Re: [Dovecot] quota not updated
Am 03.08.2010 14:12, schrieb Timo Sirainen: On Tue, 2010-08-03 at 07:47 +0200, Martin Ott wrote: See if this works: quota = maildir:User quota:ns=INBOX/ with quota: maildir:User quota:ns=INBOX/ log says Aug 3 07:43:11 vlmail01 dovecot: IMAP(user): quota maildir: No maildir storages, ignoring quota. Fixed: http://hg.dovecot.org/dovecot-1.2/rev/e5f3bd280210 thanks, the warnings in the log are gone, but when mail is expunged, quota stays the same. There are no negative values added to maildirsize file when mail is expunged. Should there? When I remove maildirsize file, quota is recalculated correctly. Martin
[Dovecot] quota not updated
Hi, we're using quota with the maildir backend. When new mail arrives, the quota gets updated. But when mail is expunged, quota stays the same (see imap dialog below). We're using the latest version from hg ( 1.2.13 ). Any ideas? ###quota part from dovecot -n plugin: quota: maildir:User quota quota_rule: *:storage=2000M quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 quota2: maildir:Shared quota:ns=shared/ quota2_rule: *:storage=1M ###imap dialog: * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA] Logged in as user a01 select INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $MDNSent $Forwarded) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $MDNSent $Forwarded \*)] Flags permitted. * 15 EXISTS * 0 RECENT * OK [UIDVALIDITY 1264203739] UIDs valid * OK [UIDNEXT 1133] Predicted next UID * OK [HIGHESTMODSEQ 3543] Highest a01 OK [READ-WRITE] Select completed. a02 getquotaroot INBOX * QUOTAROOT INBOX User quota * QUOTA User quota (STORAGE 302485 2048000) a02 OK Getquotaroot completed. a03 store 15 +Flags \Deleted * 15 FETCH (FLAGS (\Deleted \Seen NonJunk)) a03 OK Store completed. a04 expunge * 15 EXPUNGE a04 OK Expunge completed. a05 select INBOX * OK [CLOSED] Previous mailbox closed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $MDNSent $Forwarded) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk $MDNSent $Forwarded \*)] Flags permitted. * 14 EXISTS * 0 RECENT * OK [UIDVALIDITY 1264203739] UIDs valid * OK [UIDNEXT 1133] Predicted next UID * OK [HIGHESTMODSEQ 3545] Highest a05 OK [READ-WRITE] Select completed. a06 getquotaroot INBOX * QUOTAROOT INBOX User quota * QUOTA User quota (STORAGE 302485 2048000) a06 OK Getquotaroot completed. Regards, Martin
Re: [Dovecot] quota not updated
Hi Timo, thanks for your answer. I triggered the problem down to the lazy_expunge plugin. When I remove lazy_expunge from mail_plugins, quota gets calculated as expected. How can I change the quota_rule, so that only the namespace with prefix INBOX is regarded? namespace: type: private separator: / prefix: INBOX/ inbox: yes list: yes subscriptions: yes namespace: type: public separator: / prefix: shared/ location: maildir:/var/vmail/public:INDEX=~/public:CONTROL=~/public list: children subscriptions: yes namespace: type: private separator: / prefix: .EXPUNGED/ location: maildir:~/mail/expunged hidden: yes list: no plugin: quota: maildir:User quota quota_rule: *:storage=2000M quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 acl: vfile lazy_expunge: .EXPUNGED/ we're using quota with the maildir backend. When new mail arrives, the quota gets updated. But when mail is expunged, quota stays the same (see imap dialog below). We're using the latest version from hg ( 1.2.13 ). Any ideas? Anything in logs? What about with mail_debug=yes? Does maildirsize file get changed? Any per-user quota overrides? What if you delete maildirsize file and do GETQUOTAROOT INBOX in IMAP, does it recalculate it correctly? plugin: quota: maildir:User quota quota_rule: *:storage=2000M quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80 quota2: maildir:Shared quota:ns=shared/ quota2_rule: *:storage=1M Try also temporarily disabling quota2 to see if it somehow confuses Dovecot?
Re: [Dovecot] quota not updated
Am 02.08.2010 16:39, schrieb Timo Sirainen: On Mon, 2010-08-02 at 15:34 +0200, Martin Ott wrote: thanks for your answer. I triggered the problem down to the lazy_expunge plugin. When I remove lazy_expunge from mail_plugins, quota gets calculated as expected. How can I change the quota_rule, so that only the namespace with prefix INBOX is regarded? namespace: type: private separator: / prefix: INBOX/ .. plugin: quota: maildir:User quota See if this works: quota = maildir:User quota:ns=INBOX/ with quota: maildir:User quota:ns=INBOX/ log says Aug 3 07:43:11 vlmail01 dovecot: IMAP(user): quota maildir: No maildir storages, ignoring quota. Aug 3 07:43:25 vlmail01 dovecot: deliver(u...@domain.com): quota maildir: No maildir storages, ignoring quota. and * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA] Logged in as mott a getquotaroot INBOX * QUOTAROOT INBOX User quota * QUOTA User quota (STORAGE 0 2048000) a OK Getquotaroot completed.
