Re: User found but password failure
On Mon, Aug 26, 2019 at 4:44 PM Mauricio Tavares wrote:
>
> On Mon, Aug 26, 2019 at 4:36 PM Joseph Tam via dovecot
> wrote:
> >
> > On Sun, 25 Aug 2019, Mauricio Tavares wrote:
> >
> > > Per [1] I decided to see what the response (base64-reply) I am
> > > submitting to dovecot looks like:
> > >
> > > echo 'base64-reply' | base64 -d
> > > raub@example.compassword
> >
> > I think there's a hidden null character netween username and password which
> > you can see using
> >
> > echo 'base64-reply' | base64 -d | od -c
> >
> > but as Aki mention, this is probably not relevant to your problem.
> >
> > Joseph Tam
>
> I was expecting that since the encoding example in [1] inserts two \0
> (NULL) characters before encoding, i.e.
>
> printf 'r...@example.com\0r...@example.com\0passwod' | base64
>
> I do not know if I am misreading the logs; maybe Aki can elaborate
> some more, but I do know the encoding example lists the username
> twice. And I am getting only it once when decoding the response I
> found in the log file.
>
> [1] https://wiki.dovecot.org/Debugging/Authentication
Update: I decided to make my life a bit simpler (this is a test box
anyway in a private network; it can't see the outside): drop the
encryption.
In my dovecot.conf file I have
passdb {
driver = passwd-file
args = scheme=plain-md5 username_format=%u /etc/dovecot/passwd
}
userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/passwd
default_fields = uid=virtual gid=virtual home=/var/spool/vmail/example.com/%n
}
Where
[root@testmail ~]# cat /etc/dovecot/passwd
r...@example.com:{plain}password1
[root@testmail ~]#
[root@testmail ~]# ls -l /etc/dovecot/passwd
-rw--- 1 dovecot dovecot 55 Nov 7 16:01 /etc/dovecot/passwd
[root@testmail ~]#
So I try to connect to it (test box so everything carefully unsafe):
raub@desktop:~$ nc -t -v box.in.example.com 143
Connection to box.in.example.com 143 port [tcp/imap2] succeeded!
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Howdy
a login "r...@example.com" "password1"
a NO [UNAVAILABLE] Internal error occurred. Refer to server log for more
information.
raub@desktop:~$
As in it just dropped the connection there. I then go to /var/log/dovecot
Nov 07 15:15:16 auth: Error: plain(r...@example.com,10.0.0.128,): user not found from any userdbs
Nov 07 15:15:16 imap: Error: Authenticated user not found from userdb, auth
lookup id=3238395905 (auth connected 0 msecs ago, handshake 0 msecs ago,
request took 0 msecs, client-pid=3574 client-id=1)
Nov 07 15:15:16 imap-login: Info: Internal login failure (pid=3574 id=1)
(internal failure, 1 successful auths): user=, method=PLAIN,
rip=10.0.0.128, lip=172.17.0.4, mpid=3577, session=
Why can't it find the user? I thought [1] that %u meant user was saved in the
password file as u...@domain.com instead of just user. If it did find
user, I would expect it to complain about the password.
[1] https://doc.dovecot.org/configuration_manual/config_file/config_variables/
Re: IMAP4 extensions for Visual Voicemail (VVM)
On Sun, Oct 20, 2019 at 10:43 AM Rajesh Bansal via dovecot wrote: > > Hi Team, > > > > I need to develop Visual VoiceMail solution. In this solution I need a IMAP4 > server, from which I can get a hit for each mail retrieval. Can anyone help > me if dovecot can be used for this purpose. > That is rather vague. Do you want to do something like ol' biff or what we used to do with Asterix 10 years ago (get an email with the voicemail as as attachment)? > > BR, > > Rajesh Bansal > >
Re: User found but password failure
On Mon, Aug 26, 2019 at 4:36 PM Joseph Tam via dovecot wrote: > > On Sun, 25 Aug 2019, Mauricio Tavares wrote: > > > Per [1] I decided to see what the response (base64-reply) I am > > submitting to dovecot looks like: > > > > echo 'base64-reply' | base64 -d > > raub@example.compassword > > I think there's a hidden null character netween username and password which > you can see using > > echo 'base64-reply' | base64 -d | od -c > > but as Aki mention, this is probably not relevant to your problem. > > Joseph Tam I was expecting that since the encoding example in [1] inserts two \0 (NULL) characters before encoding, i.e. printf 'r...@example.com\0r...@example.com\0passwod' | base64 I do not know if I am misreading the logs; maybe Aki can elaborate some more, but I do know the encoding example lists the username twice. And I am getting only it once when decoding the response I found in the log file. [1] https://wiki.dovecot.org/Debugging/Authentication
Re: User found but password failure
On Mon, Aug 26, 2019 at 2:38 AM Aki Tuomi wrote:
>
>
> On 26.8.2019 6.51, Mauricio Tavares via dovecot wrote:
> > Trying to figure out which step is causing me not to be able to
> > login. I am using a password file,
> >
> > passdb {
> > driver = passwd-file
> > args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd
> > }
> >
> > We will assume that the pw I created using 'doveadm pw -s
> > SHA512-CRYPT' matches the password I will be using to login below. I
> > crank the debugging mode,
> >
> > auth_debug_passwords = yes
> > auth_debug = yes
> >
> > And then try to login
> >
> > [root@mail ~]# nc -t localhost 143
> > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Howdy
> > a login r...@example.com password
> > [blank]
> >
> > which from what I gathered from /var/log/dovecot means it found
> > matching username but did not match password:
> >
> > secured session=lyJttvyQ9I0Blip=::1
> > rip=::1 lport=143 rport=36340 resp=base64-reply (previous
> > base64 data may contain sensitive data)
> > Aug 26 03:25:52 auth: Debug:
> > passwd-file(r...@example.com,::1,):
> > lookup: user=r...@example.com file=/etc/dovecot/passwd
> > Aug 26 03:25:52 auth: Debug: client passdb out: OK 1
> > user=r...@example.com
> > Aug 26 03:25:52 auth: Debug: master in: REQUEST 1520959489 26560
> > 1 63ee7f45236f85fd39573a5c8a2eb46a session_pid=26563
> > request_auth_token
> > Aug 26 03:25:52 auth-worker(26562): Debug:
> > passwd(r...@example.com,::1,):
> > lookup
> > Aug 26 03:25:52 auth-worker(26562): Info:
> > passwd(r...@example.com,::1,):
> > unknown user
> > Aug 26 03:25:52 auth: Debug:
> > passwd-file(r...@example.com,::1,):
> > lookup: user=r...@example.com file=/etc/dovecot/passwd
> > Aug 26 03:25:52 auth: Error:
> > plain(r...@example.com,::1,): user
> > not found from any userdbs
> > Aug 26 03:25:52 auth: Debug: master userdb out: NOTFOUND1520959489
> > Aug 26 03:25:52 imap: Error: Authenticated user not found from userdb,
> > auth lookup id=1520959489 (auth connected 1 msecs ago, handshake 0
> > msecs ago, request took 1 msecs, client-pid=26560 client-id=1)
> > Aug 26 03:25:52 imap-login: Info: Internal login failure (pid=26560
> > id=1) (internal failure, 1 successful auths): user=,
> > method=PLAIN, rip=::1, lip=::1, mpid=26563, secured,
> > session=
> >
> > Per [1] I decided to see what the response (base64-reply) I am
> > submitting to dovecot looks like:
> >
> > echo 'base64-reply' | base64 -d
> > raub@example.compassword
> >
> > Which has the right username and password but follows the userpassword
> > format, not useruserpassword as I was led to believe by [1]. Is that
> > to be expected? If it is then the issue is further down the line.
