Re: JMAP support?
Em 08/03/2021 16:43, @lbutlr escreveu: On 08 Mar 2021, at 02:15, Mark Constable wrote: There doesn't seem to be much interest in JMAP ou there, which means it is going to be pretty hard to get something working well unless you write it yourself. Or sponsor its development, if the OP is so interested on it! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Trying to install certbot on CentOS
Em 12/11/2020 13:44, Raymond Herrera escreveu: Apparently, RedHat/CentOS are not supporters of snap. You can always install the certbot RPM package for the CentOS 7, it's on the epel repository. [root@firewall ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@firewall ~]# yum info certbot [ ]Available Packages Name : certbot Arch : noarch Version : 1.9.0 Release : 1.el7 Size : 46 k Repo : epel/x86_64 Summary : A free, automated certificate authority client URL : https://pypi.python.org/pypi/certbot License : ASL 2.0 Description : certbot is a free, automated certificate authority that aims : to lower the barriers to entry for encrypting all HTTP traffic on the internet. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
ports with different crypto settings
Hello Everyone, Is it possible, with latest dovecot, to have different crypto settings on different pop/imap ports? Basically i'm looking to have one port with TLSv1 enabled, which will be exposed to internal networks only, and other ports with TLSv1.2+ only, which will be exposed to the external networks. The internal one will likely be running on a different port and traffic will be redirected to it via iptables, so user doesn't need to care about it. Is that possible? I haven't found anything similar on the documentations, it seems to me that crypto settings are global ... -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Using SHA256/512 for SQL based password
Here i have SSHA256 working with: default_pass_scheme = PLAIN and my database scheme just received the hashed password prefixed by the SSHA indicator, just like: mysql> select * from emails where endereco = 'solutti@X'\G *** 1. row *** endereco: solutti@XX password: {SSHA256.HEX}d90bac4 quota: 51200 Em 12/02/2019 14:05, Robert Moskowitz via dovecot escreveu: I have trying to find how to set the dovecot-sql.conf for using SHA256/512. I am going to start clean with the stronger format, not migrate from the old MD5. It seems all I need is: driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=$Postfix_Database_Password default_pass_scheme = SHAxxx-CRYPT # following should all be on one line. password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' # following should all be on one line user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS gid, CONCAT('*:messages=3:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active = '1' where xxx is either 256 or 512. All the rest I have been finding in my searches concern converting the format and are not needed for a clean start? thanks -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Log authentication attempts
Em 12/06/17 09:39, j.emerlik escreveu: Failed login attempts information may be useful in the fight with bruteforce attacks. fail2ban is your friend, it can analyze the logs, no need for saving that on database. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Backing up and restoring maildir folders
Backing up maildir is easy, just backup (and restore) the whole thing and, usually, that's as simple as that. However, for saving some backup space if that's a matter, i would exclude only the 'dovecot.index.cache*' files, as these can be rebuilt (some performance hit after the restore, of course) but, in some servers, that makes almost a 10% difference to me. Besides the cache files, you really should backup everything inside the maildir folders. Em 22/05/17 13:40, Timothy D Legg escreveu: Hello, I am migrating to a different distribution of Linux that involves changing to an earlier version of dovecot (2.2.22 to 2.2.13). As part of this process, I will be copying several maildirs to the new machine. One of these has a number of files and directories that resemble this one example: -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: CPU for Dovecot
Em 25/11/16 11:29, Miloslav Hůla escreveu: Hi, we are planning to change hardware for our standalone Dovecot instance handling ~5800 IMAP users with 1TB mailboxes on local RAID. Is there some recommendation about CPU? We can choose from: - Intel Xeon E5-2620v4 - 2,1GHz@8,0GT 20MB cache, 8core, HT, 85W, LGA2011 - Intel Xeon E5-2623v4 - 2,6GHz@8,0GT 10MB cache, 4core, HT, 85W, LGA2011 The difference is about more cores vs. hi frequency. Generally speaking, servers will benefith from more cores instead of faster cores. Servers usually are doing LOTS of things, and thus more cores use to be better. Unless you know you'll be doing something heavily CPU intensive, which generally mail related things are not. Even more important than choosing more cores x higher frequency, you should focus on faster I/O. This, specially on mail servers, can do a REAL difference ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: overview zlib efficiency?
Em 15/03/16 12:01, Götz Reinicke - IT Koordinator escreveu: Hi, may be someone has already done that: Do you have a script(?) tool which shows the efficiency of the mail compression if zlib is used? Something that shows the uncompressed size vrs. the compressed. While i dont have the data you're looking for, i do have lots of servers running with zlib enabled and, if someone makes the script, i can run on some servers and provide the results ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [patch] TLS Handshake failures can crash imap-login
On 24/04/15 18:17, Hanno Böck wrote: Hi, I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash. I couldnt reproduce that on a fully patched CentOS 6.6 box [root@correio ~]# cat /etc/redhat-release CentOS release 6.6 (Final) [root@correio ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@correio ~]# dovecot --version 2.2.16 (compiled from sources, not from any binary package) [root@correio ~]# grep ssl_proto /etc/dovecot/extras/10-ssl.conf ssl_protocols = !SSLv2 !SSLv3 from dovecot logs when running the openssl command: Apr 24 21:36:38 correio dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected dont know if it matters, but i'm running signed certificated from RapidSSL, not self-signed ones The openssl command returns an error but i see no crash at all [root@correio ~]# openssl s_client -ssl3 -connect localhost:995 CONNECTED(0003) 140022021363528:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40 140022021363528:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1429922121 Timeout : 7200 (sec) Verify return code: 0 (ok) --- [root@correio ~]# -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Performance
On 24/04/15 08:26, absolutely_f...@libero.it wrote: My question is: is better to use SQLite instead of MySQL? Should I prefer dbox format? Thank you in advance for your opinion! While 10k accounts is not a few accounts, i wouldn't call that a LOT of accounts neither. Assuming that the query cache is active on MySQL, probably almost all your queries are being answered directly from the cache and, if not that, your tables shouldnt be that big and after a few queries should be all in cache memory of the Linux system. Your I/O costs on the MySQL should be very very very low, o i really doubt that MySQL is being part of your problem here. Unless, of course, that you have other heavy databases running on the MySQL instance your mail system is using... -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
check if anvil is working
Hi, Is there any way of making sure the anvil service, used to penalty login fails, is working ? I dont see anything on the logs regarding it neither have it configured. It's not on my configuration files, but it can be seen on a 'dovecot -a' dump. Should it be logging something ? Should i have enabled it somehow ? Thanks for the answers. [root@correio log]# dovecot --version 2.2.13 (from dovecot -a dump) service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: special "what's my ip" pop account
On 22/10/14 16:16, A. Schulze wrote: Reindl Harald: why that complex? just point them to a website webtraffic goes other ways via proxy server then pop3 so just get that fixed !!! Every good proxy solution can work in ways of exposing the real user IP to the internet. Just get that configured ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: question on lmtp logged message
Em 03/07/14 14:31, Timo Sirainen escreveu: On 25.6.2014, at 18.45, Leonardo Rodrigues wrote: I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. It's working just fine, absolutely no problem on that, setup is fine. Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) I guess the only good fix for this is to just get rid of this deduplication feature for now: http://hg.dovecot.org/dovecot-2.2/rev/51274bf2a47d Hopefully people don't rely on this feature too much. Timo, Is it expected deliveries through LMTP to get slower with this patch ? I mean ... despite i was seeing the 'message was expunged' some few times a day, after applying the patch they really dissapear, but my deliveries starts to apparently get slower. I dont have real numbers to prove that, i can only guanratee that my queues are starting to grow up a lot with to-be-local-delivered messages. I experienced that last week after running the patched version for some hours. Reverted to plain 2.2.13 and queues were successfully emptied after some minutes. This weekend i installed the 2.2.13 patched one again and, by this morning, queues are growing again. I really do not understand dovecot internals and, sincerily, dont even know if i'm using some feature that depends on deduplication. Fact is that i'm running a pretty busy server and those 'message was expunged' situations werent a real problem. When it happened, message would be on the queue and probably delivered some minutes later, on the 1st or 2nd queue run after that. But if removing this deduplication tests/feature will slow down that much the deliveries, i'm afraid that, overall, the non-patched version is better to me. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: question on lmtp logged message
Em 03/07/14 14:31, Timo Sirainen escreveu: On 25.6.2014, at 18.45, Leonardo Rodrigues wrote: I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. It's working just fine, absolutely no problem on that, setup is fine. Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) I guess the only good fix for this is to just get rid of this deduplication feature for now: http://hg.dovecot.org/dovecot-2.2/rev/51274bf2a47d Hopefully people don't rely on this feature too much. Hi Timo, I patched the 2.2.13 tree source, recompiled and installed. I'll let it run for some days and look again if the messages dissapeared. I'm still getting some few of these everyday, so noticing if they dissapeared or continue to happen will be easy. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
Em 01/07/14 10:06, Eliezer Croitoru escreveu: On 07/01/2014 03:06 PM, Jiri Bourek wrote: That really depends, rebuilding indexes can increase your downtime for hours, so it may be better to pay a bit for extra storage space instead of not being paid at all by your customers. Building the index as far as I remember doesn't cost in downtime but in higher I/O usage which slows down the server. That's my knowledge as well. Rebuilt of indexes are done on-the-fly when the account is accessed and, thus, there's no downtime involved on that. Of course, with lots of big accounts and lots of initial accesses on the scenario where ALL accounts were restored without indexes, the I/O increase can be so high that the server will be basically unresponsive. That can happen for sure. But on the more common case, which will be restoring just a few accounts, that I/O increase will probably be unnoticable. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
Em 01/07/14 09:06, Jiri Bourek escreveu: And on a worst case scenario, where i would need to restore the whole server and mailboxes, things will already be screwed, so knowing that dovecot would be harder on I/O for rebuilding the indexes will be just another problem :) That really depends, rebuilding indexes can increase your downtime for hours, so it may be better to pay a bit for extra storage space instead of not being paid at all by your customers. Anyway, for those not running a that critical system and can afford for an extra half hour of slowness, i really think the tip worths. And for those who, by any reason, cannot afford that extra storage space as well. But you're right, it's all a matter of calculating how critical your mission is and take the correct decisions for it. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?
