Re: MySQL connection with SSL
Have you tried to set the ssl_* parameters as stated in https://doc.dovecot.org/settings/plugin/sql-mysql? Am 16.05.24, 12:53 schrieb "Gandalf Corvotempesta via dovecot" : Hi all is possible to tell dovecot to use a mysql connection with SSL ? My new remote mysql server only allows ssl connections ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Separators and shared namespaces
Regarding the following, written by "Aki Tuomi" on 2023-09-27 at 13:09 Uhr
+0300:
The physical (file system) separator and hierachy separator are not related.
You can safely change the hierarchy separator to / .
Okay, so what is it used for?
The shared namespace should have list=children, and you will not
see anything by default, unless you have acl_shared_dict and have
actually shared a folder.
Yeah, I have all of that. It works with `/`, but when I use `.`, it
stops working. ACLs/sharing stays the same.
Best,
--
martin krafft | https://matrix.to/#/#madduck:madduck.net
"glaube heißt nicht wissen wollen, was wahr ist."
- friedrich nietzsche
{: .blockquote }
spamtraps: madduck.bo...@madduck.net
{: .hidden }
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Separators and shared namespaces
Hello,
I am running Dovcecot 2.3.19 on Debian, and I am trying to get
shared to work.
It's working if I do this:
```
namespace {
type = shared
separator = /
prefix = Team/%%u/
location =
maildir:%%h/Maildir:INDEX=%h/Maildir/Team/%%u:INDEXPVT=%h/Maildir/Team/%%u
subscriptions = no
list = children
}
```
After setting some ACLs, I now have the following in `LIST` output:
```
…
. LIST "" *
* LIST (\HasNoChildren) "/" INBOX
[…]
* LIST (\Noselect \HasChildren) "/" Team/rechnungseing...@example.org
* LIST (\HasNoChildren) "/" "Team/rechnungseing...@example.org/Archiv bearbeitete
Rechnungen"
. OK List completed (0.003 + 0.000 + 0.007 secs).
```
However, since I am using Maildir, the default separator is `.`, and
so I have to change the separator for the `inbox` namespace, which
makes me feel uneasy. The system still uses `.dotted.notation` on
the filesystem despite the namespace change, and subfolders and all
still work, but it still rubs me the wrong way to do this.
And yet, when I try to use `.` like this:
```
separator = .
prefix = Team.%%u.
location =
maildir:%%h/Maildir:INDEX=%h/Maildir/.Team,%%u:INDEXPVT=%h/Maildir/.Team.%%u
```
then nothing shows up in `LIST` output. Any idea why this might be?
Thanks,
--
martin krafft | https://matrix.to/#/#madduck:madduck.net
"den stil verbessern, das heißt den gedanken verbessern."
- friedrich nietzsche
{: .blockquote }
spamtraps: madduck.bo...@madduck.net
{: .hidden }
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html
Hi team,
regarding:
https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html
I have the very same problem.
terve:/tmp #decrypt.rb -k /etc/dovecot/mailcrypt/ecpubkey.pem -f
./1681118363terve.xy-space.de\,S\=3452\,W\=3515\:2\,S
Key(s) (total: 1)
- Key type : EC
- Key digest: a27b201cf7f59f...
- Peer key : 04aaca0143208904deced2732aaa...
- Encrypted : 4cde641bff16098b91bfaf66...
- Kd hash : 9e229ec6c0...
terve:/tmp #decrypt.rb -k /etc/dovecot/mailcrypt/ecprivkey.pem -f
./16811terve.xy-space.de\,S\=3452\,W\=3515\:2\,S
Key(s) (total: 1)
- Key type : EC
- Key digest: a27b201cf7f59f978bb9b27947f60a9...
- Peer key : 04aaca0143208904deced2732aaaf127...
- Encrypted : 4cde641bff16098b91bfaf66c9...
- Kd hash : 9e229ec6c09...
terve:/tmp #decrypt.rb -i -k /etc/dovecot/mailcrypt/ecprivkey.pem -f
./1681118...terve.xy-space.de\,S\=3452\,W\=3515\:2
\,S
Version : 2
Flags : AEAD integrity
Header length : 255
Cipher algo : aes-256-gcm (2.16.840.1.101.3.4.1.46)
Digest algo : sha256 (2.16.840.1.101.3.4.2.1)
Key derivation
- Rounds : 2048
...
N. B. Before posting I arbitrarily removed numbers from the output,
maybe paranoid...
Environment:
openSuSE Linux server.
dovecot version 2.3.20
openssl version 1.1.1
ruby version 3.1.2p20
decrypt.rb version
https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de
This is the way I generated the keys:
openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem
This is the 10-mailcrypt.conf:
mail_plugins = $mail_plugins mail_crypt
plugin {
#fts_index_fs =
crypt:set_prefix=fscrypt_index:posix:set_prefix=/tmp/fts
mail_crypt_global_private_key = Encryption of incoming (thanks to dovecot-lda), as well as outgoing
mails works perfectly.
But for me it is more a feature than a bug, since now, even as root I am
not able to decrypt users mails.
This serves plausible deniability.
But how can I make sure, that NOBODY ELSE can decrypt with this specific
private key?
Is there ANY OTHER way to decrypt the mails besides the script?
Have a nice Monday, and THANKS for taking your time!
Martin, Cologne
P. S. Did you notice, that as an argument (-k) the results are the same,
both with private and public key?
P.P.S. If i give the "-w" argument and a file name, the file remains
empty, tried even that without success.
P.P.P.S. If I call the script with ruby version 2 it bails out...
Re: Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions
Hello,
Please accept my apologies for not giving all the details in the
original bug report. After further testing, I need to add that it is not
the permissions of .mailder that cause doveadm to fail. It fails because
the .maildir is a FUSE mount with access to all other users, including
potentially untrusted root, restricted. This configuration worked fine
until 2.3.18-r1. Has the context under which doveadm runs changed? Is
there a way to make it run as the user?
---
roughgrain.com - Mastering Mentoring
+447780565902
On 17/07/2022 11:20, Martin Kuchta wrote:
Hello,
Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes.
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8
# Hostname: www.example.com
auth_mechanisms = plain login
auth_username_format = %Ln
doveadm_password = # hidden, use -P to show it
hostname = www.example.xom
listen = *
login_greeting = Dovecot ready.
mail_location = maildir:~/.maildir
mail_plugins = notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapflags notify vnd.dovecot.pipe
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = *
driver = pam
}
plugin {
mail_replica = tcps:www.example.com:8000
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_extensions = +notify +imapflags +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
sieve_plugins = sieve_extprograms
}
postmaster_address = postmas...@example.com
protocols = imap lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service doveadm {
inet_listener {
port = 8000
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
}
}
ssl_cert =
Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions
Hello,
Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator
plugin stopped working. It seems there is a problem accessing a .maildir
with 700 permissions, only accessible by the owner. Everything worked
fine prior to this version and I made no configuration changes.
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8
# Hostname: www.example.com
auth_mechanisms = plain login
auth_username_format = %Ln
doveadm_password = # hidden, use -P to show it
hostname = www.example.xom
listen = *
login_greeting = Dovecot ready.
mail_location = maildir:~/.maildir
mail_plugins = notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapflags notify vnd.dovecot.pipe
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = *
driver = pam
}
plugin {
mail_replica = tcps:www.example.com:8000
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_extensions = +notify +imapflags +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
sieve_plugins = sieve_extprograms
}
postmaster_address = postmas...@example.com
protocols = imap lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service doveadm {
inet_listener {
port = 8000
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
}
}
ssl_cert =
S3 integration w Dovecot
Good morning, day, evening :P As stated on documentation S3-compatible Storages — Dovecot documentation <https://doc.dovecot.org/configuration_manual/mail_location/obox/s3/> only AWS S3 is officially supported. However, we know that Scality has been successfully integrated at some larger corporations. Particularly curious if anyone has integrated with Pure S3 object storage solution, or any other for that matter? Just looking at some different options. - Sincerely, Martin.
Re: ssl_params error on RHEL7 FIPS enabled
There have been multiple submitted fixes to this, I submitted a fix to Redhat myself. And they are not willing to add it to their EL7 at this point. From: dovecot on behalf of Brad Partin Date: Thursday, August 19, 2021 at 12:39 PM To: "dovecot@dovecot.org" Subject: ssl_params error on RHEL7 FIPS enabled [External Email] All, The machine I’m running dovecot on is: RHEL7.9 3.10.0-1160.31.1.el7.x86_64 I can run Systemctl restart dovecot then status or /usr/libexec/dovecot/ssl-params and I get the following error. Info: Generating SSL parameters Fatal: ssl_iostream_generate_params(4096) failed: DH_generate_parameters(bits=512, gen=2) failed: error:0506A06E:lib(5):func(106):reason(110), error 0506A003:lib(5):func(106):reason(3) Error: child process failed with status 22784 I can generate a diffie-hellman pem with openssl dhparam -out /etc/dovecot/dh.pem 4096 But dovecot 2.2.36 does not have the option of telling it where the dh.pem file is located in the config like version 2.3 does. Is my error related to FIPS and is there a way around it? My dovecot version is: Dovecot version 2.2.36 release 8.el7 Thanks in advance to anyone willing to help out, I know it’s voluntary 🙏 Thanks, bpartin2009 Sent from my iPhone
Tuning pop3-login client_limit
Good day / evening / morning good dovecot people:
Overview:
We are seeing the following issue on one of our servers:
pop3-login: Error: master(pop3): net_connect_unix(pop3) failed: Resource
temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
(client-pid=5418, client-id=1, rip=__REMOVED__, created 534 msecs ago, received
0/4 bytes)
We tried tuning the pop3-login -> client_limit parameter. However, as soon as
we increased this parameter (and after restarting dovecot), we saw an onslaught
of lmtp connection errors in postfix (unable to deliver via lmtp to dovecot).
This led us to set the pop3-login -> client_limit back to 1000 again and the
lmtp errors disappeared.
This leads me to think that we should tune some other parameters as well.
Increase overall limits or such. It seems like when increasing the client_limit
for pop3-logins that somehow affected the lmtp deliverability.
If anyone has any input on this that would be much appreciated.
Cheers,
Martin
--
Version and config:
# dovecot --version
2.2.36 (1f10bfa63)
# dovecot -n
# 2.2.36 (1f10bfa63):
# OS: Centos 7.7
# Hostname:
auth_mechanisms =
auth_verbose = yes
base_dir = __REMOVED__
default_client_limit = 2500
disable_plaintext_auth = no
doveadm_password =
first_valid_uid = 89
last_valid_uid = 89
lmtp_rcpt_check_quota = yes
login_greeting =
login_trusted_networks =
mail_gid = 89
mail_plugins = " notify replication quota"
mail_uid = 89
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
prefix =
}
passdb {
args =
driver = ldap
}
plugin {
mail_replica = tcps:
quota = maildir:User quota
quota_rule =
}
protocols = pop3 lmtp
replication_full_sync_interval = 3 hours
replication_max_conns = 20
service aggregator {
fifo_listener replication-notify-fifo {
group = postfix
mode = 0640
user = postfix
}
unix_listener replication-notify {
group = postfix
mode = 0640
user = postfix
}
}
service auth {
unix_listener auth {
mode = 0660
}
}
service doveadm {
inet_listener {
port = 12345
ssl = yes
}
}
service lmtp {
process_min_avail = 10
unix_listener lmtp {
group = postfix
mode = 0640
user = postfix
}
}
service pop3-login {
client_limit = 1000
process_limit = 2048
process_min_avail = 10
service_count = 1
}
service pop3 {
client_limit = 1
process_limit = 2048
process_min_avail = 0
service_count = 1
}
Dovecot won't accept IMAP TLS 1 connections from older devices [SOLVED]
I've spent days scouring the Internet and trying various solutions on a problem with my Dovecot installation, so I thought I'd share what I learned in hopes of saving other people a lot of time. The dedicated Dovecot hands will know all of the following already. This is for those of us that have to cover a lot of bases. I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu 20.04.1, and found that older Mac-books and iPads (and probably other devices) could no longer establish IMAP connections to Dovecot. Dovecot logged: SSL routines:tls_early_post_process_client_hello:unsupported protocol and TCP/IP traces showed that it dropped the connection after the client's initial HELLO. I tested what kinds of connections Dovecot would accept with (for example): openssl s_client -tls1_1 -connect localhost:993 # Test whether TLSv1.1 is accepted - received "unsupported protocol" message. Searching showed that Dovecot has a parameter "ssl_min_protocol", which is documented as defaulting to TLSv1. Nevertheless I explicitly set it to TLSv1 with no effect. This was a red herring. I spent a long time looking to see if Dovecot had a bug in handling this newish parameter, etc. Eventually I came across one posting regarding a web server, that told me the OpenSSL libraries that Dovecot and lots of other packages use has a single configuration file for the entire system. In Ubuntu 20.04 it defaults to requiring TLSv1.2 or above. Changing the configuration for OpenSSL affects everything on the system using the library. I changed the file, restarted Dovecot, and it immediately accepted TLSv1 connections. Obviously I'd prefer to maintain the improved security of TLSv1.2, but in my case it was better to continue providing mail service at a lower security level than to deny service to some users until they upgraded their personal devices. You'll need to make your on decision on that score. The file to change is (on Ubuntu, at least) /usr/lib/ssl/openssl.cnf. The change consists of adding a line of code in the initial section that invokes several new sections later: In the initial section I added: openssl_conf = default_conf Then at the bottom of the file I added: [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1 There is an alternative approach that I have read of but not tested. Basically you can create a new file elsewhere with the customized content, and then set an environmental variable (OPENSSL_CONF) just before launching Dovecot that points to your new file. This way, only Dovecot is using downgraded security. Since my mail server is a dedicated system and I didn't want to muck with the Dovecot start-up environment, I didn't feel the need to go that route. So all my digging into why Dovecot wouldn't accept TLSv1 connections and how to change it were completely on the wrong path. It would be nice if Dovecot could log a message when its ssl_min_protocol is set lower than what OpenSSL will accept, but Dovecot may not be able to tell what OpenSSL is doing. In any case, those are the symptoms, the real problem, and how to fix it. Good luck, and thanks to Matt Caswell for posting the answer that I eventually found. Ref: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
DKIM fail if WHM adds Message-ID, should be Message-Id
I created a client library to send emails for a webapp. After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value. This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam. The work around is to add to the message a Message-Id with a little 'd' header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM 'h' record and does not add a Message-ID header. My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it. Regards Robert
Re: Disable Dovecot LDA
On Dienstag, 31. März 2020 21:14:26 CEST Adam Raszkiewicz wrote: > But then it loops again when get back to the postfix as an incoming message > (doesn't know that a...@localdomain.com is located on that Dovecot) + > Is there any way to disable Dovecot LDA? I want to always send email via > postfix and relay server even it will be a local delivery within the Dovecot > server > >Thanks, >Adam Why should a disabled LDA or a relayhost help in this matter? Honestly, who is sending what to where anyway? I mean Dovecot is an IMAP-Server: It receives emails from Postfix and mailclients connect to Dovecot to get these mails. When a mailclient sends an email it connects to Postfix not to Dovecot, so a delivery "within Dovecot" isn't really happening. Dovecot's LDA has options to send (bounce) mails back to Postfix. I guess loops occur there? WHO doesn't know that a...@localdomain.com is located on Dovecot -- Dovecot itself (= unknown recipient or perhaps permission problems while saving the mail) or Postfix (= no transport to Dovecot)? Martin
Re: Send local generated mails via gateway back to LDA Dovecot
