Re: MySQL connection with SSL
Have you tried to set the ssl_* parameters as stated in https://doc.dovecot.org/settings/plugin/sql-mysql? Am 16.05.24, 12:53 schrieb "Gandalf Corvotempesta via dovecot" : Hi all is possible to tell dovecot to use a mysql connection with SSL ? My new remote mysql server only allows ssl connections ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Separators and shared namespaces
Regarding the following, written by "Aki Tuomi" on 2023-09-27 at 13:09 Uhr +0300: The physical (file system) separator and hierachy separator are not related. You can safely change the hierarchy separator to / . Okay, so what is it used for? The shared namespace should have list=children, and you will not see anything by default, unless you have acl_shared_dict and have actually shared a folder. Yeah, I have all of that. It works with `/`, but when I use `.`, it stops working. ACLs/sharing stays the same. Best, -- martin krafft | https://matrix.to/#/#madduck:madduck.net "glaube heißt nicht wissen wollen, was wahr ist." - friedrich nietzsche {: .blockquote } spamtraps: madduck.bo...@madduck.net {: .hidden } ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Separators and shared namespaces
Hello, I am running Dovcecot 2.3.19 on Debian, and I am trying to get shared to work. It's working if I do this: ``` namespace { type = shared separator = / prefix = Team/%%u/ location = maildir:%%h/Maildir:INDEX=%h/Maildir/Team/%%u:INDEXPVT=%h/Maildir/Team/%%u subscriptions = no list = children } ``` After setting some ACLs, I now have the following in `LIST` output: ``` … . LIST "" * * LIST (\HasNoChildren) "/" INBOX […] * LIST (\Noselect \HasChildren) "/" Team/rechnungseing...@example.org * LIST (\HasNoChildren) "/" "Team/rechnungseing...@example.org/Archiv bearbeitete Rechnungen" . OK List completed (0.003 + 0.000 + 0.007 secs). ``` However, since I am using Maildir, the default separator is `.`, and so I have to change the separator for the `inbox` namespace, which makes me feel uneasy. The system still uses `.dotted.notation` on the filesystem despite the namespace change, and subfolders and all still work, but it still rubs me the wrong way to do this. And yet, when I try to use `.` like this: ``` separator = . prefix = Team.%%u. location = maildir:%%h/Maildir:INDEX=%h/Maildir/.Team,%%u:INDEXPVT=%h/Maildir/.Team.%%u ``` then nothing shows up in `LIST` output. Any idea why this might be? Thanks, -- martin krafft | https://matrix.to/#/#madduck:madduck.net "den stil verbessern, das heißt den gedanken verbessern." - friedrich nietzsche {: .blockquote } spamtraps: madduck.bo...@madduck.net {: .hidden } ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html
Hi team, regarding: https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html I have the very same problem. terve:/tmp #decrypt.rb -k /etc/dovecot/mailcrypt/ecpubkey.pem -f ./1681118363terve.xy-space.de\,S\=3452\,W\=3515\:2\,S Key(s) (total: 1) - Key type : EC - Key digest: a27b201cf7f59f... - Peer key : 04aaca0143208904deced2732aaa... - Encrypted : 4cde641bff16098b91bfaf66... - Kd hash : 9e229ec6c0... terve:/tmp #decrypt.rb -k /etc/dovecot/mailcrypt/ecprivkey.pem -f ./16811terve.xy-space.de\,S\=3452\,W\=3515\:2\,S Key(s) (total: 1) - Key type : EC - Key digest: a27b201cf7f59f978bb9b27947f60a9... - Peer key : 04aaca0143208904deced2732aaaf127... - Encrypted : 4cde641bff16098b91bfaf66c9... - Kd hash : 9e229ec6c09... terve:/tmp #decrypt.rb -i -k /etc/dovecot/mailcrypt/ecprivkey.pem -f ./1681118...terve.xy-space.de\,S\=3452\,W\=3515\:2 \,S Version : 2 Flags : AEAD integrity Header length : 255 Cipher algo : aes-256-gcm (2.16.840.1.101.3.4.1.46) Digest algo : sha256 (2.16.840.1.101.3.4.2.1) Key derivation - Rounds : 2048 ... N. B. Before posting I arbitrarily removed numbers from the output, maybe paranoid... Environment: openSuSE Linux server. dovecot version 2.3.20 openssl version 1.1.1 ruby version 3.1.2p20 decrypt.rb version https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de This is the way I generated the keys: openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem This is the 10-mailcrypt.conf: mail_plugins = $mail_plugins mail_crypt plugin { #fts_index_fs = crypt:set_prefix=fscrypt_index:posix:set_prefix=/tmp/fts mail_crypt_global_private_key = Encryption of incoming (thanks to dovecot-lda), as well as outgoing mails works perfectly. But for me it is more a feature than a bug, since now, even as root I am not able to decrypt users mails. This serves plausible deniability. But how can I make sure, that NOBODY ELSE can decrypt with this specific private key? Is there ANY OTHER way to decrypt the mails besides the script? Have a nice Monday, and THANKS for taking your time! Martin, Cologne P. S. Did you notice, that as an argument (-k) the results are the same, both with private and public key? P.P.S. If i give the "-w" argument and a file name, the file remains empty, tried even that without success. P.P.P.S. If I call the script with ruby version 2 it bails out...
Re: Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions
Hello, Please accept my apologies for not giving all the details in the original bug report. After further testing, I need to add that it is not the permissions of .mailder that cause doveadm to fail. It fails because the .maildir is a FUSE mount with access to all other users, including potentially untrusted root, restricted. This configuration worked fine until 2.3.18-r1. Has the context under which doveadm runs changed? Is there a way to make it run as the user? --- roughgrain.com - Mastering Mentoring +447780565902 On 17/07/2022 11:20, Martin Kuchta wrote: Hello, Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes. # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 # Hostname: www.example.com auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = www.example.xom listen = * login_greeting = Dovecot ready. mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.example.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmas...@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert =
Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions
Hello, Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes. # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 # Hostname: www.example.com auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = www.example.xom listen = * login_greeting = Dovecot ready. mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.example.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmas...@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert =
S3 integration w Dovecot
Good morning, day, evening :P As stated on documentation S3-compatible Storages — Dovecot documentation <https://doc.dovecot.org/configuration_manual/mail_location/obox/s3/> only AWS S3 is officially supported. However, we know that Scality has been successfully integrated at some larger corporations. Particularly curious if anyone has integrated with Pure S3 object storage solution, or any other for that matter? Just looking at some different options. - Sincerely, Martin.
Re: ssl_params error on RHEL7 FIPS enabled
There have been multiple submitted fixes to this, I submitted a fix to Redhat myself. And they are not willing to add it to their EL7 at this point. From: dovecot on behalf of Brad Partin Date: Thursday, August 19, 2021 at 12:39 PM To: "dovecot@dovecot.org" Subject: ssl_params error on RHEL7 FIPS enabled [External Email] All, The machine I’m running dovecot on is: RHEL7.9 3.10.0-1160.31.1.el7.x86_64 I can run Systemctl restart dovecot then status or /usr/libexec/dovecot/ssl-params and I get the following error. Info: Generating SSL parameters Fatal: ssl_iostream_generate_params(4096) failed: DH_generate_parameters(bits=512, gen=2) failed: error:0506A06E:lib(5):func(106):reason(110), error 0506A003:lib(5):func(106):reason(3) Error: child process failed with status 22784 I can generate a diffie-hellman pem with openssl dhparam -out /etc/dovecot/dh.pem 4096 But dovecot 2.2.36 does not have the option of telling it where the dh.pem file is located in the config like version 2.3 does. Is my error related to FIPS and is there a way around it? My dovecot version is: Dovecot version 2.2.36 release 8.el7 Thanks in advance to anyone willing to help out, I know it’s voluntary 🙏 Thanks, bpartin2009 Sent from my iPhone
Tuning pop3-login client_limit
Good day / evening / morning good dovecot people: Overview: We are seeing the following issue on one of our servers: pop3-login: Error: master(pop3): net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable (client-pid=5418, client-id=1, rip=__REMOVED__, created 534 msecs ago, received 0/4 bytes) We tried tuning the pop3-login -> client_limit parameter. However, as soon as we increased this parameter (and after restarting dovecot), we saw an onslaught of lmtp connection errors in postfix (unable to deliver via lmtp to dovecot). This led us to set the pop3-login -> client_limit back to 1000 again and the lmtp errors disappeared. This leads me to think that we should tune some other parameters as well. Increase overall limits or such. It seems like when increasing the client_limit for pop3-logins that somehow affected the lmtp deliverability. If anyone has any input on this that would be much appreciated. Cheers, Martin -- Version and config: # dovecot --version 2.2.36 (1f10bfa63) # dovecot -n # 2.2.36 (1f10bfa63): # OS: Centos 7.7 # Hostname: auth_mechanisms = auth_verbose = yes base_dir = __REMOVED__ default_client_limit = 2500 disable_plaintext_auth = no doveadm_password = first_valid_uid = 89 last_valid_uid = 89 lmtp_rcpt_check_quota = yes login_greeting = login_trusted_networks = mail_gid = 89 mail_plugins = " notify replication quota" mail_uid = 89 mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { args = driver = ldap } plugin { mail_replica = tcps: quota = maildir:User quota quota_rule = } protocols = pop3 lmtp replication_full_sync_interval = 3 hours replication_max_conns = 20 service aggregator { fifo_listener replication-notify-fifo { group = postfix mode = 0640 user = postfix } unix_listener replication-notify { group = postfix mode = 0640 user = postfix } } service auth { unix_listener auth { mode = 0660 } } service doveadm { inet_listener { port = 12345 ssl = yes } } service lmtp { process_min_avail = 10 unix_listener lmtp { group = postfix mode = 0640 user = postfix } } service pop3-login { client_limit = 1000 process_limit = 2048 process_min_avail = 10 service_count = 1 } service pop3 { client_limit = 1 process_limit = 2048 process_min_avail = 0 service_count = 1 }
Dovecot won't accept IMAP TLS 1 connections from older devices [SOLVED]
I've spent days scouring the Internet and trying various solutions on a problem with my Dovecot installation, so I thought I'd share what I learned in hopes of saving other people a lot of time. The dedicated Dovecot hands will know all of the following already. This is for those of us that have to cover a lot of bases. I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu 20.04.1, and found that older Mac-books and iPads (and probably other devices) could no longer establish IMAP connections to Dovecot. Dovecot logged: SSL routines:tls_early_post_process_client_hello:unsupported protocol and TCP/IP traces showed that it dropped the connection after the client's initial HELLO. I tested what kinds of connections Dovecot would accept with (for example): openssl s_client -tls1_1 -connect localhost:993 # Test whether TLSv1.1 is accepted - received "unsupported protocol" message. Searching showed that Dovecot has a parameter "ssl_min_protocol", which is documented as defaulting to TLSv1. Nevertheless I explicitly set it to TLSv1 with no effect. This was a red herring. I spent a long time looking to see if Dovecot had a bug in handling this newish parameter, etc. Eventually I came across one posting regarding a web server, that told me the OpenSSL libraries that Dovecot and lots of other packages use has a single configuration file for the entire system. In Ubuntu 20.04 it defaults to requiring TLSv1.2 or above. Changing the configuration for OpenSSL affects everything on the system using the library. I changed the file, restarted Dovecot, and it immediately accepted TLSv1 connections. Obviously I'd prefer to maintain the improved security of TLSv1.2, but in my case it was better to continue providing mail service at a lower security level than to deny service to some users until they upgraded their personal devices. You'll need to make your on decision on that score. The file to change is (on Ubuntu, at least) /usr/lib/ssl/openssl.cnf. The change consists of adding a line of code in the initial section that invokes several new sections later: In the initial section I added: openssl_conf = default_conf Then at the bottom of the file I added: [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1 There is an alternative approach that I have read of but not tested. Basically you can create a new file elsewhere with the customized content, and then set an environmental variable (OPENSSL_CONF) just before launching Dovecot that points to your new file. This way, only Dovecot is using downgraded security. Since my mail server is a dedicated system and I didn't want to muck with the Dovecot start-up environment, I didn't feel the need to go that route. So all my digging into why Dovecot wouldn't accept TLSv1 connections and how to change it were completely on the wrong path. It would be nice if Dovecot could log a message when its ssl_min_protocol is set lower than what OpenSSL will accept, but Dovecot may not be able to tell what OpenSSL is doing. In any case, those are the symptoms, the real problem, and how to fix it. Good luck, and thanks to Matt Caswell for posting the answer that I eventually found. Ref: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
DKIM fail if WHM adds Message-ID, should be Message-Id
I created a client library to send emails for a webapp. After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value. This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam. The work around is to add to the message a Message-Id with a little 'd' header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM 'h' record and does not add a Message-ID header. My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it. Regards Robert
Re: Disable Dovecot LDA
On Dienstag, 31. März 2020 21:14:26 CEST Adam Raszkiewicz wrote: > But then it loops again when get back to the postfix as an incoming message > (doesn't know that a...@localdomain.com is located on that Dovecot) + > Is there any way to disable Dovecot LDA? I want to always send email via > postfix and relay server even it will be a local delivery within the Dovecot > server > >Thanks, >Adam Why should a disabled LDA or a relayhost help in this matter? Honestly, who is sending what to where anyway? I mean Dovecot is an IMAP-Server: It receives emails from Postfix and mailclients connect to Dovecot to get these mails. When a mailclient sends an email it connects to Postfix not to Dovecot, so a delivery "within Dovecot" isn't really happening. Dovecot's LDA has options to send (bounce) mails back to Postfix. I guess loops occur there? WHO doesn't know that a...@localdomain.com is located on Dovecot -- Dovecot itself (= unknown recipient or perhaps permission problems while saving the mail) or Postfix (= no transport to Dovecot)? Martin
Re: Send local generated mails via gateway back to LDA Dovecot
