Re: last_login LDAP - killed with signal 11 (core dumped)

[Leon Kyneur]

On Wed, Mar 22, 2017, at 01:04 AM, Aki Tuomi wrote:
> 
> On 22.03.2017 10:03, Leon Kyneur wrote:
> > Hi
> >
> > I am trying to configure the last_login plugin with LDAP dictionary
> > which is causing dict service to crash. Not sure if this is a bug or
> > some configuration parameter I'm getting wrong?
> >
> > Running latest dovecot but was having the same problem in earlier
> > version 2.2.25
> >
> > # dovecot --version
> > 2.2.28 (bed8434)
> >
> > I have configured dovecot like so:
> >
> > dovecot.conf (before conf.d/*.conf:
> > dict {
> >   #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
> >   #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
> >   lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext
> > }
> >
> > conf.d/10-master.conf
> > service dict {
> >   # If dict proxy is used, mail processes should have access to its
> >   socket.
> >   # For example: mode=0660, group=vmail and global
> >   mail_access_groups=vmail
> >   unix_listener dict {
> > mode = 0660
> > user = vmail
> > group = vmail
> >   }
> > }
> >
> >
> > conf.d/20-imap.conf:
> > protocol imap {
> >   # Space separated list of plugins to load (default is global
> >   mail_plugins).
> >   mail_plugins = $mail_plugins last_login 
> >
> >   # Maximum number of IMAP connections allowed for a user from each IP
> >   address.
> >   # NOTE: The username is compared case-sensitively.
> >   #mail_max_userip_connections = 10
> > }
> >
> >
> >
> > 90-plugins.conf
> > plugin {
> >   #setting_name = value
> >   #last_login_dict = proxy::lastlogin
> >   last_login_dict = proxy:dict:lastlogin
> >   zlib_save = gz
> >   zlib_save_level = 6
> > }
> >
> >
> > dovecot-ldap-dict.conf.ext:
> > uri = ldap://ldap.internal
> > bind_dn = cn=Manager,dc=mail,dc=com
> > password = 
> > tls = no
> > debug = 1
> >
> > map {
> >   pattern = last-login/$user
> >   filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required
> >   base_dn = o=domains,dc=mail,dc=com 
> >   username_attribute = mail
> >   value_attribute = lastLoginTime
> >   fields {
> > mail=$user
> >   }
> > }
> >
> > I don't see dovecot ever making a connection to the LDAP server I've
> > configured in the dovecot-ldap-dict.conf.ext file. 
> >
> > Log shows
> >
> > ==> /var/log/dovecot.log <==
> > Mar 22 07:49:30 imap-login: Info: Login: user=<l...@mail.com>,
> > method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured,
> > session=
> > Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed
> > with signal 11 (core dumped)
> > Mar 22 07:49:30 imap(l...@mail.com): Error: dict-client: Commit may have
> > failed: Connection closed (reply took 0.015 secs)
> > Mar 22 07:49:30 imap(l...@mail.com): Error: last_login_dict: Write was
> > unconfirmed (timeout or disconnect) for user l...@mail.com
> >
> > Backtrace:
> >  # gdb /var/core/36107 
> > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
> > Copyright (C) 2013 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later
> > <http://gnu.org/licenses/gpl.html>
> > This is free software: you are free to change and redistribute it.
> > There is NO WARRANTY, to the extent permitted by law.  Type "show
> > copying"
> > and "show warranty" for details.
> > This GDB was configured as "x86_64-redhat-linux-gnu".
> > For bug reporting instructions, please see:
> > <http://www.gnu.org/software/gdb/bugs/>...
> > [New LWP 36107]
> > Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from
> > /usr/lib/debug/usr/libexec/dovecot/dict.debug...done.
> > done.
> > Missing separate debuginfo for 
> > Try: yum --enablerepo='*debug*' install
> > /usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > Core was generated by `dovecot/dict'.
> > Program terminated with signal 11, Segmentation fault.
> > #0  0x in ?? ()
> > (gdb) bt full
> > #0  0x in ?? ()
> > No symbol table info available.
> > #1  0x7fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line= > out>) at dict-commands.c:365
> >

last_login LDAP - killed with signal 11 (core dumped)

[Leon Kyneur]

Hi

I am trying to configure the last_login plugin with LDAP dictionary
which is causing dict service to crash. Not sure if this is a bug or
some configuration parameter I'm getting wrong?

Running latest dovecot but was having the same problem in earlier
version 2.2.25

# dovecot --version
2.2.28 (bed8434)

I have configured dovecot like so:

dovecot.conf (before conf.d/*.conf:
dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
  lastlogin = ldap:/etc/dovecot/dovecot-ldap-dict.conf.ext
}

conf.d/10-master.conf
service dict {
  # If dict proxy is used, mail processes should have access to its
  socket.
  # For example: mode=0660, group=vmail and global
  mail_access_groups=vmail
  unix_listener dict {
mode = 0660
user = vmail
group = vmail
  }
}


conf.d/20-imap.conf:
protocol imap {
  # Space separated list of plugins to load (default is global
  mail_plugins).
  mail_plugins = $mail_plugins last_login 

  # Maximum number of IMAP connections allowed for a user from each IP
  address.
  # NOTE: The username is compared case-sensitively.
  #mail_max_userip_connections = 10
}



90-plugins.conf
plugin {
  #setting_name = value
  #last_login_dict = proxy::lastlogin
  last_login_dict = proxy:dict:lastlogin
  zlib_save = gz
  zlib_save_level = 6
}


dovecot-ldap-dict.conf.ext:
uri = ldap://ldap.internal
bind_dn = cn=Manager,dc=mail,dc=com
password = 
tls = no
debug = 1

map {
  pattern = last-login/$user
  filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required
  base_dn = o=domains,dc=mail,dc=com 
  username_attribute = mail
  value_attribute = lastLoginTime
  fields {
mail=$user
  }
}

I don't see dovecot ever making a connection to the LDAP server I've
configured in the dovecot-ldap-dict.conf.ext file. 

Log shows

==> /var/log/dovecot.log <==
Mar 22 07:49:30 imap-login: Info: Login: user=,
method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=36105, secured,
session=
Mar 22 07:49:30 dict: Fatal: master: service(dict): child 36107 killed
with signal 11 (core dumped)
Mar 22 07:49:30 imap(l...@mail.com): Error: dict-client: Commit may have
failed: Connection closed (reply took 0.015 secs)
Mar 22 07:49:30 imap(l...@mail.com): Error: last_login_dict: Write was
unconfirmed (timeout or disconnect) for user l...@mail.com

Backtrace:
 # gdb /var/core/36107 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
...
[New LWP 36107]
Reading symbols from /usr/libexec/dovecot/dict...Reading symbols from
/usr/lib/debug/usr/libexec/dovecot/dict.debug...done.
done.
Missing separate debuginfo for 
Try: yum --enablerepo='*debug*' install
/usr/lib/debug/.build-id/b0/07fede01895dec1aca9d8b8993fe27d70a3a20
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `dovecot/dict'.
Program terminated with signal 11, Segmentation fault.
#0  0x in ?? ()
(gdb) bt full
#0  0x in ?? ()
No symbol table info available.
#1  0x7fbcf11bd04f in cmd_begin (cmd=0x7fbcf2c02910, line=) at dict-commands.c:365
trans = 0x7fbcf2c029a0
id = 1
#2  0x7fbcf11bdef8 in dict_command_input
(conn=conn@entry=0x7fbcf2bf24d0, line=line@entry=0x7fbcf2bf48cb "B1") at
dict-commands.c:625
cmd_func = 0x7fbcf13c85c0 
cmd = 0x7fbcf2c02910
ret = 
#3  0x7fbcf11bc6ee in dict_connection_input_more
(conn=0x7fbcf2bf24d0) at dict-connection.c:117
_data_stack_cur_id = 3
line = 0x7fbcf2bf48cb "B1"
ret = 
#4  0x7fbcf11bc7d2 in dict_connection_input (conn=0x7fbcf2bf24d0) at
dict-connection.c:167
line = 
conn = 0x7fbcf2bf24d0
#5  0x7fbcf0d1b2d2 in io_loop_call_io (io=0x7fbcf2bf2890) at
ioloop.c:599
ioloop = 0x7fbcf2be0740
t_id = 2
__FUNCTION__ = "io_loop_call_io"
#6  0x7fbcf0d1c95f in io_loop_handler_run_internal
(ioloop=ioloop@entry=0x7fbcf2be0740) at ioloop-epoll.c:223
ctx = 0x7fbcf2beded0
events = 
list = 0x7fbcf2bf28f0
io = 
tv = {tv_sec = 2147483, tv_usec = 0}
events_count = 
msecs = 
ret = 1
i = 0
call = 
__FUNCTION__ = "io_loop_handler_run_internal"
#7  0x7fbcf0d1b36c in io_loop_handler_run
(ioloop=ioloop@entry=0x7fbcf2be0740) at ioloop.c:648
No locals.
#8  0x7fbcf0d1b528 in io_loop_run (ioloop=0x7fbcf2be0740) at
ioloop.c:623
__FUNCTION__ = "io_loop_run"
#9  0x7fbcf0ca4603 in 

Re: [2.2.25 auth issue] auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme)

[Leon Kyneur]

I am also seeing this error since updating to 2.2.25. I do believe it's 
only occurring on CRAM-MD5, DIGEST-MD5 and NLTM auth.