Well as you need LDA to deliver emails from postfix to dovecot, you can't just turn it off. What you need is a second smtp daemon within postfix, which is only responsible for local originating emails and is configured to send any email to your gateway. This way your second smtpd will send local generated mails to your gateway. The gateway will send those mails back to your default smtpd and this one will deliver those mails to dovecot -- or where ever you configured them to go to. As email addresses like localpart@localhost aren't useful for your gateway, you need to (canonical) rewrite those addresses to an official address. --- This means your default smtpd must not listen on localhost anymore. The default entry in master.cf like "smtp inet n - n - - smtpd" means that the smtpd listens on any interface on smtp port number 25. Now you need it to listen on the smtp port of your official IP address only. Therefore we will override inet_interfaces from main.cf . Your second smtpd, newly defined in master.cf, inherits the default values from main.cf too, so you need to adjust only some. Well and this daemon will listen on localhost only. Note1: This config runs without a chroot environment! If you do, some extra adjustments might be necessary. (I don't know for sure.) Note2: Lines starting with dash (-) should be removed in your config and those beginning with plus (+) should be added. Angled brackets (<>) indicate a placeholder and they should not be present in your config. /etc/postfix/master.cf # == # service type private unpriv chroot wakeup maxproc command + args # == -smtp inet n - n - - smtpd +smtp inet n - n - - smtpd + # Incomming mails only from real IP address -o inet_interfaces= +127.0.0.1:25 inet n - n - - smtpd + # Incomming mails only from loopback device + # use only if appropriate in your case (postfix version >=2.2) +-o inet_interfaces=loopback-only + # Incomming mails only from localhost + # use only if appropriate in your case (postfix version < 2.2) +-o inet_interfaces=localhost,127.0.0.1 + # Empty mydestination to disable local transport +-o mydestination= + # disable LDA delivery by emptying corresponding config entries + # you either use mailbox_command or virtual_mailbox_domains +-o mailbox_command= +-o virtual_mailbox_domains= + # Use this IP address as client to connect to gateway +-o smtp_bind_address= + # Canonical rewrite for sender and recipient addresses with @localhost +-o canonical_maps = pcre:/etc/postfix/canonical_localhost.pcre --- New file /etc/postfix/canonical_localhost.pcre # This is a Perl Compatible Regular Expression table, # so no postmap command is needed. # Address something@localhost becomes something@ # or # address something@localhost becomes root@ # CHOOSE ONLY ONE ! # #/^(.+)@localhost$/ $1@ /^.+@localhost$/ root@ --- Local generated mails, that have no domain information should append the string $mydomain instead of default $myorigin (which normally is the FQDN of your mailserver). /etc/postfix/main.cf - append_at_myorigin = yes + append_at_myorigin = no - append_dot_mydomain = no + append_dot_mydomain = yes --- I guess you already set $relayhost but you can set fallbacks too. /etc/postfix/main.cf relayhost = +# Optional list of relay hosts +smtp_fallback_relay = , --- Of course you need to restart postfix to apply these changes. AND if something breaks don't hold me responsible, use this config at your own risk! Martin On Dienstag, 31. März 2020 18:35:07 CEST Adam Raszkiewicz wrote: > Hi, > > Is there any way to disable Dovecot LDA? I want to always send email via > postfix and relay server even it will be a local delivery within the > Dovecot server > Thanks, > Adam
Re: lmtp and recipient_delimiter
On Sonntag, 15. März 2020 22:37:40 CET Martin Johannes Dauser wrote: > On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote: > > On 15/03/2020 21:26, GMX Account wrote: > > > have a look at this: > > > > > > http://www.postfix.org/postconf.5.html#recipient_delimiter > > > > > > [...]When the recipient_delimiter [1] set contains multiple characters > > > (Postfix 2.11 and later), a user name or .forward file name is > > > separated from its extension by the first character that matches the > > > recipient_delimiter [1] set.[...] > > > > Uhm, yes, I know what this option should do, but what happens, if I > > already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) > > and I set recipient_delimiter to "-"? > > > > Will this character become a somewhat illegal character for usernames in > > the user database? > > > > > > Cheers, > > > > Juri > > Yes, of course . By setting the delimiter "-", the address foo-...@ex.tld > becomes f...@ex.tld . Postfix seems to have a special interpretation of "+-" > as it is compatible to qmail extension (another smtp server), which seems > to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" > as delimiter... > > foo-...@ex.tld > foo+...@ex.tld > foo+-...@ex.tld > ... would all be sent to f...@ex.tld ?? > > From http://www.postfix.org/postconf.5.html#recipient_delimiter > # Handle both Postfix and qmail extensions (Postfix 2.11 and later). > recipient_delimiter = +- > > (Who would need such a compatibility option -- I mean where is the use case > ?!) Martin Ah, answering my own post, sk71 already gave the hint: When the recipient_delimiter set contains multiple characters , a FILE NAME is separated from its extension by the FIRST CHARACTER THAT MATCHES the recipient_delimiter set. So postfix will act similar to qmail and check files: "the delivery instructions for username-extension are in ~username/.qmail-extension." So setting the delimiter to "+-" postfix will interpret * foo-...@ex.tld as an email for f...@ex.tld and will check a file matching "bar". * foo+...@ex.tld -> f...@ex.tld, file matching "bar" * foo+-...@ex.tls -> f...@ex.tld, file matching "-bar" * foo-+...@ex.tls -> f...@ex.tld, file matching "+bar" Well and you might want to use that when transfering from/to qmail. Martin
Re: lmtp and recipient_delimiter
On Sonntag, 15. März 2020 21:43:08 CET Juri Haberland wrote: > On 15/03/2020 21:26, GMX Account wrote: > > have a look at this: > > > > http://www.postfix.org/postconf.5.html#recipient_delimiter > > > > [...]When the recipient_delimiter [1] set contains multiple characters > > (Postfix 2.11 and later), a user name or .forward file name is > > separated from its extension by the first character that matches the > > recipient_delimiter [1] set.[...] > > Uhm, yes, I know what this option should do, but what happens, if I > already have a user with e.g. a hyphen (-) in its name (e.g. foo-bar) > and I set recipient_delimiter to "-"? > > Will this character become a somewhat illegal character for usernames in > the user database? > > > Cheers, > Juri Yes, of course . By setting the delimiter "-", the address foo-...@ex.tld becomes f...@ex.tld . Postfix seems to have a special interpretation of "+-" as it is compatible to qmail extension (another smtp server), which seems to have "-" hardcoded as delimiter. So I guess postfix is using "+" OR "-" as delimiter... foo-...@ex.tld foo+...@ex.tld foo+-...@ex.tld ... would all be sent to f...@ex.tld ?? From http://www.postfix.org/postconf.5.html#recipient_delimiter # Handle both Postfix and qmail extensions (Postfix 2.11 and later). recipient_delimiter = +- (Who would need such a compatibility option -- I mean where is the use case ?!) Martin
Re: managesieve / sieve - append dot prefix on moving mails into folder
On Tue, 2020-02-18 at 14:19 +0100, Martin Johannes Dauser wrote:
> Hallo!
>
> If you didn't define a separator it's default is "." . So you would need
> to change "INBOX/Monitoring" to "INBOX.Monitoring" to be accepted.
>
> And 10-mail.conf needs a "prefix=INBOX." --note the dot as a separator
> at the end.
It might be, that prefix is empty, which should be valid too. But then
you need to modify your sieve rule. Not 100% sure but I guess:
fileinto "INBOX.Foldername";
>
>
> Hope this helps
> Martin
>
> On Tue, 2020-02-18 at 12:40 +0100, Andre Hoepner - i.based: Systemhaus
> GmbH + Co. KG wrote:
> > Hello mailinglist-subscribers,
> >
> > i have an issue with the managesieve / sieve plugin in dovecot.
> >
> > We use roundcube as webmailer and if i define a new filter to move
> > incoming mails directly into a subfolder i get the following sieve-code:
> >
> > require ["fileinto","imap4flags"];
> > # rule:[mail into folder]
> > if allof (header :contains "from" "sen...@domain.org")
> > {
> > fileinto "Foldername";
> > setflag "\\Seen";
> > }
> >
> > So anything seems to be right and there are no errors on creating the
> > correct syntax.
> >
> > But if a mail comes from the named sender, sieve does not put the email
> > in the folder "Foldername" but ".Foldername".
> > It appends a dot (.) in front of the name and i have no idea, why this
> > happens. There are no errors in logfile and all mails go into the .Folder.
> >
> > Maybe it is wrong separator for mailbox, at the moment there is no
> > separator defined in "10-mail.conf" and we use "Maildir" as mail_location.
> >
> > I have also tried to change the target folder in sieve script an named
> > him "INBOX/Monitoring" - as subfolder of INBOX but than i get an error
> > in .dovecot.sieve.log with message:
> >
> > Invalid mailbox name: Name must not have '/' characters.
> >
> > I edited the new rule with roundcube / managesieve-plugin and maybe this
> > needs separate configuration because of separator in foldernames?
> > Please let me know if i should provide any extra information or dovecot
> > configuration etc.
> >
> > best regards
> > Andre Hoepner
> >
Re: managesieve / sieve - append dot prefix on moving mails into folder
Hallo!
If you didn't define a separator it's default is "." . So you would need
to change "INBOX/Monitoring" to "INBOX.Monitoring" to be accepted.
And 10-mail.conf needs a "prefix=INBOX." --note the dot as a separator
at the end.
Hope this helps
Martin
On Tue, 2020-02-18 at 12:40 +0100, Andre Hoepner - i.based: Systemhaus
GmbH + Co. KG wrote:
> Hello mailinglist-subscribers,
>
> i have an issue with the managesieve / sieve plugin in dovecot.
>
> We use roundcube as webmailer and if i define a new filter to move
> incoming mails directly into a subfolder i get the following sieve-code:
>
> require ["fileinto","imap4flags"];
> # rule:[mail into folder]
> if allof (header :contains "from" "sen...@domain.org")
> {
> fileinto "Foldername";
> setflag "\\Seen";
> }
>
> So anything seems to be right and there are no errors on creating the
> correct syntax.
>
> But if a mail comes from the named sender, sieve does not put the email
> in the folder "Foldername" but ".Foldername".
> It appends a dot (.) in front of the name and i have no idea, why this
> happens. There are no errors in logfile and all mails go into the .Folder.
>
> Maybe it is wrong separator for mailbox, at the moment there is no
> separator defined in "10-mail.conf" and we use "Maildir" as mail_location.
>
> I have also tried to change the target folder in sieve script an named
> him "INBOX/Monitoring" - as subfolder of INBOX but than i get an error
> in .dovecot.sieve.log with message:
>
> Invalid mailbox name: Name must not have '/' characters.
>
> I edited the new rule with roundcube / managesieve-plugin and maybe this
> needs separate configuration because of separator in foldernames?
> Please let me know if i should provide any extra information or dovecot
> configuration etc.
>
> best regards
> Andre Hoepner
>
Re: Bug with latest GCC 9
On 7/28/19 11:57 PM, Stephan Bosch wrote:
>
>
> On 25/04/2019 12:52, Martin Liška via dovecot wrote:
>> On 1/25/19 8:24 PM, Stephan Bosch wrote:
>>>
>>> Op 25/01/2019 om 10:59 schreef Martin Liška:
>>>> Hi.
>>>>
>>>> As mentioned here:
>>>> https://bugzilla.opensuse.org/show_bug.cgi?id=1123136
>>>>
>>>> there's a new issue with GCC 9, it's related to:
>>>> https://gcc.gnu.org/gcc-9/porting_to.html#complit
>>>>
>>>> in:
>>>> /* Not const! Never return this as a result directly! */
>>>> #define SMTP_ADDRESS_LITERAL(localpart, domain) \
>>>> &((struct smtp_address){ (localpart), (domain) })
>>> Thanks for reporting this. We are working on it (tracking internally as
>>> DOP-890).
>>>
>>> Regards,
>>>
>>> Stephan.
>> Hi.
>>
>> Thanks for working on that. Is there any update please?
>
> Fixed in 2.3.7.
Thank you for the fix.
Martin
>
> Regards,
>
> Stephan.
Re: Bug with latest GCC 9
On 1/25/19 8:24 PM, Stephan Bosch wrote:
>
>
> Op 25/01/2019 om 10:59 schreef Martin Liška:
>> Hi.
>>
>> As mentioned here:
>> https://bugzilla.opensuse.org/show_bug.cgi?id=1123136
>>
>> there's a new issue with GCC 9, it's related to:
>> https://gcc.gnu.org/gcc-9/porting_to.html#complit
>>
>> in:
>> /* Not const! Never return this as a result directly! */
>> #define SMTP_ADDRESS_LITERAL(localpart, domain) \
>> &((struct smtp_address){ (localpart), (domain) })
>
> Thanks for reporting this. We are working on it (tracking internally as
> DOP-890).
>
> Regards,
>
> Stephan.
Hi.
Thanks for working on that. Is there any update please?
Martin
Re: Extended logging / moved mails jumping back
did some improvements on the server. from dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 to # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.8 dovecot is working for days without issues, logging is running to one file /var/log/mail.dovecot In the logfile appears 2019-04-19 18:53:54 imap-login: Info: Login: user=, method=PLAIN, rip=80.75.xx.35, lip=136.xxx.9.172, mpid=28364, TLS, session= All 4 different MUAs Thunderbird are logged in the same way. They are behind a router, so they having the same remote IP. So I cant differentiate, which MUA causes which event. Is there a way, to identify which client raise a special event? Am So., 14. Apr. 2019 um 12:38 Uhr schrieb Reto Brunner via dovecot < dovecot@dovecot.org>: > On Sun, Apr 14, 2019 at 12:04:36PM +0200, Martin Müller via dovecot wrote: > > relay=dovecot, delay=0.13, delays=0.07/0/0/0.06, dsn=4.3.0, > status=deferred > > (temporary failure. Command output: Can't open log file > > /var/log/mail.dovecot-error: Permission denied ) > >[...] > > Here the output of ls -la /var/log/mail.dovecot-error > > -rw-r--r-- 1 root root 21259 Apr 14 11:24 /var/log/mail.dovecot-error > >[...] > > Any hints for me? > > Well, fix the permission errors? > Give write access to the docecot user (or whatever you use) for the log > file. > > Also take care if you use the systemd service, there may be other > restrictions in place (ProtectSystem etc) > -- Martin
Re: Extended logging / moved mails jumping back
Hi! Now I have to check, if this a Thunderbird-Issue or is this a dovecot-issue. For that reason, I will activate the extended logging of dovecot. I cant see such events in the logfiles. Which switch is to turn on to log all events? Or do anyone know the reason for the annoying "copy/move-the-mail-back"-issue? Thank you in advance for all inputs. regards, martin You are missing mail_plugins = $mail_plugins notify mail_log Thank you - it didnt work for me (yet). But I think there is another problem which I have to solve first. I recognised that the maildelivery stops after turning on the logging to the three files. The incomming mails are held in the mailq, in syslog appears relay=dovecot, delay=0.13, delays=0.07/0/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/mail.dovecot-error: Permission denied ) In /var/log/mail.dovecot-error are lines like 2019-04-14 10:16:18 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Here the output of ls -la /var/log/mail.dovecot-error -rw-r--r-- 1 root root 21259 Apr 14 11:24 /var/log/mail.dovecot-error If I turn the extended logging off, all works fine. `postqueue -f` releases all held mails to their boxes. Any hints for me? Thank you! martin
Extended logging / moved mails jumping back
Hi!
About 4-6 MUA Thunderbird 60.6.1 are going to connect with dovecot
2.2.13/IMAP (debian 8) and are using the same user/password. This setup
works for years flawless (updated clients and serversoftware).
Since a few weeks there is one major trouble:
I one of the client moves a mail from the inbox to a another IMAP-Folder,
most of the moved mail are moved for the moment. But an unstable period
later, the mails are moved back to the inbox. In rarely cases, the moved
mail is copied (one in the inbox, one in the destinationfolder).
Now I have to check, if this a Thunderbird-Issue or is this a
dovecot-issue. For that reason, I will activate the extended logging of
dovecot.
### ### ### ###
dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
auth_mechanisms = plain login
debug_log_path = /var/log/mail.dovecot-debug
disable_plaintext_auth = no
info_log_path = /var/log/mail.dovecot-info
listen = *,[::]
log_path = /var/log/mail.dovecot-error
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_debug = yes
mail_max_userip_connections = 100
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl_cert =
Re: Sieve fileinto copies messages instead of moving them
Micheal, just for your information: "stop;" stops the whole script at
this very line, which means no other rule will be applied on this
message anymore. Most of the time this is desired. Otherwise "elsif"
(and "else" as a catch-all) is your friend.
require ["fileinto"];
# rule:[check if either SPAM or SPAMSPAM]
if header :contains "subject" "SPAMSPAM"
{
fileinto "SPAM";
}
elsif header :contains "subject" "SPAM"
{
fileinto "MaybeSPAM";
}
# rule:[something else needs to be done with message]
if blah
{
action;
}
On Thu, 2019-03-07 at 02:57 -0500, Helmut K. C. Tessarek via dovecot
wrote:
> You are missing a stop after the fileinto. Otherwise it will not stop, but
> rather processing the next rule as well.
>
> Change it to:
>
> require ["fileinto"];
> # rule:[SPAM]
> if header :contains "subject" "SPAMSPAM"
> {
> fileinto "SPAM";
> stop;
> }
> # rule:[SPAMSPAM]
> if header :contains "subject" "SPAM"
> {
> fileinto "MaybeSPAM";
> stop;
> }
>
> Cheers,
> K. C.
>
Re: Pigeonhome Sieve: check existence of a folder?
What about extension "mailbox"?
https://wiki.dovecot.org/Pigeonhole/Sieve
https://tools.ietf.org/html/rfc5490#section-3
A simple example (not tested, but should work):
note:
+ I use '/' instead of '.' as hierarchical separator
+ stop; stops the whole script, but you could use elsif instead.
require ["fileinto", "mailbox"];
if header :contains "header's name" "aaa" {
if mailboxexists "INBOX/aaa" {
fileinto "INBOX/aaa";
stop;
}
}
if header :contains "header's name" "def" {
if mailboxexists "INBOX/def" {
fileinto "INBOX/def";
stop;
}
}
Greetings Martin
On Thu, 2019-02-28 at 10:42 +0100, AvV via dovecot wrote:
> Dear All,
>
> Thanks ofr the great job so far.