Well as you need LDA to deliver emails from postfix to dovecot, you can't just turn it off. What you need is a second smtp daemon within postfix, which is only responsible for local originating emails and is configured to send any email to your gateway. This way your second smtpd will send local generated mails to your gateway. The gateway will send those mails back to your default smtpd and this one will deliver those mails to dovecot -- or where ever you configured them to go to. As email addresses like localpart@localhost aren't useful for your gateway, you need to (canonical) rewrite those addresses to an official address. --- This means your default smtpd must not listen on localhost anymore. The default entry in master.cf like "smtp inet n - n - - smtpd" means that the smtpd listens on any interface on smtp port number 25. Now you need it to listen on the smtp port of your official IP address only. Therefore we will override inet_interfaces from main.cf . Your second smtpd, newly defined in master.cf, inherits the default values from main.cf too, so you need to adjust only some. Well and this daemon will listen on localhost only. Note1: This config runs without a chroot environment! If you do, some extra adjustments might be necessary. (I don't know for sure.) Note2: Lines starting with dash (-) should be removed in your config and those beginning with plus (+) should be added. Angled brackets (<>) indicate a placeholder and they should not be present in your config. /etc/postfix/master.cf # == # service type private unpriv chroot wakeup maxproc command + args # == -smtp inet n - n - - smtpd +smtp inet n - n - - smtpd + # Incomming mails only from real IP address -o inet_interfaces= +127.0.0.1:25 inet n - n - - smtpd + # Incomming mails only from loopback device + # use only if appropriate in your case (postfix version >=2.2) +-o inet_interfaces=loopback-only + # Incomming mails only from localhost + # use only if appropriate in your case (postfix version < 2.2) +-o inet_interfaces=localhost,127.0.0.1 + # Empty mydestination to disable local transport +-o mydestination= + # disable LDA delivery by emptying corresponding config entries + # you either use mailbox_command or virtual_mailbox_domains +-o mailbox_command= +-o virtual_mailbox_domains= + # Use this IP address as client to connect to gateway +-o smtp_bind_address= + # Canonical rewrite for sender and recipient addresses with @localhost +-o canonical_maps = pcre:/etc/postfix/canonical_localhost.pcre --- New file /etc/postfix/canonical_localhost.pcre # This is a Perl Compatible Regular Expression table, # so no postmap command is needed. # Address something@localhost becomes something@ # or # address something@localhost becomes root@ # CHOOSE ONLY ONE ! # #/^(.+)@localhost$/ $1@ /^.+@localhost$/ root@ --- Local generated mails, that have no domain information should append the string $mydomain instead of default $myorigin (which normally is the FQDN of your mailserver). /etc/postfix/main.cf - append_at_myorigin = yes + append_at_myorigin = no - append_dot_mydomain = no + append_dot_mydomain = yes --- I guess you already set $relayhost but you can set fallbacks too. /etc/postfix/main.cf relayhost = +# Optional list of relay hosts +smtp_fallback_relay = , --- Of course you need to restart postfix to apply these changes. AND if something breaks don't hold me responsible, use this config at your own risk! Martin On Dienstag, 31. März 2020 18:35:07 CEST Adam Raszkiewicz wrote: > Hi, > > Is there any way to disable Dovecot LDA? I want to always send email via > postfix and relay server even it will be a local delivery within the > Dovecot server > Thanks, > Adam
Re: lmtp and recipient_delimiter
On Sonntag, 15. März 2020 22:37:40 CET Martin Johannes Dauser wrote: > On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote: > > On 15/03/2020 21:26, GMX Account wrote: > > > have a look at this: > > > > > > http://www.postfix.org/postconf.5.html#recipient_delimiter > > > > > > [...]When the recipient_delimiter [1] set contains multiple characters > > > (Postfix 2.11 and later), a user name or .forward file name is > > > separated from its extension by the first character that matches the > > > recipient_delimiter [1] set.[...] > > > > Uhm, yes, I know what this option should do, but what happens, if I > > already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) > > and I set recipient_delimiter to "-"? > > > > Will this character become a somewhat illegal character for usernames in > > the user database? > > > > > > Cheers, > > > > Juri > > Yes, of course . By setting the delimiter "-", the address foo-...@ex.tld > becomes f...@ex.tld . Postfix seems to have a special interpretation of "+-" > as it is compatible to qmail extension (another smtp server), which seems > to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" > as delimiter... > > foo-...@ex.tld > foo+...@ex.tld > foo+-...@ex.tld > ... would all be sent to f...@ex.tld ?? > > From http://www.postfix.org/postconf.5.html#recipient_delimiter > # Handle both Postfix and qmail extensions (Postfix 2.11 and later). > recipient_delimiter = +- > > (Who would need such a compatibility option -- I mean where is the use case > ?!) Martin Ah, answering my own post, sk71 already gave the hint: When the recipient_delimiter set contains multiple characters , a FILE NAME is separated from its extension by the FIRST CHARACTER THAT MATCHES the recipient_delimiter set. So postfix will act similar to qmail and check files: "the delivery instructions for username-extension are in ~username/.qmail-extension." So setting the delimiter to "+-" postfix will interpret * foo-...@ex.tld as an email for f...@ex.tld and will check a file matching "bar". * foo+...@ex.tld -> f...@ex.tld, file matching "bar" * foo+-...@ex.tls -> f...@ex.tld, file matching "-bar" * foo-+...@ex.tls -> f...@ex.tld, file matching "+bar" Well and you might want to use that when transfering from/to qmail. Martin
Re: lmtp and recipient_delimiter
On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote: > On 15/03/2020 21:26, GMX Account wrote: > > have a look at this: > > > > http://www.postfix.org/postconf.5.html#recipient_delimiter > > > > [...]When the recipient_delimiter [1] set contains multiple characters > > (Postfix 2.11 and later), a user name or .forward file name is > > separated from its extension by the first character that matches the > > recipient_delimiter [1] set.[...] > > Uhm, yes, I know what this option should do, but what happens, if I > already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) > and I set recipient_delimiter to "-"? > > Will this character become a somewhat illegal character for usernames in > the user database? > > > Cheers, > Juri Yes, of course . By setting the delimiter "-", the address foo-...@ex.tld becomes f...@ex.tld . Postfix seems to have a special interpretation of "+-" as it is compatible to qmail extension (another smtp server), which seems to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" as delimiter... foo-...@ex.tld foo+...@ex.tld foo+-...@ex.tld ... would all be sent to f...@ex.tld ?? From http://www.postfix.org/postconf.5.html#recipient_delimiter # Handle both Postfix and qmail extensions (Postfix 2.11 and later). recipient_delimiter = +- (Who would need such a compatibility option -- I mean where is the use case ?!) Martin
Re: managesieve / sieve - append dot prefix on moving mails into folder
On Tue, 2020-02-18 at 14:19 +0100, Martin Johannes Dauser wrote: > Hallo! > > If you didn't define a separator it's default is "." . So you would need > to change "INBOX/Monitoring" to "INBOX.Monitoring" to be accepted. > > And 10-mail.conf needs a "prefix=INBOX." --note the dot as a separator > at the end. It might be, that prefix is empty, which should be valid too. But then you need to modify your sieve rule. Not 100% sure but I guess: fileinto "INBOX.Foldername"; > > > Hope this helps > Martin > > On Tue, 2020-02-18 at 12:40 +0100, Andre Hoepner - i.based: Systemhaus > GmbH + Co. KG wrote: > > Hello mailinglist-subscribers, > > > > i have an issue with the managesieve / sieve plugin in dovecot. > > > > We use roundcube as webmailer and if i define a new filter to move > > incoming mails directly into a subfolder i get the following sieve-code: > > > > require ["fileinto","imap4flags"]; > > # rule:[mail into folder] > > if allof (header :contains "from" "sen...@domain.org") > > { > > fileinto "Foldername"; > > setflag "\\Seen"; > > } > > > > So anything seems to be right and there are no errors on creating the > > correct syntax. > > > > But if a mail comes from the named sender, sieve does not put the email > > in the folder "Foldername" but ".Foldername". > > It appends a dot (.) in front of the name and i have no idea, why this > > happens. There are no errors in logfile and all mails go into the .Folder. > > > > Maybe it is wrong separator for mailbox, at the moment there is no > > separator defined in "10-mail.conf" and we use "Maildir" as mail_location. > > > > I have also tried to change the target folder in sieve script an named > > him "INBOX/Monitoring" - as subfolder of INBOX but than i get an error > > in .dovecot.sieve.log with message: > > > > Invalid mailbox name: Name must not have '/' characters. > > > > I edited the new rule with roundcube / managesieve-plugin and maybe this > > needs separate configuration because of separator in foldernames? > > Please let me know if i should provide any extra information or dovecot > > configuration etc. > > > > best regards > > Andre Hoepner > >
Re: managesieve / sieve - append dot prefix on moving mails into folder
Hallo! If you didn't define a separator it's default is "." . So you would need to change "INBOX/Monitoring" to "INBOX.Monitoring" to be accepted. And 10-mail.conf needs a "prefix=INBOX." --note the dot as a separator at the end. Hope this helps Martin On Tue, 2020-02-18 at 12:40 +0100, Andre Hoepner - i.based: Systemhaus GmbH + Co. KG wrote: > Hello mailinglist-subscribers, > > i have an issue with the managesieve / sieve plugin in dovecot. > > We use roundcube as webmailer and if i define a new filter to move > incoming mails directly into a subfolder i get the following sieve-code: > > require ["fileinto","imap4flags"]; > # rule:[mail into folder] > if allof (header :contains "from" "sen...@domain.org") > { > fileinto "Foldername"; > setflag "\\Seen"; > } > > So anything seems to be right and there are no errors on creating the > correct syntax. > > But if a mail comes from the named sender, sieve does not put the email > in the folder "Foldername" but ".Foldername". > It appends a dot (.) in front of the name and i have no idea, why this > happens. There are no errors in logfile and all mails go into the .Folder. > > Maybe it is wrong separator for mailbox, at the moment there is no > separator defined in "10-mail.conf" and we use "Maildir" as mail_location. > > I have also tried to change the target folder in sieve script an named > him "INBOX/Monitoring" - as subfolder of INBOX but than i get an error > in .dovecot.sieve.log with message: > > Invalid mailbox name: Name must not have '/' characters. > > I edited the new rule with roundcube / managesieve-plugin and maybe this > needs separate configuration because of separator in foldernames? > Please let me know if i should provide any extra information or dovecot > configuration etc. > > best regards > Andre Hoepner >
Re: Bug with latest GCC 9
On 7/28/19 11:57 PM, Stephan Bosch wrote: > > > On 25/04/2019 12:52, Martin Liška via dovecot wrote: >> On 1/25/19 8:24 PM, Stephan Bosch wrote: >>> >>> Op 25/01/2019 om 10:59 schreef Martin Liška: >>>> Hi. >>>> >>>> As mentioned here: >>>> https://bugzilla.opensuse.org/show_bug.cgi?id=1123136 >>>> >>>> there's a new issue with GCC 9, it's related to: >>>> https://gcc.gnu.org/gcc-9/porting_to.html#complit >>>> >>>> in: >>>> /* Not const! Never return this as a result directly! */ >>>> #define SMTP_ADDRESS_LITERAL(localpart, domain) \ >>>> &((struct smtp_address){ (localpart), (domain) }) >>> Thanks for reporting this. We are working on it (tracking internally as >>> DOP-890). >>> >>> Regards, >>> >>> Stephan. >> Hi. >> >> Thanks for working on that. Is there any update please? > > Fixed in 2.3.7. Thank you for the fix. Martin > > Regards, > > Stephan.
Re: Bug with latest GCC 9
On 1/25/19 8:24 PM, Stephan Bosch wrote: > > > Op 25/01/2019 om 10:59 schreef Martin Liška: >> Hi. >> >> As mentioned here: >> https://bugzilla.opensuse.org/show_bug.cgi?id=1123136 >> >> there's a new issue with GCC 9, it's related to: >> https://gcc.gnu.org/gcc-9/porting_to.html#complit >> >> in: >> /* Not const! Never return this as a result directly! */ >> #define SMTP_ADDRESS_LITERAL(localpart, domain) \ >> &((struct smtp_address){ (localpart), (domain) }) > > Thanks for reporting this. We are working on it (tracking internally as > DOP-890). > > Regards, > > Stephan. Hi. Thanks for working on that. Is there any update please? Martin
Re: Extended logging / moved mails jumping back
did some improvements on the server. from dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 to # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.8 dovecot is working for days without issues, logging is running to one file /var/log/mail.dovecot In the logfile appears 2019-04-19 18:53:54 imap-login: Info: Login: user=, method=PLAIN, rip=80.75.xx.35, lip=136.xxx.9.172, mpid=28364, TLS, session= All 4 different MUAs Thunderbird are logged in the same way. They are behind a router, so they having the same remote IP. So I cant differentiate, which MUA causes which event. Is there a way, to identify which client raise a special event? Am So., 14. Apr. 2019 um 12:38 Uhr schrieb Reto Brunner via dovecot < dovecot@dovecot.org>: > On Sun, Apr 14, 2019 at 12:04:36PM +0200, Martin Müller via dovecot wrote: > > relay=dovecot, delay=0.13, delays=0.07/0/0/0.06, dsn=4.3.0, > status=deferred > > (temporary failure. Command output: Can't open log file > > /var/log/mail.dovecot-error: Permission denied ) > >[...] > > Here the output of ls -la /var/log/mail.dovecot-error > > -rw-r--r-- 1 root root 21259 Apr 14 11:24 /var/log/mail.dovecot-error > >[...] > > Any hints for me? > > Well, fix the permission errors? > Give write access to the docecot user (or whatever you use) for the log > file. > > Also take care if you use the systemd service, there may be other > restrictions in place (ProtectSystem etc) > -- Martin
Re: Extended logging / moved mails jumping back
Hi! Now I have to check, if this a Thunderbird-Issue or is this a dovecot-issue. For that reason, I will activate the extended logging of dovecot. I cant see such events in the logfiles. Which switch is to turn on to log all events? Or do anyone know the reason for the annoying "copy/move-the-mail-back"-issue? Thank you in advance for all inputs. regards, martin You are missing mail_plugins = $mail_plugins notify mail_log Thank you - it didnt work for me (yet). But I think there is another problem which I have to solve first. I recognised that the maildelivery stops after turning on the logging to the three files. The incomming mails are held in the mailq, in syslog appears relay=dovecot, delay=0.13, delays=0.07/0/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/mail.dovecot-error: Permission denied ) In /var/log/mail.dovecot-error are lines like 2019-04-14 10:16:18 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Here the output of ls -la /var/log/mail.dovecot-error -rw-r--r-- 1 root root 21259 Apr 14 11:24 /var/log/mail.dovecot-error If I turn the extended logging off, all works fine. `postqueue -f` releases all held mails to their boxes. Any hints for me? Thank you! martin
Extended logging / moved mails jumping back
Hi! About 4-6 MUA Thunderbird 60.6.1 are going to connect with dovecot 2.2.13/IMAP (debian 8) and are using the same user/password. This setup works for years flawless (updated clients and serversoftware). Since a few weeks there is one major trouble: I one of the client moves a mail from the inbox to a another IMAP-Folder, most of the moved mail are moved for the moment. But an unstable period later, the mails are moved back to the inbox. In rarely cases, the moved mail is copied (one in the inbox, one in the destinationfolder). Now I have to check, if this a Thunderbird-Issue or is this a dovecot-issue. For that reason, I will activate the extended logging of dovecot. ### ### ### ### dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 auth_mechanisms = plain login debug_log_path = /var/log/mail.dovecot-debug disable_plaintext_auth = no info_log_path = /var/log/mail.dovecot-info listen = *,[::] log_path = /var/log/mail.dovecot-error log_timestamp = "%Y-%m-%d %H:%M:%S " mail_debug = yes mail_max_userip_connections = 100 mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert =
Re: Sieve fileinto copies messages instead of moving them
Micheal, just for your information: "stop;" stops the whole script at this very line, which means no other rule will be applied on this message anymore. Most of the time this is desired. Otherwise "elsif" (and "else" as a catch-all) is your friend. require ["fileinto"]; # rule:[check if either SPAM or SPAMSPAM] if header :contains "subject" "SPAMSPAM" { fileinto "SPAM"; } elsif header :contains "subject" "SPAM" { fileinto "MaybeSPAM"; } # rule:[something else needs to be done with message] if blah { action; } On Thu, 2019-03-07 at 02:57 -0500, Helmut K. C. Tessarek via dovecot wrote: > You are missing a stop after the fileinto. Otherwise it will not stop, but > rather processing the next rule as well. > > Change it to: > > require ["fileinto"]; > # rule:[SPAM] > if header :contains "subject" "SPAMSPAM" > { > fileinto "SPAM"; > stop; > } > # rule:[SPAMSPAM] > if header :contains "subject" "SPAM" > { > fileinto "MaybeSPAM"; > stop; > } > > Cheers, > K. C. >
Re: Pigeonhome Sieve: check existence of a folder?
