Re: [Dovecot] IMAP vs. POP3
On Thu, 2011-04-28 at 19:54 +0200, Stéphane Guedon wrote: > On Thursday 28 April 2011 19:31:49 Matt wrote: > > Does IMAP create much additional system load vs. POP3? > If you do use IMAP, server disk space capacity can become an important number to watch as most POP3 clients by default will delete the mail from the server once downloaded. Additionally there are end user support "load" as well. Do you have a lot of users with a variety of skill levels and mail clients? Supporting a large variety of user configurations can cause support problems. Example, a user is using IMAP then switches to POP3 (either by accident or otherwise) and suddenly you will get a call about how someone hacked into their mail account and deleted all of their mail.
Re: [Dovecot] Feature request: usernames and passwords
Check out splunk (or similar) for multiple disparate event log correlations. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Chris Hoogendyk Sent: Wednesday, July 21, 2010 10:19 AM To: Dovecot Mailing List Subject: Re: [Dovecot] Feature request: usernames and passwords I should note that the patterns of attack we are seeing are extremely sophisticated. They are going out of their way to be "stealth" with respect to detection strategies. We do still see the focused brute force attacks where one IP futilely hammers at root (never allowed anyway), and where an IP tries all the various default system and application accounts. However, it seems that attacks are now going to distributed against distributed. That is to say, a large botnet (I recently identified 1235 IPs in one day cooperating in an attack) has a large list of hosts it wants to hit, and they randomize the hits across botnet IPs, across hosts, and across accounts being hit, with time delays between hits for any one host. You see this by looking across multiple servers and seeing the same IP trying different accounts across different servers, or the same account being tried by different IPs across different servers, and the accounts incrementing alphabetically, even though the IP trying them is changing. I have only been able to tag these manually in a text oriented editor with multiple grep patterns to remove legitimate entries before I compile the list of IPs to be blocked. Then those are run through another script that does NS lookups and checks against already blocked IPs. What is left, I scan with my own eyes and remove things that could possibly be our own users. Not an easy thing to deal with. The odds of their getting into any particular server are slim, but that's multiplied by the huge number of servers they are hitting. After blocking those, I continue to see steady streams of access denied in my auth logs, even weeks later. These attempts are typically preceded with similarly distributed port scans and will hit whatever ports and protocols are available. I see mostly ssh, but also a significant number of attacks on pop3. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: [Dovecot] basic conf error? v1.2.11
LOL nice! Thanks for being gentle. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Pascal Volk Sent: Thursday, June 17, 2010 8:45 AM To: Dovecot Mailing List Subject: Re: [Dovecot] basic conf error? v1.2.11 On 06/17/2010 03:27 PM Justin Krejci wrote: > . > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ > . > > Any ideas what is wrong here? It seems like the example conf file is not > correct. Yes the dovecot-sql.conf file exists. The above line (with non-default values) doesn't end. This is \ one line^ When your usernames really contain backslashes, don't place it at the logical end of line. Regards, Pascal -- The trapper recommends today: c01dcofe.1016...@localdomain.org
[Dovecot] basic conf error? v1.2.11
I just downloaded 1.2.11 and compiled from source including mysql support and using default directory locations. I walked thru the included example conf file and tweaked it out and get an invalid configuration file. I trimmed out all of the commented sections to make the non-default config super easy to navigate during troubleshooting. Remaining config which gives an error of "unknown setting: mechanisms" so I switched it to auth_mechanisms and then get the following when starting dovecot: Error: Error in configuration file /usr/local/etc/dovecot.conf line 18: Unknown section type (section changed in /usr/local/etc/dovecot.conf at line 14) Fatal: Invalid configuration in /usr/local/etc/dovecot.conf # protocols = imap pop3 listen = disable_plaintext_auth = no ssl = no login_processes_count = 100 login_max_processes_count = 500 login_max_connections = 512 login_greeting = DovecotProxy08 ready. protocol imap { } protocol pop3 { } protocol lda { } #LINE 14 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ auth default { mechanisms = plain passdb sql { #LINE 18 args = /usr/local/etc/dovecot-sql.conf } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root } dict { } plugin { } # Any ideas what is wrong here? It seems like the example conf file is not correct. Yes the dovecot-sql.conf file exists.
Re: [Dovecot] A dovecot book ?