Em 01/07/14 00:16, Charles Cazabon escreveu: deoren wrote: Right now I'm using LVM snapshots + tarballs for daily backups, but I'd like to get better coverage for incremental changes that occur throughout the day. The size of existing content is low, but (small) changes are frequent. If you actually want to preserve those increments (as opposed to just keeping an rsync mirror up-to-date), I like rdiff-backup. It handles maildirs well because of the one-message-per-file design. Some may agree with me, some may disagree. But for my Maildir backups, i usually exclude the files "dovecot.index*". On the most common situations, you'll need to restore just one or other mailbox, so rebuilding those indexes wont kill the server. And by excluding these, i could save 10-15% of backup space on some cases with virtually no disadvantage. And on a worst case scenario, where i would need to restore the whole server and mailboxes, things will already be screwed, so knowing that dovecot would be harder on I/O for rebuilding the indexes will be just another problem :) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: question on lmtp logged message
n 25 10:00:48 correio dovecot: pop3(marcos.pere...@domain.com.br), rip=10.253.22.56, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=1/26872, del=1/1, size=26849 2nd recipient did NOT checked email near the delivery Jun 25 09:54:08 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.22.72, lip=10.252.38.2, mpid=29125 Jun 25 09:54:12 correio dovecot: pop3(mario.cabre...@domain.com.br), rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=11/1408320, del=11/11, size=1408058 Jun 25 10:06:49 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=10.253.22.72, lip=10.252.38.2, mpid=13391 Jun 25 10:06:50 correio dovecot: pop3(mario.cabre...@domain.com.br), rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, retr=10/1923222, del=10/10, size=1923004 this is interesting ... logs seems to show clearly that right after the message was delivered to the 1st recipient, it was checked and deleted. Despite of that, 2nd recipient got the message successfully delivered. But we have also a delay=22 ... maybe lmtp instance had already opened the message BEFORE it was erased by the 1st user ? this delay is high, i know that and, usually, server do NOT suffer from this delays on deliveries. Anyway, during this problem period, queues were pretty large and, thus, load was very high, which i think explains this unusual delays. With these two cases, it really seems that this is somehow related to: - lmtp as delivery agent - multiple recipient messages - first (or previous users in fact) checked and deleted the message before all the recipients got the message delivery About the two parameters, maildir_copy_with_hardlinks and pop3_fast_size_lookups, i'll try to change them one at a time and try to reproduce the problems. Fact is i only had the problem with both set to yes and problems were completly vanished when both were set to no. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: question on lmtp logged message
Em 26/06/14 03:32, Steffen Kaiser escreveu: On Wed, 25 Jun 2014, Leonardo Rodrigues wrote: Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) What does the Dovecot log says for the delivery attempt? exactly what's reported by postfix, no extra information there Jun 25 11:49:39 correio dovecot: lmtp(766, vanilson.parre...@domain.com.br): 645hNV7hqlP+AgAAHvf8vg: msgid=: save failed to INBOX: Message was expunged (received-date) How many recipients does the message has and, if so, what about the other recipients? After analyzing lots of cases (made a script for doing that), this seems to occur only on messages with more than 1 recipient, usually on messages with lots of recipients (>10) altough i got some on messages with 2 or 3. Some days ago, when trying to optimize somethings on the server, i changed two dovecot parameters: maildir_copy_with_hardlinks to yes pop3_fast_size_lookups to yes previously, both were no. I have returned both values to 'no' and this situation, 'message was expunged' seems to not be occurring anymore. Can this behavior by any chance related to these settings ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
question on lmtp logged message
Hi, I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. It's working just fine, absolutely no problem on that, setup is fine. Anyway, sometimes LMTP seems to not be able to deliver some messages and keep them on postfixqueue. And on the next or third try, the message gets delivered successfully. The logged message, however, is not helping me identify what is happening.Example: (error - message was expunged) Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 Message was expunged (received-date) (in reply to end of DATA command)) (successfull delivery) Jun 25 12:34:42 correio postfix/lmtp[6411]: ADB0A1AC05108: to=, relay=correio.domain.com.br[private/dovecot-lmtp], delay=2716, delays=2714/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 U7pOLAHsqlPvMgAAHvf8vg Saved) During these two log entries, absolutely nothing was changed, no configuration, absolutely nothing. Everything is local, i mean, no NFS involved. So, finally, question is: what does the 'message was expunged' message given from LMTP means ??? This is happening quite often but, as i mentionted, sooner or later all messages are getting delivered. It's working despite the delay this is causing. [root@correio log]# dovecot --version 2.2.13 -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] maildir backup
Em 31/03/14 12:07, Nikolaos Milas escreveu: On 31/3/2014 10:52 πμ, Ramon Orrù wrote: Hi everybody, I'm trying to backup a dovecot instance, and i'm looking for a method to "snapshot" dovecot maildir in a properly way, and backup whole snapshot in a second step (tar). I read about dsync, end, if i'm not going wrong, it dumps correctly also dovecot indexes; is it the tool i need? Thank you for any hint. Ramon You could use dsync Replication (http://wiki2.dovecot.org/Replication) to another server. Then, you already have a real time backup! If you need a consistent backup instance, I guess you could stop the mirror server for a while to tar your mail directory. or you can use rsync for that ... get your slave server to rsync from the master one and, after rsync is finished, you can tar the folders and have a perfectly valid snapshot of your Maildirs ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Not backing up cache files
i'm not the expert you're looking for, so dont take my word as one. And i'm basically using Maildir instead of mdbox ... Anyway, i have dropped 'dovecot.index*' from some backups, full and incremental ones, action which made me save some Gbs of space on them. I already restored some accounts from these backups and had absolutely no problem at all ! Em 26/03/14 05:05, Jesus Cea escreveu: I am using mdbox for dovecot storage. I wonder if I could skip "dovecot.index.cache" files and, in general, "*.cache" files when doing mail backup. Those files are big and change frequently. What I feel from reading documentation [1][2] is that they could be dropped in the backups, to be recreated on the fly if needed. But I would like expert confirmation. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] SMTP Proxy
Em 26/08/13 13:05, /dev/rob0 escreveu: Well, actually i have already done a well detailed post on the dovecot mailing list some days ago explaining my whole problem, but got no answers on that. If you'd like to check it, it's archived on: http://dovecot.org/list/dovecot/2013-August/092012.html So you did. I didn't have an opinion on that at first sight, but on review, perhaps this is an idea for you: http://wiki2.dovecot.org/PasswordDatabase/IMAP remote authentication using IMAP ... it might work. I'll take a closer look on that and, if i can acchieve some useful configuration scenario, i'll update the other thread for archiving purposes :) thanks again ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] SMTP Proxy
Em 26/08/13 11:58, /dev/rob0 escreveu: On Mon, Aug 26, 2013 at 11:49:50AM -0300, Leonardo Rodrigues wrote: I have found a message on this mailing list dated August/2012 in which is said that dovecot could not (at least at that time) so SMTP Authentication using Proxy Features. http://www.dovecot.org/list/dovecot/2012-August/067998.html is this still true, given i'm using latest stable dovecot, v2.2.5 ? I believe it is. extra informations ... smtp authentication is done by postfix using: A bit of extra information which might help: what is the goal? Exactly what problem are you trying to solve? You have given us nothing to go on here. Well, actually i have already done a well detailed post on the dovecot mailing list some days ago explaining my whole problem, but got no answers on that. If you'd like to check it, it's archived on: http://dovecot.org/list/dovecot/2013-August/092012.html Thanks for your attention ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] SMTP Proxy
Hi, I have found a message on this mailing list dated August/2012 in which is said that dovecot could not (at least at that time) do SMTP Authentication using Proxy Features. http://www.dovecot.org/list/dovecot/2012-August/067998.html is this still true, given i'm using latest stable dovecot, v2.2.5 ? extra informations ... smtp authentication is done by postfix using: dovecot: service auth { unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } postfix: smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth Thanks ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] weird situation with pop3/imap proxy and postfix authentication
Hello dovecot mailing list, I have a server running postfix and dovecot. I havea configuration on dovecot that allows me to provide imap4/pop3 messages for local hosted users as well as for proxied users on other servers. Basically, i have a simple MySQL table (imapproxy) with two fields, 'domain' and 'host'. My password_query isa 'UNION' query, exactly like: password_query=select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=+100M' as userdb_quota_rule2, 'Y' as proxy_maybe, '10.252.38.2' as host from emails where endereco = '%u' and ativa = '1' UNION select NULL as user, '%w' as password, NULL as userdb_home, NULL as userdb_mail, NULL as userdb_uid, NULL as userdb_gid, NULL as userdb_quota_rule, NULL as userdb_quota_rule2, 'Y' as proxy_maybe, imapproxy.host as host from imapproxy where imapproxy.dominio = '%d' the 10.252.38.2 address, on the query, is my local server when this query received a local user, from a domain that is NOT listed on the imapproxy table, results are like: *** 1. row *** user: localu...@domain.com.br password: (SSHA256 encrypted password) userdb_home: /var/spool/mail/localu...@domain.com.br userdb_mail: maildir:/var/spool/mail/localu...@domain.com.br userdb_uid: 8 userdb_gid: 12 userdb_quota_rule: *:storage=51200 userdb_quota_rule2: Trash:storage=+100M proxy_maybe: Y host: 10.252.38.2 when it receives a proxied domain, results are: *** 1. row *** user: NULL password: password userdb_home: NULL userdb_mail: NULL userdb_uid: NULL userdb_gid: NULL userdb_quota_rule: NULL userdb_quota_rule2: NULL proxy_maybe: Y host: 10.254.116.9 This is working just fine for IMAP4 and POP3 proxying. Local users (which domains are NOT listed on imapproxy table) can successfully login to their accountsas well as users from domains listed on imapproxy table can successfully login to their accounts. On SMTP authentication, tough, things are not so fine. SMTP authentication is provided by dovecot to postfix: [root@correio dovecot]# postconf mail_version mail_version = 2.7.1 [root@correio dovecot]# smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot service auth is defined on dovecot confs as: service auth { unix_listener auth-userdb { mode = 0600 user = mail group = mail } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } } and it seems to be allowing ANYuser on any domain listed on the imapproxy table domains to login, even if the user does not exists or provides wrong password. In fact, it seems dovecot returns OK to postfix even without trying to contact the assigned server to that domain, as i cannot find any password-failed-specific log to that user on the specific server. Example: (a proxied domain) [root@correio dovecot]# telnet mail.proxieddomain.com.br 110 Trying 10.254.116.9... Connected to mail.proxieddomain.com.br (10.254.116.9). Escape character is '^]'. +OK Dovecot ready. user te...@proxieddomain.com.br +OK pass password -ERR Authentication failed. (i can successfully find this auth trial and fail on 10.254.116.9 logs) but on SMTP authentication, i have: [root@correio dovecot]# perl -MMIME::Base64 -e \ 'print encode_base64("teste\@proxieddomain.com.br\0teste\@proxieddomain.com.br\0password");' x(not the real encoded pass)= [root@correio dovecot]# [root@correio dovecot]# telnet localhost 587 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.domain.com.br ESMTP EHLO test 250-mail.domain.com.br [ ... ] AUTH PLAIN (encoded string returned by perl encode_base64) 235 2.7.0 Authentication successful (and i cannot even find any authentication log, fail or success, on the specific server for proxieddomain.com.br) dovecot version is: [root@correio dovecot]# dovecot --version 2.2.2 [root@correio dovecot]# what am i doing wrong here ? How to have dovecot to really check users before giving OK to postfix on SMTP authentications ? Thanks for any hints ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Why imap_open function doesn't work while getting a mailbox through telnet works perfectly?
if it works through telnet, so dovecot is working and you probably have a PHP problem, which should be probably pointed to a PHP related mailing list. Em 20/12/11 17:20, I M escreveu: Hi, everybody! Question: Why imap_open function doesn't work while getting a mailbox through telnet works perfectly? Note: imap.so is loaded! imap.ini is parsed!php flags is checked! Is it a bug? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Quota warnings not being sent
Em 14/12/11 15:52, Nikolaos Milas escreveu: I think I'll now open a new thread on how to send rich/UTF-8 mail warnings. Probably you just need to format/encode it properly ... no big deal on that. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Quota warnings not being sent
Em 14/12/11 10:24, Patrick Westenberg escreveu: This is what works for me: service quota-warning { executable = script /usr/local/etc/dovecot/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } My configurations are similar to Patrick ones and works just fine: service quota-warning { executable = script /etc/dovecot/aviso-quota.sh user = dovecot unix_listener quota-warning { user = mail } } plugin { quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=85%% quota-warning 85 %u quota_warning3 = storage=70%% quota-warning 70 %u quota_exceeded_message = Quota excedida (caixa postal cheia) / Quota exceeded (mailbox is full) } -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] dovecot penalties and anvil
Hi, I'm strugling to find some documentation on dovecot's anvil service and/or its penalties (that can be checked with doveadm penalty) ... but i'm not finding anything on that. is there any documentation on anvil/penalties that i should check other than a few messages on the mailing list archive ? thanks ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] compressed mailboxes ?