What about extension "mailbox"? https://wiki.dovecot.org/Pigeonhole/Sieve https://tools.ietf.org/html/rfc5490#section-3 A simple example (not tested, but should work): note: + I use '/' instead of '.' as hierarchical separator + stop; stops the whole script, but you could use elsif instead. require ["fileinto", "mailbox"]; if header :contains "header's name" "aaa" { if mailboxexists "INBOX/aaa" { fileinto "INBOX/aaa"; stop; } } if header :contains "header's name" "def" { if mailboxexists "INBOX/def" { fileinto "INBOX/def"; stop; } } Greetings Martin On Thu, 2019-02-28 at 10:42 +0100, AvV via dovecot wrote: > Dear All, > > Thanks ofr the great job so far. > > I have crawled the doc & web, and did not find oh to check for the > presence of a folder ina a mailbox? > > I know about "fileinto :create" of course, but the purpose is > slightly > different: I want to automate the move into a folder based on some > rules > but *only if* an associated folder is present (which name is based > on > the rule), otherwise I will do a form of catch-all. > > Example: > > - INBOX > +- abc > +- def > > - Rule detects "aaa" in someheader field: folder "aaa" not present" > -> > continue; > > - Rule detect "def" in some header field: "def exists" -> fileinto > "def" > ; stop; > > Any help appreciated. > > Cheers, > > A/ >
Re: Dovecot 2.3.3 Mailbox does not exist
Never done shared/public folders but perhaps Debug mode will give a hint. doveadm -Dv acl get -A Public/Archive On Tue, 2019-02-26 at 10:21 -0500, Kunal A. via dovecot wrote: > HI, > I would deeply aprechiate if someone here could help me address a > problem with ACL. I would personally refrain from e-mailing ever so > often as I understand other users have more important issues to > discuss about. Anyways I hope someone here could help. > > When I run ;- > doveadm acl get -A Public/ArchiveI keep getting an error that says > Mailbox does not exist . See erorr message below : - > > Error: Can't open mailbox Public/Archive: Mailbox doesn't exist: > Public/Archive > > In the fastmail folder there is a folder called Archive, why isn't it > being read? The folder is drwxr-xr-x. with vmail as owner. > > Deeply appreciate if someone could help with this. > Many thanks > > dovecot -n output :- > > # 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf > # OS: Linux 4.20.10-200.fc29.x86_64 x86_64 Fedora release 29 (Twenty > Nine) > # Hostname: machine > auth_mechanisms = plain login > mail_location = maildir:~/Maildir > mail_plugins = acl > mail_privileged_group = mail > mbox_write_locks = fcntl > namespace { > list = children > location = maildir:/run/media/computer/Storage/Email/fastmail/ > prefix = Public/ > separator = / > subscriptions = yes > type = public > } > namespace inbox { > inbox = yes > list = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = INBOX/ > separator = / > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > acl = vfile > } > postmaster_address = postmaster at example.com > protocols = imap pop3 > service auth-worker { > user = vmail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = vmail > } > user = dovecot > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > port = 0 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl = required > ssl_cert = ssl_cipher_list = PROFILE=SYSTEM > ssl_key = # hidden, use -P to show it > userdb { > driver = passwd > } > userdb { > args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > driver = static > } > protocol imap { > mail_plugins = acl imap_acl > } > >
Re: new Centos server install yum dependency error: i686 vs x86_64
Is your server even running on CentOS 64bit? # arch or # uname -m should return "x86_64". But as your available base package is dovecot- 2.2.36-3.el7.i686 and not dovecot-2.2.36-3.el7.x86_64 I guess you'll see something like "i686" Martin Johannes Dauser On Sat, 2019-02-23 at 07:58 +1100, Voytek Eymont via dovecot wrote: > > On Sat, February 23, 2019 2:53 am, Alex JOST via dovecot wrote: > > Am 22.02.2019 um 14:43 schrieb Voytek Eymont via dovecot: > > > > > > > > > > > On Sat, February 23, 2019 12:31 am, Gerald Galster via dovecot > > > wrote: > > > > > > > > > > > Your problem is here: > > > > > > > > > > > > > > > > Error: Package: 2:dovecot-lua-2.3.4.1-1.x86_64 (dovecot-2.3- > > > > latest) > > > > Requires: dovecot = 2:2.3.4.1-1 > > > > Available: 1:dovecot-2.2.36-3.el7.i686 (base) > > > > dovecot = 1:2.2.36-3.el7 > > > > > > > >
Re: sieve filter not working -- matchtype
Scott, you are right. And I guess it's computed faster too. # rule:[test] if header :matches "from" "*.info" { redirect "su...@domain.com"; } Even a TLD like "*.superinfos" may be included: "*@*.*info*" Greetings Martin On Wed, 2019-02-20 at 08:47 +, Scott M. via dovecot wrote: > Why do you use regex ? > > You can just use matches: https://p5r.uk/blog/2011/sieve-tutorial.htm > l#matchtype > > > > > > On Wed, Feb 20, 2019 at 03:31 AM, subin ks via dovecot ot.org> wrote: > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6. > I'm trying to set a Sieve filter which will redirect all emails from > `info` (i.e. .info) TLD to another email. This is the filter: > > require ["regex"]; > # rule:[test] > if header :regex "from" "info$" > { > redirect "su...@domain.com"; > } > > It's not being honored; all emails from .info TLD ends up in the > inbox and none are redirected. Let me know what I'm doing wrong. > > Thanks. >
Re: sieve filter not working -- wildcard missing
On Wed, 2019-02-20 at 10:37 +0100, Martin Johannes Dauser via dovecot wrote: > On Wed, 2019-02-20 at 10:18 +0100, Martin Johannes Dauser via dovecot > wrote: > > Hi! > > > > You forgot the wildcard '.*' (= Match zero or more instances of any > > single character, except newline) > > > > require ["regex"]; > > # rule:[test] > > if header :regex "from" ".*info$" > > { > > redirect "su...@domain.com"; > > } > > > > With this rule, you are filtering emails from toplevel domain > > '*.info' > > or new domains that might occur in future (e.g '*.superinfo'). If > > you > > want to restrict to classic tld '*.info' change the regex to > > > > ".*\.info$" > > Oh, and if you want to include a TLD like "*.superinfos" The regex > needs to be > > ".*\..*info[^.]$" ARGH, I forgot a star: ".*\..*info[^.]*$" > > > > > > > The draft lists a table of common regex in section2: > > https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section- > > 2 > > > > > > There are online regex checker like https://regex101.com thought > > not > > specific to sieve's regex, which can be used to test your regular > > expressions. Sieve's regex are quite standard though. > > > > Greetings > > Martin > > > > > > On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote: > > > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian > > > 9.6. > > > I'm trying to set a Sieve filter which will redirect all emails > > > from > > > `info` (i.e. .info) TLD to another email. This is the filter: > > > > > > require ["regex"]; > > > # rule:[test] > > > if header :regex "from" "info$" > > > { > > > redirect "su...@domain.com"; > > > } > > > > > > It's not being honored; all emails from .info TLD ends up in the > > > inbox and none are redirected. Let me know what I'm doing wrong. > > > > > > Thanks. > > >
Re: sieve filter not working -- wildcard missing
On Wed, 2019-02-20 at 10:18 +0100, Martin Johannes Dauser via dovecot wrote: > Hi! > > You forgot the wildcard '.*' (= Match zero or more instances of any > single character, except newline) > > require ["regex"]; > # rule:[test] > if header :regex "from" ".*info$" > { > redirect "su...@domain.com"; > } > > With this rule, you are filtering emails from toplevel domain > '*.info' > or new domains that might occur in future (e.g '*.superinfo'). If you > want to restrict to classic tld '*.info' change the regex to > > ".*\.info$" Oh, and if you want to include a TLD like "*.superinfos" The regex needs to be ".*\..*info[^.]$" > > > The draft lists a table of common regex in section2: > https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section-2 > > > There are online regex checker like https://regex101.com thought not > specific to sieve's regex, which can be used to test your regular > expressions. Sieve's regex are quite standard though. > > Greetings > Martin > > > On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote: > > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6. > > I'm trying to set a Sieve filter which will redirect all emails > > from > > `info` (i.e. .info) TLD to another email. This is the filter: > > > > require ["regex"]; > > # rule:[test] > > if header :regex "from" "info$" > > { > > redirect "su...@domain.com"; > > } > > > > It's not being honored; all emails from .info TLD ends up in the > > inbox and none are redirected. Let me know what I'm doing wrong. > > > > Thanks. > >
Re: sieve filter not working -- wildcard missing
Hi! You forgot the wildcard '.*' (= Match zero or more instances of any single character, except newline) require ["regex"]; # rule:[test] if header :regex "from" ".*info$" { redirect "su...@domain.com"; } With this rule, you are filtering emails from toplevel domain '*.info' or new domains that might occur in future (e.g '*.superinfo'). If you want to restrict to classic tld '*.info' change the regex to ".*\.info$" The draft lists a table of common regex in section2: https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section-2 There are online regex checker like https://regex101.com thought not specific to sieve's regex, which can be used to test your regular expressions. Sieve's regex are quite standard though. Greetings Martin On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote: > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6. > I'm trying to set a Sieve filter which will redirect all emails from > `info` (i.e. .info) TLD to another email. This is the filter: > > require ["regex"]; > # rule:[test] > if header :regex "from" "info$" > { > redirect "su...@domain.com"; > } > > It's not being honored; all emails from .info TLD ends up in the > inbox and none are redirected. Let me know what I'm doing wrong. > > Thanks. >
Bug with latest GCC 9
Hi. As mentioned here: https://bugzilla.opensuse.org/show_bug.cgi?id=1123136 there's a new issue with GCC 9, it's related to: https://gcc.gnu.org/gcc-9/porting_to.html#complit in: /* Not const! Never return this as a result directly! */ #define SMTP_ADDRESS_LITERAL(localpart, domain) \ &((struct smtp_address){ (localpart), (domain) }) Thanks, Martin
Re: Moving messages between servers with different configurations
Hi, doveadm [-Dv] move [-S socket_path] -u user destination [user source_user] search_query Moving all mails from mailbox INBOX/test on serverA to mailbox Archive/2017 on local serverB. + destination Archive/2017 must exist + Limitation: source_user and testuser must share the same UID and GID doveadm move -S x.x.x.x:x -u testuserAtServerB Archive/2017 user source_userAtServerA mailbox INBOX/test ALL Greetings Martin Johannes Dauser On Mon, 2019-01-21 at 23:14 +0100, Marc Roos wrote: > I wanted to move messages from a mbox mailbox on server A to mdbox > on > server B. I thought I could do this by connecting to the remote > server > with "doveadm move -S x.x.x.x:x -u testuser Archive/2017 mailbox > INBOX/test" but I guess this will only allow and move messages > internally on server B? > Should I use dsync, or is there another way to move the messages? > > >
Re: BUG: cannot move messages to root mailfolder in namespace "There can be only one namespace with inbox=yes"
Hi, "The section name in namespaces (e.g. namespace sectionname { .. } is used only internally within configuration. It's not required at all, but it allows you to update an existing namespace (like how 15-mailboxes.conf does) or have userdb override namespace settings for specific users (namespace/sectionname/prefix=foo/)." (from https://wiki.dovecot.org/Namespaces) You can call the namespace as you wish or leave it out, but it's a nice hint telling it's purpose and if you activate debug level it's easier to see which namespace does what. There is no alphabetical order taken in account. Regarding duplicate prefix: I didn't thought of that. Using prefix Archive/ should lead to a mailbox /Archive/Archive I guess. I'm not sure if namespace attribute "list = no" could do something about it. Another way round would be to set the prefix of inbox as Inbox/ instead but this would force users to create folders only as subfolders of /INBOX/ or of /Archive/. I'm glad I could be of some help. Martin On Wed, 2019-01-09 at 15:22 +0100, Marc Roos wrote: > Hi Martin, > > Thanks for the reply. I got the error below, but when I changed the > prefix in 4archives to Archive/ I am getting indeed something that > is > looking ok, I still have to test with a few clients. Why did you > call > the namespace 4archives? Because it would load before inbox? Or does > this not matter at all. > > Error: namespace configuration error: Duplicate namespace prefix: "" > > > > -Original Message- > From: Martin Johannes Dauser [mailto:mdau...@cs.sbg.ac.at] > Sent: 09 January 2019 12:02 > To: dovecot@dovecot.org > Subject: Re: BUG: cannot move messages to root mailfolder in > namespace > "There can be only one namespace with inbox=yes" > > Hi, > > this setting might work. The default namespace "inbox" is managing > INBOX > and defines Special-Use folders on the same hierarchic level as > INBOX. > There is an extra namespace "4archives" which defines Archive as a > mailbox on the same level as INBOX but stored on a different > location. > Set mailbox attribute auto to your liking. > > > namespace inbox { > type = private > disabled = no > hidden = no > list = yes > ignore_on_failure = no > inbox = yes > location = > prefix = > subscriptions = yes > separator = / > > mailbox Drafts { > special_use = \Drafts > auto = subscribe > } > mailbox Junk { > special_use = \Junk > auto = subscribe > } > mailbox Spam { > special_use = \Junk > auto = no > } > mailbox spam { > special_use = \Junk > auto = no > } > mailbox Deleted { > special_use = \Trash > auto = subscribe > } > mailbox Trash { > special_use = \Trash > auto = no > } > mailbox Wastebasket { > special_use = \Trash > auto = no > } > mailbox Sent { > special_use = \Sent > auto = subscribe > } > mailbox "Sent Messages" { > special_use = \Sent > auto = no > } > mailbox "Sent Mail" { > special_use = \Sent > auto = no > } > mailbox "Tasks" { > # This mailbox has no official RFC 6154 or RFC 8457 Special-Use entry > auto = subscribe > } > } > > namespace 4archives { > type = private > disabled = no > hidden = no > list = yes > ignore_on_failure = no > inbox = no > location = > mbox:/home/mail-archive/%u/Archive/:CONTROL=/home/mail- > archive/%u/Archiv > e/control:INDEX=/home/mail-archive/%u/Archive/index:LAYOUT=maildir++ > prefix = > subscriptions = yes > separator = / > mailbox Archive { > auto = create > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment = > driver = > special_use = \Archive > } > mailbox Archives { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment = > driver = > special_use = \Archive > } > mailbox "Archived Messages" { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment = > driver = > special_use = \Archive > } > mailbox "Archived mail" { > auto = no > autoexpunge = 0 > autoexpunge_max_mails = 0 > comment = > driver = > special_use = \Archive > } > } > > > > On Fri, 2019-01-04 at 12:06 +0100, Marc Roos wrote: > > > > Where is a manual describing how to do this? Archive tree on > different > storage? > > ├── Archive/Archives/Archived Messages/Archived mail <- need > to > store > messages in root folder also > │ ├── 2017 > │ │ ├── projects > │ │ │ ├── project > │ │ │ ├── project1 > │ │ │ ├── pro
Re: BUG: cannot move messages to root mailfolder in namespace "There can be only one namespace with inbox=yes"
