Re: sieve scripts not synching for 2.3.5.1 pre-built

2019-04-03 Thread Marc Weustink via dovecot 

Timo Sirainen via dovecot wrote:
On 2 Apr 2019, at 22.37, Timo Sirainen via dovecot > wrote:


On 2 Apr 2019, at 17.03, Jan-Pieter Cornet via dovecot 
mailto:dovecot@dovecot.org>> wrote:


Hi,

We're synching mailboxes, changing format from maildir to mdbox, 
using doveadm backup/doveadm sync.


When still running 2.2.36, 'doveadm backup' also synched the sieve 
scripts, without issues.


After the upgrade to 2.3.5.1, the sieve sync stopped working. We're 
using the pre-built 2.3 packages from 
https://repo.dovecot.org/ce-2.3-latest/debian/stretch


Looks like this is trivial to reproduce. It used to work still in 
v2.3.1, but then something broke it. Tracking internally in DOP-1062.


Reverting 
https://github.com/dovecot/pigeonhole/commit/479c5e57046dec76078597df844daccbfc0eb75f fixes 
this.




This is a change where strncmp() gets replaced by str_begins(). IMO a 
good change, however in src/lib-sieve/storage/file/sieve-file-storage-save.c


 strncmp(scriptname, fstorage->active_fname, namelen)

gets replaced by

 str_begins(fstorage->active_fname, scriptname)

Note that the arguments are swapped here, giving a false result.

Marc

Re: flags not synced correctly with dovecot sync (dsync)

2019-02-19 Thread Marc Weustink via dovecot 

Dan Christensen via dovecot wrote:

I should add that these problems arise frequently in practice, even if
changes are only being made on a single machine, e.g. laptop1.  Flag
changes on laptop1 propagate to server, but then are reverted on server
when laptop2 syncs with server, and then are reverted on laptop1 when it
syncs again with server.  If I redo the flag changes on laptop1, the
process just repeats and they are removed again.

Suggestions for debugging are very welcome, as currently syncing is
much too unreliable for me to continue using it.

Dan


I (and others) have the same issue.

A quote from Stephan Bosch on 20-1-2019:


We're working on it. We have reproduced the problem without difficulty and 
isolated the commit that caused it.


Tracking internally as DOP-842.

Regards,

Stephan. 



Marc




On Feb 16, 2019, Dan Christensen via dovecot  wrote:


I'm running dovecot 2.3.4.1 from https://repo.dovecot.org/ on Ubuntu
18.04 on three machines that I'll call server, laptop1 and laptop2.

Both laptop1 and laptop2 run dovecot sync against server to keep local
copies of my imap folders.  Even when I initially had only two machines,
laptop1 and server, I occasionally noticed that flags were lost, usually
custom flags used by Gnus, but I couldn't reliably reproduce the
problem.

Now that I have two laptops syncing against the server, the problem has
gotten worse and I figured out a way to reproduce it:

- on server: create new IMAP folder test, and put two read messages in it
- on laptop1:  doveadm sync -u user -l 10 -m test -f user@server
- on laptop2:  doveadm sync -u user -l 10 -m test -f user@server

At this point, all three machines show the two messages M1 and M2
as being read.

- on laptop1: mark message M1 unread
- on laptop2: mark message M2 unread
- on laptop1:  doveadm sync -u user -l 10 -m test -f user@server
   Both laptop1 and server have M1 unread, M2 read, as expected.
- on laptop2:  doveadm sync -u user -l 10 -m test -f user@server
   Now laptop2 and server have M1 *read*, M2 unread.
- on laptop1:  doveadm sync -u user -l 10 -m test -f user@server
   Now laptop1 and the server have both M1 and M2 *read*.
- on laptop2:  doveadm sync -u user -l 10 -m test -f user@server
   Now laptop2 has both read as well.

The two lines that say "*read*" are wrong in my opinion.  dsync
propagated a read mark to an unread message, even though that message
was marked unread more recently than it was marked read.