>
> I have crawled the doc & web, and did not find oh to check for the
> presence of a folder ina a mailbox?
>
> I know about "fileinto :create" of course, but the purpose is
> slightly
> different: I want to automate the move into a folder based on some
> rules
> but *only if* an associated folder is present (which name is based
> on
> the rule), otherwise I will do a form of catch-all.
>
> Example:
>
> - INBOX
> +- abc
> +- def
>
> - Rule detects "aaa" in someheader field: folder "aaa" not present"
> ->
> continue;
>
> - Rule detect "def" in some header field: "def exists" -> fileinto
> "def"
> ; stop;
>
> Any help appreciated.
>
> Cheers,
>
> A/
>
Re: Dovecot 2.3.3 Mailbox does not exist
Never done shared/public folders but perhaps Debug mode will give a
hint.
doveadm -Dv acl get -A Public/Archive
On Tue, 2019-02-26 at 10:21 -0500, Kunal A. via dovecot wrote:
> HI,
> I would deeply aprechiate if someone here could help me address a
> problem with ACL. I would personally refrain from e-mailing ever so
> often as I understand other users have more important issues to
> discuss about. Anyways I hope someone here could help.
>
> When I run ;-
> doveadm acl get -A Public/ArchiveI keep getting an error that says
> Mailbox does not exist . See erorr message below : -
>
> Error: Can't open mailbox Public/Archive: Mailbox doesn't exist:
> Public/Archive
>
> In the fastmail folder there is a folder called Archive, why isn't it
> being read? The folder is drwxr-xr-x. with vmail as owner.
>
> Deeply appreciate if someone could help with this.
> Many thanks
>
> dovecot -n output :-
>
> # 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
> # OS: Linux 4.20.10-200.fc29.x86_64 x86_64 Fedora release 29 (Twenty
> Nine)
> # Hostname: machine
> auth_mechanisms = plain login
> mail_location = maildir:~/Maildir
> mail_plugins = acl
> mail_privileged_group = mail
> mbox_write_locks = fcntl
> namespace {
> list = children
> location = maildir:/run/media/computer/Storage/Email/fastmail/
> prefix = Public/
> separator = /
> subscriptions = yes
> type = public
> }
> namespace inbox {
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = INBOX/
> separator = /
> }
> passdb {
> driver = pam
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> plugin {
> acl = vfile
> }
> postmaster_address = postmaster at example.com
> protocols = imap pop3
> service auth-worker {
> user = vmail
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> mode = 0600
> user = vmail
> }
> user = dovecot
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service pop3-login {
> inet_listener pop3 {
> port = 0
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> ssl = required
> ssl_cert = ssl_cipher_list = PROFILE=SYSTEM
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> userdb {
> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
> driver = static
> }
> protocol imap {
> mail_plugins = acl imap_acl
> }
>
>
Re: new Centos server install yum dependency error: i686 vs x86_64
Is your server even running on CentOS 64bit? # arch or # uname -m should return "x86_64". But as your available base package is dovecot- 2.2.36-3.el7.i686 and not dovecot-2.2.36-3.el7.x86_64 I guess you'll see something like "i686" Martin Johannes Dauser On Sat, 2019-02-23 at 07:58 +1100, Voytek Eymont via dovecot wrote: > > On Sat, February 23, 2019 2:53 am, Alex JOST via dovecot wrote: > > Am 22.02.2019 um 14:43 schrieb Voytek Eymont via dovecot: > > > > > > > > > > > On Sat, February 23, 2019 12:31 am, Gerald Galster via dovecot > > > wrote: > > > > > > > > > > > Your problem is here: > > > > > > > > > > > > > > > > Error: Package: 2:dovecot-lua-2.3.4.1-1.x86_64 (dovecot-2.3- > > > > latest) > > > > Requires: dovecot = 2:2.3.4.1-1 > > > > Available: 1:dovecot-2.2.36-3.el7.i686 (base) > > > > dovecot = 1:2.2.36-3.el7 > > > > > > > >
Re: sieve filter not working -- matchtype
Scott, you are right. And I guess it's computed faster too.
# rule:[test]
if header :matches "from" "*.info"
{
redirect "su...@domain.com";
}
Even a TLD like "*.superinfos" may be included:
"*@*.*info*"
Greetings
Martin
On Wed, 2019-02-20 at 08:47 +, Scott M. via dovecot wrote:
> Why do you use regex ?
>
> You can just use matches: https://p5r.uk/blog/2011/sieve-tutorial.htm
> l#matchtype
>
>
>
>
>
> On Wed, Feb 20, 2019 at 03:31 AM, subin ks via dovecot ot.org> wrote:
> I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6.
> I'm trying to set a Sieve filter which will redirect all emails from
> `info` (i.e. .info) TLD to another email. This is the filter:
>
> require ["regex"];
> # rule:[test]
> if header :regex "from" "info$"
> {
> redirect "su...@domain.com";
> }
>
> It's not being honored; all emails from .info TLD ends up in the
> inbox and none are redirected. Let me know what I'm doing wrong.
>
> Thanks.
>
Re: sieve filter not working -- wildcard missing
On Wed, 2019-02-20 at 10:37 +0100, Martin Johannes Dauser via dovecot
wrote:
> On Wed, 2019-02-20 at 10:18 +0100, Martin Johannes Dauser via dovecot
> wrote:
> > Hi!
> >
> > You forgot the wildcard '.*' (= Match zero or more instances of any
> > single character, except newline)
> >
> > require ["regex"];
> > # rule:[test]
> > if header :regex "from" ".*info$"
> > {
> > redirect "su...@domain.com";
> > }
> >
> > With this rule, you are filtering emails from toplevel domain
> > '*.info'
> > or new domains that might occur in future (e.g '*.superinfo'). If
> > you
> > want to restrict to classic tld '*.info' change the regex to
> >
> > ".*\.info$"
>
> Oh, and if you want to include a TLD like "*.superinfos" The regex
> needs to be
>
> ".*\..*info[^.]$"
ARGH, I forgot a star:
".*\..*info[^.]*$"
>
> >
> >
> > The draft lists a table of common regex in section2:
> > https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section-
> > 2
> >
> >
> > There are online regex checker like https://regex101.com thought
> > not
> > specific to sieve's regex, which can be used to test your regular
> > expressions. Sieve's regex are quite standard though.
> >
> > Greetings
> > Martin
> >
> >
> > On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote:
> > > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian
> > > 9.6.
> > > I'm trying to set a Sieve filter which will redirect all emails
> > > from
> > > `info` (i.e. .info) TLD to another email. This is the filter:
> > >
> > > require ["regex"];
> > > # rule:[test]
> > > if header :regex "from" "info$"
> > > {
> > > redirect "su...@domain.com";
> > > }
> > >
> > > It's not being honored; all emails from .info TLD ends up in the
> > > inbox and none are redirected. Let me know what I'm doing wrong.
> > >
> > > Thanks.
> > >
Re: sieve filter not working -- wildcard missing
On Wed, 2019-02-20 at 10:18 +0100, Martin Johannes Dauser via dovecot
wrote:
> Hi!
>
> You forgot the wildcard '.*' (= Match zero or more instances of any
> single character, except newline)
>
> require ["regex"];
> # rule:[test]
> if header :regex "from" ".*info$"
> {
> redirect "su...@domain.com";
> }
>
> With this rule, you are filtering emails from toplevel domain
> '*.info'
> or new domains that might occur in future (e.g '*.superinfo'). If you
> want to restrict to classic tld '*.info' change the regex to
>
> ".*\.info$"
Oh, and if you want to include a TLD like "*.superinfos" The regex
needs to be
".*\..*info[^.]$"
>
>
> The draft lists a table of common regex in section2:
> https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section-2
>
>
> There are online regex checker like https://regex101.com thought not
> specific to sieve's regex, which can be used to test your regular
> expressions. Sieve's regex are quite standard though.
>
> Greetings
> Martin
>
>
> On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote:
> > I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6.
> > I'm trying to set a Sieve filter which will redirect all emails
> > from
> > `info` (i.e. .info) TLD to another email. This is the filter:
> >
> > require ["regex"];
> > # rule:[test]
> > if header :regex "from" "info$"
> > {
> > redirect "su...@domain.com";
> > }
> >
> > It's not being honored; all emails from .info TLD ends up in the
> > inbox and none are redirected. Let me know what I'm doing wrong.
> >
> > Thanks.
> >
Re: sieve filter not working -- wildcard missing
Hi!
You forgot the wildcard '.*' (= Match zero or more instances of any
single character, except newline)
require ["regex"];
# rule:[test]
if header :regex "from" ".*info$"
{
redirect "su...@domain.com";
}
With this rule, you are filtering emails from toplevel domain '*.info'
or new domains that might occur in future (e.g '*.superinfo'). If you
want to restrict to classic tld '*.info' change the regex to
".*\.info$"
The draft lists a table of common regex in section2:
https://tools.ietf.org/html/draft-murchison-sieve-regex-08#section-2
There are online regex checker like https://regex101.com thought not
specific to sieve's regex, which can be used to test your regular
expressions. Sieve's regex are quite standard though.
Greetings
Martin
On Wed, 2019-02-20 at 14:00 +0530, subin ks via dovecot wrote:
> I've Dovecot and dovecot-sieve v 2.2.27 installed on a Debian 9.6.
> I'm trying to set a Sieve filter which will redirect all emails from
> `info` (i.e. .info) TLD to another email. This is the filter:
>
> require ["regex"];
> # rule:[test]
> if header :regex "from" "info$"
> {
> redirect "su...@domain.com";
> }
>
> It's not being honored; all emails from .info TLD ends up in the
> inbox and none are redirected. Let me know what I'm doing wrong.
>
> Thanks.
>
Bug with latest GCC 9
Hi.
As mentioned here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1123136
there's a new issue with GCC 9, it's related to:
https://gcc.gnu.org/gcc-9/porting_to.html#complit
in:
/* Not const! Never return this as a result directly! */
#define SMTP_ADDRESS_LITERAL(localpart, domain) \
&((struct smtp_address){ (localpart), (domain) })
Thanks,
Martin
Re: Moving messages between servers with different configurations
Hi, doveadm [-Dv] move [-S socket_path] -u user destination [user source_user] search_query Moving all mails from mailbox INBOX/test on serverA to mailbox Archive/2017 on local serverB. + destination Archive/2017 must exist + Limitation: source_user and testuser must share the same UID and GID doveadm move -S x.x.x.x:x -u testuserAtServerB Archive/2017 user source_userAtServerA mailbox INBOX/test ALL Greetings Martin Johannes Dauser On Mon, 2019-01-21 at 23:14 +0100, Marc Roos wrote: > I wanted to move messages from a mbox mailbox on server A to mdbox > on > server B. I thought I could do this by connecting to the remote > server > with "doveadm move -S x.x.x.x:x -u testuser Archive/2017 mailbox > INBOX/test" but I guess this will only allow and move messages > internally on server B? > Should I use dsync, or is there another way to move the messages? > > >
Re: BUG: cannot move messages to root mailfolder in namespace "There can be only one namespace with inbox=yes"
Hi,
"The section name in namespaces (e.g. namespace sectionname { .. } is
used only internally within configuration. It's not required at all,
but it allows you to update an existing namespace
(like how 15-mailboxes.conf does) or have userdb override namespace
settings for specific users (namespace/sectionname/prefix=foo/)."
(from https://wiki.dovecot.org/Namespaces)
You can call the namespace as you wish or leave it out, but it's a nice
hint telling it's purpose and if you activate debug level it's easier
to see which namespace does what.
There is no alphabetical order taken in account.
Regarding duplicate prefix: I didn't thought of that. Using prefix
Archive/ should lead to a mailbox /Archive/Archive I guess. I'm not
sure if namespace attribute "list = no" could do something about it.
Another way round would be to set the prefix of inbox as Inbox/ instead
but this would force users to create folders only as subfolders of
/INBOX/ or of /Archive/.
I'm glad I could be of some help.
Martin
On Wed, 2019-01-09 at 15:22 +0100, Marc Roos wrote:
> Hi Martin,
>
> Thanks for the reply. I got the error below, but when I changed the
> prefix in 4archives to Archive/ I am getting indeed something that
> is
> looking ok, I still have to test with a few clients. Why did you
> call
> the namespace 4archives? Because it would load before inbox? Or does
> this not matter at all.
>
> Error: namespace configuration error: Duplicate namespace prefix: ""
>
>
>
> -Original Message-
> From: Martin Johannes Dauser [mailto:mdau...@cs.sbg.ac.at]
> Sent: 09 January 2019 12:02
> To: dovecot@dovecot.org
> Subject: Re: BUG: cannot move messages to root mailfolder in
> namespace
> "There can be only one namespace with inbox=yes"
>
> Hi,
>
> this setting might work. The default namespace "inbox" is managing
> INBOX
> and defines Special-Use folders on the same hierarchic level as
> INBOX.
> There is an extra namespace "4archives" which defines Archive as a
> mailbox on the same level as INBOX but stored on a different
> location.
> Set mailbox attribute auto to your liking.
>
>
> namespace inbox {
> type = private
> disabled = no
> hidden = no
> list = yes
> ignore_on_failure = no
> inbox = yes
> location =
> prefix =
> subscriptions = yes
> separator = /
>
> mailbox Drafts {
> special_use = \Drafts
> auto = subscribe
> }
> mailbox Junk {
> special_use = \Junk
> auto = subscribe
> }
> mailbox Spam {
> special_use = \Junk
> auto = no
> }
> mailbox spam {
> special_use = \Junk
> auto = no
> }
> mailbox Deleted {
> special_use = \Trash
> auto = subscribe
> }
> mailbox Trash {
> special_use = \Trash
> auto = no
> }
> mailbox Wastebasket {
> special_use = \Trash
> auto = no
> }
> mailbox Sent {
> special_use = \Sent
> auto = subscribe
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> auto = no
> }
> mailbox "Sent Mail" {
> special_use = \Sent
> auto = no
> }
> mailbox "Tasks" {
> # This mailbox has no official RFC 6154 or RFC 8457 Special-Use entry
> auto = subscribe
> }
> }
>
> namespace 4archives {
> type = private
> disabled = no
> hidden = no
> list = yes
> ignore_on_failure = no
> inbox = no
> location =
> mbox:/home/mail-archive/%u/Archive/:CONTROL=/home/mail-
> archive/%u/Archiv
> e/control:INDEX=/home/mail-archive/%u/Archive/index:LAYOUT=maildir++
> prefix =
> subscriptions = yes
> separator = /
> mailbox Archive {
> auto = create
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> mailbox Archives {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> mailbox "Archived Messages" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> mailbox "Archived mail" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> }
>
>
>
> On Fri, 2019-01-04 at 12:06 +0100, Marc Roos wrote:
>
>
>
> Where is a manual describing how to do this? Archive tree on
> different
> storage?
>
> ├── Archive/Archives/Archived Messages/Archived mail <- need
> to
> store
> messages in root folder also
> │ ├── 2017
> │ │ ├── projects
> │ │ │ ├── project
> │ │ │ ├── project1
> │ │ │ ├── pro
Re: BUG: cannot move messages to root mailfolder in namespace "There can be only one namespace with inbox=yes"
Hi,
this setting might work. The default namespace "inbox" is managing
INBOX and defines Special-Use folders on the same hierarchic level as
INBOX. There is an extra namespace "4archives" which defines Archive as
a mailbox on the same level as INBOX but stored on a different
location. Set mailbox attribute auto to your liking.
namespace inbox { type = private disabled = no hid
den = nolist = yes ignore_on_failure = no inbox =
yes location = prefix =subscriptions = yes
separator = /
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Spam {
special_use = \Junk
auto = no
}
mailbox spam {
special_use = \Junk
auto = no
}
mailbox Deleted {
special_use = \Trash
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = no
}
mailbox Wastebasket {
special_use = \Trash
auto = no
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent
auto = no
}
mailbox "Sent Mail" {
special_use = \Sent
auto = no
}
mailbox "Tasks" {
# This mailbox has no official RFC 6154 or RFC 8457
Special-Use entry
auto = subscribe
}}
namespace 4archives {
type = private
disabled = no
hidden = no
list = yes
ignore_on_failure = no
inbox = no
location = mbox:/home/mail-
archive/%u/Archive/:CONTROL=/home/mail-
archive/%u/Archive/control:INDEX=/home/mail-
archive/%u/Archive/index:LAYOUT=maildir++
prefix =
subscriptions = yes
separator = /
mailbox Archive {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
mailbox Archives {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
mailbox "Archived Messages" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
mailbox "Archived mail" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
}
On Fri, 2019-01-04 at 12:06 +0100, Marc Roos wrote:
>
>
> Where is a manual describing how to do this? Archive tree on
> different
> storage?