> >
> > [1] https://wiki.dovecot.org/Debugging/Authentication
>
>
> You misunderstood your logs.
>
> Are you sure you have r...@example.com present in /etc/dovecot/passwd?
> Just having 'raub' there will not work.
>
> Aki
>
This is how it looks like (hashes and accounts replaced. I have
two test accounts coming from two different domains I own):
[root@mail ~]# cat /etc/dovecot/passwd
r...@example.com:{SHA512-CRYPT}$6$4SEND-MORE-COOKIES
r...@other-example.com:{SHA512-CRYPT}$6$ZHI-MOM
[root@mail ~]#
User found but password failure
Trying to figure out which step is causing me not to be able to
login. I am using a password file,
passdb {
driver = passwd-file
args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd
}
We will assume that the pw I created using 'doveadm pw -s
SHA512-CRYPT' matches the password I will be using to login below. I
crank the debugging mode,
auth_debug_passwords = yes
auth_debug = yes
And then try to login
[root@mail ~]# nc -t localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Howdy
a login r...@example.com password
[blank]
which from what I gathered from /var/log/dovecot means it found
matching username but did not match password:
secured session=lyJttvyQ9I0Blip=::1
rip=::1 lport=143 rport=36340 resp=base64-reply (previous
base64 data may contain sensitive data)
Aug 26 03:25:52 auth: Debug:
passwd-file(r...@example.com,::1,):
lookup: user=r...@example.com file=/etc/dovecot/passwd
Aug 26 03:25:52 auth: Debug: client passdb out: OK 1
user=r...@example.com
Aug 26 03:25:52 auth: Debug: master in: REQUEST 1520959489 26560
1 63ee7f45236f85fd39573a5c8a2eb46a session_pid=26563
request_auth_token
Aug 26 03:25:52 auth-worker(26562): Debug:
passwd(r...@example.com,::1,):
lookup
Aug 26 03:25:52 auth-worker(26562): Info:
passwd(r...@example.com,::1,):
unknown user
Aug 26 03:25:52 auth: Debug:
passwd-file(r...@example.com,::1,):
lookup: user=r...@example.com file=/etc/dovecot/passwd
Aug 26 03:25:52 auth: Error:
plain(r...@example.com,::1,): user
not found from any userdbs
Aug 26 03:25:52 auth: Debug: master userdb out: NOTFOUND1520959489
Aug 26 03:25:52 imap: Error: Authenticated user not found from userdb,
auth lookup id=1520959489 (auth connected 1 msecs ago, handshake 0
msecs ago, request took 1 msecs, client-pid=26560 client-id=1)
Aug 26 03:25:52 imap-login: Info: Internal login failure (pid=26560
id=1) (internal failure, 1 successful auths): user=,
method=PLAIN, rip=::1, lip=::1, mpid=26563, secured,
session=
Per [1] I decided to see what the response (base64-reply) I am
submitting to dovecot looks like:
echo 'base64-reply' | base64 -d
raub@example.compassword
Which has the right username and password but follows the userpassword
format, not useruserpassword as I was led to believe by [1]. Is that
to be expected? If it is then the issue is further down the line.
[1] https://wiki.dovecot.org/Debugging/Authentication
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for a fact in 2.2.36) I believe it should be filter = dovecot instead of filter = dovecot-pop3imap [root@mail ~]# ls -l /etc/fail2ban/filter.d/doveco* -rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf [root@mail ~]#
Re: Problems Converting from Cyrus to Dovecot (cyrus2dovecot)
On Nov 4, 2015 2:48 PM, "Forrest" wrote: > > I have been attempting to use the cyrus2dovecot script, to no avail. > > I have many years of content that I want to convert from Cyrus to Dovecot; with the above not working, what are other options out there? Another idea I had is simply set up another IMAP server (using Dovecot) and drag-and-drop and just wait, which I may end up doing. > > In the above, I copied over my entire /var/imap and /var/spool/imap to another system; there is only one account (mine), so calling the script was fairly easy; it just doesn't work. > > > inboxes=the "myaccount" that was copied over > > /home/myaccount/cyrus2dovecot --cyrus-inbox /home/myaccount/inboxes/%u \ > --cyrus-seen /home/myaccount/varimap/user/%h/%u.seen \ > --cyrus-sub /home/varimap/user/%h/%u.sub \ > --dovecot-inbox /home/myaccount/dovecot/Maildir \ > myaccount > > > > the log output complains of: > > cyrus2dovecot [myaccount]: (warning) Index record missing for: INBOX/62020. > > and correctly complains about squat indices, as that's not a file it would handle. There is no output into the Maildir, however. > > All directory paths are correct. > > > Thanks. I've never used cyrrus, so I wonder if what the script does is create new index and rename the files containing email. Which leads to filename convention. What I do know is that the times I had issues with indexes, I just deleted the index file and let Dovecot create a new one.
Re: how do I conceptualize system & virtual users?
On Jun 19, 2015 9:08 AM, "lejeczek" wrote: > > I guess this would be a common case, I am hoping for some final clarification. > > a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. > Boxes are in the same both DNS and Samba domains. > > Do I treat these users as system or virtual users from postfix/dovecot perspective? > If it can be a matter of choice then which is better/best? > I would make them virtual users. This way you can abstract and scale things up. Also your normal users then would not need to have access to your mail servers; they only access the services. > many thanks.
