Re: JMAP support?

2021-03-08 Thread Leonardo Rodrigues

Em 08/03/2021 16:43, @lbutlr escreveu:

On 08 Mar 2021, at 02:15, Mark Constable  wrote:
There doesn't seem to be much interest in JMAP ou there, which means it is 
going to be pretty hard to get something working well unless you write it 
yourself.




    Or sponsor its development, if the OP is so interested on it!

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Re: Trying to install certbot on CentOS

2020-11-12 Thread Leonardo Rodrigues

Em 12/11/2020 13:44, Raymond Herrera escreveu:


Apparently, RedHat/CentOS are not supporters of snap.




    You can always install the certbot RPM package for the CentOS 7, 
it's on the epel repository.


[root@firewall ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

[root@firewall ~]# yum info certbot
[  ]Available Packages
Name    : certbot
Arch    : noarch
Version : 1.9.0
Release : 1.el7
Size    : 46 k
Repo    : epel/x86_64
Summary : A free, automated certificate authority client
URL : https://pypi.python.org/pypi/certbot
License : ASL 2.0
Description : certbot is a free, automated certificate authority that aims
    : to lower the barriers to entry for encrypting all HTTP 
traffic on the internet.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it




ports with different crypto settings

2020-07-21 Thread Leonardo Rodrigues



    Hello Everyone,

    Is it possible, with latest dovecot, to have different crypto 
settings on different pop/imap ports? Basically i'm looking to have one 
port with TLSv1 enabled, which will be exposed to internal networks 
only, and other ports with TLSv1.2+ only, which will be exposed to the 
external networks.


    The internal one will likely be running on a different port and 
traffic will be redirected to it via iptables, so user doesn't need to 
care about it.


    Is that possible? I haven't found anything similar on the 
documentations, it seems to me that crypto settings are global ...



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Re: Using SHA256/512 for SQL based password

2019-02-12 Thread Leonardo Rodrigues via dovecot



    Here i have SSHA256 working with:

default_pass_scheme = PLAIN

    and my database scheme just received the hashed password prefixed 
by the SSHA indicator, just like:


mysql> select * from emails where endereco = 'solutti@X'\G
*** 1. row ***
  endereco: solutti@XX
  password: 
{SSHA256.HEX}d90bac4

 quota: 51200




Em 12/02/2019 14:05, Robert Moskowitz via dovecot escreveu:
I have trying to find how to set the dovecot-sql.conf for using 
SHA256/512.  I am going to start clean with the stronger format, not 
migrate from the old MD5.  It seems all I need is:
driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix 
user=postfix password=$Postfix_Database_Password default_pass_scheme = 
SHAxxx-CRYPT # following should all be on one line. password_query = 
SELECT username as user, password, concat('/home/vmail/', maildir) as 
userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 
101 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' 
AND active = '1' # following should all be on one line user_query = 
SELECT concat('/home/vmail/', maildir) as home, 
concat('maildir:/home/vmail/', maildir) as mail, 101 AS uid, 12 AS 
gid, CONCAT('*:messages=3:bytes=', quota) as quota_rule FROM 
mailbox WHERE username = '%u' AND active = '1'
where xxx is either 256 or 512. All the rest I have been finding in my 
searches concern converting the format and are not needed for a clean 
start?


thanks





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Re: Log authentication attempts

2017-06-12 Thread Leonardo Rodrigues

Em 12/06/17 09:39, j.emerlik escreveu:

Failed login attempts information may be useful in the
fight with bruteforce attacks.



fail2ban is your friend, it can analyze the logs, no need for 
saving that on database.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: Backing up and restoring maildir folders

2017-05-22 Thread Leonardo Rodrigues


Backing up maildir is easy, just backup (and restore) the whole 
thing and, usually, that's as simple as that.


However, for saving some backup space if that's a matter, i would 
exclude only the 'dovecot.index.cache*' files, as these can be rebuilt 
(some performance hit after the restore, of course) but, in some 
servers, that makes almost a 10% difference to me.


Besides the cache files, you really should backup everything inside 
the maildir folders.



Em 22/05/17 13:40, Timothy D Legg escreveu:

Hello,

I am migrating to a different distribution of  Linux that involves
changing to an earlier version of dovecot (2.2.22 to 2.2.13).  As part of
this process, I will be copying several maildirs to the new machine.  One
of these has a number of files and directories that resemble this one
example:



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: CPU for Dovecot

2016-11-25 Thread Leonardo Rodrigues

Em 25/11/16 11:29, Miloslav Hůla escreveu:

Hi,

we are planning to change hardware for our standalone Dovecot instance 
handling ~5800 IMAP users with 1TB mailboxes on local RAID. Is there 
some recommendation about CPU?


We can choose from:
 - Intel Xeon E5-2620v4 - 2,1GHz@8,0GT 20MB cache, 8core, HT, 85W, 
LGA2011
 - Intel Xeon E5-2623v4 - 2,6GHz@8,0GT 10MB cache, 4core, HT, 85W, 
LGA2011


The difference is about more cores vs. hi frequency.


Generally speaking, servers will benefith from more cores instead 
of faster cores. Servers usually are doing LOTS of things, and thus more 
cores use to be better.


Unless you know you'll be doing something heavily CPU intensive, 
which generally mail related things are not.


Even more important than choosing more cores x higher frequency, 
you should focus on faster I/O. This, specially on mail servers, can do 
a REAL difference !




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: overview zlib efficiency?

2016-03-15 Thread Leonardo Rodrigues

Em 15/03/16 12:01, Götz Reinicke - IT Koordinator escreveu:

Hi,

may be someone has already done that: Do you have a script(?) tool which
shows the efficiency of the mail compression if zlib is used?

Something that shows the uncompressed size vrs. the compressed.



While i dont have the data you're looking for, i do have lots of 
servers running with zlib enabled and, if someone makes the script, i 
can run on some servers and provide the results !




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: [patch] TLS Handshake failures can crash imap-login

2015-04-24 Thread Leonardo Rodrigues


On 24/04/15 18:17, Hanno Böck wrote:

Hi,

I tracked down a tricky bug in dovecot that can cause the imap-login
and pop3-login processes to crash on handshake failures.
This can be tested by disabling SSLv3 in the dovecot config
(ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and
forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This
would cause a crash.




I couldnt reproduce that on a fully patched CentOS 6.6 box

[root@correio ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)

[root@correio ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@correio ~]# dovecot --version
2.2.16
(compiled from sources, not from any binary package)

[root@correio ~]# grep ssl_proto /etc/dovecot/extras/10-ssl.conf
ssl_protocols = !SSLv2 !SSLv3


from dovecot logs when running the openssl command:

Apr 24 21:36:38 correio dovecot: imap-login: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS 
handshaking: Disconnected



dont know if it matters, but i'm running signed certificated from 
RapidSSL, not self-signed ones



The openssl command returns an error but i see no crash at all

[root@correio ~]# openssl s_client -ssl3 -connect localhost:995
CONNECTED(0003)
140022021363528:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert 
handshake failure:s3_pkt.c:1259:SSL alert number 40
140022021363528:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl 
handshake failure:s3_pkt.c:598:

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : SSLv3
Cipher: 
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg   : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1429922121
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
---
[root@correio ~]#







--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: Performance

2015-04-24 Thread Leonardo Rodrigues

On 24/04/15 08:26, absolutely_f...@libero.it wrote:

My question is: is better to use SQLite instead of MySQL?
Should I prefer dbox format?

Thank you in advance for your opinion!


While 10k accounts is not a few accounts, i wouldn't call that a 
LOT of accounts neither. Assuming that the query cache is active on 
MySQL, probably almost all your queries are being answered directly from 
the cache and, if not that, your tables shouldnt be that big and after a 
few queries should be all in cache memory of the Linux system. Your I/O 
costs on the MySQL should be very very very low, o i really doubt that 
MySQL is being part of your problem here.


Unless, of course, that you have other heavy databases running on 
the MySQL instance your mail system is using...




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


check if anvil is working

2015-03-19 Thread Leonardo Rodrigues


Hi,

Is there any way of making sure the anvil service, used to penalty 
login fails, is working ? I dont see anything on the logs regarding it 
neither have it configured. It's not on my configuration files, but it 
can be seen on a 'dovecot -a' dump. Should it be logging something ? 
Should i have enabled it somehow ?


Thanks for the answers.

[root@correio log]# dovecot --version
2.2.13

(from dovecot -a dump)

service anvil {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = anvil
  extra_groups =
  group =
  idle_kill = 4294967295 secs
  privileged_group =
  process_limit = 1
  process_min_avail = 1
  protocol =
  service_count = 0
  type = anvil
  unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
  }
  unix_listener anvil {
group =
mode = 0600
user =
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}





--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: special "what's my ip" pop account

2014-10-22 Thread Leonardo Rodrigues

On 22/10/14 16:16, A. Schulze wrote:


Reindl Harald:


why that complex?
just point them to a website


webtraffic goes other ways via proxy server then pop3


so just get that fixed !!! Every good proxy solution can work in 
ways of exposing the real user IP to the internet. Just get that 
configured !



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: question on lmtp logged message

2014-07-07 Thread Leonardo Rodrigues

Em 03/07/14 14:31, Timo Sirainen escreveu:

On 25.6.2014, at 18.45, Leonardo Rodrigues  wrote:


I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. 
It's working just fine, absolutely no problem on that, setup is fine.

Anyway, sometimes LMTP seems to not be able to deliver some messages and 
keep them on postfixqueue. And on the next or third try, the message gets 
delivered successfully. The logged message, however, is not helping me identify 
what is happening.Example:

(error - message was expunged)
Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: 
to=, 
relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, 
delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host 
correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 
 Message was expunged (received-date) (in reply to 
end of DATA command))

I guess the only good fix for this is to just get rid of this deduplication 
feature for now: http://hg.dovecot.org/dovecot-2.2/rev/51274bf2a47d

Hopefully people don't rely on this feature too much.



Timo,

Is it expected deliveries through LMTP to get slower with this 
patch ? I mean ... despite i was seeing the 'message was expunged' some 
few times a day, after applying the patch they really dissapear, but my 
deliveries starts to apparently get slower. I dont have real numbers to 
prove that, i can only guanratee that my queues are starting to grow up 
a lot with to-be-local-delivered messages.


I experienced that last week after running the patched version for 
some hours. Reverted to plain 2.2.13 and queues were successfully 
emptied after some minutes. This weekend i installed the 2.2.13 patched 
one again and, by this morning, queues are growing again.


I really do not understand dovecot internals and, sincerily, dont 
even know if i'm using some feature that depends on deduplication. Fact 
is that i'm running a pretty busy server and those 'message was 
expunged' situations werent a real problem. When it happened, message 
would be on the queue and probably delivered some minutes later, on the 
1st or 2nd queue run after that. But if removing this deduplication 
tests/feature will slow down that much the deliveries, i'm afraid that, 
overall, the non-patched version is better to me.




--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: question on lmtp logged message

2014-07-03 Thread Leonardo Rodrigues

Em 03/07/14 14:31, Timo Sirainen escreveu:

On 25.6.2014, at 18.45, Leonardo Rodrigues  wrote:


I have dovecot running for IMAP4/POP3 and also local delivery through LMTP. 
It's working just fine, absolutely no problem on that, setup is fine.

Anyway, sometimes LMTP seems to not be able to deliver some messages and 
keep them on postfixqueue. And on the next or third try, the message gets 
delivered successfully. The logged message, however, is not helping me identify 
what is happening.Example:

(error - message was expunged)
Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: 
to=, 
relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, 
delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host 
correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 
 Message was expunged (received-date) (in reply to 
end of DATA command))

I guess the only good fix for this is to just get rid of this deduplication 
feature for now: http://hg.dovecot.org/dovecot-2.2/rev/51274bf2a47d

Hopefully people don't rely on this feature too much.



Hi Timo,

I patched the 2.2.13 tree source, recompiled and installed. I'll 
let it run for some days and look again if the messages dissapeared. I'm 
still getting some few of these everyday, so noticing if they 
dissapeared or continue to happen will be easy.




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?

2014-07-01 Thread Leonardo Rodrigues

Em 01/07/14 10:06, Eliezer Croitoru escreveu:

On 07/01/2014 03:06 PM, Jiri Bourek wrote:


That really depends, rebuilding indexes can increase your downtime for
hours, so it may be better to pay a bit for extra storage space instead
of not being paid at all by your customers.
Building the index as far as I remember doesn't cost in downtime but 
in higher I/O usage which slows down the server.




That's my knowledge as well. Rebuilt of indexes are done on-the-fly 
when the account is accessed and, thus, there's no downtime involved on 
that.


Of course, with lots of big accounts and lots of initial accesses 
on the scenario where ALL accounts were restored without indexes, the 
I/O increase can be so high that the server will be basically 
unresponsive. That can happen for sure.


But on the more common case, which will be restoring just a few 
accounts, that I/O increase will probably be unnoticable.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?

2014-07-01 Thread Leonardo Rodrigues

Em 01/07/14 09:06, Jiri Bourek escreveu:



 And on a worst case scenario, where i would need to restore the
whole server and mailboxes, things will already be screwed, so knowing
that dovecot would be harder on I/O for rebuilding the indexes will be
just another problem :)



That really depends, rebuilding indexes can increase your downtime for 
hours, so it may be better to pay a bit for extra storage space 
instead of not being paid at all by your customers.


Anyway, for those not running a that critical system and can afford 
for an extra half hour of slowness, i really think the tip worths. And 
for those who, by any reason, cannot afford that extra storage space as 
well.


But you're right, it's all a matter of calculating how critical 
your mission is and take the correct decisions for it.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: Mailboxes are in Maildir format. Any good backup tips? Had success with version control?

