Re: Dovecot with Postfix "no SASL authentication mechanisms"

[Patrick Ben Koetter via dovecot]

* mangawi...@gmail.com :
> Hi. Can someone help me please check what is wrong with my config? postfix
> is saying "no SASL authentication mechanisms" and I'm using dovecot. From
> what I read so far, it is related to my dovecot settings. Here are the
> details of my config http://paste.debian.net/1290864/

Please verify and show that /var/spool/postfix/private/auth has been created
with correct permissions.

p@rick

-- 
Patrick Ben Koetter
p...@state-of-mind.de
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

doveadm REST API: Delete home

[Patrick Ben Koetter]

Hi!

How can I remove a users mail home directory using the REST API?

I'm trying to purge a users mailbox including the users $HOME, but it seems
I'm on the wrong way. If I send a mailbox delete I end up with "Error: Can't
delete INBOX: INBOX can't be deleted.", which kind of makes sense.

Should I be using
https://doc.dovecot.org/admin_manual/doveadm_http_api/#doveadm-fs-delete
instead?

TIA,

p@rick

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

doveadm rebuild: Failed to add attachment keywords

[Patrick Ben Koetter]

Greetings,

I'm using the current dovecot release 2.3.10 and I try to rebuild mailboxes
with broken attachment paths.

When I run this command:

doveadm rebuild attachments -u u...@example.com ALL

I runs fine for 6199 of 6223 messages and fails then at message 6200 with this
message:

doveadm(u...@example.com): Error: Mailbox INBOX: UID=6200: 
read(attachments-connector(/MailStore/mail/mailboxes/CFEE0E67-6269-4AD3-8DED-6AB71A8E4BD7/dbox/mailboxes/INBOX/dbox-Mails/u.6200))
 failed: 
read(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200[base64:19
 b/l]) failed: 
open(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200)
 failed: No such file or directory (read reason=)
doveadm(u...@example.com): Error: Mailbox INBOX: UID=6200: 
read(attachments-connector(/MailStore/mail/mailboxes/CFEE0E67-6269-4AD3-8DED-6AB71A8E4BD7/dbox/mailboxes/INBOX/dbox-Mails/u.6200))
 failed: 
read(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200[base64:19
 b/l]) failed: 
open(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200)
 failed: No such file or directory (read reason=)
doveadm(u...@example.com): Error: Mailbox INBOX: UID=6200: Failed to add 
attachment keywords: mail_get_parts() failed: Mailbox INBOX: UID=6200: 
read(attachments-connector(/MailStore/mail/mailboxes/CFEE0E67-6269-4AD3-8DED-6AB71A8E4BD7/dbox/mailboxes/INBOX/dbox-Mails/u.6200))
 failed: 
read(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200[base64:19
 b/l]) failed: 
open(/MailStore/mail/attachment/b9/52/b952b91441e53d3bb57453af2df66bb003e551f4-e94b170ff8bb685e943f162bf795-5d0b3129034c8957284d7dfcf92d-6200)
 failed: No such file or directory (read reason=)
6200 error

Assuming the attachments are still there, what would I need to do to 'fix'
that? And if I can't fix it, can 'rebuild' skip the error and go on rebuilding
the rest?

TIA,

p@rick

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

Understanding doveadm rebuild

[Patrick Ben Koetter]

Greetings,

I'm trying to understand if the doveadm rebuild command is suited to fix a
problem we have on a customers platform.

The customer uses sdbox in combination with SIS and for $REASONS dovecot
cannot find the attachements anymore. They are there, but the references to
them in the messages seem to be wrong.

Is that what the rebuild subcommand has been made for? Will it e.g. scan the
messages for attachment references and try to find them in the SIS storage
location and then fix the references in messages?

TIA,

p@rick


-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Calendar function ?

[Patrick Ben Koetter]

* André Rodier :
> On 2018-10-21 16:33, mj wrote:
> > On 10/21/2018 01:22 PM, Maurizio Caloro wrote:
> > > Please this are a complet Grouware solutions, are possible to use
> > > from this only the Calendar Synchronization and
> > > 
> > > Date, Appontment functionality ?
> > > 
> > 
> > If that is hat you need, perhas you should checkout sogo:
> > 
> > https://sogo.nu/
> > 
> > We have been running it for years, with the same backend-components
> > you are using: postfix and dovecot. (and active directory)
> > 
> > MJ
> 
> Hello Maurizio,
> 
> I am interested to add Sogo to the mail server I have, and your feedback
> would be very interesting.
> 
> I use postfix and dovecot as well, but I have a few questions:
> 
> - Do I have to implement shared folders in order to share calendars?

No, you don't. You control sharing calendars either via the SOGo admin
interface or by yourself, when you allow access to your calendar.

> - Are the calendars and address books are in fact, stored in IMAP folders.

No, they aren't. SOGo stores them in a database, e.g. a PostgreSQL server.
You access the calendar either (natively) via the SOGo web interface or with a
client that speaks either CalDAV or ActiveSync. In both cases the client
connects to a http(s)-server that proxies connections to the SOGo sogod
server. This server takes care of ACLs and logic and it also accesses the
data backend, i.e. the SQL database.

> - If yes, are these folders hidden?

There aren't any.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: doveadm: problem listing shared mailboxes using a wildcard

[Patrick Ben Koetter]

* Aki Tuomi :
> Please provide doveconf -n

[root@spike ~]# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.3.3.el7.x86_64 x86_64 CentOS Linux release 7.5.1804 
(Core)  xfs
auth_debug = yes
first_valid_uid = 1000
mail_debug = yes
mail_location = sdbox:/srv/mail/%u
mail_plugins = acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace {
  ignore_on_failure = no
  list = children
  location = sdbox:%%h
  prefix = shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  ignore_on_failure = no
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = scheme=PLAIN username_format=%u /etc/dovecot/users
  default_fields = nopassword=y
  driver = passwd-file
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
service auth {
  unix_listener auth-userdb {
group = vmail
mode = 0777
user = vmail
  }
}
service imap {
  executable = imap post-login
}
service post-login {
  executable = script-login /usr/local/bin/postlogin
  user = vmail
}
ssl = required
ssl_cert =  
> 
> ---Aki TuomiDovecot oy
>  Original message ----From: Patrick Ben Koetter  
> Date: 25/06/2018  17:21  (GMT+02:00) To: dovecot@dovecot.org Cc: Thore 
> Bödecker  Subject: Re: doveadm: problem listing shared 
> mailboxes using a wildcard 
> * Thore Bödecker :
> > You might need to quote that last argument, otherwise it can get
> > interpreted by the shell as globbing, which obviously is not what you
> > want.
> > 
> > I've been using wildcard arguments enclosed within '' and "" for
> > various doveadm commands without issues so far.
> 
> Right. I had thought so too (and forgot to mention it in my intial post), but
> it doesn't make a difference:
> 
> # /bin/doveadm mailbox list -s -u fd...@spike.test shared\*
> # /bin/doveadm mailbox list -s -u fd...@spike.test "shared*"
> # /bin/doveadm mailbox list -s -u fd...@spike.test 'shared*'
> # /bin/doveadm mailbox list -s -u fd...@spike.test "shared\*"
> # /bin/doveadm mailbox list -s -u fd...@spike.test 'shared\*'
> 
> p@rick
> 
> 
> 
> -- 
> [*] sys4 AG
>  
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>  
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>  

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: doveadm: problem listing shared mailboxes using a wildcard

[Patrick Ben Koetter]

* Thore Bödecker :
> You might need to quote that last argument, otherwise it can get
> interpreted by the shell as globbing, which obviously is not what you
> want.
> 
> I've been using wildcard arguments enclosed within '' and "" for
> various doveadm commands without issues so far.

Right. I had thought so too (and forgot to mention it in my intial post), but
it doesn't make a difference:

# /bin/doveadm mailbox list -s -u fd...@spike.test shared\*
# /bin/doveadm mailbox list -s -u fd...@spike.test "shared*"
# /bin/doveadm mailbox list -s -u fd...@spike.test 'shared*'
# /bin/doveadm mailbox list -s -u fd...@spike.test "shared\*"
# /bin/doveadm mailbox list -s -u fd...@spike.test 'shared\*'

p@rick



-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 

doveadm: problem listing shared mailboxes using a wildcard

[Patrick Ben Koetter]

I'm setting up a dovecot server with private and shared namespaces. My test
setup has these mailboxes:

# /bin/doveadm mailbox list -u fd...@spike.test
INBOX/sub01
shared
shared/samme...@spike.test
shared/samme...@spike.test
INBOX

In order to do some post-login scripting foo I'd like to get a list of shared
mailboxes the user is currently subscribed to. The doveadm-mailbox man page
says "It's also possible to use wildcards in the mailbox name."

I'd like to use that feature to output only mailboxes from the shared
namespace. However usind the wildcard character * doesn't output anything:

# /bin/doveadm mailbox list -u fd...@spike.test -s shared*
#

Am I doing something wrong?

p@rick

P.S.
Running dovecot-2.2.10-8.el7.x86_64 on a centos server.




-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Securing postfix to dovecot (SASL) auth

[Patrick Ben Koetter]

* Aki Tuomi :
> 
> 
> On 27.09.2017 13:21, Peter wrote:
> > On 27/09/17 20:35, Thomas Bauer wrote:
> >> service auth {
> >>   inet_listener{
> >> address=192.0.0.1
> >> port=10001
> >> ssl=yes
> >> }
> >> }
> > ssl=yes is not documented to work for the auth service and it's highly
> > likely that it is simply ignored.
> 
> It is documented for inet_listener's in general and is not ignored. Any
> dovecot inet_listener can be given this flag.

However AFAIK Postfix does not honor an SSL encrypted layer for SASL auth.

> You could use stunnel on the other end.

That's what we usually do.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Apparent Maildir permission issue

[Patrick Ben Koetter]

* Mark Foley :
> On Mon, 16 Jan 2017 17:51:48 -0500 Bill Shirley  
> wrote:
> >
> > I've gotten errors like this when it was actually a selinux denial. If 
> > you're running
> > selinux, check those logs too.
> >
> 
> OK, this is getting serious -- mail not getting delivered.
> 
> No, I am not running selinux. Here is the error I get in the maillog:
> 
> Jan 24 16:42:49 mail dovecot: imap(mark): Error: 
> stat(/home/HPRS/mark/Maildir/tmp) failed: Permission denied 
> (euid=326(HPRS\mark) egid=100(users) missing +x perm: 
> /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark))
> 
> Permission are:
> 
> $ ls -l /home/HPRS/mark/Maildir/
> total 200
> drwx-- 2 HPRS\mark domusers 45056 Dec 19 08:13 cur/
> -rw--- 1 HPRS\mark domusers   131 Jul  1  2016 dovecot-keywords
> -rw--- 1 HPRS\mark domusers  5249 Dec  7 23:06 dovecot-uidlist
> -rw--- 1 HPRS\mark domusers 8 Jul  7  2016 dovecot-uidvalidity
> -r--r--r-- 1 HPRS\mark domusers 0 Jan 16  2015 
> dovecot-uidvalidity.54b9def3
> -rw--- 1 HPRS\mark domusers  4080 Nov 27 23:28 dovecot.index
> -rw--- 1 HPRS\mark domusers 88612 Dec  7 23:07 dovecot.index.cache
> -rw--- 1 HPRS\mark domusers  8748 Dec  7 23:07 dovecot.index.log
> -rw--- 1 HPRS\mark domusers  2016 Jul  7  2016 dovecot.mailbox.log
> drwx-- 2 HPRS\mark domusers 12288 Jan 13 12:10 new/
> -rw--- 1 HPRS\mark domusers   137 Jul  7  2016 subscriptions
> drwx-- 2 HPRS\mark domusers 12288 Jan 13 12:10 tmp/
> 
> Permission on the Maildir folder for another user who is NOT having this 
> problem:


Move /home/HPRS/mark/ to /home/HPRS/mark_old/
Deliver mail to mark
Let dovecot create the new /home/HPRS/mark/
Import mail from /home/HPRS/mark_old to /home/HPRS/mark/

p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Good email client to use with Dovecot?

[Patrick Ben Koetter]

* li...@lazygranch.com :
> So does mutt suck or not?

If you work with vi and like it, chances are you will also like mutt.

Personally I *love* mutt! No extra fat. Always on the spot. It is "liberal in
what it receives and conservative in how it sends". Since it is command line
program, I can run it almost everywhere.

It supports local mailboxes, SMTP, POP and IMAP as well as S/MIME and PGP.
You can highly customize it, if you want to with rules per folder, per sender
adress etc. pp.

Just like vi it takes a while until you have internalized the (invisible)
interface. Once you've moved beyond that point you will experience an enormous
boost in efficency.

If you want to, ping me offline and I will share my mutt config. That should
make it easier to start using it.

p@rick


>   Original Message  
> From: Andreas Kalex
> Sent: Thursday, November 17, 2016 11:06 PM
> To: Dovecot Mailing List
> Subject: Re: Good email client to use with Dovecot?
> 
> since years mutt, 'cause it really sucks. 
> I tried TB or claws, evolution, opera but always returned to mutt. 
> 
> 
> 
> Am 18. November 2016 06:31:43 MEZ, schrieb Steve Litt 
> :
> >On Thu, 17 Nov 2016 18:07:15 -0800
> >li...@lazygranch.com wrote:
> >
> >> FWIW, I use claws, which is about the only one not mentioned. 
> >> 
> >> I don't like Thunderbird. For one thing, it is in caretaker status.
> >> Mozilla believes Web based mail is the "future." I rather not run
> >> roundcube, given I got hacked via an unpatched roundcube  back when I
> >> was using a hosting company. ‎ Webmail just increases your attack
> >> surface. 
> >
> >Thanks.
> >
> >My reason for exploring Alpine is I'm moving away from Claws, for
> >non-technical reasons I won't burden this list with.
> >
> >Thanks,
> >
> >SteveT
> >
> >Steve Litt 
> >November 2016 featured book: Quit Joblessness: Start Your Own Business
> >http://www.troubleshooters.com/startbiz

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Timo Sirainen :
> Hmm. If you want to just kludge it, I guess you could do a 00-auth.conf:
> 
> passdb {
>   driver = whatever you want for your real passdb
>   args = etc
>   result_failure = return
>   result_internalfail = return
> }
> 
> So even though pam is still in the config, it's just never actually called.