Em 08/03/11 12:57, Frank Bonnet escreveu: On 03/08/2011 04:54 PM, Frank Bonnet wrote: Hello Is it possible to use compressed mailboxes ( MBOX format ) with dovecot using a plugin ? Thanks I found the doc about zlib plugin ... so it is only possible with read only mailboxes huh ? the problem here is the mbox format the zlib plugin works flawlessly to store compressed files with Maildir mailboxes. I'm using it on several servers to serve some thousand mailboxes. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] utility to copy/sync IMAP mailboxes
i have used imapsync on several migrations and it works flawlessly ! Try it ... Em 06/01/11 17:54, Rick Romero escreveu: Quoting Don Buchholz : Any suggestions for a stable, reliable (copy/duplicate/mirror/sync) tool that can do the job using only IMAP access? (No SSL support required.) I've used IMAPSync fairly successfully (Perl), though I hear iSync is supposed to be better (C).. http://www.linux-france.org/prj/imapsync/ http://isync.sourceforge.net/ -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Deliver limit based of number of destination recipients and size of mails, any option to do that?
policyd is a policy server, which can be used in postfix, and can be used to acchieve quota limitations to help you solve this kind of situations. you should take a look in it: http://www.policyd.org/ Making this limitation on dovecot, if possible, would limit the delivery only for your local users. And i'm sure your employees are also sending those powerpoint stuff to outside users as well. So, the right place to limit this is postfix, which handles all users, local and remote ones. Em 23/12/10 11:14, Andrés Yacopino escreveu: I have a mail server with postfix, dovecot (1.2.15) and deliver lda (dovecot) with 350 users. I have the problem that in this christmas the employees are sending some big files (mainly powerpoints files) to a lot of recipients, because of that the server get a lot of charge (is a Xeon quad core 5405 with 4GB of Ram), i have four disks in Raid 5 configuration (HP E200 controller, not very fast) Is there any option to limit this type of delivery, the total size of the mails delivered to each user (total recipients * size of mail), in dovecot deliver. I don't want to limit the concurrent delivery more lower than 350 recipients and the max size of the mail we can send is 15M. Thanks a lot, -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Filtering IP address connections ?
why not make things easier and use your OS packet filter for that ? iptables for linux, for example Em 18/10/2010 10:22, Frank Bonnet escreveu: Hello Is it possible to refuse connections from some IP address in Dovecot configuration ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] question on quota configuration on 2.0.5
Hi Timo, Em 04/10/2010 11:19, Timo Sirainen escreveu: On Sun, 2010-10-03 at 16:09 -0300, Leonardo Rodrigues wrote: password_query = select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from emails where endereco = '%u' and ativa = '1' You have only one user? Maybe you should be using passwd-file instead of SQL.. No, i have a lot of users users are replaced bu the %u variable and are stored on my column field named 'endereco' Oct 3 16:08:09 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1, lip=127.0.0.1: Error: quota: Unknown namespace: Trash about changing 100M to +100M, that's OK, no problem but even after changing that, i still keep getting the 'unknown namespace' message. What kind of namespace configuration do you have? (dovecot -n) on 1.2 it was: namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes on 2.0 with that same configuration, i got the errors i posted before. question: what's the correct way of doing this configuration on dovecot 2.0 ? The idea of this configuration is to give plus 100M of the user's quota on the Trash folder, thus avoiding problems with out webmail which copies messages to trash before erasing from the actual folder. Are you sure it worked in v1.2? I'm rather guessing that v1.2 just didn't give an error about it. you seem to be completly right things wasnt working as expected on 1.2 altough there were no errors and warnings. to get things working on 2.0 as they were working on 1.2, i had to configure like this: namespace { hidden = no inbox = yes list = yes location = prefix = INBOX. separator = . type = private } namespace { inbox = no location = prefix = separator = . } and now things are working exactly as i expected and exactly they worked on 1.2. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] question on quota configuration on 2.0.5
Hi, On dovecot 1.2 i had the following configuration on my dovecot-sql.conf file: password_query = select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from emails where endereco = '%u' and ativa = '1' special attention to 'Trash:storage=100M' as userdb_quota_rule2 after migrating to 2.0.5, i got this warning on the logs: Oct 3 16:06:41 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1, lip=127.0.0.1: Warning: quota root User quota rule Trash:storage=100M: obsolete configuration for rule 'storage=100M' should be changed to 'storage=+100M' Oct 3 16:08:09 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1, lip=127.0.0.1: Error: quota: Unknown namespace: Trash about changing 100M to +100M, that's OK, no problem but even after changing that, i still keep getting the 'unknown namespace' message. question: what's the correct way of doing this configuration on dovecot 2.0 ? The idea of this configuration is to give plus 100M of the user's quota on the Trash folder, thus avoiding problems with out webmail which copies messages to trash before erasing from the actual folder. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] [Dovecot-news] v2.0.4 released
Em 27/09/2010 12:37, Timo Sirainen escreveu: On Mon, 2010-09-27 at 12:32 -0300, Leonardo Rodrigues wrote: Hi Timo, i couldnt compile 2.0.4 anymore after applying the 2 proposed patches. Without them, 2.0.4 builds just fine. Apply only the first patch, that's enough. yes it compiled fine with the first patch only. Thanks ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] [Dovecot-news] v2.0.4 released
Hi Timo, i couldnt compile 2.0.4 anymore after applying the 2 proposed patches. Without them, 2.0.4 builds just fine. ./configure was issued AFTER the patches were applied ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ INSTALL_DATA="install -c -p -m644" --with-mysql --with-sql=plugin \ --with-ssl=openssl --with-notify=inotify --with-zlib --with-bzlib \ --with-pic \ --without-nss \ --without-shadow \ --without-gssapi \ --without-ldap \ --without-vpopmail \ --without-pam \ --without-bsdauth \ --without-sia \ --without-ldap compilation halts on /bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-mail -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/lib-storage/index -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include-MT zlib-plugin.lo -MD -MP -MF .deps/zlib-plugin.Tpo -c -o zlib-plugin.lo zlib-plugin.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib -I../../../src/lib-mail -I../../../src/lib-index -I../../../src/lib-storage -I../../../src/lib-storage/index -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include -MT zlib-plugin.lo -MD -MP -MF .deps/zlib-plugin.Tpo -c zlib-plugin.c -fPIC -DPIC -o .libs/zlib-plugin.o mv -f .deps/ostream-zlib.Tpo .deps/ostream-zlib.Plo In file included from zlib-plugin.c:8: ../../../src/lib-storage/index/dbox-single/sdbox-storage.h:5:26: error: dbox-storage.h: No such file or directory In file included from zlib-plugin.c:8: ../../../src/lib-storage/index/dbox-single/sdbox-storage.h:19: error: field 'storage' has incomplete type ../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: 'struct dbox_file' declared inside parameter list ../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: its scope is only this definition or declaration, which is probably not what you want ../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: 'struct dbox_mail' declared inside parameter list In file included from zlib-plugin.c:9: ../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:5:26: error: dbox-storage.h: No such file or directory In file included from zlib-plugin.c:9: ../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:23: error: field 'storage' has incomplete type ../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:68: warning: 'struct dbox_mail' declared inside parameter list mv -f .deps/istream-bzlib.Tpo .deps/istream-bzlib.Plo make[4]: *** [zlib-plugin.lo] Error 1 make[4]: *** Waiting for unfinished jobs mv -f .deps/istream-zlib.Tpo .deps/istream-zlib.Plo make[4]: Leaving directory `/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src/plugins/zlib' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src/plugins' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/root/disco-linuxrouter/dovecot2/dovecot-2.0.4' make: *** [all] Error 2 [r...@ns2 dovecot-2.0.4]# Em 27/09/2010 09:46, Timo Sirainen escreveu: Whops. This fixes it: http://hg.dovecot.org/dovecot-2.0/rev/c359ee549df7 (and also making sure it won't happen again: http://hg.dovecot.org/dovecot-2.0/rev/a3c8026d0305) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Support for spaces in plaintext passwords?