2014-07-01 Thread Leonardo Rodrigues

Em 01/07/14 00:16, Charles Cazabon escreveu:

deoren  wrote:

Right now I'm using LVM snapshots + tarballs for daily backups, but
I'd like to get better coverage for incremental changes that occur
throughout the day. The size of existing content is low, but (small)
changes are frequent.

If you actually want to preserve those increments (as opposed to just keeping
an rsync mirror up-to-date), I like rdiff-backup.  It handles maildirs well
because of the one-message-per-file design.




Some may agree with me, some may disagree. But for my Maildir 
backups, i usually exclude the files "dovecot.index*".


On the most common situations, you'll need to restore just one or 
other mailbox, so rebuilding those indexes wont kill the server. And by 
excluding these, i could save 10-15% of backup space on some cases with 
virtually no disadvantage.


And on a worst case scenario, where i would need to restore the 
whole server and mailboxes, things will already be screwed, so knowing 
that dovecot would be harder on I/O for rebuilding the indexes will be 
just another problem :)



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: question on lmtp logged message

2014-06-26 Thread Leonardo Rodrigues
n 25 10:00:48 correio dovecot: pop3(marcos.pere...@domain.com.br), 
rip=10.253.22.56, lip=10.252.38.2: Disconnected: Logged out top=0/0, 
retr=1/26872, del=1/1, size=26849



2nd recipient did NOT checked email near the delivery

Jun 25 09:54:08 correio dovecot: pop3-login: Login: 
user=, method=PLAIN, rip=10.253.22.72, 
lip=10.252.38.2, mpid=29125
Jun 25 09:54:12 correio dovecot: pop3(mario.cabre...@domain.com.br), 
rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, 
retr=11/1408320, del=11/11, size=1408058


Jun 25 10:06:49 correio dovecot: pop3-login: Login: 
user=, method=PLAIN, rip=10.253.22.72, 
lip=10.252.38.2, mpid=13391
Jun 25 10:06:50 correio dovecot: pop3(mario.cabre...@domain.com.br), 
rip=10.253.22.72, lip=10.252.38.2: Disconnected: Logged out top=0/0, 
retr=10/1923222, del=10/10, size=1923004



this is interesting ... logs seems to show clearly that right after 
the message was delivered to the 1st recipient, it was checked and 
deleted. Despite of that, 2nd recipient got the message successfully 
delivered. But we have also a delay=22 ... maybe lmtp instance had 
already opened the message BEFORE it was erased by the 1st user ?


this delay is high, i know that and, usually, server do NOT suffer 
from this delays on deliveries. Anyway, during this problem period, 
queues were pretty large and, thus, load was very high, which i think 
explains this unusual delays.



With these two cases, it really seems that this is somehow related to:
- lmtp as delivery agent
- multiple recipient messages
- first (or previous users in fact) checked and deleted the message 
before all the recipients got the message delivery



About the two parameters, maildir_copy_with_hardlinks and 
pop3_fast_size_lookups, i'll try to change them one at a time and try to 
reproduce the problems. Fact is i only had the problem with both set to 
yes and problems were completly vanished when both were set to no.





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: question on lmtp logged message

2014-06-26 Thread Leonardo Rodrigues

Em 26/06/14 03:32, Steffen Kaiser escreveu:


On Wed, 25 Jun 2014, Leonardo Rodrigues wrote:

   Anyway, sometimes LMTP seems to not be able to deliver some 
messages and keep them on postfixqueue. And on the next or third try, 
the message gets delivered successfully. The logged message, however, 
is not helping me identify what is happening.Example:


(error - message was expunged)
Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: 
to=, 
relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, 
delay=13, delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host 
correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 
 Message was expunged 
(received-date) (in reply to end of DATA command))


What does the Dovecot log says for the delivery attempt?


exactly what's reported by postfix, no extra information there


Jun 25 11:49:39 correio dovecot: lmtp(766, 
vanilson.parre...@domain.com.br): 645hNV7hqlP+AgAAHvf8vg: 
msgid=: save failed to 
INBOX: Message was expunged (received-date)



How many recipients does the message has and, if so, what about the 
other recipients?





After analyzing lots of cases (made a script for doing that), this 
seems to occur only on messages with more than 1 recipient, usually on 
messages with lots of recipients (>10) altough i got some on messages 
with 2 or 3.



Some days ago, when trying to optimize somethings on the server, i 
changed two dovecot parameters:


maildir_copy_with_hardlinks to yes
pop3_fast_size_lookups to yes

previously, both were no. I have returned both values to 'no' and 
this situation, 'message was expunged' seems to not be occurring 
anymore. Can this behavior by any chance related to these settings ?





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


question on lmtp logged message

2014-06-25 Thread Leonardo Rodrigues


Hi,

I have dovecot running for IMAP4/POP3 and also local delivery 
through LMTP. It's working just fine, absolutely no problem on that, 
setup is fine.


Anyway, sometimes LMTP seems to not be able to deliver some 
messages and keep them on postfixqueue. And on the next or third try, 
the message gets delivered successfully. The logged message, however, is 
not helping me identify what is happening.Example:


(error - message was expunged)
Jun 25 11:49:39 correio postfix/lmtp[21835]: ADB0A1AC05108: 
to=, 
relay=correio.domain.com.br[private/dovecot-lmtp], conn_use=6, delay=13, 
delays=0.07/0/0/13, dsn=4.2.0, status=deferred (host 
correio.domain.com.br[private/dovecot-lmtp] said: 451 4.2.0 
 Message was expunged (received-date) 
(in reply to end of DATA command))


(successfull delivery)
Jun 25 12:34:42 correio postfix/lmtp[6411]: ADB0A1AC05108: 
to=, 
relay=correio.domain.com.br[private/dovecot-lmtp], delay=2716, 
delays=2714/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 
 U7pOLAHsqlPvMgAAHvf8vg Saved)



During these two log entries, absolutely nothing was changed, no 
configuration, absolutely nothing. Everything is local, i mean, no NFS 
involved.


So, finally, question is: what does the 'message was expunged' 
message given from LMTP means ??? This is happening quite often but, as 
i mentionted, sooner or later all messages are getting delivered. It's 
working despite the delay this is causing.



[root@correio log]# dovecot --version
2.2.13

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: [Dovecot] maildir backup

2014-03-31 Thread Leonardo Rodrigues

Em 31/03/14 12:07, Nikolaos Milas escreveu:

On 31/3/2014 10:52 πμ, Ramon Orrù wrote:

Hi everybody, I'm trying to backup a dovecot instance, and i'm 
looking for a method to "snapshot" dovecot maildir in a properly way, 
and backup whole snapshot in a second step (tar). I read about dsync, 
end, if i'm not going wrong, it dumps correctly also dovecot indexes; 
is it the tool i need? Thank you for any hint. Ramon




You could use dsync Replication (http://wiki2.dovecot.org/Replication) 
to another server. Then, you already have a real time backup!


If you need a consistent backup instance, I guess you could stop the 
mirror server for a while to tar your mail directory.


or you can use rsync for that ... get your slave server to rsync 
from the master one and, after rsync is finished, you can tar the 
folders and have a perfectly valid snapshot of your Maildirs !




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: [Dovecot] Not backing up cache files

2014-03-26 Thread Leonardo Rodrigues


i'm not the expert you're looking for, so dont take my word as one. 
And i'm basically using Maildir instead of mdbox ...


Anyway, i have dropped 'dovecot.index*' from some backups, full and 
incremental ones, action which made me save some Gbs of space on them. I 
already restored some accounts from these backups and had absolutely no 
problem at all !




Em 26/03/14 05:05, Jesus Cea escreveu:

I am using mdbox for dovecot storage.

I wonder if I could skip "dovecot.index.cache" files and, in general,
"*.cache" files when doing mail backup. Those files are big and change
frequently. What I feel from reading documentation [1][2] is that they
could be dropped in the backups, to be recreated on the fly if needed.

But I would like expert confirmation.




--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


Re: [Dovecot] SMTP Proxy

2013-08-26 Thread Leonardo Rodrigues

Em 26/08/13 13:05, /dev/rob0 escreveu:

Well, actually i have already done a well detailed post on the
dovecot mailing list some days ago explaining my whole problem,
but got no answers on that. If you'd like to check it, it's
archived on:

http://dovecot.org/list/dovecot/2013-August/092012.html
So you did.

I didn't have an opinion on that at first sight, but on review,
perhaps this is an idea for you:

http://wiki2.dovecot.org/PasswordDatabase/IMAP




remote authentication using IMAP ... it might work. I'll take a 
closer look on that and, if i can acchieve some useful configuration 
scenario, i'll update the other thread for archiving purposes :)


thanks again !

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Re: [Dovecot] SMTP Proxy

2013-08-26 Thread Leonardo Rodrigues

Em 26/08/13 11:58, /dev/rob0 escreveu:

On Mon, Aug 26, 2013 at 11:49:50AM -0300, Leonardo Rodrigues wrote:

 I have found a message on this mailing list dated August/2012
in which is said that dovecot could not (at least at that time)
so SMTP Authentication using Proxy Features.

http://www.dovecot.org/list/dovecot/2012-August/067998.html

 is this still true, given i'm using latest stable dovecot,
 v2.2.5 ?

I believe it is.


 extra informations ... smtp authentication is done by
 postfix using:

A bit of extra information which might help: what is the goal?
Exactly what problem are you trying to solve? You have given us
nothing to go on here.



Well, actually i have already done a well detailed post on the 
dovecot mailing list some days ago explaining my whole problem, but got 
no answers on that. If you'd like to check it, it's archived on:


http://dovecot.org/list/dovecot/2013-August/092012.html


Thanks for your attention !


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





[Dovecot] SMTP Proxy

2013-08-26 Thread Leonardo Rodrigues


Hi,

I have found a message on this mailing list dated August/2012 in 
which is said that dovecot could not (at least at that time) do SMTP 
Authentication using Proxy Features.


http://www.dovecot.org/list/dovecot/2012-August/067998.html

is this still true, given i'm using latest stable dovecot, v2.2.5 ?

extra informations ... smtp authentication is done by postfix using:

dovecot:

service auth {

   unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}


postfix:

smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth



Thanks !

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





[Dovecot] weird situation with pop3/imap proxy and postfix authentication

2013-08-14 Thread Leonardo Rodrigues


Hello dovecot mailing list,

I have a server running postfix and dovecot. I havea configuration 
on dovecot that allows me to provide imap4/pop3 messages for local 
hosted users as well as for proxied users on other servers.


Basically, i have a simple MySQL table (imapproxy) with two fields, 
'domain' and 'host'. My password_query isa 'UNION' query, exactly like:


password_query=select endereco as user, password, '/var/spool/mail/%u' 
as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as 
userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as 
userdb_quota_rule, 'Trash:storage=+100M' as userdb_quota_rule2, 'Y' as 
proxy_maybe, '10.252.38.2' as host from emails where endereco = '%u' and 
ativa = '1' UNION select NULL as user, '%w' as password, NULL as 
userdb_home, NULL as userdb_mail, NULL as userdb_uid, NULL as 
userdb_gid, NULL as userdb_quota_rule, NULL as userdb_quota_rule2, 'Y' 
as proxy_maybe, imapproxy.host as host from imapproxy where 
imapproxy.dominio = '%d'


the 10.252.38.2 address, on the query, is my local server

when this query received a local user, from a domain that is NOT listed 
on the imapproxy table, results are like:


*** 1. row ***
user: localu...@domain.com.br
password: (SSHA256 encrypted password)
userdb_home: /var/spool/mail/localu...@domain.com.br
userdb_mail: maildir:/var/spool/mail/localu...@domain.com.br
userdb_uid: 8
userdb_gid: 12
 userdb_quota_rule: *:storage=51200
userdb_quota_rule2: Trash:storage=+100M
proxy_maybe: Y
host: 10.252.38.2


when it receives a proxied domain, results are:


*** 1. row ***
user: NULL
password: password
userdb_home: NULL
userdb_mail: NULL
userdb_uid: NULL
userdb_gid: NULL
 userdb_quota_rule: NULL
userdb_quota_rule2: NULL
proxy_maybe: Y
host: 10.254.116.9


This is working just fine for IMAP4 and POP3 proxying. Local users 
(which domains are NOT listed on imapproxy table) can successfully login 
to their accountsas well as users from domains listed on imapproxy table 
can successfully login to their accounts.



On SMTP authentication, tough, things are not so fine. SMTP 
authentication is provided by dovecot to postfix:


[root@correio dovecot]# postconf mail_version
mail_version = 2.7.1
[root@correio dovecot]#

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot


service auth is defined on dovecot confs as:


service auth {
unix_listener auth-userdb {
mode = 0600
user = mail
group = mail
  }
  # Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
  }
}



and it seems to be allowing ANYuser on any domain listed on the 
imapproxy table domains to login, even if the user does not exists or 
provides wrong password. In fact, it seems dovecot returns OK to postfix 
even without trying to contact the assigned server to that domain, as i 
cannot find any password-failed-specific log to that user on the 
specific server. Example:


(a proxied domain)

[root@correio dovecot]# telnet mail.proxieddomain.com.br 110
Trying 10.254.116.9...
Connected to mail.proxieddomain.com.br (10.254.116.9).
Escape character is '^]'.
+OK Dovecot ready.
user te...@proxieddomain.com.br
+OK
pass password
-ERR Authentication failed.