>
> ├── Archive/Archives/Archived Messages/Archived mail <- need to
> store
> messages in root folder also
> │ ├── 2017
> │ │ ├── projects
> │ │ │ ├── project
> │ │ │ ├── project1
> │ │ │ ├── project2
> │ │ │ ├── project3
> │ │ │ ├── project4
> │ │ │ └── project5
> │ │ └── Sent Messages
> │ ├── 2018
> │ │ ├── project1
> │ │ ├── project2
> │ │ ├── project3
> │ │ ├── project4
> │ │ ├── project5
> │ │ └── Sent
> │ └── 2019
> │ ├── projectA
> │ └── projectB
> ├── Deleted
> ├── Inbox
> ├── Junk
> ├── Sent
> └── Tasks
>
>
> >
> >>
> >> I get this error message from apple mail when I right click and
> choose
> >> archive
> >> "The IMAP command "UID COPY" (to Archive) failed for the mailbox
> "INBOX"
> >> with server error: Mailbox isn't selectable"
> >>
> >
> >Did you notice that you have a mailbox called 'Archive' and
> namespace
> called
> >'Archive'? Namespace roots are not selectable, and this looks more
> like a
> >config error.
> >
> >
>
> That is been done on the advice I got here.
> Since November I am trying to get resolved, that I need my Archive
> and
> subfolders on different storage location as the default. Furthermore
> Archive folder is being used by apple mail, Archives folder eg. by
> Thunderbird. So it would be nice to 'group' this, so Thunderbird is
> not
> accidentally storing this on the default storage.
>
> If the aliases plugin was working properly, I could have done this
> maybe
>
> via aliases
> https://www.mail-archive.com/dovecot@dovecot.org/msg75587.html
>
>
Re: Multi-server but small scale
Hi, if you have only one pair of servers, I think replication via dovecot's dsync (or doveadm via ssh) where each server holds all emails as a local storage would be easiest. There is a caveat with shared folders though. And dovecot replicates only emails. The index is not included, which means for example that you'd need 2 databases for quota - otherwise emails would count twice. Well and any manual index management needs to be done on both sides. https://wiki.dovecot.org/Replication Running a cluster filesystem or NFS as a common base is possible but needs some adjustments of dovecot like turning off caching or memory mapping, which in turn decrease performance. This is only some short handbook knowledge as I haven't implemented replication yet. Greetings Martin Johannes Dauser On Mon, 2018-11-19 at 17:51 -0800, Daniel Miller wrote: > I have a small but critical server that supports our group. As a > single > server - it's obviously a single-point-of-failure for lots of > things. > As I just experienced...again. It was a lot more fun building > systems > from components when I was younger... > > Previously 3rd-party hosted solutions didn't look attractive for > several > reasons...but I'm seeing prices now for cloud virtual machines that > are > stupid cheap. Even if they wind up being limited speed & > availability - > it would seem they'd be a lot better than nothing! > > So I'm considering having at least one backup server for various > services - obviously that includes mail. So now I have to wonder > about > the backend. And while I think I'm reasonably current with > networked > file systems (not distributed or cluster) I haven't played with > replication for a quite a while. > > For this particular usage (I'm envisioning two servers total) - is > there > a need/reason to use any form of networked/distributed/cluster file > storage? Or would this be accomplished via "pure" Dovecot - dsync > replication would keep things updated between the servers and > director > would handle the connections? So with identically configured SMTP > servers, passing to the local LMTP agents, the file system would be > "purely local" with no NFS or other interconnection? >
doveadm backup: Error: Both source and destination mail_location points to same directory
Hello!
I'm using 2 namespaces, "inbox" for INBOX and it's subfolders and
"special" containing folders like Sent, Junk or Drafts. Though both
use mdbox I decided to represent those namespaces in different
locations "mdbox:~/mail" and "mdbox:~/mail_special_folders". The main
reason to use 2 namespaces was to keep special_use folders out of INBOX
by using the prefix attribute -- it's rather cosmetic.
├── INBOX
│ ├── SubFolder1
│ ├── SubFolder2
│ └── SubFolder3
├── Sent
├── Trash
├── Drafts
├── Junk
├── Templates
├── This is Ham
└── Report Spam
Now I want to export the emails of some former users to common known
maildir or mbox format to be able to hand them over on CD. The problem
is that a conversion with doveadm backup fails. I guess this is due to
namespace special which is configured with a manual location attribute
instead of utilising mail_location. But even telling doveadm to backup
only one namespace leads to the identical error (extract of debug
message at bottom).
As this is a RHEL7 server, the dovecot version is an old 2.2.10 and I
don't expect software debugging -- I just ask if I did some
misconfiguration or a failure in the command.
I already thought of merging the locations of both namespaces. Yet, I'm
not sure how to achieve this.
>From /etc/dovecot/conf.d/10-mail.conf
mail_location = mdbox:~/mail
namespace inbox {
type = private
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
prefix = INBOX/
separator = /
subscriptions = yes
}
namespace special {
type = private
hidden = no
ignore_on_failure = no
inbox = no
list = yes
location = mdbox:~/mail_special_folders
prefix =
separator = /
subscriptions = yes
}
HOME is set by LDAP
user_attrs =
=home=/srv/mail/%Ld/%Ln,=uid=2,=gid=2,imapQuota=quota_rule=*:st
orage=%$G
Identical debug messages of following commands:
# dsync -Dv backup -u b...@cs.sbg.ac.at maildir:/home/Mailexport/bob
or
# doveadm -Dv backup -u b...@cs.sbg.ac.at maildir:/home/Mailexport/bob
or
# doveadm -Dv backup -u b...@cs.sbg.ac.at -n inbox
maildir:/home/Mailexport/bob
or
# doveadm -Dv backup -u b...@cs.sbg.ac.at -n special
maildir:/home/Mailexport/bob
...
doveadm(b...@cs.sbg.ac.at): Debug: Namespace inbox: type=private,
prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=mdbox:~/mail
doveadm(b...@cs.sbg.ac.at): Debug: fs:
root=/srv/mail/cs.sbg.ac.at/bob/mail, index=, indexpvt=, control=,
inbox=, alt=
doveadm(b...@cs.sbg.ac.at): Debug: Namespace special: type=private,
prefix=, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes
location=mdbox:~/mail_special_folders
doveadm(b...@cs.sbg.ac.at): Debug: fs:
root=/srv/mail/cs.sbg.ac.at/bob/mail_special_folders, index=,
indexpvt=, control=, inbox=, alt=
doveadm(b...@cs.sbg.ac.at): Debug: Namespace INBOX/: Using permissions
from /srv/mail/cs.sbg.ac.at/bob/mail: mode=0774 gid=default
dsync(b...@cs.sbg.ac.at): Debug: Effective uid=2, gid=2,
home=/srv/mail/cs.sbg.ac.at/bob
dsync(b...@cs.sbg.ac.at): Debug: Quota root: name=User quota
backend=dict args=:file:/srv/mail/cs.sbg.ac.at/bob/dovecot-quota
...
dsync(b...@cs.sbg.ac.at): Debug: Namespace inbox: type=private,
prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=maildir:/home/Mailexport/bob
dsync(b...@cs.sbg.ac.at): Debug: maildir++: root=/home/Mailexport/bob,
index=, indexpvt=, control=, inbox=/home/Mailexport/bob, alt=
dsync(b...@cs.sbg.ac.at): Debug: Namespace special: type=private,
prefix=, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes
location=mdbox:~/mail_special_folders
dsync(b...@cs.sbg.ac.at): Debug: fs:
root=/srv/mail/cs.sbg.ac.at/bob/mail_special_folders, index=,
indexpvt=, control=, inbox=, alt=
dsync(b...@cs.sbg.ac.at): Error: Both source and destination
mail_location points to same directory:
/srv/mail/cs.sbg.ac.at/bob/mail_special_folders/mailboxes
Many thanks for any hint
Martin
Re: index corruption weirdness
On Wed, 2018-10-10 at 09:37 +0300, Aki Tuomi wrote: > > On 09.10.2018 22:16, William Taylor wrote: > > ... > > > > Dovecot Info: > > dovecot -n > > # 2.1.17: /etc/dovecot/dovecot.conf > > > > Hi! > > Thank you for your report, however, 2.1.17 is VERY old version of > dovecot and this problem is very likely fixed in a more recent > version. > > Aki Like RHEL 7, CentOS 7.5 should run 2.2.10 -- which is well hung either. http://mirror.centos.org/centos/7/os/x86_64/Packages/ Martin
Re: mbox locking
On Tue, 2018-10-09 at 15:30 +0200, Selmeci Tamás wrote: > On Tue, 9 Oct 2018 12:08:00 +0200 Sami Ketola > wrote: > > > How do you deliver then mails to the server? > > > > OpenSMTPD and Dovecot run on the same machine. OpenSMTPD receives > incoming mails and stores them in a mailbox (/var/spool/mail/user). > Dovecot then fetches mails from this mailbox file. > Regarding locks, OpenSMTPD's config should match methods AND order of dovecot's mbox_write_locks. Methods known by dovecot are dotlock, flock, fcntl and lockf. I couldn't find out, which methods are used by OpenSMTPD. Dovecot's mbox_read_locks should match too, but dotlock isn't used. https://wiki.dovecot.org/MailLocation/mbox https://wiki.dovecot.org/MboxLocking https://wiki.dovecot.org/MailboxFormat/mbox Martin
Re: cronjob hack to expunge deleted mails of USERNAME
Well, some dirty cronjob could periodically expunge all emails marked as DELETED from a specific user. You would need to exchange USERNAME with the real username in this little bash script. This should work, use at your own risk. (^.~) #!/bin/bash doveadm mailbox list -u USERNAME | while read -r i do doveadm expunge -u USERNAME mailbox $i DELETED done Finding the real issue would be best of course. Martin
Re: SNI Dovecot
FYI
dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't
send SNI. As you are using version 2.2.27 you might encounter the same
behaviour.
If the client won't send SNI, my server randomly answers with any cert
instead of the default cert, --Perhaps dovecot just utilises the last
used cert? One speciality of my certs is, that both share the same
Common Name (CN) but differ in Subject Alternative Names (SAN).
Once your config works, you can check by initialising several
connections (I tried 30 times) without SNI using openssl. First command
is without SNI, second is with SNI.
$ openssl s_client -showcerts -connect IP-address:993
$ openssl s_client -showcerts -connect IP-address:993 -servername
server.domain
This is my bugreport on this list.https://dovecot.org/pipermail/dovecot
/2018-July/112368.html
Best regardsMartin Johannes Dauser
On Wed, 2018-08-29 at 14:41 +, Nicolas wrote:
> Hi all,
>
> I'm testing the SNI configuration from dovecot's wiki page, to have
> multiple domains.
>
> I'm using letsencrypt certificates.
> On the 10-ssl.conf, when I only use one domain, like this, it works
> :
>
> ssl_ca = ssl_cert = ssl_key =
> I got a warning of course when using my second domain, mydomain2.fr.
>
> If I do the config :
>
> local_name mail.mydomain.fr {
> ssl_ca = ssl_cert = ssl_key = }
>
> local_name mail.mydomain2.fr {
> ssl_ca = ssl_cert = ssl_key = }
>
> I got this on dovecot's start :
>
> dovecot[930]: master: Error: service(imap-login): command startup
> failed, throttling for 8 secs
> dovecot[932]: imap-login: Fatal: Couldn't parse private ssl_key:
> error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting:
> ANY PRIVATE KEY
>
> It's working without local_name, so why it can be a certificate
> issue?
>
> Any idea?
>
> I'm using dovecot 2.2.27-3+deb9u2 from debian.
>
>
>
> Thanks,
> Nicola
Re: dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
MDAwMDAwWjBlMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-END CERTIFICATE-
---
Server certificate
subject=/C=AT/L=Salzburg/O=University of Salzburg/OU=Department of
Computer Science/CN=mail.cs.sbg.ac.at
issuer=/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 5255 bytes and written 362 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
1F74E0FB2AC74C65A4C68CAE898C305C6DB245A3566078A6C85E74572593951B
Session-ID-ctx:
Master-Key:
C6CEE7B44A640152E71EB72172DEC4DCD0604585A9D38427AA6E4604E4B8351458B648D
7010D8757924DDB82EC181585
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
- b2 8f ed 2a fc 9a f8 4e-4b aa b8 9e 56 e1 01
95 ...*...NK...V...
0010 - 3d 9b 01 c4 b6 dc 64 0a-9c 1a be 5d a4 7f f0
c9 =.d]
0020 - 12 d8 f0 94 f3 8c 92 7f-b8 fa f9 cd 60 e0 21
e8 `.!.
0030 - d3 63 77 65 6f e7 ec 04-09 b4 f2 bb df cd 6d
10 .cweo.m.
0040 - dd 1a 87 fb c1 b7 de 89-f2 05 0f 70 3b 0d ef
62 ...p;..b
0050 - d4 60 f7 54 1b 38 bf d9-8f f7 81 56 1f 61 2d
b6 .`.T.8.V.a-.
0060 - f4 06 f1 e3 ba 65 95 95-d0 6b dd 92 39 30 1f
e2 .e...k..90..
0070 - 6e 60 6e 39 d6 51 ed a4-ae 8e 4a b6 ae 3e d6
77 n`n9.QJ..>.w
0080 - d9 f9 5d d6 fc b1 a5 89-94 e9 4b c5 cb 39 24
3c ..]...K..9$<
0090 - 65 06 81 56 0b 16 d5 b6-a2 34 11 ea 18 c9 a3
6a e..V.4.j
00a0 - ae a7 62 75 f4 5b 37 31-6f f4 56 26 06 78 2c
62 ..bu.[71o.V&.x,b
Start Time: 1532434962
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
On Mon, 2018-07-23 at 10:05 +0300, Aki Tuomi wrote:
> Can you provide some details on what those openssl commands returned?
>
> Aki
>
>
> On 20.07.2018 12:14, Martin Johannes Dauser wrote:
> > Hi,
> >
> > I recognised some funny behaviour on my server. IMAP clients which
> > won't send an Server Name Indication (SNI) sometimes get the wrong
> > certificate. I would expect that those clients always get the
> > default
> > certificate (of my new domain), instead in about 20 to 50% of
> > connections the certificate of my old domain will be presented.
> > (sample rate was 3 times 30 connections)
> >
> > Clients sending SNI always get the right certificate.
> >
> > A user informed me that offlineIMAP complains
> > 'CA Cert verifying failed:
> > no matching domain name found in certificate'
> > So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI,
> > there is a newer version upstream though.
> >
> >
> > I myself checked the server's behaviour with openssl:
> >
> > $ openssl s_client -showcerts -connect IP-address:993
> >
> > and
> >
> > $ openssl s_client -showcerts -connect IP-address:993 -servername
> > imap.domain
> >
> >
> > I'm totally clueless about how come.
> >
> > Best regards
> > Martin Johannes Dauser
> >
> >
> >
> >
> > # 2.2.10: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux
> > Server release 7.5 (Maipo)
> >
> > ...
> >
> > service imap-login {
> > inet_listener imap {
> > address = 127.
anvil in 2.3.2.1?
Has anvil gone away in 2.3.2.1? I ask only because I don't find an example of anvil in the conf.d files anymore and I'm migrating from 2.2.10 version to 2.3.2.1. Thanks.
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Hi,
I recognised some funny behaviour on my server. IMAP clients which
won't send an Server Name Indication (SNI) sometimes get the wrong
certificate. I would expect that those clients always get the default
certificate (of my new domain), instead in about 20 to 50% of
connections the certificate of my old domain will be presented.
(sample rate was 3 times 30 connections)
Clients sending SNI always get the right certificate.
A user informed me that offlineIMAP complains
'CA Cert verifying failed:
no matching domain name found in certificate'
So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI,
there is a newer version upstream though.
I myself checked the server's behaviour with openssl:
$ openssl s_client -showcerts -connect IP-address:993
and
$ openssl s_client -showcerts -connect IP-address:993 -servername
imap.domain
I'm totally clueless about how come.