# dovecot --version
2.2.25 (7be1766)

Jul 26 02:10:57 auth-worker(11499): Info: 
ldap(username,192.168.10.9,): unknown user - trying 
the next passdb
Jul 26 02:10:57 auth-worker(11499): Info: 
ldap(usern...@notallocated.com.au,192.168.10.9,): 
unknown user
Jul 26 02:10:57 auth: Panic: file auth-request.c: line 1069 
(auth_request_lookup_credentials): assertion failed: 
(request->credentials_scheme == scheme)
Jul 26 02:10:57 auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d52e) [0x7f8cf859752e] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d60e) [0x7f8cf859760e] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8cf85361b6] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x1a3aa) [0x7f8cf8c5d3aa] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x2714f) [0x7f8cf8c6a14f] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x19f2b) [0x7f8cf8c5cf2b] -> 
dovecot/auth [1 wait, 0 passdb, 0 
userdb](auth_request_lookup_credentials_callback+0x73) [0x7f8cf8c5d033] 
-> dovecot/auth [1 wait, 0 passdb, 0 
userdb](passdb_handle_credentials+0x92) [0x7f8cf8c6d902] -> dovecot/auth 
[1 wait, 0 passdb, 0 userdb](+0x2b106) [0x7f8cf8c6e106] -> dovecot/auth 
[1 wait, 0 passdb, 0 userdb](+0x2081a) [0x7f8cf8c6381a] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7f8cf85aae8c] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) 
[0x7f8cf85ac2ef] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7f8cf85aaf15] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f8cf85ab0c8] -> 
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f8cf853c613] -> dovecot/auth [1 wait, 0 passdb, 0 
userdb](main+0x3a1) [0x7f8cf8c52be1] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f8cf7b1fb15] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0xfdd1) [0x7f8cf8c52dd1]
Jul 26 02:10:57 auth: Fatal: master: service(auth): child 11496 killed 
with signal 6 (core dumped)
Jul 26 02:10:57 pop3-login: Warning: Auth connection closed with 1 
pending requests (max 0 secs, pid=11488, EOF)
Jul 26 02:10:58 auth-worker(11505): Info: 
ldap(usern...@domain.com,192.168.10.9,): unknown user  
- trying the next passdb
Jul 26 02:10:58 auth: Info: 
passwd-file(usern...@domain.com,192.168.10.9,): 
unknown user  - trying the next passdb
Jul 26 02:10:58 pop3-login: Info: proxy(usern...@domain.com): started 
proxying to mailstore03.service.int.oss-core.com:110: 
user=, method=DIGEST-MD5, rip=192.168.10.9, 
lip=203.134.11.19, session=, 
orig_user=
Jul 26 02:10:58 pop3-login: Info: proxy(usern...@domain.com): 
disconnecting 192.168.10.9 (Disconnected by server(0s idle, in=139, 
out=4767)): user=, method=DIGEST-MD5, 
rip=192.168.10.9, lip=203.134.11.19, session=, 
orig_user=



# gdb /usr/libexec/dovecot/auth 
core-auth-sig6-user97-group97-pid11496-time1469499057

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/libexec/dovecot/auth...Reading symbols from 
/usr/lib/debug/usr/libexec/dovecot/auth.debug...done.

done.
[New LWP 11496]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `dovecot/auth'.
Program terminated with signal 6, Aborted.
#0  0x7f8cf7b335f7 in __GI_raise (sig=sig@entry=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:56

56  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt full
#0  0x7f8cf7b335f7 in __GI_raise (sig=sig@entry=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:56

resultvar = 0
pid = 11496
selftid = 11496
#1  0x7f8cf7b34ce8 in __GI_abort () at abort.c:90
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 
0x1}, sa_mask = {__val = {31457280, 140727725664896, 140727725664888, 
140243452896936, 140243438753907, 140243445984576, 140243452896936, 513, 
6889173324748996864,
  140727725665136, 140243438919218, 140243452896936, 
140727725665024, 0, 140243438919321, 140243452896936}}, sa_flags = 
-128374774, sa_restorer = 0x7ffdba192b01}

sigs = {__val = {32, 0 }}
#2  0x7f8cf8597526 in default_fatal_finish (type=, 
status=status@entry=0) at failures.c:201
backtrace = 0x7f8cf93126e0 
"/usr/lib64/dovecot/libdovecot.so.0(+0x8d52e) [0x7f8cf859752e] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d60e) 

dovecot --version tarball

[Leon Kyneur]

Hi,

Trying to understand what the version numbers mean. I typically build 
from the stable tarball and then apply patches as needed.. however since 
2.2.25 this hasn't been working (not sure if it worked before or never 
really looked closely TBH).


http://dovecot.org/releases/2.2/dovecot-2.2.25.tar.gz - shows GITID 
7be1766 however it has commits / changes newer than this.


Also the github tag for 2.2.25 is c1527e5 which doesn't match the source 
tarball as well.


Should the source tarball and git commit hash be related?

Thanks

Leon

Re: Panic: file mdbox-save.c: line 337: unreached

[Leon Kyneur]

Thanks Timo

I will apply this patch and let you know if I encounter any more issues.

On 11/07/16 17:09, Timo Sirainen wrote:

On 10 Jul 2016, at 17:44, Leon Kyneur <l...@f-m.fm> wrote:

Recently updated to 2.2.25. Noticed a migration script I've been previously 
running fine started giving me the errors below.

Remove server doesn't log any failure. doveconf -n attached.

+ /bin/doveadm -o mail_fsync=never backup -R -u u...@domain.com imapc:
dsync(u...@domain.com): Panic: file mdbox-save.c: line 337: unreached

Thanks, fixed: 
https://github.com/dovecot/core/commit/3aae8844765b1d74d847e8e37daa135ac7035e6b

Panic: file mdbox-save.c: line 337: unreached

[Leon Kyneur]

Recently updated to 2.2.25. Noticed a migration script I've been 
previously running fine started giving me the errors below.


Remove server doesn't log any failure. doveconf -n attached.

+ /bin/doveadm -o mail_fsync=never backup -R -u u...@domain.com imapc:
dsync(u...@domain.com): Panic: file mdbox-save.c: line 337: unreached
dsync(u...@domain.com): Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d52e) [0x7f58e6da052e] -> 
/usr/lib64/dovecot/libdovecot.so.0(default_fatal_ha
ndler+0x2a) [0x7f58e6da059a] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f58e6d3f1b6] -> 
/usr/lib64/dovecot/libdovecot-storage.so.0(+0x5b157) [0x7f58e7080157]
-> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xbfdbf) [0x7f58e70e4dbf] 
-> 
/usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9d) 
[0x7f58e
710043d] -> 
/usr/lib64/dovecot/libdovecot-storage.so.0(index_transaction_commit+0x107) 
[0x7f58e70e5337] -> /usr/lib64/dovecot/lib20_zlib_plugin.so(+0x3163) 
[0x7f58e5f29
163] -> /usr/lib64/dovecot/lib10_quota_plugin.so(+0xc703) 
[0x7f58e613d703] -> 
/usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x51) 
[0
x7f58e7069631] -> /bin/doveadm [u...@domain.com INBOX 
import:650/674](dsync_mailbox_import_deinit+0xf8) [0x7f58e7a12898] -> 
/bin/doveadm [u...@domain.com IN
BOX import:650/674](+0x41bbf) [0x7f58e7a0cbbf] -> /bin/doveadm 
[u...@domain.com INBOX import:650/674](dsync_brain_sync_mails+0x723) 
[0x7f58e7a0d433] -> /bin/dovea
dm [u...@domain.com INBOX import:650/674](dsync_brain_run+0x5f8) 
[0x7f58e7a08c78] -> /bin/doveadm [u...@domain.com INBOX 
import:650/674](+0x27521) [0x7f58e7
9f2521] -> /bin/doveadm [u...@domain.com INBOX import:650/674](+0x2929f) 
[0x7f58e79f429f] -> /bin/doveadm [u...@domain.com INBOX 
import:650/674](+0x29d8d) [0x7f58e79f4d8d] -> /bin/doveadm 
[u...@domain.com INBOX import:650/674](doveadm_mail_try_run+0x215) 
[0x7f58e79f56f5] -> /bin/doveadm [u...@domain.com INBOX 
import:650/674](main+0x455) [0x7f58e79e57f5] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f58e6973b15] -> 
/bin/doveadm [u...@domain.com INBOX import:650/674](+0x1a96d) 
[0x7f58e79e596d]
/root/migrate_code/migrate_mailbox_eftel.sh: line 31: 48637 
Aborted /bin/doveadm -o mail_fsync=never backup -R -u 
$USERNAME imapc:

