Re: is a self signed certificate always invalid the first time
Hi Felix, I use getssl, which is a bash script, for LE certs. For certs on one server I use http, for the other DNS. The DNS method depends on your DNS provider. Many providers have an API for updating DNS. getssl provides scripts for a small number of popular providers. Acme.sh provides a greater range of DNS provider APIs. I added my own linode dns scripts in preference to those provided by getssl. Linode’s 15 minute DNS update delay has to be accounted for. -- Peter West p...@pbw.id.au “My soul magnifies the Lord…” > On 20 Aug 2017, at 5:20 pm, Felix Zielcke <fziel...@z-51.de> wrote: > > Am Samstag, den 19.08.2017, 21:39 -0400 schrieb KT Walrus: >> >> I use DNS verification for LE certs. Much better since generating >> certs only depends on access to DNS and not your HTTP servers. Cert >> generation is automatic (on a cron job that runs every night looking >> for certs that are within 30 days of expiration). Once set up, it is >> pretty much automatic. I do use Docker to deploy all services for my >> website which also makes things pretty easy to manage. >> >> Kevin > > Hi Kevin, > > what software do you use for DNS based verification? I read with the > official certbot from LE it's not possible to do this fully automated. > Currently I use the http based method, but would like to switch to DNS > based. > > Greetings > Felix signature.asc Description: Message signed with OpenPGP
Re: Unix socket for quota-status?
Thanks Aki. Same user, group and permissions as for the lmtp service? P > On 12 Jun 2017, at 12:14 am, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > >> On June 11, 2017 at 4:26 PM Peter West <li...@pbw.id.au> wrote: >> >> >> The example configs for quota-status use inet_listener. Does quota-status >> support unix sockets? >> >> -- >> Peter West >> p...@pbw.id.au >> And the great throng heard him gladly. >> > > Yes, you can use unix_listener and inet_listener as you please, dovecot > supports them both for all services. > > Aki signature.asc Description: Message signed with OpenPGP
Unix socket for quota-status?
The example configs for quota-status use inet_listener. Does quota-status support unix sockets? -- Peter West p...@pbw.id.au And the great throng heard him gladly. signature.asc Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
It looks as though there is no global mail_plugins variable. Is this the case?
Or have I misunderstood how global variable are expressed?
P
> On 10 Jun 2017, at 9:10 pm, Peter West <li...@pbw.id.au> wrote:
>
> Ok, I added zlib to imap protocol.
>
> protocol imap {
> …
> mail_plugins = $mail_plugins zlib
> }
>
> Now both imap and lmtp protocols have zlib plugin enabled, and both send and
> receive mail is compressed.
>
> Peter
>
>> On 10 Jun 2017, at 6:50 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>
>> Please check that you are not overwriting mail plugins for lmtp. Or post
>> your doveconf -n.
>>
>> Aki
>>
>>> On June 10, 2017 at 11:10 AM Peter West <li...@pbw.id.au> wrote:
>>>
>>>
>>> Not sure what you mean. I’m using lmtp to send messages to Dovecot from
>>> Postfix.
>>>
>>>> On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>>>
>>>> What's your LDA?
>>>>
>>>> Aki
>>>>
>>>>> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote:
>>>>>
>>>>>
>>>>> Thanks for that Aki.
>>>>>
>>>>> Follow-up question. I tried to initiate compression by adding
>>>>>
>>>>> mail_plugins = $mail_plugins zlib
>>>>>
>>>>> plugin {
>>>>> zlib_save_level = 6
>>>>> zlib_save = xz
>>>>> }
>>>>>
>>>>>
>>>>> to dovecot.conf. I restarted dovecot and sent one message to the server,
>>>>> and one message from the server. Neither was compressed. I changed the
>>>>> save type to
>>>>>
>>>>> zlib_save = bz2
>>>>>
>>>>> and repeated. This time the message received (in
>>>>> /var/vmail///cur) was not compressed, but the message in
>>>>> /var/vmail///.Sent/cur was bzip2 compressed.
>>>>>
>>>>> Why is the received mail not being compressed? Is this the point of the
>>>>> discussion about compressing old mails?