(i can successfully find this auth trial and fail on 10.254.116.9 logs)


but on SMTP authentication, i have:

[root@correio dovecot]# perl -MMIME::Base64 -e \ 'print 
encode_base64("teste\@proxieddomain.com.br\0teste\@proxieddomain.com.br\0password");'

x(not the real encoded pass)=
[root@correio dovecot]#


[root@correio dovecot]# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.domain.com.br ESMTP
EHLO test
250-mail.domain.com.br
[ ... ]
AUTH PLAIN (encoded string returned by perl encode_base64)
235 2.7.0 Authentication successful


(and i cannot even find any authentication log, fail or success, on the 
specific server for proxieddomain.com.br)



dovecot version is:

[root@correio dovecot]# dovecot --version
2.2.2
[root@correio dovecot]#


what am i doing wrong here ? How to have dovecot to really check users 
before giving OK to postfix on SMTP authentications ?


Thanks for any hints !



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it





Re: [Dovecot] Why imap_open function doesn't work while getting a mailbox through telnet works perfectly?

2011-12-20 Thread Leonardo Rodrigues


if it works through telnet, so dovecot is working and you probably 
have a PHP problem, which should be probably pointed to a PHP related 
mailing list.



Em 20/12/11 17:20, I M escreveu:

Hi, everybody!
Question: Why imap_open function doesn't work while getting a mailbox through 
telnet works perfectly?
Note: imap.so is loaded! imap.ini is parsed!php flags is checked!
Is it a bug?



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Quota warnings not being sent

2011-12-14 Thread Leonardo Rodrigues

Em 14/12/11 15:52, Nikolaos Milas escreveu:


I think I'll now open a new thread on how to send rich/UTF-8 mail 
warnings.





Probably you just need to format/encode it properly ... no big deal 
on that.




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Quota warnings not being sent

2011-12-14 Thread Leonardo Rodrigues

Em 14/12/11 10:24, Patrick Westenberg escreveu:


This is what works for me:

service quota-warning {
  executable = script /usr/local/etc/dovecot/quota-warning.sh
  unix_listener quota-warning {
user = vmail
  }
  user = vmail
}


My configurations are similar to Patrick ones and works just fine:

service quota-warning {
  executable = script /etc/dovecot/aviso-quota.sh
  user = dovecot
  unix_listener quota-warning {
user = mail
  }
}

plugin {
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=85%% quota-warning 85 %u
  quota_warning3 = storage=70%% quota-warning 70 %u
  quota_exceeded_message = Quota excedida (caixa postal cheia) / Quota 
exceeded (mailbox is full)

}




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] dovecot penalties and anvil

2011-12-13 Thread Leonardo Rodrigues


Hi,

I'm strugling to find some documentation on dovecot's anvil service 
and/or its penalties (that can be checked with doveadm penalty) ... but 
i'm not finding anything on that.


is there any documentation on anvil/penalties that i should check 
other than a few messages on the mailing list archive ?


thanks !

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] compressed mailboxes ?

2011-03-08 Thread Leonardo Rodrigues


Em 08/03/11 12:57, Frank Bonnet escreveu:

On 03/08/2011 04:54 PM, Frank Bonnet wrote:

Hello

Is it possible to use compressed mailboxes ( MBOX format )
with dovecot using a plugin ?

Thanks


I found the doc about zlib plugin ...
so it is only possible with read only mailboxes huh ?


the problem here is the mbox format  the zlib plugin works 
flawlessly to store compressed files with Maildir mailboxes. I'm using 
it on several servers to serve some thousand mailboxes.




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] utility to copy/sync IMAP mailboxes

2011-01-06 Thread Leonardo Rodrigues


i have used imapsync on several migrations and it works flawlessly 
! Try it ...


Em 06/01/11 17:54, Rick Romero escreveu:


Quoting Don Buchholz :


Any suggestions for a stable, reliable (copy/duplicate/mirror/sync) tool
that can do the job using only IMAP access?  (No SSL support required.)



I've used IMAPSync fairly successfully (Perl), though I hear iSync is 
supposed to be better (C)..


http://www.linux-france.org/prj/imapsync/
http://isync.sourceforge.net/


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Deliver limit based of number of destination recipients and size of mails, any option to do that?

2010-12-23 Thread Leonardo Rodrigues


policyd is a policy server, which can be used in postfix, and can 
be used to acchieve quota limitations to help you solve this kind of 
situations.


you should take a look in it: http://www.policyd.org/

Making this limitation on dovecot, if possible, would limit the 
delivery only for your local users. And i'm sure your employees are also 
sending those powerpoint stuff to outside users as well. So, the right 
place to limit this is postfix, which handles all users, local and 
remote ones.



Em 23/12/10 11:14, Andrés Yacopino escreveu:

I have a mail server with postfix, dovecot (1.2.15) and deliver lda
(dovecot) with 350 users.
I have the problem that in this christmas the employees are sending some
big files (mainly powerpoints files) to a lot of recipients, because of
that the server get a lot of charge (is a Xeon quad core 5405 with 4GB
of Ram), i have four disks in Raid 5 configuration (HP E200 controller,
not very fast)
Is there any option to limit this type of delivery, the total size of
the mails delivered to each user (total recipients * size of mail), in
dovecot deliver.
I don't want to limit the concurrent delivery more lower than 350
recipients and the max size of the mail we can send is 15M.
Thanks a lot,





--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Filtering IP address connections ?

2010-10-18 Thread Leonardo Rodrigues


why not make things easier and use your OS packet filter for that ? 
iptables for linux, for example


Em 18/10/2010 10:22, Frank Bonnet escreveu:

 Hello

Is it possible to refuse connections from some IP address
in Dovecot configuration ?





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] question on quota configuration on 2.0.5

2010-10-05 Thread Leonardo Rodrigues


Hi Timo,

Em 04/10/2010 11:19, Timo Sirainen escreveu:

On Sun, 2010-10-03 at 16:09 -0300, Leonardo Rodrigues wrote:

password_query = select endereco as user, password, '/var/spool/mail/%u'
as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as
userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as
userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from
emails where endereco = '%u' and ativa = '1'

You have only one user? Maybe you should be using passwd-file instead of
SQL..




No, i have a lot of users  users are replaced bu the %u 
variable and are stored on my column field named 'endereco'





Oct  3 16:08:09 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1,
lip=127.0.0.1: Error: quota: Unknown namespace: Trash



  about changing 100M to +100M, that's OK, no problem  but even
after changing that, i still keep getting the 'unknown namespace' message.

What kind of namespace configuration do you have? (dovecot -n)




on 1.2 it was:

namespace:
  type: private
  prefix: INBOX.
  inbox: yes
  list: yes
  subscriptions: yes

on 2.0 with that same configuration, i got the errors i posted before.


  question: what's the correct way of doing this configuration on
dovecot 2.0 ? The idea of this configuration is to give plus 100M of the
user's quota on the Trash folder, thus avoiding problems with out
webmail which copies messages to trash before erasing from the actual
folder.

Are you sure it worked in v1.2? I'm rather guessing that v1.2 just
didn't give an error about it.


you seem to be completly right  things wasnt working as 
expected on 1.2 altough there were no errors and warnings.


to get things working on 2.0 as they were working on 1.2, i had to 
configure like this:


namespace {
  hidden = no
  inbox = yes
  list = yes
  location =
  prefix = INBOX.
  separator = .
  type = private
}
namespace {
  inbox = no
  location =
  prefix =
  separator = .
}


and now things are working exactly as i expected and exactly they 
worked on 1.2.





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] question on quota configuration on 2.0.5

2010-10-03 Thread Leonardo Rodrigues


Hi,

On dovecot 1.2 i had the following configuration on my 
dovecot-sql.conf file:


password_query = select endereco as user, password, '/var/spool/mail/%u' 
as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as 
userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as 
userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from 
emails where endereco = '%u' and ativa = '1'


special attention to

'Trash:storage=100M' as userdb_quota_rule2

after migrating to 2.0.5, i got this warning on the logs:

Oct  3 16:06:41 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1, 
lip=127.0.0.1: Warning: quota root User quota rule Trash:storage=100M: 
obsolete configuration for rule 'storage=100M' should be changed to 
'storage=+100M'
Oct  3 16:08:09 ns2 dovecot: imap(u...@domain.com), rip=127.0.0.1, 
lip=127.0.0.1: Error: quota: Unknown namespace: Trash




about changing 100M to +100M, that's OK, no problem  but even 
after changing that, i still keep getting the 'unknown namespace' message.


question: what's the correct way of doing this configuration on 
dovecot 2.0 ? The idea of this configuration is to give plus 100M of the 
user's quota on the Trash folder, thus avoiding problems with out 
webmail which copies messages to trash before erasing from the actual 
folder.






--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] [Dovecot-news] v2.0.4 released

2010-09-27 Thread Leonardo Rodrigues

 Em 27/09/2010 12:37, Timo Sirainen escreveu:

On Mon, 2010-09-27 at 12:32 -0300, Leonardo Rodrigues wrote:

Hi Timo,

  i couldnt compile 2.0.4 anymore after applying the 2 proposed
patches. Without them, 2.0.4 builds just fine.

Apply only the first patch, that's enough.


yes it compiled fine with the first patch only. Thanks !

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] [Dovecot-news] v2.0.4 released

2010-09-27 Thread Leonardo Rodrigues


Hi Timo,

i couldnt compile 2.0.4 anymore after applying the 2 proposed 
patches. Without them, 2.0.4 builds just fine.


./configure was issued AFTER the patches were applied

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
   INSTALL_DATA="install -c -p -m644" --with-mysql --with-sql=plugin \
   --with-ssl=openssl --with-notify=inotify --with-zlib --with-bzlib \
   --with-pic \
   --without-nss \
   --without-shadow \
   --without-gssapi \
   --without-ldap \
   --without-vpopmail \
   --without-pam \
   --without-bsdauth \
   --without-sia \
   --without-ldap


compilation halts on


/bin/sh ../../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H 
-I. -I../../..  -I../../../src/lib -I../../../src/lib-mail 
-I../../../src/lib-index -I../../../src/lib-storage 
-I../../../src/lib-storage/index   -std=gnu99 -g -O2 -Wall -W 
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith 
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 
-I/usr/kerberos/include-MT zlib-plugin.lo -MD -MP -MF 
.deps/zlib-plugin.Tpo -c -o zlib-plugin.lo zlib-plugin.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../src/lib 
-I../../../src/lib-mail -I../../../src/lib-index 
-I../../../src/lib-storage -I../../../src/lib-storage/index -std=gnu99 
-g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations 
-Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast 
-Wstrict-aliasing=2 -I/usr/kerberos/include -MT zlib-plugin.lo -MD -MP 
-MF .deps/zlib-plugin.Tpo -c zlib-plugin.c  -fPIC -DPIC -o 
.libs/zlib-plugin.o

mv -f .deps/ostream-zlib.Tpo .deps/ostream-zlib.Plo
In file included from zlib-plugin.c:8:
../../../src/lib-storage/index/dbox-single/sdbox-storage.h:5:26: error: 
dbox-storage.h: No such file or directory

In file included from zlib-plugin.c:8:
../../../src/lib-storage/index/dbox-single/sdbox-storage.h:19: error: 
field 'storage' has incomplete type
../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: 
'struct dbox_file' declared inside parameter list
../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: 
its scope is only this definition or declaration, which is probably not 
what you want
../../../src/lib-storage/index/dbox-single/sdbox-storage.h:37: warning: 
'struct dbox_mail' declared inside parameter list

In file included from zlib-plugin.c:9:
../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:5:26: error: 
dbox-storage.h: No such file or directory

In file included from zlib-plugin.c:9:
../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:23: error: 
field 'storage' has incomplete type
../../../src/lib-storage/index/dbox-multi/mdbox-storage.h:68: warning: 
'struct dbox_mail' declared inside parameter list

mv -f .deps/istream-bzlib.Tpo .deps/istream-bzlib.Plo
make[4]: *** [zlib-plugin.lo] Error 1
make[4]: *** Waiting for unfinished jobs
mv -f .deps/istream-zlib.Tpo .deps/istream-zlib.Plo
make[4]: Leaving directory 
`/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src/plugins/zlib'

make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory 
`/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src/plugins'

make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory 
`/root/disco-linuxrouter/dovecot2/dovecot-2.0.4/src'

make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/disco-linuxrouter/dovecot2/dovecot-2.0.4'
make: *** [all] Error 2
[r...@ns2 dovecot-2.0.4]#

Em 27/09/2010 09:46, Timo Sirainen escreveu:


Whops. This fixes it: http://hg.dovecot.org/dovecot-2.0/rev/c359ee549df7

(and also making sure it won't happen again:
http://hg.dovecot.org/dovecot-2.0/rev/a3c8026d0305)




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Support for spaces in plaintext passwords?

2010-09-22 Thread Leonardo Rodrigues


did you tried a password with space in the middle, not in the 
beggining or end ? Maybe it's just trimming at the beginning and end. 
Can you try it with space in the middle of the password, like "pass word"



Em 22/09/2010 08:52, Simon escreveu:

Well, kind off. I found that it had been reported earlier but with
insufficient information. So I just updated
http://code.google.com/p/android/issues/detail?id=11064#c8
and hopes some one responsible reads it again.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] SSHA256 password too short

2010-09-13 Thread Leonardo Rodrigues

Em 13/09/2010 06:33, Patrick Westenberg escreveu:


Osvaldo Alvarez Pozo schrieb:


ssha256_verify(u...@domain.tld): SSHA256 password too short

and my default_schema is md5


if your passwords are stored in ssha256 you have to change
default_schema to ssha256.




not completly true  if passwords are stored with the {SSHA256} 
or {SSHA256.HEX} prefix, or the prefix was added by sql query with some 
concat('{SSHA256}',password), then default_schema is not needed. Its 
only needed if there's no prefix on the password.