Best regards
Martin Johannes Dauser
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux
Server release 7.5 (Maipo)
...
service imap-login {
inet_listener imap {
address = 127.0.0.1
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 8
service_count = 0
}
...
ssl = required
# set default cert
ssl_cert =
Virtual mailbox doesn't refresh without deleting indexes
Hello, I have a virtual mailbox with the following dovecot-virtual file: mdbox/* -mdbox/Archive/* -mdbox/Junk -mdbox/Notes all younger 604800 not deleted This works at first, but after messages are older than 7 days, they continue to appear in this mailbox forever. Even if I close all IMAP clients and reconnect, I can't get the mailbox to omit the older-than-7-days messages without deleting its indexes. I have other virtual mailboxes that update as expected, but I don't think any of those are date-based. For example, this one "refreshes" as I'd expect: mdbox/* -mdbox/Archive/* -mdbox/Junk flagged Am I doing something wrong with the first virtual mailbox I mentioned above? I'm using dovecot 2.2.13 on Debian GNU/Linux. Thanks! --Bret
Re: changed behavior for dovecot-lda in 2.3.x
> Am 07.04.2018 um 22:16 schrieb Martin Waschbüsch : > > Hi all, > > Hey all, I upgraded to dovecot 2.3.1 (from 2.2.34) and noticed that the > behavior for dovecot-lda changed. Apparently it no longer accepts -f "" or -f > "<>? > With 2.2.34, both were accepted now I get: > > root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "<>" > lda(root): Fatal: Invalid -f parameter: Null path not allowed > > or > > root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "" > lda(root): Fatal: Invalid -f parameter: Path is empty string > > I guess this must be a bug? I mean, envelope sender *must* be empty for > bounces. In the list-archive, I saw at least one other person seemed to have had the same problem. Anyway, I fixed my immediate problem and created a pull-request which seems like the right thing to do: https://github.com/dovecot/core/pull/73 <https://github.com/dovecot/core/pull/73> perhaps this helps someone else, too. Thx, Martin
changed behavior for dovecot-lda in 2.3.x
Hi all, Hey all, I upgraded to dovecot 2.3.1 (from 2.2.34) and noticed that the behavior for dovecot-lda changed. Apparently it no longer accepts -f "" or -f "<>? With 2.2.34, both were accepted now I get: root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "<>" lda(root): Fatal: Invalid -f parameter: Null path not allowed or root@mail:~# /usr/local/libexec/dovecot/dovecot-lda -f "" lda(root): Fatal: Invalid -f parameter: Path is empty string I guess this must be a bug? I mean, envelope sender *must* be empty for bounces. Thanks, Martin
How to require client SSL certificate, except for local connections
Is there any way to make Dovecot 2.2.22 not require a client SSL
certificate for a local IMAP connection, but require it for any remote
IMAP connection?
My server is configured to require client certificates:
ssl = required
...
auth_ssl_require_client_cert = yes
I tried adding the following to create an exception for localhost:
remote 127.0.0.1 {
ssl = no
auth_ssl_require_client_cert = no
disable_plaintext_auth = no
}
But Dovecot fails to start with: doveconf: Fatal: Error in configuration
file /etc/dovecot/dovecot.conf line 81: Auth settings not supported
inside local/remote blocks:
Is there any other way to do this? I don't need to override any other
auth settings, just that one. I could probably use a Unix socket, if
that would help.
Thanks,
Evan
Re: Modify stored mail contents?
On 23/07/2017 3:30 PM, Sami Ketola wrote: On 23 Jul 2017, at 16.14, Tom Hendrikx wrote: In general, you should not do this. When a message is stored using IMAP, it is immutable. The IMAP server also remembers things like size and assigns messages a unique ID, so mail readers that have already downloaded the message with that ID, don't have to download the whole message again to verify whether it's contents have magically changed. What you're suggesting is not simply compatible with IMAP standards. The normal way of applying changes to messages is just like a mail client connecting to IMAP: create a new message and save it to the store, then delete the old one. Just like that. But instead of using IMAP interface to do it, you can also do it with doveadm: 1. doveadm fetch mail 2. doveadm delete mail 3. modify fetched mail 4. doveadm import modified mail back Simple as that. There is no other supported way to do it. Editing mail objects on storage will break things. Sami Thank you, that's an interesting idea. Exporting the mail and deleting it is easy enough, but I'm not sure where I would import the message from. doveadm import expects a mailbox store as source, so I'm back to the problem of safely writing emails in a mailbox store format that Dovecot understands! I can export to Maildir format [doveadm backup -u USER "maildir:/mymaildir:LAYOUT=fs"], where each file contains one message and nothing else, but even that has extra files like dovecot-uidlist, dovecot.index.cache, etc. I'm not sure if it's safe to import from a Maildir where the message contents have been modified, but the other files haven't. Also, would the import create new UIDs? I probably want UIDs to change, so that the IMAP client re-downloads the messages. I'd want to preserve IMAP flags like "Seen", though and, ideally, the sequence of messages inside a mailbox.
Re: Modify stored mail contents?
It looks like the mail filter plugin [https://wiki2.dovecot.org/Plugins/MailFilter] is almost exactly what I want, except for this: > Currently the filtering must not modify the message in any way: mail -> write filter -> read filter -> must produce exactly the original mail back. > (TODO: Modifying the mail during writing would be possible with some code changes.) Is there any prospect of those code changes being made, so that the filter can modify mail contents? There's no indication in the docs or the code of what would break if the contents were modified, but I'm guessing indexes and caches would be out of date and would need to be rebuilt? Is it possible to just disable those? I don't need high performance. On 22/07/2017 12:51 PM, Evan Martin wrote: Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps.
Re: Modify stored mail contents?
Yes, obviously clients can save messages. I meant: to modify messages in bulk, on the server, replacing the existing message bodies stored by Dovecot. On 22/07/2017 3:56 PM, Jerry wrote: On Sat, 22 Jul 2017 12:51:15 +0200, Evan Martin stated: Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps. You could just view the message in your MUA and then save it to another drive, or whatever. Then, using a text editor, you could modify it to your hearts content. Exactly, what problem are you trying to address?
Modify stored mail contents?
Is there a safe way to modify the contents of emails stored by Dovecot? I'll probably only want to change the message bodies, not the headers, if that matters. Looking for ways to do this both for existing emails and new emails as they are received (though anything that works for existing emails can probably just be run again for new emails.) My mail storage is currently mdbox, but I could migrate to another format if that helps.
Re: Dovecot LDAP using custom field to allow users to connect
Hi Michael,
Just noticed you are using auth_bind_userdn which we don't.
I think you may need to use pass_filter rather than user_filter??
Best Regards
Martin
On 2017-06-07 10:59, Martin Wheldon wrote:
Hi Michael,
We do exactly that see example below:
user_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
Does it work without the AllowUser section of the search?
Do you get any records back when you do a ldapsearch with your
user_filter search?
Best Regards
Martin
On 2017-06-07 09:48, Michael JOIGNY wrote:
Hi all,
I'd like to know if it's possible to add a custom field when the
authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter =
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf*
/
/passdb {//
// driver = ldap//
// args = /etc/dovecot/dovecot-ldap.conf//
//}/
*# dovecot-ldap.conf*
/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = //
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?
Kind regards.
--
Michael
Re: Dovecot LDAP using custom field to allow users to connect
Hi Michael,
We do exactly that see example below:
user_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
Does it work without the AllowUser section of the search?
Do you get any records back when you do a ldapsearch with your
user_filter search?
Best Regards
Martin
On 2017-06-07 09:48, Michael JOIGNY wrote:
Hi all,
I'd like to know if it's possible to add a custom field when the
authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter =
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf*
/
/passdb {//
// driver = ldap//
// args = /etc/dovecot/dovecot-ldap.conf//
//}/
*# dovecot-ldap.conf*
/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = //
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?
Kind regards.
--
Michael
Re: Compiling Dovecot on Solaris 10
Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature
Re: Sieve script won't compile. Compiler output isn't helpful.
Hi Steven,
OK a on closer inspection :)
You are missing a closing double quote on line 59:
fileinto :create "Lists/Debain/News;
should be:
fileinto :create "Lists/Debain/News";
Best Regards
Martin
On 2016-11-30 09:30, Steven Mainor wrote:
Hey martin,
Thanks for the reply! I made the changes you suggested but I got the
same results.
According to my understanding, #header "from" "per...@example.com"# is
correct for an exact match.
On 11/30/2016 04:10 AM, Martin Wheldon wrote:
Hi Steven,
I think you may be missing the :contains from the two header lines
below:
if anyof (header "From" "store-n...@amazon.com",
envelope :contains "From" "menswearhouse.com",
envelope :contains "From" "officedepot.com",
envelope :contains "From" "walgreens.com",
header "From" "pr...@email.newegg.com") {
fileinto :create "Promo";
stop;
if anyof (header :contains "From" "store-n...@amazon.com",
envelope :contains "From" "menswearhouse.com",
envelope :contains "From" "officedepot.com",
envelope :contains "From" "walgreens.com",
header :contains "From" "pr...@email.newegg.com") {
fileinto :create "Promo";
stop;
Hope that helps
Best Regards
Martin
On 2016-11-30 08:47, Steven Mainor wrote:
Hello! I hope you will forgive my ignorance but I have a problem I
have been trying to solve for a week and I'm not sure where else to
turn.
I'm trying to write a sieve script to sort all of my mail. I was
writing this script to replace the one I am currently using but I
can't seem to get it to compile. I don't know a lot about sieve or
really scripting of any kind and I just can't figure out what I'm
doing wrong.
The compiler just puts out a bunch of output that doesn't make sense.
like "unexpected character" when I know the character works there
because I am already running a script with some of the same lines.
I'm attaching the script with some names and addresses changed and
the
sieve output to this email.
I would greatly appreciate any help anyone could offer.
Re: Sieve script won't compile. Compiler output isn't helpful.
Hi Steven,
I think you may be missing the :contains from the two header lines
below:
if anyof (header "From" "store-n...@amazon.com",
envelope :contains "From" "menswearhouse.com",
envelope :contains "From" "officedepot.com",
envelope :contains "From" "walgreens.com",
header "From" "pr...@email.newegg.com") {
fileinto :create "Promo";
stop;
if anyof (header :contains "From" "store-n...@amazon.com",
envelope :contains "From" "menswearhouse.com",
envelope :contains "From" "officedepot.com",
envelope :contains "From" "walgreens.com",
header :contains "From" "pr...@email.newegg.com") {
fileinto :create "Promo";
stop;
Hope that helps
Best Regards
Martin
On 2016-11-30 08:47, Steven Mainor wrote:
Hello! I hope you will forgive my ignorance but I have a problem I
have been trying to solve for a week and I'm not sure where else to
turn.
I'm trying to write a sieve script to sort all of my mail. I was
writing this script to replace the one I am currently using but I
can't seem to get it to compile. I don't know a lot about sieve or
really scripting of any kind and I just can't figure out what I'm
doing wrong.
The compiler just puts out a bunch of output that doesn't make sense.
like "unexpected character" when I know the character works there
because I am already running a script with some of the same lines.
I'm attaching the script with some names and addresses changed and the
sieve output to this email.
I would greatly appreciate any help anyone could offer.
Re: Problem with multiple ldap passdb
Hi,
In case anyone is experiencing the same issue in the future, seems that
this probably is a bug.
I've upgraded to dovecot 2.2.24 from Jessie backports and it works as
documented with no configuration changes.
Hope someone else finds this useful.
Best Regards
Martin
On 2016-11-22 16:39, Martin Wheldon wrote:
Hi mailing list,
I'm currently running dovecot 2.2.13 from Debian Jessie, all is
running fine. However I am attempting to merge 2 LDAP authentication
sources.
I would like to attempt to authenticate against the first
authentication source, if that fails either by password fail or user
not found,
then attempt the next LDAP server.
I've added the a passdb and userdb entry for the new ldap server. As
you can see from the log below the user isn't found in the first LDAP
query, but
is in the second one. However the authentication fails:
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=WTLjLuRB9QBRlIlQ#011lip=51.254.222.112#011rip=81.148.137.80#011lport=143#011rport=56821#011resp=AG1hcnRpbi53aGVsZG9uQGdyXWVuaGlsbHMtaXQuY28udWsAQ3JhY2spbk4wdw==
(previous base64 data may contain sensitive data)
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): bind search:
base=dc=greenhills-it,dc=co,dc=uk
filter=(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=martin.wheldon
at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk)))
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Error: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,):
ldap_search(base=dc=greenhills-it,dc=co,dc=uk
filter=(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=martin.wheldon
at greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk
failed: No such object
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): bind search:
base=dc=greenhills-it,dc=co,dc=uk filter=(|(uid=martin.wheldon at
greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk))
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): result:
uid=0001; uid unused
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): username
changed martin.wheldon at greenhills-it.co.uk -> 0001
Nov 22 13:59:38 he01-imap-01 dovecot: auth: Debug:
ldap(0001,81.148.137.80,): result: uid=0001
Nov 22 13:59:40 he01-imap-01 dovecot: auth: Debug: client passdb out:
FAIL#0111#011user=0001#011temp#011original_user=martin.wheldon at
greenhills-it.co.uk
I know that the password was entered correctly because if I disable
the new ldap config and login I get authenticated properly.
Nov 22 14:00:38 he01-imap-01 dovecot: auth: Debug: auth client
connected (pid=2626)
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=ipKBMuRBBQBRlIlQ#011lip=51.254.222.112#011rip=81.148.137.80#011lport=143#011rport=38149#011resp=AG1hcnRpbi53aGVsZG9uQGdyXWVuaGlsbHMtaXQuY28udWsAQ3JhY2spbk4wdw==
(previous base64 data may contain sensitive data)
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): bind search:
base=dc=greenhills-it,dc=co,dc=uk filter=(|(uid=martin.wheldon at
greenhills-it.co.uk)(mail=martin.wheldon at greenhills-it.co.uk))
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): result:
uid=0001; uid unused
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: ldap(martin.wheldon
at greenhills-it.co.uk,81.148.137.80,): username
changed martin.wheldon at greenhills-it.co.uk -> 0001
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug:
ldap(0001,81.148.137.80,): result: uid=0001
Nov 22 14:00:39 he01-imap-01 dovecot: auth: Debug: client passdb out:
OK#0111#011user=0001#011original_user=martin.wheldon at
greenhills-it.co.uk
I've done loads of googling and I believe that this is possible so I
must either have misread the documentation or am triggering a bug.
Neither of which I seem to be able to confirm.
Any help would be much appreciated.
My broken configuration is below:
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
default_vsz_limit = 512 M
lmtp_rcpt_check_quota = yes
lmtp_save_to_detail_mailbox = yes
mail_location = maildir:~/Maildir
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
Re: Updated my Dovecot certificate for the first time
Hi Steve, You could create your own private CA then sign your Dovecot certificate with the CA cert and alpine should then trust it. Best Regards Martin On 2016-11-24 15:37, Steve Litt wrote: On Thu, 24 Nov 2016 07:52:51 +0100 (CET) Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Nov 2016, Steve Litt wrote: >On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers > wrote: >> $ strings $(whence alpine) | grep '^/.*certs$' >> /etc/ssl/certs > > The directory or the certs isn't the problem. Alpine sees the > self-signed cert I just made, but complains because it's > self-signed, and gives me the choice between saying "yes" every > time, and just not checking for certs at all. "sees the self-signed cert"? Did you've added it as trusted to the CA as Greg said and wrote what to do? No. I don't want to deal with a third party "Trusted Party": I want it self-signed. What I was looking for was a way Alpine could be set to check for a cert, warn if the cert is conflicting, but not warn if it's self-signed. Thanks, SteveT Steve Litt November 2016 featured book: Quit Joblessness: Start Your Own Business http://www.troubleshooters.com/startbiz
Problem with multiple ldap passdb
sdb {
args = /etc/dovecot/dovecot-ldap-new.conf.ext
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
skip = authenticated
}
plugin {
antispam_backend = pipe
antispam_pipe_program = /usr/sbin/sendmail
antispam_pipe_program_args = -f;%{auth_user};-r;%{auth_user}
antispam_pipe_program_notspam_arg = retrain-as-...@greenhills-it.co.uk
antispam_pipe_program_spam_arg = retrain-as-s...@greenhills-it.co.uk
antispam_spam = Spam
antispam_trash = Trash
quota = maildir:User quota
quota_rule = *:storage=1G
quota_rule2 = Trash:ignore
quota_rule3 = Spam:ignore
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/move-spam.sieve
sieve_dir = ~/sieve
}
protocols = " imap lmtp sieve pop3"
service imap-login {
process_min_avail = 20
service_count = 1
}
service imap {
process_min_avail = 20
}
service lmtp {
inet_listener lmtp {
address = he01-imap-01.greenhills-it.co.uk 127.0.0.1
port = 2003
}
}
service pop3 {
process_min_avail = 20
}
ssl = required
ssl_cert = ssl_cipher_list =
ALL:HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:!PSK:!DES:!3DES:!MD5:!DES+MD5:!RC4:!SEED+SHA:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!eNULL:!aNULL:@STRENGTH
ssl_dh_parameters_length = 2048
ssl_key = ldap://he01-auth-01.greenhills-it.co.uk
dn = uid=dovecot,ou=people,ou=SRV_Accounts,dc=greenhills-it,dc=co,dc=uk
dnpass = VerySecret
sasl_bind = no
auth_bind = yes
ldap_version = 3
base = dc=greenhills-it,dc=co,dc=uk
scope = subtree
user_attrs =
homeDirectory=home,uidNumber=uid,gidNumber=gid,gosaMailQuota=quota_rule=*:storage=%$M
user_filter = (|(uid=%u)(mail=%u)(gosaMailAlternateAddress=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (|(uid=%u)(mail=%u))
default_pass_scheme = CRYPT
# Non working LDAP configuration
# /etc/dovecot/dovecot-ldap-new.conf.ext
uris = ldap://dir.greenhills-it.co.uk
dn = "cn=dovecot,ou=search
accounts,ou=services,dc=greenhills-it,dc=co,dc=uk"
dnpass = VerySecret
sasl_bind = no
tls = yes
tls_ca_cert_file = /etc/ssl/certs/GreenhillsCACert.pem
tls_require_cert = demand
debug_level = -1
auth_bind = yes
ldap_version = 3
base = ou=customers,dc=greenhills-it,dc=co,dc=uk
scope = subtree
user_attrs =
homeDirectory=home,uidNumber=uid,gidNumber=gid,ukFirmGhITAccMailQuota=quota_rule=*:storage=%$M
user_filter =
(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_attrs = uidNumber=user
pass_filter =
(&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
default_pass_scheme = SSHA
Best Regards
--
Martin Wheldon
Greenhills IT Ltd.