did you tried a password with space in the middle, not in the beggining or end ? Maybe it's just trimming at the beginning and end. Can you try it with space in the middle of the password, like "pass word" Em 22/09/2010 08:52, Simon escreveu: Well, kind off. I found that it had been reported earlier but with insufficient information. So I just updated http://code.google.com/p/android/issues/detail?id=11064#c8 and hopes some one responsible reads it again. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] SSHA256 password too short
Em 13/09/2010 06:33, Patrick Westenberg escreveu: Osvaldo Alvarez Pozo schrieb: ssha256_verify(u...@domain.tld): SSHA256 password too short and my default_schema is md5 if your passwords are stored in ssha256 you have to change default_schema to ssha256. not completly true if passwords are stored with the {SSHA256} or {SSHA256.HEX} prefix, or the prefix was added by sql query with some concat('{SSHA256}',password), then default_schema is not needed. Its only needed if there's no prefix on the password. I, for example, have lots of servers where password is stored with the prefix on the database and default_schema points to plain. It works perfectly. however, if your password are not stored with prefix nor prefix is being added by concat, then setting the correct default_schema can solve your actual problem. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Standards of expectations for software installs
Em 16/08/2010 11:23, Marc Perkel escreveu: Timo's software standards, and mine, are higher than the average open source project. When an install id done right then you don't have to go to the wiki for anything. You run it and it just works. That's why people pay for Windows and Macs and more people use it than Linux because it just works. You start an upgrade anf click NEXT AGREE NEXT NEXT NEXT FINISH and everything just works. That's the way Linux should be. So - even though something might be a minor detail, when you get the minor details right then you get software the "it just works" which is in my opinion the highest thing one can say about a program. And it's who dovecot is so popular. hey Marc, you're not alone !!! As well as you, i also expect software updates to be always perfect and magic so i dont have to have a clue of what i'm real doing, as softwares will take care of all the inteligence that i should have. but, i think different from you, i understand and accept that there's no magic. upgrades on complex environment MUST be planned, new version features should be understood and in almost all cases, including some M$ updates of complex software/ environment, lots of pre-upgrade and post-upgrades actions should be taken. i would love to just click yes yes and everything works as magic but, unfortunelly, i accept that wont happen in the real (and most all the times complex) scenarios we have. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] salted passwords
Em 31/07/2010 18:51, Patrick Westenberg escreveu: Leonardo Rodrigues schrieb: that's all because i already have a account manager system, written on PHP, which i had to kept. So i was trying to understand how that's work to make it work on my system i couldnt stop using. but after some tryings i got everything running. All my passwords were already migrated from plaintext to Salted-SHA2-256. Hi Leonardo, can you tell me how you solved your problem with creating salted passwords via PHP? Hi yes i've acchieved some PHP routines for creating the salted SHA256 password with random salt and also comparing a stored hashed password with a plaintext supplied one. encoded passwords will be exited as: {SSHA256.HEX}acf5ce0f51cca2077e27884a7cec385c430bb402c2f961b02bfa779c18aaf9a373772d99 encoded password strings is 85-char length with the SSHA.256 prefix and 72 without it as i'm storing passwords with the SSHA256.HEX prefix, my dovecot conf has: default_pass_scheme = PLAIN so i can have any dovecot-supported encoded password on the database as well as plaintext ones code may not be very beautiful, i do admit that i'm not good on making beautiful codes but its working nice in several places :) http://pastebin.com/fzDGE561 the VerifyHashedPassword routine can receive passwords with the {SSHA256.HEX} string and without as well. That makes easier to just compare database stored passwords as well as the newly generated ones to compare with newly encoded ones based on the plaintext supplied. usage is pretty simple something like: $hashedpwd = HashedPassword($plainpwd); and store $hashedpwd whatever you want to store it checking the stored password against a supplied password would be something like: if ( VerifyHashedPassword($hashedpwd,$plainpwd) ) { // supplied plaintext password MATCH with supplied hashed password do whatever you want if passwords matches } else { // supplied plaintext password DO NOT MATCH with supplied hashed password do whatever you want if passwords DO NOT match } Hope this helps you :) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Feature request: usernames and passwords
Em 21/07/2010 10:30, Eduardo M KALINOWSKI escreveu: I think none of this is dovecot's function. Let's keep the UNIX filosophy: one tool does one function, and does that function well. Dovecot is an execellent mail server. It should not be turned into a monster Windows-like application that does dozens of not-really-quite-related things. the idea of 'one tool does one function (OTDOF) ' is indeed interesting, but can be interpreted by several ways. for instance, dovecot does NOT 'one function only'. It does a REAL LOT of functions. It's a pop3 server as well as imap4 one, with or without SSL for both protocols. It can read mailboxes, maildirs and some others i've never used myself. It can even deliver messages to mailboxes/maildirs, having the password backend in several different ways (passwd file, MySQL, LDAP, etc etc). It can check and enforce quotas. It's not a completly mail server, as you regarded, because it cannot do the SMTP part, which is pretty important for a mail server to fully operate. Even tough, it does a LOT of things. i completly agree that dovecot should not try to have, for example, a builtin admin interface for managing users ... because managing users is completly dependable on the password backend used, and schemas can be VERY different from one user to another. It would be nonsense trying to have that, a builtin interface for managing user. That i agree would not fit the 'one tool does one function'. Managing user is not dovecot's problem as well as checking/enforcing password policies, as discussed before on this thread. but, regarding what it already do, delivering messages by pop3/imap4 protocol for users, i really think adding security features wouldnt be bad idea. And indeed, as confirmed by Pascal, some of those are already built in dovecot 2.0 RCs. the OTDOF is really hard to apply on some full-feature daemons we're used to have on unix world, for example: dovecot, postfix/qmail/exim, apache, clamav, etc etc etc. All of them (and lots of other daemons) does a LOT of things, all of them as a part of the main daemon goal. It's really hard to stay on the OTDOF on those full-featured daemons. It's easy to keep the OTDOF idea on basic and small command-line utilities, like cat cp rm but not on the full-featured modern daemons. and, in the real world we live, having security features do not brake the 'one tool does one function' at all on my understandings of that. In fact, if those security features are there to help the security of the daemon main goal, whatever the main goal is, they're VERY welcome to me. we dont need to carry this on anymore, as seems lots of good things are already on dovecot 2.0 RCs proving that dovecot authors do think that increasing security is in the main goal of dovecot development plans. thanks for all who help dovecot being each day a better software, those who code things as well as those who test new features on the RCs, those who make new features requests, those who help others here on the mailing list .... thanks for all. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Feature request: usernames and passwords
Em 21/07/2010 10:32, Pascal Volk escreveu: Install dovecot 2.0.rc3 and try to 'break in'. You will see how dovecot slows down your 'attack'. When you test it with your botnet ( ;-) ), use `doveadm penalty` to see current penalties. wooow nice to hear that i have not tried 2.0RC yet, but i'm glad on hearing that some 'penalty' policies were introduced !!! thanks for your tip Pascal !!! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Feature request: usernames and passwords
Em 21/07/2010 10:08, Martijn de Munnik escreveu: the original message says about bot brute-force attacks, but we can be facing REAL brute-force attacks against a specific account and i think that some features to help mitigate those could indeed be interesting. And if those features exists, they could surely help on those brute-force attacks coming from dumb bots as well. it wont solve the username=password specific case, but could help on real or bot brute-force attacks. what do you think on that Timo ? Have a look at fail2ban, this is exactly what you need. no, fail2ban is not exactly what i need. fail2ban is FAR from acchieving what i wrote ... yes, fail2ban can ban an IP after wrong trials . but simply banning the IP (and maybe not the IP/username combination) can be a problem for companies that have lots of computers and access through NAT, ie, a single internet IP address. fail2ban also cannot slow down replies for wrong username/password combinations. fail2ban is a nice add-on for any system, but having something done by the daemon and not by some third-party log analyzer can make things MUCH smarter and MUCH more flexible. thanks for your tip, i already use fail2ban ... but that's far from acchieving some more flexible rules that can be done when the daemon has some anti-brute-force features. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Feature request: usernames and passwords
Em 21/07/2010 09:18, Timo Sirainen escreveu: I think this is one of the tons of different possible password policies and isn't really Dovecot's job. It really should be enforced while setting the password, not while checking it. i completly agree that dovecot is not the place for enforcing password policies nor checking them. but, still on the subject, maybe dovecot could have some features for helping sysadmins to avoid/mitigate brute-force attacks. As told, some bots tries username=password, but those fuckers (the bots) also tries lots of common passwords, 123, 1234, the username followed by some numbers, and lots of others. of course, if the provided password is not correct, dovecot denies access as it should but in those situations, logs can get pretty filled with login failed messages, specially on servers with lots of accounts. And, in some cases, after lots of tries, the bot can found the correct username/password combination. i was thinking on something like ... 1) after N tries (lets say 10 for example) of wrong username/password combinations, dovecot could start delaying the answers for wrong authentications coming from that specific IP address or IP/username, thus slowing down the brute-force attacks; 1.1) or even, after some M (lets say 20 for example) wrong username/password combinations, dovecot could ban that IP address (or IP address/username combination to avoid problem with big networks with NAT access) for XX seconds/minutes, also slowing down the brute-force attack tries 1.2) this could probably be implemented using some in-memory internal backend, so it would be absolutely independent on passdb schema and would require no modifications on passdb schema. the original message says about bot brute-force attacks, but we can be facing REAL brute-force attacks against a specific account and i think that some features to help mitigate those could indeed be interesting. And if those features exists, they could surely help on those brute-force attacks coming from dumb bots as well. it wont solve the username=password specific case, but could help on real or bot brute-force attacks. what do you think on that Timo ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] help on migrating some old Maildirs
Em 14/07/2010 19:30, Timo Sirainen escreveu: Maybe the easiest would be: for file in *; do deliver -u username -m dest-mailbox -p $file done that would through everything on INBOX there are some folders on user's Maildir's that i'd like to maintain. Timo ... is the S= parameter simple the filesize or is there any other calculation on that ? If i'm not mistaken, the W= is the filesize CR+LFed, which is probably not the real size on Unix filesystems, which is not CR+LFed getting some script that simply rename the files, adding the S=xxx being xxx the filesize ... would that be ok ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] help on migrating some old Maildirs
Hi People, Em 14/07/2010 17:20, Timo Sirainen escreveu: If he's restoring from an old machine (they're not currently indexed by Dovecot on the new server), they're going to get a new UID when Dovecot finds them anyway, right? Yes. But I was thinking he had already moved them and they had already got new UIDs :) i have NOT restored them yet i have restored a few ones just to test if it would work and indeed it works. anything that can be done, during the real restoration of them, to get their 'base filenames' renamed and getting the S= and W= parameters are completly acceptable, as messages are NOT indexed by dovecot yet. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] help on migrating some old Maildirs