+ RETCODE=134

Regards

Leon
# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.15 (97b3da0)
# OS: Linux 3.10.0-327.4.5.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 
(Core)  
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&+
debug_log_path = /var/log/dovecot-debug.log
imapc_features = rfc822.size fetch-headers fetch-fix-broken-mails
imapc_host = 192.168.90.4
imapc_master_user = migrate
imapc_password =  # hidden, use -P to show it
imapc_user = %u
lmtp_proxy = yes
log_path = /var/log/dovecot.log
login_trusted_networks = 192.168.10.0/24
mail_gid = vmail
mail_location = mdbox:%h/mdbox:ALT=/altstorage%h/mdbox
mail_plugins = quota zlib
mail_prefetch_count = 50
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
mdbox_rotate_size = 10 M
namespace {
  hidden = yes
  list = no
  location = pop3c:
  prefix = POP3-MIGRATION-NS/
}
namespace inbox {
  inbox = yes
  location = 
  mailbox "Deleted Messages" {
auto = no
autoexpunge = 90 days
special_use = \Trash
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
autoexpunge = 90 days
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Spam {
auto = no
autoexpunge = 90 days
special_use = \Junk
  }
  mailbox Trash {
autoexpunge = 90 days
special_use = \Trash
  }
  prefix = 
  separator = /
}
passdb {
  args = /etc/dovecot/dovecot-ldap-old.conf.ext
  driver = ldap
  result_failure = continue-fail
  result_internalfail = continue-fail
  result_success = continue-ok
  skip = authenticated
}
passdb {
  args = /etc/dovecot/dovecot-ldap-new.conf.ext
  driver = ldap
  result_failure = return-fail
  result_internalfail = return-fail
  result_success = continue-ok
  skip = authenticated
}
plugin {
  pop3_migration_ignore_missing_uidls = yes
  pop3_migration_mailbox = POP3-MIGRATION-NS/INBOX
  quota = dict:User quota:noenforcing:file:%h/dovecot-quota
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.5.2 Mailbox is full
  quota_status_success = DUNNO
  quota_warning = storage=99%% quota-warning 99 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=80%% quota-warning 80 %u
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/default.sieve
  stats_refresh = 60 secs
  

Re: Raw backtrace multiple passwords not allowed

[Leon Kyneur]

You sure you're not returning multiple password attributes from LDAP?

Aki


pass_attrs   =  'mail=user, userPlaintextPassword=password_noscheme, 
=proxy=y, =pass=%{ldap:userPlaintextPassword}, =host=%{ldap:mailstoreHost}'


I am returning the same password attribute into different fields :
password_noscheme - to auth the user
pass = to send plaintext password to backend

This is the only workable solution I could muster to terminate encrypted 
passwords on the proxy layer.

Re: Raw backtrace multiple passwords not allowed

[Leon Kyneur]

This turned into quite a large problem for me but think I have resolved it.

After toying this a few settings I ended up (out of sheer desperation)
setting "blocking = yes" in my LDAP configuration.

Is this a logical thing to do? I couldn't find much on it other than i'm 
guessing queries are no long async.


I don't really see the downside given the upside is auth is not crashing 
and causing password prompts for all my customers...


On 09/07/16 15:26, Leon Kyneur wrote:

Hi

Recently enabled support for encrypted passwords on my proxies - 
CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most 
users are working perfectly though every so often I see this happening 
in the logs:


Jul 09 06:32:51 auth: Error: 
ldap(u...@domain.com,192.168.10.90,): Multiple 
password values not supported
Jul 09 06:32:51 auth: Panic: file passdb-ldap.c: line 99 
(ldap_lookup_finish): assertion failed: (password == NULL || scheme != 
NULL)
Jul 09 06:32:51 auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x86aae) [0x7ff4db08faae] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x86b8e) [0x7ff4db08fb8e] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff4db033b5d] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7ff4d967a20b] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7ff4d9678e2f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7ff4db0a338c] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) 
[0x7ff4db0a47ef] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7ff4db0a3415] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ff4db0a35c8] 
-> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7ff4db03a033] -> dovecot/auth [13 wait, 1 passdb, 0 
userdb](main+0x39c) [0x7ff4db5454ac] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7ff4da61fb15] -> 
dovecot/auth [13 wait, 1 passdb, 0 userdb](+0xf6a1) [0x7ff4db5456a1]
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 0 secs, pid=8759, EOF)
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 1 secs, pid=8764, EOF)


Password debug shows:
Jul 09 06:38:25 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): Credentials: 
4b616e6761733138
Jul 09 06:38:27 auth: Debug: client passdb out: FAIL2541 
user=u...@domain.compass=NotPasswordoriginal_user=user
Jul 09 06:38:37 auth: Debug: 
passwd-file(tassiedevil,192.168.10.90,): username 
changed user -> u...@domain.com
Jul 09 06:38:37 auth: Debug: 
passwd-file(u...@domain.com,192.168.10.90,): 
Allowing any password
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): pass search: 
base=o=domains,dc=mail,dc=com scope=subtree 
filter=(&(objectClass=mail)(status=active)(|(|(mail=u...@domain.com)(&(uid=u...@domain.com)))(&(enabledService=shadowaddress)(shadowAddress 
u...@domain.com 
fields=mail,userPlaintextPassword,userPlaintextPassword,mailstoreHost
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; 
mail,userPlaintextPassword unused
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; mailstoreHost 
missing
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): PLAIN( Jenni) 
!= 'NotPassword'
Jul 09 06:38:39 auth: Debug: client passdb out: FAIL2826 
user=u...@domain.comoriginal_user=user



This particular user has a space in their password.. some other users 
do not when seeing this error.


I run multiple passdb and config is:
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy-alias.conf.ext
  default_fields = nopassword=y password=
  driver = ldap
  result_failure = continue-fail
  result_internalfail = continue-fail
  result_success = continue-ok
}
passdb {
  args = scheme=plain username_format=%l@%d /etc/dovecot/passwd.domains
  default_fields = nopassword=y password=
  driver = passwd-file
  result_success = continue-fail
}
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy.conf.ext
  driver = ldap
}

 LDAP passdb specifies 'PLAIN' as default_pass_scheme.

[root@S605 dovecot]# dovecot --version
2.2.24 (a82c823)

Any ideas what's going on here?

Raw backtrace multiple passwords not allowed

[Leon Kyneur]

Hi

Recently enabled support for encrypted passwords on my proxies - 
CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most 
users are working perfectly though every so often I see this happening 
in the logs:


Jul 09 06:32:51 auth: Error: 
ldap(u...@domain.com,192.168.10.90,): Multiple 
password values not supported
Jul 09 06:32:51 auth: Panic: file passdb-ldap.c: line 99 
(ldap_lookup_finish): assertion failed: (password == NULL || scheme != NULL)
Jul 09 06:32:51 auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x86aae) [0x7ff4db08faae] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x86b8e) [0x7ff4db08fb8e] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff4db033b5d] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7ff4d967a20b] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7ff4d9678e2f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7ff4db0a338c] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) 
[0x7ff4db0a47ef] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7ff4db0a3415] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7ff4db0a35c8] -> 
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7ff4db03a033] -> dovecot/auth [13 wait, 1 passdb, 0 
userdb](main+0x39c) [0x7ff4db5454ac] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7ff4da61fb15] -> 
dovecot/auth [13 wait, 1 passdb, 0 userdb](+0xf6a1) [0x7ff4db5456a1]
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 0 secs, pid=8759, EOF)
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 1 secs, pid=8764, EOF)


Password debug shows:
Jul 09 06:38:25 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): Credentials: 
4b616e6761733138
Jul 09 06:38:27 auth: Debug: client passdb out: FAIL2541 
user=u...@domain.compass=NotPasswordoriginal_user=user
Jul 09 06:38:37 auth: Debug: 
passwd-file(tassiedevil,192.168.10.90,): username 
changed user -> u...@domain.com
Jul 09 06:38:37 auth: Debug: 
passwd-file(u...@domain.com,192.168.10.90,): Allowing 
any password
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): pass search: 
base=o=domains,dc=mail,dc=com scope=subtree 
filter=(&(objectClass=mail)(status=active)(|(|(mail=u...@domain.com)(&(uid=u...@domain.com)))(&(enabledService=shadowaddress)(shadowAddress 
u...@domain.com 
fields=mail,userPlaintextPassword,userPlaintextPassword,mailstoreHost
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; 
mail,userPlaintextPassword unused
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; mailstoreHost 
missing
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): PLAIN( Jenni) != 
'NotPassword'
Jul 09 06:38:39 auth: Debug: client passdb out: FAIL2826 
user=u...@domain.comoriginal_user=user



This particular user has a space in their password.. some other users do 
not when seeing this error.