Just print all of the dovecot documentation from the website, 3-hole punch them, stick them in a 3-ring folder and voila, a Dovecot book that has pretty current information. Kidding aside I find digital better in general as doing find is utterly important to me. When reading technical books in print I find myself thinking, "man, I wish I could do a ctrl-f" while I page thru, skim, check the index, check the TOC, etc. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Jerry Sent: Wednesday, March 03, 2010 5:24 AM To: dovecot@dovecot.org Subject: Re: [Dovecot] A dovecot book ? On Wed, 03 Mar 2010 11:57:35 +0100 Carsten Laun-De Lellis articulated: > Am 03.03.2010 11:39, schrieb Stan Hoeppner: > > Carsten Laun-De Lellis put forth on 3/3/2010 4:09 AM: > > > >> Hi all > >> > >> I am using dovecot at home for privat use and i found a lot of > >> documentation here on the web. But you know, i am an old fashion > >> guy and i like books. Is there a book on the market that will help > >> me with understanding dovecot more and the configuration options ? > >> > > This book apparently covers some of Dovecot: > > http://www.amazon.com/Pro-Open-Source-Mail-Enterprise/dp/159059598X > > > > It's geared toward building a complete mail server solution, so > > it's not dedicated to Dovecot. How much of Dovecot it covers I > > don't know, as I've not read it. > > > > It was apparently published in Sept 2006, 3.5 years ago. Standard > > caution applies: some/much of the technical information may now be > > incorrect as things have changed in the software over the 4+ year > > period since the author put pen to paper, so to speak. > > > > This is the most recent book I could find that covers a little bit > > of Dovecot. There doesn't appear to be a "Book of Dovecot". > > Dovecot is covered a bit in The Book of Postfix, but it was > > published in 2005, so it will be even farther out of date. > > > > The book linked above may be worth the read for general > > architectural setup. > > > > > Thank you for your quick reply. I already have two postfix books one > published in 2007 another one in 2009. Both covers dovecot in > examples how to set up a mail server for enterprises, but this is not > what i am looking for. I am looking for an equivalent to the courier > and cyrus books on the market. > > But again thank you for your reply. > > Regards, > Carsten > A while ago, I expressed an interest in writing a book about Dovecot; something along the "Dovecot for Dummies" scenario. I have switched jobs, and am attempting to relocate so I have not had a lot of time to invest in the venture. Hopefully, within the next year I will get back to the project. That doesn't help you much, but it might someday assist someone else. Personally, I always enjoy reading from a book more than from a web page. Just my own preference though. -- Jerry ges...@yahoo.com |=== |=== |=== |=== | One of the signs of Napoleon's greatness is the fact that he once had a publisher shot. Siegfried Unseld
Re: [Dovecot] virtual users with mysql
We use mysql auth and support username or usern...@domain.com for logins. Perhaps you just need to edit the auth_username_chars variable in the dovecot config to allow @ symbol in usernames? -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Andre Hübner Sent: Thursday, January 28, 2010 4:11 AM To: Dovecot Mailing List Subject: [Dovecot] virtual users with mysql Hello List, we use in our system cryptical Usernames for dovecot etc. and authenticate users against shadow/passwd User abcde is loging in and gets data from /var/spool/mail/abcde and /home/popuser/abcde Now we want to make it possible that users can log in also with emailadresses. I tried dovecot-mysql authentication which works fine but i do not find a way to use 2 different login-formats in my queries. login with abcde and also testn...@example.com should return ok and lead to /var/spool/mail/abcde. Is this possible or i have to make a decision which format to use? Thanks, Andre
Re: [Dovecot] pop3+leave messages on server
Not to pick nits but pop3+leave on server does not mean you have all message from the dawn of time stored on the server. Outlook and presumably other MUAs have "remove from server after X time" and "remove from server when message is deleted" options when leaving pop3 messages on the server is enabled. I agree with the general principal though that if you wish to keep messages on server as general practice you should use IMAP. IMO pop3+leave is really only ideal while traveling using other clients/computers or maybe if IMAP is not offered at all. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Charles Marcus Sent: Tuesday, December 29, 2009 6:19 AM To: Dovecot Mailing List Subject: Re: [Dovecot] pop3+leave messages on server On 2009-12-29, Papp Tamas (tom...@martos.bme.hu) wrote: > The protocoll imap is not the same as using pop3+leave messages on > server. That is correct. The POP protocol is designed to delete the messages from the server once they have been POPPED. The IMAP protocol is designed to leave the messages on the server all the time. > He wants to use this scenario anyway as he did for many years with no > problems. The fact that he has had 'no problems' in many years is purely the luck of the draw. One minor bug in either the IMAP/POP server or the mail client during an upgrade or other maintenance, and boom - he will *really* be surprised when *all* of his messages from the last few *years* are downloaded again, not just the last few hours worth. One real worl example of how this can happen: his Outlook profile gets corrupted, and he still has all of his mail, but he has to recreate his account settings - boom, all of his mail downloads again from the date he started leaving them on the server. Same thing goes for when he install Outlook on a new computer - which, in some cases, might be desirable, and in others, not... The bottom line is, POP is simply not designed to work this way. The fact that it can be *manipulated* to work this way doesn't change the nature of the protocol, or the inherent problems. -- Best regards, Charles