>>>>>
>>>>>
>>>>>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>>>>>
>>>>>>
>>>>>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Concerning Maildir, the wiki page on compression has this:
>>>>>>>
>>>>>>> All mails must have ,S= in their filename where contains
>>>>>>> the original uncompressed mail size, otherwise there will be problems
>>>>>>> with quota calculation as well as other potential random failures. Note
>>>>>>> that if the filename doesn’t contain the ,S= before compression,
>>>>>>> adding it afterwards changes the base filename and thus the message
>>>>>>> UID. The safest thing to do is simply to not compress such files.
>>>>>>>
>>>>>>> Further down on the same page is this:
>>>>>>>
>>>>>>> If the file does exist, rename() (mv) the compressed file over the
>>>>>>> original file.
>>>>>>> • Dovecot can now read the file, but to avoid compressing it
>>>>>>> again on the next run, you'll probably want to rename it again to
>>>>>>> include e.g. a "Z" flag in the file name to mark that it was compressed
>>>>>>> (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ).
>>>>>>>
>>>>>>> These comments seem to contradict each. Or is there a difference
>>>>>>> between adding the size specifier to the filename and adding a Z flag
>>>>>>> to the end of the file name?
>>>>>>>
>>>>>>> --
>>>>>>> Peter West
>>>>>>> p...@pbw.id.au
>>>>>>> And the great throng heard him gladly.
>>>>>>>
>>>>>>
>>>>>> Keyword is 'base filename'. From the wiki, "The standard filename
>>>>>> definition is: ":2,".". Z is a flag.
>>>>>>
>>>>>> Aki
>>>>>
>>>
>
signature.asc
Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Ok, I added zlib to imap protocol.
protocol imap {
…
mail_plugins = $mail_plugins zlib
}
Now both imap and lmtp protocols have zlib plugin enabled, and both send and
receive mail is compressed.
Peter
> On 10 Jun 2017, at 6:50 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
> Please check that you are not overwriting mail plugins for lmtp. Or post your
> doveconf -n.
>
> Aki
>
>> On June 10, 2017 at 11:10 AM Peter West <li...@pbw.id.au> wrote:
>>
>>
>> Not sure what you mean. I’m using lmtp to send messages to Dovecot from
>> Postfix.
>>
>>> On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>>
>>> What's your LDA?
>>>
>>> Aki
>>>
>>>> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote:
>>>>
>>>>
>>>> Thanks for that Aki.
>>>>
>>>> Follow-up question. I tried to initiate compression by adding
>>>>
>>>> mail_plugins = $mail_plugins zlib
>>>>
>>>> plugin {
>>>> zlib_save_level = 6
>>>> zlib_save = xz
>>>> }
>>>>
>>>>
>>>> to dovecot.conf. I restarted dovecot and sent one message to the server,
>>>> and one message from the server. Neither was compressed. I changed the
>>>> save type to
>>>>
>>>> zlib_save = bz2
>>>>
>>>> and repeated. This time the message received (in
>>>> /var/vmail///cur) was not compressed, but the message in
>>>> /var/vmail///.Sent/cur was bzip2 compressed.
>>>>
>>>> Why is the received mail not being compressed? Is this the point of the
>>>> discussion about compressing old mails?
>>>>
>>>>
>>>>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>>>>
>>>>>
>>>>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote:
>>>>>>
>>>>>>
>>>>>> Concerning Maildir, the wiki page on compression has this:
>>>>>>
>>>>>> All mails must have ,S= in their filename where contains
>>>>>> the original uncompressed mail size, otherwise there will be problems
>>>>>> with quota calculation as well as other potential random failures. Note
>>>>>> that if the filename doesn’t contain the ,S= before compression,
>>>>>> adding it afterwards changes the base filename and thus the message UID.
>>>>>> The safest thing to do is simply to not compress such files.
>>>>>>
>>>>>> Further down on the same page is this:
>>>>>>
>>>>>> If the file does exist, rename() (mv) the compressed file over the
>>>>>> original file.
>>>>>> • Dovecot can now read the file, but to avoid compressing it again on
>>>>>> the next run, you'll probably want to rename it again to include e.g. a
>>>>>> "Z" flag in the file name to mark that it was compressed (e.g.
>>>>>> 1223212411.M907959P17184.host,S=3271:2,SZ).
>>>>>>
>>>>>> These comments seem to contradict each. Or is there a difference between
>>>>>> adding the size specifier to the filename and adding a Z flag to the end
>>>>>> of the file name?
>>>>>>
>>>>>> --
>>>>>> Peter West
>>>>>> p...@pbw.id.au
>>>>>> And the great throng heard him gladly.