I played with the idea to set result_failure and result_internalfail to pass
it all through, too. But then things started to get nasty and I took the long
road and began to edit more than local.conf.

But thanks for taking the time to review and rethink this.

p@rick



-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Patrick Ben Koetter :
> * Marcus Rueckert :
> > > What am I missing?
> > 
> > That 10-auth.conf is actually meant to be edited. most distros should
> > have configuration file handling pretty much figured out by now. so
> > none of your changes to those files should get lost. also configuration
> > management comes to mind.
> 
> As I repeatedly said none of those actions are an option in this project.
> I think we better stop this thread.

For the books:

It can't be done at the moment. That would require the passdb section to
become a named section, e.g. like this:

passdb pam {
driver = pam
}

Then one would be able to address this particular passdb namespace and do e.g.
something like this:

passdb pam {
driver = pam
enabled = no
}

p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Marcus Rueckert :
> > What am I missing?
> 
> That 10-auth.conf is actually meant to be edited. most distros should
> have configuration file handling pretty much figured out by now. so
> none of your changes to those files should get lost. also configuration
> management comes to mind.

As I repeatedly said none of those actions are an option in this project.
I think we better stop this thread.

p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Edgar Pettijohn :
> What distro settings?

These files should remain unchanged:

~$ tree /etc/dovecot/
/etc/dovecot/
├── conf.d
│   ├── 10-auth.conf
│   ├── 10-director.conf
│   ├── 10-logging.conf
│   ├── 10-mail.conf
│   ├── 10-master.conf
│   ├── 10-ssl.conf
│   ├── 10-tcpwrapper.conf
│   ├── 15-lda.conf
│   ├── 15-mailboxes.conf
│   ├── 20-imap.conf
│   ├── 90-acl.conf
│   ├── 90-plugin.conf
│   ├── 90-quota.conf
│   ├── auth-checkpassword.conf.ext
│   ├── auth-deny.conf.ext
│   ├── auth-master.conf.ext
│   ├── auth-passwdfile.conf.ext
│   ├── auth-sql.conf.ext
│   ├── auth-static.conf.ext
│   ├── auth-system.conf.ext
│   └── auth-vpopmail.conf.ext
├── dovecot.conf
├── dovecot-dict-sql.conf.ext
├── dovecot.pem
├── dovecot-sql.conf.ext
├── private
└── README

Only /etc/dovecot/local.conf should be changed.

p@rick




> 
> Sent from my iPhone
> 
> > On Jun 20, 2016, at 4:28 PM, Patrick Ben Koetter  wrote:
> > 
> > * Edgar Pettijohn :
> >> Is your goal to have "1" config file?
> > 
> > No, that would eliminate the ability to change distro settings via the 
> > regular
> > package management.
> > 
> > My goal is to add/remove what my service requires via the additional
> > local.conf.
> > 
> > p@rick
> > 
> > -- 
> > [*] sys4 AG
> > 
> > https://sys4.de, +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> > 
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> > Aufsichtsratsvorsitzender: Florian Kirstein
> > 

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Disabling passdb pam in local.conf

[Patrick Ben Koetter]

* Edgar Pettijohn :
> Is your goal to have "1" config file?

No, that would eliminate the ability to change distro settings via the regular
package management.

My goal is to add/remove what my service requires via the additional
local.conf.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Disabling passdb pam in local.conf

[Patrick Ben Koetter]

Greetings,

I'm trying to create a configuration that leaves every config file deployed by
an install process or paket management software untouched. The goal is to put
every configuration required into /etc/dovecot/local.conf.

I've come quite far, but I fail to disable pam as passdb service in
local.conf. What I get if I run doveconf -n is this section:

passdb {
  driver = pam
}

It is in there, because 10-auth.conf includes it:

!include auth-system.conf.ext


These actions are not an option at the moment:

- modify /etc/dovecot/conf.d/10-auth.conf and comment/remove the
  !include-statement
- create an /etc/dovecot/dovecot.conf which would contain all options required
  and would not include any other *.conf files

Reading http://wiki2.dovecot.org/ConfigFile I see ways to include external
files, but nothing to exclude a file in local.conf.

Knowing Timo I would expect there is a way to acchieve what I want. I just
don't seem to find it.

What am I missing?

Regards,

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Hypothetical feature suggestion

[Patrick Ben Koetter]

* Stephen Feyrer :
> Hi,
> 
> Assuming one sends an E-mail which in turn requires either an update
> or correction.  The current practise is to send a subsequent E-mail
> with the new or corrected info.
> 
> I would like to suggest a small feature.  I recognise that this
> would require that the sending application would need to support
> this same feature.
> 
> The sender should be able to edit a sent email, transmit a diff of
> the original and then the receiving mail store composite the changes
> into a new email.  This could be with or without features to allow
> the review historic versions of said E-mail.
> 
> Alternatively, regular expressions could be employed to achieve this
> effect (albeit, a more complex approach).
> 
> This would provide a kind of Web 2 look on E-mail.

Sounds a lot like: https://en.wikipedia.org/wiki/Lemonade_Profile

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Howto get information about quota used

[Patrick Ben Koetter]

* Макаров Денис :
> Hello guys!
> 
> I have Dovecot server (version: 2.2.9) with quota and imap_quota plugins.
> 
> I wanna know how to get information about quota used of current email.
> 
> I can do this with IMAP client like Thunderbird, but how I can do it
> on server?

Try this:

# doveadm quota get -A
...

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Dovecot CalDAV server

[Patrick Ben Koetter]

* Niklaas Baudet von Gersdorff :
> On Fri, 11 Sep 2015 00:43:16 +0300
> Timo Sirainen  wrote:
> 
> > I've been once in a while over the years thinking about implementing
> > CalDAV (and CardDAV) to Dovecot. It might be time to start that soon.
> > Does anyone have any suggestions? So far my main goals would be:
> > 
> >  - scalable, of course
> >  - configurable storage (object storage, regular fs, maybe some
> > key-value dbs, maybe storing as emails)
> >  - efficient indexes (potentially using key-value dbs? or maybe just
> > local files. not sure yet what kind of indexing is needed)
> >  - have it work with dsync (= replication & migration)
> 
> Have you heard about SOGo yet?
> 
> http://www.sogo.nu/
> 
> It is an entire groupware server but its focus lies on scalability
> implemented through open standards. For an overview check

SOGo is good groupware. It is rock solid and runs stable.
But it won't scale for what Timo is after. At least that's what I was told a
while ago.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Dovecot CalDAV server

[Patrick Ben Koetter]

* Timo Sirainen :
> I've been once in a while over the years thinking about implementing CalDAV 
> (and CardDAV) to Dovecot. It might be time to start that soon. Does anyone 
> have any suggestions? So far my main goals would be:
> 
>  - scalable, of course
>  - configurable storage (object storage, regular fs, maybe some key-value 
> dbs, maybe storing as emails)
>  - efficient indexes (potentially using key-value dbs? or maybe just local 
> files. not sure yet what kind of indexing is needed)
>  - have it work with dsync (= replication & migration)

Well CalDAV/CardDAV is just another protocol you put in front of your storage
engine, right? (Besides the tweaks it will take…)


> Some things I wonder about:
> 
>  - Maybe there is already some code out there that could be used to implement 
> it faster?
>  - Maybe even use something else besides C to implement it.. Then again that 
> makes integration to Dovecot more difficult.

Have you had a look at http://radicale.org/? I haven't used it myself, but
heard good things about it.

p@rick


>  - Is anybody interested in helping to develop this? :) I think I still have 
> too much other work that I won't spend a lot of time coding it..
> 
> One thing that makes this easier is that Open-Xchange has already implemented 
> a CalDAV server, so they can help to avoid the biggest design mistakes. 
> (There are a couple of reasons why they'd want to replace that.)

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: centos 7 dovecot 2.2.10 segmentation fault on devcot/auth using ldap driver in userdb

[Patrick Ben Koetter]

* Andrea Lisci :
> dovecot 2.2.10 packaged by centos 7
> 
> configuring ldap driver on userdb cause imap crash during login

SELinux enabled?

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Calendar and address book with Dovecot

[Patrick Ben Koetter]

* mimic...@gmail.com :
> What other software (ideally open source, free) do I need in other to have
> Calendar and address book so my users can manage their contact on their
> phones or computer? I have looked at Roundcube already, but my requirement
> is not necessarily to provide web mail.

What comes to mind:

- Horde
- SOGo
- Kolab
- Radicale
- Modoboa (with management for Radicale)




-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Thunderbird supports SPECIAL-USE (Merry x-mas!)

[Patrick Ben Koetter]

I've waited about two years to write this mail... :)

As of Dezember, 24th Mozilla Thunderbird can handle SPECIAL-USE. The patch,
which adds the required functionality, has passed review and TBs nightly build
was successful. The next official Thunderbird release (version 38, release
date 2015-05-19) will very likely ship SPECIAL-USE included. \o/

SPECIAL USE is an IMAP extension. It means less mailbox chaos for admins. But
more than that it means less configuration work and easier orientation for end
users.

If IMAP server and client are capable of SPECIAL-USE [1] the server may tell
the client some of the folders (Inbox, Drafts, Sent, Trash etc.) are reserved
for SPECIAL-USE.

Any client, capable of SPECIAL-USE, may adapts its local folders to the
servers view. It may map e.g. "Sent Items" to "Sent", "Deleted Items" to
"Trassh" etc. pp. All this takes place automatically. No more user
interaction. No more locale problems. 

When all components - server, desktop-, webmail-, and mobile client - can
handle SPECIAL-USE live becomes easier. Clients don't create their own
'special folders'. They understand special folders already exist and adapt. No
more superfluous ambiguous folders. Users will know where their messages have
been stored.

Note: Combined with automx [2] users will only have to enter their
realname, mail address and (optional) password and their client will setup
all the rest automatically.

SPECIAL-USE started as a suggestion to friends at IETF. We sponsored its
implementation in Dovecot [3], when it had become a RFC standard. Then we took
out to bring it to Thunderbird.

This took use longer than expected. The moment we had begun to work on it,
Mozilla withdrew most people from the Thunderbird team and reassigned them to
Firefox OS. Things slowed down significantly and Microsoft Outlook became the
first mail client to adopt SPECIAL-USE. Two years later - together with Ben
Bucksch (Thunderbird developer) - we finally succeeded and it is about time to
close the RFE [4].

Nobody should have to spend more time than required to configure their client.
Everyone should be able to focus on their primary goal - communication via
mail.

We - sys4 and our business partner Becon - sponsored SPECIAL-USE. I hope
SPECIAL-USE will make your and your customers life easier. The patch just
became ready for x-mas. :)


p@rick


P.S.
Unpacking the gift will have to wait until 2015-05-19. ;)


[1] IMAP LIST Extension for Special-Use Mailboxes
<http://tools.ietf.org/rfc/rfc6154.txt>

[2] automx - mail setup made easy!
<https://automx.org/>

[3] Mailbox settings
http://wiki2.dovecot.org/MailboxSettings

[4] Bug 558659 - (RFC6154) Support IMAP LIST SPECIAL-USE (RFC 6154) to
autoconfigure Sent, Trash, Draft folders on IMAP servers
<https://bugzilla.mozilla.org/show_bug.cgi?id=558659>

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Subject tag [Dovecot] is gone

[Patrick Ben Koetter]

Professa,

I suggest to take this discussion to the DKIM mailing list or even better to
DMARC at IETF. Discussing the usefulness of DKIM or DMARC is better done
there.

Until people at IETF come up with a solution for DMARC that works for all
participants most MLs, just like this, are better off avoiding further damage
to mail transport by not adding the list name to the subject and not adding a
footer. Of all available options not to break DMARC, this is still the best -
be it liked or not.

p@rick


* Professa Dementia :
> On 6/9/2014 7:26 PM, Timo Sirainen wrote:
> 
> > The main reason is DKIM, which is starting to be a real problem.
> 
> I have not used DKIM much.  My mail server and client mostly deal with
> SPF.  I have a filter that colorizes messages that have no SPF or a
> missing DKIM or bad DKIM signature.  I *have* noticed that a lot of
> messages from the list get marked in such manner, but it never really
> bothered me and I never thought about it much.  Now I understand why
> that happens (the [Dovecot] identifier in the subject).
> 
> When trying to solve a problem, the first thing is to correctly identify
> the problem.  You cannot solve a problem if you do not even know what it is.
> 
> The underlying problem is to identify and classify emails as ones you
> want and ones you do not want.  This is not easy and involves reading a
> person's mind.  A person may, depending on their mood, classify the same
> email differently at different times, which complicates things.
> 
> DKIM assumes that you can, in many cases, classify emails this way based
> on authenticating the *domain* of the sender.  This has some serious
> flaws in that it does not address this issue, even though it purports to.
> 
> One way to classify an email as "wanted" is if it comes from someone you
> know and want to communicate with.  Signing based on a domain does
> nothing to address this.  If my girlfriend is j...@yahoo.com, I want to
> receive her emails.  That does not means I want to receive all emails
> from the yahoo.com domain.  I do not want someone else to impersonate her.
> 
> If later, we break up and I no longer want to receive her emails, DKIM
> does nothing to help with that, either.  That could be OK if such
> functionality is beyond its scope.
> 
> DKIM erroneously bundles sender authentication with message validation.
>  I want to know that it really was j...@yahoo.com that sent me the
> message and not someone trying to impersonate her.  However, as a
> separate function, I would like to know that the message I received is
> not the one she sent.  These functions should not be integrated.  As it
> is now, if the signature does not verify, I do not know why.  Was the
> sender spoofed?  Was some part of the message modified in some way?  And
> just for the record, I believe that the subject line should conceptually
> be treated as part of the message, along with the date.
> 
> DKIM is too strict.  If I want to present a legal document (email) in
> court, I may want to prove that the document I present to the court is
> exactly as it was when it was sent to me.  However, this is not a common
> occurrence.  The real world is messy and imperfect and often, changes to
> emails are innocuous and legitimate.  Mailing lists are an example of this.
> 
> A mailing list or anti-virus scanner *should* be able to add a footer or
> add a mailing list identifier to the subject line, as long as those
> changes can be marked as later additions that the original sender is not
> accountable for.  An email program should make it clear to the recipient
> which parts are not accountable to the original sender.
> 
> I am not proposing a new standard, simply pointing out that breaking an
> established protocol (by removing the [Dovecot] subject identifier)
> because of a flawed anti-spam system is not in people's best interest.
> 
> Can a spammer spoof messages from the list?  Sure.  Has it happened?
> Not that I am aware of.  Is it a problem?  Not so far.
> 
> So why, then, make people go through all this trouble of setting up new
> filters and rules, mail routing, software upgrades, etc, just to appease
> a standard that is clearly broken?
> 
> Dem

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Heartbleed openssl vulnerability?