I run multiple passdb and config is:
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy-alias.conf.ext
  default_fields = nopassword=y password=
  driver = ldap
  result_failure = continue-fail
  result_internalfail = continue-fail
  result_success = continue-ok
}
passdb {
  args = scheme=plain username_format=%l@%d /etc/dovecot/passwd.domains
  default_fields = nopassword=y password=
  driver = passwd-file
  result_success = continue-fail
}
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy.conf.ext
  driver = ldap
}

 LDAP passdb specifies 'PLAIN' as default_pass_scheme.

[root@S605 dovecot]# dovecot --version
2.2.24 (a82c823)

Any ideas what's going on here?

Re: v2.2.25 release candidate released

[Leon Kyneur]

Hi Timo,

Testing now and noticed the following error on a POP user:

Jul 01 12:50:08 pop3-login: Info: Login: user=, 
method=PLAIN, rip=192.168.4.145, lip=10.0.0.4, mpid=52302, secured, 
session=<+lRmC4o2yubLhgGR>
Jul 01 12:50:08 pop3(u...@domain.com): Info: Disconnected: Logged out 
top=0/0, retr=0/0, del=0/327, size=2856127, uidls=327/0b11428c
Jul 01 12:50:08 pop3(u...@domain.com): Error: Failed to autoexpunge 
mailbox 'Junk': Mailbox doesn't exist: Junk
Jul 01 12:50:08 pop3(u...@domain.com): Error: Failed to autoexpunge 
mailbox 'Trash': Mailbox doesn't exist: Trash


For a long time I have been using "autoexpunge = 90 days" setting in 
these mailboxes without error - is this now expected? Should I enable 
"auto = create" to resolve this?


Global namespace configuration is:
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
autoexpunge = 90 days
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Trash {
autoexpunge = 90 days
special_use = \Trash
  }
  prefix =
  separator = /
}


Regards

Leon

On 30/06/16 20:49, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/rc/dovecot-2.2.25.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.25.rc1.tar.gz.sig

Quite a lot of changes. Please test out before the final v2.2.25 release, which 
I'm planning for tomorrow. Especially the new lib-dcrypt might have compiling 
problems with some OpenSSL versions.

* lmtp: Start tracking lmtp_user_concurrency_limit and reject already
  at RCPT TO stage. This avoids MTA unnecessarily completing DATA only
  to get an error.
* doveadm: Previously only mail settings were read from protocol
  doveadm { .. } section. Now all settings are.

+ quota: Added quota_over_flag_lazy_check setting. It avoids checking
  quota_over_flag always at startup. Instead it's checked only when
  quota is being read for some other purpose.
+ auth: Added a new auth policy service:
  http://wiki2.dovecot.org/Authentication/Policy
+ auth: Added PBKDF2 password scheme
+ auth: Added %{auth_user}, %{auth_username} and %{auth_domain}
+ auth: Added ":remove" suffix to extra field names to remove them.
+ auth: Added "delay_until=[+]" passdb
  extra field. The auth will wait until  and optionally some
  randomness and then return success.
+ dict proxy: Added idle_msecs= parameter. Support async operations.
+ Performance improvements for handling large mailboxes.
+ Added lib-dcrypt API for providing cryptographic functions.
+ Added "doveadm mailbox update" command
+ imap commands' output now includes timing spent on the "syncing"
  stage if it's larger than 0.
+ cassandra: Added metrics= to connect setting to output internal
  statistics in JSON format every second to .
+ doveadm mailbox delete: Added -e parameter to delete only empty
  mailboxes. Added --unsafe option to quickly delete a mailbox,
  bypassing lazy_expunge and quota plugins.
+ doveadm user & auth cache flush are now available via doveadm-server.
+ doveadm service stop  will stop specified services while
  leaving the rest of Dovecot running.
+ quota optimization: Avoid reading mail sizes for backends which
  don't need them (count, fs, dirsize)
+ Added mailbox { autoexpunge_max_mails= } setting.
+ Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome
+ fts: Added fts_autoindex_exclude setting.
- v2.2.24's MIME parser was assert-crashing on mails having truncated
  MIME headers.
- auth: With multiple userdbs the final success/failure result wasn't
  always correct. The last userdb's result was always used.
- doveadm backup was sometimes deleting entire mailboxes unnecessarily.
- doveadm: Command -parameters weren't being sent to doveadm-server.
- If dovecot.index read failed e.g. because mmap() reached VSZ limit,
  an empty index could have been opened instead, corrupting the
  mailbox state.
- imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq.
- lazy-expunge: Fixed a crash when copying failed. Various other fixes.
- fts-lucene: Fixed crash on index rescan.
- auth_stats=yes produced broken output
- dict-ldap: Various fixes
- dict-sql: NULL values crashed. Now they're treated as "not found".

Re: Double variable expansion / multiple password mechanisms

[Leon Kyneur]

On 14/06/16 23:15, Karsten Heiken wrote:

Hi Leon,


You should be able to add multiple userPassword attributes to your directory:

userPassword: {CRAM-MD5}xxx
userPassword: {DIGEST-MD5}
userPassword: {SCRAM-SHA-1}
userPassword: {NTLM}

Did try this, didn't end end well.

Jun 14 12:59:43 auth: Error: 
ldap(leonkyn...@itest.com,192.168.99.3,): Multiple password 
values not supported
[...]

Huh. You're right, I'm sorry.

A few days ago I tried just that - adding a second userPassword to my LDAP and 
got this result:

dovecot: auth: Warning: ldap(x,127.0.0.1,): Multiple values 
found for 'password', using value '{SSHA}yaddayadda'

Turns out there is still only one password tried, not all of them - which was 
working as intended on this occasion.

But have you tried to authenticate using auth_bind? Maybe that is possible with 
your LDAP setup.
If you were using auth_bind = yes, then Dovecot shouldn't care about the 
passwords stored in LDAP.

http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds

This of course only works for passdb lookups.


Auth bind wont work here as if they auth with encrypted password it 
can't bind to ldap with it. and get a lot of these:


auth: Info: ldap(leonkyneur,192.168.99.3,<7Rr1lj41tJzLhgGR>): Requested 
DIGEST-MD5 scheme, but we have a NULL password

Re: Double variable expansion / multiple password mechanisms

[Leon Kyneur]

Hi Karsten,

You should be able to add multiple userPassword attributes to your directory:

userPassword: {CRAM-MD5}xxx
userPassword: {DIGEST-MD5}
userPassword: {SCRAM-SHA-1}
userPassword: {NTLM}


Karsten

Did try this, didn't end end well.

Jun 14 12:59:43 auth: Error: 
ldap(leonkyn...@itest.com,192.168.99.3,): Multiple 
password values not supported
Jun 14 12:59:43 auth: Panic: file passdb-ldap.c: line 99 
(ldap_lookup_finish): assertion failed: (password == NULL || scheme != NULL)
Jun 14 12:59:43 auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x8699e) [0x7f0233cd499e] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x86a7e) [0x7f0233cd4a7e] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f0233c78b3d] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7f022f4f020b] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7f022f4eee2f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7f0233ce821c] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) 
[0x7f0233ce967f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7f0233ce82a5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f0233ce8458] -> 
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7f0233c7f013] -> dovecot/auth [0 wait, 1 passdb, 0 
userdb](main+0x39c) [0x7f023418a46c] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f0233264b15] -> 
dovecot/auth [0 wait, 1 passdb, 0 userdb](+0xf661) [0x7f023418a661]
Jun 14 12:59:43 auth: Fatal: master: service(auth): child 48169 killed 
with signal 6 (core dumps disabled)
Jun 14 12:59:43 imap-login: Warning: Auth connection closed with 1 
pending requests (max 0 secs, pid=48164, EOF)

Double variable expansion / multiple password mechanisms

[Leon Kyneur]

Hi,

Trying to solve the problem of supporting multiple auth mechanisms + 
proxy and really don't want to store user passwords in plain test and 
fine to do master user to backend.