>>>>>>
>>>>>
>>>>> Keyword is 'base filename'. From the wiki, "The standard filename
>>>>> definition is: ":2,".". Z is a flag.
>>>>>
>>>>> Aki
>>>>
>>
signature.asc
Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Well spotted.
In my first attempt, the configuration I originally posted was at the end of my
dovecot.conf file, and I was not including the conf.d configuration files.
Preceding that was my lmtp protocol cong.
protocol lmtp {
postmaster_address = postmaster
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
>>>>
>>>> mail_plugins = $mail_plugins zlib
>>>>
>>>> plugin {
>>>> zlib_save_level = 6
>>>> zlib_save = xz
>>>> }
>>>>
The doveconf -n associated with this is as follows:
01 # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
02 # Pigeonhole version 0.4.13 (7b14904)
03 # OS: Linux 4.9.15-x86_64-linode81 x86_64 Ubuntu 16.04.2 LTS
04 auth_mechanisms = plain login
05 log_timestamp = "%Y-%m-%d %H:%M:%S "
06 mail_gid = vmail
07 mail_home = maildir:/var/vmail/%d/%n
08 mail_location = maildir:~/Maildir
09
10 mail_privileged_group = vmail
11 mail_uid = vmail
12 managesieve_notify_capability = mailto
13 managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric relational
regex imap4flags copy include variables body enotify environment mailbox date
ihave
14 namespace inbox {
15inbox = yes
16location =
17mailbox Archive {
18 auto = subscribe
19 special_use = \Archive
20}
21mailbox Drafts {
22 auto = subscribe
23 special_use = \Drafts
24}
25mailbox Sent {
26 auto = subscribe
27 special_use = \Sent
28}
29mailbox Spam {
30 auto = subscribe
31 special_use = \Junk
32}
33mailbox Trash {
34 auto = subscribe
35 special_use = \Trash
36}
37prefix =
38 }
39 passdb {
40args = /etc/dovecot/dovecot-sql.conf.ext
41driver = sql
42 }
43 plugin {
44sieve = ~/.dovecot.sieve
45sieve_dir = ~/sieve
46zlib_save = bz2
47zlib_save_level = 6
48 }
49 protocols = " imap lmtp sieve"
50 service auth {
51unix_listener /var/spool/postfix/private/dovecot-auth {
52 group = postfix
53 mode = 0660
54 user = postfix
55}
56user = root
57 }
58 service lmtp {
59unix_listener /var/spool/postfix/private/dovecot-lmtp {
60 group = postfix
61 mode = 0600
62 user = postfix
63}
64 }
65 ssl_ca = >>> mail_plugins = $mail_plugins zlib
The resulting doveconf -n is:
01 # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
02 # Pigeonhole version 0.4.13 (7b14904)
03 # OS: Linux 4.9.15-x86_64-linode81 x86_64 Ubuntu 16.04.2 LTS
04 auth_mechanisms = plain login
05 log_timestamp = "%Y-%m-%d %H:%M:%S "
06 mail_gid = vmail
07 mail_home = maildir:/var/vmail/%d/%n
08 mail_location = maildir:~/Maildir
09 mail_plugins = " zlib"
10 mail_privileged_group = vmail
11 mail_uid = vmail
12 managesieve_notify_capability = mailto
13 managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric relational
regex imap4flags copy include variables body enotify environment mailbox date
ihave
14 namespace inbox {
15inbox = yes
16location =
17mailbox Archive {
18 auto = subscribe
19 special_use = \Archive
20}
21mailbox Drafts {
22 auto = subscribe
23 special_use = \Drafts
24}
25mailbox Sent {
26 auto = subscribe
27 special_use = \Sent
28}
29mailbox Spam {
30 auto = subscribe
31 special_use = \Junk
32}
33mailbox Trash {
34 auto = subscribe
35 special_use = \Trash
36}
37prefix =
38 }
39 passdb {
40args = /etc/dovecot/dovecot-sql.conf.ext
41driver = sql
42 }
43 plugin {
44sieve = ~/.dovecot.sieve
45sieve_dir = ~/sieve
46zlib_save = bz2
47zlib_save_level = 6
48 }
49 protocols = " imap lmtp sieve"
50 service auth {
51unix_listener /var/spool/postfix/private/dovecot-auth {
52 group = postfix
53 mode = 0660
54 user = postfix
55}
56user = root
57 }
58 service lmtp {
59unix_listener /var/spool/postfix/private/dovecot-lmtp {
60 group = postfix
61 mode = 0600
62 user = postfix
63}
64 }
65 ssl_ca = //cur are compressed;
sent messages in /var/vmail///.Sent/cur are not compressed.