Hi, this setting might work. The default namespace "inbox" is managing INBOX and defines Special-Use folders on the same hierarchic level as INBOX. There is an extra namespace "4archives" which defines Archive as a mailbox on the same level as INBOX but stored on a different location. Set mailbox attribute auto to your liking. namespace inbox { type = private disabled = no hid den = nolist = yes ignore_on_failure = no inbox = yes location = prefix =subscriptions = yes separator = / mailbox Drafts { special_use = \Drafts auto = subscribe } mailbox Junk { special_use = \Junk auto = subscribe } mailbox Spam { special_use = \Junk auto = no } mailbox spam { special_use = \Junk auto = no } mailbox Deleted { special_use = \Trash auto = subscribe } mailbox Trash { special_use = \Trash auto = no } mailbox Wastebasket { special_use = \Trash auto = no } mailbox Sent { special_use = \Sent auto = subscribe } mailbox "Sent Messages" { special_use = \Sent auto = no } mailbox "Sent Mail" { special_use = \Sent auto = no } mailbox "Tasks" { # This mailbox has no official RFC 6154 or RFC 8457 Special-Use entry auto = subscribe }} namespace 4archives { type = private disabled = no hidden = no list = yes ignore_on_failure = no inbox = no location = mbox:/home/mail- archive/%u/Archive/:CONTROL=/home/mail- archive/%u/Archive/control:INDEX=/home/mail- archive/%u/Archive/index:LAYOUT=maildir++ prefix = subscriptions = yes separator = / mailbox Archive { auto = create autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Archive } mailbox Archives { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Archive } mailbox "Archived Messages" { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Archive } mailbox "Archived mail" { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Archive } } On Fri, 2019-01-04 at 12:06 +0100, Marc Roos wrote: > > > Where is a manual describing how to do this? Archive tree on > different > storage? > > ├── Archive/Archives/Archived Messages/Archived mail <- need to > store > messages in root folder also > │ ├── 2017 > │ │ ├── projects > │ │ │ ├── project > │ │ │ ├── project1 > │ │ │ ├── project2 > │ │ │ ├── project3 > │ │ │ ├── project4 > │ │ │ └── project5 > │ │ └── Sent Messages > │ ├── 2018 > │ │ ├── project1 > │ │ ├── project2 > │ │ ├── project3 > │ │ ├── project4 > │ │ ├── project5 > │ │ └── Sent > │ └── 2019 > │ ├── projectA > │ └── projectB > ├── Deleted > ├── Inbox > ├── Junk > ├── Sent > └── Tasks > > > > > >> > >> I get this error message from apple mail when I right click and > choose > >> archive > >> "The IMAP command "UID COPY" (to Archive) failed for the mailbox > "INBOX" > >> with server error: Mailbox isn't selectable" > >> > > > >Did you notice that you have a mailbox called 'Archive' and > namespace > called > >'Archive'? Namespace roots are not selectable, and this looks more > like a > >config error. > > > > > > That is been done on the advice I got here. > Since November I am trying to get resolved, that I need my Archive > and > subfolders on different storage location as the default. Furthermore > Archive folder is being used by apple mail, Archives folder eg. by > Thunderbird. So it would be nice to 'group' this, so Thunderbird is > not > accidentally storing this on the default storage. > > If the aliases plugin was working properly, I could have done this > maybe > > via aliases > https://www.mail-archive.com/dovecot@dovecot.org/msg75587.html > >
Re: Multi-server but small scale
Hi, if you have only one pair of servers, I think replication via dovecot's dsync (or doveadm via ssh) where each server holds all emails as a local storage would be easiest. There is a caveat with shared folders though. And dovecot replicates only emails. The index is not included, which means for example that you'd need 2 databases for quota - otherwise emails would count twice. Well and any manual index management needs to be done on both sides. https://wiki.dovecot.org/Replication Running a cluster filesystem or NFS as a common base is possible but needs some adjustments of dovecot like turning off caching or memory mapping, which in turn decrease performance. This is only some short handbook knowledge as I haven't implemented replication yet. Greetings Martin Johannes Dauser On Mon, 2018-11-19 at 17:51 -0800, Daniel Miller wrote: > I have a small but critical server that supports our group. As a > single > server - it's obviously a single-point-of-failure for lots of > things. > As I just experienced...again. It was a lot more fun building > systems > from components when I was younger... > > Previously 3rd-party hosted solutions didn't look attractive for > several > reasons...but I'm seeing prices now for cloud virtual machines that > are > stupid cheap. Even if they wind up being limited speed & > availability - > it would seem they'd be a lot better than nothing! > > So I'm considering having at least one backup server for various > services - obviously that includes mail. So now I have to wonder > about > the backend. And while I think I'm reasonably current with > networked > file systems (not distributed or cluster) I haven't played with > replication for a quite a while. > > For this particular usage (I'm envisioning two servers total) - is > there > a need/reason to use any form of networked/distributed/cluster file > storage? Or would this be accomplished via "pure" Dovecot - dsync > replication would keep things updated between the servers and > director > would handle the connections? So with identically configured SMTP > servers, passing to the local LMTP agents, the file system would be > "purely local" with no NFS or other interconnection? >
doveadm backup: Error: Both source and destination mail_location points to same directory
Hello! I'm using 2 namespaces, "inbox" for INBOX and it's subfolders and "special" containing folders like Sent, Junk or Drafts. Though both use mdbox I decided to represent those namespaces in different locations "mdbox:~/mail" and "mdbox:~/mail_special_folders". The main reason to use 2 namespaces was to keep special_use folders out of INBOX by using the prefix attribute -- it's rather cosmetic. ├── INBOX │ ├── SubFolder1 │ ├── SubFolder2 │ └── SubFolder3 ├── Sent ├── Trash ├── Drafts ├── Junk ├── Templates ├── This is Ham └── Report Spam Now I want to export the emails of some former users to common known maildir or mbox format to be able to hand them over on CD. The problem is that a conversion with doveadm backup fails. I guess this is due to namespace special which is configured with a manual location attribute instead of utilising mail_location. But even telling doveadm to backup only one namespace leads to the identical error (extract of debug message at bottom). As this is a RHEL7 server, the dovecot version is an old 2.2.10 and I don't expect software debugging -- I just ask if I did some misconfiguration or a failure in the command. I already thought of merging the locations of both namespaces. Yet, I'm not sure how to achieve this. >From /etc/dovecot/conf.d/10-mail.conf mail_location = mdbox:~/mail namespace inbox { type = private hidden = no ignore_on_failure = no inbox = yes list = yes location = prefix = INBOX/ separator = / subscriptions = yes } namespace special { type = private hidden = no ignore_on_failure = no inbox = no list = yes location = mdbox:~/mail_special_folders prefix = separator = / subscriptions = yes } HOME is set by LDAP user_attrs = =home=/srv/mail/%Ld/%Ln,=uid=2,=gid=2,imapQuota=quota_rule=*:st orage=%$G Identical debug messages of following commands: # dsync -Dv backup -u b...@cs.sbg.ac.at maildir:/home/Mailexport/bob or # doveadm -Dv backup -u b...@cs.sbg.ac.at maildir:/home/Mailexport/bob or # doveadm -Dv backup -u b...@cs.sbg.ac.at -n inbox maildir:/home/Mailexport/bob or # doveadm -Dv backup -u b...@cs.sbg.ac.at -n special maildir:/home/Mailexport/bob ... doveadm(b...@cs.sbg.ac.at): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mail doveadm(b...@cs.sbg.ac.at): Debug: fs: root=/srv/mail/cs.sbg.ac.at/bob/mail, index=, indexpvt=, control=, inbox=, alt= doveadm(b...@cs.sbg.ac.at): Debug: Namespace special: type=private, prefix=, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mail_special_folders doveadm(b...@cs.sbg.ac.at): Debug: fs: root=/srv/mail/cs.sbg.ac.at/bob/mail_special_folders, index=, indexpvt=, control=, inbox=, alt= doveadm(b...@cs.sbg.ac.at): Debug: Namespace INBOX/: Using permissions from /srv/mail/cs.sbg.ac.at/bob/mail: mode=0774 gid=default dsync(b...@cs.sbg.ac.at): Debug: Effective uid=2, gid=2, home=/srv/mail/cs.sbg.ac.at/bob dsync(b...@cs.sbg.ac.at): Debug: Quota root: name=User quota backend=dict args=:file:/srv/mail/cs.sbg.ac.at/bob/dovecot-quota ... dsync(b...@cs.sbg.ac.at): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/Mailexport/bob dsync(b...@cs.sbg.ac.at): Debug: maildir++: root=/home/Mailexport/bob, index=, indexpvt=, control=, inbox=/home/Mailexport/bob, alt= dsync(b...@cs.sbg.ac.at): Debug: Namespace special: type=private, prefix=, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mail_special_folders dsync(b...@cs.sbg.ac.at): Debug: fs: root=/srv/mail/cs.sbg.ac.at/bob/mail_special_folders, index=, indexpvt=, control=, inbox=, alt= dsync(b...@cs.sbg.ac.at): Error: Both source and destination mail_location points to same directory: /srv/mail/cs.sbg.ac.at/bob/mail_special_folders/mailboxes Many thanks for any hint Martin
Re: index corruption weirdness
On Wed, 2018-10-10 at 09:37 +0300, Aki Tuomi wrote: > > On 09.10.2018 22:16, William Taylor wrote: > > ... > > > > Dovecot Info: > > dovecot -n > > # 2.1.17: /etc/dovecot/dovecot.conf > > > > Hi! > > Thank you for your report, however, 2.1.17 is VERY old version of > dovecot and this problem is very likely fixed in a more recent > version. > > Aki Like RHEL 7, CentOS 7.5 should run 2.2.10 -- which is well hung either. http://mirror.centos.org/centos/7/os/x86_64/Packages/ Martin
Re: mbox locking
On Tue, 2018-10-09 at 15:30 +0200, Selmeci Tamás wrote: > On Tue, 9 Oct 2018 12:08:00 +0200 Sami Ketola > wrote: > > > How do you deliver then mails to the server? > > > > OpenSMTPD and Dovecot run on the same machine. OpenSMTPD receives > incoming mails and stores them in a mailbox (/var/spool/mail/user). > Dovecot then fetches mails from this mailbox file. > Regarding locks, OpenSMTPD's config should match methods AND order of dovecot's mbox_write_locks. Methods known by dovecot are dotlock, flock, fcntl and lockf. I couldn't find out, which methods are used by OpenSMTPD. Dovecot's mbox_read_locks should match too, but dotlock isn't used. https://wiki.dovecot.org/MailLocation/mbox https://wiki.dovecot.org/MboxLocking https://wiki.dovecot.org/MailboxFormat/mbox Martin
Re: cronjob hack to expunge deleted mails of USERNAME
Well, some dirty cronjob could periodically expunge all emails marked as DELETED from a specific user. You would need to exchange USERNAME with the real username in this little bash script. This should work, use at your own risk. (^.~) #!/bin/bash doveadm mailbox list -u USERNAME | while read -r i do doveadm expunge -u USERNAME mailbox $i DELETED done Finding the real issue would be best of course. Martin
Re: SNI Dovecot
FYI dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI. As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of the default cert, --Perhaps dovecot just utilises the last used cert? One speciality of my certs is, that both share the same Common Name (CN) but differ in Subject Alternative Names (SAN). Once your config works, you can check by initialising several connections (I tried 30 times) without SNI using openssl. First command is without SNI, second is with SNI. $ openssl s_client -showcerts -connect IP-address:993 $ openssl s_client -showcerts -connect IP-address:993 -servername server.domain This is my bugreport on this list.https://dovecot.org/pipermail/dovecot /2018-July/112368.html Best regardsMartin Johannes Dauser On Wed, 2018-08-29 at 14:41 +, Nicolas wrote: > Hi all, > > I'm testing the SNI configuration from dovecot's wiki page, to have > multiple domains. > > I'm using letsencrypt certificates. > On the 10-ssl.conf, when I only use one domain, like this, it works > : > > ssl_ca = ssl_cert = ssl_key = > I got a warning of course when using my second domain, mydomain2.fr. > > If I do the config : > > local_name mail.mydomain.fr { > ssl_ca = ssl_cert = ssl_key = } > > local_name mail.mydomain2.fr { > ssl_ca = ssl_cert = ssl_key = } > > I got this on dovecot's start : > > dovecot[930]: master: Error: service(imap-login): command startup > failed, throttling for 8 secs > dovecot[932]: imap-login: Fatal: Couldn't parse private ssl_key: > error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: > ANY PRIVATE KEY > > It's working without local_name, so why it can be a certificate > issue? > > Any idea? > > I'm using dovecot 2.2.27-3+deb9u2 from debian. > > > > Thanks, > Nicola
Re: dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
MDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -END CERTIFICATE- --- Server certificate subject=/C=AT/L=Salzburg/O=University of Salzburg/OU=Department of Computer Science/CN=mail.cs.sbg.ac.at issuer=/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-384, 384 bits --- SSL handshake has read 5255 bytes and written 362 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 1F74E0FB2AC74C65A4C68CAE898C305C6DB245A3566078A6C85E74572593951B Session-ID-ctx: Master-Key: C6CEE7B44A640152E71EB72172DEC4DCD0604585A9D38427AA6E4604E4B8351458B648D 7010D8757924DDB82EC181585 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: - b2 8f ed 2a fc 9a f8 4e-4b aa b8 9e 56 e1 01 95 ...*...NK...V... 0010 - 3d 9b 01 c4 b6 dc 64 0a-9c 1a be 5d a4 7f f0 c9 =.d] 0020 - 12 d8 f0 94 f3 8c 92 7f-b8 fa f9 cd 60 e0 21 e8 `.!. 0030 - d3 63 77 65 6f e7 ec 04-09 b4 f2 bb df cd 6d 10 .cweo.m. 0040 - dd 1a 87 fb c1 b7 de 89-f2 05 0f 70 3b 0d ef 62 ...p;..b 0050 - d4 60 f7 54 1b 38 bf d9-8f f7 81 56 1f 61 2d b6 .`.T.8.V.a-. 0060 - f4 06 f1 e3 ba 65 95 95-d0 6b dd 92 39 30 1f e2 .e...k..90.. 0070 - 6e 60 6e 39 d6 51 ed a4-ae 8e 4a b6 ae 3e d6 77 n`n9.QJ..>.w 0080 - d9 f9 5d d6 fc b1 a5 89-94 e9 4b c5 cb 39 24 3c ..]...K..9$< 0090 - 65 06 81 56 0b 16 d5 b6-a2 34 11 ea 18 c9 a3 6a e..V.4.j 00a0 - ae a7 62 75 f4 5b 37 31-6f f4 56 26 06 78 2c 62 ..bu.[71o.V&.x,b Start Time: 1532434962 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. On Mon, 2018-07-23 at 10:05 +0300, Aki Tuomi wrote: > Can you provide some details on what those openssl commands returned? > > Aki > > > On 20.07.2018 12:14, Martin Johannes Dauser wrote: > > Hi, > > > > I recognised some funny behaviour on my server. IMAP clients which > > won't send an Server Name Indication (SNI) sometimes get the wrong > > certificate. I would expect that those clients always get the > > default > > certificate (of my new domain), instead in about 20 to 50% of > > connections the certificate of my old domain will be presented. > > (sample rate was 3 times 30 connections) > > > > Clients sending SNI always get the right certificate. > > > > A user informed me that offlineIMAP complains > > 'CA Cert verifying failed: > > no matching domain name found in certificate' > > So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI, > > there is a newer version upstream though. > > > > > > I myself checked the server's behaviour with openssl: > > > > $ openssl s_client -showcerts -connect IP-address:993 > > > > and > > > > $ openssl s_client -showcerts -connect IP-address:993 -servername > > imap.domain > > > > > > I'm totally clueless about how come. > > > > Best regards > > Martin Johannes Dauser > > > > > > > > > > # 2.2.10: /etc/dovecot/dovecot.conf > > # OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux > > Server release 7.5 (Maipo) > > > > ... > > > > service imap-login { > > inet_listener imap { > > address = 127.
anvil in 2.3.2.1?
Has anvil gone away in 2.3.2.1? I ask only because I don't find an example of anvil in the conf.d files anymore and I'm migrating from 2.2.10 version to 2.3.2.1. Thanks.