[Patrick Ben Koetter]

* John Rowe :
> Do we know if dovecot is vulnerable to the heartbleed SSL problem?

ANY application using the affected OpenSSL versions is vulnerable. That
includes dovecot.

> I'm running dovecot-2.0.9 and openssl-1.01, the latter being
> intrinsically vulnerable. An on-line tool says that my machine is not
> affected on port 993 but it would be nice to know for sure if we were
> vulnerable for a while. (Naturally I've blocked it anyway!).
> 
> Thanks
> 
> John

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] RFE: IMAP LIST Extension for Special-Use Mailboxes

[Patrick Ben Koetter]

* Charles Marcus :
> Sorry for replying to such an old email, but...

Thank you. You just made me feel very old... ;)

> I'm wondering how 'Templates' got left out?
> 
> It is a Special folder in Thunderbird that you can't delete - and it
> is very useful (at least in Thunderbird) as well...
> 
> I tried adding it in my dovecot (2.2.10) config, but it complained
> about an unsupported option...

I searched a few minutes, but couldn't find the link to quote here:
Special-Use Mailbox names need to be registered. IIRC Templates didn't make
it into the first RFC. I am not aware of a discussion that abandoned it
either. Probably, if you gave it a try, you can have it added and Timo will
add it afterwards...

p@rick

> On 2011-03-11 5:31 PM, Patrick Ben Koetter  wrote:
> >A server may, for example, mark a folder as \Sent.
> >
> >Any client that connects to such a server can search for a folder that has
> >been attributed as "Sent".
> >
> >No need to create a new folder "Sent Items" if there's a special folder 
> >marked
> >as \Sent. Same goes for clients that insist on calling it "sent" or 
> >"Gesendete
> >Objekte" or ...
> >
> >The RFC reserves a list of special use folders:
> >
> >\All
> > This mailbox presents all messages in the user's message store.
> > Implementations MAY omit some messages, such as, perhaps, those
> > in \Trash and \Junk.  When this special use is supported, it is
> > almost certain to represent a virtual mailbox.
> >
> >\Archive
> > This mailbox is used to archive messages.  The meaning of an
> > "archival" mailbox is server-dependent; typically, it will be
> > used to get messages out of the inbox, or otherwise keep them
> > out of the user's way, while still making them accessible.
> >
> >\Drafts
> > This mailbox is used to hold draft messages -- typically,
> > messages that are being composed but have not yet been sent.  In
> > some server implementations, this might be a virtual mailbox,
> > containing messages from other mailboxes that are marked with
> > the "\Draft" message flag.  Alternatively, this might just be
> > advice that a client put drafts here.
> >
> >\Flagged
> > This mailbox presents all messages marked in some way as
> > "important".  When this special use is supported, it is likely
> > to represent a virtual mailbox collecting messages (from other
> > mailboxes) that are marked with the "\Flagged" message flag.
> >
> >\Junk
> > This mailbox is where messages deemed to be junk mail are held.
> > Some server implementations might put messages here
> > automatically.  Alternatively, this might just be advice to a
> > client-side spam filter.
> >
> >\Sent
> > This mailbox is used to hold copies of messages that have been
> > sent.  Some server implementations might put messages here
> > automatically.  Alternatively, this might just be advice that a
> > client save sent messages here.
> >
> >\Trash
> > This mailbox is used to hold messages that have been deleted or
> > marked for deletion.  In some server implementations, this might
> > be a virtual mailbox, containing messages from other mailboxes
> 
> 

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] pop3 rate limit

[Patrick Ben Koetter]

* michael :
> On 2013-12-29 02:05, Christian Rößner wrote:
> >Hi,
> >
> >we have customers with Exchange servers that are polling for new mail
> >every minute with dozens of pop3 accounts. I am looking for a
> >mechanism to rate limit this per user. So what I am looking for is a
> >way to block users from polling, if a user asks for new mail more
> >than
> >every 5 minutes (for example).
> >
> >Is this possible? Can this be achieved within Dovecot or does it need
> >external scripting? (I thought about fail2ban, but also want IPv6
> >support)
> >
> >Thanks in advance
> >
> >-Christian Rößner
> 
> See:
> www.policyd.org
> 
> You'll need to use v2.1 to get IPV6 support.

policyd can rate limit dovecot POP3 users?

p@rick


-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Dovecot MTA

[Patrick Ben Koetter]

n.

> - Have very good (and strict?) DNSSEC support. If we know a remote server is 
> supposed to have valid DNSSEC entries, but doesn't, fail to deliver mail 
> entirely?

How would you know? A destination server policy? The only trustful way to
automatically retrieve such a policy would be a DNSSEC query result, which
won't work in this case because that DNSSEC status is what you are looking
for. Sounds like a chicken-and-egg problem to me. :)

That leaves it to local policies noted in e.g. a map. Postfix 2.11 will
support that by expanding its current smtp_tls_policy_maps parameter with the
new 'dane-only' option:

dane-only
Mandatory DANE TLS. The TLS policy for the destination is obtained via
TLSA records in DNSSEC. If no TLSA records are found, or none are
usable, no connection is made to the server. (...)


> - Add a new DNS record that advertises this is a Dovecot MTA (or compatible). 
> If such entry is found (especially when correctness is guaranteed by DNSSEC), 
> the email sender can assume that certain features exist and work correctly. 
> If they don't, it could indicate an attack and the mail sending should be 
> retried later. This DNS record would of course be good to try to standardize.

Is this a variation of DANE? DANE for MUAs? It would be an MUA feature and not
one to implement in the MTA, right?

I like the idea. But given the speed it takes MUA producers to adopt new
standards I doubt we will see such a standard in widely deployed MUAs
(Outlook, Mail, Thunderbird [dying project]) within reasonable time. Besides
the impression I have that vendors are moving to webclients/web app solutions.


> * Configuration: It would take years to implement all of the settings that 
> Postfix has, but I think it's not going to be necessary. In fact I think the 
> number of new settings to dovecot.conf that Dovecot MTA requires would be 
> very minimal. Instead nearly all of the configuration could be done using 
> Sieve scripts. We'd need to implement some new MTA-specific Sieve extensions 
> and a few core features/configurations/databases that the scripts can use, 
> but after that there wouldn't be really any limits to what could be done with 
> them.

I understand the costs to implement features are low. That's good. What are
the costs for admins to learn the new features. To me it seems (writing
'seems' on purpose, because I don't 'know') most of the features you proposed
are policies and not features.

Current MTAs are/will be able to support the functionality required to enforce
the policies you listed. If I am right about all this, then I'd conclude it
would be more useful to create and publish a BCP document and - optionally -
submit that to IETF. IIRC last time I spoke to Alexey he was looking for a BCP
for IMAP.

>  * Try to implement as many existing interfaces as possible (e.g. Milter and 
> various Postfix APIs like policy servers) so that it wouldn’t be necessary to 
> reimplement all the tools and filters.

I would *love* IMAP - especially Dovecot - do adopt these filter APIs on the
IMAP side - connection, session and content filters.

> So perhaps something like this could be done in time for Dovecot v2.4. Any
> thoughts/ideas/suggestions?

From what I have read I am not convinced a Dovecot MTA would implement
anything that takes SMTP itself any further. I see pain, but no gain. ;)

You'd have an additional Dovecot product, which might make sense. But its not
up to me to judge on that.

Personally, I would like Dovecot to add other protocols on top of its message
store. But that's another story out of this discussions scope. :)

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 


signature.asc
Description: Digital signature

Re: [Dovecot] Auto-blocking faulty login attempts

[Patrick Ben Koetter]

* Jos Chrispijn :
> Dear group,
> 
> How can I block login attempts to dovecot after trying 5 times in error?

If you can read German take a look at this:
<http://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/>

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Dovecot security

[Patrick Ben Koetter]

* Jay Khashan :
> Hi,
> 
> THIS IS URGENT 
> 
> I have Debian Linux machine which I installed as a mail server with postfix, 
> and dovecot. my mail server is setup to use SMTP relay. I currently have 
> ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under 
> attack where email is being sent to fake email address for example 
> x...@evg-mail.org which does not exist in the mysql db. 

Show evidence.

>  I need to figure out and lock down dovecot, because I believe the attack is 
> some kind of virus /spyware. I need to know what statement in dovecot.conf or 
> main.cf (postfix) I can modify to lock it down. Also open to install software 
> to combat this kind of attack. Let me know what configuration files, info do 
> you need to help out

At the moment Dovecot can't send mail. Postfix can.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Testing SMTP AUTH

[Patrick Ben Koetter]

* Ajai Khattri :
> On Friday, June 14, 2013, Patrick Ben Koetter wrote:
> >
> >
> > What do you get when you run this:
> >
> > # dovecot -n | grep auth_mechanisms
> 
> 
> I get nothing back so I guess that needs to be configured. I'm using a
> virtual passwd file for POP3/IMAP auth.

Have you read Postfix' SASL_README? It should tell you what needs to be done
on Postfix and Dovecot side.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Testing SMTP AUTH

[Patrick Ben Koetter]

* Ajai Khattri :
> Ive configured Postfix to use Dovecot for SMTP AUTH.
> 
> I tried to test it but when I send the AUTH LOGIN command I get a response
> saying that AUTH method is not supported/implemented. How to test then?

What do you get when you run this:

# dovecot -n | grep auth_mechanisms

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1.

[Patrick Ben Koetter]

* Stephan Bosch :
> On 5/10/2013 3:02 PM, Patrick Ben Koetter wrote:
> >* Stephan Bosch :
> >>But I don't quite understand how this is different from XCLIENT,
> >>apart from the SOURCE and IDENT items perhaps.
> >XCLIENT impersonates a client and the SMTP server will act as if the XCLIENT
> >was the real client, e.g. it will apply ACLs and other policies to the 
> >XCLIENT
> >personality.
> >
> >XFORWARD will not alter the SMTP server behaviour. The client and message 
> >data
> >from XFORWARD will only be used for logging purposes.
> 
> Ah.
> 
> One question: what should I do when the server allows both of these?
> Or is that impossible?

It is possible to offer both capabilities and I think the goal defines if you
should impersonate another client or merely forward client meta data.

p@rick


-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1.

[Patrick Ben Koetter]

* Stephan Bosch :
> On 5/10/2013 2:20 PM, Patrick Ben Koetter wrote:
> >* Stephan Bosch :
> >>What is XFORWARD good for? It looks very similar, but focused on
> >>dealing with mail filter intermediaries. I don't think this applies
> >>here.
> >It forwards the META data for logging purposes and is useful to create
> >consistent logging.
> 
> I understood as much from:
> 
> http://www.postfix.org/XFORWARD_README.html
> 
> But I don't quite understand how this is different from XCLIENT,
> apart from the SOURCE and IDENT items perhaps.

XCLIENT impersonates a client and the SMTP server will act as if the XCLIENT
was the real client, e.g. it will apply ACLs and other policies to the XCLIENT
personality.

XFORWARD will not alter the SMTP server behaviour. The client and message data
from XFORWARD will only be used for logging purposes.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Released Pigeonhole v0.4.0 for Dovecot v2.2.1.

[Patrick Ben Koetter]

* Stephan Bosch :
> On 5/10/2013 12:12 PM, Christian Rohmann wrote:
> >Hey Stephan,
> >
> >On 05/09/2013 11:23 PM, Stephan Bosch wrote:
> >>It basically acts as a front-end to your normal MTA. First of all, it
> >>provides a convenient way to add SMTP AUTH support to any MTA. But the
> >>main goal for this project is to implement an SMTP submission server
> >>with full support for the LEMONADE profile
> >>(https://tools.ietf.org/html/rfc4550). It acts as a proxy server, so it
> >>doesn't queue anything; once the client sees a success reply for the
> >>message submission, it is already accepted in the actual MTA queue.
> >
> >I have one remark and one question:
> >
> >Remark: Don't forget XCLIENT / XFORWARD support to help the "real"
> >MTA understand who it's really talking to.
> 
> XCLIENT is already implemented. But, afaik, this is only supported
> by Postfix. I also noticed a problem with XCLIENT LOGIN=.
> Even when that is specified, Postfix doesn't allow relaying for a
> client authenticated through Dovecot submission. I am still not sure
> what I am messing up there (I did configure
> smtp_recipient_restrictions correctly I believe).
> 
> What is XFORWARD good for? It looks very similar, but focused on
> dealing with mail filter intermediaries. I don't think this applies
> here.

