Re: server migration

[Kirill Miazine via dovecot]

• Gandalf Corvotempesta via dovecot [2024-04-10 23:18]:

Il giorno mer 10 apr 2024 alle ore 23:12 Kirill Miazine via dovecot
 ha scritto:

UIDVALIDITY change


In which case uidvalidity would change ?


if you do rsync, it doesn't. UIDVALIDITY is stored in dovecot-uidlist in 
maildirs, as described in 
https://doc.dovecot.org/admin_manual/mailbox_formats/maildir/#imap-uid-mapping

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Kirill Miazine via dovecot]

• Gandalf Corvotempesta via dovecot [2024-04-10 22:59]:

What could trigger a new re-download of message ?


UIDVALIDITY change
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

[Kirill Miazine via dovecot]

• Gandalf Corvotempesta via dovecot [2024-04-10 21:07]:

Guys, any help?


What you describe is exactly what I have been doing since ... forever

- reduce TTL
- setup new server
- rsync
- stop ALL mail services on old server (also anything which might be 
doing deliveries, this is important), kill client connections, if any

- rsync again
- update DNS
- start mail service on new server
- verify
- increase TTL

You mention multiple rsyncs, I wouldn't bother...


Also, what would happen if the new server has a different hostname ?


You'd get new filenames in Maildir, and this is it.


Il giorno dom 10 mar 2024 alle ore 14:28 Gandalf Corvotempesta
 ha scritto:


Hi guys
I have to migrate around 10k mailboxes from dovecot 2.13 to (i think)
the same version but on a different server.

I have to reduce as much as possible the inconveniences to the users,
at least in this (temporary) phase.

What do you suggest to move everything ? Same config, same maildir
location and rsync everything ?

Better ideas ? i've thought to use the exact same config on both
servers, then start multiple rsync to sync as much as possible and
when ready, drop the old dovecot in the old server, rsync the latest
changes, and then move the dns pointment from the old ip to the new
one.

But what about the MUA downloading emails ? I think this would be
safe...or there is a chance that some MUA would re-download everything
? This would be unacceptable.

thank you

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Redirects 550'd So why no SRS method

[Kirill Miazine]

• Laura Steynes [2024-01-04 23:51]:
> Happy New Year!
> 
> Now to Aki, Timo, Corr, why, when setting up mail forwarding, is sieve not
> automatically configuring rules for SRS, it has this ability for long time, 
> yet
> dovecots sieve based forwarding just creates a plain old redirect "forward"
> resulting in,in 2024, 99% of forwarded emails getting rejected for failing SPF
> because it's not enabling the require or the rules needed for successful 
> sender
> rewriting.

External forwarding in 2024 is rather fragile anyway, isn't it?

> Is this an oversight? and I suppose the bigger question is, when is it planned
> to be corrected to using SRS method?

I'd consider this a task for the MTA doing the deliveries of the
messages submitted by Dovecot to ensure that all external messages have
an envelope sender which would make SPF happy (even though I see that
Cyrus' Sieve gained SRS support in 2010). SRS requires coordination with
the MTA listed as MX for the domain used in the SRS envelope anyway, so
one might as well just do all rewriting on the MTA level.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery

[Kirill Miazine]

My main goal was to warn Dovecot people about potential issues when
upgrading.

Using LMTP is, of course, an option, and should be considered, but there
are still cases when using LDA is appropriate.

In my case I couldn't easily just switch to LMTP, as that would affect
the way spam scanning and training is done. In fact, I do have LMTP set
up too, but I have it commented out as with LMTP in my setup I'm not
getting spam training. My spam scanning and training is implemented
using Exim facility called transport_filter and allows for very
lightweight spam checking using bogofilter.

Some users might be calling Dovecot LDA from their .forward files.