I had the crazy thought I could do something like the following:

For each user Store supported password schemes as LDAP attributes:
userPasswordCRAM-MD5: {CRAM-MD5}xxx
userPasswordDIGEST-MD5: {DIGEST-MD5}
userPasswordSCRAM: {SCRAM-SHA-1}
userPasswordNTLM: {NTLM}

then:
=password=%{ldap:userPassword%m} <- Though this doesn't work.. just 
wondering if it could possibly work or if I should give up on this crazy 
idea :)


Thanks

Leon

Re: autoexpunge wildcard mailbox from userdb

[Leon Kyneur]

On 02/05/16 21:43, Timo Sirainen wrote:

On 02 May 2016, at 16:40, Leon Kyneur <l...@f-m.fm> wrote:



On 02/05/16 16:51, Timo Sirainen wrote:

On 02 May 2016, at 03:47, Leon Kyneur <l...@f-m.fm> wrote:

Was excited to see that wildcards are now possible on autoexpunge in the 2.2.24 
release.

However I'm trying to configure these from the userdb lookup and it doesn't 
appear to be working.

if I set in 15-mailboxes.conf
mailbox Trash/* {
...
   autoexpunge = 10m
}

everything works..

however if I return

=namespace/inbox/mailbox/Trash/*/autoexpunge=10m

Using "/" in the namespace name conflicts with the "/" separator, so it needs to be escaped. You can use 
"doveconf -n -S" to find out what the escaping needs to look like ("/" = "\s").


Thanks Timo - that's what I was missing.

Another thing - will it ever be possible to wildcard *all* mailboxes?

My setup doesn't specify prefix = INBOX/ on "namespace inbox"... without 
knowing all of the root mailboxes users have created is it possible to autoexpunge these?

This obviously does not work
=namespace/inbox/mailbox/\s*/autoexpunge=90d

Why? I would expect mailbox * { autoexpunge } to work.



Ahh it does! my syntax was just off..

Thanks again Timo!

Re: autoexpunge wildcard mailbox from userdb

[Leon Kyneur]

On 02/05/16 16:51, Timo Sirainen wrote:

On 02 May 2016, at 03:47, Leon Kyneur <l...@f-m.fm> wrote:

Was excited to see that wildcards are now possible on autoexpunge in the 2.2.24 
release.

However I'm trying to configure these from the userdb lookup and it doesn't 
appear to be working.

if I set in 15-mailboxes.conf
mailbox Trash/* {
...
   autoexpunge = 10m
}

everything works..

however if I return

=namespace/inbox/mailbox/Trash/*/autoexpunge=10m

Using "/" in the namespace name conflicts with the "/" separator, so it needs to be escaped. You can use 
"doveconf -n -S" to find out what the escaping needs to look like ("/" = "\s").



Thanks Timo - that's what I was missing.

Another thing - will it ever be possible to wildcard *all* mailboxes?

My setup doesn't specify prefix = INBOX/ on "namespace inbox"... without 
knowing all of the root mailboxes users have created is it possible to 
autoexpunge these?


This obviously does not work
=namespace/inbox/mailbox/\s*/autoexpunge=90d

autoexpunge wildcard mailbox from userdb

[Leon Kyneur]

Was excited to see that wildcards are now possible on autoexpunge in the 
2.2.24 release.


However I'm trying to configure these from the userdb lookup and it 
doesn't appear to be working.


if I set in 15-mailboxes.conf
mailbox Trash/* {
...
   autoexpunge = 10m
}

everything works..

however if I return

=namespace/inbox/mailbox/Trash/*/autoexpunge=10m

via userdb - it does not.


Logs say:


Debug: Unknown userdb setting: 
plugin/namespace/inbox/mailbox/Trash/*/autoexpunge=10m



Is what I am trying to do even possible?

Thanks

Leon

Re: v2.2.23 released

[Leon Kyneur]

2.2.23 seems to have broken doveadm backup, was previously working fine 
on 2.2.22


[root@S613 lkyneur]# doveadm -v backup -u em.mck ...
doveadm(root): Error: User doesn't exist


[root@S613 lkyneur]# doveadm user em.mck
field   value
uid vmail
gid vmail
home/srv/vmail/eftel/xxx.com/20032218/em.mck
mail 
mdbox:/srv/vmail/eftel/xxx.com/20032218/em.mck/mdbox:ALT=/altstorage/srv/vmail/eftel/xxx.com/20032218/em.mck/mdbox

quota_rule  *:bytes=500M


On 30/03/16 23:48, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/dovecot-2.2.23.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.23.tar.gz.sig

This is a bugfix-only release with various important fixes on top of v2.2.22.

  - Various fixes to doveadm. Especially running commands via
doveadm-server was broken.
  - director: Fixed user weakness getting stuck in some situations
  - director: Fixed a situation where directors keep re-sending
different states to each others and never becoming synced.
  - director: Fixed assert-crash related to a slow "user killed" reply
  - Fixed assert-crash related to istream-concat, which could have
been triggered at least by a Sieve script.

where is pop3_migration_ignore_missing_uidls=yes set?

[Leon Kyneur]

While doing pop3 migrations with dsync I am getting an error:

dsync(u...@domain.net): Error: pop3_migration: 2 POP3 messages have no 
matching IMAP messages (first POP3 msg 2638 UIDL 
fb3d6f3299541e695a28585f5803ed1c) - set 
pop3_migration_ignore_missing_uidls=yes to continue anyway
dsync(u...@domain.net): Error: Exporting mailbox INBOX failed: Can't 
lookup pop3-uidl for UID=3252: POP3 UIDLs couldn't be synced


Can't see this is doveconf -a so it's not a setting? - tried configuring 
it as a plugin setting but that didn't work...


Where is the correct place to set this?

TIA

Re: Automatically inferring %d on multi-domain virtual install ?

[Leon Kyneur]

On 22/02/16 18:56, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 21 Feb 2016, Leon Kyneur wrote:


Date: Sun, 21 Feb 2016 10:51:21 +
From: Leon Kyneur <l...@dexterous.org>
To: Dovecot Mailing List <dovecot@dovecot.org>, Timo Sirainen 
<t...@iki.fi>
Subject: Re: Automatically inferring %d on multi-domain virtual 
install ?


very intrigued by your solution Timo, have attempted something 
similar in

the past to no avail.

When I tried I was unable to retain the user@domain when setting the 
domain
as extra field - protected is new to me and can't find documentation 
- but

also doesn't work :(

# cat passwd.domains
10.100.1.1:::domain:protected=foo.org
10.100.1.2:::domain:protected=bar.org

# cat imap.passwd
u...@bar.org:{plain}password::
u...@foo.org:{plain}password::

dovecot.conf:

passdb {
   args = username_format=%l /etc/dovecot/passwd.domains


What, if you use:

args = username_format=%l@%d /etc/dovecot/passwd.domains
and:

10.100.1.1@:::domain:protected=foo.org
in the file 



This works! Thankyou, this is a little simpler than my current fix which 
relies on SQL to make this work, and a series of %{domain_first} in 
later passdbs to ensure the right domain is being checked (it's ugly, 
believe me).


I still do not understand what 'protected' does though?





   default_fields = nopassword=y
   driver = passwd-file
   result_success = continue
}

passdb {
   args = scheme=plain-md5 username_format=%u /etc/dovecot/imap.passwd
   driver = passwd-file
}

1. user without domain localip 10.100.1.1 - adds foo.org:
# doveadm auth lookup -x lip=10.100.1.1 user
passdb: user
   user : u...@foo.org

2. user without domain localip 10.100.1.2 - adds bar.org
# doveadm auth lookup -x lip=10.100.1.2 user
passdb: user
   user : u...@bar.org

3. user WITH domain bar.org on localip 10.100.1.1 - still adds 
foo.org???

# doveadm auth lookup -x lip=10.100.1.1 u...@bar.org
passdb: u...@bar.org
   user : u...@foo.org

Is the protected suffix supposed protect domain and not change it here?