Re: Thunderbird: improper command pipelining after EHLO
On Mon, Jan 26, 2015 at 9:29 AM, Reindl Harald wrote: > > Am 26.01.2015 um 15:22 schrieb Leander Schäfer: >> >> I couldn't find working solutions for this anomalie on the net. What >> does this mean and does someone know how to fix this? >> >> postfix/smtpd[18757]: improper command pipelining after EHLO from >> unknown[192.168.10.233]: QUIT\r\n > > that's hardly a dovecot topic and without "postconf -n", in doubt with > content of "master.cf" and more informations nobody can help you at all > Agreed. smtpd means mail going out. Unless you setup dovecot to help with the authentication, it could not care less about how your email leaves your server. If you control your postfix server, crank up debugging and see if that helps. If you can't, try the thunderbird list/forum; it too has a debugging mode (https://wiki.mozilla.org/MailNews:Logging).
Re: stop deletion of mails
On Nov 17, 2014 5:48 AM, "Timo Sirainen" wrote: > > On 17 Nov 2014, at 02:44, Edwardo Garcia wrote: > > > Is possible with dovecot? > > > > Legal department have told us we need to stop anyone from delete email > > on corporate mail server, so nobody, even managers can not anymore > > delete any mail? > > Implement email archiving. Allow the users to delete emails that are visible to themselves, but have another place where all the emails always exist and they can be accessed by people who need to have access to them. There are various different ways to do this. The easiest way is to have your MTA just Bcc them to some specific mailbox. We do that using a sieve script. This way it is transparent to user. Since all of our email is owned by the user "virtual" in the mail server (email users do not have accounts in mail server), that works rather nicely.
[Dovecot] Expire plugin and databases
Dumb question: do I need to have a database to run the expire plugin?
Re: [Dovecot] Using dovecot as LDA for postfix
On Tue, Oct 15, 2013 at 11:08 AM, Charles Marcus wrote: > On 2013-10-14 12:43 PM, Farzad Mahdikhani wrote: >> >> dovecot 1.0.7 >> >> I want to config a complete postfix-dovecot mail server. > > > So, please do not start with an ancient, unsupported version. > > 2.2.6 is the latest stable, but at least use the latest 2.1 version... > He's running redhat/centos 5.X; latest dovecot version for that is 1.0.7. Only way out if he is using the redhat packages is to go to redhat 6.X, which probably means a full reinstall... which he may not be authorized to do. And even then he would be a 2.0.9. Some of us do have to stick to the packages officially supported by a distro; I had the very same issue, which is why I was stuck with 1.2.9 in ubuntu 10.04 and now 2.0.19 in 12.04LTS. Would I love to be at least in 2.1? You betcha, but... To the OP: you might want to see if epel or the other non-official repositories have something newer and whether your boss allows you to use them. As I mentioned above, I have run 1.2.9 until quite recently, so I still have my configs available. Don't know how much 1.0.7 differs from 1.2.9 though; you will need to check http://wiki1.dovecot.org/. But, I can paste them here. On thing I am curious about is why you have maildir and mbox at the same time. > -- > > Best regards, > > */Charles/*
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
On Fri, Oct 11, 2013 at 11:08 AM, Mauricio Tavares wrote:
> On Fri, Oct 11, 2013 at 10:50 AM, Martin Rabl wrote:
>> Hm. Ok.
>>
>> Am 11.10.2013 16:44, schrieb Mauricio Tavares:
>>>
>>> On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl
>>> wrote:
>>>>
>>>>fileinto :create "INBOX.Spam";
>>>
>>>Even though .Spam already exists in the user's mailbox?
>>> doveadm mailbox status -u b...@domain.com messages INBOX.Spam
>>> INBOX.Spam messages=92283
>>
>>
>>>>> namespace inbox {
>>>>> inbox = yes
>>>>> location =
>>>>> prefix = INBOX.
>>>>> separator =.
>>>>> type = private
>>>>>
>>>>> }
>>
>> Yep, try it - if the folder is there, it will happen nothing.
>>
>> I think, there is a namespace problem, and maybe the spamfolder is located
>> unter INBOX.INBOX.Spam (just an idea).
>>
>> I think, sieve will create a folder, where it assumes there is one.
>> It's just a little experimental ... ;-)
>>
>>
>> Greetings,
>> Martin
>
> Interesting: now it reports that it put the spam in its proper place:
>
> Oct 11 11:02:27 mail dovecot: lda(b...@domain.com): sieve:
> msgid=<6563.377.5164.515...@pickedit.us> : stored mail into mailbox
> 'INBOX.Spam'
>
> And, it created INBOX.Spam:
>
> drwxr-x--- 5 virtual virtual4096 Oct 11 11:02 .INBOX.Spam
> drwxr-x--- 5 virtual virtual4096 Oct 11 01:52 .Spam
>
> So, let's drop INBOX altogether
>
> fileinto :create "Spam";
>
> and see what kind of mess we can come up with, right? =)
And that seems to have worked. Now I feel like
http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage and I do not like each
other...
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
On Fri, Oct 11, 2013 at 10:50 AM, Martin Rabl wrote:
> Hm. Ok.
>
> Am 11.10.2013 16:44, schrieb Mauricio Tavares:
>>
>> On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl
>> wrote:
>>>
>>>fileinto :create "INBOX.Spam";
>>
>>Even though .Spam already exists in the user's mailbox?
>> doveadm mailbox status -u b...@domain.com messages INBOX.Spam
>> INBOX.Spam messages=92283
>
>
>>>> namespace inbox {
>>>> inbox = yes
>>>> location =
>>>> prefix = INBOX.
>>>> separator =.
>>>> type = private
>>>>
>>>> }
>
> Yep, try it - if the folder is there, it will happen nothing.
>
> I think, there is a namespace problem, and maybe the spamfolder is located
> unter INBOX.INBOX.Spam (just an idea).
>
> I think, sieve will create a folder, where it assumes there is one.
> It's just a little experimental ... ;-)
>
>
> Greetings,
> Martin
Interesting: now it reports that it put the spam in its proper place:
Oct 11 11:02:27 mail dovecot: lda(b...@domain.com): sieve:
msgid=<6563.377.5164.515...@pickedit.us> : stored mail into mailbox
'INBOX.Spam'
And, it created INBOX.Spam:
drwxr-x--- 5 virtual virtual4096 Oct 11 11:02 .INBOX.Spam
drwxr-x--- 5 virtual virtual4096 Oct 11 01:52 .Spam
So, let's drop INBOX altogether
fileinto :create "Spam";
and see what kind of mess we can come up with, right? =)
Re: [Dovecot] Sieve and Namespace in dovecot 2.0.X
On Fri, Oct 11, 2013 at 10:33 AM, Martin Rabl wrote:
> Hi,
>
> try
>
> fileinto :create "INBOX.Spam";
>
> Bye,
>Martin
>
Even though .Spam already exists in the user's mailbox?
doveadm mailbox status -u b...@domain.com messages INBOX.Spam
INBOX.Spam messages=92283
> Am 11.10.2013 16:30, schrieb Mauricio Tavares:
>
>> Based on what I read in
>> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace
>> defined as
>>
>> tail conf.d/10-mail.conf
>>
>> namespace inbox {
>>inbox = yes
>>location =
>>prefix = INBOX.