It forwards the META data for logging purposes and is useful to create
consistent logging.

p@rick 

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: [Dovecot] Upgrading 1.2 to 2.x

[Patrick Ben Koetter]

Simon,

* Simon Brereton :
> I'm about to upgrade to 2.1.7 in my test environment, but  "doveconf
> -n -c dovecot.1.conf > dovecot.2.conf" is producing a blank file, so I
> am unsure how to proceed.  I know a lot has changed between them, so I
> don't really want to have to start from scratch unless I have to.

unless you have spent hours tweaking your config, setting up Dovecot 2.x
should be fairly easy. If your old config isn't too complex I wouldn't waste
time discussing this problem, but move on to create it from scratch in 2.x.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] Best practice for sieve script synchronization

[Patrick Ben Koetter]

* Oli Schacher :
> We consider deploying a two server active-active setup with
> dsync replication for ~2500 users. 

When? Dovecot 2.2 will have a much improved dsync protocol, allowing for sieve
replication. IIRC the functionality isn't there yet, but I guess you can
either build your own logic or pay Timo to add it to dync.

p@rick

> -- 
> This message does not contain horse meat

THAT made my day. :D


-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] Sieve also filter outgoing messages

[Patrick Ben Koetter]

* Steffen Kaiser :
> On Wed, 6 Feb 2013, Robert Schetterer wrote:
> 
> > Am 06.02.2013 14:53, schrieb Reindl Harald:
> >> Am 06.02.2013 14:36, schrieb Marcio Merlone:
> >>> A probably simple question and answer: can a sieve script be executed on 
> >>> outgoing messages? I already use deliver
> >>> on postfix, perhaps the sieve script could be executed when saving to the 
> >>> Sent folder?

Barry (Leiba) wrote <http://tools.ietf.org/rfc/rfc6785.txt>. AFAIK it awaits
further discussion. 

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: [Dovecot] Per user special-use folder names

[Patrick Ben Koetter]

* Radek Novotný :
> Hi all,
> 
> let me ask a question, please. Is it possible in dovecot to set up
> per user special-use folder names?
> 
> Imagine situation with two users where first prefere another
> language that second.

You don't need per-user folder SPECIAL-USE names, because the client must take
care of the correct mapping.

If the client runs in an German environment it might mount the "special_use =
\Sent" mailbox as "Gesendete Objekte" and if it is Czechian it might call it
"Odeslaná pošta".

That's part of what makes SPECIAL-USE so sexy. It is language independent.
All it does is say "This mailbox is reserved for that particular usage." How
you call it, is up to you (client).

p@rick



> 
> mailbox Sent {
> special_use = \Sent
> }
> 
> for english speaking users and
> 
> mailbox "Odeslaná pošta" {
> special_use = \Sent
> }
> 
> for czech speaking users.
> 
> 
> 
> Thanks for your answers. Radek

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] [OT] GNUTLS (was: Re: Dovecot SASL Client support?)

[Patrick Ben Koetter]

* Aleksandar Lazic :
> 
> Am 09-01-2013 11:36, schrieb Markus Schönhaber:
> >09.01.2013 09:52, Patrick Ben Koetter:
> >
> >>If it is as good as GNUTLS, I'd rather stick with Cyrus SASL.
> >
> >Out of curiosity: what's so bad with GNUTLS?
> 
> +1
> 
> I thought the same, you was faster for the question.

We've been hunting down interoperability problems on Debian/Ubuntu plattforms
ever since Debian switched to GNUTLS. OpenLDAP, Postfix, Dovecot... you name
it. We ended up rebuilding the packages with OpenSSL support.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: [Dovecot] Dovecot SASL Client support?

[Patrick Ben Koetter]

* Timo Sirainen :
> Then there's the whole other question of whether that client side SASL code
> could be exported to a separate library, possibly even API compatible with
> Cyrus SASL. I think that's unlikely to happen, especially because the code
> most likely would require libdovecot.so, which isn't really meant to be
> linked against non-Dovecot software. Probably an easier way to get rid of
> Cyrus SASL client code would be to move to GNU SASL.

My two cent:
If it is as good as GNUTLS, I'd rather stick with Cyrus SASL.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: [Dovecot] Dovecot SASL Client support?

[Patrick Ben Koetter]

* Ed W :
> Hi
> 
> >At the moment Dovecot does not implement an SMTP/LMTP client. This might
> >change, when Timo decides to implement all of the LEMONADE feature, which at
> >some point require the IMAP server to edit and send messages on behalf of a
> >(mobile) client. Timo will shed more light on his plans.
> 
> Are you thinking about burl smtp?

Yes, I am.

> Someone from Apple implemented this for postfix some years back, but
> it doesn't seem to have made it into mainline (I think through
> oversight and Apple not pushing a second time though...)

IIRC Wietse didn't want to implement it (at that time).

> It will need client support, but my design would be something like
> an IMAP extension which works something like "SMTP *this* specific
> message using these login details and these sender/recipient
> details".

Many mobile provides would support it, because it would help them to solve
bandwidth and battery problems. They do all kinds of tricks to save energy
e.g. send silent (hidden) SMS to notify of incoming mail instead of IDLEing,
because IDLE costs much more battery power.


> That way the mail client can completely generate the mail using any
> IMAP tricks at it's disposal to minimise traffic, once the mail is
> generated and in some location, eg Sent, Drafts or INBOX as per your
> preference, then finally instructing the server to push it into the
> normal SMTP system (for bonus marks it could forward the clients IP
> using X-FORWARDED-FOR so that the SMTP can make decisions based on
> IP address).  This design gives you all the benefits of keeping the
> SMTP system, minimises traffic, allows for storing Sent Items or not
> as per your preference and avoids the use of magic folders.  Now all
> we need is client support...

I know.

> Note there is a feature of Courier which does something similar, but
> it uses magic folders (ideally we want to be able to smtp any
> message in any folder in order that we can easily implement our
> preferred storage policies)
> http://www.courier-mta.org/imap/INSTALL.html#imapsend

Yep. But that doesn't save bandwith etc. Anyway, we are moving OT. I'm out.
:)

p@rick


-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] Dovecot SASL Client support?

[Patrick Ben Koetter]

* /dev/rob0 :
> On Tue, Jan 08, 2013 at 08:59:09AM -0500, Charles Marcus wrote:
> > So that postfix can use dovecot-sasl for remotely authenticating
> > against another SMTP server, ie, for secure relays...
> 
> I don't think this makes sense for Dovecot to implement -- maybe 
> P@rick and/or Timo will correct this if I am wrong.

That's a difficult subject, because I am not the author of Dovecot. So
whatever I say, Timo definitely has the last word on this. But since you
invited me, here are my thoughts:

At the moment Dovecot does not implement an SMTP/LMTP client. This might
change, when Timo decides to implement all of the LEMONADE feature, which at
some point require the IMAP server to edit and send messages on behalf of a
(mobile) client. Timo will shed more light on his plans.

IF that part will be implemented it MAY make sense to add the AUTH capability
to the SMTP/LMTP client, because the receiving SMTP/LMTP server MAY require
it.

IF at that point Dovecot becomes capable to AUTH on the client side, it MAY
share that capability with another program e.g. Postfix.

At the moment Postfix uses a simple IF/THEN mechanism, which is configured in
two columns in and provided via smtp_sasl_password_maps:

IF HOST THEN IDENTITY

If Postfix were to use Dovecot as AUTH service it would have to query Dovecot
for every hosts it contacts. Dovecot would have to know when Postfix would
have to use AUTH, it would have to choose the apropriate SASL mechanism and it
would have to guide Postfix through the mechanisms steps including handing
over the identity when required.

All this to solve a problem that already has been solved.

My personal opinion/preference is:

Use Cyrus SASL when you need SMTP AUTH on a Boundary Server, a Relay or if you
need SASL on the client side.

Use Dovecot SASL if your mail service offers SMTP and also POP/IMAP on the
same system and/or if you combine more roles (mail server, Boundary Server,
Relay, Gateway etc.).


> Server SASL is a natural offshoot of an imapd, because the same 
> credentials are used, and just as with an IMAP client, the imapd 
> merely has to validate the credentials.
> 
> Client SASL is different. The credentials are not necessarily in use 
> by the imapd otherwise, and the job of the client SASL library is to 
> generate the authentication, not to validate it.

recognize, choose and generate.

> I don't expect to see Dovecot providing client SASL.

Neither do I, but it's not upon me to tell. :)


p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] dovecot and avahi

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 01.01.2013 20:08, schrieb Patrick Ben Koetter:
> > * Robert Moskowitz :
> >>
> >> On 01/01/2013 01:39 PM, Patrick Ben Koetter wrote:
> >>> * Tom Hendrikx :
> >>>> On 01-01-13 18:01, Ben Morrow wrote:
> >>>>> At  5PM +0100 on  1/01/13 you (Tom Hendrikx) wrote:
> >>>>>> If you want to advertise your mail config for easy setup over the
> >>>>>> internet, take a look at: http://www.automx.org/
> >>>>> I thought most gooey mail clients supported RFC 6186 nowadays?
> >>>>>
> >>>>> Ben
> >>>>>
> >>>> As you can see from their docs, it supports a lot more than what you can
> >>>> put in SRV DNS records AFAIK. I don't use either of the solutions
> >>>> actively, and don't support any client setups so I don't really know
> >>>> what is currently available in clients, and needed or superior on server
> >>>> side.
> >>> automx combines Mozillas autoconfig service and Microsofts autodiscover
> >>> service in one tool. With automx you can provision SMTP/POP/IMAP and
> >>> ActiveSync account settings (but not the services themselves).
> >>>
> >>> Microsoft Outlook 2007+, Thunderbird 3+, Microsoft Mobiles and other 
> >>> mobiles
> >>> known to support ActiveSync can make use of the automx webservice.
> 
> typo not "activesync" they do autoconfig

Robert is wrong. automx can provision activesync accounts.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] dovecot and avahi

[Patrick Ben Koetter]

* Robert Moskowitz :
> 
> On 01/01/2013 01:39 PM, Patrick Ben Koetter wrote:
> >* Tom Hendrikx :
> >>On 01-01-13 18:01, Ben Morrow wrote:
> >>>At  5PM +0100 on  1/01/13 you (Tom Hendrikx) wrote:
> >>>>If you want to advertise your mail config for easy setup over the
> >>>>internet, take a look at: http://www.automx.org/
> >>>I thought most gooey mail clients supported RFC 6186 nowadays?
> >>>
> >>>Ben
> >>>
> >>As you can see from their docs, it supports a lot more than what you can
> >>put in SRV DNS records AFAIK. I don't use either of the solutions
> >>actively, and don't support any client setups so I don't really know
> >>what is currently available in clients, and needed or superior on server
> >>side.
> >automx combines Mozillas autoconfig service and Microsofts autodiscover
> >service in one tool. With automx you can provision SMTP/POP/IMAP and
> >ActiveSync account settings (but not the services themselves).
> >
> >Microsoft Outlook 2007+, Thunderbird 3+, Microsoft Mobiles and other mobiles
> >known to support ActiveSync can make use of the automx webservice.
> >
> >Apple products do not support either MS' or MZ's provisioning services. AFAIK
> >the only way to configure these clients is to store an XML file at a 
> >dedicated
> >location in advance, use the Apple Configurator or go the real hard way and
> >use Mobile Device Management (MDM) services.
> >
> >The aforementioned RFC 6186 has shortcommings compared to
> >autodiscover/autoconfig-services: You can tell the service location (URI) and
> >port, but you can't specify transport policies (plaintext, SSL, STARTTLS),
> >authentication mechanisms etc. I would not want to use it in a business
> >environment.
> 
> thank you very much for this analysis. SRV records were only
> intented to find the services that would then set up the policies.
> There is considerable pushback on using DNS for a general purpose
> database.  I had to fight for my HIP DNS RRs for holding just Host
> Identities.
> 
> I see that it can use SQL for some information handling.  Does it
> work with the sql tables managed by postfixadmin?

We - Christian and I - haven't tried, but I am sure it will, because you are
free to define any SQL query you want in automx to get what you want from
postfixadmin.

You may also use Modoboa to manage the mailboxes. Antoine just ran a blog
article on using automx with it:
<http://modoboa.org/en/weblog/2012/12/16/make-users-life-easier-with-automx/>

p@rick




> 
> 

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] dovecot and avahi

[Patrick Ben Koetter]

* Tom Hendrikx :
> On 01-01-13 18:01, Ben Morrow wrote:
> > At  5PM +0100 on  1/01/13 you (Tom Hendrikx) wrote:
> >>
> >> If you want to advertise your mail config for easy setup over the
> >> internet, take a look at: http://www.automx.org/
> > 
> > I thought most gooey mail clients supported RFC 6186 nowadays?
> > 
> > Ben
> > 
> 
> As you can see from their docs, it supports a lot more than what you can
> put in SRV DNS records AFAIK. I don't use either of the solutions
> actively, and don't support any client setups so I don't really know
> what is currently available in clients, and needed or superior on server
> side.

automx combines Mozillas autoconfig service and Microsofts autodiscover
service in one tool. With automx you can provision SMTP/POP/IMAP and
ActiveSync account settings (but not the services themselves).

Microsoft Outlook 2007+, Thunderbird 3+, Microsoft Mobiles and other mobiles
known to support ActiveSync can make use of the automx webservice.

Apple products do not support either MS' or MZ's provisioning services. AFAIK
the only way to configure these clients is to store an XML file at a dedicated
location in advance, use the Apple Configurator or go the real hard way and
use Mobile Device Management (MDM) services.

The aforementioned RFC 6186 has shortcommings compared to
autodiscover/autoconfig-services: You can tell the service location (URI) and
port, but you can't specify transport policies (plaintext, SSL, STARTTLS),
authentication mechanisms etc. I would not want to use it in a business
environment.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

[Dovecot] Dovecot G+ community

[Patrick Ben Koetter]

For those who own a G+ account and don't mind seeing colors in a browser once
in a while instead of staring at a black/white terminal all day long, join the

Dovecot G+ community
<https://plus.google.com/communities/112967413753095884716>

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] [OT] MS Exchange Alternative?