I usually use stateful sync, and get many related problems.
I just did a test in which M1 and M2 started out read, and I
started with empty files named dstate.test on laptop1 and laptop2.
Then I did the above procedure, using the command

doveadm sync -u user -l 10 -m test -s "`cat dstate.test`" user@server > 
dstate.test

At the end, laptop2 and server had both messages unread (which is good),
but laptop1 had only M1 unread, and repeated runs of the sync command
did not correct this.  So the stateful sync failed to detect a change.

Are these bugs in dovecot?  Is there more information that I can
provide?  The output of doveconf -n on one machine is below, and
the others are almost identical.

Thanks for any help!

Dan

# 2.3.4.1 (3c0b8769e): /etc/dovecot/dovecot.conf
# OS: Linux 4.15.0-45-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: laptop2
auth_mechanisms = plain login
listen = 127.0.0.1
mail_index_log2_max_age = 10 days
mail_index_log_rotate_min_age = 1 days
mail_index_log_rotate_min_size = 300 k
mail_location = maildir:~/Maildir
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
 special_use = \Drafts
   }
   mailbox Junk {
 special_use = \Junk
   }
   mailbox Sent {
 special_use = \Sent
   }
   mailbox "Sent Messages" {
 special_use = \Sent
   }
   mailbox Trash {
 special_use = \Trash
   }
   prefix =
}
passdb {
   args = scheme=CRYPT username_format=%u /etc/dovecot/users
   driver = passwd-file
}
protocols = imap
service imap-login {
   inet_listener imap {
 address = *
 port = 143
   }
   inet_listener imaps {
 address = *
 port = 943
 ssl = yes
   }
}
service imap {
   process_limit = 25
}
ssl_cert =

Re: Using SHA256/512 for SQL based password

2019-02-19 Thread Marc Weustink via dovecot 

Aki Tuomi via dovecot wrote:


On 17.2.2019 10.46, Aki Tuomi via dovecot wrote:


On 17 February 2019 at 10:38 Odhiambo Washington via dovecot < 
dovecot@dovecot.org <mailto:dovecot@dovecot.org>> wrote:



On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot < 
dovecot@dovecot.org <mailto:dovecot@dovecot.org>>

wrote:


Jean-Daniel Dupas via dovecot wrote:
>
>
>> Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot
>> < dovecot@dovecot.org <mailto:dovecot@dovecot.org> dovecot@dovecot.org <mailto:dovecot@dovecot.org>>> a écrit :

>>
>>
>>

>>> ARGON2 support is added in dovecot v2.3. It also needs to be 
enabled
>>> when compiling dovecot, so varying from packagers it might or 
not be
>>> available. The CRYPT ones are available if crypt(3) supports 
them. In

>>> dovecot v2.3 we have added bcrypt support regardless of crypt(3)
support.
>>
>> CentOS7 is on dovecot 2.2.36:
>>
>> # doveadm pw -s ARGON2-CRYPT -p secret
>> Fatal: Unknown scheme: ARGON2-CRYPT
>> # doveadm pw -s ARGON2 -p secret
>> Fatal: Unknown scheme: ARGON2
>>
>> I tend to stay with the distro's rpms and not take on building and
>> maintaining myself.
>
And for the record, the hash names are ARGON2I and ARGON2ID (see 
doveadm

pw -l )
With dovecot from the dovecot.org < http://dovecot.org> repo:
# doveadm pw -s ARGON2I -p secret
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk 


Also from dovecot.org < http://dovecot.org> repo:
doveadm pw -s ARGON2I -p secret
Fatal: Unknown scheme: ARGON2I

Marc


It works for me over here:

[wash@waridi ~]#/opt/dovecot2.3/bin/doveadm pw -s ARGON2I -p secret
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$9pggnQBea9F3h3O31HoJEA$0zZZgwEuMRVZ3Mc/v6ckpalzVRVCr+GLBWnb8OrgsxU 




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)


I'll check next week if and why argon is missing from ce packages.
---
Aki Tuomi


Marc,

ARGON2 is supported only on Debian Stretch and Ubuntu 18 for dovecot, 
due to libsodium.