>>separator =.
>>type = private
>>
>> }
>>
>> A global script like
>>
>> cat /etc/dovecot/sieve/global-spam.sieve
>> require ["fileinto", "regex"];
>> # Must use regex here as 'contains' may not be valid, it erroneously
>> # moved:
>> # X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00,
>> #
>> DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay,
>> # XM_SPF_Neutral autolearn=disabled version=3.2.5, No
>> #
>> # Due to the 'YES' in BAYES, let's just make sure YES is at the
>> # _beginning_ of X-Spam-Status, while ignoring anything past it.
>> #if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" {
>> if header :matches "X-Spam-Status" "Yes*" {
>>fileinto "INBOX.Spam";
>>stop;
>> }
>>
>> should put spam in bob/.Spam. But, I am getting an error message
>> stating that INBOX.Spam does not exist:
>>
>> Oct 11 09:57:33 mail dovecot: lda(b...@domain.com): Error: sieve:
>> msgid=<0.0.0.71c.1cec689a21cff08.706...@ip.aidolip.us>: failed to
>> store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam
>>
>> How come?
>>
>
>
> --
> Viele Grüße,
>
> Martin Rabl
[Dovecot] Sieve and Namespace in dovecot 2.0.X
Based on what I read in
http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage, if I have a namespace
defined as
tail conf.d/10-mail.conf
namespace inbox {
inbox = yes
location =
prefix = INBOX.
separator =.
type = private
}
A global script like
cat /etc/dovecot/sieve/global-spam.sieve
require ["fileinto", "regex"];
# Must use regex here as 'contains' may not be valid, it erroneously
# moved:
# X-Spam-Status: No, score=-4.0 required=8.0 tests=ALL_TRUSTED,BAYES_00,
# DCC_CHECK_NEGATIVE,HTML_MESSAGE,T_TM2_M_HEADER_IN_MSG,UNTRUSTED_Relay,
# XM_SPF_Neutral autolearn=disabled version=3.2.5, No
#
# Due to the 'YES' in BAYES, let's just make sure YES is at the
# _beginning_ of X-Spam-Status, while ignoring anything past it.
#if header :regex "X-Spam-Status" "^[Yy][Ee][Ss].*" {
if header :matches "X-Spam-Status" "Yes*" {
fileinto "INBOX.Spam";
stop;
}
should put spam in bob/.Spam. But, I am getting an error message
stating that INBOX.Spam does not exist:
Oct 11 09:57:33 mail dovecot: lda(b...@domain.com): Error: sieve:
msgid=<0.0.0.71c.1cec689a21cff08.706...@ip.aidolip.us>: failed to
store into mailbox 'INBOX.Spam': Mailbox doesn't exist: INBOX.Spam
How come?
Re: [Dovecot] Yet another going from 1.2 to 2.X question: authentication
On Thu, Sep 19, 2013 at 2:40 AM, Noel Butler wrote:
> On Thu, 2013-09-19 at 00:50 -0400, Mauricio Tavares wrote:
>
>> So in 1.2.9 I had something like this:
>>
>> [...]
>>
>> socket listen {
>> master {
>> path = /var/run/dovecot/auth-master
>> mode = 0600
>> user = virtual # User running Dovecot LDA's deliver
>> }
>> }
>>
>> # Dovecot as SASL Auth
>> socket listen {
>> client {
>> path = /var/spool/postfix/private/dovecot-auth
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>> }
>>
>> I see I can, per http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL,
>> setup the sasl entry as
>>
>> # Dovecot as SASL Auth
>> service auth {
>> unix_listener /var/spool/postfix/private/dovecot-auth
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>>
>> what about the lda? From http://wiki2.dovecot.org/LDA I take it would
>> be as simple as
>>
>> service auth {
>> unix_listener auth-userdb {
>> mode = 0600
>> user = virtual # User running Dovecot LDA's deliver
>> }
>> }
>>
>> Am I correct?
>
>
> Yes, but no need for two service auth's, put them under the one. you
> might want to also include group= in addition to user, probably wont
> matter too much if you don't, I cant remember the consequences of not.
>
Makes sense, so I shall set them up as
/etc/dovecot/conf.d/10-master.conf
# http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
service auth {
unix_listener auth-userdb {
mode = 0600
user = virtual # User running Dovecot LDA's deliver
}
# Dovecot as SASL Auth
unix_listener /var/spool/postfix/private/dovecot-auth {
mode = 0660
user = postfix
group = postfix
}
}
Thanks for the help (and sorry for the late reply)! Now as soon as the
namespaces make sense to me and I figure out how to get sieve properly
configured I can do the upgrade.
[Dovecot] On mailboxes, separators, and dovecot2
While I was running dovecot 1.2.9, I had my mailboxes using the
old Courier IMAP format. i.e. my mailboxes would look like
INBOX.Orders.Scams
Going to dovecot 2 (but not 2.1), I see to have a few questions:
1) It seems I would device my mailbox thingies in 10-mail.conf:
namespace inbox {
inbox = yes
separator = .
location =
prefix = INBOX.
type = private
mailbox SPAM {
auto=subscribe
special_use = \Junk
}
mailbox Trash {
auto=subscribe
special_use = \Trash
}
mailbox Sent {
auto=subscribe
special_use = \Sent
}
}
but how would I prepresent my INBOX.Orders.Scams folder? Something like
mailbox Orders.Scams {
auto=subscribe
}
perhaps?
2) Reading (am I literate?) through
http://wiki2.dovecot.org/Namespaces, it seems having separator = . is
not only outdated but also a bad idea (but, I had child mailboxes as
shown above). Could anybody elaborate one that? And which clients
still do LSUB *?
[Dovecot] Yet another going from 1.2 to 2.X question: authentication
So in 1.2.9 I had something like this:
[...]
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = virtual # User running Dovecot LDA's deliver
}
}
# Dovecot as SASL Auth
socket listen {
client {
path = /var/spool/postfix/private/dovecot-auth
mode = 0660
user = postfix
group = postfix
}
}
I see I can, per http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL,
setup the sasl entry as
# Dovecot as SASL Auth
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth
mode = 0660
user = postfix
group = postfix
}
what about the lda? From http://wiki2.dovecot.org/LDA I take it would
be as simple as
service auth {
unix_listener auth-userdb {
mode = 0600
user = virtual # User running Dovecot LDA's deliver
}
}
Am I correct?
[Dovecot] Initial Maildir directories
Is there a way to specify additional directories to be created when a new user account is, well, created?
