[Dovecot] Disconnecting without unbinding?

2008-11-18 Thread Maykel Moya 
Timo

Please have a look at this short thread[1]. That message stops appearing
whenever I shutdown dovecot.

I'm using dovecot 1.0.15.

dovecot-ldap.conf
-
dn = ...
dnpass = ...
ldap_version = 3
auth_bind = no
base = ...
pass_filter = ...
pass_attrs = ...
user_filter = ...
user_attrs = ...
default_pass_scheme = MD5-CRYPT
user_global_uid = vmail
user_global_gid = vmail

Regards,
maykel

[1] http://www.openldap.org/lists/openldap-software/200811/msg00078.html



---
Red Telematica de Salud - Cuba
  CNICM - Infomed

[Dovecot] Problems with AUTH=PLAIN in pop3

2008-01-04 Thread Maykel Moya 
I'm using Dovecot (1.0.10) locally to test SugarCRM. When I tried to set
up a mail account in Sugar, it complains with 

--
SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
Please check your settings and try again.
--

don't know if that behaviour is a bug or a feature of php-imap. The case
is that I'm unable to set up the mail account in Sugar.

Timo answered to me on IRC about Dovecot assuming that a connection from
the same ip is considered secured.

I'd rebuild Dovecot with the following patch:

--- dovecot-1.0.10/src/pop3-login/client.c.orig 2008-01-05
00:44:14.0 -0500
+++ dovecot-1.0.10/src/pop3-login/client.c  2008-01-05 00:44:30.0
-0500
@@ -331,7 +331,7 @@
client->created = ioloop_time;
client->refcount = 1;
client->common.tls = ssl;
-   client->common.secured = ssl || net_ip_compare(ip, local_ip);
+   client->common.secured = ssl;
 
client->common.local_ip = *local_ip;
client->common.ip = *ip;
---

but still not able to make it not accept AUTH PLAIN authentication from
the same ip. I'm missing something?

On the other hand, if I set disable_plaintext_auth to yes I cannot use
the classic USER/PASS pop3 verbs. I'm not sure what the POP3 related
RFCs mandates with respect to this.

Regards,
maykel

[Dovecot] Per-user quota (with local users)

2007-10-17 Thread Maykel Moya 
I'm migrating to LDAP mi local users, there is the auth section of my
dovecot.conf

--
auth default {
  mechanisms = plain

  socket listen {
master {
  path = /var/run/dovecot/auth-master
  mode = 0660
  user = dovecot
  group = nusers
}
  }

  passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
  }
  
  passdb pam {
  }
  
  userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
  }
  
  userdb prefetch {
  }
  
  userdb passwd {
  }
  
  user = root
}
--

The idea is to try to find the user in the directory and if it isn't
found then fallback to a local user lookup.

My quota configuration is
--
plugin {
  quota = maildir:storage=10240:ignore=Trash
}
--

I have some users with particular quotas. With LDAP lookups, there is no
problem, in those cases I simply put their particular quota values in
their entries and pass it to dovecot via user_attrs.

I wonder how to do the same for local users, I mean, to have the ability
of specifying particular quotas for some local users.

Another doubt is how to express to Dovecot that a user have no quota at
all, could I use 0?

Regards,
maykel

Re: [Dovecot] Error: net_connect(/var/run/dovecot/auth-master) failed: Resource temporarily unavailable

2007-10-16 Thread Maykel Moya 
> El lun, 15-10-2007 a las 10:41 -0400, Charles Marcus escribió:
> > On 10/15/2007, Maykel Moya ([EMAIL PROTECTED]) wrote:
> > > I'm using deliver (1.0.5) with Postfix (2.1.6).
> > 
> > 
> > 
> > > Any hint?
> > 
> > May not be the cause - but postfix 2.1.6 is - well - *ancient*...
> > 
> > I'd make upgrading a priority, even it didn't fix the problem...
> 
> I'd upgraded postfix to 2.4.5. Although not sure if it helps I also
> raised auth_worker_max_count. Up to this moment I haven't had experience
> the error again.

Well, there it's, again. Postfix, by defaults, don't do more than 100
concurrent deliveries with the same transport, local in my case.

I raised up auth_worker_max_count to 128, to accomodate 100 potential
concurrent deliveries plus some pop3/imaps clients.

The problem appears with certain frequency. There is no other info in
the log besides the error notification.

FWIW:
I have auth_debug enabled. In normal operation I can see the LDAP
queries:
dovecot: Oct 16 09:46:14 Info: auth(default): ldap(foo,x.y.z.w): pass
search: base=ou=users,dc=foo,dc=org scope=subtree filter=(uid=foo)
fields=uid,userPassword,sldMailbox

nevertheless, next to net_connect errors, the ldap related line is
something like

dovecot: Oct 16 09:46:14 Info: auth(default): ldap(foo,x.y,z,w): unknown
user

in both cases, the user don't exist in the directory.