Ah, thanks for the clarification. Still running Ubuntu 16 here.

Marc

Re: Using SHA256/512 for SQL based password

2019-02-17 Thread Marc Weustink via dovecot 

Jean-Daniel Dupas via dovecot wrote:



Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot 
mailto:dovecot@dovecot.org>> a écrit :




On 2/13/19 8:30 AM, Aki Tuomi wrote:

On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:


On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:


Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
mailto:r...@htt-consult.com>>:


On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:

I have trying to find how to set the dovecot-sql.conf for using
SHA256/512.  I am going to start clean with the stronger format, not
migrate from the old MD5.  It seems all I need is:

you maybe would like to have a look to the hashing algo ARGON2I
which is
currently recommended for new developments and deployments.

Recommended by whom?

Can you provide a link?

Sure, please see here:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet



And if I was adventurous about hashes, I would be looking more at
Keccak.


Check out my Internet Draft:


draft-moskowitz-small-crypto-00.txt

Thanks for the tip, will have a look for into it.

Keccak is a general hashing function.  It was the first? of the
hashing 'sponge' functions, that many have followed.  It is the basis
of SHA3 (at Keccak's greatest strength).

Argon2 seems to be special-built for password hashing.  Thing is it is
not supported on my CentOS7 system:

# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN
CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5
PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT
SHA256-CRYPT SHA512-CRYPT

Of course SHA3 is not listed either...



ARGON2 support is added in dovecot v2.3. It also needs to be enabled
when compiling dovecot, so varying from packagers it might or not be
available. The CRYPT ones are available if crypt(3) supports them. In
dovecot v2.3 we have added bcrypt support regardless of crypt(3) support.


CentOS7 is on dovecot 2.2.36:

# doveadm pw -s ARGON2-CRYPT -p secret
Fatal: Unknown scheme: ARGON2-CRYPT
# doveadm pw -s ARGON2 -p secret
Fatal: Unknown scheme: ARGON2

I tend to stay with the distro's rpms and not take on building and 
maintaining myself.


And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm 
pw -l )


With dovecot from the dovecot.org  repo:

# doveadm pw -s ARGON2I -p secret
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk


Also from dovecot.org  repo:

doveadm pw -s ARGON2I -p secret
Fatal: Unknown scheme: ARGON2I



Marc

Re: IMAP copy stopped copying flags

2019-01-11 Thread Marc Weustink 

Hi all,

Andrzej A. Filip wrote:

Timo Sirainen  wrote:

On 9 Jul 2018, at 16.49, Andrzej A. Filip  wrote:


Is it intended behavior?


No.


It seems to be caused by upgrade to 1:2.3.2-2 on Debian/Testing.


What was the old version? What's your doveconf -n? How are you testing
that it's not working?


It seems that the problem occurred after Debian/Testing dovecot's upgrade
from 1:2.2.36-1 to 1:2.3.2-2.  I have fixed the problem by downgrading
dovecot to version provided by Debian/Stable (1:2.2.27-3+deb9u2).

I use dovecot in "server less" mode (IMAP via stdin+stdout) with maildir.

mail_location = maildir:~/Maildir:LAYOUT=fs




Same issue here on 2.3.4 (0ecbaf23d) as server.

When a message is moved, either through Thunderbird or doveadm move, the 
flags are lost.


Any update on this ?