[Patrick Ben Koetter]

* Charles Marcus :
> On 2012-12-04 9:20 AM, Jakob Curdes  wrote:
> >Am 04.12.2012 15:15, schrieb Marc Perkel:
> >>Just wondering if there's an open source Linux alternative to MS
> >>Exchange so that all the features of outlook work?
> >Did you have a look at zarafa? Most part of it is open source; the
> >outlook connector ist closed source however and requires a license
> >fee for more than three clients.
> >It uses MAPI to connect to Outlook, unlike many other solutions
> >that do calendar syncs etc. via the ActiveSync protocol. Zarafa is
> >a completely different thing than dovecot, however; it stores all
> >mails in a MySQL database.
> 
> So does SOGo, no plugin required for Outlook. There is an extension
> for Thunderbird+Lightning, and it also supports most every mobile
> client out there and it uses Dovecot for the IMAP server *now*,
> and also includes OpenChange and Samba4. It is also supposed to be
> *very* lightweight, and can integrate with most any other backend
> you may be using. We currently use PostfixAdmin for managing email
> users, and we'll be able to happily keep using it for as long as we
> want after the migration.

We've used SOGo for the last three years and we deployed it at various
locations - starting from 3 up to 30.000 users. SOGo is stable, the company
behind SOGo knows what they are doing.

If you plan to migrate a SIEVE configuration you need scripting skills or you
will end up adding them all by hand. SOGo currently stores SIEVE rules in its
database and writes them into a .sieve on request. It's a one way road. That
is actually the onle downside I can think of.

> We will be migrating to SOGo (using Thunderbird+Lightning+Google
> Calendar now) very soon, and we are fully expecting to leverage the
> fact that SOGo includes Samba4 in the future, so that when the time
> comes for another Microsoft Server Upgrade, we will instead
> 'upgrade' to Samba4, and demote our older 2008R2 servers to member
> servers - if we keep them around at all.

+1

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] Android ICS stock client and IMAP Capability issue.

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 08.11.2012 01:18, schrieb Massimiliano Cianelli:
> > Yes, different teams, but I think Google is still a lot more reasonable
> >>company to deal with things like this than Microsoft. Although
> >>surprisingly even Microsoft appears to support SPECIAL-USE in the next
> >>Outlook(?) client.
> 
> yeah it works, but they had bugged it for my last tests,
> mail in sent folder ( which is corect in use by  SPECIAL-USE )
> always stay unread, seems they have had design problems using now a
> standard outgoing folder, however there is a bug report about that
> and they anounced to fix it, but it isnt in my last tests after the last
> upgrade, if they dont fix it you cant use the sent folder via imap in a
> handy way , and you have to disable the feature in total ( this point
> was changed also ), and need to set this function via filter wizard like
> long time ago outlook versions needed it

We could work around this with a SIEVE rule that marks the message 'read' when
it is put into the Sent folder, couldn't we?

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: [Dovecot] Android ICS stock client and IMAP Capability issue.

[Patrick Ben Koetter]

* Timo Sirainen :
> Yes, different teams, but I think Google is still a lot more reasonable 
> company to deal with things like this than Microsoft. Although surprisingly 
> even Microsoft appears to support SPECIAL-USE in the next Outlook(?) client.

confirmed.

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 

Re: [Dovecot] Outlook 2013 imap specialuse RFC6154 XLIST

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 05.09.2012 08:14, schrieb Patrick Ben Koetter:
> > Try this:
> > 
> > mailbox "Gesendete Objekte" {
> > special_use = \Sent
> > auto=subscribe
> > }
> 
> i will do when Outlook 2013 in german got released
> > 
> > AFAIK the English version should automagically map itself to that folder.
> 
> agree ,it should
> 
> > 
> > p@rick
> 
> thunderbirds status about xlist etc can be seen here
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=558659
> 
> looks like , its on the road, from pure tec side
> no idea if and when it will go released

It is implemented. We had to adapt a few extra functions to deal with 64 bit
stuff. Currently it is not being pushed further because of the uncertainty of
TBs future. Once it will become clear how new features will be released we
will spend the rest of money and time to ship the feature. For now I will not
spend a single more Euro.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Outlook 2013 imap specialuse RFC6154 XLIST

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 04.09.2012 10:30, schrieb Robert Schetterer:
> > Hi, perhaps somebody wants to this
> > 
> > --snip
> > Microsoft® Outlook® 2013 Preview
> > Outlook 2013 Preview implements the IMAP LIST extension specified in
> > [RFC6154] as the XLIST command.
> > ---snip
> > 
> > taken out of [MS-STANOIMAP].pdf
> > 
> > which zip you may download here
> > 
> > http://msdn.microsoft.com/en-us/library/ee157124%28v=exchg.80%29
> > 
> 
> just for info, by small testing
> Outlook 2013 preview imap specialuse is working with dovecot
> at minimum for Trash and Sent
> 
> i have set this
> 
> mailbox Sent {
> special_use = \Sent
> auto=subscribe
>  }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }

Why did you set the \Sent folder twice? Setting it once should suffice.


> the preview is only in english or spanish
> so dont know if it will work with other languages then english, lets hope so

Try this:

mailbox "Gesendete Objekte" {
special_use = \Sent
auto=subscribe
}

AFAIK the English version should automagically map itself to that folder.

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Special Folder Mocking

[Patrick Ben Koetter]

Eddy,

* Eddy Ilg|univation :
> Dear Dovecot List,
> 
> 
> probably everyone knows the problem that different clients use
> different names for "Sent", "Trash" and so on.
> 
> A simple question:
> Isn't it possible to advertise one imap folder with different names,
> depending on the client?
> E.g. if the client is Outlook, show the "Sent" folder as "Sent
> Elements" (translated from german) and if the client is Thunderbird,
> show the "Sent" folder as "Sent"?

the answer is the IMAP extension "SPECIAL USE".

We sponsored SPECIAL USE in Dovecot and in Thunderbird. Timo implemented it in
Dovecot autumn 2011 and Ben Bucksch added SPECIAL USE support in Mozilla
shortly after. Sadly Mozilla has decided to turn Thunderbird down - i.e. hand
it over to some 'community' - and I am not sure our contribution it will be
released as Mozilla claims they will not add any new features anymore.

IF they would you could tell Dovecot to name the SPECIAL USE folders like
Outlook expects them and Thunderbird to map its folder on top.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] v2.2 status update: IMAP NOTIFY extension and more

[Patrick Ben Koetter]

* Timo Sirainen :
> I'm also considering implementing an SMTP submission server, which works
> only as a proxy to the real SMTP server. The benefits of it would mainly
> be:
> 
>  * It could support BURL command and other extensions required by
> LEMONADE. The real SMTP server would see only regular DATA commands.
>  * Would make SMTP AUTH easy to implement regardless of what the real
> SMTP server is.

Nice move! Especially since I recall Wietse being not very inclined to
implement anything alike.

p@rick



-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] what best for anti-spam filter?

[Patrick Ben Koetter]

People,

this is a mailing list dedicated to Dovecot and the protocols POP, IMAP and
MANAGESIEVE with the one or the other detour to storage.

Greylisting and other Anti-Spam techniques, as discussed in this thread,
truely are off-topic. Please take discussion offlist or to another list that
deals with such stuff.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] what best for anti-spam filter?

[Patrick Ben Koetter]

* fy :
> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is
> best ?

The best goes like this:

1. Decide if the SMTP client should be allowed to connect to the server
2. Decide if the client should be allowed to send the message
3. Decide if the message should be allowed to reach the recipient

For 1 use e.g. 'postscreen' in Postfix.
For 2 use SMTP session filters e.g. smtpd_..._restrictions in Postfix
For 3 use a combination of content filters like SpamAssassin, ClamAV etc. In
case you need to build some content policies e.g. "recipient A may receive
message, messages should never be spam filtered for B and C ..." around the
filters use amavisd-new, the content filter framework. It also brings features
to manage filtered content e.g. quarantine, copy etc.

p@rick



-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Preferred LDAP Attribute for home/mail location

[Patrick Ben Koetter]

* Edgar Fuß :
> Is there, among the dovocot community, any preferred LDAP schema and
> attribute to use for setting the home/mail storage location?

There are many. Here's another one:




-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Hardware infrastructure for email system

[Patrick Ben Koetter]

Michael,

* Michael Wessel :
> I'm currently (re-)planning my email setup and have been doing some
> research. I have done some searches and read several threads in the
> areas of my questions here. While there are some that come close I
> haven't yet been able to get all my questions answered.
> 
> I currently run a postfix, dovecot & roundcube setup and have about
> 2000 active accounts. I have a separate SMTP server for outbound
> mail and auth is done against a separate LDAP server. In front of
> the POP/IMAP server I have another SMTP (4 in parallel actually)
> server that receives and filters inbound mail through a company
> specific, proprietary filter before the mail hits the POP/IMAP
> server. LDAP & SMTP servers are ESXi VMs.

Do people use 'real' mail clients to connect and IDLE too?


> So right now both dovecot and roundcube run on the same box which is
> a Dell PE2950 with dual quad-core Xeon, 16GB RAM and 6 1TB disks in
> RAID 6, so only local storage using maildir.  So far it's been
> holding up fine, but it's beginning to show signs of overload now. I
> also expect an increase in users over the next few months up to
> somewhere between 10 - 20,000 mail boxes. Hence the re-planning.
> 
> My first priority in redesigning my setup is reliability. I
> definitely need something fail-save and as close to always on as
> possible. Next is performance. And while the budget is of course
> limited for the moment I'm setting that aside and will worry about
> that when the time comes.
> 
> Now here is my question(s):
> 
> In order to support up to 20,000 mailboxes (distributed over several
> times-zones so they won't all be used at the same time) with a very
> reliable service with good performance, what do I actually need?
> 
> Do I need(ul) SAN or is it just a "would be nice to have"? If yes,
> why and what would be appropriate for my needs? Or will a setup with
> a few more servers like the ones I already have, using something
> like DRBD and distributing services (imap, http, spamd etc) onto
> different boxes do?

Will the server enforce quota? 

What will be the average mailbox size?

Do people share content e.g. mailings with attachments that go out to all
recipients? 

What might be the maximum number of clients using the server at one time?

Will all users use the same client product e.g. roundcube?

What's your backup strategy? What do you use to backup mailboxes?

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] how to use new style namespace for INBOX

[Patrick Ben Koetter]

* ml :
> dear honorable doctor timo
> 
> reading the list I saw appear a new style for the "writing of INBOX".
> namely this example
> 
> mailbox Drafts {
>   special_use = \Drafts
> }
> mailbox Junk {
>   special_use = \Junk
> }
> mailbox Sent {
>   special_use = \Sent
> }
> mailbox "Sent Messages" {
>   special_use = \Sent
> }
> mailbox Trash {
>   special_use = \Trash
> }
> prefix =


This 'new' type of writing defines mailboxes for SPECIAL-USE as defined in
http://tools.ietf.org/rfc/rfc6154.txt.

> I do not know how to use it can you help me now is my config

If your mail clients support it, they will automatically map their mailboxes
for Sent, Junk, Trash, Drafts etc. to whatever mailbox you have assigned the
respective $special_use option to.

If they don't nothing will change.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563



signature.asc
Description: Digital signature

Re: [Dovecot] Import from Evolution

[Patrick Ben Koetter]

* Jonathan Ryshpan :
> On Sat, 2012-06-16 at 22:16 +0200, Patrick Ben Koetter wrote:
> > * Jonathan Ryshpan :
> > > I need to import the mail database generated by the evolution mail
> > > reader into dovecot.  Evolution stores its mail in maildir format (fully
> > > standards compatible, I think); I would be using the maildir format in
> > > dovecot.  Is there anything in the wiki, etc. explaining exactly how to 
> > > do this?
> > > 
> > > Why do this?  Evolution is hopelessly broken, and is not likely to be 
> > > fixed in the forseeable future, and I would like to keep my mails in
> > > maildir form.  Reviews of kmail are very bad, and thunderbird uses the
> > > mbox format for storage.
> > 
> > If it is native maildir you can configure that/your account to use maildir 
> > and
> > simply copy your mailbox over to Dovecot. When Dovecot accesses the mailbox 
> > it
> > will create the necessary index files and you are ready to use it.
> 
> Sounds good.  
> 
> I'm sure than when you write "mailbox", you mean the folders (and not
> the index files) in the evolution mail database, located at

Yes, I mean the folders and not the index files

> ~/.local/share/evolution/mail/local and whose contents start:
> $ ls -lA
> ..#evolution.Junk.cmeta.jango.ibex.index.data
> ..#evolution.Trash.cmeta   .jfour/
> ..cmeta.jfour.cmeta
> ..maildir++.jfour.ibex.index
> .Drafts/   .jfour.ibex.index.data
> .Drafts.cmeta  .joer/
> .Outbox/   .joer.cmeta
> .Outbox.cmeta  .joyce/
> <...>
> and not $MAIL, i.e. /var/spool/mail/jonrysh, where mail arrives on the
> system (via fetchmail and local sendmail).  

I don't mean $MAIL.


> Please excuse me for double checking; evolution has archived 218,886
> messages in 132 folders, and I want to avoid trouble if possible.

I am a friend of double checking. :)

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Import from Evolution

[Patrick Ben Koetter]

* Jonathan Ryshpan :
> I need to import the mail database generated by the evolution mail
> reader into dovecot.  Evolution stores its mail in maildir format (fully
> standards compatible, I think); I would be using the maildir format in
> dovecot.  Is there anything in the wiki, etc. explaining exactly how to 
> do this?
> 
> Why do this?  Evolution is hopelessly broken, and is not likely to be 
> fixed in the forseeable future, and I would like to keep my mails in
> maildir form.  Reviews of kmail are very bad, and thunderbird uses the
> mbox format for storage.