Hi, i need to restore some old mail backups from a system i wasnt the admin. Emails are on Maildir, which i'm using on the actual server, so should be no big deal. I'm just thinking of copying files from the folders i need, from the old backup, to the specific dirs on the actual system. bt, watching the backup, i noticed that LOTS of files on the Maildirs do not have the S= parameters on its name nor W=. For example: 1230230396.V80bI4e007fM790805.correio.domain.com.br:2, 1230463524.V80bI4e0080M837823.correio.domain.com.br:2, 1230571206.V80bI4e0081M519106.correio.domain.com.br:2, 1231170098.V80bI4e0083M519957.correio.domain.com.br:2, 1231682500.V80bI4e0084M584988.correio.domain.com.br:2, files from the actual system looks like: 1278311553.M754372P13693.correio.domain.com.br,S=5742,W=5864:2, 1278668323.M110437P31421.correio.domain.com.br,S=4489,W=4590:2, 1278311669.M981814P13835.correio.domain.com.br,S=7404,W=7563:2, 1278669074.M556000P31506.correio.domain.com.br,S=4397,W=4504:2, i've already tested copying those files to a current Maildir and it works just fine, no problem at all on that. There's no problem on the restore of those messages itself. Anyway, my questions are 1) do the lack of S= and W= parameters will negatively impact on something ? Quota calculation comes to my head about that as i'll have to restore several thousands of messages, i'm worried about negative impacts on anything 2) is there any way of having dovecot to calculating the S= and W= parameters and renaming those files and, thus, avoiding some negative impact caused by the lack of them ? i'm using dovecot 1.2.11 .. thanks ! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Removing Duplicates
Em 14/03/2010 08:21, Sabahattin Gucukoglu escreveu: Hi all, I am starting fresh with a local repository of mails, which almost certainly have duplicates in them. I am going to use maildirs, and ensure all mails are input with CRLFs. The question is: does anybody know how I can find and remove duplicates, either while injecting mail with IMAP, or afterward? I can use tools to find duplicate Message-IDs, but don't know of a way to remove duplicates in mailboxes that are already imported as opposed to incoming mail. Perhaps there is a way to use the IMAP protocol for this? i've used console tool named fdupes to find duplicate messages on Maildirs. That's done directly on the filesystem, there's no IMAP or dovecot involved. for a user way of doing that, i've used the excellent Thunderbird add-on called 'Remove Duplicated Messages' https://addons.mozilla.org/en-US/thunderbird/addon/956 it's SUPER fast and can check parameters that fdupes cannot. In fact fdupes search for duplicated FILES while the add-on can be configured to really find duplicated MESSAGES, based on Message-ID and other things. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] IMAP proxy configuration
Em 13/03/2010 23:12, Leonardo Rodrigues escreveu: Timo i've tried JOINs, but i've never really understood those crazy things (i'm really very far from being a SQL expert). but seems i got the expected results using UNION and adjusting queries to have the same number of columns. First i tried union with normal queries but couldnt get it because queries must have the same number of rows. Then i adjusted it ... and seems its OK. got it working with few tweaks i had to return '127.0.0.1' as host for local users ... without that, login process was segfaulting. And had to return %w as password for the proxied-domains query. query is: (with linebreaks for easy understanding) password_query = select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2, 'Y' as proxy_maybe, '127.0.0.1' as host from emails where endereco = '%u' and ativa = '1' union select NULL as user, '%w' as password, NULL as userdb_home, NULL as userdb_mail, NULL as userdb_uid, NULL as userdb_gid, NULL as userdb_quota_rule, NULL as userdb_quota_rule2, 'Y' as proxy_maybe, imapproxy.host as host from imapproxy where imapproxy.dominio = '%d' that worked flawlessly :) And i didnt had to use JOINs hehehehe log from the main server, for a proxied user: Mar 13 23:48:48 correio dovecot: imap-login: proxy(s...@proxieddomain.com.br): started proxying to 10.252.25.2:143: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured log from the 10.252.25.2 server: Mar 13 23:48:31 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.1.2, lip=10.252.25.2 the only minor problem is that when local users get logged in on the main server, logs shows that they were proxied to 127.0.0.1 Mar 13 23:33:52 correio dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 13 23:33:52 correio dovecot: pop3-login: proxy(localu...@localdomain.com.br): started proxying to 127.0.0.1:110: user=, method=PLAIN, rip=10.255.176.67, lip=192.168.1.2 i can easily live with that but i would like to see local users logged as local connections not proxied to 127.0.0.1. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] IMAP proxy configuration
Em 13/03/2010 21:23, Timo Sirainen escreveu: So are you saying that the users table contains only local users, while some domain table contains all domains and their destination servers? Then you'll just need to do outer join. Something like: .., domains.host as host, 'Y' as proxy_maybe, .. from domains outer join emails on (username = '%u') where domain.domain = '%d' Timo i've tried JOINs, but i've never really understood those crazy things (i'm really very far from being a SQL expert). but seems i got the expected results using UNION and adjusting queries to have the same number of columns. First i tried union with normal queries but couldnt get it because queries must have the same number of rows. Then i adjusted it ... and seems its OK. Please check resultsets when querying a LOCAL user and when querying with a NON-local (to be proxied) user. Do you think this query will make things work as i need ? querying a LOCAL user: http://pastebin.com/L3q6HGrA querying a NON-local (to be proxied) user: http://pastebin.com/fV91LB0x querying a NON-local and NOT-to be proxied user (correctly returns an empty resultset) http://pastebin.com/SBwCEVEm -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] IMAP proxy configuration
Em 13/03/2010 18:17, Timo Sirainen escreveu: Basically add to your password_query something like: .., domains.host as host, 'Y' as proxy_maybe, .. from emails, domains where domains.domain = '%d', .. So it's really exactly the same as per-user quota, except you're just returning it per-domain in the query. but if i simply add that, query will always return nothing when user is not local. where endereco='%u' will make it return an empty resultset when user does not exists locally. i'm really strugling to discover how, probably with MySQL select syntax, to return one resultset if CONDITION1 (where endereco='%u' exists) and another resultset if CONDITION2 (where domains.domain = '%d' exists) i really dont know to acchieve that imap proxying is clear to me, but i couldnt get how to acchieve it for users that does not exists in my local email table ... -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] IMAP proxy configuration
Em 11/03/2010 09:53, mail...@securitylabs.it escreveu: Just insert a column in the MySQL table with the host relative to the domain. This is my configuration on the proxy: password_query = SELECT users.clear AS password, domains.host, '%u*proxy' AS destuser, 'proxy' AS pass, 'Y' AS proxy FROM users,domains WHERE users.username = '%u' AND users.enabled = '1' AND domains.domain = '%d' In the table "domains" I have a column "domain" with the list of domains I want to proxy, and a column "host" with the IPof the pop/imap server. and for local domains i could return 127.0.0.1 as host is that what you're doing for local domains ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] IMAP proxy configuration
i know dovecot can act as IMAP and POP3 proxy . but i'm having a hard time configuring it. Actually i'm using a simple dovecot configuration with virtual users stored on MySQL. My dovecot-sql.conf is pretty simple: [r...@correio dovecot]# cat dovecot-sql.conf driver = mysql connect = host=localhost dbname=DATABASE user=USERNAME password=PASSWORD default_pass_scheme = PLAIN # Get the mailbox user_query = select '/var/spool/mail/%u' as home, 'maildir:/var/spool/mail/%u' as mail, 8 as uid, 12 as gid, concat('*:storage=', quota) as quota_rule, 'Trash:storage=100M' as quota_rule2 from emails where endereco = '%u' and ativa = '1' # Get the password password_query = select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from emails where endereco = '%u' and ativa = '1' [r...@correio dovecot]# i've read several docs about configuring proxy on dovecot but all of them says about proxying specific users i'm interested on proxying some domains. I couldnt find a way to configure that nor some howto similar to that. could anyone point me some documentation on configuring dovecot as IMAP/POP3 proxy for a full domain and not specific users ? Ideally i would have a list of domains that should be proxied to somewhere else and all the other domains would be threated locally. Thanks. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Quota plugin and SQL
Em 06/03/2010 19:12, David escreveu: Is there any way to modify the queries used to split out username into localpart and domain? This would enable me to put the current quota information in my main mailbox table and display it to users in my admin interface. i'm successfully using a PHP script for displaying a graph with current quota information in my admin interface. Is this what you're looking for ? Quota usage is taken directly from IMAP server, through IMAP commands. http://img707.imageshack.us/img707/9551/quota.jpg i'm actually using a script based on the one found here: http://lists.horde.org/archives/imp/Week-of-Mon-20040816/038902.html the original script grabs the current usage from database, and i dont have the information there. So i changed it to use imap_open and grab quota directly from IMAP server. Something like: Changes would be something like: function draw_bar($mailbox, $width, $height) { global $imaphost, $usuario, $senha; $mbox = @imap_open($imaphost, $usuario, $senha, OP_HALFOPEN); $q = @imap_get_quotaroot($mbox, 'INBOX'); imap_close($mbox); if ($q) { $taken = $q['usage']; $total = $q['limit']; quota_bar($taken, $total, $width, $height); } } that's pretty straightforward when your passwords are stored in clear-text. In my cases password is SSHA256-hashed before storing, so i had to configure a masteruse on dovecot to acchieve that. http://wiki.dovecot.org/Authentication/MasterUsers so i have something: $user = $realuser . "*mymasteru...@local" $password = "mypasteruserpassword" -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] enabling IMAP SORT and THREAD extensions
Em 21/02/2010 11:51, Colin Brace escreveu: $ telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready. dovecot do not show ALL its capabilities before the login successfully happens. try this telnet localhost imap . login u...@name.com password (after the Logged in) . capability and search for SORT and THREAD in the new capabilities banner -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] configuring overquota message
Em 18/02/2010 13:10, Timo Sirainen escreveu: On Tue, 2010-02-16 at 15:18 -0200, Leonardo Rodrigues wrote: but i havent found, in all the sources, where the QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or anywhere else. plugin { quota_exceeded_message = stuff } Yeah ... it worked. Thanks. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] using signed certificates for TLS/SSL
and another interesting information . Thunderbird claims the certificate is not valid, but Windows Mail accepts it without any warnings and works just fine. I've tested on a new machine just to make sure i havent previously accepted it on that machine/Windows Mail. another minor difference is that when logging from Windows Mail and Thunderbird, the cipher used seems to be a little different Windows Mail - AES128-SHA Feb 18 12:56:04 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher AES128-SHA (128/128 bits) Thunderbird 3.0.1 - DHE-RSA-AES256-SHA Feb 18 12:58:41 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) if it works flawlessly on Windows Mail, i think i should point now my searching to Thunderbird . what do you think on that ? Em 18/02/2010 11:58, Arne K. Haaje escreveu: Put all the certificates in the ssl_cert_file file. For example when using a certificate signed by TDC the correct order is: 1. Dovecot's public certificate 2. TDC SSL Server CA 3. TDC Internet Root CA 4. Globalsign Partners CA -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] using signed certificates for TLS/SSL
Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using, when configuring Thunderbird, the same CN that was signed by Verisign for the web usage i've enabled verbose_ssl and got when thunderbird tries to connect: Feb 18 12:32:02 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.xxx.xxx, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca unknown CA ??? is that Thunderbird that is not recognizing the Verisign-signed certificate ? Do i need to, somehow, install some Verisign CA certificate in dovecot.conf ? when using a self-signed certificate, i also get an SSL_accept failed, but with different message: Feb 18 12:41:45 correio dovecot: imap-login: Disconnected (no auth attempts): rip=201.86.191.114, lip=192.168.1.2, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate despite the fact my certificates were generated for use with Apache, i can 'print' them, both of them, with the same commands i use to print dovecot generated certificates, with mkcert.sh. So, it seems they are compatible. if i click OK on Thunderbird, when using my Verisign-signed certificates, everything works and i do got TLS logs: Feb 18 12:23:36 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Feb 18 12:31:43 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=201.86.xx.xx, lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) what am i doing wrong ?? or using a signed-certificate for WEB usage is not possible on dovecot ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] salted passwords