On Sun, Feb 21, 2016 at 1:20 PM Timo Sirainen <t...@iki.fi> wrote:


How about:

passdb {
  driver = passwd-file
  args = username_format=%l /etc/dovecot/passwd.domains
  result_success = continue
}

passdb {
  .. the real passdb for authentication ..
}

Where /etc/dovecot/passwd.domains contains:

10.0.0.100:domain=foo.org
10.0.0.101:domain=bar.org

So the first passdb lookup would set the domain based on IP and then
continue for the actual authentication. Or if you don't want it to 
override

an explicit user@domain authentication, this should also work:

10.0.0.100:domain:protected=foo.org
10.0.0.101:domain:protected=bar.org

Not tested, but should work I think. At least with new enough Dovecot
versions.


On 19 Feb 2016, at 23:10, Gabriel L. Somlo <gso...@gmail.com> wrote:

On Fri, Feb 19, 2016 at 08:41:15AM +0100, Steffen Kaiser wrote:
I'm trying to allow domain-less logins for a multi-domain virtual 
IMAP
server, and wondering if I can automatically infer the domain 
(value of
variable %d) from the local IP (%l) or the hostname used by the 
client

when connecting to my server.

Let's say I have two host names: mail.foo.org (10.0.0.100) and
mail.bar.com (10.0.0.200), with forward and reverse DNS 
configured to

resolve A and PTR records in either direction.

Let's also say I have 10.0.0.100 and 10.0.0.200 set up as 
secondaries

on my server's loopback interface, and routing is set up to bring

client

traffic to me for both of those IP addresses.


Hm, it should be possible like so:

1) keep the file you have now as 2nd passdb, in order to let your 
users

login like now from anywhere


us...@foo.org:{PLAIN}user1foo


2) from this file create another passwd-file with ExtraField via 
script

/

cron jobs, that defines

user1@10.0.0.100:{PLAIN}user1foo:user=us...@foo.org

see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields

Maybe allow_nets could limit the clients further.

Then add another passdb section pointing to that file using
username_format=%n@%l

http://wiki2.dovecot.org/AuthDatabase/PasswdFile

That will map domain-less logins to full mail addresses, which in 
turn

sets

%d, too.


That *almost* worked :)

I now have

 passdb {
   driver = passwd-file
   args = username_format=%n@%l /var/lib/topgen/etc/postfix/users
 }

pointing to a "users" file with entries such as

  user1@10.0.0.100:{PLAIN}user1foo:user=us...@foo.org

The only trouble is, %d does not get set; I get new "user1" and
"user2" folders created directly under /var/lib/vmail/, which
indicates the %d portion is equal to the empty string.

I also tried

  user1@111.0.10.10:{PLAIN}tartans1:domain=foo.org

which the PasswordDatabase wiki page says should override %d, but
still no luck...

Thanks for the pointer though, now that I read the relevant bits of
documentation it feels like I'm really close

Re: Automatically inferring %d on multi-domain virtual install ?

[Leon Kyneur]

very intrigued by your solution Timo, have attempted something similar in
the past to no avail.

When I tried I was unable to retain the user@domain when setting the domain
as extra field - protected is new to me and can't find documentation - but
also doesn't work :(

# cat passwd.domains
10.100.1.1:::domain:protected=foo.org
10.100.1.2:::domain:protected=bar.org

# cat imap.passwd
u...@bar.org:{plain}password::
u...@foo.org:{plain}password::

dovecot.conf:

passdb {
args = username_format=%l /etc/dovecot/passwd.domains
default_fields = nopassword=y
driver = passwd-file
result_success = continue
}

passdb {
args = scheme=plain-md5 username_format=%u /etc/dovecot/imap.passwd
driver = passwd-file
}

1. user without domain localip 10.100.1.1 - adds foo.org:
# doveadm auth lookup -x lip=10.100.1.1 user
passdb: user
user : u...@foo.org

2. user without domain localip 10.100.1.2 - adds bar.org
# doveadm auth lookup -x lip=10.100.1.2 user
passdb: user
user : u...@bar.org

3. user WITH domain bar.org on localip 10.100.1.1 - still adds foo.org???
# doveadm auth lookup -x lip=10.100.1.1 u...@bar.org
passdb: u...@bar.org
user : u...@foo.org

Is the protected suffix supposed protect domain and not change it here?


On Sun, Feb 21, 2016 at 1:20 PM Timo Sirainen  wrote:

> How about:
>
> passdb {
>   driver = passwd-file
>   args = username_format=%l /etc/dovecot/passwd.domains
>   result_success = continue
> }
>
> passdb {
>   .. the real passdb for authentication ..
> }
>
> Where /etc/dovecot/passwd.domains contains:
>
> 10.0.0.100:domain=foo.org
> 10.0.0.101:domain=bar.org
>
> So the first passdb lookup would set the domain based on IP and then
> continue for the actual authentication. Or if you don't want it to override
> an explicit user@domain authentication, this should also work:
>
> 10.0.0.100:domain:protected=foo.org
> 10.0.0.101:domain:protected=bar.org
>
> Not tested, but should work I think. At least with new enough Dovecot
> versions.
>
> > On 19 Feb 2016, at 23:10, Gabriel L. Somlo  wrote:
> >
> > On Fri, Feb 19, 2016 at 08:41:15AM +0100, Steffen Kaiser wrote:
> >>> I'm trying to allow domain-less logins for a multi-domain virtual IMAP
> >>> server, and wondering if I can automatically infer the domain (value of
> >>> variable %d) from the local IP (%l) or the hostname used by the client
> >>> when connecting to my server.
> >>>
> >>> Let's say I have two host names: mail.foo.org (10.0.0.100) and
> >>> mail.bar.com (10.0.0.200), with forward and reverse DNS configured to
> >>> resolve A and PTR records in either direction.
> >>>
> >>> Let's also say I have 10.0.0.100 and 10.0.0.200 set up as secondaries
> >>> on my server's loopback interface, and routing is set up to bring
> client
> >>> traffic to me for both of those IP addresses.
> >>
> >> Hm, it should be possible like so:
> >>
> >> 1) keep the file you have now as 2nd passdb, in order to let your users
> >> login like now from anywhere
> >>
> >>> us...@foo.org:{PLAIN}user1foo
> >>
> >> 2) from this file create another passwd-file with ExtraField via script
> /
> >> cron jobs, that defines
> >>
> >> user1@10.0.0.100:{PLAIN}user1foo:user=us...@foo.org
> >>
> >> see http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
> >>
> >> Maybe allow_nets could limit the clients further.
> >>
> >> Then add another passdb section pointing to that file using
> >> username_format=%n@%l
> >>
> >> http://wiki2.dovecot.org/AuthDatabase/PasswdFile
> >>
> >> That will map domain-less logins to full mail addresses, which in turn
> sets
> >> %d, too.
> >
> > That *almost* worked :)
> >
> > I now have
> >
> >  passdb {
> >driver = passwd-file
> >args = username_format=%n@%l /var/lib/topgen/etc/postfix/users
> >  }
> >
> > pointing to a "users" file with entries such as
> >
> >   user1@10.0.0.100:{PLAIN}user1foo:user=us...@foo.org
> >
> > The only trouble is, %d does not get set; I get new "user1" and
> > "user2" folders created directly under /var/lib/vmail/, which
> > indicates the %d portion is equal to the empty string.
> >
> > I also tried
> >
> >   user1@111.0.10.10:{PLAIN}tartans1:domain=foo.org
> >
> > which the PasswordDatabase wiki page says should override %d, but
> > still no luck...
> >
> > Thanks for the pointer though, now that I read the relevant bits of
> > documentation it feels like I'm really close, and this *should* work.
> > I'm still either missing something, or tickling a bug (probably the
> > former :)
> >
> > Thanks,
> > --Gabriel
> >
> >>
> >>>
> >>> The relevant bits of my dovecot.conf are:
> >>>
> >>> ---%<--
> >>> mail_location = maildir:/var/lib/vmail/%d/%n
> >>> passdb {
> >>> driver = passwd-file
> >>> args = /var/lib/vmail/etc/postfix/userdb
> >>> }
> >>> userdb {
> >>> driver = static
> >>> args = uid=dovenull gid=dovenull home=/var/lib/vmail/%d/%n
> >>> }
> 

Re: autoexpunge - different settings for different users

[Leon Kyneur]

Hi Tom,

Looks like you are missing 'mailbox' keyword:

namespace/inbox/mailbox/Drafts/autoexpunge=3d

Regards,

Leon

On Tue, Feb 9, 2016 at 12:51 PM Tom Johnson  wrote:

>
> > On Feb 7, 2016, at 10:59 AM, Timo Sirainen  wrote:
> >
> > You can override any mail-related setting from userdb. So for example if
> you have:
> >
> > namespace inbox {
> >  mailbox Trash {
> >autoexpunge = 30d
> >  }
> > }
> >
> > You can have your userdb return namespace/inbox/Trash/autoexpunge=90d
> extra field for other users.
> http://wiki2.dovecot.org/UserDatabase/ExtraFields has some examples.
>
>
> I have my query returning the extra field, with the namespace entries
> separated by tabs.  If I do a doveadm, I see it:
> # doveadm user 
> field   value
> uid 1005
> gid 1005
> home
> mail
> namespace/inbox/Drafts/autoexpunge  3d
> namespace/inbox/Quarantine/autoexpunge  3d
> quota_rule  *:storage=1M
>
>
> I turned on debugging, and tried to deliver some email to see if
> autoexpunge is called, and I'm seeing this:
>
> 2016-02-09T01:41:23+ s01.lax.mailroute.net dovecot: doveadm(
> t...@terramar.net): Debug: Unknown userdb setting:
> plugin/namespace/inbox/Drafts/autoexpunge=3d
> 2016-02-09T01:41:23+ s01.lax.mailroute.net dovecot: doveadm(
> t...@terramar.net): Debug: Unknown userdb setting:
> plugin/namespace/inbox/Quarantine/autoexpunge=3d
>
>
>
> Anybody know what am I missing?
>
> Thanks-
>
> Tom
>

Apply modifier on long_name variables

[Leon Kyneur]

Hi,

Wondering why it's not possible to do the following in ldap args file:
base = ou=People,dc=%Ddomain_first,o=ISP

however this does work:
base= ou=People,dc=%Dd,o=ISP

is it intentional that modifiers do not work on long names?

Thanks

Leon

Re: Apply modifier on long_name variables

[Leon Kyneur]

Just realized my mistake.. (should read more carefully).

* Long variable names can be used like %{long_name}  or with L modifier:
%L{long_name} .

So by changing %Ddomain_first to %D{domain_first} fixed my issue.


On Wed, Feb 3, 2016 at 5:03 PM Leon Kyneur <l...@dexterous.org> wrote:

> Hi,
>
> Wondering why it's not possible to do the following in ldap args file:
> base = ou=People,dc=%Ddomain_first,o=ISP
>
> however this does work:
> base= ou=People,dc=%Dd,o=ISP
>
> is it intentional that modifiers do not work on long names?
>
> Thanks
>
> Leon
>

Corrupted index cache file - migration with zlib

[Leon Kyneur]

Hi

I'm migrating some mailboxes from an old dovecot system where mailboxes are
stored maildir uncompressed. I enabled zlib on the new system and migrated
an account:
doveadm -o mail_fsync=never backup -R -u tonyg imapc:

when the account connects to the new system after a while i'm seeing the
following error and the mailbox is no longer functioning:

Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error:
read(/srv/vmail/532868/tonyg/mdbox/storage/m.1): FETCH BODY[] for mailbox
INBOX UID 61 got too little data: 4106341 vs 6054268
Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error:
unlink(/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache)
failed: No such file or directory (in mail-cache.c:28)
Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error: Corrupted index cache
file
/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache:
Broken virtual size for mail UID 61
Jan 15 13:58:06 S611 dovecot: imap(tonyg): FETCH failed in=181 out=4109653
Jan 15 13:58:06 S611 dovecot: auth-worker(6130): ldap(tonyg,144.132.1.90):
unknown user
Jan 15 13:58:06 S611 dovecot: imap-login: Login: user=,
method=PLAIN, rip=144.132.1.90, lip=203.134.11.127, mpid=6746, secured,
session=<7qqWklYpnGjLhgHK>
Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error:
read(/srv/vmail/532868/tonyg/mdbox/storage/m.1): FETCH BODY[] for mailbox
INBOX UID 61 got too little data: 4106341 vs 6054268
Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error:
unlink(/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache)
failed: No such file or directory (in mail-cache.c:28)
Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error: Corrupted index cache
file
/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache:
Broken virtual size for mail UID 61
Jan 15 13:58:07 S611 dovecot: imap(tonyg): FETCH failed in=181 out=4109653

If i migrate the account without zlib everthing works fine and the error
can't be reproduced.

I have tried force-resync and index commands to no avail.

Any ideas what's going on here?

doveconf -n:

[root@S611 532868]# doveconf -n


# 2.2.21 (5345f22): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.11 (6ddf62b87f60+)
# OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511
(Core)
auth_debug = yes
auth_verbose = yes
imapc_features = rfc822.size fetch-headers
imapc_host = removed
imapc_master_user = removed
imapc_password =  # hidden, use -P to show it
imapc_user = %u
lmtp_proxy = yes
login_trusted_networks = 192.168.10.0/24
mail_debug = yes
mail_gid = vmail
mail_location = mdbox:%h/mdbox:ALT=/altstorage%h/mdbox
mail_plugins = quota zlib
mail_prefetch_count = 50
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date
 index ihave duplicate mime foreverypart
mdbox_rotate_size = 10 M
namespace inbox {
  inbox = yes
  location =
  mailbox "Deleted Messages" {
special_use = \Trash
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-ldap-m2core.conf.ext
  driver = ldap
}
plugin {
  quota = dict:User quota::file:%h/dovecot-quota
  sieve = file:~/sieve;active=~/.dovecot.sieve
  zlib_save = gz
  zlib_save_level = 6
}
pop3c_host = 
pop3c_password =  # hidden, use -P to show it
service lmtp {
  inet_listener lmtp {
address = 
port = 24
  }
}
ssl_cert = 

Re: Corrupted index cache file - migration with zlib

[Leon Kyneur]

figured out my issue

I changed:
protocol imap {
  mail_plugins = quota imap_quota imap_zlib
}

to this:
protocol imap {
  mail_plugins = $mail_plugins imap_quota imap_zlib
}

No longer getting the error after migration with zlib enabled.. could there
be any kind of better warning or error handling around this? (if this is
the actual issue)


On Fri, Jan 15, 2016 at 2:25 PM Leon Kyneur <l...@dexterous.org> wrote:

> Hi
>
> I'm migrating some mailboxes from an old dovecot system where mailboxes
> are stored maildir uncompressed. I enabled zlib on the new system and
> migrated an account:
> doveadm -o mail_fsync=never backup -R -u tonyg imapc:
>
> when the account connects to the new system after a while i'm seeing the
> following error and the mailbox is no longer functioning:
>
> Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error:
> read(/srv/vmail/532868/tonyg/mdbox/storage/m.1): FETCH BODY[] for mailbox
> INBOX UID 61 got too little data: 4106341 vs 6054268
> Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error:
> unlink(/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache)
> failed: No such file or directory (in mail-cache.c:28)
> Jan 15 13:58:06 S611 dovecot: imap(tonyg): Error: Corrupted index cache
> file
> /srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache:
> Broken virtual size for mail UID 61
> Jan 15 13:58:06 S611 dovecot: imap(tonyg): FETCH failed in=181 out=4109653
> Jan 15 13:58:06 S611 dovecot: auth-worker(6130): ldap(tonyg,144.132.1.90):
> unknown user
> Jan 15 13:58:06 S611 dovecot: imap-login: Login: user=,
> method=PLAIN, rip=144.132.1.90, lip=203.134.11.127, mpid=6746, secured,
> session=<7qqWklYpnGjLhgHK>
> Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error:
> read(/srv/vmail/532868/tonyg/mdbox/storage/m.1): FETCH BODY[] for mailbox
> INBOX UID 61 got too little data: 4106341 vs 6054268
> Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error:
> unlink(/srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache)
> failed: No such file or directory (in mail-cache.c:28)
> Jan 15 13:58:07 S611 dovecot: imap(tonyg): Error: Corrupted index cache
> file
> /srv/vmail/532868/tonyg/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache:
> Broken virtual size for mail UID 61
> Jan 15 13:58:07 S611 dovecot: imap(tonyg): FETCH failed in=181 out=4109653
>
> If i migrate the account without zlib everthing works fine and the error
> can't be reproduced.
>
> I have tried force-resync and index commands to no avail.
>
> Any ideas what's going on here?
>
> doveconf -n:
>
> [root@S611 532868]# doveconf -n
>
>
> # 2.2.21 (5345f22): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.11 (6ddf62b87f60+)
> # OS: Linux 3.10.0-327.4.4.el7.x86_64 x86_64 CentOS Linux release 7.2.1511
> (Core)
> auth_debug = yes
> auth_verbose = yes
> imapc_features = rfc822.size fetch-headers
> imapc_host = removed
> imapc_master_user = removed
> imapc_password =  # hidden, use -P to show it
> imapc_user = %u
> lmtp_proxy = yes
> login_trusted_networks = 192.168.10.0/24
> mail_debug = yes
> mail_gid = vmail
> mail_location = mdbox:%h/mdbox:ALT=/altstorage%h/mdbox
> mail_plugins = quota zlib
> mail_prefetch_count = 50
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date
>  index ihave duplicate mime foreverypart
> mdbox_rotate_size = 10 M
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox "Deleted Messages" {
> special_use = \Trash
>   }
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap-m2core.conf.ext
>   driver = ldap
> }
> plugin {
>   quota = dict:User quota::file:%h/dovecot-quota
>   sieve = file:~/sieve;active=~/.dovecot.sieve
>   zlib_save = gz
>   zlib_save_level = 6
> }
> pop3c_host = 
> pop3c_password =  # hidden, use -P to show it
> service lmtp {
>   inet_listener lmtp {
> address = 
> port = 24
>   }
> }
> ssl_cert =  ssl_key =  verbose_proctitle = yes
> protocol imap {
>   mail_plugins = quota imap_quota imap_zlib
> }
>
>
>
>

Doveadm client/server possible?