Thanks
Marc

Re: Panic: file dsync-brain-mailbox-tree.c: line 448: unreached

2018-12-04 Thread Marc Weustink 

Solved. It appeared a configuration issue.
There was a mismatch in the prefix of the namespace on both servers

Marc


Marc Weustink wrote:

Hi all,

To backup our imap folders I've a cronjob running in the night:
  /usr/bin/doveadm -o stats_writer_socket_path=  backup -R -A -N 
tcp:xxx.yyy.zzz:4191


This ran successful when I set it up and didn't look at it anymore.
Recently I noticed errors:

dsync-local(administration): Panic: file 
dsync-mailbox-tree-sync.c: line 1253 (sync_create_mailboxes): assertion 
failed: (node->ns == other_node->ns)
dsync-local(administration): Error: Raw 
backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcceca) [0x7f7029099eca] 
-> /usr/lib/dovecot/libdovecot.so.0(+0xccf21) [0x7f7029099f21] -> 
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7029006f44] -> 
/usr/bin/doveadm(+0x5206c) [0x558ba9fec06c] -> 
/usr/bin/doveadm(dsync_mailbox_trees_sync_init+0x2a2) [0x558ba9fedba2] 
-> /usr/bin/doveadm(dsync_brain_recv_mailbox_tree_deletes+0x246) 
[0x558ba9fdf6d6] -> /usr/bin/doveadm(dsync_brain_run+0x5b8) 
[0x558ba9fdbec8] -> /usr/bin/doveadm(+0x42260) [0x558ba9fdc260] -> 
/usr/bin/doveadm(+0x585bf) [0x558ba9ff25bf] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f70290b2029] 
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f70290b3959] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f70290b2132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f70290b2348] -> /usr/bin/doveadm(+0x27e39) [0x558ba9fc1e39] -> 
/usr/bin/doveadm(+0x2a3c7) [0x558ba9fc43c7] -> 
/usr/bin/doveadm(+0x2b1f6) [0x558ba9fc51f6] -> 
/usr/bin/doveadm(doveadm_mail_try_run+0x1fa) [0x558ba9fc597a] -> 
/usr/bin/doveadm(main+0x45b) [0x558ba9fb4ceb] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f702891a830] 
-> /usr/bin/doveadm(_start+0x29) [0x558ba9fb4e69]

Aborted (core dumped)

I've added the dovecot repo to get dovecot automatically updated, so I 
cannot tell with which version it started.


my doveconf -n:

[sudo] password for infraadmin:
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.4.0-137-generic x86_64 Ubuntu 16.04.5 LTS autofs
# Hostname: xxx.xxx.xxx
dict {
   acl = pgsql:/etc/dovecot/dovecot-dict-sql-local.conf.ext
}
doveadm_password = # hidden, use -P to show it
mail_debug = yes
mail_gid = vmail
mail_home = /home/mail/backup/%n
mail_location = maildir:/home/mail/backup/%n/mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext

namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   separator = /
   type = private
}
namespace public {
   location = 
maildir:/home/mail/backup/Common/mail:INDEXPVT=/home/mail/backup/%n/mail/common 


   prefix = Common/
   separator = /
   subscriptions = no
   type = public
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   acl = vfile
   acl_shared_dict = proxy::acl
   sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " sieve"
service auth {
   unix_listener auth-userdb {
     mode = 0777
   }
}
service dict {
   unix_listener dict {
     group = vmail
     user = vmail
   }
}
ssl = no
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}

Sieve scripts not backed up

2018-12-04 Thread Marc Weustink 

(now from my subscribed account)

Hi all.
I try to backup out sieve scripts through
 doveadm  -o stats_writer_socket_path=  backup -R -u marc -N 
tcp::4191


All mail is backed up but no scripts. What am I doing wrong ?

Thanks Marc

 doveconf -n

# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 4.4.0-137-generic x86_64 Ubuntu 16.04.5 LTS autofs
# Hostname: xxx
dict {
  acl = pgsql:/etc/dovecot/dovecot-dict-sql-local.conf.ext
}
doveadm_password = # hidden, use -P to show it
mail_debug = yes
mail_gid = vmail
mail_home = /home/mail/backup/%n
mail_location = maildir:/home/mail/backup/%n/mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace Shared {
  location = 
maildir:/home/mail/backup/Common/mail:INDEXPVT=/home/mail/backup/%n/mail/common

  prefix = Shared/
  separator = /
  subscriptions = no
  type = public
}
namespace Users {
  list = children
  location = 
maildir:/home/mail/backup/%%n/mail:INDEXPVT=/home/mail/backup/%n/mail/shared/%%n

  prefix = Users/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = sieve
service auth {
  unix_listener auth-userdb {
mode = 0777
  }
}
service dict {
  unix_listener dict {
group = vmail
user = vmail
  }
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

Sieve scripts not backed up

2018-12-04 Thread Marc Weustink 

Hi all.
I try to backup out sieve scripts through
 doveadm  -o stats_writer_socket_path=  backup -R -u marc -N 
tcp::4191


All mail is backed up but no scripts. What am I doing wrong ?