• Aki Tuomi [2022-04-25 16:56]:
> You could also just switch to LMTP instead of LDA.
> 
> Aki
> 
> > On 25/04/2022 16:47 Kirill Miazine  wrote:
> > 
> >  
> > So my workaround was to create a simple wrapper and call it, instead of
> > dovecot-lda:
> > 
> > $ cat /local/bin/dovecot-lda-wrapper
> > #!/bin/sh
> > exec /usr/local/libexec/dovecot/dovecot-lda \
> >   -d "${LOCAL_PART}@${DOMAIN}" \
> >   -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> >   -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> >   -f "${SENDER}"
> > 
> > Here's how it is called from Exim:
> > 
> > dovecot_pipe:
> > driver = pipe
> > command = /local/bin/dovecot-lda-wrapper
> > #command = /usr/local/libexec/dovecot/dovecot-lda \
> > #-d $local_part@$domain \
> > #-a $local_part$local_part_suffix@$domain \
> > #-r $local_part$local_part_suffix@$domain \
> > #-r $local_part$local_part_suffix@$domain \
> > #-f $return_path
> > 
> > • Kirill Miazine [2022-04-25 14:36]:
> > > Hi, all
> > > 
> > > The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> > > described on https://wiki.dovecot.org/LDA/Exim
> > > 
> > > Here is the relevant ChangeLog entry:
> > > 
> > > JH/25 Taint-check exec arguments for transport-initiated external 
> > > processes.
> > >   Previously, tainted values could be used.  This affects "pipe", 
> > > "lmtp" and
> > >   "queryprogram" transport, transport-filter, and ETRN commands.
> > >   The ${run} expansion is also affected: in "preexpand" mode no part 
> > > of
> > >   the command line may be tainted, in default mode the executable name
> > >   may not be tainted.
> > > 
> > > As of now I don't have a personal working solution to get untained data.
> > > I did try a small hack, but Exim was smart enough to see what I was
> > > doing.
> > > 
> > > -- 
> > > -- Kirill Miazine 
> > 
> > -- 
> > -- Kirill Miazine 

-- 
-- Kirill Miazine 

Re: Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery

[Kirill Miazine]

So my workaround was to create a simple wrapper and call it, instead of
dovecot-lda:

$ cat /local/bin/dovecot-lda-wrapper
#!/bin/sh
exec /usr/local/libexec/dovecot/dovecot-lda \
  -d "${LOCAL_PART}@${DOMAIN}" \
  -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
  -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
  -f "${SENDER}"

Here's how it is called from Exim:

dovecot_pipe:
driver = pipe
command = /local/bin/dovecot-lda-wrapper
#command = /usr/local/libexec/dovecot/dovecot-lda \
#-d $local_part@$domain \
#-a $local_part$local_part_suffix@$domain \
#-r $local_part$local_part_suffix@$domain \
#-r $local_part$local_part_suffix@$domain \
#-f $return_path

• Kirill Miazine [2022-04-25 14:36]:
> Hi, all
> 
> The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> described on https://wiki.dovecot.org/LDA/Exim
> 
> Here is the relevant ChangeLog entry:
> 
> JH/25 Taint-check exec arguments for transport-initiated external processes.
>   Previously, tainted values could be used.  This affects "pipe", "lmtp" 
> and
>   "queryprogram" transport, transport-filter, and ETRN commands.
>   The ${run} expansion is also affected: in "preexpand" mode no part of
>   the command line may be tainted, in default mode the executable name
>   may not be tainted.
> 
> As of now I don't have a personal working solution to get untained data.
> I did try a small hack, but Exim was smart enough to see what I was
> doing.
> 
> -- 
> -- Kirill Miazine 

-- 
-- Kirill Miazine 

Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery

[Kirill Miazine]

Hi, all

The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
described on https://wiki.dovecot.org/LDA/Exim

Here is the relevant ChangeLog entry:

JH/25 Taint-check exec arguments for transport-initiated external processes.
  Previously, tainted values could be used.  This affects "pipe", "lmtp" and
  "queryprogram" transport, transport-filter, and ETRN commands.
  The ${run} expansion is also affected: in "preexpand" mode no part of
  the command line may be tainted, in default mode the executable name
  may not be tainted.

As of now I don't have a personal working solution to get untained data.
I did try a small hack, but Exim was smart enough to see what I was
doing.

-- 
-- Kirill Miazine 

Re: Strange SASL issue

[Kirill Miazine]

* Antoine Nguyen [2017-09-07 15:13]:
> 2017-09-07 15:04 GMT+02:00 Sami Ketola :
> 
> >
> > > On 7 Sep 2017, at 16.03, Antoine Nguyen  wrote:
> > >
> > > 2017-09-07 14:29 GMT+02:00 Aki Tuomi :
> > >
> > >>
> > >>
> > >> On 07.09.2017 15:26, Antoine Nguyen wrote:
> > >>> Hi all,
> > >>>
> > >>> I've just upgraded my server from debian 8 to debian 9 and I now
> > >> encounter
> > >>> a strange issue. I'm using prosody (XMPP server), configured to
> > >>> authenticate against dovecot using SASL and a unix socket.
> > >>>
> > >>> This setup was working fine on debian 8.
> > >>>
> > >>> Now, each time I try to connect using my XMPP client, the
> > authentication
> > >>> fails and I see the following error in logs:
> > >>>
> > >>> auth: Error: BUG: Authentication client said it's PID 0
> > >>>
> > >>> Have you ever heard about this?
> > >>>
> > >>> For information, dovecot version is 2.2.27.
> > >>>
> > >>> Thank you,
> > >>> Antoine Nguyen
> > >> That seems to be a bug in XMPP. It should not use PID 0.
> > >>
> > >>
> > > The XMPP server runs as 'prosody' user, not root...
> >
> >
> > PID is process id, not user id.
> >
> >
> >
> Sorry, I replied too quickly. I don't how prosody manages authentication
> but the main process ID is not 0 of course. How can I debug this?