If it is native maildir you can configure that/your account to use maildir and
simply copy your mailbox over to Dovecot. When Dovecot accesses the mailbox it
will create the necessary index files and you are ready to use it.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] dovecot stats: useful data to gather

[Patrick Ben Koetter]

* Timo Sirainen :
> On 1.6.2012, at 23.58, Patrick Ben Koetter wrote:
> 
> > Besides pulling together all the data we also think it would be useful to 
> > have
> > an SNMP interface to access the stats.
> 
> I had thought about SNMP before also, but for the current kind of stats that
> are exported I couldn't think of any reasonable way to export them.

I am not an expert on SNMP, others in my office are, but as I understand it
there's no need for Dovecot to export the data. AFAIK Dovecot would have to
offer a subagent, which could be queried by a SNMP server.

If we need more knowledge on SNMP I can ask my folks on the team to give some
guidance. For the moment I found this:
<http://net-snmp.sourceforge.net/wiki/index.php/TUT:Writing_a_Subagent>

> > Here are the stats we believe to be useful:
> > 
> > Login/Logout
> > - total number login success/time
> > - total number login failure/time
> ..
> 
> I'll look at these later in more detail, but some important questions / 
> design decisions:
> 
> Currently stats process only remembers things after Dovecot was started. I
> don't think getting these kind of numbers would really work like that.
> Perhaps all of the statistics should be permanently dumped to disk every
> ~minute or so + at shutdown and loaded at startup, so the numbers would at
> least normally always just increase since the first time Dovecot was
> started?

ACK. My understanding is: Statistical data are moments in time. The
application provides these snapshots. It is up to other protocols (e.g. SNMP)
and software (e.g. RRD) to gather and create time series and also to relate
data to each other in order to come up with ratios, timelines etc.

This might be a good opportunity to check out Howard's MDB database (in order
to get around potential future law suits concerning BDB usage ...).
<http://highlandsun.com/hyc/mdb/>


> > Mailbox state
> > - Inflow rate (number incoming messages/time)
> > - Deleted rate (number \Deleted flagged messages/time)
> 
> These operations/time type of things I had hoped to be able to externalize
> :) If stats process simply gives the raw stats, the reader could do this
> kind of summing up. Otherwise .. well, I guess it could maybe keep track of
> the current ops/ and the reader would then have to read the
> value about once a minute or half or something. It wouldn't give exact
> results though.

ACK. I'd externalize them too. So dump the /time aspect and only give raw data
at moment of query.


> > Performance
> > - minimum time to write a message
> > - maximum time to write a message
> > - average time to write a message
> 
> Within last .. day? hour? minute? ..

Concerning "message write time": the time the last message had to be written.

In general the stats update interval should be configurable in order to adapt
it to the overall system performance. Makes no sense to bring down the server
by gathering stats every nano second unless one likes self-induced DOS. ;)

It would probably be a useful strategy to update internal data on every event
and answer SNMP queries from memory but write the data to disc every once in a
while to have them when the server restarts. Besides that I don't see a use
case for sharing such data between processes such as exporting them to
memcache or anything alike. Do you?

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

[Dovecot] dovecot stats: useful data to gather

[Patrick Ben Koetter]

Timo,

following our discussion on dovecot stats at the LinuxTag 2012 my team and I
sat down and put together a list of stat items we think to be useful in daily
dovecot usage.

Besides pulling together all the data we also think it would be useful to have
an SNMP interface to access the stats. Our offer to create and contribute a
standalone web interface for dovecot stats stands.

Here are the stats we believe to be useful:

Login/Logout
- total number login success/time
- total number login failure/time
- total number per authentication mechanism
- total number plain sessions
- total number STARTTLS sessions
- total number of currently connected users (pop3/pop3s/imap/imaps/managesieve)
- login names of connected users (not really stats, but great for actions
  regarding those uses e.g. force logout)
- total number logout commands/time
- total number BYE responses (autologout)

Mailbox state
- Inflow rate (number incoming messages/time)
- Deleted rate (number \Deleted flagged messages/time)
- Expunge rate (number Expunge operations/time)
- total number current messages mailboxes normal storage
- total number current messages mailboxes alt storage
- total number read messages mailboxes normal storage
- total number read messages mailboxes alt storage
- per user number current messages mailboxes normal storage
- per user number current messages mailboxes alt storage
- per user number read messages mailboxes normal storage
- per user number read messages mailboxes alt storage

Mailbox Quota
- total number persons under soft-quota per quota
- total number persons above or equal soft-quota per quota
- total number persons above or equal hard-quota per quota

Performance
- minimum time to write a message
- maximum time to write a message
- average time to write a message
- minimum time to modify a message
- maximum time to modify a message
- average time to modify a message
- minimum time to delete a message
- maximum time to delete a message
- average time to delete a message
- minimum time search operations
- maximum time search operations
- average time search operations

Regards,

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Getting Postfix Admin's DB to work with Postfix's/Dovecot's MySQL DB

[Patrick Ben Koetter]

* Antoine Nguyen :
> You can take a look at Modoboa (http://modoboa.org/). It includes a web
> user interface to create users and a simple webmail.

The upcoming 0.9 release will have great UI improvements over previous
versions.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP STARTTLS Problem

[Patrick Ben Koetter]

* Markus Fritz :
> Am 07.05.2012 09:56, schrieb Patrick Ben Koetter:
> >* Markus Fritz:
> >>Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
> >>>* mar...@opsys.de:
> >>>>Yep, I set the rights for the cert in Thunderbird. With this CERT
> >>>>SSL is working in Thunderbird but not with STARTTLS.
> >>>>
> >>>>4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1
> >>>>BAD TLS not available due to temporary reason
> >>>Your server responds it has a temporary problem. Set the server verbose to 
> >>>get
> >>>more useful log output.
> >>>
> >>Now I got this:
> >>May  6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth
> >>attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read()
> >>failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> >>unknown ca
> >>
> >>What have I to do now? The cert is signed by myself.
> >You need to import your CAs certificate into TB.
> >
> >p@rick
> >
> 
> I imported the .pem public file, it's there and I set the trust
> status in Thunderbird. It still won't work.
> Screenshot: http://snpr.cm/hLClYx.png

This looks like your server certificate and not like your CA certificate.

p@rick


-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP STARTTLS Problem

[Patrick Ben Koetter]

* Markus Fritz :
> Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
> >* mar...@opsys.de:
> >>Yep, I set the rights for the cert in Thunderbird. With this CERT
> >>SSL is working in Thunderbird but not with STARTTLS.
> >>
> >>4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1
> >>BAD TLS not available due to temporary reason
> >Your server responds it has a temporary problem. Set the server verbose to 
> >get
> >more useful log output.
> >
> 
> Now I got this:
> May  6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth
> attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read()
> failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca
> 
> What have I to do now? The cert is signed by myself.

You need to import your CAs certificate into TB.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP STARTTLS Problem

[Patrick Ben Koetter]

* mar...@opsys.de :
> Yep, I set the rights for the cert in Thunderbird. With this CERT
> SSL is working in Thunderbird but not with STARTTLS.
> 
> 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1
> BAD TLS not available due to temporary reason

Your server responds it has a temporary problem. Set the server verbose to get
more useful log output.

p@rick

P.S.
And please keep this thread onlist.


> That's the message I get from Thunderbird.
> 
> And that's the hole log:
> 
> 4440[af7d580]: ImapThreadMainLoop entering [this=bcde800]
> 0[c0f140]: bcde800:mail.opsys.de:NA:SetupWithUrl: clearing
> IMAP_CONNECTION_IS_OPEN
> 4440[af7d580]: bcde800:mail.opsys.de:NA:ProcessCurrentURL: entering
> 4440[af7d580]: 
> bcde800:mail.opsys.de:NA:ProcessCurrentURL:imap://markus%40opsys%2...@mail.opsys.de:143/select%3E.INBOX:
> = currentUrl
> 4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=118 needmore=0]
> 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: *
> OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> 
> 4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 1 STARTTLS
> 
> 4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=49 needmore=0]
> 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1
> BAD TLS not available due to temporary reason
> 
> 4440[af7d580]: try to log in
> 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed
> 0x0, avail caps 0x1006
> 4440[af7d580]: (GSSAPI = 0x100, CRAM = 0x2, NTLM = 0x10,
> MSN =  0x20, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login =
> 0x4)auth external IMAP login = 0x2000
> 4440[af7d580]: trying auth method 0x1000
> 4440[af7d580]: got new password
> 4440[af7d580]: IMAP: trying auth method 0x1000
> 4440[af7d580]: PLAIN auth
> 4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 2 authenticate plain
> 
> 4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=4294967295 needmore=0]
> 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket:
> clearing IMAP_CONNECTION_IS_OPEN - rv = 80470002
> 4440[af7d580]: bcde800:mail.opsys.de:NA:TellThreadToDie: close
> socket connection
> 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: (null)
> 4440[af7d580]: authlogin failed
> 4440[af7d580]: marking auth method 0x1000 failed
> 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed
> 0x1000, avail caps 0x6
> 4440[af7d580]: (GSSAPI = 0x100, CRAM = 0x2, NTLM = 0x10,
> MSN =  0x20, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login =
> 0x4)auth external IMAP login = 0x2000
> 4440[af7d580]: trying auth method 0x2
> 4440[af7d580]: login failed entirely

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP STARTTLS Problem

[Patrick Ben Koetter]

* mar...@opsys.de :
> Am 05.05.2012 22:44, schrieb Patrick Ben Koetter:
> >* Markus Fritz :
> >>Am 05.05.2012 21:06, schrieb Markus Fritz:
> >Assuming your server cert is located in
> >/etc/ssl/certs/ca-certificates.crt try
> >this on your server:
> >
> >openssl s_client -starttls imap -CAfile
> >/etc/ssl/certs/ca-certificates.crt -connect localhost:143
> >
> >Use "2 logout" to get out of the session.
> >
> >If it works, try the same from your client host.
> >
> >Does it work both times?
> 
> yes:
> 
>  Verify return code: 0 (ok)
> ---
> . OK Capability completed.
> 
> it works. But I cannot login with Thunderbird. I imported the cert
> in Thunderbird, too.

IIRC it is not enough to import the cert. You also need to set a policy i.e.
allow the cert to be used for e-mail.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP STARTTLS Problem

[Patrick Ben Koetter]

* Markus Fritz :
> Am 05.05.2012 21:06, schrieb Markus Fritz:
> >Hello,
> >
> >I have this problem:
> >May  5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth
> >attempts): rip=84.150.52.31, lip=78.46.216.126
> >
> >Connecting via Thunderbird to STARTTLS won't work, but with a website
> >from the same server it works for tls://opsys.de.
> >So why is the port closed for external ip's?
> >IPTABLES entry for imap is this:
> >fail2ban-dovecot-pop3imap  tcp  --  anywhere anywhere
> > multiport dports pop3,pop3s,imap2,imaps
> >
> >Key files are correct TLS is working from localhost.
> >
> >System is Debian squeeze
> 
> Thunderbird says 'tls not available due temporary reason' now.


Assuming your server cert is located in /etc/ssl/certs/ca-certificates.crt try
this on your server:

openssl s_client -starttls imap -CAfile /etc/ssl/certs/ca-certificates.crt 
-connect localhost:143

Use "2 logout" to get out of the session.

If it works, try the same from your client host.

Does it work both times?

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Bug tracker

[Patrick Ben Koetter]

* Antoine Nguyen :
> > I started thinking that perhaps I should move my TODO list to a bug
> > tracker. But because of reasons I've explained a few times before, I don't
> > want a full blown public bug tracking system. The requirements for it are:
> >
> >  * I am the only person who can add new bugs. Everyone else reports
> > bugs/requests to this mailing list as before. (Well, I guess Stephan could
> > use this as well if he wants to.)
> >
> >  * Everyone can comment existing bugs.
> >
> >  * Dovecot mailing list integration: Commenting a bug sends a mail to the
> > mailing list. Replies to those comments go back to bug tracker (probably
> > based on some [#1234] tag in subject). I would have the option of adding a
> > comment that doesn't go to the mailing list (= adding some internal comment
> > that nobody else cares about). Notifications about new bugs won't go to the
> > mailing list (most likely it was created due to a recent mailing list post).
> >
> > So the main difference to how things work now is that people would be able
> > to easily browse existing bugs and add comments to them. I would add bugs
> > there only when I'm not planning on fixing them within a few days. I
> > wouldn't add each and every feature request there, only the things that I'm
> > actually interested in developing. So the idea would be to actually get the
> > bug tracker emptied at some point, not to be a graveyard of unimportant
> > feature requests that about 1-2 people in the world would want.
> >
> > So, any suggestions for what software could do these things? I think
> > Request Tracker has those features, but it's not really the
> > nicest/prettiest thing.
> >
> >
> Maybe Redmine ? (http://www.redmine.org/
> 
> It's more than just a bug tracker but I think it answers your needs.

+1

We moved from trac to redmine about a year ago and still are very happy about
it. Our non-technical customers can deal with it well. Redmine allows to hide
projects and it knows the concept of sub-projects. It's versatile in terms of
repositories (mercurial supported) and ticket handling is fine too.

Sometimes I miss a more comfortable wiki editor, but that's a minor tradeoff.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] problem to configuration dovecot and postfix

[Patrick Ben Koetter]

* Thomas Leuxner :
> On Thu, Apr 05, 2012 at 04:48:45PM +0900, Akihiko Sato wrote:
> 
> > # postconf -n:
> > mydestination = qbu.example.com, qbu, localhost.localdomain, localhost
> 
> http://www.postfix.org/VIRTUAL_README.html
> 
> [...]
> NEVER list a virtual MAILBOX domain name as a mydestination domain!

... unless you know what you do and wish to benefit from the side-effects.

p@rick


-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563



signature.asc
Description: Digital signature

[Dovecot] Modifying LDAP search results for user_attrs

[Patrick Ben Koetter]

I need to authenticate users via LDAP either by mailaddress or login name.
In both cases the mailbox location is /src/mail/%d/%n. I can easily deduct
that path from the mailaddress, but not so from the login name.

Can I get the mail address as part of fetching user_attrs and modify it on the
fly? Something along the lines of this:

user_attrs = mail:/srv/mail/%d/%n=home,uidNumber=uid,gidNumber=gid

Or would I be able to modify this with a post-login script?