Telephone: 01904 238 454
Website: www.greenhills-it.co.uk
Greenhills IT Ltd. is a limited company registered in England and Wales.
Company Registration No: 06387214
Registered Offices: 2 Greenhills, Claxton, YORK, North Yorkshire, YO60
7SA
Tighten TLS - usage of specific ssl_ec-curve
Hi folks, at first: thanks very much for the great piece of software!
I have a proposal to tighten the TLS security: enable the usage of a specific
ec-curve in the 10-ssl.conf, e.g.
ssl_ec-curve = secp384r1
Reason: I use a 384 bit EC server key, but dovecot uses "only" a prime256v1
curve.
Keygen was:
f=dovecot; openssl ecparam -name secp384r1 -genkey -out $f.key
openssl req -new -x509 -key $f.key -out ${f}.crt -days 2000 -sha512
Server check gives:
prio ciphersuiteprotocols pfs curves
1 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2ECDH,P-256,256bits prime256v1
2 ECDHE-ECDSA-AES128-SHA256 TLSv1.2ECDH,P-256,256bits prime256v1
3 ECDHE-ECDSA-AES128-SHA TLSv1.2ECDH,P-256,256bits prime256v1
4 ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2ECDH,P-256,256bits prime256v1
5 ECDHE-ECDSA-AES256-SHA384 TLSv1.2ECDH,P-256,256bits prime256v1
6 ECDHE-ECDSA-AES256-SHA TLSv1.2ECDH,P-256,256bits prime256v1
Certificate: UNTRUSTED, 384 bit, ecdsa-with-SHA512 signature
$ sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_protocols = !SSlv2 !SSLv3 TLSv1.2
ssl_cipher_list =
EECDH+AES128+AESGCM:EECDH+AES256+AESGCM:EECDH+AES128+SHA256:EECDH+AES256+SHA384:EECDH+AES128+SHA:EECDH+AES256+SHA
ssl_prefer_server_ciphers = yes
ssl_key =
Re: EVP_PKEY_get1_EC_KEY:expecting a ec key
Great, thank you for the information! Regards Martin Am 09.12.2015 um 14:07 schrieb Oliver Riesen-Mallmann: Hi, problem solved with update to 2:2.2.20-1~auto+8. Thanks Oliver
Re: EVP_PKEY_get1_EC_KEY:expecting a ec key
Hi Teemu and Oliver,
by the way - I have the very same issue in my logs too.
I'm using dovecot 2.2.20.rc1 for debian using
http://xi.rename-it.nl/debian/ as my package source.
Regards
Martin
Am 08.12.2015 um 10:23 schrieb Oliver Riesen-Mallmann:
Hi Teemu,
Could you post your doveconf -n output?
# 2.2.20.rc1 (ed41702f14c2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.10.rc1
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.9
auth_mechanisms = plain login
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_greeting = Ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_location = maildir:%h/mails
mail_plugins = zlib
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
namespace inbox {
inbox = yes
list = yes
location = maildir:%h/mails
mailbox Archiv {
auto = subscribe
special_use = \Archive
}
mailbox Archives {
auto = no
special_use = \Archive
}
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox "Gelöschte Elemente" {
auto = no
special_use = \Trash
}
mailbox Gesendete {
auto = no
special_use = \Sent
}
mailbox "Gesendete Elemente" {
auto = no
special_use = \Sent
}
mailbox Junk-E-Mail {
auto = no
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
type = private
}
passdb {
driver = shadow
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmas...@langzeittest.de
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl_cert =
Let lmtp create target directories
Hello, we're using vmm¹ to manage our postfix+dovecot virtual mail setup, which allows us to give every virtual user a separate EUID and every domain a separate EGID for additional security (vs. handling all virtual mail with a single "vmail" user). As a consequence, however, vmm must itself create the user directories with the appropriate owners, and to do so, it requires root rights. I am trying to investigate getting rid of this need³. Since Dovecot quite happily creates ~/Maildir when necessary, couldn't it also create parents? The home directory should be trivial (same EUID/EGID), but grandparents etc. might need a different policy (e.g. 0/EGID for the grandparent, 0/0 for great-grandparents, etc.). Is this something that could fall within the realm of Dovecot's lmtp? Or is the lmtp invoked as the user and doesn't actually drop root? If so, might there be another way? ¹) http://vmm.localdomain.org/² ²) Hallo Pascal ³) http://bugs.debian.org/804382 Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- antoine de saint-exupéry spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: Disabling auth fallback to PAM
also sprach Timo Sirainen [2015-11-21 14:14 +1300]: > Well, your topic is PAM. Is it? My point is that PAM should not even be asked if an authentication source beforehand knows about a user but the password cannot be verified. > But.. Right now passdb has result_success, result_failure and > result_internalfail. I suppose it should be possible to add > result_user_unknown there that defaults to result_failure if it's > not explicitly set. result_user_known should be resturned when the authentication source does not know about a user. If the authentication source knows a user but fails to authenticate him/her due to a password mismatch, the result should rather be result_auth_failure. Those two should really replace result_failure and the dovecot authentication stack should only continue on result_user_known or result_internalfail. If we get result_success or result_auth_failure, then authentication is done and no further sources should be considered. -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ only by counting could humans demonstrate their independence of computers. -- douglas adams, "the hitchhiker's guide to the galaxy" spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Disabling auth fallback to PAM
Hi folks, According to the wiki,¹ it's considered a feature of Dovecot and its ability to support multiple authentication sources that "if the password doesn't match in the first database, it checks the next one". ¹) http://wiki.dovecot.org/Authentication/MultipleDatabases I think it's great that Dovecot allows auth sources to be stacked like this, but I am not sold on the idea that the next database ought to be tried when a *password* does not match. Let me elaborate: If the first database has knowledge of a user, then it can (should) be considered authoritative, and if the provided password does not match, it's an authentication error right away. Only if the first source does not posess any knowledge about a given user, then should Dovecot proceed to query/check with the next database. Can this be configured somehow? If not, would it make sense to make this behaviour configurable? Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ "the ships hung in the sky in much the same way that bricks don't." -- hitchhiker's guide to the galaxy spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Sorry, another faq
I've installed a mailserver according to these instructions: http://www.server-world.info/en/note?os=CentOS_7&p=httpd&f=13 When I try to login to the server through Roundcube webmail I get Connection to storage server failed. So checking on this [12-Jun-2015 11:28:53 +]: <6jap13r2> IMAP Error: Login failed for martin from 83.251.209.249. Could not connect to ssl://myserver:993: Permission denied in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 198 (POST /roundcubemail/? /etc/roundcubemail/config.inc.php Has the following: $config['default_host'] = 'ssl://mail.myserver.tld'; [address obfuscated] $config['default_port'] = 993; as I understand should be correct. I've been looking at various posts on the net that says the problem is a permission on dovecot, but I fail to find anything to how to fix this as it looks right to me. Any suggestions? /Martin S -- Regards, Martin S
Re: Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
Hello Claus,
I've installed dovecot-2.2.15-3.fc20.x86_64.rpm +
dovecot-pigeonhole-2.2.15-3.fc20.x86_64.rpm from Fedora guys and it
works like a charm.
Thank you!
Martin
Dňa 12.2.2015 18:20 Claus napísal(a):
Am 12.02.2015 um 15:47 schrieb Martin Štefany:
Hello,
I've ran into problem with Dovecot and dsync replication. Everything
works perfectly, including replication of sieve scripts, except fact
that if user activates the 'managesieve' ruleset (I'm using currently
Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2"
host, by creating symlink ".dovecot.sieve ->
.sieve/managesieve.sieve". I've also tried to use
'replication_full_sync_interval', but symlink is not created anyway.
I found 2 references already for this problem, but none came to any
conclusion:
http://dovecot.org/pipermail/dovecot/2014-June/096650.html
http://www.dovecot.org/list/dovecot/2014-September/097857.html
Here is the output from 'doveconf -n' from both hosts for reference ::
mail1 ::
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release
7.0.1406 (Core)
auth_cache_size = 5 M
auth_debug = yes
auth_default_realm = example.com
auth_gssapi_hostname = mail.example.com
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain gssapi
auth_realms = example.com
auth_verbose = yes
doveadm_password =
lmtp_save_to_detail_mailbox = yes
mail_debug = yes
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_lucene notify quota replication virtual zlib"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox All {
auto = create
special_use = \All
}
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Templates {
auto = subscribe
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
plugin {
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
mail_replica = tcps:mail2.example.com:10993
quota = maildir:User quota
quota_rule = *:storage=4GB
quota_rule2 = Trash:storage=+50MB
sieve = ~/.dovecot.sieve
sieve_after = /srv/sieve/after.d/
sieve_before = /srv/sieve/before.d/
sieve_default = /srv/sieve/default.d/dovecot.sieve
sieve_dir = ~/.sieve
sieve_global_dir = /srv/sieve/
zlib_save = gz
zlib_save_level = 9
}
postmaster_address = postmas...@example.com
protocols = imap lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
group = vmail
mode = 0660
user = vmail
}
unix_listener replication-notify {
group = vmail
mode = 0660
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
service doveadm {
inet_listener {
port = 10993
ssl = yes
}
}
service imap-login {
inet_listener imaps {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_ca = ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_file = /etc/ipa/ca.crt
ssl_client_cert = mail_plugins = " fts fts_lucene notify quota replication virtual
zlib sieve"
}
protocol imap {
mail_plugins = " fts fts_lucene notify quota replication virtual
zlib imap_quota imap_zlib"
}
mail2 ::
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-123.20.1.el7.x86_64 x86_64 CentOS Linux release
7.0.1406 (Core)
auth_cache_size = 5 M
auth_debug = yes
auth_default_realm = example.com
auth_gssapi_hostname = mail.example.com
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain gssapi
auth_realms = example.com
auth_verbose = yes
doveadm_password =
lmtp_save_to_detail_mailbox = yes
mail_debug = yes
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_lucene notify quota replic
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
ildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── tmp
│ └── .Trash
│ ├── cur
│ ├── dovecot.index.log
│ ├── dovecot-uidlist
│ ├── maildirfolder
│ ├── new
│ └── tmp
└── .sieve
├── managesieve.sieve
└── tmp
[root@mail2 ~]# tree -a /srv
/srv
├── sieve
│ ├── after.d
│ ├── before.d
│ │ ├── spam.sieve
│ │ └── spam.svbin
│ └── default.d
└── vmail
└── example.com
└──
├── Maildir
│ ├── .All
│ │ ├── cur
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── .Archives
│ │ ├── cur
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── cur
│ ├── dovecot.index.cache
│ ├── dovecot.index.log
│ ├── dovecot-keywords
│ ├── dovecot.mailbox.log
│ ├── dovecot-uidlist
│ ├── dovecot-uidvalidity
│ ├── dovecot-uidvalidity.54dbb6f5
│ ├── .Drafts
│ │ ├── cur
│ │ ├── dovecot.index.cache
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── .Junk
│ │ ├── cur
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── lucene-indexes
│ │ ├── _k.cfs
│ │ ├── segments_17
│ │ └── segments.gen
│ ├── maildirfolder
│ ├── maildirsize
│ ├── new
│ ├── .Sent
│ │ ├── cur
│ │ ├── dovecot.index.cache
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── subscriptions
│ ├── .Templates
│ │ ├── cur
│ │ ├── dovecot.index.log
│ │ ├── dovecot-uidlist
│ │ ├── maildirfolder
│ │ ├── new
│ │ └── tmp
│ ├── tmp
│ └── .Trash
│ ├── cur
│ ├── dovecot.index.log
│ ├── dovecot-uidlist
│ ├── maildirfolder
│ ├── new
│ └── tmp
└── .sieve
├── managesieve.sieve
└── tmp
Thanks a lot for Dovecot anyway! ;)
Martin
dsync SSL fails since 2.2.15
Hello list, dovecot ran rock-solid on OSX Mavericks for about 1 year replicating my mail between 2 servers via dsync with SSL as that is well described here: http://wiki2.dovecot.org/Replication After upgrading to 2.2.15, dsync gets stuck with the Error: "Received invalid SSL certificate" even though neither any of the dovecot configs nor the certs, keys or the CA have changed! When I simply outcomment SSL and switch dsync to use tcp (instead of tcps) everthing replications still works like a charm. Please help me to get SSL back working! I did a lot of testing and come up with a concrete QUESTION below, hopefully leading the way out of this trap. What happend = 2 days before I upgraded one of the machines to OSX Yosemite. Along with this, I also upgraded to dovecot 2.2.15 via homebrew (unfortunately on both machines at once). During this process, also openssl was updated to "OpenSSL 1.0.1k 8 Jan 2015". If checking the unchanged certs against the CA, however, the results are still "OK". 1st check: OK == sudo /usr/bin/openssl verify -CAfile /etc/ssl/ca/dovecotCA.pem /etc/ssl/certs/dovecot_on27_signed_cert.pem Password: /etc/ssl/certs/dovecot_on27_signed_cert.pem: OK 2nd check: OK (providing the CAfile and connecting to the doveadm_port) === openssl s_client -CAfile /etc/ssl/ca/dovecotCA.pem -connect on27.linkpc.net:8082 CONNECTED(0003) depth=1 CN = dovecotCA2, O = dovecot, OU = dovecot, ST = dovecot, C = AF, L = dovecot, emailAddress = m...@aiguphonie.com verify return:1 depth=0 CN = on27.linkpc.net, O = dovecot, OU = dovecot, ST = dovecot, C = AF, L = dovecot, emailAddress = m...@aiguphonie.com verify return:1 --- Certificate chain 0 s:/CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com i:/CN=dovecotCA2/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com --- Server certificate -BEGIN CERTIFICATE- dmVjb3RDQTIxEDAOBgNVBAoMB2RvdmVjb3QxEDAOBgNVBAsMB2RvdmVjb3QxEDAO [...] +g== -END CERTIFICATE- subject=/CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com issuer=/CN=dovecotCA2/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com --- No client certificate CA names sent --- SSL handshake has read 1709 bytes and written 487 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: C4DDBA1FA50039FA5D94EF2359BA037B3903D66B6B637CA0733A9216BFCC3996 Session-ID-ctx: Master-Key: 0495D21CA11AA54856D78B48C3DBE9B70EFFB65F13224B430D2B4B2F80F12BE5A89F31454F9577F22F5DDC26FDBAAFAC Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: [...] 0090 - 2d 97 37 15 bd a9 be 68-c1 79 fa dd d8 75 76 3f -.7h.y...uv? Compression: 1 (zlib compression) Start Time: 1421443766 Timeout : 300 (sec) Verify return code: 0 (ok) --- - Yet, testing dsync yields: ERROR == sudo -u _vmail doveadm -v sync -u test tcps:on27.linkpc.net Password: doveadm(test): Info: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com doveadm(test): Error: doveadm server disconnected before handshake: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com doveadm(test): Fatal: Disconnected from remote: Received invalid SSL certificate: certificate signature failure: /CN=on27.linkpc.net/O=dovecot/OU=dovecot/ST=dovecot/C=AF/L=dovecot/emailAddress=m...@aiguphonie.com QUESTION = So the question clearly is, how does dovecot check the cert against the CA exactly? Is there a call to the openssl cmd or is the library linked into dovecotadm? If liked, what version is used and how can I possibly change it? or: What's wrong with my CA and cert(s) all of a sudden? How can I create new CA for two certs fitting the (new) needs of dovecotadm? THANK YOU! == Here are my full but rather simple configs of both machines: == 1st machine: Yosemite # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Darwin 14.0.0 x86_64 base_dir = /var/run/dovecot/ default_internal_user = _dovecot default_login_user = _dovenull doveadm_password = secret doveadm_port = 8082 log_path = /usr/local/var/log/doveco
Re: Move mail behavior
On Wed, 2014-11-26 at 07:31 +0100, Steffen Kaiser wrote: > On Mon, 24 Nov 2014, Martin Stigge wrote: > > > I've recently migrated my IMAP mail setup from a server running an older > > Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with > > dovecot 2.2.13. In the old setup, it used to be so that a mail moved > > from a folder to another one was marked as deleted in the originating > > folder (in dovecot 1.2.15). In the new setup, the mail just disappears > > from the originating folder (with dovecot 2.2.13). The mail arrives > > properly in the target folder, so that's fine. But I actually liked the > > old behavior. > After a little more digging I found that dovecot 2.2 implements the IMAP MOVE extension from RFC 6851 which my clients also support. Before that, a copy with delete was used, explaining the different behavior. I also see MOVE announced as a capability, so my clients use it. So, no config issue, just a new feature. Regards, Martin
Move mail behavior
Hi! I've recently migrated my IMAP mail setup from a server running an older Debian Squeeze with dovecot 1.2.15 to a new Debian Jessie system with dovecot 2.2.13. In the old setup, it used to be so that a mail moved from a folder to another one was marked as deleted in the originating folder (in dovecot 1.2.15). In the new setup, the mail just disappears from the originating folder (with dovecot 2.2.13). The mail arrives properly in the target folder, so that's fine. But I actually liked the old behavior. I observe this with Evolution as well as Icedove (Thunderbird) mail clients, which is why I assume that it's actually a change in the IMAP server behavior. Is it supposed to behave like that? Is there a way to configure this? Regards, Martin signature.asc Description: This is a digitally signed message part
replication sieve settings
Hello,
can someone give me a hint, where to find an info, how to setup dovecote
replication with sieve?