that's all because i already have a account manager system, written on PHP, which i had to kept. So i was trying to understand how that's work to make it work on my system i couldnt stop using. but after some tryings i got everything running. All my passwords were already migrated from plaintext to Salted-SHA2-256. Thanks for all the help :) Em 16/02/2010 17:47, Patrick Domack escreveu: Why not make it easy on yourself. Just let dovecot use crypt, and use whatever format your system crypt supports. Personally I'm using 16byte salt, sha512 for mine this way. Seems should work with everything, that lets you use the system's crypt. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] configuring overquota message
From dovecot 1.2.10 sources i have: src/plugins/quota/quota.c #define DEFAULT_QUOTA_EXCEEDED_MSG \ "Quota exceeded (mailbox for user is full)" struct quota_settings *quota_settings_init(void) { [ ] quota_set->quota_exceeded_msg = getenv("QUOTA_EXCEEDED_MESSAGE"); if (quota_set->quota_exceeded_msg == NULL) quota_set->quota_exceeded_msg = DEFAULT_QUOTA_EXCEEDED_MSG; [ ] but i havent found, in all the sources, where the QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or anywhere else. question is: isnt it possible to configure the quota exceeded message from dovecot.conf ?? Do i really need to rebuild dovecot changing the message on quota.c for acchieving that ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] zlib plugin trouble
Em 16/02/2010 13:27, Timo Sirainen escreveu: Yeah, bzip2 code is broken in v1.2. I fixed it in v2.0 by basically rewriting the whole thing. Maybe I should just disable bzip2 support in v1.2. will dovecot 2.0 be able to handling mixed maildirs with gzip and bzip2 compressed messages, or all messages should use just one or the other ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] zlib plugin trouble
Em 16/02/2010 12:30, Stéphane Cottin escreveu: Hi, I have error with dovecot 1.2.10 + compress on deliver patch and zlib plugin. logfile sample: [...] mail.err: Feb 16 14:22:25 dovecot: IMAP(hid...@domain.com): zlib_istream.seek() failed: Invalid argument mail.err: Feb 16 14:22:25 dovecot: IMAP(hid...@domain.com): FETCH for mailbox Meursault UID 101 failed to read message input: Invalid argument mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): gzread() failed: DATA_ERROR_MAGIC mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): zlib_istream.seek() failed: Invalid argument mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): FETCH for mailbox Meursault UID 101 failed to read message input: Invalid argument mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): gzread() failed: DATA_ERROR_MAGIC [...] i have already reported some similar errors when messages are compressed with bzip. I couldnt reproduce with gzip, which you appears to be using: zlib_save: gz do you used some script for compressing your existing messages, those who were delivered before you getting LDA to do that automatically ? If yes, is there any chance that you used bzip2 instead of gzip on that script ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] quota problem
Em 16/02/2010 10:48, Andre Hübner escreveu: this is unfortunately not compatible with dovecot 1.0, is not working But i noticed that user-quota is working when copying/moving mails within imap-account. But is it not working at incoming mails. any idea? so seems your quota is working What are you using as your Local Delivery Agent (LDA) ?? Is it dovecot LDA ? Is it some MTA LDA, like Postfix ? Maybe quota is not working on your LDA ... not on IMAP4/POP3. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] quota problem
Em 16/02/2010 09:18, Andre Hübner escreveu: dovecot 1.0.15 Hello, i try to set quota settings for my users. currentyl i use a mysql table for auth process and now i want to add quotasettings for each individual user. Mine is working flawlesslly with the following configuration but i think that's only 1.1+ compatible, because of the Trash thing. Anyway, seems the big difference from my conf to your is that you're using concat('dirsize:storage=', quota_kb) while i'm using concat('*:storage=', quota) try to change that 'dirsize' to '*' and see what happens ... my actual working conf for dovecot 1.2.10 # Get the mailbox user_query = select '/var/spool/mail/%u' as home, 'maildir:/var/spool/mail/%u' as mail, 8 as uid, 12 as gid, concat('*:storage=', quota) as quota_rule, 'Trash:storage=100M' as quota_rule2 from emails where endereco = '%u' and ativa = '1' # Get the password password_query = select endereco as user, password, '/var/spool/mail/%u' as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from emails where endereco = '%u' and ativa = '1' -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] salted passwords
Em 14/02/2010 04:53, to...@tuxteam.de escreveu: No, just let Dovecot's algorithm do the generation (and later checking) of the password? (I might be misunderstanding your problem, though). unfortunelly i cant do that. I have my own accounts admin system, written in PHP, which does mail management (creating accounts, changing passwords) ... so i'm afraid i'll have to know exactly how to generate them in a way dovecot is able to handle too. from sources on src/auth i can find some interesting informations: /* format: */ and #define SSHA256_SALT_LEN 4 so the salt really seems to be 4-byte (which in fact are 8 when watching in hexadecimal), the exact difference on dovecotpw non-salted and salted generated passwords. So it would be enough to generate the password, SHA256 salted, and store the salt as the last 8 hexadecimal digits ? SHA256 hash is 64-characteres in hexadecimal, which can be base64 encoded for being stored shorter. SHA256 salt is 8-characters in hexadecimal, which should be added to the end of the SHA256 hash so stored password would be: {SSHA256.hex}GENERATEDSALTEDHASH+GENERATEDSALT or having the GENERATEDSALTEDHASH+GENERATEDSALT base64 encoded and stored as: {SSHA256.b64}BASE64ENCODEDGENERATEDSALTEDHASH+GENERATEDSALT is that OK ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] wish now I'd not upgraded...
Em 15/02/2010 12:14, Stan Hoeppner escreveu: WTF is going on? Why won't they stay marked as read? I've got over 25,000 emails in these folders and I get a few hundred list mails a day. I really need to get this read/unread business straightened out. What the heck am I missing? Is this a bug in the Debian backport? Good thing I have no hair or I'd have pulled half of it out by now... before blaming dovecot, you could have checked the mailing list archives and found that's a KNOWN bug on Thunderbird 3 (until 3.0.1) which was already fixed and will be published on TB 3.0.2. if you had searched the archives, you could also have find a workaround for that on thunderbird side. there's also a workaround on the dovecot side but i'll let you learn how to search the archives and find that :) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] salted passwords
The idea of salted hash algorithms is to generate a different hash even if the same text is entered. That can be easily seen with dovecotpw: using NON-salted SHA256, same hash is generated for a given password [r...@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [r...@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [r...@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [r...@correio ~]# using SALTED SHA256, a different hash is generated for the same given password [r...@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0 [r...@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}6lWmvtO3SKG5RMET5n89WMIp0xeCg3U14xH1xnAXbvkr8Yjk [r...@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}7fXVjC7Iiu0Ko9SgyBpbDvbwMSkoxMILRjDUE0nNpCHBFaIa [r...@correio ~]# This ideia is OK to me ... but i'm having a hard time trying to figure out how my dovecot-sql.conf would be in the case i store salted SHA256 passwords on the database. The idea is to use a RANDOM salt, not a fixed one, just like dovecotpw does. would it be as simple as changing the 'password', which today is plaintext, by something like concat('{SHA256}',password) ??? dont i have to give the salt, somehow ?? Or should i store the salt used in the password, for example first or last N characters is there anyone using dovecot with MySQL and SSHA256 passwords that can share me the dovecot-sql.conf file ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] problem with deliver segfaulting
Em 12/02/2010 23:43, Timo Sirainen escreveu: Oh, this one. It's a libc bug.. I reported it to Ubuntu people already: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/380487 Wouldn't hurt to report it elsewhere too :) Anyway, it crashes only if the problematic setting is first in the config file. Also the attached patch probably helps? why i'm always that lucky to hit this weird bugs :) mail_debug was really the first option on dovecot.conf. i've moved base_dir to the first option and deliver works just fine, even having mail_debug = no .. well ... dovecot LDA is running and will be, from now on, my official delivery agent !!! I'm ready to try out that patch you commited to enable lda zlib compression but after patching and compiling, i cannot start dovecot anymore. I've just sent you an email some hours ago with that i dont know what to do by now, i'm stuck on that. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] problem with deliver segfaulting
ormat_elements: user=<%u> method=%m rip=%r lip=%l %c %k mail_max_userip_connections: 100 verbose_proctitle: yes first_valid_uid: 8 last_valid_uid: 8 first_valid_gid: 12 last_valid_gid: 12 mail_access_groups: mail mail_privileged_group: mail mail_uid: mail mail_gid: mail mail_location: maildir:/var/spool/mail/%u maildir_copy_with_hardlinks: no mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota trash lazy_expunge expire autocreate zlib mail_plugins(imap): quota imap_quota trash lazy_expunge expire autocreate zlib mail_plugins(pop3): quota lazy_expunge expire autocreate zlib mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 mail_log_prefix: %Us(%u), rip=%r, lip=%l: imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmas...@domain.com.br mail_plugins: quota trash expire autocreate mail_plugin_dir: /usr/lib/dovecot/lda quota_full_tempfail: no deliver_log_format: msgid=%m: %$ sendmail_path: /usr/lib/sendmail rejection_subject: Rejected: %s rejection_reason: Your message to <%t> was automatically rejected:%n%r auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login user: nobody username_format: %Lu passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: mail group: mail plugin: quota: maildir [r...@correio dovecot]# -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] problem with deliver segfaulting
Em 12/02/2010 22:35, Leonardo Rodrigues escreveu: Feb 12 21:28:41 correio postfix/pipe[12748]: 1A969F6105: to=, relay=dovecot, delay=0.28, delays=0.03/0.01/0/0.24, dsn=2.0.0, status=sent (delivered via dovecot service) disabling mail_debug makes the segfault happens again and reenabling mail_debug make it works again ! how can i debug this !?!?!? and now the most weird thing i found ... COMMENTING out the mail_debug line on dovecot.conf make it works Having 'mail_debug=no' makes it segfaults, having it mail_debug=yes make it works and commenting out the mail_debug line makes it works too !!! i have found something mentioning postfix and mail_debug on http://wiki.dovecot.org/LDA/Postfix but that says about dovecot older than 1.0.1, which is not my case, i'm running 1.2.10. that was weird . -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] problem with deliver segfaulting
i'm facing a pretty hard to debug problem when trying to use dovecot LDA (deliver) from postfix. After having all configured, mail deliver fails. This is from my maillog: Feb 12 21:27:54 correio postfix/pipe[12484]: 930F9F6105: to=, relay=dovecot, delay=0.21, delays=0.03/0.01/0/0.18, dsn=4.3.0, status=SOFTBOUNCE (Command died with signal 11: "/usr/libexec/dovecot/deliver") at the same time, i have from my /var/log/messages: Feb 12 21:27:54 correio kernel: deliver[12485]: segfault at 0 ip 4c1be763 sp bff64c28 error 4 in libc-2.5.so[4c193000+13f000] so, seems deliver segfaults. so i tried enabling mail_debug=yes on dovecot.conf for getting some debug . and, with mail_debug enabled, deliver WORKS Feb 12 21:28:41 correio postfix/pipe[12748]: 1A969F6105: to=, relay=dovecot, delay=0.28, delays=0.03/0.01/0/0.24, dsn=2.0.0, status=sent (delivered via dovecot service) disabling mail_debug makes the segfault happens again and reenabling mail_debug make it works again ! how can i debug this !?!?!? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Compressing Maildir mails on delivery
Hi Timo, OK, patching is fine ... but how am i supposed to enable that ? is there some new config option, or applying the patch will automatically and irreversible enabling it ? How to choose between gzip and bzip2 compression ? is there anything special to configure on LDA protocol to get that working ? Em 05/02/2010 21:32, Timo Sirainen escreveu: Now supported by v2.0. Also as a patch to v1.2: http://dovecot.org/patches/1.2/zlib-compress.diff I'm not really sure if I should commit it to v1.2 code tree. The code contains ugly copy&pasted io_stream_copy() and v1.2 is supposed to be feature complete.. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Forcibly emptying a POP3 mailbox
you can always use softquotas (or Maildir quotas) for acchieving quotas on a virtual environment ... which dovecot can handle pretty well. http://wiki.dovecot.org/Quota/Maildir Em 03/02/2010 14:41, Răzvan Sandu escreveu: Filesystem quotas are not an option in this scenario, since the UID/GID is the same for all virtual users. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] [BUG] problem with zlib plugin