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Lack of external documentation?

[Patrick Ben Koetter]

* Jerry :
> On Thu, 15 Mar 2012 15:27:37 -0400
> Terry Carmen articulated:
> 
> > On 03/15/2012 03:06 PM, Steve Campbell wrote:
> > > Firstly, this isn't meant to be critical, and I realize the subject 
> > > line probably suggest criticism, so...
> > >
> > > I was sort of forced into using dovecot as my imap/pop server due
> > > to upgrading 3 versions of OS on my mail servers. So far, that's
> > > not bad. What surprises me is that one of the first things I
> > > usually do whenever I start using different software is to purchase
> > > a book that seems to suit me. Searching all of the common places
> > > like amazon, ebay, etc for manuals turned up little to nothing on
> > > dovecot.
> > >
> > > I'm wondering why and is this so new that people just haven't
> > > written books about it yet?
> > >
> > > The one thing I'm a little critical of, though, is that trying to
> > > make heads or tails of dovecot by following the online
> > > documentation is a little problematic. I'm constantly jumping to
> > > another page and then back to the original page, and for the most
> > > part, I just don't know enough about it all yet to know what I'm
> > > looking for.
> > 
> > The best docs are on the wiki and this mailing list. If you find the 
> > information in the wiki to be lacking, the best thing you can do is
> > find the solution yourself and/or on this mailing list, and then make
> > a wiki entry so the next person will know how to solve the same
> > problem you had.
> > 
> > Dovecot is a complex piece of software, and understanding some 
> > functionality requires reading the wiki, asking on the mailing list 
> > and/or examining the source code. You can also obtain paid support
> > from these companies: http://dovecot.org/support.html
> > 
> > I'll be the first to admit that complex and specialized
> > configurations are sometimes difficult to figure out, however this
> > list has always been a tremendous amount of help.
> 
> The lack of truly informative documentation has been the Achilles' heel
> of open-source software since its inception. I feel your pain. I have
> always loved a hard copy, i.e. book documenting the subject I am
> studying. Jumping from screen to screen sucks, plus how do I highlight
> a passage on the monitor for future reference? There have been a few
> books written to document Postfix, but to the best of my knowledge, none
> exist for Dovecot.

Dovecot is a moving target and it is hard to produce any print that represents
what Dovecot can do when the print finally will be released. I know, because I
am one of the two authors who wrote "The Book of Postfix" and we found it hard
if almost impossible to keep up with Wietse's pace when he wrote major parts
of Postfix.

For now, I believe, the wiki and the mailing list is as good as it gets. Later
when Dovecot settles a book might be something to write and something to spend
money on because it lasts for a while.

man pages would be a good thing, but given Dovecots configuration syntax and
flexibility this might be an even harder task. Its probably easier to describe
certain aspects of configuration or use cases than list all options and their
possible occurences.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] testing fts-solr?

[Patrick Ben Koetter]

Stan,

* Stan Hoeppner :
> On 3/4/2012 4:47 PM, Patrick Ben Koetter wrote:
> 
> > On 04.03.2012 23:29, Stan Hoeppner wrote:
> > 
> > 
> > 
> >> not worth discussing seems a bit naive, or arrogant, or both.  Given how
> >> long it takes, never in some cases, for Mozilla to fix IMAP related
> >> problems in TBird, you can't blame the OP for looking in other
> >> directions for a solution.  Note the bug I filed 2+ years on broken IMAP
> >> custom header search:
> >>
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=546925
> >>
> >> 2 years later and it's not even been assigned to a dev...
> > 
> > We started buying features/fixes.
> 
> Does Mozilla have a page listing such services and prices, err,
> required/expected donation amounts?

to my knowledge they don't have a page listing services and prices. Recently
they discussed pros and cons of crowd sourcing, but without much progress.

I can get you in contact with one of the TB programmers, who implemented
features for us, if you want to.

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563



smime.p7s
Description: S/MIME cryptographic signature

Re: [Dovecot] testing fts-solr?

[Patrick Ben Koetter]

On 04.03.2012 23:29, Stan Hoeppner wrote:



> not worth discussing seems a bit naive, or arrogant, or both.  Given how
> long it takes, never in some cases, for Mozilla to fix IMAP related
> problems in TBird, you can't blame the OP for looking in other
> directions for a solution.  Note the bug I filed 2+ years on broken IMAP
> custom header search:
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=546925
> 
> 2 years later and it's not even been assigned to a dev...

We started buying features/fixes.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563




smime.p7s
Description: S/MIME Cryptographic Signature

[Dovecot] ANN: automx - automated mail account provisioning

[Patrick Ben Koetter]

automx

I am pleased to announce automx a tool that makes setting up a mail account
easy. All your users need to provide is real name, mail address and password.
Their mail client and automx will safely handle the rest.

Say goodbye to mistyped server settings! Put an end to endless phone calls
trying to coach users to configure settings, whose dialogs they can't find.
Raise user satisfaction, relieve support and regain time to work on other
issues.

automx unifies Microsofts and Mozillas mail account provisioning standards in
one powerful Open Source tool. Choose from many backends, including LDAP and
SQL, and let automx create standard and individualized profiles for multiple
domains on the fly!

See the details on http://automx.org.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563



smime.p7s
Description: S/MIME cryptographic signature

Re: [Dovecot] doveadm + dsync merging

[Patrick Ben Koetter]

* Timo Sirainen :
> doveadm already supports some nice things, such as being able to remotely 
> launch a doveadm command via TCP socket. It also supports executing a command 
> for all users or to some specific users using a wildcard. dsync could use 
> these features, so I merged dsync and doveadm into same binary for v2.1.
> 
> I'll still install "dsync" symlink pointing to "doveadm", and running that 
> way it should be fully backwards compatible with the old dsync binary and its 
> parameters.
> 
> I'm mainly now wondering about the command naming for running dsync via 
> doveadm. Any suggestions?
> 
> a) Use "doveadm dsync" prefix, and otherwise keep the names same:
> 
> dsync mirror -> doveadm dsync mirror
> dsync backup -> doveadm dsync backup
> dsync server -> doveadm dsync server (for running dsync remotely via ssh/etc.)
> 
> b) Don't have the dsync prefix:
> 
> dsync mirror -> doveadm mirror
> dsync backup -> doveadm backup
> dsync server -> doveadm dsync-server (could be hidden from the doveadm 
> commands list)

Calling the old "dsync" command (symlink) directly should keep the already
established command structure.

Calling dsync features over doveadm should keep command structure as simple
(not complex) as possible. I favour b) for that and rename 'mirror' to 'sync'.

'sync' keeps in line with products such as rsync. People will immediately know
what it does.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Dovolená

[Patrick Ben Koetter]

* Ron Leach :
> On 22/12/2011 23:11, pa...@valbek.cz wrote:
> >
> >Dobrý den,
> >
> >od 23.12. do 30.12. jsem na dovolené. V případě nutnosti volejte na 
> >mobil.
> >
> >S pozdravem
> >
> Ladislav, sure, we'll reach you on your mobile if we need you.
> Enjoy the break; will you be doing some ski-ing?

Thanks for the translation! :)

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Problem listing SPECIAL-USE flags

[Patrick Ben Koetter]

Timo,

if I read the specs correctly http://tools.ietf.org/html/rfc6154#section-5.2
says the following command should work too:

 C: t3 LIST (SPECIAL-USE) "" "*"
 S: * LIST (\Sent) "/" SentMail
 S: * LIST (\Marked \Drafts) "/" MyDrafts
 S: * LIST (\Trash) "/" Trash
 S: t3 OK done

However if I send that command it fails:

t2 LIST (SPECIAL-USE) "" "*"
t2 BAD Error in IMAP command LIST: Unknown select options

Is that a bug or was a decision on purpose?

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Problem listing SPECIAL-USE flags

[Patrick Ben Koetter]

* Charles Marcus :
> On 2011-12-21 2:42 PM, Patrick Ben Koetter  wrote:
> >Thanks for the clarification. I did some reading to get a better
> >understanding. We'll probably stick with this and may go for LIST if the
> >server does not announce LIST-EXTENTED
> 
> So... out of curoisity, does dovecot support LIST-EXTENDED?

Yes, it does. See the full session below:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot 2.1 ready.
1 login al...@example.com secret 
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT 
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS FUZZY SPECIAL-USE] Logged in
t2 LIST "" "%" RETURN (SPECIAL-USE)
* LIST (\Sent) "." "AltSent"
* LIST () "." "Archives"
* LIST (\Archive) "." "AltArchive"
* LIST (\Junk) "." "AltJunk"
* LIST () "." "Junk"
* LIST (\Trash) "." "AltTrash"
* LIST (\Drafts) "." "AltDrafts"
* LIST () "." "Trash"
* LIST () "." "INBOX"
t2 OK List completed.
t3 logout 
* BYE Logging out
t3 OK Logout completed.

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Problem listing SPECIAL-USE flags

[Patrick Ben Koetter]

* Michael M Slusarz :
> Quoting Patrick Ben Koetter :
> >we want to implement SPECIAL-USE in Thunderbird (TB), but we've run into
> >problems. I believe you could help change that.
> >
> >Here's the problem:
> >
> >By default TB only lists subscribed (LSUB) folders when it accesses an IMAP
> >server. However when I do a LSUB on recent Dovecot 2.1 code from mercurial I
> >don't get to see the SPECIAL-USE flags. Therefore TB fails to identify which
> >folders it should use and map to until someone tells it to list all folders
> >(LIST) manually.
> >
> >Central part of the SPECIAL-USE idea was/is to require as little user
> >interaction as possible to automatically setup a MUA to do the right thing.
> >
> >Speculating that probably most MUAs will do a LSUB by default and never will
> >get to see SPECIAL-USE flags I think it is easier to have the server-side
> >promote the flags.
> 
> Except you never, never, never, never, never can rely on LSUB for
> mailbox attributes.  It says so right in RFC 3501 [6.3.9]:
> 
>   The returned untagged LSUB response MAY contain different mailbox
>   flags from a LIST untagged response.  If this should happen, the
>   flags in the untagged LIST are considered more authoritative.
> 
> See also RFC 5258 [3.1], which discusses the difference between the
> base RFC 3501 LSUB command and the LIST-EXTENDED SUBSCRIBED option:
> 
>   This option is
>   intended to supplement the LSUB command.  Of particular note are
>   the mailbox attributes as returned by this option, compared with
>   what is returned by LSUB.  With the latter, the attributes
>   returned may not reflect the actual attribute status on the
>   mailbox name, and the \NoSelect attribute has a second special
>   meaning (it indicates that this mailbox is not, itself,
>   subscribed, but that it has descendant mailboxes that are).  With
>   the SUBSCRIBED selection option described here, the attributes are
>   accurate and complete, and have no special meanings.  "LSUB" and
>   "LIST (SUBSCRIBED)" are, thus, not the same thing, and some
>   servers must do significant extra work to respond to "LIST
>   (SUBSCRIBED)".  Because of this, clients SHOULD continue to use
>   "LSUB" unless they specifically want the additional information
>   offered by "LIST (SUBSCRIBED)".

Thanks for the clarification. I did some reading to get a better
understanding. We'll probably stick with this and may go for LIST if the
server does not announce LIST-EXTENTED:

t2 LIST "" "%" RETURN (SPECIAL-USE)
* LIST (\Sent) "." "AltSent"
* LIST () "." "Archives"
* LIST (\Archive) "." "AltArchive"
* LIST (\Junk) "." "AltJunk"
* LIST () "." "Junk"
* LIST (\Trash) "." "AltTrash"
* LIST (\Drafts) "." "AltDrafts"
* LIST () "." "Trash"
* LIST () "." "INBOX"
t2 OK List completed.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

[Dovecot] Problem listing SPECIAL-USE flags

[Patrick Ben Koetter]

Timo,

we want to implement SPECIAL-USE in Thunderbird (TB), but we've run into
problems. I believe you could help change that.

Here's the problem:

By default TB only lists subscribed (LSUB) folders when it accesses an IMAP
server. However when I do a LSUB on recent Dovecot 2.1 code from mercurial I
don't get to see the SPECIAL-USE flags. Therefore TB fails to identify which
folders it should use and map to until someone tells it to list all folders
(LIST) manually.

Central part of the SPECIAL-USE idea was/is to require as little user
interaction as possible to automatically setup a MUA to do the right thing.

Speculating that probably most MUAs will do a LSUB by default and never will
get to see SPECIAL-USE flags I think it is easier to have the server-side
promote the flags.

Do you think that would be possible?


Just to verify I configured Dovecot as you would expect for SPECIAL-USE:

I've set Dovecot 2.1 to autocreate and autosubscribe SPECIAL-USE mailboxes
like this:

namespace inbox {
  ...
  mailbox AltDrafts {
special_use = \Drafts
auto = subscribe
  }
  ...
}

This is what I get:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot 2.1 ready.
t1 login al...@example.com secret
t1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT 
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS FUZZY SPECIAL-USE] Logged in
t2 LSUB "" "%"
* LSUB () "." "Trash"
* LSUB () "." "AltDrafts"
* LSUB () "." "AltSent"
* LSUB () "." "Archives"
* LSUB () "." "AltTrash"
* LSUB () "." "AltJunk"
* LSUB () "." "AltArchive"
* LSUB () "." "Junk"
t2 OK Lsub completed.
t3 LIST "" "%"
* LIST (\HasNoChildren \Sent) "." "AltSent"
* LIST (\HasChildren) "." "Archives"
* LIST (\HasNoChildren \Archive) "." "AltArchive"
* LIST (\HasNoChildren \Junk) "." "AltJunk"
* LIST (\HasNoChildren) "." "Junk"
* LIST (\HasNoChildren \Trash) "." "AltTrash"
* LIST (\HasNoChildren \Drafts) "." "AltDrafts"
* LIST (\HasNoChildren) "." "Trash"
* LIST (\HasNoChildren) "." "INBOX"
t3 OK List completed.
t4 logout
* BYE Logging out
t4 OK Logout completed.
Connection closed by foreign host.