[Dovecot] PAM problem with virtual domain/user ownership
I am running dovecot 1.2.9 (ubuntu package, not from source) and wanted
to use pam to authenticate my mail users who have no local accounts.
I've done that before in an earlier release of dovecot and ubuntu, so I
would not need to do set dovecot to ask LDAP directly.
So, I have in dovecot.conf:
# Authentication processes
mechanisms = plain login
passdb pam {
args = "*"
}
userdb static {
args = allow_all_users uid=virtual gid=virtual
home=/var/spool/vmail/domain.com/%n
}
i.e. /var/spool/vmail/domain.com/ is owned by virtual:virtual,
drwxr-x--- 4 virtual virtual 4.0K 2011-01-23 11:45 domain.com
and that is how I would hope dovecot would be trying to login as. When I
tried to login as user raub, the log file seems to tell me that it is
trying to create /var/spool/vmail/domain.com/raub/cur as raub:users, not
as virtual:virtual
Jan 22 06:35:02 mail dovecot: imap-login: Login: user=,
method=PLAIN, rip=216.155.101.90, lip=216.155.101.94, TLS
Jan 22 06:35:02 mail dovecot: IMAP(raub):
mkdir(/var/spool/vmail/domain.com/raub/cur) failed: Permission denied
(euid=5016(raub) egid=100(users) missing +w perm:
/var/spool/vmail/domain.com)
What am I missing here?
[Dovecot] Populating mailbox dir
Let's say you created a (virtual) mail user but have not created the user mail directory. When you first try to access it, the mail directory is created and populated: ls -a /var/spool/vmail/domain.com/raub/ .dovecot.index.logdovecot-uidvalidity.4d375a39 tmp .. dovecot-uidlist new .Trash cur dovecot-uidvalidity subscriptions Who populates/creates the initial files and folders in the user mailbox? Dovecot? The mail client accessing it through imap? Elvis? If dovecot, is there a way to customize it a bit, so a few extra folders will also be thrown there?
[Dovecot] passwd, gid and uid
I forgot the answer for this: in http://wiki.dovecot.org/AuthDatabase/PasswdFile, we have the passwd file defined as user:password:uid:gid:(gecos):home:(shell):extra_fields What should the uid and gid be associated with? In my setup I told postfix to use Dovecot LDA's deliver, which then is saving files as uid:gid of 1500:1500. How would that affect the uid:gid used in the passwd file? From what I read in the dovecot's wiki, you want them *not* to be anything that has the rights to access the emails. So, does that mean any value for them will do?
Re: [Dovecot] Use a different usename than the recipient address (that require a lookup)?
On 11/08/2010 01:42 PM, Zhou, Yan wrote:
Hi there,
I am integrating Postfix and DoveCot, both use LDAP to look up
user/email address info. My question is this: can I create a user
"jsmith" to get all emails with the recipient address:
dovecotd...@domain? Because of using LDAP, I need to do a lookup to
know that the user "jsmith" is getting emails for "dovecotd...@domain",
NOT "dovecotdemo" (there will be no such user).
Most of my users just use their usernames as their mail directories.
But, I have one I had to do something like
userdb passwd-file {
args = /etc/dovecot/users
}
and then define in /etc/dovecot/users for that user where his maildir is.
Another option would be to use aliases in postfix.
In postfix's master.cf, I can use LDA to deliver to DoveCot, which needs
to know the user name where the message should be delivered to. But I
would not know that at the time because I need to do a lookup in LDAP.
Does the DoveCot delivery agent have any way to allow me return a
different user name after LDAP lookup?
If you use virtual domains, you could specify where the emails go using
virtual_mailbox_maps.
I would not want to modify a couple of files to accomplish that, because
I would have to do that for every email address created.
Why?
Thanks,
Yan
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable
content and malicious code. For more information on Axway products please visit
www.axway.com.
Re: [Dovecot] Fail2ban
On Thu, Jun 10, 2010 at 5:38 PM, fakessh wrote: > hi dovecot network > > the principle of fail2ban is repeated for connections with the same login > fail2ban does not work if the attack changes to login every time > this type of attack is rather to find valid user accounts > > > I may be wrong, I hope I too am a victim of this kind of attacks > > > On Thu, 10 Jun 2010 17:19:24 -0400, Jerrale Gayle > wrote: >> I have fail2ban working for EVERYTHING else except dovecot. I have tried > >> using my own custom regex in conjunction with the regex on the >> dovecot.org site. Neither are picked up by fail2ban and I'm trying to >> use an imminent attack agaist dovecot, going on now, to my advantage to >> see when I get the right regexp. Here are my current ones: >> >> failregex = .*dovecot: (?:pop3-login|imap-login): >> (?:Disconnected|Aborted login) \((?:auth failed, .* attempts|no auth >> attempts)\):.*rip=,.* <<< this is my custom >> (?: pop3-login|imap-login): (?:Authentication >> failure|Aborted login \(auth failed|Aborted login \(tried to use >> disabled|Disconnected \(auth failed).*rip=(?P\S*),.* <<< from >> dovecot.org >> .*warning:.\S*\[(?P)\]: >> SASL.(?:PLAIN|LOGIN).authentication failed:.* >> >> Here is the current attack: >> >> Jun 10 17:18:10 mail dovecot: pop3-login: Disconnected (auth failed, 1 >> attempts): user=, method=PLAIN, rip=113.12.82.71, > lip=173.50.101.12 >> >> >> Can someone help me out a little? >> >> Thanks, >> >> Jerrale G > A bit of a side thought, would it be possible to just ban an IP trying to connect with a non-existent user?
Re: [Dovecot] OT: best linux imap client for dovecot
On Wed, Feb 24, 2010 at 1:37 PM, Timo Sirainen wrote: > Basically: > > 1) Online mode: Don't download all message headers at once at startup. > If I open a mailbox, I'm seeing only about 20 messages on screen. That's > all it needs to download. When I scroll the message list, download more > as needed. > I see I am not the only one who finds the way TB does it odd, to say the least. > 3) Don't download message attachments when I open the mail. > Yes! If I want to see the attachments, I will tell it when I am ready. Otherwise, just mention they are there. > 4) When I actually am downloading a larger attachment or doing some > other long running operation, don't block the UI or anything. Create a > new IMAP connection if needed. > And have that new connection for this long download thingie.
Re: [Dovecot] Redirecting mail gives 'mail forwarding loop' to the sender - calling for sieve help
Andrés Yacopino wrote:
Greetings, i am testing:
- dovecot-1.2-sieve-0.1.11
- dovecot 1.2.3
- dovecot-1.2-managesieve-0.11.8 (with patch)
I am trying to use sieve_after to execute some redirection of mails.