somehow enable debugging in prosody, so it logs what it sends as cpid
parameter, as you can see here:

https://hg.prosody.im/prosody-modules/file/tip/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua#l70

> 
> Antoine

-- 
-- Kirill Miazine 

Re: application specific passwords

[Kirill Miazine]

* mj [2017-07-20 21:46]:
> Hi Kirill,
> 
> Thanks for your reply. Such a simple flat file approach would be perfect,
> and I don't mind at all to require app specific usernames *and* passwords.

In my case it's flat file, but this is easily doable with SQL as well,
using a separate table for login/password and a key to a table with
appropriate user data.

> However, I am unsure how to combine your recipe below with our regular AD
> userdb/passdb.

Unfortunately, I'm not familiar with AD

> Perhaps someone can give me some pointers in that direction?
> 
> MJ
> 
> On 07/20/2017 06:50 PM, Kirill Miazine wrote:
> > I'm not familiar with samba AD and with it's features and limitation.
> > For my simple system I'm using plain files for passdb and userdb (aka.
> > passwd-file). Application (or rather device) specific passwords are
> > implementing by using having an additional "username" with a specific
> > password for a particular application or device. E.g. some entries for
> > myself:
> > 
> >  bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
> > userdb_quota_rule=*:bytes=10240M
> >  kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
> > userdb_quota_rule=*:bytes=10240M
> >  sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
> > userdb_quota_rule=*:bytes=10240M
> >  workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
> > userdb_quota_rule=*:bytes=10240M
> > 
> > The files are generated automatically from a Single Source of Truth.
> > 
> > In my case I'm selecting the username myself, but there's nothing
> > preventing you from generating a username/password combination for your
> > users.
> > 
> > Note that in my setup users will have application specific username and
> > password, not only application specific password. It was easier to
> > implement it quickly this way.
> > 
> > Greetz
> > Kirill
> > 

-- 
-- Kirill Miazine 

Re: application specific passwords

[Kirill Miazine]

Hi, mj

* mj [2017-07-20 13:29]:
> Hi,
> 
> Further to the other thread about password guessing activities against our
> dovecot, I would like to implement application specific passwords on our
> dovecot.
[...]
> 
> Is there anone here with some additional notes, ideas, tips, trics on
> setting up application specific passwords with dovecot with virtual users?
> We are using samba AD as an authentication backend.

I'm not familiar with samba AD and with it's features and limitation.
For my simple system I'm using plain files for passdb and userdb (aka.
passwd-file). Application (or rather device) specific passwords are
implementing by using having an additional "username" with a specific
password for a particular application or device. E.g. some entries for
myself:

bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
userdb_quota_rule=*:bytes=10240M
kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
userdb_quota_rule=*:bytes=10240M
sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
userdb_quota_rule=*:bytes=10240M
workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir 
userdb_quota_rule=*:bytes=10240M

The files are generated automatically from a Single Source of Truth.

In my case I'm selecting the username myself, but there's nothing
preventing you from generating a username/password combination for your
users.

Note that in my setup users will have application specific username and
password, not only application specific password. It was easier to
implement it quickly this way.

Greetz
Kirill

-- 
-- Kirill Miazine 

Re: [Dovecot] Does anyone know a good Dovecot hoster in europe?

[Kirill Miazine]

Hello,

* Johannes [2010-01-29 11:47]:

Hi,

though I am not sure this is the right place to ask, but I just try.

I am looking for a better e-mail hoster providing me with a
dovecot server (I don't want to do all the admin stuff and
backup myself, if possible).


Are you looking for a provider in Europe, who is using Dovecot to
provide access to mail to its customers, or are you looking for
a provider who would provide you a Dovecot system which you can suit to
your needs?

Gandi (www.gandi.net) uses Dovecot IMAP for providing mail services to
domains hosted by Gandi.