I, for example, have lots of servers where password is stored with 
the prefix on the database and default_schema points to plain. It works 
perfectly.


however, if your password are not stored with prefix nor prefix is 
being added by concat, then setting the correct default_schema can solve 
your actual problem.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Standards of expectations for software installs

2010-08-16 Thread Leonardo Rodrigues

Em 16/08/2010 11:23, Marc Perkel escreveu:


Timo's software standards, and mine, are higher than the average open 
source project. When an install id done right then you don't have to 
go to the wiki for anything. You run it and it just works. That's why 
people pay for Windows and Macs and more people use it than Linux 
because it just works. You start an upgrade anf click NEXT AGREE NEXT 
NEXT NEXT FINISH and everything just works. That's the way Linux 
should be.


So - even though something might be a minor detail, when you get the 
minor details right then you get software the "it just works" which is 
in my opinion the highest thing one can say about a program. And it's 
who dovecot is so popular.





hey Marc, you're not alone !!! As well as you, i also expect 
software updates to be always perfect and magic  so i dont have to 
have a clue of what i'm real doing, as softwares will take care of all 
the inteligence that i should have.


but, i think different from you, i understand and accept that 
there's no magic.


upgrades on complex environment MUST be planned, new version 
features should be understood and in almost all cases, including some M$ 
updates of complex software/ environment, lots of pre-upgrade and 
post-upgrades actions should be taken.


i would love to just click yes yes and everything works as magic 
 but, unfortunelly, i accept that wont happen in the real (and most 
all the times complex) scenarios we have.



--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] salted passwords

2010-07-31 Thread Leonardo Rodrigues

Em 31/07/2010 18:51, Patrick Westenberg escreveu:

Leonardo Rodrigues schrieb:


that's all because i already have a account manager system, 
written on PHP, which i had to kept. So i was trying to understand 
how that's work to make it work on my system i couldnt stop using.


but after some tryings i got everything running. All my passwords 
were already migrated from plaintext to Salted-SHA2-256.


Hi Leonardo,

can you tell me how you solved your problem with creating salted 
passwords via PHP?





Hi  yes i've acchieved some PHP routines for creating the 
salted SHA256 password with random salt and also comparing a stored 
hashed password with a plaintext supplied one.


encoded passwords will be exited as:

{SSHA256.HEX}acf5ce0f51cca2077e27884a7cec385c430bb402c2f961b02bfa779c18aaf9a373772d99

encoded password strings is 85-char length with the SSHA.256 prefix and 
72 without it



as i'm storing passwords with the SSHA256.HEX prefix, my dovecot 
conf has:


default_pass_scheme = PLAIN

so i can have any dovecot-supported encoded password on the 
database as well as plaintext ones




code may not be very beautiful, i do admit that i'm not good on 
making beautiful codes  but its working nice in several places :)


http://pastebin.com/fzDGE561


the VerifyHashedPassword routine can receive passwords with the 
{SSHA256.HEX} string and without as well. That makes easier to just 
compare database stored passwords as well as the newly generated ones to 
compare with newly encoded ones based on the plaintext supplied.



usage is pretty simple  something like:

$hashedpwd = HashedPassword($plainpwd);
and store $hashedpwd whatever you want to store it


checking the stored password against a supplied password would be 
something like:


if ( VerifyHashedPassword($hashedpwd,$plainpwd) )
{
  // supplied plaintext password MATCH with supplied hashed password
 do whatever you want if passwords matches
} else {
 // supplied plaintext password DO NOT MATCH with supplied hashed 
password

 do whatever you want if passwords DO NOT match
}



Hope this helps you :)


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Feature request: usernames and passwords

2010-07-21 Thread Leonardo Rodrigues

Em 21/07/2010 10:30, Eduardo M KALINOWSKI escreveu:


I think none of this is dovecot's function. Let's keep the UNIX 
filosophy: one tool does one function, and does that function well. 
Dovecot is an execellent mail server. It should not be turned into a 
monster Windows-like application that does dozens of 
not-really-quite-related things.





the idea of 'one tool does one function (OTDOF) ' is indeed 
interesting, but can be interpreted by several ways.


for instance, dovecot does NOT 'one function only'. It does a REAL 
LOT of functions. It's a pop3 server as well as imap4 one, with or 
without SSL for both protocols. It can read mailboxes, maildirs and some 
others i've never used myself. It can even deliver messages to 
mailboxes/maildirs, having the password backend in several different 
ways (passwd file, MySQL, LDAP, etc etc). It can check and enforce 
quotas. It's not a completly mail server, as you regarded, because it 
cannot do the SMTP part, which is pretty important for a mail server to 
fully operate. Even tough, it does a LOT of things.


i completly agree that dovecot should not try to have, for example, 
a builtin admin interface for managing users ... because managing users 
is completly dependable on the password backend used, and schemas can be 
VERY different from one user to another. It would be nonsense trying to 
have that, a builtin interface for managing user. That i agree would not 
fit the 'one tool does one function'. Managing user is not dovecot's 
problem as well as checking/enforcing password policies, as discussed 
before on this thread.


but, regarding what it already do, delivering messages by 
pop3/imap4 protocol for users, i really think adding security features 
wouldnt be bad idea. And indeed, as confirmed by Pascal, some of those 
are already built in dovecot 2.0 RCs.


the OTDOF is really hard to apply on some full-feature daemons 
we're used to have on unix world, for example: dovecot, 
postfix/qmail/exim, apache, clamav, etc etc etc. All of them (and lots 
of other daemons) does a LOT of things, all of them as a part of the 
main daemon goal. It's really hard to stay on the OTDOF on those 
full-featured daemons. It's easy to keep the OTDOF idea on basic and 
small command-line utilities, like cat cp rm  but not on the 
full-featured modern daemons.


and, in the real world we live, having security features do not 
brake the 'one tool does one function' at all on my understandings of 
that. In fact, if those security features are there to help the security 
of the daemon main goal, whatever the main goal is, they're VERY welcome 
to me.


we dont need to carry this on anymore, as seems lots of good things 
are already on dovecot 2.0 RCs  proving that dovecot authors do 
think that increasing security is in the main goal of dovecot 
development plans.


thanks for all who help dovecot being each day a better software, 
those who code things as well as those who test new features on the RCs, 
those who make new features requests, those who help others here on the 
mailing list .... thanks for all.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Feature request: usernames and passwords

2010-07-21 Thread Leonardo Rodrigues

Em 21/07/2010 10:32, Pascal Volk escreveu:


Install dovecot 2.0.rc3 and try to 'break in'. You will see how dovecot
slows down your 'attack'. When you test it with your botnet ( ;-) ), use
`doveadm penalty` to see current penalties.
   


wooow nice to hear that  i have not tried 2.0RC yet, but i'm 
glad on hearing that some 'penalty' policies were introduced !!!


thanks for your tip Pascal !!!

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Feature request: usernames and passwords

2010-07-21 Thread Leonardo Rodrigues

Em 21/07/2010 10:08, Martijn de Munnik escreveu:


   the original message says about bot brute-force attacks, but we 
can be facing REAL brute-force attacks against a specific account 
 and i think that some features to help mitigate those could 
indeed be interesting. And if those features exists, they could 
surely help on those brute-force attacks coming from dumb bots as well.


   it wont solve the username=password specific case, but could help 
on real or bot brute-force attacks.


   what do you think on that Timo ?


Have a look at fail2ban, this is exactly what you need.



no, fail2ban is not exactly what i need. fail2ban is FAR from 
acchieving what i wrote ...


yes, fail2ban can ban an IP after wrong trials . but simply 
banning the IP (and maybe not the IP/username combination) can be a 
problem for companies that have lots of computers and access through 
NAT, ie, a single internet IP address. fail2ban also cannot slow down 
replies for wrong username/password combinations.


fail2ban is a nice add-on for any system, but having something done 
by the daemon and not by some third-party log analyzer can make things 
MUCH smarter and MUCH more flexible.


thanks for your tip, i already use fail2ban ... but that's far from 
acchieving some more flexible rules that can be done when the daemon has 
some anti-brute-force features.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Feature request: usernames and passwords

2010-07-21 Thread Leonardo Rodrigues

Em 21/07/2010 09:18, Timo Sirainen escreveu:


I think this is one of the tons of different possible password policies
and isn't really Dovecot's job. It really should be enforced while
setting the password, not while checking it.

   


i completly agree that dovecot is not the place for enforcing 
password policies nor checking them.


but, still on the subject, maybe dovecot could have some features 
for helping sysadmins to avoid/mitigate brute-force attacks. As told, 
some bots tries username=password, but those fuckers (the bots) also 
tries lots of common passwords, 123, 1234, the username followed by some 
numbers, and lots of others.


of course, if the provided password is not correct, dovecot denies 
access as it should  but in those situations, logs can get pretty 
filled with login failed messages, specially on servers with lots of 
accounts. And, in some cases, after lots of tries, the bot can found the 
correct username/password combination.


i was thinking on something like ...

1) after N tries (lets say 10 for example) of wrong username/password 
combinations, dovecot could start delaying the answers for wrong 
authentications coming from that specific IP address or IP/username, 
thus slowing down the brute-force attacks;
1.1) or even, after some M (lets say 20 for example) wrong 
username/password combinations, dovecot could ban that IP address (or IP 
address/username combination to avoid problem with big networks with NAT 
access) for XX seconds/minutes, also slowing down the brute-force attack 
tries
1.2) this could probably be implemented using some in-memory internal 
backend, so it would be absolutely independent on passdb schema and 
would require no modifications on passdb schema.


the original message says about bot brute-force attacks, but we can 
be facing REAL brute-force attacks against a specific account  and i 
think that some features to help mitigate those could indeed be 
interesting. And if those features exists, they could surely help on 
those brute-force attacks coming from dumb bots as well.


it wont solve the username=password specific case, but could help 
on real or bot brute-force attacks.


what do you think on that Timo ?


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] help on migrating some old Maildirs

2010-07-14 Thread Leonardo Rodrigues

Em 14/07/2010 19:30, Timo Sirainen escreveu:


Maybe the easiest would be:

for file in *; do
   deliver -u username -m dest-mailbox -p $file
done

   


that would through everything on INBOX  there are some folders 
on user's Maildir's that i'd like to maintain.


Timo ... is the S= parameter simple the filesize or is there any 
other calculation on that ? If i'm not mistaken, the W= is the filesize 
CR+LFed, which is probably not the real size on Unix filesystems, which 
is not CR+LFed 


getting some script that simply rename the files, adding the S=xxx 
being xxx the filesize ... would that be ok ?




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] help on migrating some old Maildirs

2010-07-14 Thread Leonardo Rodrigues


Hi People,

Em 14/07/2010 17:20, Timo Sirainen escreveu:



If he's restoring from an old machine (they're not currently indexed by Dovecot 
on the new server), they're going to get a new UID when Dovecot finds them 
anyway, right?
 

Yes. But I was thinking he had already moved them and they had already
got new UIDs :)

   


i have NOT restored them yet  i have restored a few ones just 
to test if it would work  and indeed it works.


anything that can be done, during the real restoration of them, to 
get their 'base filenames' renamed and getting the S= and W= parameters 
are completly acceptable, as messages are NOT indexed by dovecot yet.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] help on migrating some old Maildirs

2010-07-14 Thread Leonardo Rodrigues


Hi,

i need to restore some old mail backups from a system i wasnt the 
admin. Emails are on Maildir, which i'm using on the actual server, so 
should be no big deal. I'm just thinking of copying files from the 
folders i need, from the old backup, to the specific dirs on the actual 
system.


bt, watching the backup, i noticed that LOTS of files on the 
Maildirs do not have the S= parameters on its name nor W=. For example:


1230230396.V80bI4e007fM790805.correio.domain.com.br:2,
1230463524.V80bI4e0080M837823.correio.domain.com.br:2,
1230571206.V80bI4e0081M519106.correio.domain.com.br:2,
1231170098.V80bI4e0083M519957.correio.domain.com.br:2,
1231682500.V80bI4e0084M584988.correio.domain.com.br:2,

files from the actual system looks like:

1278311553.M754372P13693.correio.domain.com.br,S=5742,W=5864:2,
1278668323.M110437P31421.correio.domain.com.br,S=4489,W=4590:2,
1278311669.M981814P13835.correio.domain.com.br,S=7404,W=7563:2,
1278669074.M556000P31506.correio.domain.com.br,S=4397,W=4504:2,

i've already tested copying those files to a current Maildir and it 
works just fine, no problem at all on that. There's no problem on the 
restore of those messages itself.


Anyway, my questions are 

1) do the lack of S= and W= parameters will negatively impact on 
something ? Quota calculation comes to my head about that  as i'll 
have to restore several thousands of messages, i'm worried about 
negative impacts on anything


2) is there any way of having dovecot to calculating the S= and W= 
parameters and renaming those files and, thus, avoiding some negative 
impact caused by the lack of them ?



i'm using dovecot 1.2.11 ..

thanks !


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Removing Duplicates

2010-03-14 Thread Leonardo Rodrigues

Em 14/03/2010 08:21, Sabahattin Gucukoglu escreveu:

Hi all,

I am starting fresh with a local repository of mails, which almost certainly 
have duplicates in them.  I am going to use maildirs, and ensure all mails are 
input with CRLFs.

The question is: does anybody know how I can find and remove duplicates, either 
while injecting mail with IMAP, or afterward?  I can use tools to find 
duplicate Message-IDs, but don't know of a way to remove duplicates in 
mailboxes that are already imported as opposed to incoming mail.  Perhaps there 
is a way to use the IMAP protocol for this?