Re: [Dovecot] E-Mail Encryption
Some companies and governments in the United States at least have very strict policy requirements regarding various aspects of security and encryption. Transit encryption (ssl/tls from MTA to MTA) and local encryption of messages sometimes is a requirement if you want to be able to bid on government contracts. https://www.bidsync.com/DPX?ac=view&auc=158380 This example is not for hosting mail but for an anti-spam/anti-virus service (they refer to it as email hygiene) that required message encryption on the transit MTA servers disk as well as tls/ssl for MTA to MTA encryption. So this example does not apply directly to Dovecot but it does show there are needs for this level of encryption in general for various customers. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Tom Hendrikx Sent: Thursday, July 16, 2009 2:47 AM To: Thomas Cc: dovecot@dovecot.org Subject: Re: [Dovecot] E-Mail Encryption Thomas schreef: > Arkadiusz Miskiewicz wrote: >> On Wednesday 15 of July 2009, Patrick Domack wrote: >>> The only benefit this would being, is email being saved on the server >>> would be encrypted. Otherwise it offers no protection. >>> >>> I guess if you paranoid that the system admin might read your emails, >>> but then, he can just as easily read them as they come in or out of >>> the system. >> >> Actually such encryption is interesting as a protection in case when >> someone steals server hardware/disks. > > It could be a feature. Why not. > But I'd say that's might be a better idea to encrypt the filesystem. > But... why not if you have time to code it :) > > Cheers, > Thomas When you have to worry about unauthorized persons having physical access to your hardware, you're solving the wrong problem. Encryption would add only false security because the person could also pop some sniffer device onto your NIC connection that reads wire traffic... The "de/encryption in deliver" concept is interesting, but imho not much use in real life. hard disk encryptoin would be much easier though (i.e. off-the-shelve). But I think these tin foil hat ideas get a little off-topic:) -- Tom
Re: [Dovecot] How to run Dovecot as IMAP Proxy?
You can also use pimpstat to monitor the effectiveness of imapproxy. We had imapproxy running running in front of squirrelmail for a post.office IMAP server (based on uw-imap). We eventually went into the code for imapproxy and tweaked some of the SELECT caching and even tweaked some of the squirrelmail imap code a bit to be more efficient with the proxy. Now we are using Dovecot without imapproxy in front of squirrelmail and there are no problems. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Seth Mattinen Sent: Thursday, May 21, 2009 4:36 PM To: V S Rao Cc: Dovecot Mailing List Subject: Re: [Dovecot] How to run Dovecot as IMAP Proxy? V S Rao wrote: > Thanks for the many responses and views. > > I have taken RH support for my mail server only and so have to ensure they support me. So am going with their recommended version which is 0.99.x. > > Now on the webmail I have migrated to RHEL 5.3 and the dovecot being used there is 1.0.7.x. So that should support proxying, right? > > BTW, originally I did not go to Redhat. I moved from uw-imap to Dovecot 1.1.14 on the mail server for POP3. The problem of POP3 timeouts continued and I could not find any reason why POP3 was timing out when 400+ concurrent IMAP sessions were working fine. Moreover other network services such as SMTP, Telnet, SSH etc were working fine. Had the box installed behind a IPS box to see if there were any DoS attacks, but had to rule that out. As a last resort, paid RH for support and they made me downgrade Dovecot from 1.1.14 to 0.99.x. Surprisingly the moment I downgraded dovecot, the problem shifted to IMAP & remained ever since. So naturally they told me uw-imap was the problem and made me move to Dovecot 0.99.x for IMAP as well, but no improvement. > > But the surprising thing, as I mentioned in my original post, IMAP works fine on command line, with clients such as Outlook, THunderbird etc., but Webmail is very slow that its almost not available. > > BTW webmail was also running on RHEL 4.0. Seeing that the problem existed in webmail alone I upgraded webmail to RHEL 5.3 with all the latest RH supported packages on a new hardware. > > Any ideas to help me debug this issue would be of great help as I am stuck on this issue for almost a month now. > > Oh, btw regarding stats, I don't have a measure, but when webmail was working the login was well within 5 seconds. Now it takes forever (more than a min) or timeouts most of the time. Even after login, any request such as opening a mail or changing to a mail folder was well within 5 seconds. Now again it takes forever or timeouts most of the time. > Use imapproxyd (UP-ImapProxy) if you want a caching proxy for webmail. It specifically deals with the "webmail constantly logging in" issue. >From the Debian man page: "ImapProxy was written to compensate for webmail clients that are unable to maintain persistent connections to an IMAP server. Most webmail clients need to log in to an IMAP server for nearly every single transaction; This behaviour can cause tragic performance problems on the IMAP server. ImapProxy tries to deal with this problem by leaving server connections open for a short time after a webmail client logs out. When the webmail client connects again, ImapProxy will determine if there is a cached connection available and reuse it if possible." Dovecot proxy quite simply won't do what it looks like you want to do, and is irrelevant on your webmail server. ~Seth
Re: [Dovecot] Unable To Send Mail
In this case telnet is an SMTP client and Thunderbird is an SMTP client. One works and another does not. Seems like a client issue to me. IMAP has nothing to do with sending email except that maybe a copy of your sent message may get stored on the IMAP server under a "Sent Items" folder. I would check your postfix logs. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Carlos Williams Sent: Tuesday, May 05, 2009 2:32 PM To: Dovecot Mailing List Subject: Re: [Dovecot] Unable To Send Mail On Tue, May 5, 2009 at 3:27 PM, Seth Mattinen wrote: > Dovecot does not speak SMTP to other mail servers, unless you mean "send > mail" in a different sense than I'm used to. > > ~Seth I mean that I can send (SMPT) via Telnet which Postfix does fine. However when I configure Thunderbird mail client to use the IMAP (Dovecot) settings and attempt to compose a new message, the user (recipient) never receives the message. I am thinking as well as users of the Postfix list that this issue is related to my Dovecot config file not being properly set up. I could be wrong...
[Dovecot] dbox with non-dovecot LDA
Aside from the code is there any documentation on using dbox with a non-Dovecot LDA? We have our own MTA and currently use Dovecot with Maildir only for message retrieval and just have our MTA write the message files to our own directory structure (Dovecot per user mailbox locations stored in mysql) but I am interested in looking at moving to dbox if it is better for performance and other things like static filenames. One thing we'd like to do is not use the Dovecot LDA so as to control the entire inbound email delivery process all the way to verifying the actual message is 100% written to disk. Certainly we can use the Dovecot LDA if it came to it but we'd like to retain control over this entire process if possible.
Re: [Dovecot] Extremely custom mailbox locations
I see I misunderstood the full extent of what the OP was trying to accomplish. If the assumption of "control where these message files get written to" is inaccurate then my idea would not apply. I was thinking it would save on the whole symlink business if it were possible to move/copy all of these messages into a single location. If you are making the symlinks by hand or thru some external script you have it may be better to pool all of these files together for cleanliness. Am I way off base here? -Original Message- From: Timo Sirainen [mailto:t...@iki.fi] Sent: Thursday, March 12, 2009 5:37 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Extremely custom mailbox locations Why? Nothing special. Those users would then just share the same mailboxes. On Thu, 2009-03-12 at 17:21 -0500, Justin Krejci wrote: > What would happen if you specify the same mailbox location for multiple > users? > > User1 = /mailbox/user1 > User2 = /mailbox/user1 > User3 = /mailbox/user3 > User4 = /mailbox/user4 > etc > > -Original Message- > From: dovecot-bounces+jkrejci=usinternet@dovecot.org > [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of > Timo Sirainen > Sent: Thursday, March 12, 2009 5:08 PM > To: Steve Kemp > Cc: dovecot@dovecot.org > Subject: Re: [Dovecot] Extremely custom mailbox locations > > On Thu, 2009-03-12 at 20:07 +, Steve Kemp wrote: > > I suspect if I fill cur/ with symlinks to each of the individual > > messages things will mostly work out OK, but I wonder if that is > > the best solution, or if there is a slim chance that I could serve > > this hierarchy without the intermediate step? > > The main problem I see with symlinks is that if message is deleted, it's > only the symlink that gets deleted. Anyway I don't see other choices > than symlinking or moving the messages. >
Re: [Dovecot] Extremely custom mailbox locations
What would happen if you specify the same mailbox location for multiple users? User1 = /mailbox/user1 User2 = /mailbox/user1 User3 = /mailbox/user3 User4 = /mailbox/user4 etc -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Timo Sirainen Sent: Thursday, March 12, 2009 5:08 PM To: Steve Kemp Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Extremely custom mailbox locations On Thu, 2009-03-12 at 20:07 +, Steve Kemp wrote: > I suspect if I fill cur/ with symlinks to each of the individual > messages things will mostly work out OK, but I wonder if that is > the best solution, or if there is a slim chance that I could serve > this hierarchy without the intermediate step? The main problem I see with symlinks is that if message is deleted, it's only the symlink that gets deleted. Anyway I don't see other choices than symlinking or moving the messages.