On my active.active setup, it replicates the user mdboxes
and sieve works also, on the active destination fileserver.
Client changes the sieve, tests work fine. But the sieve file won't get
replicated to the replica server.
As i've researched, it was introduced in dovecot v2.2.rc3
Is it default, that doveadm replicator replicate '*'
includes the sieve and i made a config error?
Or is there an option to set for the replication service?
On dovecot director server, i've set director
in conf.d/20-managesieve.conf
service managesieve-login {
executable = managesieve-login director
inet_listener sieve {
port = 4190
}
}
and added sieve to plugins
in conf.d/20-lmtp.conf
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
doveconf -n
...
director_mail_servers = 192.168.200.10 192.168.200.11
director_servers = 192.168.200.1:9090 192.168.200.2:9090
disable_plaintext_auth = no
doveadm_port = 24245
lmtp_proxy = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3"
...
service managesieve-login {
executable = managesieve-login director
inet_listener sieve {
port = 4190
}
}
...
protocol lmtp {
auth_socket_path = director-userdb
mail_plugins = " sieve"
}
...
Thank you
Martin Schmidt
Germany
Re: dovecot replication (active-active) - server specs
Hello Am 09.10.2014 um 20:41 schrieb Urban Loesch: Hi, Am 09.10.2014 12:35, schrieb Martin Schmidt: Our MX server is delivering ca. 30 GB new mails per day. Two IMAP proxy server get the connections from the users. Atm. without dovecot director. We've got around 700k connections per day (imap 200k / pop3 500k) Are this the hole connections per day? How many concurrend connections do you have at the same time on each server? we've got 3 Fileserver with ca. 1200 concurrend IMAP connections and ca. 50 concurrend POP3 connections on each server. So we want to make a new system. We desire the new system to use mdbox format ( bigger files, less I/O) and replication through dovecot replication (active/active) instead of drbd. I have no experience with dovecot replication (Still on our roadmap). We are currently using drbd on a 10Gbit dedicated link. Works very well for us. Each fileserver should know every mailbox/user and for the time being 2 dovecot proxies for the user connections (IMAP/POP). (later after the migration from the old system to the new, dovecot director instead of proxies, for caching reasons). As Florian said, enable zlib. This also decreases I/O, but needs a bit more of CPU. But not that much. Yes we have enabled it, estimated space saving is up to 40% we've got 2 new fileservers, they have each SSD HDDs for "new-storage" and 7200rpm SATA HDDs on RAID 5 with 10 TB for "alt-storage" 32 GB RAM per Server You also could move the INDEX files from mdbox to different SSDs. We are doing so with 40k accounts and 2TB user data. Index partition has only 22GB used and is increasing not very fast. On our testsystem we've got it also on a raid 1 SSD, only alt-storage is on raid 5. Looks good. Do you have some tips for the system? Do you believe 32 GB RAM are enough for one fileserver each and have you experience with the I/O Waiting problem with huge amounts of Data on the alt-storage? Could there be issues with the RAM, if one fileserver has a downtime, so the second one has to take over all mailboxes for a short amount of time? I think memory is not the problem. On IMAP/POP3 servers the main problem is I/O. But with dovecot mdbox and index files on SSD's we have no problem at the moment. On each of our 3 Fileserver we've got 16 GB RAM, 5-7 GB is used and rest is cached. You might be right, the i/o is always the bottleneck. In general are only 2 new fileserver enough or should we think in bigger dimensions, like 4 fileserver Storage expansion in the new servers should not be a problem (bigger HDDs and a few slots free, so we can expand the raid 5). We are using raid 10 hardware raid controller with cache and sata 7200rpm disks. OK, raid 10 needs more disks, but is much faster than raid 5. Raid 5 is not very fast in my eyes. We've made tests with raid 10 and raid 5, on 4 sata 7200rpm disks, of course raid 10 was faster, but overall not very much. And you can expand raid 5 easier. Can you tell me, if you have a high "Waiting" on your alt-storage? thank you kind regards Martin Schmidt Regards Urban Thank you for your impressions. kr Martin Schmidt
dovecot replication (active-active) - server specs
Hello, i have some questions about the new dovecot replication and mdbox format. my company has currently 3 old dovecot 2.0.x fileserver/backend with ca. 120k mailboxes and ca. 6 TB data used. They are synchronised per drbd/corosync. Each fileserver/backend have ca. 40k mailboxes im Maildir format. Our MX server is delivering ca. 30 GB new mails per day. Two IMAP proxy server get the connections from the users. Atm. without dovecot director. We've got around 700k connections per day (imap 200k / pop3 500k) The system is getting issues because the fileserver still have old slow HDDs. Users sometime get connection timeouts, because the fileserver can not answer fast enough due to I/O waiting lag. So we want to make a new system. We desire the new system to use mdbox format ( bigger files, less I/O) and replication through dovecot replication (active/active) instead of drbd. Each fileserver should know every mailbox/user and for the time being 2 dovecot proxies for the user connections (IMAP/POP). (later after the migration from the old system to the new, dovecot director instead of proxies, for caching reasons). we've got 2 new fileservers, they have each SSD HDDs for "new-storage" and 7200rpm SATA HDDs on RAID 5 with 10 TB for "alt-storage" 32 GB RAM per Server Do you have some tips for the system? Do you believe 32 GB RAM are enough for one fileserver each and have you experience with the I/O Waiting problem with huge amounts of Data on the alt-storage? Could there be issues with the RAM, if one fileserver has a downtime, so the second one has to take over all mailboxes for a short amount of time? In general are only 2 new fileserver enough or should we think in bigger dimensions, like 4 fileserver Storage expansion in the new servers should not be a problem (bigger HDDs and a few slots free, so we can expand the raid 5). thank you kind regards Martin Schmidt
Re: multiple IMAP sessions when connecting from one client
> On 08/27/2014 11:22 AM, Steffen Kaiser wrote: > On Wed, 27 Aug 2014, Martin Vegter wrote: > >> This looks like 4 separate sessions are created when I log in from one >> client. > >> Is this normal behavior? >> Can somebody please explain why this is so? > > because Thunderbird wants to access 4 mailboxes simultaneously, e.g. to > check or wait for new messages. That would make sense. But I have 5 mailboxes in total (Inbox, Sent, Draft, Archive, Trash). Although, I suspect Inbox has special status because it is not defined together with the other four in 15-mailboxes.conf
multiple IMAP sessions when connecting from one client
Hello, I am using Postfix/Dovecot/IMAP. Everything is working fine, but I have noticed that every time I connect with Thunderbird to my server via IMAP, not one but 4 connections are being logged into /var/log/mail/mail.log: 2014-08-27 09:17:46 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12519, TLS, session= 2014-08-27 09:17:53 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12521, TLS, session= 2014-08-27 09:17:53 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12523, TLS, session= 2014-08-27 09:17:54 dovecot: imap-login: Login: user=, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12525, TLS, session= This looks like 4 separate sessions are created when I log in from one client. Is this normal behavior? Can somebody please explain why this is so? My Dovecot version is 2.1.7 regards, Martin
Dovecot ignores existing mailboxes and creates its own
Hello,
I have Postfix with Maildir format. User's emails are being delivered into
$HOME/mail/inbox
Apart from ~/mail/inbox, there are the usual folders:
$HOME/mail/archive
$HOME/mail/drafts
$HOME/mail/inbox
$HOME/mail/trash
Now I have installed dovecot, and set
mail_location = maildir:~/mail:LAYOUT=fs
additionally, I have defined mailboxes as follows:
namespace inbox {
mailbox drafts {
special_use = \Drafts
}
mailbox sent {
special_use = \Sent
}
mailbox trash {
special_use = \Trash
}
}
The problem I am having is following:
1) dovecot ignores the folders (drafts, sent, trash) and creates its own
folders begining with capiotal letter:
Drafts
Sent
Trash
2) dovecot ignores ~/mail/inbox and instead creates
~/mail/cur
~/mail/new
~/mail/tmp
can somebody please advise how to tell dovecot, to use my existing
folder structure, ie:
~/mail/inbox/{cur,new,tmp}
~/mail/drafts/{cur,new,tmp}
~/mail/sent/{cur,new,tmp}
~/mail/trash/{cur,new,tmp}
any advice would be much appreciated
thanks,
Martin
Re: [Dovecot] Outlook 2007 & 2010 hangs in v2.2?
Am 05.06.2014 16:38, schrieb Timo Sirainen: Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this. how large? -- Viele Grüße, Martin Rabl
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 11:56 +0100]: > Looks nice -- any experince using it with tine20 later? I have no idea what tine20 is and the website only contains buzzwords, sorry. vmm is pretty flexible how the underlying data representation in pgsql, so you can probably tweak anything. -- martin | http://madduck.net/ | http://two.sentenc.es/ "out of the crooked timber of humanity, no straight thing was ever made." -- imanuel kant spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Looking for HowTo Postifx, Dovecot and PostgreSQL
also sprach Frank Lanitz [2014-02-10 10:14 +0100]: > I know it's a bit a n00bish question, but I'm a little confused about > this many different ways on setting up dovecot with postfix and using a > PostgreSQL backend for virtual hosts. I've found this one quiet helpful: > http://wiki2.dovecot.org/HowTo/DovecotPostgresql > even it seems to be little outdated for recent versions of dovecot (the > auth part of dovecot.conf). Also its lagging some inforamtions I wasn't > able to find on my own (e.g. how to set password for a imap account). I suggest to have a look at http://vmm.localdomain.org/index.html -- martin | http://madduck.net/ | http://two.sentenc.es/ "if I can't dance, i don't want to be part of your revolution." - emma goldman spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach Stephan Bosch [2013-12-28 08:31 +1300]:
> This configuration is incomplete. Your logs should show an error about
> that. Testing with sieve-test shows:
Oh, thank you for introducing me to sieve-test, somehow I have
missed that. Sorry!
And thank you also for your quick reply!
Unfortunately, the problem remains, and sieve-test is not as helpful
as I had hoped. My script is attached, as well as the wrapper I use
for spamc.
Here is the output generated by sieve-test. The spam message is
bare and does *not* contain the wanted headers, because those are
added by vnd.dovecot.filter invoking spamc:
% sieve-test -D -t- -Tlevel=matching -x +spamtest /tmp/spam.sieve
/tmp/spam.msg
sieve-test(madduck): Debug: sieve: include: sieve_global_dir is not set; it
is currently not possible to include `:global' scripts.
sieve-test(madduck): Debug: sieve: Pigeonhole Sieve Extprograms plugin
version 0.1.0 loaded
debug: script binary /tmp/spam.svbin successfully loaded.
debug: binary save: not saving binary /tmp/spam.svbin, because it is already
stored.
## Started executing script 'spam'
6: filter action
6: execute program `spamc'
debug: filter action: piping message to program: spamc.
debug: filter action: running program: spamc.
debug: filter action: piping data to forked program
`/etc/dovecot/sieve-filter/spamc'.
6: executed program successfully
6: changed message
8: header test
8: starting `:contains' match with `i;ascii-casemap' comparator:
8: extracting `X-Spam-Status' headers from message
8: matching value `Yes, score=66.5/5.0 tests=ADVANCE_FEE_2_NEW_FORM,
ADVANCE_FEE_2_NEW_FRM_MNY,A...'
8: with key `score' => 1
8: finishing match with result: matched
8: jump if result is false
8: not jumping
9: debug_log "X-Spam-Score header present and contains 'score'"
spam: line 9: info: DEBUG: X-Spam-Score header present and contains 'score'.
12: spamtest test [percent=false]
12: spamtest: header 'X-Spam-Status' not found in message
12: starting `:value-eq' match with `i;ascii-numeric' comparator:
12: matching value `0'
12: with key `0' => 1
12: finishing match with result: matched
12: jump if result is false
12: not jumping
13: debug_log "spamtest found no match!"
spam: line 13: info: DEBUG: spamtest found no match!.
13: jumping to line 51
## Finished executing script 'spam'
Performed actions:
(none)
Implicit keep:
* store message in folder: INBOX
sieve-test(madduck): Info: final result: success
So, as I had suspected in the original message, spamtest seems to
look at the original message, not the one returned from the
vnd.dovecot.filter. The regular sieve header match, however, *does*
consult the filtered output.
So I think that in addition to the clarification about regular vs.
extended expressions in the docs, this is also a bug in need of
fixing…
… or am I still doing something wrong?
--
martin | http://madduck.net/ | http://two.sentenc.es/
"a man's very highest moment is, i have no doubt at all, when he
kneels in the dust, and beats his breast, and tells all the sins of
his life."
-- oscar wilde
spamtraps: madduck.bo...@madduck.net
#!/bin/sh
set -eu
if find /tmp/dovecot-hack -mmin -1 | grep -q /; then
exit 1
fi
# HACK because vnd.dovecot.filter needs the filter to soak up all input before
# it will even start reading its output.
TMPFILE=$(tempfile -p spamc)
cleanup() { rm -f $TMPFILE; trap - EXIT; }
trap cleanup EXIT
cat > "$TMPFILE"
spamc "$@" < "$TMPFILE"
cleanup
require [ "vnd.dovecot.filter"];
require [ "spamtest", "relational", "comparator-i;ascii-numeric" ];
require [ "fileinto", "mailbox" ];
require [ "vnd.dovecot.debug" ];
filter "spamc" [ "--no-safe-fallback" ];
if header :contains "X-Spam-Status" "score" {
debug_log "X-Spam-Status header present and contains 'score'";
}
if spamtest :value "eq" :comparator "i;ascii-numeric" "0" {
debug_log "spamtest found no match!";
}
elsif spamtest :value
"ge" :comparator "i;ascii-numeric" "2" {
if spamtest :value "eq" :comparator "i;ascii-numeric" "1" { debug_log
"spamtest value == 1"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "2" { debug_log
"spamtest value == 2"; }
if spamtest :value "eq" :comparator "i;ascii-numeric" "3" { debug_log
"spamtest value == 3"; }
if spamtest :va
Re: [Dovecot] Sieve's spamtest always returns 0
also sprach martin f krafft [2013-12-27 18:04 +1300]: > I tested those regular expressions with sed -r, e.g. > > % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] > required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile > 5.0 > > and they work. > > Unfortunately, in sieve scripts, the spamtest value is always 0, > which is indicative of the spamtest "not having run", which in this > case I assume means that the regular expression didn't match. The documentation talks about "POSIX regular expressions", but the examples use extended regexps. This should probably be clarified. However, even if I remove the -r in the above sed call and escape the characters +?(), it does not work. Character classes, such as [:digit:] are available in regular POSIX regexps, to my knowledge. So: the documentation needs clarification, but my problem remains. Yes, I could just "text"-match against X-Spam-Flag (which I now do), but I'd prefer it if the user could match against a spam probability, e.g. already filter if SpamAssassin assigns 6 out of 10 required points. Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "geld ist das brecheisen der macht." - friedrich nietzsche spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] Sieve's spamtest always returns 0
I am a bit at a loss here with Sieve (pigeonhole) and the spamtest extension. I am using Dovecot 2.1.7 (backported to Debian squeeze), which comes with Pigeonhole 0.3.0. Messages are scanned with SpamAssassin, which adds a header like X-Spam-Status: Yes, score=84.6 required=5.0 tests=… and so I configured spamtest in conf.d/90-plugin.conf like so: sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam-Status: [^,]*, score=(-?[[:digit:]]+\.[[:digit:]]).* sieve_spamtest_max_header = X-Spam-Status: [^,]*, score=[^[:space:]]+ required=(-?[[:digit:]]+\.[[:digit:]]).* I tested those regular expressions with sed -r, e.g. % sed -rne "s@^X-Spam-Status: [^,]*, score=-?[[:digit:]]+\.[[:digit:]] required=(-?[[:digit:]]+\.[[:digit:]]).*@\1@p" mailfile 5.0 and they work. Unfortunately, in sieve scripts, the spamtest value is always 0, which is indicative of the spamtest "not having run", which in this case I assume means that the regular expression didn't match. Am I right in assuming that the matching happens at the time of evaluation, and so adding the headers using vnd.dovecot.filter just before works? Or does the spamtest matching happen before the sieve scripts are executed? Can you see any other reason why spamtest always yields a value of 0? Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ "those who are faithful know only the trivial side of love: it is the faithless who know love's tragedies." -- oscar wilde spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
[Dovecot] dovecot.index-Errors with multiple IMAP client access in Dovecot 2.2
Hello list,
I hope you can help me!