   


i've used console tool named fdupes to find duplicate messages on 
Maildirs. That's done directly on the filesystem, there's no IMAP or 
dovecot involved.


for a user way of doing that, i've used the excellent Thunderbird 
add-on called 'Remove Duplicated Messages'


https://addons.mozilla.org/en-US/thunderbird/addon/956

it's SUPER fast and can check parameters that fdupes cannot. In 
fact fdupes search for duplicated FILES while the add-on can be 
configured to really find duplicated MESSAGES, based on Message-ID and 
other things.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] IMAP proxy configuration

2010-03-13 Thread Leonardo Rodrigues

Em 13/03/2010 23:12, Leonardo Rodrigues escreveu:


Timo i've tried JOINs, but i've never really understood those 
crazy things (i'm really very far from being a SQL expert).


but seems i got the expected results using UNION and adjusting 
queries to have the same number of columns. First i tried union with 
normal queries but couldnt get it because queries must have the same 
number of rows. Then i adjusted it ... and seems its OK.




got it working with few tweaks  i had to return '127.0.0.1' as 
host for local users ... without that, login process was segfaulting. 
And had to return %w as password for the proxied-domains query.


query is:   (with linebreaks for easy understanding)

password_query =
select
  endereco as user,
  password,
  '/var/spool/mail/%u' as userdb_home,
  'maildir:/var/spool/mail/%u' as userdb_mail,
  8 as userdb_uid,
  12 as userdb_gid,
  concat('*:storage=', quota) as userdb_quota_rule,
  'Trash:storage=100M' as userdb_quota_rule2,
  'Y' as proxy_maybe,
  '127.0.0.1' as host
  from emails
  where
  endereco = '%u' and ativa = '1'
union
select
  NULL as user,
  '%w' as password,
  NULL as userdb_home,
  NULL as userdb_mail,
  NULL as userdb_uid,
  NULL as userdb_gid,
  NULL as userdb_quota_rule,
  NULL as userdb_quota_rule2,
  'Y' as proxy_maybe,
  imapproxy.host as host
  from imapproxy
  where
imapproxy.dominio = '%d'


that worked flawlessly  :) And i didnt had to use JOINs hehehehe

log from the main server, for a proxied user:

Mar 13 23:48:48 correio dovecot: imap-login: 
proxy(s...@proxieddomain.com.br): started proxying to 10.252.25.2:143: 
user=, method=PLAIN, rip=127.0.0.1, 
lip=127.0.0.1, secured


log from the 10.252.25.2 server:

Mar 13 23:48:31 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=192.168.1.2, 
lip=10.252.25.2




the only minor problem is that when local users get logged in on 
the main server, logs shows that they were proxied to 127.0.0.1 


Mar 13 23:33:52 correio dovecot: pop3-login: Login: 
user=, method=PLAIN, rip=127.0.0.1, 
lip=127.0.0.1, secured
Mar 13 23:33:52 correio dovecot: pop3-login: 
proxy(localu...@localdomain.com.br): started proxying to 127.0.0.1:110: 
user=, method=PLAIN, rip=10.255.176.67, 
lip=192.168.1.2


i can easily live with that  but i would like to see local 
users logged as local connections not proxied to 127.0.0.1.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] IMAP proxy configuration

2010-03-13 Thread Leonardo Rodrigues

Em 13/03/2010 21:23, Timo Sirainen escreveu:

So are you saying that the users table contains only local users, while
some domain table contains all domains and their destination servers?
Then you'll just need to do outer join. Something like:

.., domains.host as host, 'Y' as proxy_maybe, ..
from domains
outer join emails on (username = '%u')
where domain.domain = '%d'
   


Timo i've tried JOINs, but i've never really understood those crazy 
things (i'm really very far from being a SQL expert).


but seems i got the expected results using UNION and adjusting 
queries to have the same number of columns. First i tried union with 
normal queries but couldnt get it because queries must have the same 
number of rows. Then i adjusted it ... and seems its OK.


Please check resultsets when querying a LOCAL user and when 
querying with a NON-local (to be proxied) user. Do you think this query 
will make things work as i need ?



querying a LOCAL user:
http://pastebin.com/L3q6HGrA

querying a NON-local (to be proxied) user:
http://pastebin.com/fV91LB0x

querying a NON-local and NOT-to be proxied user (correctly returns 
an empty resultset)

http://pastebin.com/SBwCEVEm


--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] IMAP proxy configuration

2010-03-13 Thread Leonardo Rodrigues

Em 13/03/2010 18:17, Timo Sirainen escreveu:


Basically add to your password_query something like:

.., domains.host as host, 'Y' as proxy_maybe, ..
from emails, domains where domains.domain = '%d', ..

So it's really exactly the same as per-user quota, except you're just
returning it per-domain in the query.
   



but if i simply add that, query will always return nothing when 
user is not local.


where endereco='%u'

will make it return an empty resultset when user does not exists 
locally.



i'm really strugling to discover how, probably with MySQL select 
syntax, to return one resultset if CONDITION1 (where endereco='%u' 
exists) and another resultset if CONDITION2 (where domains.domain = '%d' 
exists)


i really dont know to acchieve that  imap proxying is clear to 
me, but i couldnt get how to acchieve it for users that does not exists 
in my local email table ...




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] IMAP proxy configuration

2010-03-11 Thread Leonardo Rodrigues

Em 11/03/2010 09:53, mail...@securitylabs.it escreveu:


Just insert a column in the MySQL table with the host relative to the 
domain. This is my configuration on the proxy:



password_query = SELECT users.clear AS password, domains.host, 
'%u*proxy' AS destuser, 'proxy' AS pass, 'Y' AS proxy FROM 
users,domains WHERE users.username = '%u' AND users.enabled = '1' AND 
domains.domain = '%d'


In the table "domains" I have a column "domain" with the list of 
domains I want to proxy, and a column "host" with the IPof the 
pop/imap server.




and for local domains i could return 127.0.0.1 as host  is that 
what you're doing for local domains ?



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] IMAP proxy configuration

2010-03-11 Thread Leonardo Rodrigues



i know dovecot can act as IMAP and POP3 proxy . but i'm having 
a hard time configuring it. Actually i'm using a simple dovecot 
configuration with virtual users stored on MySQL. My dovecot-sql.conf is 
pretty simple:




[r...@correio dovecot]# cat dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=DATABASE user=USERNAME password=PASSWORD

default_pass_scheme = PLAIN

# Get the mailbox
user_query = select '/var/spool/mail/%u' as home, 
'maildir:/var/spool/mail/%u' as mail, 8 as uid, 12 as gid, 
concat('*:storage=', quota) as quota_rule, 'Trash:storage=100M' as 
quota_rule2 from emails where endereco = '%u' and ativa = '1'


# Get the password
password_query = select endereco as user, password, '/var/spool/mail/%u' 
as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as 
userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as 
userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from 
emails where endereco = '%u' and ativa = '1'

[r...@correio dovecot]#


i've read several docs about configuring proxy on dovecot but all 
of them says about proxying specific users  i'm interested on 
proxying some domains. I couldnt find a way to configure that nor some 
howto similar to that.


could anyone point me some documentation on configuring dovecot as 
IMAP/POP3 proxy for a full domain and not specific users ? Ideally i 
would have a list of domains that should be proxied to somewhere else 
and all the other domains would be threated locally.


Thanks.





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Quota plugin and SQL

2010-03-07 Thread Leonardo Rodrigues

Em 06/03/2010 19:12, David escreveu:


Is there any way to modify the queries used to split out username into 
localpart and domain?  This would enable me to put the current quota 
information in my main mailbox table and display it to users in my 
admin interface.




i'm successfully using a PHP script for displaying a graph with 
current quota information in my admin interface. Is this what you're 
looking for ? Quota usage is taken directly from IMAP server, through 
IMAP commands.


http://img707.imageshack.us/img707/9551/quota.jpg

i'm actually using a script based on the one found here:


http://lists.horde.org/archives/imp/Week-of-Mon-20040816/038902.html

the original script grabs the current usage from database, and i 
dont have the information there. So i changed it to use imap_open and 
grab quota directly from IMAP server. Something like:


Changes would be something like:

function draw_bar($mailbox, $width, $height) {
global $imaphost, $usuario, $senha;
$mbox = @imap_open($imaphost, $usuario, $senha, OP_HALFOPEN);
$q = @imap_get_quotaroot($mbox, 'INBOX');
imap_close($mbox);
if ($q) {
$taken = $q['usage'];
$total = $q['limit'];
quota_bar($taken, $total, $width, $height);
}
}


that's pretty straightforward when your passwords are stored in 
clear-text. In my cases password is SSHA256-hashed before storing, so i 
had to configure a masteruse on dovecot to acchieve that.


http://wiki.dovecot.org/Authentication/MasterUsers

so i have something:

$user = $realuser . "*mymasteru...@local"
$password = "mypasteruserpassword"




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] enabling IMAP SORT and THREAD extensions

2010-02-21 Thread Leonardo Rodrigues

Em 21/02/2010 11:51, Colin Brace escreveu:


$ telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
STARTTLS AUTH=PLAIN] Dovecot ready.


dovecot do not show ALL its capabilities before the login 
successfully happens.


try this

telnet   localhost   imap

.  login   u...@name.com   password
(after the  Logged in)
.  capability

and search for SORT and THREAD in the new capabilities banner

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] configuring overquota message

2010-02-18 Thread Leonardo Rodrigues

Em 18/02/2010 13:10, Timo Sirainen escreveu:

On Tue, 2010-02-16 at 15:18 -0200, Leonardo Rodrigues wrote:
   

  but i havent found, in all the sources, where the
QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or
anywhere else.
 

plugin {
   quota_exceeded_message = stuff
}
   


Yeah ... it worked. Thanks.

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] using signed certificates for TLS/SSL

2010-02-18 Thread Leonardo Rodrigues


and another interesting information . Thunderbird claims the 
certificate is not valid, but Windows Mail accepts it without any 
warnings and works just fine. I've tested on a new machine just to make 
sure i havent previously accepted it on that machine/Windows Mail.


another minor difference is that when logging from Windows Mail and 
Thunderbird, the cipher used seems to be a little different


Windows Mail - AES128-SHA
Feb 18 12:56:04 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=201.86.xx.xx, 
lip=192.168.1.2, TLS, TLSv1 with cipher AES128-SHA (128/128 bits)



Thunderbird 3.0.1 - DHE-RSA-AES256-SHA
Feb 18 12:58:41 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=201.86.xx.xx, 
lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)



if it works flawlessly on Windows Mail, i think i should point now 
my searching to Thunderbird . what do you think on that ?



Em 18/02/2010 11:58, Arne K. Haaje escreveu:

Put all the certificates in the ssl_cert_file file. For example when using a
certificate signed by TDC the correct order is:

1. Dovecot's public certificate
2. TDC SSL Server CA
3. TDC Internet Root CA
4. Globalsign Partners CA
   



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] using signed certificates for TLS/SSL

2010-02-18 Thread Leonardo Rodrigues


Hi,

I have, in one customer, a web server running on a Verisign-signed 
certificate SSL certificate. Everything works fine, IE and Firefox 
connects on https without asking anything, which usually happens on 
self-signed certificates. I'm trying to use that certificate on dovecot, 
but clients (Thunderbird basically) keeps saying the certificate is not 
valid.


yes i'm using, when configuring Thunderbird, the same CN that was 
signed by Verisign for the web usage


i've enabled verbose_ssl and got when thunderbird tries to connect:

Feb 18 12:32:02 correio dovecot: imap-login: Disconnected (no auth 
attempts): rip=201.86.xxx.xxx, lip=192.168.1.2, TLS handshaking: 
SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 
alert unknown ca


unknown CA ???

is that Thunderbird that is not recognizing the Verisign-signed 
certificate ? Do i need to, somehow, install some Verisign CA 
certificate in dovecot.conf ?


when using a self-signed certificate, i also get an SSL_accept 
failed, but with different message:


Feb 18 12:41:45 correio dovecot: imap-login: Disconnected (no auth 
attempts): rip=201.86.191.114, lip=192.168.1.2, TLS handshaking: 
SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 
alert bad certificate


despite the fact my certificates were generated for use with 
Apache, i can 'print' them, both of them, with the same commands i use 
to print dovecot generated certificates, with mkcert.sh. So, it seems 
they are compatible.


if i click OK on Thunderbird, when using my Verisign-signed 
certificates, everything works and i do got TLS logs:



Feb 18 12:23:36 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=201.86.xx.xx, 
lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 18 12:31:43 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=201.86.xx.xx, 
lip=192.168.1.2, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)




what am i doing wrong ?? or using a signed-certificate for WEB 
usage is not possible on dovecot ?


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] salted passwords

2010-02-16 Thread Leonardo Rodrigues


that's all because i already have a account manager system, written 
on PHP, which i had to kept. So i was trying to understand how that's 
work to make it work on my system i couldnt stop using.


but after some tryings i got everything running. All my passwords 
were already migrated from plaintext to Salted-SHA2-256.


Thanks for all the help :)

Em 16/02/2010 17:47, Patrick Domack escreveu:
Why not make it easy on yourself. Just let dovecot use crypt, and use 
whatever format your system crypt supports.


Personally I'm using 16byte salt, sha512 for mine this way. Seems 
should work with everything, that lets you use the system's crypt.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] configuring overquota message

2010-02-16 Thread Leonardo Rodrigues


From dovecot 1.2.10 sources i have:

src/plugins/quota/quota.c


#define DEFAULT_QUOTA_EXCEEDED_MSG \
"Quota exceeded (mailbox for user is full)"

struct quota_settings *quota_settings_init(void)
{
[  ]
quota_set->quota_exceeded_msg = getenv("QUOTA_EXCEEDED_MESSAGE");
if (quota_set->quota_exceeded_msg == NULL)
quota_set->quota_exceeded_msg = DEFAULT_QUOTA_EXCEEDED_MSG;
[  ]



but i havent found, in all the sources, where the 
QUOTA_EXCEEDED_MESSAGE is feeded by something from dovecot.conf or 
anywhere else.


question is: isnt it possible to configure the quota exceeded 
message from dovecot.conf ?? Do i really need to rebuild dovecot 
changing the message on quota.c for acchieving that ?