Don't know is this could be something with the same nature of[1].

My config
--
base_dir = /var/run/dovecot-ldap

# IO optimizations
fsync_disable = yes
dotlock_use_excl = yes
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_copy_preserve_filename = yes

protocol lda {
  postmaster_address = [EMAIL PROTECTED]
  auth_socket_path = /var/run/dovecot/auth-master
  mail_plugins = quota

  # http://wiki.dovecot.org/MailLocation/LocalDisk
  fsync_disable = yes
}

auth default {
  mechanisms = plain

  auth_worker_max_count = 128

  socket listen {
master {
  path = /var/run/dovecot/auth-master
  mode = 0660
  user = dovecot
  group = nusers
}
  }

  passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
  }
  passdb pam {
  }

  userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
  }

  userdb prefetch {
  }

  userdb passwd {
  }

  user = root
}
--

Regards,
maykel

[1] http://www.dovecot.org/list/dovecot/2007-October/026069.html

Re: [Dovecot] Error: net_connect(/var/run/dovecot/auth-master) failed: Resource temporarily unavailable

2007-10-15 Thread Maykel Moya 

El lun, 15-10-2007 a las 10:41 -0400, Charles Marcus escribió:
> On 10/15/2007, Maykel Moya ([EMAIL PROTECTED]) wrote:
> > I'm using deliver (1.0.5) with Postfix (2.1.6).
> 
> 
> 
> > Any hint?
> 
> May not be the cause - but postfix 2.1.6 is - well - *ancient*...
> 
> I'd make upgrading a priority, even it didn't fix the problem...

I'd upgraded postfix to 2.4.5. Although not sure if it helps I also
raised auth_worker_max_count. Up to this moment I haven't had experience
the error again.

Regards,
maykel

[Dovecot] Error: net_connect(/var/run/dovecot/auth-master) failed: Resource temporarily unavailable

2007-10-15 Thread Maykel Moya 
I'm using deliver (1.0.5) with Postfix (2.1.6). I made a test for a few
minutes in a moderated busy server. While most mails was delivered, a
lot of them failed with this error:

deliver(userfoo): Oct 15 09:58:31 Error:
net_connect(/var/run/dovecot/auth-master) failed: Resource temporarily
unavailable

Sounds to me something like not enough auth-master to answer every
concurrent deliver.

Any hint?

Regards,
maykel

PD: If there any other info I could give let me know.

Re: [Dovecot] In-site migration from /etc/passwd to LDAP

2007-10-03 Thread Maykel Moya 

El mié, 03-10-2007 a las 12:07 +0200, Patrick Ben Koetter escribió:

> When you migrate an account also migrate the UID and GID to the user that runs
> deliver.

AFAIK deliver runs under dovecot user. Documentation say that dovecot
user should not be used for owning mailboxes.

Besides, I wouldn't like to change UIDs so I can go back with minimal
effort in case of a problem with the new setup. When the system probes
itself stable enough I will migrate them to a pure virtual mail setup.

Regards,
maykel

[Dovecot] In-site migration from /etc/passwd to LDAP

2007-10-02 Thread Maykel Moya 
I'm doing in-site migration of accounts from /etc/passwd to an LDAP
directory. The migration should be progressive (not all users at the
same time).

I'm already able to check mail for accounts in /etc/passwd and accounts
in LDAP. 

The problem is with mail delivery. I'm using Postfix + Dovecot-LDA. This
is the error I get with every delivery

--
dovecot: Oct 03 00:16:09 Info: auth(default): master in: USER   1
moyaservice=deliver
dovecot: Oct 03 00:16:09 Info: auth(default): ldap(moya): user search:
base=ou=users,dc=sld,dc=cu scope=subtree
filter=(&(objectClass=posixAccount)(uid=moya))
fields=sldMailbox,uidNumber
dovecot: Oct 03 00:16:09 Info: auth(default): master out: USER  1
moyahome=/srv/vmail/m/moya/ uid=29174   gid=101
deliver(moya): Oct 03 00:16:09 Fatal: setuid(29174) failed: Operation
not permitted
--

29174 is the uid for moya, is the same in /etc/passwd or in LDAP via
posixAccount class.

Any advise please?

Regards,
maykel

[Dovecot] M-Box benchmark

2007-03-17 Thread Maykel Moya 
A friend of mine passed me this[1] cause I'm recommending him Dovecot. 

My personal experience is very different to the one in that benchmark. I
will appreciate similar links from those of you who had benchmarked
Dovecot against other IMAP servers.

I'm conscious that my personal experience is far to be a objetive
comparison. I switched from UW-Imap/Mbox to Dovecot/Maildir a box with
45k local users, 3.5MB/s sustained IMAP/POP traffic in work hours. The
main performance gain is from mbox -> maildir switching. Anyway the
users (and myself) "perceive" a good performance with the new setup.

Regards,
maykel

[1] http://www.isode.com/whitepapers/mbox-benchmark.html