Thanks Marc

 doveconf -n

# 2.3.4 (0ecbaf23d): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 4.4.0-137-generic x86_64 Ubuntu 16.04.5 LTS autofs
# Hostname: xxx
dict {
  acl = pgsql:/etc/dovecot/dovecot-dict-sql-local.conf.ext
}
doveadm_password = # hidden, use -P to show it
mail_debug = yes
mail_gid = vmail
mail_home = /home/mail/backup/%n
mail_location = maildir:/home/mail/backup/%n/mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace Shared {
  location = 
maildir:/home/mail/backup/Common/mail:INDEXPVT=/home/mail/backup/%n/mail/common

  prefix = Shared/
  separator = /
  subscriptions = no
  type = public
}
namespace Users {
  list = children
  location = 
maildir:/home/mail/backup/%%n/mail:INDEXPVT=/home/mail/backup/%n/mail/shared/%%n

  prefix = Users/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = sieve
service auth {
  unix_listener auth-userdb {
mode = 0777
  }
}
service dict {
  unix_listener dict {
group = vmail
user = vmail
  }
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

Panic: file dsync-brain-mailbox-tree.c: line 448: unreached

2018-11-12 Thread Marc Weustink 

Hi all,

To backup our imap folders I've a cronjob running in the night:
 /usr/bin/doveadm -o stats_writer_socket_path=  backup -R -A -N 
tcp:xxx.yyy.zzz:4191


This ran successful when I set it up and didn't look at it anymore.
Recently I noticed errors:

dsync-local(administration): Panic: file 
dsync-mailbox-tree-sync.c: line 1253 (sync_create_mailboxes): assertion 
failed: (node->ns == other_node->ns)
dsync-local(administration): Error: Raw 
backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xcceca) [0x7f7029099eca] 
-> /usr/lib/dovecot/libdovecot.so.0(+0xccf21) [0x7f7029099f21] -> 
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f7029006f44] -> 
/usr/bin/doveadm(+0x5206c) [0x558ba9fec06c] -> 
/usr/bin/doveadm(dsync_mailbox_trees_sync_init+0x2a2) [0x558ba9fedba2] 
-> /usr/bin/doveadm(dsync_brain_recv_mailbox_tree_deletes+0x246) 
[0x558ba9fdf6d6] -> /usr/bin/doveadm(dsync_brain_run+0x5b8) 
[0x558ba9fdbec8] -> /usr/bin/doveadm(+0x42260) [0x558ba9fdc260] -> 
/usr/bin/doveadm(+0x585bf) [0x558ba9ff25bf] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f70290b2029] 
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) 
[0x7f70290b3959] -> 
/usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) 
[0x7f70290b2132] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f70290b2348] -> /usr/bin/doveadm(+0x27e39) [0x558ba9fc1e39] -> 
/usr/bin/doveadm(+0x2a3c7) [0x558ba9fc43c7] -> 
/usr/bin/doveadm(+0x2b1f6) [0x558ba9fc51f6] -> 
/usr/bin/doveadm(doveadm_mail_try_run+0x1fa) [0x558ba9fc597a] -> 
/usr/bin/doveadm(main+0x45b) [0x558ba9fb4ceb] -> 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f702891a830] 
-> /usr/bin/doveadm(_start+0x29) [0x558ba9fb4e69]

Aborted (core dumped)

I've added the dovecot repo to get dovecot automatically updated, so I 
cannot tell with which version it started.


my doveconf -n:

[sudo] password for infraadmin:
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.4.0-137-generic x86_64 Ubuntu 16.04.5 LTS autofs
# Hostname: xxx.xxx.xxx
dict {
  acl = pgsql:/etc/dovecot/dovecot-dict-sql-local.conf.ext
}
doveadm_password = # hidden, use -P to show it
mail_debug = yes
mail_gid = vmail
mail_home = /home/mail/backup/%n
mail_location = maildir:/home/mail/backup/%n/mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
namespace public {
  location = 
maildir:/home/mail/backup/Common/mail:INDEXPVT=/home/mail/backup/%n/mail/common

  prefix = Common/
  separator = /
  subscriptions = no
  type = public
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " sieve"
service auth {
  unix_listener auth-userdb {
mode = 0777
  }
}
service dict {
  unix_listener dict {
group = vmail
user = vmail
  }
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

Certificate of package repository expired

2018-02-13 Thread Marc Weustink 

Hi,

I just happened to do an apt update and got a notice that 
repo.dovecot.org was disabled.


According to firefox:
repo.dovecot.org uses an invalid security certificate. The certificate 
expired on dinsdag 13 februari 2018 12:48. The current time is dinsdag 
13 februari 2018 16:39.



Thanks,
Marc

Re: doveconf -n not showing all changes

2017-12-28 Thread Marc Weustink 
Sorry for the noise, local.conf wasn't readable by a normal user, so it 
wasn't tried (!include vs !include_try)


Marc



Marc Weustink wrote:

Hi,

Today I was testing the last dovecot release 2.3 from the dovecot repo 
on ubuntu 16.04. (I upgraded from 2.2.23)
I cannot recall if I noticed it before, but doveconf -n not showing all 
changes.



To be able to track my changes, I don't touch the config files provided 
in conf.d/ anymore, but I write them in local.conf (I did in the past so 
doveconf -n still shows something)


I was testing the new submission service so I added to local.conf:


protocols = imap pop3 lmtp sieve submission
service submission-login {
   inet_listener submission {
     # test
     port = 588
   }
}
submission_relay_host = 127.0.0.1


after restarting dovecot, submission works, mails get relayed. However 
doveconf -n shows:


protocols = imap pop3 lmtp sieve


This is very confusing.

Marc

doveconf -n not showing all changes

2017-12-28 Thread Marc Weustink 

Hi,

Today I was testing the last dovecot release 2.3 from the dovecot repo 
on ubuntu 16.04. (I upgraded from 2.2.23)
I cannot recall if I noticed it before, but doveconf -n not showing all 
changes.



To be able to track my changes, I don't touch the config files provided 
in conf.d/ anymore, but I write them in local.conf (I did in the past so 
doveconf -n still shows something)


I was testing the new submission service so I added to local.conf:


protocols = imap pop3 lmtp sieve submission
service submission-login {
  inet_listener submission {
# test
port = 588
  }
}
submission_relay_host = 127.0.0.1


after restarting dovecot, submission works, mails get relayed. However 
doveconf -n shows:


protocols = imap pop3 lmtp sieve


This is very confusing.

Marc

Re: ManageSieve: authenticate "EXTERNAL" not behaving correctly

2017-11-30 Thread Marc Weustink 

Stephan Bosch wrote:



Op 28-10-2017 om 17:18 schreef Stephan Bosch:

Op 10/26/2017 om 1:32 PM schreef Marc Weustink:

...


Will get back on this later.


This was actually a Dovecot problem. Merged yesterday:

https://github.com/dovecot/core/commit/451698c60d7b3a763742c8e99503ab30596036f0 

https://github.com/dovecot/core/commit/e4b72bd73bfffda7906faa248eab31f936cfc6fa 

https://github.com/dovecot/core/commit/ad3e5fb08578161731085cfc025659753d2682cb 

https://github.com/dovecot/core/commit/981f260cfa17a22faf4ff047e479e63cad01aa65 





Great, Thanks.
Marc

Re: ManageSieve: authenticate "EXTERNAL" not behaving correctly

2017-11-01 Thread Marc Weustink 

Stephan Bosch wrote:

Op 10/26/2017 om 1:32 PM schreef Marc Weustink:

Hi,

I've enabled client certificate authentication for imap and
managesieve. When I use Thunderbird with the sieve plugin it tries to
login, but times out.