My self-compiled dovecot 2.2.6 (and the two minor versions before, too)
throws that errors:
Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error:
Transaction log /srv/vmail/example.com/martin/Maildir/dovecot.index.log:
duplicate transaction log sequence (25)
Nov 28 18:29:00 mailserv dovecot: imap(mar...@example.com): Error:
/srv/vmail/example.com/martin/Maildir/dovecot.index log position went
backwards (24,40 < 25,10028)
... and so on ... duplicate transaction log sequences and backwards gone
log positions, and this always, when I use at least two IMAP clients at
the same time (better: the two clients are online and logged in at the
same time).
That happens only with one user (me ;-) ), the other about 15 users on
this server are having no problems.
What I see: the clients are bothering each other, but I don't know, why.
I thought about the used reiserfs filesystem on the server, but there
were no problems with 1.2 on the same server.
Some words about my client setup: I use Thunderbird and iPhone at the
same time, and as a third client on the same Server there is a
Thunderbird instance at my company, which runs parallel to the other
two. Seems to be weired, but isn't really (IMHO ;-) ).
Sometimes there are two TBs at the same mailbox, sometimes only the
iPhone and a TB, sometimes all three.
This runs quite good for long time with dovecot 1.2 and 2.1.x (the last
one at my company in a similary setup with more users and several
clients at the same time).
Maybe there is an error by using "my" build configurations (I think, not)?
configures ---
./configure \
--prefix=/usr/local \
--with-sql \
--with-ssl \
--with-mysql
---
Here are my dovecot.conf (only the changes of defaults) - maybe there is
a misconfiguration?
dovecot.conf -
# 2.2.6: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-028stab101.1 x86_64 Ubuntu 10.04.4 LTS reiserfs
auth_master_user_separator = *
auth_mechanisms = plain login
auth_socket_path = /usr/local/var/run/dovecot/auth-master
default_internal_user = vmail
default_login_user = vmail
dict {
acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext
}
disable_plaintext_auth = no
imap_capability = +NAMESPACE
imap_client_workarounds = delay-newmail tb-lsub-flags tb-lsub-flags
tb-extra-mailbox-sep
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
mail_access_groups = vmail
mail_location = maildir:/srv/vmail/%d/%n/Maildir
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave imapflags notify
namespace {
list = yes
location = maildir:%%Lh/Maildir/:INDEX=%%Lh/shared-idx/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
hidden = no
list = yes
location = maildir:/srv/vmail/public
prefix = public/
separator = /
subscriptions = no
type = public
}
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_shared_dict = proxy::acl
autocreate = Trash
autocreate2 = Spam
autocreate3 = Sent
autocreate4 = Drafts
autosubscribe = Trash
autosubscribe2 = Spam
autosubscribe3 = Sent
autosubscribe4 = Drafts
sieve = ~/.dovecot.sieve
sieve_after = /srv/vmail/sieve/after.sieve
sieve_before = /srv/vmail/sieve/before.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /srv/vmail/sieve
sieve_global_path = /srv/vmail/sieve/globalsieverc
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster@%d
protocols = imap pop3
quota_full_tempfail = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
}
service dict {
unix_
Re: [Dovecot] Dovecot MTA
Pls, people, be kind and polite! Thats not the way for talking to each other! Greetings, Martin Am 12.11.2013 10:30, schrieb Reindl Harald: Am 12.11.2013 02:14, schrieb Noel Butler: On 12/11/2013 04:28, Benny Pedersen wrote: Edwardo Garcia skrev den 2013-11-11 11:58: But is dovecot job to authenticate, mysql replicate fine, it is dovecot that is not fine by ignoring desire effect by only talk localhost and not any other unless locahost auth not respond. so move to postgresql/mysql backend and change from dovecot to dbmail ? why blame dovecot for using fs mail store ? is your problem unstable nfs ? give up and get google app mx :) WTF drugs are you on? Or maybe its more to the point of what medication you're not taking you smartass better should have read all your mails before suggest someone should reridect my repsones to our ISP in your previous answer oh, yeah, i know, you are not reading this but have the mouth open and playing the saint internet police -- Viele Grüße, Martin Rabl
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
Hm. Ok.
Am 11.10.2013 16:44, schrieb Mauricio Tavares:
On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl wrote:
fileinto :create "INBOX.Spam";
Even though .Spam already exists in the user's mailbox?
doveadm mailbox status -u b...@domain.com messages INBOX.Spam
INBOX.Spam messages=92283
namespace inbox {
inbox = yes
location =
prefix = INBOX.
separator =.
type = private
}
Yep, try it - if the folder is there, it will happen nothing.
I think, there is a namespace problem, and maybe the spamfolder is
located unter INBOX.INBOX.Spam (just an idea).
I think, sieve will create a folder, where it assumes there is one.
It's just a little experimental ... ;-)
Greetings,
Martin
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
Hi,
try
fileinto :create "INBOX.Spam";
Bye,
Martin
Am 11.10.2013 16:30, schrieb Mauricio Tavares:
Based on what I read in
http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace
defined as
tail conf.d/10-mail.conf
namespace inbox {
inbox = yes
location =
prefix = INBOX.
separator =.
type = private
}
A global script like
cat /etc/dovecot/sieve/global-spam.sieve
require ["fileinto", "regex"];
# Must use regex here as 'contains' may not be valid, it erroneously
# moved:
# X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00,
# DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay,
# XM_SPF_Neutral autolearn=disabled version=3.2.5, No
#
# Due to the 'YES' in BAYES, let's just make sure YES is at the
# _beginning_ of X-Spam-Status, while ignoring anything past it.
#if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" {
if header :matches "X-Spam-Status" "Yes*" {
fileinto "INBOX.Spam";
stop;
}
should put spam in bob/.Spam. But, I am getting an error message
stating that INBOX.Spam does not exist:
Oct 11 09:57:33 mail dovecot: lda(b...@domain.com): Error: sieve:
msgid=<0.0.0.71c.1cec689a21cff08.706...@ip.aidolip.us>: failed to
store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam
How come?
--
Viele Grüße,
Martin Rabl
[Dovecot] Fileoperations in Maildir – problematic or okay?
Hi,
I'm wondering: Is it a problem to move and delete files inside a
dovecot-managed maildir?
For example:
I have a folder ~/.maildir/.Sub1.Start/cur and a folder
~/.maildir/.Sub1.Start.old/cur
and like to regularly move old mails from the first to the second one.
Can you create a cron job saying something like:
find ~/.maildir/.Sub1.Start/cur -mtime +5 -exec mv {}
~/.maildir/.Sub1.Start.old/cur \;
?
I guess this would be some sort of problem, wouldn't it?
IIRC dovecot keeps indexes of the files inside a folder and moving them around
like this may confuse the software, am I right?
bye
Martin
Re: [Dovecot] LDA vs. LMTP
Joseph Tam wrote: > I don't know why you would consider a background process inferior to a > run-on-demand executable. Well, the background process is hogging CPU and RAM while it basically does nothing. And when it's running as root there is always the danger of privilege escalation. LDA only runs when it's needed and since it uses only user rights it shoudbe more harmless. bye Martin
[Dovecot] LDA vs. LMTP
Hi there, I'm using Dovecot together with Postfix; as I understand it, there are two ways to transfer the mail from Postfix to Dovecot. 1.) by using LDA with mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" 2.) by using LMTP with mailbox_transport = lmtp:unix:private/dovecot-lmtp (currently using number 1) I'm interessted in the differences and the advantages/disadvantages of each of those solutions. According to http://wiki2.dovecot.org/LDA the recommended way is to use LMTP, since it's supposed to have a better performance. On the other hand, http://wiki2.dovecot.org/LMTP says, that LMTP is a backgound process, while LDA is only called when needed. I've also read, that LDA only uses the users privileges, which both means, that LDA should be better. I've also noticed, that LMTP adds an additional Recieved:-Header to the mail. Are there any other differences? Thank you M.
[Dovecot] User login for SMTP but not for IMAP/POP?
Hello everybody, I have a question, though I'm not sure if it's a matter of dovecot or postfix. Or if it's even possible to do at all. If I understand it correctly, SMTP authentification is done via SASL. When a user wants to login Postfix queries an external user database (dovecot). Therefore the SMTP-users are identical to the IMAP/POP-users. I want to achieve the following: I want some user credentials (username&password) for a user that is able to login via SMTP, but who doesn't have a mailbox and therefore shouldn't be able to login via IMAP/POP. Is this even possible? How can it be achieved? Or: does this behaviour have a special name, which I can google for? Regards, Martin
[Dovecot] Get rid of inotify in 2.1.15
Hi,
after update to Dovecot 2.1.5 (Ubuntu 12.04, dovecot from
https://launchpad.net/~kokelnet/+archive/dovecot21) we are getting a
huge ;-) bunch of log entries about " imap(USERNAME): Warning: Inotify
instance limit for user 5000 (UID vmail)".
At last I did an
echo 512 > /proc/sys/fs/inotify/max_user_instances
but the logentries did appear again after some minutes.
Maybe you have a hint for me? Thank you!
At the bottom my current configuration.
--
Greetings,
Martin Rabl
# 2.1.15: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-36-generic x86_64 Ubuntu 12.04.2 LTS
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname =
auth_krb5_keytab =
auth_last_valid_uid = 0
auth_master_user_separator = *
auth_mechanisms = plain login
auth_proxy_self =
auth_realms =
auth_socket_path = /var/run/dovecot/auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = vmail
default_login_user = vmail
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict {
acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext
}
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
first_valid_gid = 1
first_valid_uid = 500
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send =
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_ca_dir =
imapc_ssl_verify = yes
imapc_user = %u
import_environment = TZ
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = *
lmtp_address_translate =
lmtp_proxy = no
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_trusted_networks =
mail_access_groups = vmail
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home =
mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib/dovecot/modules
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group = vmail
mail_save_crlf = no
mail_shared_explicit_inbox = yes
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid = vmail
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave imapflags notify
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = dotlock fcntl
mdbox_prealloca
Re: [Dovecot] Marking messages read / retaining date with Sieve
On Jan 30, 2013, at 8:39 PM, Ben Morrow wrote:
[...]
> Mail::IMAPClient (which I usually prefer) will work with a
> preauthenticated socket, but you need to create a socketpair explicitly,
> fork and exec dovecot/imap with one end of the pair on STDIN/STDOUT,
> then pass the other end to Mail::IMAPClient->new as the Socket
> parameter. Something like this (I've left out error checking)
[...]
Thanks again for your help!
To close the loop on this, I ended up doing the following, although it seems to
fail on mailboxes with large numbers of messages (on the order of 10,000 or so;
I didn't test carefully enough to find the exact number)
use Mail::IMAPClient;
use Socket;
use strict;
socketpair( my $dovecot, my $client, AF_UNIX, SOCK_STREAM, PF_UNSPEC );
unless ( fork() ) {
open( STDIN, '<&', $client );
open( STDOUT, '>&', $client );
exec( '/usr/lib/dovecot/imap' );
}
close( $client );
my $imap = Mail::IMAPClient->new( Socket => $dovecot );
foreach my $folder( sort $imap->folders() ) {
print( "$folder\n" );
$imap->select( $folder );
$imap->set_flag( 'Seen', $imap->search( 'ALL' ) );
}
For the moment the failure on large folders was easier to handle by just doing
those folders manually, although I'm curious if anyone knows the reason that
might fail.
--Bret
Re: [Dovecot] Marking messages read / retaining date with Sieve
On Jan 30, 2013, at 6:56 PM, Ben Morrow wrote: > I would do this by scripting IMAP access. Perl's Mail::IMAPClient has > explicit support for running dovecot/imap in preauth mode, so you don't > even have to authenticate. Of course, you need a Dovecot user account > with access to all the relevant messages. Thanks so much for your help! This sounds like a great option to me. For "explicit" support, I'm having a lot of trouble finding out how to have Mail::IMAPClient invoke /usr/lib/dovecot/imap instead of connecting over the network -- could you provide any pointers? --Bret
[Dovecot] Marking messages read / retaining date with Sieve
I'm trying to mark several hundred thousand messages as read as they are delivered via dovecot-lda(1). (I'm importing some mail from another format for migration purposes.) I've been able to do this with Sieve, but it has the side effect that the messages' received and saved dates are set to the current date, and Apple Mail (at least) uses one of these to display the message date. Without the Sieve filter in place, the dates are retained based on the From_ line as I would like. Does anyone know of any way I can either - retain the date when delivering using Sieve? - systematically mark a specific set of messages as read *after* delivery instead, perhaps with doveadm(1)? (even marking *everything* read would work in this particular case. I couldn't find any way to set flags with doveadm) Thanks, --Bret
[Dovecot] Disable auth-worker log message?
Hi, is it possible to disable the line auth-worker(17128): mysql(127.0.0.1): Connected to database mailserver in dovecot 2.1.12? Logging is in "standard" mode. Thank you, Martin
[Dovecot] dovecot as layer between postfix and thunderbird
Hello, im all new to this but feel i want to have a dedicated server to handle my mails from Gmail and Hotmail Basically, i installed SMS, superb Mini Server (based on slackware), and with that default install i got: dovecot, postfix, fetchmail and sendmail. The postfix part seems to work according to a "telnet localhost 25", now i want to procede with dovecot, as i understand it, its the middle layer between (in my case) postfix and thunderbird. What i expect in the very end is a dedicated server who regulary checks and fetches mails, and lets me have all contacts info in the (already up and running) LDAP server. When i start thunderbird, i want it to go grab those mails from my local machine I am, ofcourse all over manpages, HOWTOs, guides and google, but would certainly appriciate further help and points in the right direction My apologises for any weird beginner mistakes in this post
Re: [Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Thank you Timo! Runs! It is to late for configuring ... ;-)) Greetings, Martin Am 29.12.12 03:50, schrieb Martin Rabl: Hi, Am 29.12.12 03:47, schrieb Timo Sirainen: No idea how that worked with your previous configuration (I guess accidentally/unintentionally), but I guess you want this: that were the "bugfixes" ;-) mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs Thank you, I give it a try. Greetings, Martin
Re: [Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Hi, Am 29.12.12 03:47, schrieb Timo Sirainen: No idea how that worked with your previous configuration (I guess accidentally/unintentionally), but I guess you want this: that were the "bugfixes" ;-) mail_location = maildir:~/Maildir:INBOX=~/Maildir/INBOX:LAYOUT=fs Thank you, I give it a try. Greetings, Martin
[Dovecot] Update 1.2 -> 2.0 ... INBOX away?
Hi,
yesterday I did an update from dovecot 1.2 to 2.0.19 (Ubuntu 10.04 ->
12.04).
After fixing the configuration dovecot startups as it should, but with
one error, I don't understand: the INBOX will not be delivered to the
Mailclient and will not be filled by "deliver".
Instead, dovecot create the two dirs "new" and "cur" directly in "Maildir".
the filesystem looks now like:
domain/user1/Maildir/INBOX # official INBOX
domain/user1/Maildir/new # new mail
domain/user1/Maildir/cur # read mail
We have searched for an configuration error, but didn't found anything -
or did not see one ;-)
Maybe there is someone in the list, which see our error in a moment?
We are using only imap/s and managesieve, no pop3. Maildir-Layout is FS.
Here a snippet of our configuration:
mail_home =
mail_location = maildir:~/Maildir:LAYOUT=fs
namespace {
hidden = no
inbox = yes
list = yes
location =
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
list = yes
location = maildir:%%h/Maildir/:INDEX=%%h/Maildir/shared/%u:LAYOUT=fs
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
list = yes
location = maildir:/srv/vmail/public:LAYOUT=fs
prefix = public/
separator = /
subscriptions = no
type = public
}
protocol lda {
mail_plugins = sieve autocreate
}
protocol imap {
imap_client_workarounds = delay-newmail tb-lsub-flags tb-lsub-flags
mail_max_userip_connections = 10
mail_plugins = acl autocreate imap_acl
}
----
Hope you can help!
Thank you!
Martin