Re: [Dovecot] pop-proxy to redundant servers ?
I don't believe there is anything inherent in Dovecot to do this but if you have your own backend system health checks you can configure the sql DB to update which server to proxy a request to based on the results of your health checks. This would mostly be outside the scope of Dovecot though. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Jan-Frode Myklebust Sent: Monday, March 09, 2009 10:16 AM To: dovecot@dovecot.org Subject: [Dovecot] pop-proxy to redundant servers ? I'm considering putting two servers with failover IP-addresses in front of our pop/imap cluster, with dovecot in proxy-mode running on both servers. But, can dovecot handle more than one backend server for each user ? I.e. I would want to point the dovecot proxy to send userX to backend-server1, or backend-server2 if backend-server1 is down. Is something like that possible ? -jf
Re: [Dovecot] Quick question...
If you don't need the message in the actual mailbox you can do that with your MTA instead. In postfix for example you setup a custom transport in the master.cf file that calls your application. Then you setup a transport record for that particular address which is delivered to your custom transport. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of dove...@segel.com Sent: Wednesday, February 25, 2009 2:29 PM To: dovecot@dovecot.org Subject: [Dovecot] Quick question... Hi, Here's the scenario. I want to set up a mailbox so that when mail sent to the address is piped to a processing application, instead of going to a mailbox. One way I can do this is to set up a mailbox and then have an application that checks to see if there's mail and then processes it. (Old school Unix script) Is there a way to set it up with dovecot? (Cleaner solution) Thx -Mike
Re: [Dovecot] pop3_lock_session question
> > Could it be some (older?) webmail clients that use pop3 instead of imap? > > I wouldn't expect a webmail client to hold a pop3 connection open > across multiple web requests. We have standard webmail clients > available for customer use, but they use IMAP. With the frequency > we're seeing this problem, I'd expect it's more likely to be something > newer or more commonly used. Presuming you've been able to identify which users this is affecting I would suspect you could go back to those users and determine what clients they are connecting with and then interested parties (dovecot devs?) could perform further investigation in a lab or whatever to determine what is going on. Maybe the client(s) is/are just whacky or there is a bug somewhere. You can also track down the source IP addresses which may give you an idea as to the client as well. If it is a RIM subnet then you may be able to assume it's a blackberry. If the PTR record for the IP is webmail.somecompany.com then you can probably contact the company and discuss with them. Etc. Some companies may have a proxy or something that is attempting to hold the connections open for faster response times maybe geared for slow link connections. People do a lot of "interesting" things from time to time. I also didn't see you mention it but presumably you are on a relatively recent version of Dovecot considering you are examining the source code.