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Hi, I recognised some funny behaviour on my server. IMAP clients which won't send an Server Name Indication (SNI) sometimes get the wrong certificate. I would expect that those clients always get the default certificate (of my new domain), instead in about 20 to 50% of connections the certificate of my old domain will be presented. (sample rate was 3 times 30 connections) Clients sending SNI always get the right certificate. A user informed me that offlineIMAP complains 'CA Cert verifying failed: no matching domain name found in certificate' So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI, there is a newer version upstream though. I myself checked the server's behaviour with openssl: $ openssl s_client -showcerts -connect IP-address:993 and $ openssl s_client -showcerts -connect IP-address:993 -servername imap.domain I'm totally clueless about how come. Best regards Martin Johannes Dauser # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux Server release 7.5 (Maipo) ... service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 8 service_count = 0 } ... ssl = required # set default cert ssl_cert =
Virtual mailbox doesn't refresh without deleting indexes
Hello, I have a virtual mailbox with the following dovecot-virtual file: mdbox/* -mdbox/Archive/* -mdbox/Junk -mdbox/Notes all younger 604800 not deleted This works at first, but after messages are older than 7 days, they continue to appear in this mailbox forever. Even if I close all IMAP clients and reconnect, I can't get the mailbox to omit the older-than-7-days messages without deleting its indexes. I have other virtual mailboxes that update as expected, but I don't think any of those are date-based. For example, this one "refreshes" as I'd expect: mdbox/* -mdbox/Archive/* -mdbox/Junk flagged Am I doing something wrong with the first virtual mailbox I mentioned above? I'm using dovecot 2.2.13 on Debian GNU/Linux. Thanks! --Bret
Re: changed behavior for dovecot-lda in 2.3.x
> Am 07.04.2018 um 22:16 schrieb Martin Waschbüsch : > > Hi all, > > Hey all, I upgraded to dovecot 2.3.1 (from 2.2.34) and noticed that the > behavior for dovecot-lda changed. Apparently it no longer accepts -f "" or -f > "<>? > With 2.2.34, both were accepted now I get: > > root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "<>" > lda(root): Fatal: Invalid -f parameter: Null path not allowed > > or > > root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "" > lda(root): Fatal: Invalid -f parameter: Path is empty string > > I guess this must be a bug? I mean, envelope sender *must* be empty for > bounces. In the list-archive, I saw at least one other person seemed to have had the same problem. Anyway, I fixed my immediate problem and created a pull-request which seems like the right thing to do: https://github.com/dovecot/core/pull/73 <https://github.com/dovecot/core/pull/73> perhaps this helps someone else, too. Thx, Martin
changed behavior for dovecot-lda in 2.3.x
Hi all, Hey all, I upgraded to dovecot 2.3.1 (from 2.2.34) and noticed that the behavior for dovecot-lda changed. Apparently it no longer accepts -f "" or -f "<>? With 2.2.34, both were accepted now I get: root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "<>" lda(root): Fatal: Invalid -f parameter: Null path not allowed or root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "" lda(root): Fatal: Invalid -f parameter: Path is empty string I guess this must be a bug? I mean, envelope sender *must* be empty for bounces. Thanks, Martin
How to require client SSL certificate, except for local connections
Is there any way to make Dovecot 2.2.22 not require a client SSL certificate for a local IMAP connection, but require it for any remote IMAP connection? My server is configured to require client certificates: ssl = required ... auth_ssl_require_client_cert = yes I tried adding the following to create an exception for localhost: remote 127.0.0.1 { ssl = no auth_ssl_require_client_cert = no disable_plaintext_auth = no } But Dovecot fails to start with: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 81: Auth settings not supported inside local/remote blocks: Is there any other way to do this? I don't need to override any other auth settings, just that one. I could probably use a Unix socket, if that would help. Thanks, Evan
Re: Modify stored mail contents?
On 23/07/2017 3:30 PM, Sami Ketola wrote: On 23 Jul 2017, at 16.14, Tom Hendrikx wrote: In general, you should not do this. When a message is stored using IMAP, it is immutable. The IMAP server also remembers things like size and assigns messages a unique ID, so mail readers that have already downloaded the message with that ID, don't have to download the whole message again to verify whether it's contents have magically changed. What you're suggesting is not simply compatible with IMAP standards. The normal way of applying changes to messages is just like a mail client connecting to IMAP: create a new message and save it to the store, then delete the old one. Just like that. But instead of using IMAP interface to do it, you can also do it with doveadm: 1. doveadm fetch mail 2. doveadm delete mail 3. modify fetched mail 4. doveadm import modified mail back Simple as that. There is no other supported way to do it. Editing mail objects on storage will break things. Sami Thank you, that's an interesting idea. Exporting the mail and deleting it is easy enough, but I'm not sure where I would import the message from. doveadm import expects a mailbox store as source, so I'm back to the problem of safely writing emails in a mailbox store format that Dovecot understands! I can export to Maildir format [doveadm backup -u USER "maildir:/mymaildir:LAYOUT=fs"], where each file contains one message and nothing else, but even that has extra files like dovecot-uidlist, dovecot.index.cache, etc. I'm not sure if it's safe to import from a Maildir where the message contents have been modified, but the other files haven't. Also, would the import create new UIDs? I probably want UIDs to change, so that the IMAP client re-downloads the messages. I'd want to preserve IMAP flags like "Seen", though and, ideally, the sequence of messages inside a mailbox.
Re: Modify stored mail contents?
It looks like the mail filter plugin [https://wiki2.dovecot.org/Plugins/MailFilter] is almost exactly what I want, except for this: > Currently the filtering must not modify the message in any way: mail -> write filter -> read filter -> must produce exactly the original mail back. > (TODO: Modifying the mail during writing would be possible with some code changes.) Is there any prospect of those code changes being made, so that the filter can modify mail contents? There's no indication in the docs or the code of what would break if the contents were modified, but I'm guessing indexes and caches would be out of date and would need to be rebuilt? Is it possible to just disable those? I don't need high performance. On 22/07/2017 12:51 PM, Evan Martin wrote: Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps.
Re: Modify stored mail contents?
Yes, obviously clients can save messages. I meant: to modify messages in bulk, on the server, replacing the existing message bodies stored by Dovecot. On 22/07/2017 3:56 PM, Jerry wrote: On Sat, 22 Jul 2017 12:51:15 +0200, Evan Martin stated: Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps. You could just view the message in your MUA and then save it to another drive, or whatever. Then, using a text editor, you could modify it to your hearts content. Exactly, what problem are you trying to address?
Modify stored mail contents?
Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps.
Re: Dovecot LDAP using custom field to allow users to connect
Hi Michael, Just noticed you are using auth_bind_userdn which we don't. I think you may need to use pass_filter rather than user_filter?? Best Regards Martin On 2017-06-07 10:59, Martin Wheldon wrote: Hi Michael, We do exactly that see example below: user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u))) Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search? Best Regards Martin On 2017-06-07 09:48, Michael JOIGNY wrote: Hi all, I'd like to know if it's possible to add a custom field when the authentification is made by users. My boolean custom field will be for example "AllowUser" (false/true). I'm trying to do something like that but it's not working : /user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/ This is my dovecot/ldap configuration below : /*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/ *# dovecot-ldap.conf* /hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = // //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ? Kind regards. -- Michael
Re: Dovecot LDAP using custom field to allow users to connect
Hi Michael, We do exactly that see example below: user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u))) Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search? Best Regards Martin On 2017-06-07 09:48, Michael JOIGNY wrote: Hi all, I'd like to know if it's possible to add a custom field when the authentification is made by users. My boolean custom field will be for example "AllowUser" (false/true). I'm trying to do something like that but it's not working : /user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/ This is my dovecot/ldap configuration below : /*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/ *# dovecot-ldap.conf* /hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = // //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ? Kind regards. -- Michael
Re: Compiling Dovecot on Solaris 10
Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature
Re: Sieve script won't compile. Compiler output isn't helpful.
Hi Steven, OK a on closer inspection :) You are missing a closing double quote on line 59: fileinto :create "Lists/Debain/News; should be: fileinto :create "Lists/Debain/News"; Best Regards Martin On 2016-11-30 09:30, Steven Mainor wrote: Hey martin, Thanks for the reply! I made the changes you suggested but I got the same results. According to my understanding, #header "from" "per...@example.com"# is correct for an exact match. On 11/30/2016 04:10 AM, Martin Wheldon wrote: Hi Steven, I think you may be missing the :contains from the two header lines below: if anyof (header "From" "store-n...@amazon.com", envelope :contains "From" "menswearhouse.com", envelope :contains "From" "officedepot.com", envelope :contains "From" "walgreens.com", header "From" "pr...@email.newegg.com") { fileinto :create "Promo"; stop; if anyof (header :contains "From" "store-n...@amazon.com", envelope :contains "From" "menswearhouse.com", envelope :contains "From" "officedepot.com", envelope :contains "From" "walgreens.com", header :contains "From" "pr...@email.newegg.com") { fileinto :create "Promo"; stop; Hope that helps Best Regards Martin On 2016-11-30 08:47, Steven Mainor wrote: Hello! I hope you will forgive my ignorance but I have a problem I have been trying to solve for a week and I'm not sure where else to turn. I'm trying to write a sieve script to sort all of my mail. I was writing this script to replace the one I am currently using but I can't seem to get it to compile. I don't know a lot about sieve or really scripting of any kind and I just can't figure out what I'm doing wrong. The compiler just puts out a bunch of output that doesn't make sense. like "unexpected character" when I know the character works there because I am already running a script with some of the same lines. I'm attaching the script with some names and addresses changed and the sieve output to this email. I would greatly appreciate any help anyone could offer.
Re: Sieve script won't compile. Compiler output isn't helpful.
Hi Steven, I think you may be missing the :contains from the two header lines below: if anyof (header "From" "store-n...@amazon.com", envelope :contains "From" "menswearhouse.com", envelope :contains "From" "officedepot.com", envelope :contains "From" "walgreens.com", header "From" "pr...@email.newegg.com") { fileinto :create "Promo"; stop; if anyof (header :contains "From" "store-n...@amazon.com", envelope :contains "From" "menswearhouse.com", envelope :contains "From" "officedepot.com", envelope :contains "From" "walgreens.com", header :contains "From" "pr...@email.newegg.com") { fileinto :create "Promo"; stop; Hope that helps Best Regards Martin On 2016-11-30 08:47, Steven Mainor wrote: Hello! I hope you will forgive my ignorance but I have a problem I have been trying to solve for a week and I'm not sure where else to turn. I'm trying to write a sieve script to sort all of my mail. I was writing this script to replace the one I am currently using but I can't seem to get it to compile. I don't know a lot about sieve or really scripting of any kind and I just can't figure out what I'm doing wrong. The compiler just puts out a bunch of output that doesn't make sense. like "unexpected character" when I know the character works there because I am already running a script with some of the same lines. I'm attaching the script with some names and addresses changed and the sieve output to this email. I would greatly appreciate any help anyone could offer.
Re: Problem with multiple ldap passdb
Hi, In case anyone is experiencing the same issue in the future, seems that this probably is a bug. I've upgraded to dovecot 2.2.24 from Jessie backports and it works as documented with no configuration changes. Hope someone else finds this useful. Best Regards Martin On 2016-11-22 16:39, Martin Wheldon wrote: Hi mailing list, I'm currently running dovecot 2.2.13 from Debian Jessie, all is running fine. However I am attempting to merge 2 LDAP authentication sources. I would like to attempt to authenticate against the first authentication source, if that fails either by password fail or user not found, then attempt the next LDAP server. I've added the a passdb and userdb entry for the new ldap server. As you can see from the log below the user isn't found in the first LDAP query, but is in the second one. However the authentication fails: Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=WTLjLuRB9QBRlIlQ#011lip=51.254.222.112#011rip=81.148.137.80#011lport=143#011rport=56821#011resp=AG1hcnRpbi53aGVsZG9uQGdyXWVuaGlsbHMtaXQuY28udWsAQ3JhY2spbk4wdw== (previous base64 data may contain sensitive data) Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): bind search: base=dc=greenhills-it,dc=co,dc=uk filter=(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=martin.wheldon at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk))) Nov 22 13:59:38 he01-imap-01 dovecot: auth: Error: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): ldap_search(base=dc=greenhills-it,dc=co,dc=uk filter=(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=martin.wheldon at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk failed: No such object Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): bind search: base=dc=greenhills-it,dc=co,dc=uk filter=(|(uid=martin.wheldon at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk)) Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): result: uid=0001; uid unused Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): username changed martin.wheldon at greenhills-it.co.uk -> 0001 Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(0001,81.148.137.80,): result: uid=0001 Nov 22 13:59:40 he01-imap-01 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=0001#011temp#011original_user=martin.wheldon at greenhills-it.co.uk I know that the password was entered correctly because if I disable the new ldap config and login I get authenticated properly. Nov 22 14:00:38 he01-imap-01 dovecot: auth: Debug: auth client connected (pid=2626) Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=ipKBMuRBBQBRlIlQ#011lip=51.254.222.112#011rip=81.148.137.80#011lport=143#011rport=38149#011resp=AG1hcnRpbi53aGVsZG9uQGdyXWVuaGlsbHMtaXQuY28udWsAQ3JhY2spbk4wdw== (previous base64 data may contain sensitive data) Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): bind search: base=dc=greenhills-it,dc=co,dc=uk filter=(|(uid=martin.wheldon at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk)) Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): result: uid=0001; uid unused Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon at greenhills-it.co.uk,81.148.137.80,): username changed martin.wheldon at greenhills-it.co.uk -> 0001 Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(0001,81.148.137.80,): result: uid=0001 Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: client passdb out: OK#0111#011user=0001#011original_user=martin.wheldon at greenhills-it.co.uk I've done loads of googling and I believe that this is possible so I must either have misread the documentation or am triggering a bug. Neither of which I seem to be able to confirm. Any help would be much appreciated. My broken configuration is below: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login default_vsz_limit = 512 M lmtp_rcpt_check_quota = yes lmtp_save_to_detail_mailbox = yes mail_location = maildir:~/Maildir mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes
Re: Updated my Dovecot certificate for the first time
Hi Steve, You could create your own private CA then sign your Dovecot certificate with the CA cert and alpine should then trust it. Best Regards Martin On 2016-11-24 15:37, Steve Litt wrote: On Thu, 24 Nov 2016 07:52:51 +0100 (CET) Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Nov 2016, Steve Litt wrote: >On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers > wrote: >> $ strings $(whence alpine) | grep '^/.*certs$' >> /etc/ssl/certs > > The directory or the certs isn't the problem. Alpine sees the > self-signed cert I just made, but complains because it's > self-signed, and gives me the choice between saying "yes" every > time, and just not checking for certs at all. "sees the self-signed cert"? Did you've added it as trusted to the CA as Greg said and wrote what to do? No. I don't want to deal with a third party "Trusted Party": I want it self-signed. What I was looking for was a way Alpine could be set to check for a cert, warn if the cert is conflicting, but not warn if it's self-signed. Thanks, SteveT Steve Litt November 2016 featured book: Quit Joblessness: Start Your Own Business http://www.troubleshooters.com/startbiz