Initially I reported this to the sieve plugin, but we came to the
conclusion that it managesieve is misbehaving.

https://github.com/thsmi/sieve/issues/94

Thunderbird (win10-64) 52.4.0 (32bit)
Sieve 0.2.3k
Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid)


What happens is the following (p=plugin sends m=managesieve sends)

p:authenticate "EXTERNAL" ""
m:""

The response is unexpected. According to RFC 5804 an empty
challenge/response is sent as an empty string. So I would expect:

p:authenticate "EXTERNAL" ""
m:OK "Logged in."



With the use of gnutls-cli I could reproduce (c=I send m=managesieve
sends)
  gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile
marc_mail.crt -p sieve 172.17.1.4

...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" ""
m:""
c:""
m:OK "Logged in."


However if I try the "imap" syntax (rfc4959) I get logged in at once

...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" "="
m:OK "Logged in."

Note that this is an imap only extention, "=" is an invalid base64
encoding.


Will get back on this later.

Regards,

Stephan.



With the attached patch I could hac/workaround it

Marc

diff -U 5 
dovecot-2.2.33.1/pigeonhole/src/managesieve-login/client-authenticate.c 
dovecot-2.2.33.1~mwe/pigeonhole/src/managesieve-login/client-authenticate.c
--- dovecot-2.2.33.1/pigeonhole/src/managesieve-login/client-authenticate.c 
2017-11-01 15:06:28.0 +0100
+++ dovecot-2.2.33.1~mwe/pigeonhole/src/managesieve-login/client-authenticate.c 
2017-11-01 14:55:43.869493098 +0100
@@ -306,12 +306,20 @@
return 1;
}
 
if ( ret == 0 ) return 0;
 
-   init_response = ( client->auth_response == NULL ? NULL :
-   t_strdup(str_c(client->auth_response)) );
+   
+   if ( client->auth_response == NULL ) {
+   init_response = NULL;
+   } else if (( strncasecmp(client->auth_mech_name, "EXTERNAL", 8) == 0 ) 
&& ( str_len( client->auth_response ) == 0 )) {
+   /* MWE: hack/workaround to pass empty response */
+   init_response = t_strdup("=");
+   } else {
+   init_response = t_strdup(str_c(client->auth_response));
+   }
+
msieve_client->auth_mech_name_parsed = FALSE;
if ( (ret=client_auth_begin
(client, t_strdup(client->auth_mech_name), init_response)) < 0 )
return ret;

ManageSieve: authenticate "EXTERNAL" not behaving correctly

2017-10-26 Thread Marc Weustink 

Hi,

I've enabled client certificate authentication for imap and managesieve. 
When I use Thunderbird with the sieve plugin it tries to login, but 
times out.


Initially I reported this to the sieve plugin, but we came to the 
conclusion that it managesieve is misbehaving.


https://github.com/thsmi/sieve/issues/94

Thunderbird (win10-64) 52.4.0 (32bit)
Sieve 0.2.3k
Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid)


What happens is the following (p=plugin sends m=managesieve sends)

p:authenticate "EXTERNAL" ""
m:""

The response is unexpected. According to RFC 5804 an empty 
challenge/response is sent as an empty string. So I would expect:


p:authenticate "EXTERNAL" ""
m:OK "Logged in."



With the use of gnutls-cli I could reproduce (c=I send m=managesieve sends)
 gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile 
marc_mail.crt -p sieve 172.17.1.4


...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" ""
m:""
c:""
m:OK "Logged in."


However if I try the "imap" syntax (rfc4959) I get logged in at once

...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" "="
m:OK "Logged in."

Note that this is an imap only extention, "=" is an invalid base64 encoding.

Marc