There are probably many others using Dovecot, but they don't advertise
Dovecot. For example, I know of several such in Norway.


I already googled a bit, searched the archives and had a
look at dovecot.org but could not find an answer to this
question.
Since dovecot seems to get a fair amount of funding
from finnish companies I thought there should be a good
hoster among them.

Any hints?

Thanks

Johannes

Re: [Dovecot] Dovecot 2.0 authentication will not work with Exim [patch]

[Kirill Miazine]

* Kirill Miazine [2010-01-28 10:25]:

Just a notice to those of you who use Dovecot authentication with Exim.

In Dovecot 2.0 authentication server will send a new keyword, COOKIE.
This will cause Exim to abort it's authentication request.

I submitted a bug and patch to Exim to fix this, the patch is here:

   http://km.krot.org/code/exim-dovecot-1.1.diff


The number 1.1 refers to the version of the authentication protocol,
not Dovecot version.

--
    -- Kirill Miazine 

[Dovecot] Dovecot 2.0 authentication will not work with Exim [patch]

[Kirill Miazine]

Just a notice to those of you who use Dovecot authentication with Exim.

In Dovecot 2.0 authentication server will send a new keyword, COOKIE.
This will cause Exim to abort it's authentication request.

I submitted a bug and patch to Exim to fix this, the patch is here:

http://km.krot.org/code/exim-dovecot-1.1.diff

BR,
Kirill

Re: [Dovecot] nologin in auth proto version 1.1

[Kirill Miazine]

Ok, I didn't understand it wasn't gone. I only read the doc today
:)

* Timo Sirainen [2010-01-21 22:58]:

On 21.1.2010, at 22.38, Kirill Miazine wrote:

  Could we have nologin back please?

  Where do you see nologin ever mentioned in authentication
  protocol? I

  don't see it in v1.0's auth-protocol.txt. It's still working,
  it's just

  not really part of the protocol itself.

Quoting yourself:
But I think this should be fixed so that it's not necessary to do
it. So
I added a new "nologin" field to AUTH request. If it's used, the
request
will be freed immediately when authentication is finished. So
v1.0.11
will have it (whenever it gets released..) as well as the next
v1.1.beta.

Anyway, like I said, it's not gone. It just was never added to
the document. Maybe it should be mentioned there.

Re: [Dovecot] nologin in auth proto version 1.1

[Kirill Miazine]

* Timo Sirainen [2010-01-21 22:17]:
> On 21.1.2010, at 22.09, Kirill Miazine wrote:
> 
> > I notice that the nologin parameter for the AUTH command is gone in
> > version 1.1 of Dovecot Authentication Protocol.
> > 
> > nologin was added in 1.1, so that authentication client could indicate
> > that there will be no subsequent master requests to retrieve user info.
> > 
> > Could we have nologin back please?
> 
> Where do you see nologin ever mentioned in authentication protocol? I
> don't see it in v1.0's auth-protocol.txt. It's still working, it's just
> not really part of the protocol itself.

Quoting yourself:

But I think this should be fixed so that it's not necessary to do it. So
I added a new "nologin" field to AUTH request. If it's used, the request
will be freed immediately when authentication is finished. So v1.0.11
will have it (whenever it gets released..) as well as the next
v1.1.beta.

Re: [Dovecot] nologin in auth proto version 1.1

[Kirill Miazine]

* Kirill Miazine [2010-01-21 21:09]:
> I notice that the nologin parameter for the AUTH command is gone in
> version 1.1 of Dovecot Authentication Protocol.
> 
> nologin was added in 1.1, so that authentication client could indicate

I meant 1.0, of course.

> that there will be no subsequent master requests to retrieve user info.
> 
> Could we have nologin back please?
> 
> Kirill

[Dovecot] nologin in auth proto version 1.1

[Kirill Miazine]

I notice that the nologin parameter for the AUTH command is gone in
version 1.1 of Dovecot Authentication Protocol.

nologin was added in 1.1, so that authentication client could indicate
that there will be no subsequent master requests to retrieve user info.

Could we have nologin back please?

Kirill

Re: [Dovecot] LDA and POP3/IMAP user_query

[Kirill Miazine]

* Michael [2010-01-20 10:02]:
[...]
> As long as the query can be different for LDA vs. POP3/Imap is good for
> me  thanks.
> 
> Having said that if there is no reason not to make it a configurable
> option  for LDA vs. POP3 vs. Imap may as well go the full way?

Just of curiosity, have you tried replacing %n with %u after WHERE as I
suggested?