I have put in the after script:
require "include";
require "fileinto";
if header :contains ["To","Cc"] "us...@acasalud.com.ar"
{
keep;
redirect "us...@acasalud.com.ar";
}
The redirection works but the sender user (userA) get the following error:
This is the mail system at host acamail.acasalud.com.ar.
I'm sorry to have to inform you that your message
could not
be delivered to one or more recipients. It's
attached below.
The mail system
>:
mail forwarding loop
for us...@acasalud.com.ar
Could somebody can help me.
Thanks,
What does your log file says?
Also, you could cheat and tell it to use copy instead of keep and
redirect?
[Dovecot] imap, locks, and dovecot
Let's say I have two computers -- a desktop and a laptop -- setup to check email on my postfix/dovecot/mailscanner box by using imap. Now, both machines use thunderbird and have a filter in that mail client to move emails that have a certain to: address (an alias, like supp...@domain.com) to a mail directory. The desktop is setup to check for mail every minute while the laptop initially is told to do the same. So, I send an email to the said address. dovecot (1.1.7) puts it in the inbox. thunderbird in one of those machines sees it and moves it to the, say, support folder. Then, another copy of the same mail is created and placed in the same folder. I then begin increasing the time the laptop waits before checking mails. Up to 5 minutes I am still having the double email issue, but if I the laptop to wait 10 minutes I only have one copy of the said email. That makes me think both clients are seeing the same email and moving it at the same time. I do not know the imap commands being used but it sure seems that there is not some kind of locking system for the mail files (I use maildir) to make sure only one program is accessing the said email. Am I correct? Is there a way around that?
Re: [Dovecot] Problem with sieve scripts including sieve scripts
Stephan Bosch wrote:
Mauricio Tavares wrote:
I have the following global cmusieve scripts defined in
/etc/dovecot/sieve, which is owned by the user deliver is run
(virtual) as defined in the lda session of dovecot.conf:
global-spam.script ==
require ["fileinto"];
# Move spam to spam folder
if header :contains "X-Spam-Level" "" {
fileinto "Spam";
# Stop here so that we do not reply on spam
stop;
}
elsif header :contains "X-Spam-Flag" "Yes" {
fileinto "Spam";
stop;
}
First of all, this script can be made simpler by using the anyof() Sieve
command, avoiding the need to specify the spam delivery verdict multiple
times.
Actually that was a goof. What I meant was to discard the mail if it
had too many stars (it sounds better than saying X-Spam-Level was too
high ;). Shame on me!
Jul 22 14:49:02 mail deliver(r...@domain.com):
msgid=<000d01ca078a$d13122a0$6400a...@chameleonsh>: saved mail to INBOX
Why?
Good question. Are you sure that the tested headers above are truly
present in the message under consideration (check your INBOX)? I know
that MailScanner uses custom headers and the SpamAssassin ones are not
always produced in addition by default. For debugging purposes, could
you put these rules inside the user's personal script (the
.dovecot.sieve) to check whether these work at all?
I must say, I've never used CMUSieve's include support before, so I
couldn't tell you whether there are any known issues with this.
I just found the issue: I typed "X-Spam-Flag" instead of
"X-Spam-Status" as defined in the dovecot.conf. Oops! My typing skills
are weak!
Regards,
[Dovecot] Problem with sieve scripts including sieve scripts
I have the following global cmusieve scripts defined in
/etc/dovecot/sieve, which is owned by the user deliver is run (virtual)
as defined in the lda session of dovecot.conf:
global-spam.script ==
require ["fileinto"];
# Move spam to spam folder
if header :contains "X-Spam-Level" "" {
fileinto "Spam";
# Stop here so that we do not reply on spam
stop;
}
elsif header :contains "X-Spam-Flag" "Yes" {
fileinto "Spam";
stop;
}
global-default.script
require ["include"];
include :global "global-spam.script";
i.e. all the default script does is call the spam script. I have created
the compiled versions using sievec, making sure they are still owned by
virtual:
mail sieve # ls
global-default.script global-spam.script global-vacation.script
global-default.scriptc global-spam.scriptc global-vacation.scriptc
mail sieve #
In the plugins session of dovecot.conf I have defined the path for
global scripts (so I can do the include :global thingie) and the path
for the default script (just in case user does not have a custom script
in the mail directory):
plugin {
sieve_global_dir = /etc/dovecot/sieve/
global_script_path = /etc/dovecot/sieve/global-default.script
}
So I send me some certifiable spam from my collection of test spam. This
is what I got from the log:
Jul 22 14:49:01 mail MailScanner[15047]: New Batch: Scanning 1 messages,
3206 bytes
Jul 22 14:49:01 mail MailScanner[15047]: SpamAssassin cache hit for
message C04F79F002F.784A8
Jul 22 14:49:01 mail MailScanner[15047]: Spam Checks: Found 1 spam messages
Jul 22 14:49:02 mail MailScanner[15047]: Virus and Content Scanning:
Starting
Jul 22 14:49:02 mail MailScanner[15047]: Requeue: C04F79F002F.784A8 to
304C09F0012
Jul 22 14:49:02 mail postfix/qmgr[14869]: 304C09F0012:
from=, size=2518, nrcpt=1 (queue active)
Jul 22 14:49:02 mail MailScanner[15047]: Uninfected: Delivered 1 messages
Jul 22 14:49:02 mail deliver(r...@domain.com): Loading modules from
directory: /usr/lib/dovecot/lda
Jul 22 14:49:02 mail deliver(r...@domain.com): Module loaded:
/usr/lib/dovecot/lda/lib90_cmusieve_plugin.so
Jul 22 14:49:02 mail dovecot: auth(default): master in: USER1
r...@domain.com service=deliver
Jul 22 14:49:02 mail dovecot: auth(default): master out: USER 1
r...@domain.com uid=1500gid=1500
home=/var/spool/vmail/domain.com/raub
Jul 22 14:49:02 mail deliver(r...@domain.com): auth input: r...@domain.com
Jul 22 14:49:02 mail deliver(r...@domain.com): auth input: uid=1500
Jul 22 14:49:02 mail deliver(r...@domain.com): auth input: gid=1500
Jul 22 14:49:02 mail deliver(r...@domain.com): auth input:
home=/var/spool/vmail/domain.com/raub
Jul 22 14:49:02 mail deliver(r...@domain.com): maildir:
data=/var/spool/vmail/domain.com/raub
Jul 22 14:49:02 mail deliver(r...@domain.com): maildir++:
root=/var/spool/vmail/domain.com/raub, index=, control=,
inbox=/var/spool/vmail/domain.com/raub
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve:
/var/spool/vmail/domain.com/raub/.dovecot.sieve doesn't exist
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve: Using sieve
path: /etc/dovecot/sieve/global-default.script
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve: Executing
script /etc/dovecot/sieve/global-default.scriptc
Jul 22 14:49:02 mail deliver(r...@domain.com):
msgid=<000d01ca078a$d13122a0$6400a...@chameleonsh>: saved mail to INBOX
Jul 22 14:49:02 mail postfix/pipe[15137]: 304C09F0012:
to=, relay=dovecot, delay=3.4, delays=3.3/0/0/0.1,
dsn=2.0.0, status=sent (delivered via dovecot service)
From what I gathered, mailscanner saw it was spam and tagged it. When
the mail got back, postfix gave it to dovecot deliver, which then passed
to cmusieve. Now, cmusieve saw user did not have a script defined,
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve:
/var/spool/vmail/domain.com/raub/.dovecot.sieve doesn't exist
So, it used the default script as it should,
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve: Using sieve
path: /etc/dovecot/sieve/global-default.script
Jul 22 14:49:02 mail deliver(r...@domain.com): cmusieve: Executing
script /etc/dovecot/sieve/global-default.scriptc
But, instead of calling the spam script, it simply delivered the spam
mail to the inbox,
Jul 22 14:49:02 mail deliver(r...@domain.com):
msgid=<000d01ca078a$d13122a0$6400a...@chameleonsh>: saved mail to INBOX
Why?