Re: [Dovecot] pop3_lock_session question
> > > Why doesn't this happen with imap? Why can't we make pop3 do what > > > imap does? Even if it's inefficient, it's better than hanging all > > > incoming mail delivery while deliver eats up our local concurrency > > > limits. > > > > IMAP unlocks mbox after each command is done. But POP3 clients typically > > just run RETR, RETR, RETR, .. so unlocking + locking again later is just > > extra work that slows things down. I guess there could be a timeout that > > if no RETR has been run for a few seconds it unlocks the mailbox. > > > > But I've never before heard POP3 clients behaving that way, so I'd like > > to know what exactly are they doing. Are they not sending anything? Are > > they NOOPing? I don't see any reason for them to be doing either.. > > In the cases I've looked into, the client seems to be connected and > not doing anything. I don't have access to the clients or end users, > but ktrace on the pop3 process basically is producing no output or > very little output over an extended period. > Could it be an interactive client which maintains an open pop > connection, even when no one is actively doing anything with it? > > The "unlock after a few seconds" option would be great. > > Do you have any documentation or hints on how to identify or debug > connecting pop clients without involving the end user? Could it be some (older?) webmail clients that use pop3 instead of imap?
[Dovecot] ImapTest Wiki
On this page http://imapwiki.org/ImapTest/Running It gives command line parameters to define. One of them is "password=pass" but this resulted in an "Unknown arg" response for me on a fresh install. I then looked at some examples and they give the argument as "pass=pass" which works for me. Was the argument name changed recently or something?
Re: [Dovecot] Possible to log IMAP connections to MySQL Table?
If you use MySQL for auth you could include some logging bits as part of your SQL query. -Original Message- From: dovecot-bounces+jkrejci=usinternet@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet@dovecot.org] On Behalf Of Corey Shaw Sent: Tuesday, December 23, 2008 2:50 PM To: dovecot@dovecot.org Subject: [Dovecot] Possible to log IMAP connections to MySQL Table? Is it currently possible to log all IMAP connection attempts to a MySQL table? Thanks. _ Corey
Re: [Dovecot] Dovecot Proxy with MySQL auth
The proxy_maybe is working well for us with MySQL auth. We have a much more complicated SQL query as we are doing a lot more but the example was able to get us the correct Dovecot specific portion working. Thanks for the info we are starting to migrate users over to Dovecot now that we put these proxy_maybe servers in front of our legacy pop/imap server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Krejci Sent: Sunday, November 30, 2008 1:50 AM To: 'Timo Sirainen' Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth The info is appreciated, thanks for the update! We will try it out and respond with feedback. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Saturday, November 29, 2008 7:49 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote: > http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > At the bottom of this page it gives a query example of "SELECT NULL AS > password, ." but that does not seem to allow for us to use the proxy_maybe Right. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.
Re: [Dovecot] Dovecot Proxy with MySQL auth
The info is appreciated, thanks for the update! We will try it out and respond with feedback. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Saturday, November 29, 2008 7:49 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote: > http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > At the bottom of this page it gives a query example of "SELECT NULL AS > password, ." but that does not seem to allow for us to use the proxy_maybe Right. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.
Re: [Dovecot] Dovecot Proxy with MySQL auth
I get the feeling not many people are using Dovecot proxy with MySQL auth. Is there anyone who has done this before? We might end up going with something like NGINX for the proxy instead if we cannot figure out if and how this should work for our type of scenario but it would be nice if we could go with fewer components. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Krejci Sent: Wednesday, November 26, 2008 11:57 AM To: 'Dovecot Mailing List' Subject: [Dovecot] Dovecot Proxy with MySQL auth We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever. Any input or suggestions would be appreciated. Justin Krejci
[Dovecot] Dovecot Proxy with MySQL auth
We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever. Any input or suggestions would be appreciated. Justin Krejci
[Dovecot] Mailbox Hashing
First off, the website documentation is really good for Dovecot but while reading I was not able to find anything pertaining to inbox hashing for Maildirs. I saw plenty about hashing the directories that the user mailboxes live in but nothing about specifically hashing an individual user's inbox directory itself. Is there any method for hashing the inbox automatically after say 5,000 messages are stored? Example $Maildir/in/0/message0 $Maildir/in/0/message1 $Maildir/in/0/message2 . $Maildir/in/0/message4999 $Maildir/in/1/message5000 $Maildir/in/1/message5001 etc I am not currently using Dovecot but am interested to know if this is available or does running with 20,000+ messages in a single inbox not affect the performance much? I have looked into other file system tuning techniques such as enabling ext3 dir_index or using ReiserFS (maybe not ReiserFS anymore). There will likely be 15,000 to 20,000 accounts spread out on one or more servers using a 6-drive RAID10 setup. Most accounts are not expected to have high message quantities but there will be lots of concurrent connections via pop and imap (and webmail imap). Any suggestions or feedback would be appreciated.