A suggestion is that you replace the first line after WHERE with

 ((mailboxes.username = '%u' AND accounts.active='1') ||

That is, you replace %n with %u.


Kirill

Re: [Dovecot] LDA and POP3/IMAP user_query

[Kirill Miazine]

* Michael [2010-01-15 12:12]:

How do I get IMAP+POP3 vs. LDA to use different user_query statements?

The problem is that the input fields are different.


I don't understand what you mean.


IMAP/POP3 is an email address

LDA is a username


Again, sorry, but I don't understand what you mean.


I have written a long statement to try and cater for both however it still
only works 99% of the time, and the remaining 1% fails. The 1% that fails
sees the mail being delivered to the wrong mbox. In this particular case the
same client owned both mboxes so it was ok, but if this had not been the case
things could have gotten real embarrassing.

Think of the following:

abcwidg...@theirdomain.tld  mailuser1
mailus...@adomain.tld   mailuser2

Now when using the Postfix LDA, email for each address is properly delivered
to the specified mbox, however in this case because their is a matching name
for the mbox and the email address lefthand content, the compound SQL query
returns both results and the LDA will use the first one, which in this case
was the wrong one.

This is the query used:
user_query = \
SELECT mailboxes.username AS user, mailboxes.uid, mailboxes.gid, \
concat('*:storage=',mailquota,'M') AS quota_rule \
FROM mailboxes JOIN accounts ON accounts.username = mailboxes.username \
WHERE ((mailboxes.username = '%n' AND accounts.active='1') || \
(mailboxes.email = '%u' AND mailboxes.active='1' AND accounts.active='1') || \
(mailboxes.email = CONCAT('@','%d') AND mailboxes.active='1' \
AND (SELECT COUNT(email) FROM mailboxes WHERE email='%u') = '0'))


Eeek. This wasn't pretty. I've reformatted the query to make it more
readable.

SELECT
mailboxes.username AS user,
mailboxes.uid,
mailboxes.gid,
concat('*:storage=',mailquota,'M') AS quota_rule 
FROM

mailboxes JOIN accounts
ON accounts.username = mailboxes.username
WHERE
((mailboxes.username = '%n' AND accounts.active='1') ||
(mailboxes.email = '%u' AND mailboxes.active='1' AND accounts.active='1') ||
(mailboxes.email = CONCAT('@','%d') AND mailboxes.active='1' AND
(SELECT COUNT(email) FROM mailboxes WHERE email='%u') = '0'));

A suggestion is that you replace the first line after WHERE with

((mailboxes.username = '%u' AND accounts.active='1') ||

That is, you replace %n with %u.


which additionally caters for the few catch alls our users have.

I think this is a massive oversight in the design of Dovecot to use one query
to for 2 separate and distinct processes, that both use different parameters.


"I think this is a massive oversight in the design of" your query.

In any case, you can use CASE ... WHEN ... and check whether '%s'
(service) is deliver (for LDA) or not...


From what I can tell it seems to assume that a mail system will always use
usern...@domain addresses, and never anything more arbitrary.


What is the format of mailboxes.username in your setup? Will it be
unique?

--
-- Kirill Miazine 

Re: [Dovecot] IDLE timing issue - dovecot or fetchmail issue?

[Kirill Miazine]

* Matt Doran [2010-01-12 13:40]:

Hi guys,

Thanks for the great product.  We've used dovecot for ages as our 
internal mail server and it works great!


Let me second that.

I've recently started using fetchmail 6.3.9 (with IDLE enabled) to 
download mail from our ISP (Pair networks).   The ISP is running 
Dovecot 1.1.16.  I am unable to get the info about the dovecot config 
at this time.


The IDLE support in fetchmail allows us to deliver mail near 
instantaneously without the need to poll (which is what we did 
previously using POP3).


Oh, this is cool.

However I've noticed an issue where if 2 
mails are delivered in quick succession fetchmail will only download 
the first email, and the second will not download.   If I then send 
in another test email this triggers the download of 2 emails (the 
original that wasn't downloaded and the test email).


Now I'm wondering whether the issue lies with Dovecot (e.g. a timing 
issue), or is it fetchmail that isn't implementing the IDLE/download 
properly.


This is a timing issue, yes, but the IMAP server does what it's supposed
to do - when it sees the first message arrive, it notifies fetchmail
about it. Fetchmail immediately ends IDLE session by sending DONE and
starts fetching that one message. If DONE wasn't sent, the server would
issue another response notifying you about the second message, but it
doesn't get a chance to do so. Please try this: login to server and
enter these commands (to get encrypted connection without using STARTLS
you can use command "openssl s_client -connect mail..com:993"):

. login  
. select inbox
. idle

Now try send some messages and observe what happens.