[Dovecot] dovecot lda and postfix
I do not know if this is a help request to solve a problem but
to understand what is going on. I am going to start with the problem
description as I see it and we will go from there.
I have postfix setup to use dovecot for tls/sasl in addition to its
normal imap/pop3 functions. Postfix is also setup to do virtual
domains, getting its information from the files valias, vmaps, and
vhosts which are all located in its /etc/postfix directory:
# Virtual domain stuff
virtual_mailbox_domains = /etc/postfix/vhosts.txt
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
# 1500:1500 is user virtual
virtual_uid_maps = static:1500
virtual_gid_maps = static:1500
virtual_alias_maps = hash:/etc/postfix/valias.txt
Dovecot uses its own unix passwd-like files to do authentication. In
fact, as you can see, I broke them apart so I can make the actual
password file readable only by root:
mail_location = maildir:~/
auth default {
passdb passwd-file {
args = /etc/dovecot/passwd
}
userdb passwd-file {
args = /etc/dovecot/users
}
}
I know the norm is to use a database or at least ldap, but I had my
reasons. Mailscanner is also installed. So, the whay things have been
working so far was, postfix receives an email and checks if it is
recipient exists here. If so, it would pass it to mailscanner and then
get it back, when it would then drop it at the recipient's mailbox in
/var/spool/vmail/domain.com/user. A user would then connect to dovecot
to retrieve the email. And when an email was to be sent, postfix would
use dovecot to do the user authentication. So far so good.
Now I want to add dovecot lda so I can run the cmu sieve plugin (this
is dovecot 1.0.1) primarily to move emails mailscanner (and
spamassassin) thinks that are spam to each virtual user's Spam
maildir directory.
So, reading http://wiki.dovecot.org/LDA/Sieve/CMU, I add the following
entries to dovecot.conf:
protocol lda {
mail_plugin_dir = /usr/lib/dovecot/modules/lda
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = cmusieve
global_script_path = /etc/dovecot/scripts/dovecot.sieve
mail_debug = yes
log_path = /var/log/dovecot-lda
info_log_path = /var/log/dovecot-lda
}
# I am being rather lazy in my sieve config entry. I did make sure the file
# is owned by virtual:virtual
plugin {
sieve = /etc/dovecot/scripts/dovecot.sieve
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = virtual # User running Dovecot LDA's deliver
}
# Postfix is using dovecot for SMTP AUTH (SASL)
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
Then, based on http://wiki.dovecot.org/LDA/Postfix, I edit postfix's master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver -f
${sender} -d ${us...@${nexthop}
and main.cf:
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
# mailbox_virtual_domains was already defined as shown above
The dovecot.sieve file looks like this:
require ["fileinto", "reject"];
# Spam stuff
if header :contains "X-Spam-Level" "" {
discard;
stop;
}
elsif header :contains "X-Spam-Status" "Yes" {
fileinto "Spam";
stop;
}
So, I restart it and try to send a message to my account, say
r...@domain.com, in this machine. It bounces back saying the user does
not exist. I check th elog files and they seem to agree:
dovecot: 2009-06-30 16:31:44 Info: auth(default):
passwd-file(r...@domain.com): lookup: user=r...@domain.com
file=/etc/dovecot/users
dovecot: 2009-06-30 16:31:44 Info: auth(default):
passwd-file(r...@domain.com): unknown user
Now this is where I am trying to understand what is going on. It seems
to me that postfix *or* dovecot went to /etc/dovecot/users looking
for r...@domain.com. Not finding it there (I had it defined there as
raub simply; I have mail_location = maildir:~/ in dovecot.conf, so the
username in this file does not need to be related to the user's email
address), it decided user does not exist and bounced back.
My testing indicated that happened after postfix passed the email to
dovecot lda (I guess that virtual_transport = dovecot means it goes to
master.cf and looks for the dovecot entry and then passes the message
to it). That would mean postfix is not using vmaps to see if the user
exists anymore. Instead, it is delegating checking if a user exists to
dovecot, which is not what I want to do. I want postfix to worry about
getting mail and making sure the recipient exists. Out of the blue, if
I replaced the virtual_mailbox entry with local_transport = dovecot,
or nothing at all, mail is delivered as it should.
My gut feeling is the master.cf dovecot entry is responsible for the
problem, but I am not sure because I really do n
Re: [Dovecot] A few easy pam and virtual domains questions
Something I forgot to mention: when I first connected to the mail server as raub using imap, dovecot created a few files. No problem with that. But they were owned by the user raub, r...@mail $ ls -la /var/spool/vmail/flingingmonkey.com/raub total 32 drwxrwxrwx 5 virtual virtual 4096 May 26 16:23 . drwxr-xr-x 4 virtual virtual 4096 May 21 11:34 .. drwxrwxrwx 2 virtual virtual 4096 May 21 11:34 cur -rw--- 1 raub users 17 May 26 16:23 dovecot-uidlist -rw--- 1 raub users 8 May 26 16:23 dovecot-uidvalidity -rw--- 1 raub users 0 May 26 16:23 dovecot-uidvalidity.4a1c4fa9 -rw--- 1 raub users140 May 26 16:23 dovecot.index.log drwxrwxrwx 2 virtual virtual 4096 May 21 11:35 new drwxrwxrwx 2 virtual virtual 4096 May 26 16:23 tmp r...@mail $ instead of user virtual, which is the account I have to own /var/spool/vmail and is known to dovecot as virtual_uid_maps = static:1500 virtual_gid_maps = static:1500 Why is it doing that? Is that another clue that it think raub is a local user due to it being authenticated through pam?