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] zlib plugin trouble

2010-02-16 Thread Leonardo Rodrigues

Em 16/02/2010 13:27, Timo Sirainen escreveu:

Yeah, bzip2 code is broken in v1.2. I fixed it in v2.0 by basically
rewriting the whole thing. Maybe I should just disable bzip2 support in
v1.2.
   


will dovecot 2.0 be able to handling mixed maildirs with gzip and 
bzip2 compressed messages, or all messages should use just one or the 
other ?


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] zlib plugin trouble

2010-02-16 Thread Leonardo Rodrigues

Em 16/02/2010 12:30, Stéphane Cottin escreveu:

Hi,

I have error with dovecot 1.2.10 + compress on deliver patch and zlib plugin.

logfile sample:

[...]
mail.err: Feb 16 14:22:25 dovecot: IMAP(hid...@domain.com): zlib_istream.seek() 
failed: Invalid argument
mail.err: Feb 16 14:22:25 dovecot: IMAP(hid...@domain.com): FETCH for mailbox 
Meursault UID 101 failed to read message input: Invalid argument
mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): gzread() failed: 
DATA_ERROR_MAGIC
mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): zlib_istream.seek() 
failed: Invalid argument
mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): FETCH for mailbox 
Meursault UID 101 failed to read message input: Invalid argument
mail.err: Feb 16 14:22:26 dovecot: IMAP(hid...@domain.com): gzread() failed: 
DATA_ERROR_MAGIC
[...]
   


i have already reported some similar errors when messages are 
compressed with bzip. I couldnt reproduce with gzip, which you appears 
to be using:


zlib_save: gz

do you used some script for compressing your existing messages, 
those who were delivered before you getting LDA to do that automatically 
? If yes, is there any chance that you used bzip2 instead of gzip on 
that script ?





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] quota problem

2010-02-16 Thread Leonardo Rodrigues

Em 16/02/2010 10:48, Andre Hübner escreveu:


this is unfortunately not compatible with dovecot 1.0, is not working
But i noticed that user-quota is working when copying/moving mails 
within imap-account.

But is it not working at incoming mails.
any idea?



so seems your quota is working  What are you using as your 
Local Delivery Agent (LDA) ?? Is it dovecot LDA ? Is it some MTA LDA, 
like Postfix ?


Maybe quota is not working on your LDA ... not on IMAP4/POP3.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] quota problem

2010-02-16 Thread Leonardo Rodrigues

Em 16/02/2010 09:18, Andre Hübner escreveu:

dovecot 1.0.15

Hello,

i try to set quota settings for my users.
currentyl i use a mysql table for auth process and now i want to add 
quotasettings for each individual user.



Mine is working flawlesslly with the following configuration  
but i think that's only 1.1+ compatible, because of the Trash thing.


Anyway, seems the big difference from my conf to your is that 
you're using


concat('dirsize:storage=', quota_kb)
while i'm using
concat('*:storage=', quota)

try to change that 'dirsize' to '*' and see what happens ...


my actual working conf for dovecot 1.2.10

# Get the mailbox
user_query = select '/var/spool/mail/%u' as home, 
'maildir:/var/spool/mail/%u' as mail, 8 as uid, 12 as gid, 
concat('*:storage=', quota) as quota_rule, 'Trash:storage=100M' as 
quota_rule2 from emails where endereco = '%u' and ativa = '1'


# Get the password
password_query = select endereco as user, password, '/var/spool/mail/%u' 
as userdb_home, 'maildir:/var/spool/mail/%u' as userdb_mail, 8 as 
userdb_uid, 12 as userdb_gid, concat('*:storage=', quota) as 
userdb_quota_rule, 'Trash:storage=100M' as userdb_quota_rule2 from 
emails where endereco = '%u' and ativa = '1'




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] salted passwords

2010-02-15 Thread Leonardo Rodrigues

Em 14/02/2010 04:53, to...@tuxteam.de escreveu:


No, just let Dovecot's algorithm do the generation (and later checking)
of the password? (I might be misunderstanding your problem, though).
   



unfortunelly i cant do that. I have my own accounts admin system, 
written in PHP, which does mail management (creating accounts, changing 
passwords) ... so i'm afraid i'll have to know exactly how to generate 
them in a way dovecot is able to handle too.


from sources on src/auth i can find some interesting informations:

/* format:  */

and

#define SSHA256_SALT_LEN 4

so the salt really seems to be 4-byte (which in fact are 8 when watching 
in hexadecimal), the exact difference on dovecotpw non-salted and salted 
generated passwords.


So it would be enough to generate the password, SHA256 salted, and store 
the salt as the last 8 hexadecimal digits ?


SHA256 hash is 64-characteres in hexadecimal, which can be base64 
encoded for being stored shorter.
SHA256 salt is 8-characters in hexadecimal, which should be added to the 
end of the SHA256 hash


so stored password would be:

{SSHA256.hex}GENERATEDSALTEDHASH+GENERATEDSALT

or having the GENERATEDSALTEDHASH+GENERATEDSALT base64 encoded and 
stored as:


{SSHA256.b64}BASE64ENCODEDGENERATEDSALTEDHASH+GENERATEDSALT

is that OK ?

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] wish now I'd not upgraded...

2010-02-15 Thread Leonardo Rodrigues

Em 15/02/2010 12:14, Stan Hoeppner escreveu:

WTF is going on?  Why won't they stay marked as read?  I've got over 25,000
emails in these folders and I get a few hundred list mails a day.  I really need
to get this read/unread business straightened out.

What the heck am I missing?  Is this a  bug in the Debian backport?  Good thing
I have no hair or I'd have pulled half of it out by now...

   



before blaming dovecot, you could have checked the mailing list 
archives and found that's a KNOWN bug on Thunderbird 3 (until 3.0.1) 
which was already fixed and will be published on TB 3.0.2.


if you had searched the archives, you could also have find a 
workaround for that on thunderbird side.


there's also a workaround on the dovecot side  but i'll let you 
learn how to search the archives and find that :)




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] salted passwords

2010-02-13 Thread Leonardo Rodrigues


The idea of salted hash algorithms is to generate a different hash 
even if the same text is entered. That can be easily seen with dovecotpw:



using NON-salted SHA256, same hash is generated for a given password

[r...@correio ~]# dovecotpw -s SHA256 -p 123
{SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM=
[r...@correio ~]# dovecotpw -s SHA256 -p 123
{SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM=
[r...@correio ~]# dovecotpw -s SHA256 -p 123
{SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM=
[r...@correio ~]#

using SALTED SHA256, a different hash is generated for the same given 
password


[r...@correio ~]# dovecotpw -s SSHA256 -p 123
{SSHA256}FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0
[r...@correio ~]# dovecotpw -s SSHA256 -p 123
{SSHA256}6lWmvtO3SKG5RMET5n89WMIp0xeCg3U14xH1xnAXbvkr8Yjk
[r...@correio ~]# dovecotpw -s SSHA256 -p 123
{SSHA256}7fXVjC7Iiu0Ko9SgyBpbDvbwMSkoxMILRjDUE0nNpCHBFaIa
[r...@correio ~]#


This ideia is OK to me ...

but i'm having a hard time trying to figure out how my 
dovecot-sql.conf would be in the case i store salted SHA256 passwords on 
the database. The idea is to use a RANDOM salt, not a fixed one, just 
like dovecotpw does.


would it be as simple as changing the 'password', which today is 
plaintext, by something like


concat('{SHA256}',password)   ???

dont i have to give the salt, somehow ?? Or should i store the salt 
used in the password, for example first or last N characters 


is there anyone using dovecot with MySQL and SSHA256 passwords that 
can share me the dovecot-sql.conf file ?






--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] problem with deliver segfaulting

2010-02-12 Thread Leonardo Rodrigues

Em 12/02/2010 23:43, Timo Sirainen escreveu:

Oh, this one. It's a libc bug.. I reported it to Ubuntu people already:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/380487

Wouldn't hurt to report it elsewhere too :)

Anyway, it crashes only if the problematic setting is first in the
config file. Also the attached patch probably helps?

   


why i'm always that lucky to hit this weird bugs   :)

mail_debug was really the first option on dovecot.conf. i've moved 
base_dir to the first option and deliver works just fine, even having 
mail_debug = no  ..



well ... dovecot LDA is running and will be, from now on, my 
official delivery agent !!! I'm ready to try out that patch you commited 
to enable lda zlib compression  but after patching and compiling, i 
cannot start dovecot anymore. I've just sent you an email some hours ago 
with that  i dont know what to do by now, i'm stuck on that.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] problem with deliver segfaulting

2010-02-12 Thread Leonardo Rodrigues
ormat_elements: user=<%u> method=%m rip=%r lip=%l %c %k
mail_max_userip_connections: 100
verbose_proctitle: yes
first_valid_uid: 8
last_valid_uid: 8
first_valid_gid: 12
last_valid_gid: 12
mail_access_groups: mail
mail_privileged_group: mail
mail_uid: mail
mail_gid: mail
mail_location: maildir:/var/spool/mail/%u
maildir_copy_with_hardlinks: no
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota trash lazy_expunge expire 
autocreate zlib
mail_plugins(imap): quota imap_quota trash lazy_expunge expire 
autocreate zlib

mail_plugins(pop3): quota lazy_expunge expire autocreate zlib
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_log_prefix: %Us(%u), rip=%r, lip=%l:
imap_client_workarounds(default): delay-newmail
imap_client_workarounds(imap): delay-newmail
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
prefix: INBOX.
inbox: yes
list: yes
subscriptions: yes
lda:
postmaster_address: postmas...@domain.com.br
mail_plugins: quota trash expire autocreate
mail_plugin_dir: /usr/lib/dovecot/lda
quota_full_tempfail: no
deliver_log_format: msgid=%m: %$
sendmail_path: /usr/lib/sendmail
rejection_subject: Rejected: %s
rejection_reason: Your message to <%t> was automatically rejected:%n%r
auth_socket_path: /var/run/dovecot/auth-master
auth default:
mechanisms: plain login
user: nobody
username_format: %Lu
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: mail
group: mail
plugin:
quota: maildir
[r...@correio dovecot]#




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] problem with deliver segfaulting

2010-02-12 Thread Leonardo Rodrigues

Em 12/02/2010 22:35, Leonardo Rodrigues escreveu:


Feb 12 21:28:41 correio postfix/pipe[12748]: 1A969F6105: 
to=, relay=dovecot, delay=0.28, 
delays=0.03/0.01/0/0.24, dsn=2.0.0, status=sent (delivered via dovecot 
service)



disabling mail_debug makes the segfault happens again  and 
reenabling mail_debug make it works again !


how can i debug this !?!?!?



and now the most weird thing i found ...

COMMENTING out the mail_debug line on dovecot.conf make it works  
Having 'mail_debug=no' makes it segfaults, having it mail_debug=yes make 
it works and commenting out the mail_debug line makes it works too !!!


i have found something mentioning postfix and mail_debug on

http://wiki.dovecot.org/LDA/Postfix

but that says about dovecot older than 1.0.1, which is not my case, 
i'm running 1.2.10.



that was weird .


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] problem with deliver segfaulting

2010-02-12 Thread Leonardo Rodrigues


i'm facing a pretty hard to debug problem when trying to use 
dovecot LDA (deliver) from postfix. After having all configured, mail 
deliver fails. This is from my maillog:


Feb 12 21:27:54 correio postfix/pipe[12484]: 930F9F6105: 
to=, relay=dovecot, delay=0.21, 
delays=0.03/0.01/0/0.18, dsn=4.3.0, status=SOFTBOUNCE (Command died with 
signal 11: "/usr/libexec/dovecot/deliver")


at the same time, i have from my /var/log/messages:

Feb 12 21:27:54 correio kernel: deliver[12485]: segfault at 0 ip 
4c1be763 sp bff64c28 error 4 in libc-2.5.so[4c193000+13f000]



so, seems deliver segfaults.

so i tried enabling mail_debug=yes on dovecot.conf for getting some 
debug . and, with mail_debug enabled, deliver WORKS 



Feb 12 21:28:41 correio postfix/pipe[12748]: 1A969F6105: 
to=, relay=dovecot, delay=0.28, 
delays=0.03/0.01/0/0.24, dsn=2.0.0, status=sent (delivered via dovecot 
service)



disabling mail_debug makes the segfault happens again  and 
reenabling mail_debug make it works again !


how can i debug this !?!?!?

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Compressing Maildir mails on delivery

2010-02-06 Thread Leonardo Rodrigues


Hi Timo,

OK, patching is fine ... but how am i supposed to enable that ? is 
there some new config option, or applying the patch will automatically 
and irreversible enabling it ?


How to choose between gzip and bzip2 compression ?

is there anything special to configure on LDA protocol to get that 
working ?


Em 05/02/2010 21:32, Timo Sirainen escreveu:

Now supported by v2.0. Also as a patch to v1.2:
http://dovecot.org/patches/1.2/zlib-compress.diff

I'm not really sure if I should commit it to v1.2 code tree. The code
contains ugly copy&pasted io_stream_copy() and v1.2 is supposed to be
feature complete..
   



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Forcibly emptying a POP3 mailbox

2010-02-03 Thread Leonardo Rodrigues


you can always use softquotas (or Maildir quotas) for acchieving 
quotas on a virtual environment ... which dovecot can handle pretty well.



http://wiki.dovecot.org/Quota/Maildir


Em 03/02/2010 14:41, Răzvan Sandu escreveu:


Filesystem quotas are not an option in this scenario, since the 
UID/GID is the same for all virtual users.