When you're done, send these commands to the server

done
. logout

Here's what Dovecot sent to me when idling, I sent 5 messages very
quickly:

* 1 EXISTS
* 2 EXISTS
* 3 EXISTS
* 5 EXISTS

If I'd terminate the IDLE session after the first line, I won't receive
the other lines. So, I'd have to check for new messages myself or start
IDLE session again and wait for yet another message to arrive. Then
Dovecot would tell me about all new messages and I could go on and fetch
them.

I've attached the output of a fetchmail session showing this problem 
in action (I've added some annotations to this file starting with 

).  The sequence of events are:


  * Start fetchmail with IDLE enabled
  * Send 2 emails in quick succession.
  * Dovecot notifies of the new message
  * Fetchmail downloads the message
  * Fetchmail initiates a new IDLE
  * Then nothing more is delivered. :(
  * I then send another email, which triggers the 2 to download.


I don't know enough about IMAP to understand whether the problem lies 
with Dovecot or Fetchmail.   Hopefully an IMAP expert will be able to 
see from the attached IMAP session.


Not being an expert, I tried to provide an explanaition of my
understanding om IDLE. So, in your case it's fetchmail where logic could
be improved.

--
-- Kirill Miazine 

Re: [Dovecot] CLOSING THREAD (was: "leave mail on server" workaround)

[Kirill Miazine]

* Stan Hoeppner [2010-01-10 12:15]:

Kirill Miazine put forth on 1/10/2010 11:28 AM:


Actually this is a wish of one customer, so I'm trying to figure out how
much pain it will be do support such scenario.


One customer?  Why is s/he requesting this?  AFAIK, all POP clients default to
"delete after download".  And even if there is one that defaults to "leave a
copy on server" I guarantee it has an option to "delete after download".

However, regardless, these aren't motivations.  The only possible legitimate
motivation for wanting this ability is that a customer is eating too much disk
space.  The answer to that is quotas.  If you goal is that you just don't want
to support POP anymore but only IMAP, then you send an announcement to your
customer community that you will cease supporting POP on date xx/xx/ and
instructions for setting up an IMAP client can be found here:
http://www.your-domain.tld/imap-instructions.

Something is amiss here.  I fear you are not being truthful in your account of
your motivations.


What makes you fear that I'm not being truthful about my motivation? (So
ou mean I'm lying, huh?) I got a question about possibility to disable
"leave mail on server" at all. And since "leave mail on server" is just
a client behaviour (not deleting after retrieving), I needed to explore
options to accomplish this request.

On this list, I was asking about a way to best accomplish this. I was
not asking for opinions on whether such behaviour is optimal, desirable
etc.


There is no legitimate scenario for requesting this ability.
Any possible motivation you could have for wanting this feature is better
properly handled by options/methods already in existence.


IIRC Gmail has an option to delete a message after it is retrieved via
POP. Regardless of whether the POP client issues DELE commands or not.

I remember having come across a POP server that had a feature (disabled
by default, of course) to generate random messge ID in response to UIDL
commands. The motiviation? To discourage users leaving mail on server.

Anyway, let us close this thread now before getting too much off topic.

--
-- Kirill Miazine 

Re: [Dovecot] "leave mail on server" workaround

[Kirill Miazine]

* Frank Cusack [2010-01-10 12:20]:
> On January 10, 2010 1:34:25 AM +0100 Kirill Miazine  wrote:
> > What would be the best way to disallow them using such approach. That
> > is, what is the best way to force deletion of messages that have been
> > RETRieved in a POP session at the end of that POP session?
> >
> > RETRieved messages will be marked as \Seen, but since users might also
> > use an IMAP client (e.g. webmail), it'll be dangerous to simply delete
> > all \Seen messages in user's mailbox.
> 
> These two statements seem to be in conflict.  If your users might also
> use an IMAP client, why would you delete retrieved messages at all?

To give them an incentive to use only IMAP ;)

Actually this is a wish of one customer, so I'm trying to figure out how
much pain it will be do support such scenario.

-- Kirill

Re: [Dovecot] How to tell dovecot to use a specific MTA

[Kirill Miazine]

* Spyros Tsiolis [2010-01-09 12:00]:
[...]