Re: [Dovecot] lazy-expunge acl bug?
Am 11.06.2010 16:49, schrieb Timo Sirainen: On ke, 2010-06-09 at 08:28 +0200, Martin Ott wrote: As we extensively use folders in the public namespace and users permitted to expunge messages, it would be very convenient if the lazy_expunge plugin worked in this namespace as well. A practical behavior could be to store expunged mailboxes and mails in a seperate, non-user specific, folder. Is it possible to extend the lazy_expunge plugin towards this behavior? Maybe lazy_expunge_public setting that's equivalent to lazy_expunge setting, except is used for public namespaces. But ACLs could make it problematic.. Maybe ACLs could be copied to the expunged folder. There could also be an option whether the expunged folder inherits the original ACsL or if a global ACL should be applied, such that e.g. only the mailadmin gets write access to the expunged folder.
Re: [Dovecot] lazy-expunge acl bug?
Am 11.06.2010 17:31, schrieb Timo Sirainen: On pe, 2010-06-11 at 17:23 +0200, Martin Ott wrote: Maybe lazy_expunge_public setting that's equivalent to lazy_expunge setting, except is used for public namespaces. But ACLs could make it problematic.. Maybe ACLs could be copied to the expunged folder. ACLs could change, so I don't think copying is ok. Adding some logic to always use the original one's ACLs would be better, but I don't know how difficult that would be to implement. There could also be an option whether the expunged folder inherits the original ACsL or if a global ACL should be applied, such that e.g. only the mailadmin gets write access to the expunged folder. Some global default ACL might be easier, but that's not very flexible. Anyway, this is pretty low priority on my todo list. thanks for your points - now I see the arising dificulties Anyway, for the private namespace lazy_expunge plugins stays a very convenient method to restore mailboxes and mails from users who accidently expunged them. thank you! Martin
Re: [Dovecot] lazy-expunge acl bug?
Am 07.06.2010 18:23, schrieb Timo Sirainen: On ma, 2010-06-07 at 11:00 +0200, Martin Ott wrote: we've defined a public namespace shared and use the acl and lazy-expunge plugins among others. The problem is, that a mailbox is deleted by the DELETE-command without the x-flag to be set (# 1.2.9): Looks like the plugin ordering code is a complete mess and it just happens to work in most situations.. It's now fixed properly in v2.0, but for v1.2 the only solutions would be: a) Backport major plugin API redesign changes from v2.0. b) Try to add some hack that possibly fixes some situation, but possibly breaks another one.. I'm not really happy with either of those choices. Few people have complained about problems related to this, so I think I'll just leave it as it is in v1.2. After the dovecot-update (mercurial) the problem has disappeared - perhaps due to http://hg.dovecot.org/dovecot-1.2/rev/029c3afcfbd0 - acl in the public namespace work properly now. As we extensively use folders in the public namespace and users permitted to expunge messages, it would be very convenient if the lazy_expunge plugin worked in this namespace as well. A practical behavior could be to store expunged mailboxes and mails in a seperate, non-user specific, folder. Is it possible to extend the lazy_expunge plugin towards this behavior? Martin
Re: [Dovecot] authentification failure: double quotes in password
Am 25.05.2010 19:28, schrieb Timo Sirainen: On Mon, 2010-05-10 at 18:53 +0200, Martin Ott wrote: auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: ) So I guess that's with auth binding? yes, that is with auth binding Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords? No. All chars are valid. Perhaps this is OpenLDAP/AD bug? The code to do auth binding looks like: request-msgid = ldap_bind(conn-ld, brequest-dn, request-auth_request-mech_password, LDAP_AUTH_SIMPLE); There's no escaping for the password. I don't see how it could be Dovecot's fault. we've forbidden double quotes in our password policy now thanks for your efforts! Martin
[Dovecot] lazy-expunge acl bug?
Hi, we've defined a public namespace shared and use the acl and lazy-expunge plugins among others. The problem is, that a mailbox is deleted by the DELETE-command without the x-flag to be set (# 1.2.9): a myrights shared/aclDeleteTest * MYRIGHTS shared/aclDeleteTest lrsed a OK Myrights completed. b delete shared/aclDeleteTest b OK Delete completed. c myrights shared/aclDeleteTest c NO Mailbox doesn't exist: aclDeleteTest This behavior should be different and the mailbox should not be deleted, should it? Is there a fast workaround? Without the e-flag, mailboxes can't be deleted. But as some users should be allowed to use the expunge operation, it's no option to remove the e-flag... thx Martin
Re: [Dovecot] lazy-expunge acl bug?