--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] [BUG] problem with zlib plugin

2010-02-03 Thread Leonardo Rodrigues


i've successfully reproduced that.

Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF
Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: copy: i_stream_read() failed: No such file 
or directory
Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF


dovecot 1.2.9

i could reproduce that when files are bzip2ed. When files are 
gzipped, dovecot behaves correctly and i couldnt reproduce any kind of 
error.



Em 03/02/2010 11:19, s...@abma.de escreveu:

Hi,

i think i've the same problem as described here:

http://www.dovecot.org/list/dovecot/2009-June/040687.html

when opening a folder without an index (?) and bzip-compressed files i 
get following error message:


2010-02-03T14:12:10.026452+01:00 server dovecot: IMAP(user): gzread() 
failed: PARAM_ERROR
2010-02-03T14:12:10.026477+01:00 server dovecot: IMAP(user): FETCH for 
mailbox folder UID 105 failed to read message input: Invalid argument





--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] [BUG] problem with zlib plugin

2010-02-03 Thread Leonardo Rodrigues


i've successfully reproduced that.

Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF
Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: copy: i_stream_read() failed: No such file 
or directory
Feb  3 12:44:45 correio dovecot: IMAP(solu...@domain.com.br), 
rip=127.0.0.1, lip=127.0.0.1: gzread() failed: UNEXPECTED_EOF


dovecot 1.2.9

i could reproduce that when files are bzip2ed. When files are 
gzipped, dovecot behaves correctly and i couldnt reproduce any kind of 
error.



Em 03/02/2010 11:19, s...@abma.de escreveu:

Hi,

i think i've the same problem as described here:

http://www.dovecot.org/list/dovecot/2009-June/040687.html

when opening a folder without an index (?) and bzip-compressed files i 
get following error message:


2010-02-03T14:12:10.026452+01:00 server dovecot: IMAP(user): gzread() 
failed: PARAM_ERROR
2010-02-03T14:12:10.026477+01:00 server dovecot: IMAP(user): FETCH for 
mailbox folder UID 105 failed to read message input: Invalid argument





--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] feature question: local delivery from SMTP

2010-01-22 Thread Leonardo Rodrigues

Veiko Kukk escreveu:



Or can it receive
SMTP directly if there is no forwarding to do?  What about spam/virus
filtering in that case?


Dovecot has nothing to do with smtp. You need MTA like postfix or exim 
to deliver mail to mbox/maildir. Then dovecot can show those mailboxes 
to client.




   just a small correction  dovecot has its own delivery agent, 
which means it (dovecot) can handle the 'deliver mail to maildir' part. 
I'm not sure about mailbox, but maildir i'm sure dovecot delivery agent 
can handle.


   anyway, you'll still need an MTA to collect data from the network 
(via SMTP) and then forward it to dovecot delivery agent.


   dovecot is not an MTA so it cannot talk SMTP.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] handling filename of compressed messages

2010-01-17 Thread Leonardo Rodrigues

Leonardo Rodrigues escreveu:

Curtis Maloney escreveu:


Timo -- any tips on helping dovecot deliver compress mails on delivery?

It would solve a lot of problems here, from what I can see, to have a 
deliver plugin that compresses on delivery and sets the Z flag in the 
filename.


   that would be indeed lovely  when this feature gets implemented 
on dovecot delivery agent, i'll definitely stop using postfix virtual 
delivery agent.


   again on this subject of compressing files . i understand 
perfectly that i really dont want the '.gz' or '.bz2' filename. I dont 
want anything more than adding the Z flag to the compressed file.


   The 'script compress idea' from the Wiki page sais:

Dovecot can now read the file, but to avoid compressing it again on the 
next run, you'll probably want to rename it again to include e.g. a "Z" 
flag in the file name to mark that it was compressed (e.g. 
1223212411.M907959P17184.host,S=3271:2,SZ).



   If i rename the file and add the Z flag, i will be braking the 
dovecot-uidlist file, which contain the filenames without the Z flag. 
Users would have to download the compressed files again because the 
filename was changed. That on big mailboxes and slow connections 
(specially after the very 1st compression routine run) can be a BIG problem.


   keeping the filename intact, not even adding the Z flag, would be a 
great idea to avoid clients from redownloading messages ??? Compression 
routines would probably have to use file command to identify already 
compressed files, which would badly impact on the performance of its run 
... not being able to identify already compressed files based on its 
filename would be very bad 






--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] handling filename of compressed messages

2010-01-14 Thread Leonardo Rodrigues

Curtis Maloney escreveu:


Timo -- any tips on helping dovecot deliver compress mails on delivery?

It would solve a lot of problems here, from what I can see, to have a 
deliver plugin that compresses on delivery and sets the Z flag in the 
filename.


   that would be indeed lovely  when this feature gets implemented 
on dovecot delivery agent, i'll definitely stop using postfix virtual 
delivery agent.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] handling filename of compressed messages

2010-01-14 Thread Leonardo Rodrigues

Timo Sirainen escreveu:


Maildir spec says files in new/ shouldn't have the :2, part, but Dovecot is 
fine with it.


   i'm trying to get the sample script for compressing maildirs from 
http://wiki.dovecot.org/Plugins/Zlib (right on the end of the page) but 
link seems to be not accessible.


https://abma.de/node/449

   is this script available somewhere else ?

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] handling filename of compressed messages

2010-01-14 Thread Leonardo Rodrigues

Patrick Domack escreveu:


If people read their emails atleast daily, it would work ok that way. 
But with several people that only read emails monthly or even not at 
all, it helps to compress the new folder also.




   let's not forget those 'created and forgot' mailboxes, who stands 
there on the server with hundreds of Mbs of messages and nobody checks 
that. They are all on new/ folder and, probably, will never got to cur/ 
because they will never be checked.


   OK  i know that shouldnt happen . but in real life this 
happens quite commonly.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] handling filename of compressed messages

2010-01-14 Thread Leonardo Rodrigues

Pascal Volk escreveu:


No, you don't wont to have such file names.

http://wiki.dovecot.org/Plugins/Zlib: … Dovecot can now read the file,
but to avoid compressing it again … include e.g. a "Z" flag in the file
name … (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ)

The article links also to: http://cr.yp.to/proto/maildir.html:
…
What can I put in info?
When you move a file from new to cur, you have to change its name from
uniq to uniq:info … info starting with "2,": Each character after the
comma is an independent flag. …

In short: You want to rename
1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207
to 1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,Z
  


   got it  so, basically, i shouldnt be using .gz at all, is that ok ?

   i understood that, when moving from new to cur, filename should be 
appended of ':2,'. But filenames on new, as i understood, should never 
be changed. As soon as they are read there (on new), they should be 
moved to cur.


   what would be the correct way of compressing messages on the new 
directory and adding the Z flag ? Would be any problem if, when 
compressing on new, add the ':2,' suffix ? Indeed it would be ':2,Z' 
suffix one


   i tried it ...

gzipped the file 
new/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137

and got the gzipped file to be named
new/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137:2,Z
and excluded the original file

when checked mail, file was correctly moved to cur
when replied to that mail, file was correctly renamed to
cur/1263462832.V6814I43300c8M993425.correio.domain.com.br,S=10137:2,RSZ


   is that OK to have filenames on new with the ':2,Z' suffix ?

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] handling filename of compressed messages

2010-01-13 Thread Leonardo Rodrigues


   i'm running dovecot 1.2.9 and, among other things, i have the zlib 
plugin enabled. A shell script runs once a day to compresses all not 
still compressed files on the users maildirs.


   so far so good, it works fine, there's no problem on that.


   what i think is not happening 100% correctly is the following:

   1) user receives a message

   2) BEFORE the compress routine runs, filename is:

new/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207

   3) AFTER the compress routine, filename is now:

new/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz

   4) user check his mail  and now the filename is

cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,S

   5) user replies that mail  and now the filename is

cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,RS


   i'm aware that dovecot doesnt need the '.gz' extension on the file 
to recognize that as a gzipped file. Even without the .gz extension, 
dovecot is correctly reading the file. the '.gz' is not even necessary 
on the filename and still dovecot can handle it fine.


   anyway, i would like to suggest dovecot to handle the filename to 
keep the .gz extension, if that exists. This could help sysadmins to 
easily identify gzipped files on the maildirs and make anything with 
them, if that's desired.


   i would like to see dovecot changing filenames properly and keeping 
the .gz extension always, for example


cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,S.gz
instead of
cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,S

cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207:2,RS.gz
instead of
cur/1263436052.V6814I43300b4M146002.correio.domain.com.br,S=238207.gz:2,RS


 


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] compressed IMAP traffic

2009-09-29 Thread Leonardo Rodrigues


   well . here for me, with 'openssl s_client', i cant even connect 
when using -ssl2:


[r...@correio ~]# openssl s_client -connect localhost:993 -ssl2
[ ... ]
27110:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher 
list:s2_clnt.c:450:

[r...@correio ~]#

   but that's probably because i have on dovecot.conf:

ssl_cipher_list = ALL:!LOW:!SSLv2


   with ssl3 and tls1 i can connect and see the zlib compression being 
enabled.


SSL-Session:
   Protocol  : SSLv3
   Cipher: DHE-RSA-AES256-SHA
[ . ]
  Compression: 1 (zlib compression)

SSL-Session:
   Protocol  : TLSv1
   Cipher: DHE-RSA-AES256-SHA
[ . ]
  Compression: 1 (zlib compression)


   Thunderbird has the options to enable/disable each cipher of 
ssl2/ssl3/tls1 as well as disable them completly too. Here in my 
Thunderbird 2.0.0.23, SSLv2 is disabled, and this is certainly the 
default configs, as i never tweaked this.


http://img43.imageshack.us/img43/7937/thunderbirdssl2.jpg


   logging from dovecot shows clearly that i'm using TLSv1 to connect 
...  it also shows that TLSv1 connections from thunderbird do not use 
compression, and connections from gnutls-cli correctly enables that



thunderbird 2.0.0.23
Sep 29 07:12:02 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=189.114.xx.xx, 
lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)



gnutls-cli
Sep 28 18:36:54 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=189.11.xx.xx, 
lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 
bits) zlib compression



   wireshack confirms i'm using TLSv1 and also shows Thunderbird is 
announcing no compression is supported.



http://img33.imageshack.us/img33/9011/wiresharktlsv1.jpg


   so . despite the known fact that SSLv2 cant be used if 
compression is wanted, using SSLv3 and TLSv1 apparently does not 
automatically guarantees that .



Patrick Domack escreveu:
More testing, seems all my imap clients attempt to use ssl2 first, and 
from the openssl mailing list:


  Oops, should've made this clearer. It is only clients than need to 
avoid the
  old SSLv2 compatible methods and only use SSLv3/TLSv1. Nothing needs 
to be

  done to a server.
  http://www.mail-archive.com/openssl-us...@openssl.org/msg49926.html

This is confirmed using openssl s_client -connect host:993 
(-ssl3|-tls1|-ssl2)


I don't see any way around this globally, unless each program has a 
config option to disable ssl2.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] compressed IMAP traffic

2009-09-28 Thread Leonardo Rodrigues

Leonardo Rodrigues escreveu:


   probably there's some build option on CentOS that is disabling 
compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so 
0.9.8e on CentOS 5.3 built on September/2009 should be able to do it 
too ... oh boy, i really hate those weirds compilation options 
from Redhat   :\




   and most interesting  seems the problem is probably with openssl 
client or gnutls-cli on CentOS 5.3.


   From the same Fedora 8 box i done the previous tests, i pointed 
gnutls-cli to my CentOS 5.3 box with dovecot 1.2.5 and the zlib logging 
patch. And i have:


- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFLATE


   from maillog:

Sep 28 18:36:54 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=189.11.xx.xx, 
lip=200.140.xx.xx, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 
bits) zlib compression


   so, it seems server has the needed support for compression on TLS 
connections. Despite of that, connections from Thunderbird 2.0 and 
Windows Live Mail does not requests compression .




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






smime.p7s
Description: S/MIME Cryptographic Signature


Re: [Dovecot] compressed IMAP traffic

2009-09-28 Thread Leonardo Rodrigues

Timo Sirainen escreveu:


And DEFLATE gives the exact same error? LZO isn't supported by OpenSSL.

  
   yes ... error from DEFLATE and LZO are exactly the same on 
gnutls-cli output and maillog on the CentOS 5.3 box.



Well, not the same server but looks like this one works too:

gnutls-cli --priority NORMAL:+COMP-DEFLATE -p 993 secure.emailsrvr.com

And just for fun I tried imap.gmail.com, that didn't support
compression.
  


   i had tried imap.gmail.com too :)

   interesting findings . from CentOS 5.3, i cant get any 
compression method to work:


[r...@correio dovecot]# gnutls-cli --insecure -p 993 -p 993 
secure.emailsrvr.com --comp LZO DEFLATE NULL 
[ ..]

- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL

   but from a Fedora 8 box:

[r...@correio ~]# gnutls-cli --insecure -p 993 -p 993 
secure.emailsrvr.com --comp LZO DEFLATE NULL

[ ..]
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFLATE


   and Fedora 8 OpenSSL is even older than CentOS 5.3 one:

CentOS 5.3:
[r...@correio dovecot]# rpm -qi openssl
Name: openssl  Relocations: (not relocatable)
Version : 0.9.8eVendor: CentOS
Release : 12.el5Build Date: Fri 04 Sep 2009 
09:33:56 AM BRT


Fedora 8:
[r...@correio ~]# rpm -qi openssl
Name: openssl  Relocations: (not relocatable)
Version : 0.9.8bVendor: Fedora Project
Release : 17.fc8Build Date: Mon 15 Oct 2007 
07:56:22 PM BRST


   probably there's some build option on CentOS that is disabling 
compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so 
0.9.8e on CentOS 5.3 built on September/2009 should be able to do it too 
... oh boy, i really hate those weirds compilation options from 
Redhat   :\


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] compressed IMAP traffic

2009-09-28 Thread Leonardo Rodrigues

Timo Sirainen escreveu:


See if you can get gnutls-cli from somewhere (gnutls-utils package I
think?). Using the gnutls-cli command from my previous mail would show
if your OpenSSL is at least able to use compression. Anyway I wouldn't
be surprised if you couldn't find any clients that are really able to
use compression.
  
   i got gnutls-cli from gnutls-utils package ...  but it's probably a 
different version from yours, because yours exactly command line gives 
error:


[r...@correio dovecot]# gnutls-cli --priority NORMAL:+COMP-DEFLATE 
--insecure -p 993 localhost

Invalid option 'priority'
Error in the arguments. Use the --help or -h parameters to get more 
information.

[r...@correio dovecot]#

[r...@correio dovecot]# gnutls-cli --version
GNU TLS test client, version 1.4.1. Libgnutls 1.4.1.

[r...@correio dovecot]#

   from man page, i have the option:

  --comp comp1 comp2...
 Compression methods to enable (use gnutls-cli --list to 
show the supported compression methods).



   --list gives

[r...@correio dovecot]# gnutls-cli --list

Certificate types: X.509, OPENPGP
Protocols: TLS1.0, TLS1.1, SSL3.0
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, ARCFOUR, ARCFOUR-40
MACs: MD5, RMD160, SHA1
Key exchange algorithms: RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, DHE-PSK, 
PSK, SRP, SRP-RSA, SRP-DSS, ANON-DH

Compression methods: DEFLATE, LZO, NULL
[r...@correio dovecot]#


   trying LZO and DEFLATE gives an error:

[r...@correio dovecot]# gnutls-cli --insecure -p 993 localhost --comp 
LZO   
Resolving 'localhost'...

Connecting to '127.0.0.1:993'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [50]: Decode error
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
[r...@correio dovecot]#

   and in maillog:

Sep 28 15:35:05 correio dovecot: imap-login: Disconnected (no auth 
attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() 
failed: error:1408A0BB:SSL routines:SSL3_GET_CLIENT_HELLO:no compression 
specified



   do the IMAP4 server you tried is remotely accessible so i can try 
from a different machine ? Maybe we're dealing with some client lack of 
compatibility and not server one ..



--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] compressed IMAP traffic

2009-09-28 Thread Leonardo Rodrigues

Timo Sirainen escreveu:


I think the compression support in OpenSSL is relatively new, so it's
entirely possible that it's only in v0.9.8 and newer.
  


   from a fully upgraded CentOS 5.3 x86_64 box:

[r...@correio dovecot]# rpm -qi openssl
Name: openssl  Relocations: (not relocatable)
Version : 0.9.8eVendor: CentOS
Release : 12.el5Build Date: Fri 04 Sep 2009 
09:33:56 AM BRT



   i have applied the provided patch, recompiled and installed dovecot 
1.2.5 new binaries. This is what i get from logs:


Sep 28 14:44:43 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=189.114.xx.x, 
lip=200.140.yy.yy, TLS, TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)


   login_log_format_elements was defined, as documented by Timo, as:

   login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k

   with clients Thunderbird 2.0.0.23 and Windows Live Mail from a 
Windows Vista SP2 fully updated too, log is the same. There's no trace 
of compression being enabled.



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






smime.p7s
Description: S/MIME Cryptographic Signature


Re: [Dovecot] compressed IMAP traffic

2009-09-28 Thread Leonardo Rodrigues

Ed W escreveu:


I notice that the openssl docs require compression to be specifically 
enabled and are somewhat scathing about support...


http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html

Anyone care to comment further?



   When i created this thread, some weeks ago, i have also made some 
tests with recent versions (OpenSSL, dovecot, Thunderbird) and couldnt 
get compression.


   I didnt any kind of tracing debug or similar, i just created some IP 
accounting rules and watchs it when downloading a know set of emails 
with a know size. There was no difference when downloading through 
unsecure IMAP or secured (TLS) IMAP. So, there's no compression being 
activated.


   When searching for that, i found that there's already a RFC for a 
COMPRESS imap extension ... as imagined, there are pretty few clients 
that supports it  Thunderbird 3 Beta supports it  but asking 
customers to use a Beta software is not acceptable. So, we'll probably 
need some more years to have this extensions widely deployed and 
supported by clients.


http://www.ietf.org/rfc/rfc4978.txt


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






smime.p7s
Description: S/MIME Cryptographic Signature


Re: [Dovecot] compressed IMAP traffic

2009-09-22 Thread Leonardo Rodrigues

Timo Sirainen escreveu:


If your OpenSSL supports it, Dovecot supports it. I recently tested 
this with gnutls-cli program, openssl s_client for some reason didn't 
support it. I've no idea if any actual IMAP clients support it.


   i'm using OpenSSL shipped from CentOS 5.3 . is there any easy to 
check if the shipped OpenSSL supports that ???


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] compressed IMAP traffic

2009-09-22 Thread Leonardo Rodrigues


   Simply (and maybe stupid) question ..

   is there anything that can be easily used to automatically compress 
IMAP traffic between client and server ? I was thinking if the SSL/TLS 
code enables some kind of compression as well.


   the idea is to reduce IMAP traffic between server and clients and 
not using VPN-like solutions, the idea is just some IMAP4 standard 
client (compatible with SSL/TLS if that's the case) and nothing else.


   can something like that be done ?

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] simple feature request: IMAP logged out message

2009-09-18 Thread Leonardo Rodrigues

David Warden escreveu:

I was looking for the same thing earlier this month.

I'm not on v1.2.4 but that should have the mail_log_prefix option 
which lets you add something to the start of every log line, including 
logouts. I use that to put the username and remote IP in every log 
line. It has helped out quite a bit with troubleshooting.


   That's it .. i was using a simplified dovecot.conf and couldnt 
find mail_log_prefix. But then i searched on the default file and there 
it was. Now i'm using:


mail_log_prefix = "%Us(%u), rip=%r, lip=%l: "

   with that, i have:

Sep 18 15:43:45 correio dovecot: IMAP(u...@domain.com), 
rip=189.31.xx.xx, lip=200.140.yy.yy: Disconnected in IDLE bytes=1761/3265



   thanks !!!

--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] simple feature request: IMAP logged out message

2009-09-18 Thread Leonardo Rodrigues


   i'd like to make a simple feature request on dovecot 

   i'm using v1.2.4 (latest one) and IMAP logout message, by default is:

Sep 18 14:26:27 correio dovecot: IMAP(u...@domain.com): Disconnected: 
Logged out bytes=384/93


   the message can be a little customized with:

 # IMAP logout format string:
 #  %i - total number of bytes read from client
 #  %o - total number of bytes sent to client 
 imap_logout_format = bytes=%i/%o



   The remote IP address, the IP which the user is coming from, can 
only be seen on the login message:


Sep 14 09:09:12 correio dovecot: imap-login: Login: 
user=, method=PLAIN, rip=187.6.xx.xx, lip=200.140.yy.yy


   the feature request is that the remote IP address could be added on 
the Logout message too, that would make much easier to watch connections 
from some specific user and from some specific ip address, regarding 
traffic of the connection. For example, something like:


Sep 18 14:26:27 correio dovecot: IMAP(u...@domain.com): Disconnected: 
Logged out bytes=384/93, rip=187.6.xx.xx, lip=200.140.yy.yy




--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] fixing deleted-to-trash-plugin

2009-09-14 Thread Leonardo Rodrigues

Lex Brugman escreveu:


I have updated the wiki page:
http://wiki.dovecot.org/Plugins/deleted-to-trash and attached the source to
it, I hope this will help some other desperate people wanting to use
Dovecot but missing this feature.
Any feedback is welcome.
  


   just for curiosity  the ' ... people wanting to use Dovecot but 
missing this feature' called my attention.


   This seems, IMHO, more a client-side feature missing than a 
server-side one.


   is there any other IMAP server with similar 'feature' ??? I have 
never seen any  but i confess i have seen pretty few different imap 
server running 


   do any other IMAP software daemon (like courier, for example) or any 
other full email package (like Zimbra or even Exchange, for example) 
have this feature in server-side fashion ???


   I'm not starting a flame war on this plugin should exist or not, 
people should or not using it  i really just wanna know if any other 
email systems/IMAP server have this feature for fixing a client-side 
feature lacking with some server-side workaround.


--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Question about the pop3 feature "leave messages on server for a certain period of time"

2009-09-12 Thread Leonardo Rodrigues

Axel Luttgens escreveu:


No, I don't think to have omitted anything: I already replied to the 
OP wrt the 'leave messages on server' matter.


Here, I was replying to Leonardo (who's not the OP) who started a new 
idea (a potentially misleading POP vs IMAP debate) within the original 
thread.




   Starting the POP vs IMAP war was not my intention and i really would 
like to say i'm sorry for that. My intention was to show the OP that, in 
the proposed scenario (same user with multiple MUAs trying to use leave 
message on server and have a intelligent behavior of that client-side 
feature), working with IMAP would a better choice (and smart one, in MY 
opinion), because keeping messages synced between several MUAs (let's 
not forget webmail is a pretty common second MUA used by users, usually 
a IMAP MUA) and server is part of IMAP protocol and does not depends on 
MUA behaviors or 'algorithms'. Everything is part of IMAP protocol, the 
$imapuser could even change MUA how many times he wants to and there 
would be no accidental loss of messages.


   Of course if some IMAP MUA has some client-side feature configured, 
like 'delete messages older than N days' configured, we can have some 
messages being deleted despite of user's will ...  but that would NOT be 
an accidental loss of messages, that would be a EXPECTED loss of 
messages because of some MUA configuration.


   All the 'leave message on server' used by POP clients is NOT part of 
the POP protocol (yes i know POP is pretty well RFC-defined, but not 
those client-side features, as well as some IMAP client-side features 
are not RFC-defined as well).


   The major problem here seems to be the fact that for the POP3 server 
(dovecot or any other), the 'leave messages on server' feature simply 
does not exists. It may be guessed by the 'RETR' not followed by 'DELE' 
which usually happens, but that would be just a guess. There's no way to 
the server to control what will happen with that client-side feature and 
different MUAs accessing the same mailbox with POP3. The proposed of 
used the expire plugin would solve a different situation, not the 
initially proposed one.


   I use IMAP4 in some situations and use POP3 in others as well. I 
think IMAP4 is a better protocol nowadays, with fast internet 
connections and storages on server becaming cheaper each day. But it 
doesnt means POP3 is dead. But in some situations, like users who really 
needs the 'leave messages on server' feature, using pop3 is not a smart 
decision anymore. Which doesnt means everybody should stop using POP3 
and changing to IMAP4 


   Dimitrios, i really think you'll have a hard time trying to find a 
server-side feature to control that mess of using leave messages on 
server with different MUAs by the simply fact that, in the server side, 
that thing simply does not exist.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






Re: [Dovecot] Question about the pop3 feature "leave messages on server for a certain period of time"

2009-09-11 Thread Leonardo Rodrigues

Δημήτριος Καραπιπέρης escreveu:


Hi
I can clearly understand this, but what if we have two MUAs with 
different time period settings

on the same account , 10 days the first and 20 days the second.
The first when it will be connected on the 10th day it will delete on 
server all messages, so the second will not get anything at all

Correct?


   IMHO, the 'leave messages on server' is a completly fucked up and 
stupid way of trying to do something that IMAP4 does very well, 
intelligently and RFC-based.


   If you need to use different MUAs to check the same account, you 
really should consider using IMAP4. You'll have message flagging stored 
on server (read messages, new messages, replied ones) ... you can even 
configure your MUA to store sent messages on a IMAP4 folder and see 
those sent messages from MUA1 when you access the mailbox on MUA2 !!!



--


Atenciosamente / Sincerily,
    Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it






[Dovecot] compression script for use with zlib module

2009-09-08 Thread Leonardo Rodrigues


   Hi,

   I'm wondering if someone already implemented a compression script 
(and would like to share it) based on the step-by-step provided on wiki 
page of Zlib module.


   I can already do some find|xargs gzip  but couldnt implement it 
completly as described on the wiki page. I know the suggested 
step-by-step is very detailed and probably a must simplier will be 
enough for almost anyone  anyway, if someone have the full script 
and would like to share it, i would be glad to get it :)



http://wiki.dovecot.org/Plugins/Zlib


1) Find the mails you want to compress in a single maildir.
2) Compress the mails to tmp/
   * Update the compressed files' mtimes to be the same as they were in 
the original files (e.g. touch command)

3) Run maildirlock  . It writes PID to stdout, save it.
   *  is path to the Maildir's dovecot-uidlist (the control 
directory, if it's separate)

   *  specifies how long to wait for the lock before failing.
4) If maildirlock grabbed the lock successfully (exit code 0) you can 
continue.

5) For each mail you compressed:
  1. Verify that it still exists where you last saw it.
  2. If it doesn't exist, delete the compressed file. Its flags may 
have been changed or it may have been expunged. This happens rarely, so 
just let the next run handle it.
  3. If the file does exist, rename() (mv) the compressed file over the 
original file.
 * Dovecot can now read the file, but to avoid compressing it 
again on the next run, you'll probably want to rename it again to 
include e.g. a "Z" flag in the file name to mark that it was compressed 
(e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). Remember that the 
Maildir specifications require that the flags are sorted by their ASCII 
value, although Dovecot itself doesn't care about that.
6) Unlock the maildir by sending a TERM signal to the maildirlock 
process (killing the PID it wrote to stdout).




--


    Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it