My question is pretty simple. How exactly does someone tell dovecot
(or the CentOS system) that the MTA used is not a pre-packaged postfix
MTA but (in my case as you have pretty much discovered by now) XMail
compiled from source (no pre-packaged version AFAIK for CentOS; but even
if existed, I would still build it on my own) ?


Specify path to the sendmail binary using sendmail_path option. XMail
creates a sendmail binary (according to the docs, I have never dealt
with XMail).


Any help would be appreciated,

Regards,

spyros


--
-- Kirill Miazine 

Re: [Dovecot] "leave mail on server" workaround

[Kirill Miazine]

* Vegard Svanberg [2010-01-10 14:31]:

* Kirill Miazine  [2010-01-10 13:57]:


Thanks for the suggestion regarding quotas, but I'm really interested in
an approach I just described. I want to be able to disable the
possibility to leave mail on server after download.


Well, you'd have to hack the source then, and make it delete the message
after retrieving it.


Yes, that's probaby the easiest way to go. Or maybe a plugin for
disallowing "leave mail on server" to force users to use IMAP?


Or you could make something that deletes read e-mails older than X days.


--
-- Kirill Miazine 

Re: [Dovecot] "leave mail on server" workaround

[Kirill Miazine]

Thanks for the suggestion regarding quotas, but I'm really interested in
an approach I just described. I want to be able to disable the
possibility to leave mail on server after download.

* Stan Hoeppner [2010-01-09 20:56]:
> Kirill Miazine put forth on 1/9/2010 6:34 PM:
> > Hello,
> > 
> > POP users often keep fetched mail on server, by checking for "leave mail
> > on server" or similar option in their client.
> > 
> > What would be the best way to disallow them using such approach.
> 
> Implement storage quotas.  I'd make the policy known to your users well
> in advance of implementing any solution to this "problem" though.
> Uninformed users are generally upset by unannounced changes being forced
> upon them.
> 
> --
> Stan

[Dovecot] "leave mail on server" workaround

[Kirill Miazine]

Hello,

POP users often keep fetched mail on server, by checking for "leave mail
on server" or similar option in their client.

What would be the best way to disallow them using such approach. That
is, what is the best way to force deletion of messages that have been
RETRieved in a POP session at the end of that POP session?

RETRieved messages will be marked as \Seen, but since users might also
use an IMAP client (e.g. webmail), it'll be dangerous to simply delete
all \Seen messages in user's mailbox.

I'm all open for suggestions.

--
-- Kirill Miazine 

Re: [Dovecot] stripping attachments

[Kirill Miazine]

* Frank Cusack [2010-01-08 15:27]:

there is a windows tool that strips attachments from emails on the
server.  i think it works for exchange.  is there a tool or a way
to do this for imap?


yes, this is doable. e.g. mutt client can delete attachments from
messages stored on imap server. in reality it would get the message,
strip attachments, upload the message witout attachments and delete the
original message with attachments.

i believe mozilla thunderbird also offers a similar option.


i don't mean a mail filter that would strip them before the user sees
them, i mean that the user could actively cooperate to reduce mail
storage space, yet keep the original email on the server sans
attachment.


right. yes, this is done by the approach described before.

or you could use the imapsize tool:

http://www.broobles.com/imapsize/imap-delete-attachments.php

regards,
kirill

--
#!/usr/bin/perl -w
print(&{sub{eval(qq(q(@_)))}}((join(''=>map{ord=~m(1(06|12))?uc:lc}($[=>
map{chr}(97..122))[map{int}grep{length}split(/(\d\d)/,'102119200114152'.
q(008051816051812080103110518))]))=~m(^(Just)(.+)(Perl)(.+)(?#:-)$)),$/)

Re: [Dovecot] A Dovecot Sieve spam filter question.

[Kirill Miazine]

* aja-li...@tni.org [2009-12-30 21:41]:
> On 12/30/2009 08:30 PM, Andrzej Adam Filip wrote:
> > aja-li...@tni.org wrote:
> >> I'd like to make a filtering threshold for users to let them
> >> deal with spamassassin spam-level starred<  8 themselves,
> >> but spam-level starred higher than 8 should be discarded
> --- cut ---
> > Try the following:
> >
> > if header :contains "X-Spam-Level" "*" {
> 
> Thanks,
> I've just tested that with the gtube spam test,
> ( which gives this amount of stars :
> X-Spam-Level: ** )
> 
> and the email ends up in the inbox.

Don't use

  fileinto "discard";

to discard message. You're telling the server to deliver message to
folder "discard" and it can't find it and so deliveres to INBOX.