i've successfully reproduced that. Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: copy: i_stream_read() failed: No such file or directory Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF dovecot 1.2.9 i could reproduce that when files are bzip2ed. When files are gzipped, dovecot behaves correctly and i couldnt reproduce any kind of error. Em 03/02/2010 11:19, s...@abma.de escreveu: Hi, i think i've the same problem as described here: http://www.dovecot.org/list/dovecot/2009-June/040687.html when opening a folder without an index (?) and bzip-compressed files i get following error message: 2010-02-03T14:12:10.026452+01:00 server dovecot: IMAP(user): gzread() failed: PARAM_ERROR 2010-02-03T14:12:10.026477+01:00 server dovecot: IMAP(user): FETCH for mailbox folder UID 105 failed to read message input: Invalid argument -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] [BUG] problem with zlib plugin
i've successfully reproduced that. Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: copy: i_stream_read() failed: No such file or directory Feb 3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF dovecot 1.2.9 i could reproduce that when files are bzip2ed. When files are gzipped, dovecot behaves correctly and i couldnt reproduce any kind of error. Em 03/02/2010 11:19, s...@abma.de escreveu: Hi, i think i've the same problem as described here: http://www.dovecot.org/list/dovecot/2009-June/040687.html when opening a folder without an index (?) and bzip-compressed files i get following error message: 2010-02-03T14:12:10.026452+01:00 server dovecot: IMAP(user): gzread() failed: PARAM_ERROR 2010-02-03T14:12:10.026477+01:00 server dovecot: IMAP(user): FETCH for mailbox folder UID 105 failed to read message input: Invalid argument -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] feature question: local delivery from SMTP
Veiko Kukk escreveu: Or can it receive SMTP directly if there is no forwarding to do? What about spam/virus filtering in that case? Dovecot has nothing to do with smtp. You need MTA like postfix or exim to deliver mail to mbox/maildir. Then dovecot can show those mailboxes to client. just a small correction dovecot has its own delivery agent, which means it (dovecot) can handle the 'deliver mail to maildir' part. I'm not sure about mailbox, but maildir i'm sure dovecot delivery agent can handle. anyway, you'll still need an MTA to collect data from the network (via SMTP) and then forward it to dovecot delivery agent. dovecot is not an MTA so it cannot talk SMTP. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] handling filename of compressed messages
Leonardo Rodrigues escreveu: Curtis Maloney escreveu: Timo -- any tips on helping dovecot deliver compress mails on delivery? It would solve a lot of problems here, from what I can see, to have a deliver plugin that compresses on delivery and sets the Z flag in the filename. that would be indeed lovely when this feature gets implemented on dovecot delivery agent, i'll definitely stop using postfix virtual delivery agent. again on this subject of compressing files . i understand perfectly that i really dont want the '.gz' or '.bz2' filename. I dont want anything more than adding the Z flag to the compressed file. The 'script compress idea' from the Wiki page sais: Dovecot can now read the file, but to avoid compressing it again on the next run, you'll probably want to rename it again to include e.g. a "Z" flag in the file name to mark that it was compressed (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). If i rename the file and add the Z flag, i will be braking the dovecot-uidlist file, which contain the filenames without the Z flag. Users would have to download the compressed files again because the filename was changed. That on big mailboxes and slow connections (specially after the very 1st compression routine run) can be a BIG problem. keeping the filename intact, not even adding the Z flag, would be a great idea to avoid clients from redownloading messages ??? Compression routines would probably have to use file command to identify already compressed files, which would badly impact on the performance of its run ... not being able to identify already compressed files based on its filename would be very bad -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] handling filename of compressed messages
Curtis Maloney escreveu: Timo -- any tips on helping dovecot deliver compress mails on delivery? It would solve a lot of problems here, from what I can see, to have a deliver plugin that compresses on delivery and sets the Z flag in the filename. that would be indeed lovely when this feature gets implemented on dovecot delivery agent, i'll definitely stop using postfix virtual delivery agent. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] handling filename of compressed messages
Timo Sirainen escreveu: Maildir spec says files in new/ shouldn't have the :2, part, but Dovecot is fine with it. i'm trying to get the sample script for compressing maildirs from http://wiki.dovecot.org/Plugins/Zlib (right on the end of the page) but link seems to be not accessible. https://abma.de/node/449 is this script available somewhere else ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] handling filename of compressed messages
Patrick Domack escreveu: If people read their emails atleast daily, it would work ok that way. But with several people that only read emails monthly or even not at all, it helps to compress the new folder also. let's not forget those 'created and forgot' mailboxes, who stands there on the server with hundreds of Mbs of messages and nobody checks that. They are all on new/ folder and, probably, will never got to cur/ because they will never be checked. OK i know that shouldnt happen . but in real life this happens quite commonly. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] handling filename of compressed messages
Pascal Volk escreveu: No, you don't wont to have such file names. http://wiki.dovecot.org/Plugins/Zlib: … Dovecot can now read the file, but to avoid compressing it again … include e.g. a "Z" flag in the file name … (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ) The article links also to: http://cr.yp.to/proto/maildir.html: … What can I put in info? When you move a file from new to cur, you have to change its name from uniq to uniq:info … info starting with "2,": Each character after the comma is an independent flag. … In short: You want to rename 1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207 to 1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,Z got it so, basically, i shouldnt be using .gz at all, is that ok ? i understood that, when moving from new to cur, filename should be appended of ':2,'. But filenames on new, as i understood, should never be changed. As soon as they are read there (on new), they should be moved to cur. what would be the correct way of compressing messages on the new directory and adding the Z flag ? Would be any problem if, when compressing on new, add the ':2,' suffix ? Indeed it would be ':2,Z' suffix one i tried it ... gzipped the file new/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137 and got the gzipped file to be named new/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137:2,Z and excluded the original file when checked mail, file was correctly moved to cur when replied to that mail, file was correctly renamed to cur/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137:2,RSZ is that OK to have filenames on new with the ':2,Z' suffix ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] handling filename of compressed messages
i'm running dovecot 1.2.9 and, among other things, i have the zlib plugin enabled. A shell script runs once a day to compresses all not still compressed files on the users maildirs. so far so good, it works fine, there's no problem on that. what i think is not happening 100% correctly is the following: 1) user receives a message 2) BEFORE the compress routine runs, filename is: new/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207 3) AFTER the compress routine, filename is now: new/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz 4) user check his mail and now the filename is cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,S 5) user replies that mail and now the filename is cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,RS i'm aware that dovecot doesnt need the '.gz' extension on the file to recognize that as a gzipped file. Even without the .gz extension, dovecot is correctly reading the file. the '.gz' is not even necessary on the filename and still dovecot can handle it fine. anyway, i would like to suggest dovecot to handle the filename to keep the .gz extension, if that exists. This could help sysadmins to easily identify gzipped files on the maildirs and make anything with them, if that's desired. i would like to see dovecot changing filenames properly and keeping the .gz extension always, for example cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,S.gz instead of cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,S cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,RS.gz instead of cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,RS -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] compressed IMAP traffic
well . here for me, with 'openssl s_client', i cant even connect when using -ssl2: [r...@correio ~]# openssl s_client -connect localhost:993 -ssl2 [ ... ] 27110:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450: [r...@correio ~]# but that's probably because i have on dovecot.conf: ssl_cipher_list = ALL:!LOW:!SSLv2 with ssl3 and tls1 i can connect and see the zlib compression being enabled. SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA [ . ] Compression: 1 (zlib compression) SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA [ . ] Compression: 1 (zlib compression) Thunderbird has the options to enable/disable each cipher of ssl2/ssl3/tls1 as well as disable them completly too. Here in my Thunderbird 2.0.0.23, SSLv2 is disabled, and this is certainly the default configs, as i never tweaked this. http://img43.imageshack.us/img43/7937/thunderbirdssl2.jpg logging from dovecot shows clearly that i'm using TLSv1 to connect ... it also shows that TLSv1 connections from thunderbird do not use compression, and connections from gnutls-cli correctly enables that thunderbird 2.0.0.23 Sep 29 07:12:02 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=189.114.xx.xx, lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) gnutls-cli Sep 28 18:36:54 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=189.11.xx.xx, lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) zlib compression wireshack confirms i'm using TLSv1 and also shows Thunderbird is announcing no compression is supported. http://img33.imageshack.us/img33/9011/wiresharktlsv1.jpg so . despite the known fact that SSLv2 cant be used if compression is wanted, using SSLv3 and TLSv1 apparently does not automatically guarantees that . Patrick Domack escreveu: More testing, seems all my imap clients attempt to use ssl2 first, and from the openssl mailing list: Oops, should've made this clearer. It is only clients than need to avoid the old SSLv2 compatible methods and only use SSLv3/TLSv1. Nothing needs to be done to a server. http://www.mail-archive.com/openssl-us...@openssl.org/msg49926.html This is confirmed using openssl s_client -connect host:993 (-ssl3|-tls1|-ssl2) I don't see any way around this globally, unless each program has a config option to disable ssl2. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] compressed IMAP traffic
Leonardo Rodrigues escreveu: probably there's some build option on CentOS that is disabling compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so 0.9.8e on CentOS 5.3 built on September/2009 should be able to do it too ... oh boy, i really hate those weirds compilation options from Redhat :\ and most interesting seems the problem is probably with openssl client or gnutls-cli on CentOS 5.3. From the same Fedora 8 box i done the previous tests, i pointed gnutls-cli to my CentOS 5.3 box with dovecot 1.2.5 and the zlib logging patch. And i have: - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE from maillog: Sep 28 18:36:54 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=189.11.xx.xx, lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) zlib compression so, it seems server has the needed support for compression on TLS connections. Despite of that, connections from Thunderbird 2.0 and Windows Live Mail does not requests compression . -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] compressed IMAP traffic
Timo Sirainen escreveu: And DEFLATE gives the exact same error? LZO isn't supported by OpenSSL. yes ... error from DEFLATE and LZO are exactly the same on gnutls-cli output and maillog on the CentOS 5.3 box. Well, not the same server but looks like this one works too: gnutls-cli --priority NORMAL:+COMP-DEFLATE -p 993 secure.emailsrvr.com And just for fun I tried imap.gmail.com, that didn't support compression. i had tried imap.gmail.com too :) interesting findings . from CentOS 5.3, i cant get any compression method to work: [r...@correio dovecot]# gnutls-cli --insecure -p 993 -p 993 secure.emailsrvr.com --comp LZO DEFLATE NULL [ ..] - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: NULL but from a Fedora 8 box: [r...@correio ~]# gnutls-cli --insecure -p 993 -p 993 secure.emailsrvr.com --comp LZO DEFLATE NULL [ ..] - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE and Fedora 8 OpenSSL is even older than CentOS 5.3 one: CentOS 5.3: [r...@correio dovecot]# rpm -qi openssl Name: openssl Relocations: (not relocatable) Version : 0.9.8eVendor: CentOS Release : 12.el5Build Date: Fri 04 Sep 2009 09:33:56 AM BRT Fedora 8: [r...@correio ~]# rpm -qi openssl Name: openssl Relocations: (not relocatable) Version : 0.9.8bVendor: Fedora Project Release : 17.fc8Build Date: Mon 15 Oct 2007 07:56:22 PM BRST probably there's some build option on CentOS that is disabling compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so 0.9.8e on CentOS 5.3 built on September/2009 should be able to do it too ... oh boy, i really hate those weirds compilation options from Redhat :\ -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] compressed IMAP traffic