Without the e-flag, mailboxes can't be deleted. But as some users should be allowed to use the expunge operation, it's no option to remove the e-flag... Even with lrs-flags set only, deletion of mailbox is possible. a myrights shared/testOrdner * MYRIGHTS shared/testOrdner lrs a OK Myrights completed. a delete shared/testOrdner a OK Delete completed. a select shared/testOrdner a NO Mailbox doesn't exist: testOrdner thx Martin
Re: [Dovecot] LDAP against Novell eDirectory: 'Confidentiality required'
Hi Jim, I don't know why your setup is not working. I only can provide you some hints from our working setup. We authenticate our users against a MS Active Directory Server. the uri in dovecot-ldap.conf is: uris = ldaps://hostname we also had to add in /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/certfile.crt TLS_REQCERT demand hope this helps, Martin Am 20.05.2010 15:35, schrieb Jim Moseby: Hi list! I am trying to get dovecot to authenticate users against Novell eDirectory via LDAP. I have successfully gotten open-xchange to authenticate, and I have written a PHP module that authenticates, however I cannot seem to get Dovecot working. If I turn on TLS and restart dovecot, I get: dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Connect error dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Local error If I turn it off, it starts without error, but returns this when a user tries to authenticate: dovecot: 2010-05-20 08:48:39 Error: auth(default): ldap(jkmoseby,127.0.0.1): ldap_bind() failed: Confidentiality required I have tried all combinations of host:port, and LDAP uri strings I can think of, nothing seems to work. Thanks in advance, config files follow. Jim 'dovecot -n' returns: # 1.0.15: /etc/dovecot/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap login_dir: /var/run/dovecot//login login_executable: /usr/lib/dovecot/imap-login login_greeting: EFA mail server ready. mail_privileged_group: mail auth default: passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf - 'grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf' returns: hosts = 10.1.10.200 tls = yes auth_bind = yes auth_bind_userdn = cn=%u,o=GSO,o=EFA base = o=EFA scope = subtree user_filter = ((objectClass=posixAccount)(uid=%u))
[Dovecot] authentification failure: double quotes in password
we use Passdb LDAP with authentication binds against an Active Directory Server. The problem with one of our users seems to be the usage of double quotes in his password, as the windows-login works: /var/log/dovecot-info.log auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: ) Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords? thanks, martin
[Dovecot] proxy user wildcard
Hi, I'd like to try dovecot as a imapproxy in front of a webmailer. Authentication should be done by the main dovecot-imapserver. It works if I specify the user in passdb passwd-file: user2::0:0proxy=yes host=[ip-address] ssl=any-cert starttls=yes nopassword=y Is there some kind of catch-all function to pass all users to the main dovecot-imapserver without knowing the valid users? dovecot: 1.2.9 thx Martin
Re: [Dovecot] Clients to manage ACL
Am 06.04.2010 08:45, schrieb Frank Cusack: Mulberry supports ACLs. great, Mulberry works quite well, even though it seems a bit outdated. Is there also any webmail solution? thx Martin
Re: [Dovecot] Clients to manage ACL
Hi Brian, Since few clients support ACLs and even fewer do it right (and Horde has all sorts of its own problems), I wrote a web client and a system daemon to handle ACL manipulation. However, the daemon only works on Solaris with real system users (not mysql userdb or etc). Our environment was one of real users that can log into the machines, so it takes advantage of filesystem ACLs for security in the shell/sftp/etc contexts. So it's a limited audience. If anyone is interested I can probably get around to finalizing some debugging and putting it up on the 'net in mid-May. I might also be willing to generalize it to non-system user environments. -Brian this sounds interesting. I'd really appreciate if you could get your work published. Perhaps we could it addapt so that it fits our needs, since we currently have a virtual user environment based on ldap. Martin
[Dovecot] Clients to manage ACL
Hi, is there any list with clients which support setting ACL on imap-mailboxes? Up to now, a only know about KMail and imapACLM. Thanks, Martin
[Dovecot] ACL + shared-imap + nested AD groups
Hi,
I'm looking for a solution to use nested AD groups for authorization in
shared-imap folders(namespace public).
As a simple hack to determine the (primary) groups of a user we use the
following setup with a post-login script:
in dovecot.conf
...
protocol imap {
mail_executable = /etc/dovecot/ldap_groups.sh
...
ldap_groups.sh
ACL_GROUPS=`ldapsearch -h ldapserver -p 3268 -s sub -D cn=ldap mail, ou=user,
ou=global, ou=xxx, dc=xxx, dc=local -b ou=xxx, dc=xxx, dc=local
((sAMAccountName=$USER)) -LLL memberOf -w password | grep memberOf: CN= |
sed 's/memberOf: CN=//' | sed 's/,OU=.*//' | tr \n , | sed 's/, $//'`
export ACL_GROUPS
exec /usr/libexec/dovecot/imap $*
Does anyone know, how to simply get the groups of groups with such a
post-login script?
Thanks,
Martin