Problem with multiple ldap passdb
sdb { args = /etc/dovecot/dovecot-ldap-new.conf.ext driver = ldap } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap skip = authenticated } plugin { antispam_backend = pipe antispam_pipe_program = /usr/sbin/sendmail antispam_pipe_program_args = -f;%{auth_user};-r;%{auth_user} antispam_pipe_program_notspam_arg = retrain-as-...@greenhills-it.co.uk antispam_pipe_program_spam_arg = retrain-as-s...@greenhills-it.co.uk antispam_spam = Spam antispam_trash = Trash quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:ignore quota_rule3 = Spam:ignore sieve = ~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve/move-spam.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve pop3" service imap-login { process_min_avail = 20 service_count = 1 } service imap { process_min_avail = 20 } service lmtp { inet_listener lmtp { address = he01-imap-01.greenhills-it.co.uk 127.0.0.1 port = 2003 } } service pop3 { process_min_avail = 20 } ssl = required ssl_cert = ssl_cipher_list = ALL:HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:!PSK:!DES:!3DES:!MD5:!DES+MD5:!RC4:!SEED+SHA:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!eNULL:!aNULL:@STRENGTH ssl_dh_parameters_length = 2048 ssl_key = ldap://he01-auth-01.greenhills-it.co.uk dn = uid=dovecot,ou=people,ou=SRV_Accounts,dc=greenhills-it,dc=co,dc=uk dnpass = VerySecret sasl_bind = no auth_bind = yes ldap_version = 3 base = dc=greenhills-it,dc=co,dc=uk scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,gosaMailQuota=quota_rule=*:storage=%$M user_filter = (|(uid=%u)(mail=%u)(gosaMailAlternateAddress=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (|(uid=%u)(mail=%u)) default_pass_scheme = CRYPT # Non working LDAP configuration # /etc/dovecot/dovecot-ldap-new.conf.ext uris = ldap://dir.greenhills-it.co.uk dn = "cn=dovecot,ou=search accounts,ou=services,dc=greenhills-it,dc=co,dc=uk" dnpass = VerySecret sasl_bind = no tls = yes tls_ca_cert_file = /etc/ssl/certs/GreenhillsCACert.pem tls_require_cert = demand debug_level = -1 auth_bind = yes ldap_version = 3 base = ou=customers,dc=greenhills-it,dc=co,dc=uk scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,ukFirmGhITAccMailQuota=quota_rule=*:storage=%$M user_filter = (&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_attrs = uidNumber=user pass_filter = (&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u))) default_pass_scheme = SSHA Best Regards -- Martin Wheldon Greenhills IT Ltd. Telephone: 01904 238 454 Website: www.greenhills-it.co.uk Greenhills IT Ltd. is a limited company registered in England and Wales. Company Registration No: 06387214 Registered Offices: 2 Greenhills, Claxton, YORK, North Yorkshire, YO60 7SA
Tighten TLS - usage of specific ssl_ec-curve
Hi folks, at first: thanks very much for the great piece of software! I have a proposal to tighten the TLS security: enable the usage of a specific ec-curve in the 10-ssl.conf, e.g. ssl_ec-curve = secp384r1 Reason: I use a 384 bit EC server key, but dovecot uses "only" a prime256v1 curve. Keygen was: f=dovecot; openssl ecparam -name secp384r1 -genkey -out $f.key openssl req -new -x509 -key $f.key -out ${f}.crt -days 2000 -sha512 Server check gives: prio ciphersuiteprotocols pfs curves 1 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2ECDH,P-256,256bits prime256v1 2 ECDHE-ECDSA-AES128-SHA256 TLSv1.2ECDH,P-256,256bits prime256v1 3 ECDHE-ECDSA-AES128-SHA TLSv1.2ECDH,P-256,256bits prime256v1 4 ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2ECDH,P-256,256bits prime256v1 5 ECDHE-ECDSA-AES256-SHA384 TLSv1.2ECDH,P-256,256bits prime256v1 6 ECDHE-ECDSA-AES256-SHA TLSv1.2ECDH,P-256,256bits prime256v1 Certificate: UNTRUSTED, 384 bit, ecdsa-with-SHA512 signature $ sudo nano /etc/dovecot/conf.d/10-ssl.conf ssl = required ssl_protocols = !SSlv2 !SSLv3 TLSv1.2 ssl_cipher_list = EECDH+AES128+AESGCM:EECDH+AES256+AESGCM:EECDH+AES128+SHA256:EECDH+AES256+SHA384:EECDH+AES128+SHA:EECDH+AES256+SHA ssl_prefer_server_ciphers = yes ssl_key =
Re: EVP_PKEY_get1_EC_KEY:expecting a ec key
Great, thank you for the information! Regards Martin Am 09.12.2015 um 14:07 schrieb Oliver Riesen-Mallmann: Hi, problem solved with update to 2:2.2.20-1~auto+8. Thanks Oliver
Re: EVP_PKEY_get1_EC_KEY:expecting a ec key
Hi Teemu and Oliver, by the way - I have the very same issue in my logs too. I'm using dovecot 2.2.20.rc1 for debian using http://xi.rename-it.nl/debian/ as my package source. Regards Martin Am 08.12.2015 um 10:23 schrieb Oliver Riesen-Mallmann: Hi Teemu, Could you post your doveconf -n output? # 2.2.20.rc1 (ed41702f14c2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.10.rc1 # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.9 auth_mechanisms = plain login log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_location = maildir:%h/mails mail_plugins = zlib mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart namespace inbox { inbox = yes list = yes location = maildir:%h/mails mailbox Archiv { auto = subscribe special_use = \Archive } mailbox Archives { auto = no special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox "Gelöschte Elemente" { auto = no special_use = \Trash } mailbox Gesendete { auto = no special_use = \Sent } mailbox "Gesendete Elemente" { auto = no special_use = \Sent } mailbox Junk-E-Mail { auto = no special_use = \Junk } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Trash { auto = create special_use = \Trash } prefix = type = private } passdb { driver = shadow } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve zlib_save = gz zlib_save_level = 6 } postmaster_address = postmas...@langzeittest.de protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } ssl_cert =
Let lmtp create target directories
Hello, we're using vmm¹ to manage our postfix+dovecot virtual mail setup, which allows us to give every virtual user a separate EUID and every domain a separate EGID for additional security (vs. handling all virtual mail with a single "vmail" user). As a consequence, however, vmm must itself create the user directories with the appropriate owners, and to do so, it requires root rights. I am trying to investigate getting rid of this need³. Since Dovecot quite happily creates ~/Maildir when necessary, couldn't it also create parents? The home directory should be trivial (same EUID/EGID), but grandparents etc. might need a different policy (e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.). Is this something that could fall within the realm of Dovecot's lmtp? Or is the lmtp invoked as the user and doesn't actually drop root? If so, might there be another way? ¹) http://vmm.localdomain.org/² ²) Hallo Pascal ³) http://bugs.debian.org/804382 Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- antoine de saint-exupéry spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: Disabling auth fallback to PAM
also sprach Timo Sirainen [2015-11-21 14:14 +1300]: > Well, your topic is PAM. Is it? My point is that PAM should not even be asked if an authentication source beforehand knows about a user but the password cannot be verified. > But.. Right now passdb has result_success, result_failure and > result_internalfail. I suppose it should be possible to add > result_user_unknown there that defaults to result_failure if it's > not explicitly set. result_user_known should be resturned when the authentication source does not know about a user. If the authentication source knows a user but fails to authenticate him/her due to a password mismatch, the result should rather be result_auth_failure. Those two should really replace result_failure and the dovecot authentication stack should only continue on result_user_known or result_internalfail. If we get result_success or result_auth_failure, then authentication is done and no further sources should be considered. -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ only by counting could humans demonstrate their independence of computers. -- douglas adams, "the hitchhiker's guide to the galaxy" spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Disabling auth fallback to PAM
Hi folks, According to the wiki,¹ it's considered a feature of Dovecot and its ability to support multiple authentication sources that "if the password doesn't match in the first database, it checks the next one". ¹) http://wiki.dovecot.org/Authentication/MultipleDatabases I think it's great that Dovecot allows auth sources to be stacked like this, but I am not sold on the idea that the next database ought to be tried when a *password* does not match. Let me elaborate: If the first database has knowledge of a user, then it can (should) be considered authoritative, and if the provided password does not match, it's an authentication error right away. Only if the first source does not posess any knowledge about a given user, then should Dovecot proceed to query/check with the next database. Can this be configured somehow? If not, would it make sense to make this behaviour configurable? Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "the ships hung in the sky in much the same way that bricks don't." -- hitchhiker's guide to the galaxy spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Sorry, another faq
I've installed a mailserver according to these instructions: http://www.server-world.info/en/note?os=CentOS_7&p=httpd&f=13 When I try to login to the server through Roundcube webmail I get Connection to storage server failed. So checking on this [12-Jun-2015 11:28:53 +]: <6jap13r2> IMAP Error: Login failed for martin from 83.251.209.249. Could not connect to ssl://myserver:993: Permission denied in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 198 (POST /roundcubemail/? /etc/roundcubemail/config.inc.php Has the following: $config['default_host'] = 'ssl://mail.myserver.tld'; [address obfuscated] $config['default_port'] = 993; as I understand should be correct. I've been looking at various posts on the net that says the problem is a permission on dovecot, but I fail to find anything to how to fix this as it looks right to me. Any suggestions? /Martin S -- Regards, Martin S
Re: Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
Hello Claus, I've installed dovecot-2.2.15-3.fc20.x86_64.rpm + dovecot-pigeonhole-2.2.15-3.fc20.x86_64.rpm from Fedora guys and it works like a charm. Thank you! Martin Dňa 12.2.2015 18:20 Claus napísal(a): Am 12.02.2015 um 15:47 schrieb Martin Štefany: Hello, I've ran into problem with Dovecot and dsync replication. Everything works perfectly, including replication of sieve scripts, except fact that if user activates the 'managesieve' ruleset (I'm using currently Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2" host, by creating symlink ".dovecot.sieve -> .sieve/managesieve.sieve". I've also tried to use 'replication_full_sync_interval', but symlink is not created anyway. I found 2 references already for this problem, but none came to any conclusion: http://dovecot.org/pipermail/dovecot/2014-June/096650.html http://www.dovecot.org/list/dovecot/2014-September/097857.html Here is the output from 'doveconf -n' from both hosts for reference :: mail1 :: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) auth_cache_size = 5 M auth_debug = yes auth_default_realm = example.com auth_gssapi_hostname = mail.example.com auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain gssapi auth_realms = example.com auth_verbose = yes doveadm_password = lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene notify quota replication virtual zlib" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox All { auto = create special_use = \All } mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. mail_replica = tcps:mail2.example.com:10993 quota = maildir:User quota quota_rule = *:storage=4GB quota_rule2 = Trash:storage=+50MB sieve = ~/.dovecot.sieve sieve_after = /srv/sieve/after.d/ sieve_before = /srv/sieve/before.d/ sieve_default = /srv/sieve/default.d/dovecot.sieve sieve_dir = ~/.sieve sieve_global_dir = /srv/sieve/ zlib_save = gz zlib_save_level = 9 } postmaster_address = postmas...@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { group = vmail mode = 0660 user = vmail } unix_listener replication-notify { group = vmail mode = 0660 user = vmail } } service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service doveadm { inet_listener { port = 10993 ssl = yes } } service imap-login { inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = vmail } } ssl_ca = ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_client_ca_file = /etc/ipa/ca.crt ssl_client_cert = mail_plugins = " fts fts_lucene notify quota replication virtual zlib sieve" } protocol imap { mail_plugins = " fts fts_lucene notify quota replication virtual zlib imap_quota imap_zlib" } mail2 :: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) auth_cache_size = 5 M auth_debug = yes auth_default_realm = example.com auth_gssapi_hostname = mail.example.com auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain gssapi auth_realms = example.com auth_verbose = yes doveadm_password = lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_location = maildir:~/Maildir mail_plugins = " fts fts_lucene notify quota replic
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
ildirfolder │ │ ├── new │ │ └── tmp │ ├── tmp │ └── .Trash │ ├── cur │ ├── dovecot.index.log │ ├── dovecot-uidlist │ ├── maildirfolder │ ├── new │ └── tmp └── .sieve ├── managesieve.sieve └── tmp [root@mail2 ~]# tree -a /srv /srv ├── sieve │ ├── after.d │ ├── before.d │ │ ├── spam.sieve │ │ └── spam.svbin │ └── default.d └── vmail └── example.com └── ├── Maildir │ ├── .All │ │ ├── cur │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── .Archives │ │ ├── cur │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── cur │ ├── dovecot.index.cache │ ├── dovecot.index.log │ ├── dovecot-keywords │ ├── dovecot.mailbox.log │ ├── dovecot-uidlist │ ├── dovecot-uidvalidity │ ├── dovecot-uidvalidity.54dbb6f5 │ ├── .Drafts │ │ ├── cur │ │ ├── dovecot.index.cache │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── .Junk │ │ ├── cur │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── lucene-indexes │ │ ├── _k.cfs │ │ ├── segments_17 │ │ └── segments.gen │ ├── maildirfolder │ ├── maildirsize │ ├── new │ ├── .Sent │ │ ├── cur │ │ ├── dovecot.index.cache │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── subscriptions │ ├── .Templates │ │ ├── cur │ │ ├── dovecot.index.log │ │ ├── dovecot-uidlist │ │ ├── maildirfolder │ │ ├── new │ │ └── tmp │ ├── tmp │ └── .Trash │ ├── cur │ ├── dovecot.index.log │ ├── dovecot-uidlist │ ├── maildirfolder │ ├── new │ └── tmp └── .sieve ├── managesieve.sieve └── tmp Thanks a lot for Dovecot anyway! ;) Martin
dsync SSL fails since 2.2.15
Hello list, dovecot ran rock-solid on OSX Mavericks for about 1 year replicating my mail between 2 servers via dsync with SSL as that is well described here: http://wiki2.dovecot.org/Replication After upgrading to 2.2.15, dsync gets stuck with the Error: "Received invalid SSL certificate" even though neither any of the dovecot configs nor the certs, keys or the CA have changed! When I simply outcomment SSL and switch dsync to use tcp (instead of tcps) everthing replications still works like a charm. Please help me to get SSL back working! I did a lot of testing and come up with a concrete QUESTION below, hopefully leading the way out of this trap. What happend = 2 days before I upgraded one of the machines to OSX Yosemite. Along with this, I also upgraded to dovecot 2.2.15 via homebrew (unfortunately on both machines at once). During this process, also openssl was updated to "OpenSSL 1.0.1k 8 Jan 2015". If checking the unchanged certs against the CA, however, the results are still "OK". 1st check: OK == sudo /usr/bin/openssl verify -CAfile /etc/ssl/ca/dovecotCA.pem /etc/ssl/certs/dovecot_on27_signed_cert.pem Password: /etc/ssl/certs/dovecot_on27_signed_cert.pem: OK 2nd check: OK (providing the CAfile and connecting to the doveadm_port) === openssl s_client -CAfile /etc/ssl/ca/dovecotCA.pem -connect on27.linkpc.net:8082 CONNECTED(0003) depth=1 CN = dovecotCA2, O = dovecot, OU = dovecot, ST = dovecot, C = AF, L = dovecot, emailAddress = m...@aiguphonie.com verify return:1 depth=0 CN = on27.linkpc.net, O = dovecot, OU = dovecot, ST = dovecot, C = AF, L = dovecot, emailAddress = m...@aiguphonie.com verify return:1 --- Certificate chain 0 s:/CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com i:/CN=dovecotCA2/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com --- Server certificate -BEGIN CERTIFICATE- dmVjb3RDQTIxEDAOBgNVBAoMB2RvdmVjb3QxEDAOBgNVBAsMB2RvdmVjb3QxEDAO [...] +g== -END CERTIFICATE- subject=/CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com issuer=/CN=dovecotCA2/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com --- No client certificate CA names sent --- SSL handshake has read 1709 bytes and written 487 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: C4DDBA1FA50039FA5D94EF2359BA037B3903D66B6B637CA0733A9216BFCC3996 Session-ID-ctx: Master-Key: 0495D21CA11AA54856D78B48C3DBE9B70EFFB65F13224B430D2B4B2F80F12BE5A89F31454F9577F22F5DDC26FDBAAFAC Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: [...] 0090 - 2d 97 37 15 bd a9 be 68-c1 79 fa dd d8 75 76 3f -.7h.y...uv? Compression: 1 (zlib compression) Start Time: 1421443766 Timeout : 300 (sec) Verify return code: 0 (ok) --- - Yet, testing dsync yields: ERROR == sudo -u _vmail doveadm -v sync -u test tcps:on27.linkpc.net Password: doveadm(test): Info: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com doveadm(test): Error: doveadm server disconnected before handshake: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com doveadm(test): Fatal: Disconnected from remote: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com QUESTION = So the question clearly is, how does dovecot check the cert against the CA exactly? Is there a call to the openssl cmd or is the library linked into dovecotadm? If liked, what version is used and how can I possibly change it? or: What's wrong with my CA and cert(s) all of a sudden? How can I create new CA for two certs fitting the (new) needs of dovecotadm? THANK YOU! == Here are my full but rather simple configs of both machines: == 1st machine: Yosemite # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Darwin 14.0.0 x86_64 base_dir = /var/run/dovecot/ default_internal_user = _dovecot default_login_user = _dovenull doveadm_password = secret doveadm_port = 8082 log_path = /usr/local/var/log/doveco