Timo Sirainen escreveu: See if you can get gnutls-cli from somewhere (gnutls-utils package I think?). Using the gnutls-cli command from my previous mail would show if your OpenSSL is at least able to use compression. Anyway I wouldn't be surprised if you couldn't find any clients that are really able to use compression. i got gnutls-cli from gnutls-utils package ... but it's probably a different version from yours, because yours exactly command line gives error: [r...@correio dovecot]# gnutls-cli --priority NORMAL:+COMP-DEFLATE --insecure -p 993 localhost Invalid option 'priority' Error in the arguments. Use the --help or -h parameters to get more information. [r...@correio dovecot]# [r...@correio dovecot]# gnutls-cli --version GNU TLS test client, version 1.4.1. Libgnutls 1.4.1. [r...@correio dovecot]# from man page, i have the option: --comp comp1 comp2... Compression methods to enable (use gnutls-cli --list to show the supported compression methods). --list gives [r...@correio dovecot]# gnutls-cli --list Certificate types: X.509, OPENPGP Protocols: TLS1.0, TLS1.1, SSL3.0 Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, ARCFOUR, ARCFOUR-40 MACs: MD5, RMD160, SHA1 Key exchange algorithms: RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, DHE-PSK, PSK, SRP, SRP-RSA, SRP-DSS, ANON-DH Compression methods: DEFLATE, LZO, NULL [r...@correio dovecot]# trying LZO and DEFLATE gives an error: [r...@correio dovecot]# gnutls-cli --insecure -p 993 localhost --comp LZO Resolving 'localhost'... Connecting to '127.0.0.1:993'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [50]: Decode error *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. [r...@correio dovecot]# and in maillog: Sep 28 15:35:05 correio dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408A0BB:SSL routines:SSL3_GET_CLIENT_HELLO:no compression specified do the IMAP4 server you tried is remotely accessible so i can try from a different machine ? Maybe we're dealing with some client lack of compatibility and not server one .. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] compressed IMAP traffic
Timo Sirainen escreveu: I think the compression support in OpenSSL is relatively new, so it's entirely possible that it's only in v0.9.8 and newer. from a fully upgraded CentOS 5.3 x86_64 box: [r...@correio dovecot]# rpm -qi openssl Name: openssl Relocations: (not relocatable) Version : 0.9.8eVendor: CentOS Release : 12.el5Build Date: Fri 04 Sep 2009 09:33:56 AM BRT i have applied the provided patch, recompiled and installed dovecot 1.2.5 new binaries. This is what i get from logs: Sep 28 14:44:43 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=189.114.xx.x, lip=200.140.yy.yy, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) login_log_format_elements was defined, as documented by Timo, as: login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k with clients Thunderbird 2.0.0.23 and Windows Live Mail from a Windows Vista SP2 fully updated too, log is the same. There's no trace of compression being enabled. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] compressed IMAP traffic
Ed W escreveu: I notice that the openssl docs require compression to be specifically enabled and are somewhat scathing about support... http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html Anyone care to comment further? When i created this thread, some weeks ago, i have also made some tests with recent versions (OpenSSL, dovecot, Thunderbird) and couldnt get compression. I didnt any kind of tracing debug or similar, i just created some IP accounting rules and watchs it when downloading a know set of emails with a know size. There was no difference when downloading through unsecure IMAP or secured (TLS) IMAP. So, there's no compression being activated. When searching for that, i found that there's already a RFC for a COMPRESS imap extension ... as imagined, there are pretty few clients that supports it Thunderbird 3 Beta supports it but asking customers to use a Beta software is not acceptable. So, we'll probably need some more years to have this extensions widely deployed and supported by clients. http://www.ietf.org/rfc/rfc4978.txt -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] compressed IMAP traffic
Timo Sirainen escreveu: If your OpenSSL supports it, Dovecot supports it. I recently tested this with gnutls-cli program, openssl s_client for some reason didn't support it. I've no idea if any actual IMAP clients support it. i'm using OpenSSL shipped from CentOS 5.3 . is there any easy to check if the shipped OpenSSL supports that ??? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] compressed IMAP traffic
Simply (and maybe stupid) question .. is there anything that can be easily used to automatically compress IMAP traffic between client and server ? I was thinking if the SSL/TLS code enables some kind of compression as well. the idea is to reduce IMAP traffic between server and clients and not using VPN-like solutions, the idea is just some IMAP4 standard client (compatible with SSL/TLS if that's the case) and nothing else. can something like that be done ? -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] simple feature request: IMAP logged out message
David Warden escreveu: I was looking for the same thing earlier this month. I'm not on v1.2.4 but that should have the mail_log_prefix option which lets you add something to the start of every log line, including logouts. I use that to put the username and remote IP in every log line. It has helped out quite a bit with troubleshooting. That's it .. i was using a simplified dovecot.conf and couldnt find mail_log_prefix. But then i searched on the default file and there it was. Now i'm using: mail_log_prefix = "%Us(%u), rip=%r, lip=%l: " with that, i have: Sep 18 15:43:45 correio dovecot: IMAP(u...@domain.com), rip=189.31.xx.xx, lip=200.140.yy.yy: Disconnected in IDLE bytes=1761/3265 thanks !!! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] simple feature request: IMAP logged out message
i'd like to make a simple feature request on dovecot i'm using v1.2.4 (latest one) and IMAP logout message, by default is: Sep 18 14:26:27 correio dovecot: IMAP(u...@domain.com): Disconnected: Logged out bytes=384/93 the message can be a little customized with: # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client imap_logout_format = bytes=%i/%o The remote IP address, the IP which the user is coming from, can only be seen on the login message: Sep 14 09:09:12 correio dovecot: imap-login: Login: user=, method=PLAIN, rip=187.6.xx.xx, lip=200.140.yy.yy the feature request is that the remote IP address could be added on the Logout message too, that would make much easier to watch connections from some specific user and from some specific ip address, regarding traffic of the connection. For example, something like: Sep 18 14:26:27 correio dovecot: IMAP(u...@domain.com): Disconnected: Logged out bytes=384/93, rip=187.6.xx.xx, lip=200.140.yy.yy -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] fixing deleted-to-trash-plugin
Lex Brugman escreveu: I have updated the wiki page: http://wiki.dovecot.org/Plugins/deleted-to-trash and attached the source to it, I hope this will help some other desperate people wanting to use Dovecot but missing this feature. Any feedback is welcome. just for curiosity the ' ... people wanting to use Dovecot but missing this feature' called my attention. This seems, IMHO, more a client-side feature missing than a server-side one. is there any other IMAP server with similar 'feature' ??? I have never seen any but i confess i have seen pretty few different imap server running do any other IMAP software daemon (like courier, for example) or any other full email package (like Zimbra or even Exchange, for example) have this feature in server-side fashion ??? I'm not starting a flame war on this plugin should exist or not, people should or not using it i really just wanna know if any other email systems/IMAP server have this feature for fixing a client-side feature lacking with some server-side workaround. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Question about the pop3 feature "leave messages on server for a certain period of time"
Axel Luttgens escreveu: No, I don't think to have omitted anything: I already replied to the OP wrt the 'leave messages on server' matter. Here, I was replying to Leonardo (who's not the OP) who started a new idea (a potentially misleading POP vs IMAP debate) within the original thread. Starting the POP vs IMAP war was not my intention and i really would like to say i'm sorry for that. My intention was to show the OP that, in the proposed scenario (same user with multiple MUAs trying to use leave message on server and have a intelligent behavior of that client-side feature), working with IMAP would a better choice (and smart one, in MY opinion), because keeping messages synced between several MUAs (let's not forget webmail is a pretty common second MUA used by users, usually a IMAP MUA) and server is part of IMAP protocol and does not depends on MUA behaviors or 'algorithms'. Everything is part of IMAP protocol, the $imapuser could even change MUA how many times he wants to and there would be no accidental loss of messages. Of course if some IMAP MUA has some client-side feature configured, like 'delete messages older than N days' configured, we can have some messages being deleted despite of user's will ... but that would NOT be an accidental loss of messages, that would be a EXPECTED loss of messages because of some MUA configuration. All the 'leave message on server' used by POP clients is NOT part of the POP protocol (yes i know POP is pretty well RFC-defined, but not those client-side features, as well as some IMAP client-side features are not RFC-defined as well). The major problem here seems to be the fact that for the POP3 server (dovecot or any other), the 'leave messages on server' feature simply does not exists. It may be guessed by the 'RETR' not followed by 'DELE' which usually happens, but that would be just a guess. There's no way to the server to control what will happen with that client-side feature and different MUAs accessing the same mailbox with POP3. The proposed of used the expire plugin would solve a different situation, not the initially proposed one. I use IMAP4 in some situations and use POP3 in others as well. I think IMAP4 is a better protocol nowadays, with fast internet connections and storages on server becaming cheaper each day. But it doesnt means POP3 is dead. But in some situations, like users who really needs the 'leave messages on server' feature, using pop3 is not a smart decision anymore. Which doesnt means everybody should stop using POP3 and changing to IMAP4 Dimitrios, i really think you'll have a hard time trying to find a server-side feature to control that mess of using leave messages on server with different MUAs by the simply fact that, in the server side, that thing simply does not exist. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [Dovecot] Question about the pop3 feature "leave messages on server for a certain period of time"
Δημήτριος Καραπιπέρης escreveu: Hi I can clearly understand this, but what if we have two MUAs with different time period settings on the same account , 10 days the first and 20 days the second. The first when it will be connected on the 10th day it will delete on server all messages, so the second will not get anything at all Correct? IMHO, the 'leave messages on server' is a completly fucked up and stupid way of trying to do something that IMAP4 does very well, intelligently and RFC-based. If you need to use different MUAs to check the same account, you really should consider using IMAP4. You'll have message flagging stored on server (read messages, new messages, replied ones) ... you can even configure your MUA to store sent messages on a IMAP4 folder and see those sent messages from MUA1 when you access the mailbox on MUA2 !!! -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[Dovecot] compression script for use with zlib module
Hi, I'm wondering if someone already implemented a compression script (and would like to share it) based on the step-by-step provided on wiki page of Zlib module. I can already do some find|xargs gzip but couldnt implement it completly as described on the wiki page. I know the suggested step-by-step is very detailed and probably a must simplier will be enough for almost anyone anyway, if someone have the full script and would like to share it, i would be glad to get it :) http://wiki.dovecot.org/Plugins/Zlib 1) Find the mails you want to compress in a single maildir. 2) Compress the mails to tmp/ * Update the compressed files' mtimes to be the same as they were in the original files (e.g. touch command) 3) Run maildirlock . It writes PID to stdout, save it. * is path to the Maildir's dovecot-uidlist (the control directory, if it's separate) * specifies how long to wait for the lock before failing. 4) If maildirlock grabbed the lock successfully (exit code 0) you can continue. 5) For each mail you compressed: 1. Verify that it still exists where you last saw it. 2. If it doesn't exist, delete the compressed file. Its flags may have been changed or it may have been expunged. This happens rarely, so just let the next run handle it. 3. If the file does exist, rename() (mv) the compressed file over the original file. * Dovecot can now read the file, but to avoid compressing it again on the next run, you'll probably want to rename it again to include e.g. a "Z" flag in the file name to mark that it was compressed (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). Remember that the Maildir specifications require that the flags are sorted by their ASCII value, although Dovecot itself doesn't care about that. 6) Unlock the maildir by sending a TERM signal to the maildirlock process (killing the PID it wrote to stdout). -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it