in single > quotes): > Ah, yes of course. Works now. Thanks!
[Dovecot] SHA512-CRYPT scheme fails password verification
Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula@jlaptop:~/$ doveadm pw -t {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. -p 123456 doveadm(jnikula): Fatal: reverse password verification check failed: Password mismatch Using SHA512 sum scheme (-s SHA512) works ok in the same manner. I have dovecot version 2.2.9 on Linux 3.11.0-14-generic x86_64 Ubuntu 13.10 and I get the same results on 32-bit Debian as well. Does anyone have idea what's wrong? Thanks in advance, Jouko Nikula
[Dovecot] Ignoring mount points for secondary dovecot instance does not seem to work
Hello, I tried to ignore all mountpoints in Dovecot. I have two dovecot instances running: root@fileserver# doveadm instance list path name last used running /usr/local/var/run/dovecot dovecot 2013-12-21 08:09:34 yes /var/run/dovecot.smtp smtp-auth 2013-12-21 08:09:34 yes I give commands: root@fileserver# doveadm mount add '/*' ignore root@fileserver# doveadm -i smtp-auth mount add '/*' ignore And then restart dovecot. In the log I can see that the main instance is now ignoring my mountpoints, but the smtp-auth instance is still warning about my mountpoints. Is this a bug or am I missing something? My configurations are as follows: root@fileserver# doveconf -ni smtp-auth # 2.2.9: /usr/local/etc/dovecot/dovecot.conf.smtp # OS: Linux 3.2.0-4-686-pae i686 Debian 7.1 auth_mechanisms = plain login base_dir = /var/run/dovecot.smtp/ first_valid_uid = 123 instance_name = smtp-auth log_timestamp = "%Y-%m-%d %H:%M:%S " mail_gid = mail mail_location = maildir:~/mail mail_uid = vmail passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = dovecot driver = pam } protocols = service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert =
[Dovecot] multiple passdbs and auth sockets
Hello, I want to use different authentication arguments for smtp and imap/pop3. In the dovecot list I found this: http://www.dovecot.org/list/dovecot/2013-August/091960.html I tried to follow these instructions but dovecot refuses to find the auth executable: Dec 12 10:36:18 jlaptop postfix/smtpd[7302]: connect from localhost[127.0.0.1] Dec 12 10:36:18 jlaptop dovecot: auth-10: Error: doveconf: Fatal: execvp(/usr/local/var/run/dovecot/dovecot/auth) failed: No such file or directory Dec 12 10:36:18 jlaptop dovecot: master: Error: service(auth-10): command startup failed, throttling for 2 secs Dec 12 10:36:18 jlaptop dovecot: auth-10: Fatal: master: service(auth-10): child 7304 returned error 89 (Fatal failure) Dec 12 10:36:18 jlaptop postfix/smtpd[7302]: fatal: no SASL authentication mechanisms Dec 12 10:36:19 jlaptop postfix/master[7046]: warning: process /usr/lib/postfix/smtpd pid 7302 exit status 1 Dec 12 10:36:19 jlaptop postfix/master[7046]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling My settings for postfix and dovecot are as follows: root@jlaptop:/usr/local/etc/dovecot/conf.d# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix default_transport = error home_mailbox = Maildir/ inet_interfaces = loopback-only mailbox_command = mailbox_size_limit = 0 myhostname = jlaptop mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + relay_transport = error relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth-10 smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_gid_maps = static:8 virtual_mailbox_base = /var/mail/smtp virtual_mailbox_domains = jlaptop.com virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 100 virtual_uid_maps = static:124 root@jlaptop:/usr/local/etc/dovecot/conf.d# doveconf -n # 2.2.9: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.11.0-13-generic x86_64 Ubuntu 13.10 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes first_valid_uid = 124 mail_gid = mail mail_home = /var/mail/imap/%n mail_location = maildir:~/mail mail_plugin_dir = /usr/local/lib/dovecot/ mail_plugins = gpgfuse_umount mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = session=yes dovecot driver = pam } protocols = imap pop3 lmtp imap pop3 service auth-10 { executable = auth -c /usr/local/etc/dovecot-auth-smtp.conf process_limit = 1 unix_listener /var/spool/postfix/private/auth-10 { group = postfix mode = 0666 user = postfix } } ssl_cert =
Re: [Dovecot] post-logout scripting
On Mon, Dec 9, 2013 at 4:49 AM, Timo Sirainen wrote: > > No, doesn’t work that way anymore. You could instead use this: > http://dovecot.org/patches/2.2/imap-logout-plugin.c > Thanks for your reply! This works for me. However, if I want to do the same for pop3 logout do I need a separate plugin for it or can I do both in same plugin? If I try to include both "imap-common.h" "pop3-common.h" in same plugin I get type conflicts.
[Dovecot] post-logout scripting
Hi all, I found this (http://www.dovecot.org/list/dovecot/2010-January/045717.html) describing how to do a post-logout script. But is this valid anymore? It seems I'm getting error when trying to execute imap process in post-logout script and post logout documentation does not talk about executing imap. I'm trying to umount (virtual) user home directory when user logs out. Thanks, - Jouko
Re: [Dovecot] Checkpassword interface for custom password check and home mounting
On Mon, Nov 25, 2013 at 10:57 AM, Kai Hendry wrote: > May I ask why you mount the user directory? Couldn't it just be already > mounted and you simply use the PAM interface? First of all, sorry about the double post. Yes I believe I could use the PAM interface. It looks more suitable to this. I will look into it. Thanks for pointing me to right direction!
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi, I'm trying to use the checkpassword interface to do a password check and if the check succeeds I mount the user home directory (including mail) using the users login password and uid. Things work well if I do the mount manually, but when I add the home directory mounting to checkpassword things seem to stop. Dovecot logs the result of the password check, but doesn't send the result to client. Here's the log: Nov 25 10:32:05 jlaptop dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 25 10:32:05 jlaptop dovecot: auth: Debug: auth client connected (pid=27551) Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=8HsMAvjrvgB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=39614 Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client out: CONT#0111#011 Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in: CONT Nov 25 10:32:05 jlaptop dovecot: auth: Debug: checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>): execute: /usr/sbin/gpgfusemount /usr/lib/dovecot/checkpassword-reply Nov 25 10:32:05 jlaptop dovecot: auth: Debug: checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>): exit_status=0 My dovecot version is 2.1.7. My checkpassword is a setuid binary and the mount is a self made fuse-fs. Any ideas what happens? Are there better ways to do this? Thanks, - Jouko
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi, I'm trying to use the checkpassword interface to do a password check and if the check succeeds I mount the user home directory (including mail) using the users login password and uid. My password check seems to work, but when I add the home directory mounting things seem to stop. Dovecot never logs the result of the password check and nothing happens until the client gets bored and tries again. I added trace to the dovecot's checkpassword-reply and I see that it's really executed, it writes the reply and returns 0 for successful authentication. My dovecot version is 2.1.7. My checkpassword is a setuid binary and the mount is a self made fuse-fs. Any ideas what happens? Are there better ways to do this? Thanks, - Jouko