Re: Move mail behavior
On Wed, 2014-11-26 at 07:31 +0100, Steffen Kaiser wrote: > On Mon, 24 Nov 2014, Martin Stigge wrote: > > > I've recently migrated my IMAP mail setup from a server running an older > > Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with > > dovecot 2.2.13. In the old setup, it used to be so that a mail moved > > from a folder to another one was marked as deleted in the originating > > folder (in dovecot 1.2.15). In the new setup, the mail just disappears > > from the originating folder (with dovecot 2.2.13). The mail arrives > > properly in the target folder, so that's fine. But I actually liked the > > old behavior. > After a little more digging I found that dovecot 2.2 implements the IMAP MOVE extension from RFC 6851 which my clients also support. Before that, a copy with delete was used, explaining the different behavior. I also see MOVE announced as a capability, so my clients use it. So, no config issue, just a new feature. Regards, Martin
Move mail behavior
Hi! I've recently migrated my IMAP mail setup from a server running an older Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with dovecot 2.2.13. In the old setup, it used to be so that a mail moved from a folder to another one was marked as deleted in the originating folder (in dovecot 1.2.15). In the new setup, the mail just disappears from the originating folder (with dovecot 2.2.13). The mail arrives properly in the target folder, so that's fine. But I actually liked the old behavior. I observe this with Evolution as well as Icedove (Thunderbird) mail clients, which is why I assume that it's actually a change in the IMAP server behavior. Is it supposed to behave like that? Is there a way to configure this? Regards, Martin signature.asc Description: This is a digitally signed message part
replication sieve settings
Hello, can someone give me a hint, where to find an info, how to setup dovecote replication with sieve? On my active.active setup, it replicates the user mdboxes and sieve works also, on the active destination fileserver. Client changes the sieve, tests work fine. But the sieve file won't get replicated to the replica server. As i've researched, it was introduced in dovecot v2.2.rc3 Is it default, that doveadm replicator replicate '*' includes the sieve and i made a config error? Or is there an option to set for the replication service? On dovecot director server, i've set director in conf.d/20-managesieve.conf service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } and added sieve to plugins in conf.d/20-lmtp.conf protocol lmtp { mail_plugins = $mail_plugins sieve } doveconf -n ... director_mail_servers = 192.168.200.10 192.168.200.11 director_servers = 192.168.200.1:9090 192.168.200.2:9090 disable_plaintext_auth = no doveadm_port = 24245 lmtp_proxy = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap lmtp sieve pop3" ... service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } ... protocol lmtp { auth_socket_path = director-userdb mail_plugins = " sieve" } ... Thank you Martin Schmidt Germany
Re: dovecot replication (active-active) - server specs
Hello Am 09.10.2014 um 20:41 schrieb Urban Loesch: Hi, Am 09.10.2014 12:35, schrieb Martin Schmidt: Our MX server is delivering ca. 30 GB new mails per day. Two IMAP proxy server get the connections from the users. Atm. without dovecot director. We've got around 700k connections per day (imap 200k / pop3 500k) Are this the hole connections per day? How many concurrend connections do you have at the same time on each server? we've got 3 Fileserver with ca. 1200 concurrend IMAP connections and ca. 50 concurrend POP3 connections on each server. So we want to make a new system. We desire the new system to use mdbox format ( bigger files, less I/O) and replication through dovecot replication (active/active) instead of drbd. I have no experience with dovecot replication (Still on our roadmap). We are currently using drbd on a 10Gbit dedicated link. Works very well for us. Each fileserver should know every mailbox/user and for the time being 2 dovecot proxies for the user connections (IMAP/POP). (later after the migration from the old system to the new, dovecot director instead of proxies, for caching reasons). As Florian said, enable zlib. This also decreases I/O, but needs a bit more of CPU. But not that much. Yes we have enabled it, estimated space saving is up to 40% we've got 2 new fileservers, they have each SSD HDDs for "new-storage" and 7200rpm SATA HDDs on RAID 5 with 10 TB for "alt-storage" 32 GB RAM per Server You also could move the INDEX files from mdbox to different SSDs. We are doing so with 40k accounts and 2TB user data. Index partition has only 22GB used and is increasing not very fast. On our testsystem we've got it also on a raid 1 SSD, only alt-storage is on raid 5. Looks good. Do you have some tips for the system? Do you believe 32 GB RAM are enough for one fileserver each and have you experience with the I/O Waiting problem with huge amounts of Data on the alt-storage? Could there be issues with the RAM, if one fileserver has a downtime, so the second one has to take over all mailboxes for a short amount of time? I think memory is not the problem. On IMAP/POP3 servers the main problem is I/O. But with dovecot mdbox and index files on SSD's we have no problem at the moment. On each of our 3 Fileserver we've got 16 GB RAM, 5-7 GB is used and rest is cached. You might be right, the i/o is always the bottleneck. In general are only 2 new fileserver enough or should we think in bigger dimensions, like 4 fileserver Storage expansion in the new servers should not be a problem (bigger HDDs and a few slots free, so we can expand the raid 5). We are using raid 10 hardware raid controller with cache and sata 7200rpm disks. OK, raid 10 needs more disks, but is much faster than raid 5. Raid 5 is not very fast in my eyes. We've made tests with raid 10 and raid 5, on 4 sata 7200rpm disks, of course raid 10 was faster, but overall not very much. And you can expand raid 5 easier. Can you tell me, if you have a high "Waiting" on your alt-storage? thank you kind regards Martin Schmidt Regards Urban Thank you for your impressions. kr Martin Schmidt
dovecot replication (active-active) - server specs
Hello, i have some questions about the new dovecot replication and mdbox format. my company has currently 3 old dovecot 2.0.x fileserver/backend with ca. 120k mailboxes and ca. 6 TB data used. They are synchronised per drbd/corosync. Each fileserver/backend have ca. 40k mailboxes im Maildir format. Our MX server is delivering ca. 30 GB new mails per day. Two IMAP proxy server get the connections from the users. Atm. without dovecot director. We've got around 700k connections per day (imap 200k / pop3 500k) The system is getting issues because the fileserver still have old slow HDDs. Users sometime get connection timeouts, because the fileserver can not answer fast enough due to I/O waiting lag. So we want to make a new system. We desire the new system to use mdbox format ( bigger files, less I/O) and replication through dovecot replication (active/active) instead of drbd. Each fileserver should know every mailbox/user and for the time being 2 dovecot proxies for the user connections (IMAP/POP). (later after the migration from the old system to the new, dovecot director instead of proxies, for caching reasons). we've got 2 new fileservers, they have each SSD HDDs for "new-storage" and 7200rpm SATA HDDs on RAID 5 with 10 TB for "alt-storage" 32 GB RAM per Server Do you have some tips for the system? Do you believe 32 GB RAM are enough for one fileserver each and have you experience with the I/O Waiting problem with huge amounts of Data on the alt-storage? Could there be issues with the RAM, if one fileserver has a downtime, so the second one has to take over all mailboxes for a short amount of time? In general are only 2 new fileserver enough or should we think in bigger dimensions, like 4 fileserver Storage expansion in the new servers should not be a problem (bigger HDDs and a few slots free, so we can expand the raid 5). thank you kind regards Martin Schmidt
Re: multiple IMAP sessions when connecting from one client
> On 08/27/2014 11:22 AM, Steffen Kaiser wrote: > On Wed, 27 Aug 2014, Martin Vegter wrote: > >> This looks like 4 separate sessions are created when I log in from one >> client. > >> Is this normal behavior? >> Can somebody please explain why this is so? > > because Thunderbird wants to access 4 mailboxes simultaneously, e.g. to > check or wait for new messages. That would make sense. But I have 5 mailboxes in total (Inbox, Sent, Draft, Archive, Trash). Although, I suspect Inbox has special status because it is not defined together with the other four in 15-mailboxes.conf
multiple IMAP sessions when connecting from one client
Hello, I am using Postfix/Dovecot/IMAP. Everything is working fine, but I have noticed that every time I connect with Thunderbird to my server via IMAP, not one but 4 connections are being logged into /var/log/mail/mail.log: 2014-08-27 09:17:46 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12519, TLS, session= 2014-08-27 09:17:53 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12521, TLS, session= 2014-08-27 09:17:53 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12523, TLS, session= 2014-08-27 09:17:54 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12525, TLS, session= This looks like 4 separate sessions are created when I log in from one client. Is this normal behavior? Can somebody please explain why this is so? My Dovecot version is 2.1.7 regards, Martin
Dovecot ignores existing mailboxes and creates its own
Hello, I have Postfix with Maildir format. User's emails are being delivered into $HOME/mail/inbox Apart from ~/mail/inbox, there are the usual folders: $HOME/mail/archive $HOME/mail/drafts $HOME/mail/inbox $HOME/mail/trash Now I have installed dovecot, and set mail_location = maildir:~/mail:LAYOUT=fs additionally, I have defined mailboxes as follows: namespace inbox { mailbox drafts { special_use = \Drafts } mailbox sent { special_use = \Sent } mailbox trash { special_use = \Trash } } The problem I am having is following: 1) dovecot ignores the folders (drafts, sent, trash) and creates its own folders begining with capiotal letter: Drafts Sent Trash 2) dovecot ignores ~/mail/inbox and instead creates ~/mail/cur ~/mail/new ~/mail/tmp can somebody please advise how to tell dovecot, to use my existing folder structure, ie: ~/mail/inbox/{cur,new,tmp} ~/mail/drafts/{cur,new,tmp} ~/mail/sent/{cur,new,tmp} ~/mail/trash/{cur,new,tmp} any advice would be much appreciated thanks, Martin
Re: [Dovecot] Outlook 2007 & 2010 hangs in v2.2?
Am 05.06.2014 16:38, schrieb Timo Sirainen: Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. how large? -- Viele Grüße, Martin Rabl
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 11:56 +0100]: > Looks nice -- any experince using it with tine20 later? I have no idea what tine20 is and the website only contains buzzwords, sorry. vmm is pretty flexible how the underlying data representation in pgsql, so you can probably tweak anything. -- martin | http://madduck.net/ | http://two.sentenc.es/ "out of the crooked timber of humanity, no straight thing was ever made." -- imanuel kant spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 10:14 +0100]: > I know it's a bit a n00bish question, but I'm a little confused about > this many different ways on setting up dovecot with postfix and using a > PostgreSQL backend for virtual hosts. I've found this one quiet helpful: > http://wiki2.dovecot.org/HowTo/DovecotPostgresql > even it seems to be little outdated for recent versions of dovecot (the > auth part of dovecot.conf). Also its lagging some inforamtions I wasn't > able to find on my own (e.g. how to set password for a imap account). I suggest to have a look at http://vmm.localdomain.org/index.html -- martin | http://madduck.net/ | http://two.sentenc.es/ "if I can't dance, i don't want to be part of your revolution." - emma goldman spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach Stephan Bosch [2013-12-28 08:31 +1300]: > This configuration is incomplete. Your logs should show an error about > that. Testing with sieve-test shows: Oh, thank you for introducing me to sieve-test, somehow I have missed that. Sorry! And thank you also for your quick reply! Unfortunately, the problem remains, and sieve-test is not as helpful as I had hoped. My script is attached, as well as the wrapper I use for spamc. Here is the output generated by sieve-test. The spam message is bare and does *not* contain the wanted headers, because those are added by vnd.dovecot.filter invoking spamc: % sieve-test -D -t- -Tlevel=matching -x +spamtest /tmp/spam.sieve /tmp/spam.msg sieve-test(madduck): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. sieve-test(madduck): Debug: sieve: Pigeonhole Sieve Extprograms plugin version 0.1.0 loaded debug: script binary /tmp/spam.svbin successfully loaded. debug: binary save: not saving binary /tmp/spam.svbin, because it is already stored. ## Started executing script 'spam' 6: filter action 6: execute program `spamc' debug: filter action: piping message to program: spamc. debug: filter action: running program: spamc. debug: filter action: piping data to forked program `/etc/dovecot/sieve-filter/spamc'. 6: executed program successfully 6: changed message 8: header test 8: starting `:contains' match with `i;ascii-casemap' comparator: 8: extracting `X-Spam-Status' headers from message 8: matching value `Yes, score=66.5/5.0 tests=ADVANCE_FEE_2_NEW_FORM, ADVANCE_FEE_2_NEW_FRM_MNY,A...' 8: with key `score' => 1 8: finishing match with result: matched 8: jump if result is false 8: not jumping 9: debug_log "X-Spam-Score header present and contains 'score'" spam: line 9: info: DEBUG: X-Spam-Score header present and contains 'score'. 12: spamtest test [percent=false] 12: spamtest: header 'X-Spam-Status' not found in message 12: starting `:value-eq' match with `i;ascii-numeric' comparator: 12: matching value `0' 12: with key `0' => 1 12: finishing match with result: matched 12: jump if result is false 12: not jumping 13: debug_log "spamtest found no match!" spam: line 13: info: DEBUG: spamtest found no match!. 13: jumping to line 51 ## Finished executing script 'spam' Performed actions: (none) Implicit keep: * store message in folder: INBOX sieve-test(madduck): Info: final result: success So, as I had suspected in the original message, spamtest seems to look at the original message, not the one returned from the vnd.dovecot.filter. The regular sieve header match, however, *does* consult the filtered output. So I think that in addition to the clarification about regular vs. extended expressions in the docs, this is also a bug in need of fixing… … or am I still doing something wrong? -- martin | http://madduck.net/ | http://two.sentenc.es/ "a man's very highest moment is, i have no doubt at all, when he kneels in the dust, and beats his breast, and tells all the sins of his life." -- oscar wilde spamtraps: madduck.bo...@madduck.net #!/bin/sh set -eu if find /tmp/dovecot-hack -mmin -1 | grep -q /; then exit 1 fi # HACK because vnd.dovecot.filter needs the filter to soak up all input before # it will even start reading its output. TMPFILE=$(tempfile -p spamc) cleanup() { rm -f $TMPFILE; trap - EXIT; } trap cleanup EXIT cat > "$TMPFILE" spamc "$@" < "$TMPFILE" cleanup require [ "vnd.dovecot.filter"]; require [ "spamtest", "relational", "comparator-i;ascii-numeric" ]; require [ "fileinto", "mailbox" ]; require [ "vnd.dovecot.debug" ]; filter "spamc" [ "--no-safe-fallback" ]; if header :contains "X-Spam-Status" "score" { debug_log "X-Spam-Status header present and contains 'score'"; } if spamtest :value "eq" :comparator "i;ascii-numeric" "0" { debug_log "spamtest found no match!"; } elsif spamtest :value "ge" :comparator "i;ascii-numeric" "2" { if spamtest :value "eq" :comparator "i;ascii-numeric" "1" { debug_log "spamtest value == 1"; } if spamtest :value "eq" :comparator "i;ascii-numeric" "2" { debug_log "spamtest value == 2"; } if spamtest :value "eq" :comparator "i;ascii-numeric" "3" { debug_log "spamtest value == 3"; } if spamtest :va
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach martin f krafft [2013-12-27 18:04 +1300]: > I tested those regular expressions with sed -r, e.g. > > % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] > required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile > 5.0 > > and they work. > > Unfortunately, in sieve scripts, the spamtest value is always 0, > which is indicative of the spamtest "not having run", which in this > case I assume means that the regular expression didn't match. The documentation talks about "POSIX regular expressions", but the examples use extended regexps. This should probably be clarified. However, even if I remove the -r in the above sed call and escape the characters +?(), it does not work. Character classes, such as [:digit:] are available in regular POSIX regexps, to my knowledge. So: the documentation needs clarification, but my problem remains. Yes, I could just "text"-match against X-Spam-Flag (which I now do), but I'd prefer it if the user could match against a spam probability, e.g. already filter if SpamAssassin assigns 6 out of 10 required points. Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "geld ist das brecheisen der macht." - friedrich nietzsche spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] Sieve's spamtest always returns 0