[Leon Kyneur]

Hi

As my mail infrastructure grows I'm now looking at the possibility of
running all my doveadm commands from a central location.

Wondering if there is a way to configure an inet_listener on doveadm and
have a client elsewhere connect to it?

Have seen the inet_listener for replication but not sure if it can also be
used for general client server communication.

Thanks

Leon

Re: LDAP default value variable interpolation

[Leon Kyneur]

Yes that seems to work just fine! Thanks

On Tue, Jun 30, 2015 at 7:02 PM Steffen Kaiser 
skdove...@smail.inf.fh-brs.de wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On Mon, 29 Jun 2015, Leon Kyneur wrote:

  I have a configuration that works something like this on my front end
 proxy:
 
  pass_attrs = mail=user,\
   =nopassword=y,\
   =proxy=y,\
   =host=mail.%d
 
  The above works perfectly well even though it seems a bit hack.
 
  I want to fetch the host field from LDAP and default it to mail.%d if
 the
  attribute isn't populated for the user.
 
  I have tried the following :
 
  pass_attrs = mail=user,\
   =nopassword=y,\
   =proxy=y,\
   =host=%{ldap:mailHost:mail.%d}
 
  however the interpolation doesn't occur on the default. Just wondering if
  there is a way to achieve this?

 according http://wiki2.dovecot.org/PasswordDatabase

 you can use

   default_fields =

 for passdb, too. Maybe,

   default_fields = host=mail.%d

 works?

 - --
 Steffen Kaiser
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1

 iQEVAwUBVZJbqXz1H7kL/d9rAQKIUwf+MTvxLBMgC2f2KrPjPdvBITHP2i61RhRo
 apXyz/EPym29RKOOjriWSyxZYrRguD+Umui/QwRmGNvdzdLiasEVJTzoKFQcBIM6
 mUK8D1VxtVvM3xl41FqYaxs7jGwTzraIQnxSV1bBJHUU2udUb1Kc+tWNVYjYsDJh
 lukrYGMHSmcCT8ORxiTOuTY1bHzjyczw4mhHONUrVA2x+yufRfzF4U1wc0eJD7aS
 Mz08M+ONodGFKk1xMg0GFRHezvWYznPa+p9O2i/vtFUM1eEUtfzHJ5MjfBEyxALh
 a3dQFpk0U5UPmODlE34QSR1dP04nWZWXFtWywqQse3Qo3LjQKKaq7A==
 =XTO5
 -END PGP SIGNATURE-

LDAP default value variable interpolation

[Leon Kyneur]

I'm wondering if there is a way I can dynamically generate an LDAP default
value by using variables.

I have a configuration that works something like this on my front end proxy:

pass_attrs = mail=user,\
  =nopassword=y,\
  =proxy=y,\
  =host=mail.%d

The above works perfectly well even though it seems a bit hack.

I want to fetch the host field from LDAP and default it to mail.%d if the
attribute isn't populated for the user.

I have tried the following :

pass_attrs = mail=user,\
  =nopassword=y,\
  =proxy=y,\
  =host=%{ldap:mailHost:mail.%d}

however the interpolation doesn't occur on the default. Just wondering if
there is a way to achieve this?

thanks

Re: Dovecot Full Text Search results in SolrException: undefined field text [SERIOUS]

[Leon Kyneur]

In your schema.XML check you have defined:

field name=text type=text_general indexed=true stored=false
multiValued=true/
 On 05/03/2015 7:11 PM, Kevin Laurie superinterstel...@gmail.com wrote:

 Hello,
 My dovecot constantly runs into this error.
 I want to fix this one last time, I am tired of troubleshooting so
 please someone give me a lasting and proper solution for this error. I
 think its a problem with the dovecot-solr module.

 Please tell me how do I find the root of this problem with Dovecot.
 There is a problem with the body search text field. It always
 fails(with no result), other searches work(ie. search date, subject
 etc, ) The field-text I believe is missing. Please help. Desperate
 here!




 2/25/2015, 11:32:30 PM ERROR SolrCore
 org.apache.solr.common.
 SolrException: undefined field text

 org.apache.solr.common.SolrException: undefined field text
 at
 org.apache.solr.schema.IndexSchema.getDynamicFieldType(IndexSchema.java:1269)
 at
 org.apache.solr.schema.IndexSchema$SolrQueryAnalyzer.getWrappedAnalyzer(IndexSchema.java:434)
 at
 org.apache.lucene.analysis.DelegatingAnalyzerWrapper$DelegatingReuseStrategy.getReusableComponents(DelegatingAnalyzerWrapper.java:74)
 at org.apache.lucene.analysis.Analyzer.tokenStream(Analyzer.java:175)
 at
 org.apache.lucene.util.QueryBuilder.createFieldQuery(QueryBuilder.java:207)
 at
 org.apache.solr.parser.SolrQueryParserBase.newFieldQuery(SolrQueryParserBase.java:374)
 at
 org.apache.solr.parser.SolrQueryParserBase.getFieldQuery(SolrQueryParserBase.java:742)
 at
 org.apache.solr.parser.SolrQueryParserBase.handleBareTokenQuery(SolrQueryParserBase.java:541)
 at org.apache.solr.parser.QueryParser.Term(QueryParser.java:299)
 at org.apache.solr.parser.QueryParser.Clause(QueryParser.java:185)
 at org.apache.solr.parser.QueryParser.Query(QueryParser.java:107)
 at org.apache.solr.parser.QueryParser.TopLevelQuery(QueryParser.java:96)
 at
 org.apache.solr.parser.SolrQueryParserBase.parse(SolrQueryParserBase.java:151)
 at org.apache.solr.search.LuceneQParser.parse(LuceneQParser.java:50)
 at org.apache.solr.search.QParser.getQuery(QParser.java:141)
 at
 org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:148)
 at
 org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:197)
 at
 org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:135)
 at org.apache.solr.core.SolrCore.execute(SolrCore.java:1967)
 at
 org.apache.solr.core.QuerySenderListener.newSearcher(QuerySenderListener.java:64)
 at org.apache.solr.core.SolrCore$5.call(SolrCore.java:1739)
 at java.util.concurrent.FutureTask.run(FutureTask.java:262)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)

Authenticating Virtual Users without domain

[Leon Kyneur]

Hi,

I'm trying to migrate a large number of users to a new Dovecot
cluster. The existing mail system allows a user to authenticate with a
bare username if they have connected to the correct local IP on the
server.

e.g.
imap.somedomain.com = 1.1.1.1
imap.anotheromain.com = 2.2.2.2

charlie@somedomain can authnenticate as 'charlie' or
'char...@somedomain.com' as long as he is connected to
imap.somedomain.com (1.1.1.1)

likewise for bare usernames if they connect to imap.anotherdomain.com.

A previous colleague actually achieved this by hacking with the
Dovecot source code and writing in a lookup table feature. The code is
very old and won't patch cleanly to the latest 2.2.15 source. Another
platform we are using (commercial product) also has this feature but
we also need to migrate these users to Dovecot.

I already have a Dovecot proxy layer for mailbox lookup - so ideally I
would like to do this on my Dovecot proxies.

I know I can also do this kind of thing if I swapped my dovecot proxy
for Perdition, however I don't really want to do that.

I've looked into checkpassword scripts and could possibly make
something work (albeit ugly) - is this the right direction to take
here?

Thanks,

Leon