Try

if header :contains "X-Spam-Level" "*" {
  discard;
  stop;
}

-- Kirill

Re: [Dovecot] Two passwords: One for Dovecot IMAP and One for Dovecot SASL? Is it possible?

[Kirill Miazine]

* Art Gray - Razorpoint [2009-10-14 15:18]:

Greetings,

Can Dovecot can handle separate authentication for receiving mail 
(IMAPS) and sending mail (SMTPS)?  In the past, we used Dovecot IMAP 
for the receiving part and Cyrus SASL for the sending part.  This 
allowed us to use two passwords with mail.  Cyrus has grown too old 
and isn't useful anymore.  Can Dovecot give us this functionality:  
two passwords, one for IMAP authentication and one for SASL 
authentication?


If so, could you point me in the right direction to get this working?


What kind of server software do you use to send out messages? Do you
want to use dovecot as the authentication server with that sending
server? Do you want to allow your users to use both passwords for IMAP
and SMTP or the passwords shall be tied to the particular service?

Please take a look at following pages

http://wiki.dovecot.org/Authentication/MultipleDatabases
http://wiki.dovecot.org/AuthDatabase/SQL
http://wiki.dovecot.org/Variables

Dovecot can use multiple sources for authentication. In your case you
could just have one database for IMAP and one for SMTP. You will see
that there is a variable named %s. It will expand itself to the service
(imap, pop3, smtp).

Good luck.

--
    -- Kirill Miazine 

Re: [Dovecot] pop3-login process

[Kirill Miazine]

Hello!

* ogu...@yahoo.co.jp [2009-10-14 21:47]:

Hi,

I would like to know if the pop3-login process would be
create
more than one while a user connection is established.


I appologize if I don't understand your question correctly:

There will be login_processes_count login processes listening for new
connections. And there will be a new pop3-login process for each new
established user connection until the number of login processes reach
the value defined in login_max_processes_count.


http://wiki.dovecot.org/RunningDovecot


imap-login and pop3-login processes handle new IMAP and
POP3 connections until user has logged in.


I'm sorry to ask you this kind of question...


--
    -- Kirill Miazine 

Re: [Dovecot] [Off-Topic] Dovecot and Maildrop

[Kirill Miazine]

* Darvin Denmian [2009-10-14 12:27]:

Hello,

I need to know : What is the best way to use Postfix (Virtual User on
Mysql) + Dovecot + Maildrop ?

Is there some documentation that you can indicate to me?

Thanks !!


http://wiki.dovecot.org/HowTo
http://wiki.dovecot.org/maildrop

--
-- Kirill Miazine 

Re: [Dovecot] deleting maildir files

[Kirill Miazine]

* Don Russell [2007-07-16 10:23]:

Can we delete maildir files directly from the file system?

[...]

And if we cannot delete files with the 'rm' command, whats the
best/proper way to delete these older files.


My opinion has always been that the data structure should not be replied 
upon if you want to do things with your mail items, then use the 
APIs/imap commands to do it. That protects you from any internal stuff you 
didn't know about, or changed from one server to another, or one version to 
another.


Maildir is a sort of a standard with some sort of an API, isn't it? The
"standard" () says following:

An MUA can read and delete messages while new mail is being
delivered: each message is stored in a separate file with a
unique name, so it isn't affected by operations on other messages.

For example, I have the beginnings of a script to handle my "mail retention 
policies". It connects to Dovecot/imap to get the list of mail for specific 
folders, then uses the imap delete (or copy) API to delete mail older than 
n days, or to keep only the most recent n messages. That sort of thing.


With Maildir it's trivial to do this sort of things with a shell script.

The benefit is my script then doesn't care how Dovecot (or whichever 
server) stores things and if a mailbox changes from mbox to maildir 
format, or similar change.. no worries... my script just doesn't care... it 
always uses the APIs to manipulate mail.


Safe, but admittedly not as fast. I favor reliability over speed in these 
sorts of cases.  :-)


That's a valid point. It's much easier to shoot one's own leg pretty
ugly, when deleting/renaming/whatevert the files in the Maildir
directly. IMAP SEARCH is IMHO a bit easier to understand than find(1).

Best wishes,
Kirill

--
#!/usr/bin/perl -w
print(&{sub{eval(qq(q(@_)))}}((join(''=>map{ord=~m(^106)?uc:lc}($[=>
map{chr}(97..122))[map{int}grep{length}split(/(\d\d)/,'10211920011'.
qq(41520080518190907140120211805))]))=~m(\A(\w{4})(\S+)(s\D+)$)),$/)