I am a bit at a loss here with Sieve (pigeonhole) and the spamtest extension. I am using Dovecot 2.1.7 (backported to Debian squeeze), which comes with Pigeonhole 0.3.0. Messages are scanned with SpamAssassin, which adds a header like X-Spam-Status: Yes, score=84.6 required=5.0 tests=… and so I configured spamtest in conf.d/90-plugin.conf like so: sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam-Status: [^,]*, score=(-?[[:digit:]]+\.[[:digit:]]).* sieve_spamtest_max_header = X-Spam-Status: [^,]*, score=[^[:space:]]+ required=(-?[[:digit:]]+\.[[:digit:]]).* I tested those regular expressions with sed -r, e.g. % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile 5.0 and they work. Unfortunately, in sieve scripts, the spamtest value is always 0, which is indicative of the spamtest "not having run", which in this case I assume means that the regular expression didn't match. Am I right in assuming that the matching happens at the time of evaluation, and so adding the headers using vnd.dovecot.filter just before works? Or does the spamtest matching happen before the sieve scripts are executed? Can you see any other reason why spamtest always yields a value of 0? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "those who are faithful know only the trivial side of love: it is the faithless who know love's tragedies." -- oscar wilde spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] dovecot.index-Errors with multiple IMAP client access in Dovecot 2.2
Hello list, I hope you can help me! My self-compiled dovecot 2.2.6 (and the two minor versions before, too) throws that errors: Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error: Transaction log /srv/vmail/example.com/martin/Maildir/dovecot.index.log: duplicate transaction log sequence (25) Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error: /srv/vmail/example.com/martin/Maildir/dovecot.index log position went backwards (24,40 < 25,10028) ... and so on ... duplicate transaction log sequences and backwards gone log positions, and this always, when I use at least two IMAP clients at the same time (better: the two clients are online and logged in at the same time). That happens only with one user (me ;-) ), the other about 15 users on this server are having no problems. What I see: the clients are bothering each other, but I don't know, why. I thought about the used reiserfs filesystem on the server, but there were no problems with 1.2 on the same server. Some words about my client setup: I use Thunderbird and iPhone at the same time, and as a third client on the same Server there is a Thunderbird instance at my company, which runs parallel to the other two. Seems to be weired, but isn't really (IMHO ;-) ). Sometimes there are two TBs at the same mailbox, sometimes only the iPhone and a TB, sometimes all three. This runs quite good for long time with dovecot 1.2 and 2.1.x (the last one at my company in a similary setup with more users and several clients at the same time). Maybe there is an error by using "my" build configurations (I think, not)? configures --- ./configure \ --prefix=/usr/local \ --with-sql \ --with-ssl \ --with-mysql --- Here are my dovecot.conf (only the changes of defaults) - maybe there is a misconfiguration? dovecot.conf - # 2.2.6: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-028stab101.1 x86_64 Ubuntu 10.04.4 LTS reiserfs auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /usr/local/var/run/dovecot/auth-master default_internal_user = vmail default_login_user = vmail dict { acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext } disable_plaintext_auth = no imap_capability = +NAMESPACE imap_client_workarounds = delay-newmail tb-lsub-flags tb-lsub-flags tb-extra-mailbox-sep listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_access_groups = vmail mail_location = maildir:/srv/vmail/%d/%n/Maildir mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify namespace { list = yes location = maildir:%%Lh/Maildir/:INDEX=%%Lh/shared-idx/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = no list = yes location = maildir:/srv/vmail/public prefix = public/ separator = / subscriptions = no type = public } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::acl autocreate = Trash autocreate2 = Spam autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Sent autosubscribe4 = Drafts sieve = ~/.dovecot.sieve sieve_after = /srv/vmail/sieve/after.sieve sieve_before = /srv/vmail/sieve/before.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /srv/vmail/sieve sieve_global_path = /srv/vmail/sieve/globalsieverc } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster@%d protocols = imap pop3 quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service dict { unix_
Re: [Dovecot] Dovecot MTA
Pls, people, be kind and polite! Thats not the way for talking to each other! Greetings, Martin Am 12.11.2013 10:30, schrieb Reindl Harald: Am 12.11.2013 02:14, schrieb Noel Butler: On 12/11/2013 04:28, Benny Pedersen wrote: Edwardo Garcia skrev den 2013-11-11 11:58: But is dovecot job to authenticate, mysql replicate fine, it is dovecot that is not fine by ignoring desire effect by only talk localhost and not any other unless locahost auth not respond. so move to postgresql/mysql backend and change from dovecot to dbmail ? why blame dovecot for using fs mail store ? is your problem unstable nfs ? give up and get google app mx :) WTF drugs are you on? Or maybe its more to the point of what medication you're not taking you smartass better should have read all your mails before suggest someone should reridect my repsones to our ISP in your previous answer oh, yeah, i know, you are not reading this but have the mouth open and playing the saint internet police -- Viele Grüße, Martin Rabl
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
Hm. Ok. Am 11.10.2013 16:44, schrieb Mauricio Tavares: On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl wrote: fileinto :create "INBOX.Spam"; Even though .Spam already exists in the user's mailbox? doveadm mailbox status -u b...@domain.com messages INBOX.Spam INBOX.Spam messages=92283 namespace inbox { inbox = yes location = prefix = INBOX. separator =. type = private } Yep, try it - if the folder is there, it will happen nothing. I think, there is a namespace problem, and maybe the spamfolder is located unter INBOX.INBOX.Spam (just an idea). I think, sieve will create a folder, where it assumes there is one. It's just a little experimental ... ;-) Greetings, Martin
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
Hi, try fileinto :create "INBOX.Spam"; Bye, Martin Am 11.10.2013 16:30, schrieb Mauricio Tavares: Based on what I read in http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace defined as tail conf.d/10-mail.conf namespace inbox { inbox = yes location = prefix = INBOX. separator =. type = private } A global script like cat /etc/dovecot/sieve/global-spam.sieve require ["fileinto", "regex"]; # Must use regex here as 'contains' may not be valid, it erroneously # moved: # X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00, # DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay, # XM_SPF_Neutral autolearn=disabled version=3.2.5, No # # Due to the 'YES' in BAYES, let's just make sure YES is at the # _beginning_ of X-Spam-Status, while ignoring anything past it. #if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" { if header :matches "X-Spam-Status" "Yes*" { fileinto "INBOX.Spam"; stop; } should put spam in bob/.Spam. But, I am getting an error message stating that INBOX.Spam does not exist: Oct 11 09:57:33 mail dovecot: lda(b...@domain.com): Error: sieve: msgid=<0.0.0.71c.1cec689a21cff08.706...@ip.aidolip.us>: failed to store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam How come? -- Viele Grüße, Martin Rabl
[Dovecot] Fileoperations in Maildir – problematic or okay?
Hi, I'm wondering: Is it a problem to move and delete files inside a dovecot-managed maildir? For example: I have a folder ~/.maildir/.Sub1.Start/cur and a folder ~/.maildir/.Sub1.Start.old/cur and like to regularly move old mails from the first to the second one. Can you create a cron job saying something like: find ~/.maildir/.Sub1.Start/cur -mtime +5 -exec mv {} ~/.maildir/.Sub1.Start.old/cur \; ? I guess this would be some sort of problem, wouldn't it? IIRC dovecot keeps indexes of the files inside a folder and moving them around like this may confuse the software, am I right? bye Martin
Re: [Dovecot] LDA vs. LMTP
Joseph Tam wrote: > I don't know why you would consider a background process inferior to a > run-on-demand executable. Well, the background process is hogging CPU and RAM while it basically does nothing. And when it's running as root there is always the danger of privilege escalation. LDA only runs when it's needed and since it uses only user rights it shoudbe more harmless. bye Martin
[Dovecot] LDA vs. LMTP
Hi there, I'm using Dovecot together with Postfix; as I understand it, there are two ways to transfer the mail from Postfix to Dovecot. 1.) by using LDA with mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" 2.) by using LMTP with mailbox_transport = lmtp:unix:private/dovecot-lmtp (currently using number 1) I'm interessted in the differences and the advantages/disadvantages of each of those solutions. According to http://wiki2.dovecot.org/LDA the recommended way is to use LMTP, since it's supposed to have a better performance. On the other hand, http://wiki2.dovecot.org/LMTP says, that LMTP is a backgound process, while LDA is only called when needed. I've also read, that LDA only uses the users privileges, which both means, that LDA should be better. I've also noticed, that LMTP adds an additional Recieved:-Header to the mail. Are there any other differences? Thank you M.
[Dovecot] User login for SMTP but not for IMAP/POP?
Hello everybody, I have a question, though I'm not sure if it's a matter of dovecot or postfix. Or if it's even possible to do at all. If I understand it correctly, SMTP authentification is done via SASL. When a user wants to login Postfix queries an external user database (dovecot). Therefore the SMTP-users are identical to the IMAP/POP-users. I want to achieve the following: I want some user credentials (username&password) for a user that is able to login via SMTP, but who doesn't have a mailbox and therefore shouldn't be able to login via IMAP/POP. Is this even possible? How can it be achieved? Or: does this behaviour have a special name, which I can google for? Regards, Martin
[Dovecot] Get rid of inotify in 2.1.15
Hi, after update to Dovecot 2.1.5 (Ubuntu 12.04, dovecot from https://launchpad.net/~kokelnet/+archive/dovecot21) we are getting a huge ;-) bunch of log entries about " imap(USERNAME): Warning: Inotify instance limit for user 5000 (UID vmail)". At last I did an echo 512 > /proc/sys/fs/inotify/max_user_instances but the logentries did appear again after some minutes. Maybe you have a hint for me? Thank you! At the bottom my current configuration. -- Greetings, Martin Rabl # 2.1.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-36-generic x86_64 Ubuntu 12.04.2 LTS auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = * auth_mechanisms = plain login auth_proxy_self = auth_realms = auth_socket_path = /var/run/dovecot/auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = vmail default_login_user = vmail default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext } dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} first_valid_gid = 1 first_valid_uid = 500 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_ca_dir = imapc_ssl_verify = yes imapc_user = %u import_environment = TZ info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = * lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = syslog log_timestamp = "%Y-%m-%d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c login_trusted_networks = mail_access_groups = vmail mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot/modules mail_plugins = mail_prefetch_count = 0 mail_privileged_group = vmail mail_save_crlf = no mail_shared_explicit_inbox = yes mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = vmail mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_prealloca
Re: [Dovecot] Marking messages read / retaining date with Sieve
On Jan 30, 2013, at 8:39 PM, Ben Morrow wrote: [...] > Mail::IMAPClient (which I usually prefer) will work with a > preauthenticated socket, but you need to create a socketpair explicitly, > fork and exec dovecot/imap with one end of the pair on STDIN/STDOUT, > then pass the other end to Mail::IMAPClient->new as the Socket > parameter. Something like this (I've left out error checking) [...] Thanks again for your help! To close the loop on this, I ended up doing the following, although it seems to fail on mailboxes with large numbers of messages (on the order of 10,000 or so; I didn't test carefully enough to find the exact number) use Mail::IMAPClient; use Socket; use strict; socketpair( my $dovecot, my $client, AF_UNIX, SOCK_STREAM, PF_UNSPEC ); unless ( fork() ) { open( STDIN, '<&', $client ); open( STDOUT, '>&', $client ); exec( '/usr/lib/dovecot/imap' ); } close( $client ); my $imap = Mail::IMAPClient->new( Socket => $dovecot ); foreach my $folder( sort $imap->folders() ) { print( "$folder\n" ); $imap->select( $folder ); $imap->set_flag( 'Seen', $imap->search( 'ALL' ) ); } For the moment the failure on large folders was easier to handle by just doing those folders manually, although I'm curious if anyone knows the reason that might fail. --Bret
Re: [Dovecot] Marking messages read / retaining date with Sieve
On Jan 30, 2013, at 6:56 PM, Ben Morrow wrote: > I would do this by scripting IMAP access. Perl's Mail::IMAPClient has > explicit support for running dovecot/imap in preauth mode, so you don't > even have to authenticate. Of course, you need a Dovecot user account > with access to all the relevant messages. Thanks so much for your help! This sounds like a great option to me. For "explicit" support, I'm having a lot of trouble finding out how to have Mail::IMAPClient invoke /usr/lib/dovecot/imap instead of connecting over the network -- could you provide any pointers? --Bret
[Dovecot] Marking messages read / retaining date with Sieve
I'm trying to mark several hundred thousand messages as read as they are delivered via dovecot-lda(1). (I'm importing some mail from another format for migration purposes.) I've been able to do this with Sieve, but it has the side effect that the messages' received and saved dates are set to the current date, and Apple Mail (at least) uses one of these to display the message date. Without the Sieve filter in place, the dates are retained based on the From_ line as I would like. Does anyone know of any way I can either - retain the date when delivering using Sieve? - systematically mark a specific set of messages as read *after* delivery instead, perhaps with doveadm(1)? (even marking *everything* read would work in this particular case. I couldn't find any way to set flags with doveadm) Thanks, --Bret
[Dovecot] Disable auth-worker log message?
Hi, is it possible to disable the line auth-worker(17128): mysql(127.0.0.1): Connected to database mailserver in dovecot 2.1.12? Logging is in "standard" mode. Thank you, Martin
[Dovecot] dovecot as layer between postfix and thunderbird
Hello, im all new to this but feel i want to have a dedicated server to handle my mails from Gmail and Hotmail Basically, i installed SMS, superb Mini Server (based on slackware), and with that default install i got: dovecot, postfix, fetchmail and sendmail. The postfix part seems to work according to a "telnet localhost 25", now i want to procede with dovecot, as i understand it, its the middle layer between (in my case) postfix and thunderbird. What i expect in the very end is a dedicated server who regulary checks and fetches mails, and lets me have all contacts info in the (already up and running) LDAP server. When i start thunderbird, i want it to go grab those mails from my local machine I am, ofcourse all over manpages, HOWTOs, guides and google, but would certainly appriciate further help and points in the right direction My apologises for any weird beginner mistakes in this post
Re: [Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Thank you Timo! Runs! It is to late for configuring ... ;-)) Greetings, Martin Am 29.12.12 03:50, schrieb Martin Rabl: Hi, Am 29.12.12 03:47, schrieb Timo Sirainen: No idea how that worked with your previous configuration (I guess accidentally/unintentionally), but I guess you want this: that were the "bugfixes" ;-) mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs Thank you, I give it a try. Greetings, Martin
Re: [Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Hi, Am 29.12.12 03:47, schrieb Timo Sirainen: No idea how that worked with your previous configuration (I guess accidentally/unintentionally), but I guess you want this: that were the "bugfixes" ;-) mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs Thank you, I give it a try. Greetings, Martin
[Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Hi, yesterday I did an update from dovecot 1.2 to 2.0.19 (Ubuntu 10.04 -> 12.04). After fixing the configuration dovecot startups as it should, but with one error, I don't understand: the INBOX will not be delivered to the Mailclient and will not be filled by "deliver". Instead, dovecot create the two dirs "new" and "cur" directly in "Maildir". the filesystem looks now like: domain/user1/Maildir/INBOX # official INBOX domain/user1/Maildir/new # new mail domain/user1/Maildir/cur # read mail We have searched for an configuration error, but didn't found anything - or did not see one ;-) Maybe there is someone in the list, which see our error in a moment? We are using only imap/s and managesieve, no pop3. Maildir-Layout is FS. Here a snippet of our configuration: mail_home = mail_location = maildir:~/Maildir:LAYOUT=fs namespace { hidden = no inbox = yes list = yes location = prefix = separator = / subscriptions = yes type = private } namespace { list = yes location = maildir:%%h/Maildir/:INDEX=%%h/Maildir/shared/%u:LAYOUT=fs prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { list = yes location = maildir:/srv/vmail/public:LAYOUT=fs prefix = public/ separator = / subscriptions = no type = public } protocol lda { mail_plugins = sieve autocreate } protocol imap { imap_client_workarounds = delay-newmail tb-lsub-flags tb-lsub-flags mail_max_userip_connections = 10 mail_plugins = acl autocreate imap_acl } ---- Hope you can help! Thank you! Martin