Thanks,

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* Pascal Volk :
> On 12/07/2011 02:28 PM Arne K. Haaje wrote:
> > Thunderbird also use a Templates folder.
> 
> Yes, I also noticed that. But
> http://tools.ietf.org/html/rfc6154#section-2 doesn't mention a mailbox
> for templates.

IIRC IETF allows to register new SPECIAL-USE mailboxes. 'templates' might be a
good candidate.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* Michael M Slusarz :
> The combination of the original author's comment, and your response
> which did not seem to disagree with him at all, made it ambiguous at
> best whether you were referring to localized mailbox names being
> stored on the server or being translated on the client.  Looking
> through the entire thread, and seeing your previous message, I see
> that this was an incorrect assumption.  I apologize for any
> misunderstanding.

Thank you.

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* Michael M Slusarz :
> Quoting Patrick Ben Koetter :
> 
> >* A.L.E.C :
> >>On 06.12.2011 13:43, Patrick Ben Koetter wrote:
> >>
> >>> From my understanding RFC 6154 serves to flag some IMAP
> >>mailboxes in order to
> >>> indicate they should be used for special use e.g. as trash folder etc.
> >>>
> >>> I fail to see how RFC 6154 would help displaying localized mailbox names.
> >>
> >>Ok. It will not help for existing folders, but will allow creation of
> >>special-use folders with any name.
> >
> >Yes. And on top of that a MUA should detect these SPECIAL-USE folders and
> >automagically map its special folders (trash, archive, sent, drafts, etc.) to
> >the servers SPECIAL-USE mailboxes.
> >
> >This should take place transparently and the special folders should carry
> >localized mailbox names e.g. "Sent" or "Gesendet" or "..."
> 
> Except the localization conversions should be done on the MUA level,
> not the mailstore level (see, e.g., INBOX).

I believe that is exactly what I said in my lines above.


> As Timo noted in another message in this thread, for the most part
> there has been a informal standardization of special mailbox names
> to their English equivalents.  There is really no reason to move
> away from this standardization, especially for MUAs that do not yet

Where in my posting did I say I want to move away from that standard?

> support RFC 6154 but may support a form auto-detection of common
> special mailbox names.

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* Timo Sirainen :
> On Fri, 2011-12-02 at 17:12 +0200, Timo Sirainen wrote:
> 
> > The mailbox names require a namespace prefix, so if you use e.g. "INBOX." 
> > prefix you'll need to use:
> 
> I changed these so that they are inside namespace {} section and don't
> require namespace prefix in the name. That way I can include common
> mailbox definitions in example-config and still allow the namespace
> prefix to be easily changed.
> 
> I'm anyway now wondering what the defaults should be? Could someone
> check what these defaults are for Outlook and any other clients you
> have:
> 
>  * "Drafts" is used by all clients
>  * "Trash" is used by all clients
>  * "Junk" is used by all clients? Or is "Spam" used by some?
>  * "Sent" is used by Thunderbird, Evolution
>  * "Sent Messages" is used by Apple Mail
> 
> So I'm mainly wondering about "Sent" vs. "Sent Messages".

Are you looking for US-English mailbox names only?

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* A.L.E.C :
> On 06.12.2011 13:43, Patrick Ben Koetter wrote:
> 
> > From my understanding RFC 6154 serves to flag some IMAP mailboxes in order 
> > to
> > indicate they should be used for special use e.g. as trash folder etc.
> > 
> > I fail to see how RFC 6154 would help displaying localized mailbox names.
> 
> Ok. It will not help for existing folders, but will allow creation of
> special-use folders with any name.

Yes. And on top of that a MUA should detect these SPECIAL-USE folders and
automagically map its special folders (trash, archive, sent, drafts, etc.) to
the servers SPECIAL-USE mailboxes.

This should take place transparently and the special folders should carry
localized mailbox names e.g. "Sent" or "Gesendet" or "..."

At least that was my motivation to initiate that RFC about two years ago and
getting closer to that goal was the reason to sponsor this feature in Dovecot
2.1.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

* A.L.E.C :
> On 06.12.2011 11:29, Patrick Ben Koetter wrote:
> 
> >> Are there any plans to support RFC5464 SETMETADATA, so individual
> >> users can name their "\Trash" folder "Skraldspand" in danish or what
> >> ever they prefer?
> 
> Now I see in the hg that Timo doesn't implemented this nor
> CREATE-SPECIAL-USE. So, it's not so nice as I thought ;) There is
> metadata plugin. Should it be extended to support this?
> 
> > I believe setting the name should be a mapping that takes place in the MUA.
> 
> We have RFC6154 for this, don't try to be smarter.

>From my understanding RFC 6154 serves to flag some IMAP mailboxes in order to
indicate they should be used for special use e.g. as trash folder etc.

I fail to see how RFC 6154 would help displaying localized mailbox names.

Please point out.

p@rick


-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] IMAP SPECIAL-USE extension

[Patrick Ben Koetter]

Am 06.12.2011 10:39, schrieb Peter Mogensen:
> On 2011-12-02 22:22, dovecot-requ...@dovecot.org wrote:
> > It's implemented now in dovecot-2.1 hg. It also deprecates autocreate
> > plugin (but it still works the old way). The idea is that you can now
> > do e.g.:
> >
> > mailbox Trash {
> >   auto = no
> >   special_use = \Trash
> > }
> > ...
>
> This is great Timo.
> But for solving the localization problem for special-use folders, it's
> only half the way.
>
> Are there any plans to support RFC5464 SETMETADATA, so individual
> users can name their "\Trash" folder "Skraldspand" in danish or what
> ever they prefer?

I believe setting the name should be a mapping that takes place in the MUA.

p@


>
> /Peter

-- 
state of mind ()
Digitale Kommunikation
www.state-of-mind.de
Franziskanerstraße 15   Telefon +49 89 3090 4664
81669 München   Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] MUAs creating different "Sent" folders

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 30.11.2011 09:21, schrieb Patrick Ben Koetter:
> > * Robert Schetterer :
> >> Am 29.11.2011 23:17, schrieb Michael M Slusarz:
> >>> Quoting Patrick Ben Koetter :
> >>>>
> >>>> There's an RFC, but it hasn't been adopted yet. Neither by IMAP
> >>>> servers nor by IMAP clients. ;)
> >>>
> >>> Not true.  We've (IMP) had special-use (RFC 6154) support since August
> >>> 2010.
> >>>
> >>> Offhand, I know that serverwise Cyrus 2.5 supports RFC 6154.
> >>>
> >>> michael
> >>>
> >>
> >> what helps this, tb, outlook, apple mail, winmail and some mobile
> >> clients must follow , this is what people use, and it will take years
> >> after some of them might upgrade
> > 
> > What helps this == Was hilft es?
> > 
> > TB has it on the CR list.
> > Apple has their own X-LIST feature together with google.
> 
> cool, *g left another hundred clients
> 
> however  having this widly solved would be a dream
> why i did take so long for it.., its a Problem since years

Yes, it is a problem, but having a standard doesn't solve it and open source
software is not a guarant to have it implemented either, unless you contribute
the code yourself or get to sponsor someone to do it.

BTW: We'd contribute € 500 if Timo implemented RFC 6154 in Dovecot 2.1.

p@rick

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] MUAs creating different "Sent" folders

[Patrick Ben Koetter]

* Robert Schetterer :
> Am 29.11.2011 23:17, schrieb Michael M Slusarz:
> > Quoting Patrick Ben Koetter :
> > 
> >> * Ralf Hildebrandt :
> >>> While our webmail installation creates "Sent" as a Sent-Items Folder,
> >>> Apple Mail creates "Sent Messages".
> >>>
> >>> Is there a way of "mapping" foldernames e.g.
> >>>
> >>> map "Sent Messages" to "Sent"
> >>> map "Deletes Messages" to "Trash"
> >>> and so on?
> >>
> >> There's an RFC, but it hasn't been adopted yet. Neither by IMAP
> >> servers nor by
> >> IMAP clients. ;)
> > 
> > Not true.  We've (IMP) had special-use (RFC 6154) support since August
> > 2010.
> > 
> > Offhand, I know that serverwise Cyrus 2.5 supports RFC 6154.
> > 
> > michael
> > 
> 
> what helps this, tb, outlook, apple mail, winmail and some mobile
> clients must follow , this is what people use, and it will take years
> after some of them might upgrade

What helps this == Was hilft es?

TB has it on the CR list.
Apple has their own X-LIST feature together with google.

p@rick





> 
> -- 
> Best Regards
> 
> MfG Robert Schetterer
> 
> Germany/Munich/Bavaria

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] MUAs creating different "Sent" folders

[Patrick Ben Koetter]

* Michael M Slusarz :
> Quoting Patrick Ben Koetter :
> 
> >* Ralf Hildebrandt :
> >>While our webmail installation creates "Sent" as a Sent-Items Folder,
> >>Apple Mail creates "Sent Messages".
> >>
> >>Is there a way of "mapping" foldernames e.g.
> >>
> >>map "Sent Messages" to "Sent"
> >>map "Deletes Messages" to "Trash"
> >>and so on?
> >
> >There's an RFC, but it hasn't been adopted yet. Neither by IMAP
> >servers nor by
> >IMAP clients. ;)
> 
> Not true.  We've (IMP) had special-use (RFC 6154) support since August 2010.
> 
> Offhand, I know that serverwise Cyrus 2.5 supports RFC 6154.

Very nice. Thanks for the update.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] MUAs creating different "Sent" folders

[Patrick Ben Koetter]

* Ralf Hildebrandt :
> While our webmail installation creates "Sent" as a Sent-Items Folder,
> Apple Mail creates "Sent Messages".
> 
> Is there a way of "mapping" foldernames e.g.
> 
> map "Sent Messages" to "Sent"
> map "Deletes Messages" to "Trash"
> and so on?

There's an RFC, but it hasn't been adopted yet. Neither by IMAP servers nor by
IMAP clients. ;)

p@rick


-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Dovecot SASL on another machine

[Patrick Ben Koetter]

* Timo Sirainen :
> On Sat, 2011-11-05 at 15:13 +0100, Tobias Hachmer wrote:
> 
> > is there a way to use Dovecot SASL Authentication for submission on a 
> > different machine dovecot runs?
> 
> With v2.0 you should be able to add inet_listener for auth service,
> which acts as an auth-client socket.
> 
> > Dovecot machine <-> postfix machine(for submission)
> 
> Looking at Postfix v2.8.0 code, looks like Postfix also supports it.

Document it and Wietse will support it on the mailing list. If its not
documented support will be declined.

Should I?

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Difference between LOGIN and PLAIN

[Patrick Ben Koetter]

* Simon Brereton :
> On 3 November 2011 17:01, Stephan Bosch  wrote:
> > On 11/3/2011 9:42 PM, Simon Brereton wrote:
> >>
> >> Hi
> >>
> >> Could someone explain to me the difference between LOGIN and PLAIN?
> >> I've been googling for a while, but haven't found anything.
> >
> > The LOGIN SASL mechanism is an obsolete plain text mechanism. It is
> > documented here:
> >
> > http://tools.ietf.org/html/draft-murchison-sasl-login-00
> >
> > Some clients still support it, but I would not recommend using it when PLAIN
> > or a better SASL mechanism is also available at both ends. The PLAIN
> > mechanism is documented here:
> >
> > http://tools.ietf.org/html/rfc4616
> >
> > The main technical difference between the two is that the PLAIN mechanism
> > transfers both username and password in a single SASL interaction, where
> > LOGIN needs two. The PLAIN mechanism also provides support for having an
> > authorization id different from the authentication id, allowing for master
> > user login for example.
> 
> Thanks to both of you.  Can I bet that Outlook doesn't support
> anything but plain?

Outlook > 2007
LOGIN, NTLM
Outlook 2010 >
LOGIN, NTLM2, DIGEST-MD5

> I'm not sure I've ever heard of a client supporting other than
> Evolution supporting MD5 passwords..

Two come to mind: mutt, Thunderbird
However DIGEST-MD5 has been marked deprecated this summer.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] Difference between LOGIN and PLAIN

[Patrick Ben Koetter]

* Simon Brereton :
> Could someone explain to me the difference between LOGIN and PLAIN?

In SMTP these are:

Both 
- are plaintext mechanisms. 
- base64 encode identification data before they send it over the wire
- do not encrypt the indentification data and should therefore only be offered
  over an encrypted transport layer

PLAIN
- is an open standard supported by most clients
- sends identification data as one string
- sends an authentication ID, an authorization ID and the password

LOGIN
- is a proprietary standard supported by Microsofts clients
- sends LOGIN, login name, password and optionally the domain name one after
  another

I guess they are basically the same in IMAP, but others will know better.

p@rick


> I've been googling for a while, but haven't found anything.
> 
> Thanks.
> 
> Simon

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] dsync should sync sieve-dirs to!

[Patrick Ben Koetter]

* Stephan Bosch :
> On 31-10-2011 11:29, Robert Schetterer wrote:
> >hm, idea , any chance to feed sieve rules in a database backend or ldap etc
> >so it would be part of backing up the db/dir service
> 
> That is on the TODO list. However, this is not high-priority.

You might want to find out how SOGo  stores sieve rules in
SQL.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] SASL

[Patrick Ben Koetter]

* Friedrich Locke :
> Thanks it is what i want, kerberos plaintext authentication.
> But wait, i am running OpenBSD. There is no pam_krb5 for openbsd.
> Is there any other means ?

I am not an OpenBSD guy. Maybe someone else can share experiences.

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563

Re: [Dovecot] SASL

[Patrick Ben Koetter]

* Friedrich Locke :
> Ok!
> 
> can dovecot do keberos password verification (yes, that's it, password
> verification and not GSSAPI with tickets) ?

Please take a look at .

p@rick

-- 
state of mind ()

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563