[Dovecot] A few easy pam and virtual domains questions
I am using dovecot with postfix, which was setup to do virtual domains. Dovecot is setup to authenticate against pam (I know, I know) and knows to look for email in /var/spool/vmail/: virtual_mailbox_base = /var/spool/vmail I also have virtual_mailbox_maps defined as virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt where I currently only have one account, % cat /etc/postfix/vmaps.txt r...@domain.com domain.com/raub/ % Inside raub we have the usual 3 directories, new,cur, and tmp. When I try to login through imap as r...@domain.com@mail.domain.com (i.e. since we are doing the virtual domain thingie, the username has to indicate the domain it belongs to), it will not take it. But, if I login as r...@mail.domain.com, it has no problems authenticating. However, it now expects to retrieve email from /var/spool/vmail/raub instead of /var/spool/vmail/domain.com/raub. Why would it be doing that? Could it be that pam reports raub to be a local account and as a result simply ignoring vmaps.txt? I asked dovecot to log everything it could. When I checked the log file, the following line screamed at me: dovecot: May 27 14:40:28 Info: IMAP(raub): maildir++: root=/var/spool/vmail//raub, index=, control=, inbox=/var/spool/vmail//raub Note the "//" in root and inbox declarations; between those slashes I would expect to be domain.com. Compounding the problem, and perhaps a clue of how pam is telling what these accounts are, postfix is completely ignoring /var/spool/vmail, placing the emails in /home/raub/Maildir (account is actually being nfs-automounted and user authenticated through ldap through pam). Once again I am guessing it too is being told raub is a local user; am I correct?
[Dovecot] OT: Deleting email
I have a mail server running postfix and then using dovecot so others can reach it using imap. I go check mail using thunderbird and delete a few emails, emptying the trash afterwards. Then I quit it and access it using pine. The deleted emails are still there, marked as marked for deletion. I delete a few other emails within pine and quit. It asks to delete the marked emails, I tell go for it, and it does. When I go back to THunderbird all those emails are gone. Next I tell thunderbird to mark certain messages as spam and delete email I marked as spam. I quit it and go back to pine. The spam marked messages which thunderbird swore were deleted are still there. THis really does not seem to be a dovecot issue, but has someone seen that happen? If so, what is going on?
[Dovecot] User changing password
If users are checking their email using imap or pop, is there a way they can change their own passwords (so I can create a temporary one and let them change them to whatever they want) through, say, Thunderbird or whatever?
Re: [Dovecot] FAQ: setting thunderbird to talk to dovecot
On Sat, May 3, 2008 at 8:58 AM, Charles Marcus
<[EMAIL PROTECTED]> wrote:
> On 5/2/2008 Mauricio Tavares wrote:
>
> > It does seem it is appending whatever string I type in the
> > username box to the front of the name of the mail server. So, if I
> > have the username as [EMAIL PROTECTED], it will try to login as
> > [EMAIL PROTECTED]@mail.thespider.com
> >
>
> What are you using for auth? That is where you should be looking.
>
Assuming I understood the question (It's brain dead Saturday!) I
have dovecot setup as
auth_mechanisms = plain digest-md5
but right now I am just doing the plain authentication. After all this
mail server is still not finished so only machines in the lan can even
see it. Once I am satisfied, I'll add tls and all that good stuff. If
this matters, I have no problems accessing the mail server using pine,
where I set the path to the inbox as
inbox-path={192.168.1.12/notls/[EMAIL PROTECTED]
Re: [Dovecot] FAQ: setting thunderbird to talk to dovecot
On Fri, May 2, 2008 at 10:46 AM, Ed W <[EMAIL PROTECTED]> wrote: > > > > How would I do the same under thunderbird from a machine in the same > > lan (taz.thespider.com)? It seems to keep trying to login as > > [EMAIL PROTECTED], which will not fly. > > > > > > > Thunderbird logs in using whatever *string* you type in the username box. > It doesn't even have to be in the format of an email address... > It does seem it is appending whatever string I type in the username box to the front of the name of the mail server. So, if I have the username as [EMAIL PROTECTED], it will try to login as [EMAIL PROTECTED]@mail.thespider.com > Ed >
Re: [Dovecot] FAQ: setting thunderbird to talk to dovecot
On Fri, May 2, 2008 at 7:54 AM, Odhiambo Washington <[EMAIL PROTECTED]> wrote: > > Is thunderbird set to use pop3 or imap? It can do both. I'd rather use imap but I am that kind of guy. ;) > Anyway, I don't support thunderbird as I have never used it, but I can tell > you how to connect to imap via telnet: > > telnet mail.thespider.com 143 > 1 login [EMAIL PROTECTED] creepycrawly > 1 logout > > You can see this: > http://www.macgeekery.com/tips/troubleshooting/troubleshooting_imap > This is what happened: [EMAIL PROTECTED] ~]$ telnet mail.thespider.com 143 Trying 192.168.1.12... Connected to mail.thespider.com (192.168.1.12). Escape character is '^]'. * OK dovecot ready. 1 login [EMAIL PROTECTED] creepycrawly 1 NO Authentication failed. 1 login [EMAIL PROTECTED] creepycrawly 1 OK Logged in. 1 logout * BYE Logging out 1 OK Logout completed. Connection closed by foreign host. [EMAIL PROTECTED] ~]$ I wonder if it has to do with the fact the virtual mailbox domain I created in postfix is defined as thespider.com while the machine running postfix/dovecot is mail.thespider.com. > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Oh My God! They killed init! You Bastards!" > --from a /. post
[Dovecot] FAQ: setting thunderbird to talk to dovecot
Let's say I have a postfix box, named mail.thespider.com, which is setup to handle virtual mailbox domains. One of these domains will handle is, thespider.com, and my email address in that domain is [EMAIL PROTECTED] As I setup dovecot, I can telnet to the pop3 port (110) and test it by logging in as [EMAIL PROTECTED] (I would try the imap port but I do not know how to login to imap from the telnet prompt): [EMAIL PROTECTED] ~]$ telnet mail.thespider.com 110 Trying 192.168.1.12... Connected to mail.thespider.com (192.168.1.12). Escape character is '^]'. +OK dovecot ready. user [EMAIL PROTECTED] +OK pass creepycrawly +OK Logged in. quit +OK Logging out. Connection closed by foreign host. [EMAIL PROTECTED] ~]$ How would I do the same under thunderbird from a machine in the same lan (taz.thespider.com)? It seems to keep trying to login as [EMAIL PROTECTED], which will not fly.