I assume that I need both specifications.
--
Peter West
p...@pbw.id.au
An
Re: Changing the name of a compressed file
Not sure what you mean. I’m using lmtp to send messages to Dovecot from Postfix.
> On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
> What's your LDA?
>
> Aki
>
>> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote:
>>
>>
>> Thanks for that Aki.
>>
>> Follow-up question. I tried to initiate compression by adding
>>
>> mail_plugins = $mail_plugins zlib
>>
>> plugin {
>>zlib_save_level = 6
>>zlib_save = xz
>> }
>>
>>
>> to dovecot.conf. I restarted dovecot and sent one message to the server,
>> and one message from the server. Neither was compressed. I changed the
>> save type to
>>
>>zlib_save = bz2
>>
>> and repeated. This time the message received (in
>> /var/vmail///cur) was not compressed, but the message in
>> /var/vmail///.Sent/cur was bzip2 compressed.
>>
>> Why is the received mail not being compressed? Is this the point of the
>> discussion about compressing old mails?
>>
>>
>>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>>
>>>
>>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote:
>>>>
>>>>
>>>> Concerning Maildir, the wiki page on compression has this:
>>>>
>>>> All mails must have ,S= in their filename where contains the
>>>> original uncompressed mail size, otherwise there will be problems with
>>>> quota calculation as well as other potential random failures. Note that if
>>>> the filename doesn’t contain the ,S= before compression, adding it
>>>> afterwards changes the base filename and thus the message UID. The safest
>>>> thing to do is simply to not compress such files.
>>>>
>>>> Further down on the same page is this:
>>>>
>>>> If the file does exist, rename() (mv) the compressed file over the
>>>> original file.
>>>>• Dovecot can now read the file, but to avoid compressing it again on
>>>> the next run, you'll probably want to rename it again to include e.g. a
>>>> "Z" flag in the file name to mark that it was compressed (e.g.
>>>> 1223212411.M907959P17184.host,S=3271:2,SZ).
>>>>
>>>> These comments seem to contradict each. Or is there a difference between
>>>> adding the size specifier to the filename and adding a Z flag to the end
>>>> of the file name?
>>>>
>>>> --
>>>> Peter West
>>>> p...@pbw.id.au
>>>> And the great throng heard him gladly.
>>>>
>>>
>>> Keyword is 'base filename'. From the wiki, "The standard filename
>>> definition is: ":2,".". Z is a flag.
>>>
>>> Aki
>>
signature.asc
Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Thanks for that Aki.
Follow-up question. I tried to initiate compression by adding
mail_plugins = $mail_plugins zlib
plugin {
zlib_save_level = 6
zlib_save = xz
}
to dovecot.conf. I restarted dovecot and sent one message to the server, and
one message from the server. Neither was compressed. I changed the save type
to
zlib_save = bz2
and repeated. This time the message received (in
/var/vmail///cur) was not compressed, but the message in
/var/vmail///.Sent/cur was bzip2 compressed.
Why is the received mail not being compressed? Is this the point of the
discussion about compressing old mails?
> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
>
>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote:
>>
>>
>> Concerning Maildir, the wiki page on compression has this:
>>
>> All mails must have ,S= in their filename where contains the
>> original uncompressed mail size, otherwise there will be problems with quota
>> calculation as well as other potential random failures. Note that if the
>> filename doesn’t contain the ,S= before compression, adding it
>> afterwards changes the base filename and thus the message UID. The safest
>> thing to do is simply to not compress such files.
>>
>> Further down on the same page is this:
>>
>> If the file does exist, rename() (mv) the compressed file over the original
>> file.
>> • Dovecot can now read the file, but to avoid compressing it again on
>> the next run, you'll probably want to rename it again to include e.g. a "Z"
>> flag in the file name to mark that it was compressed (e.g.
>> 1223212411.M907959P17184.host,S=3271:2,SZ).
>>
>> These comments seem to contradict each. Or is there a difference between
>> adding the size specifier to the filename and adding a Z flag to the end of
>> the file name?
>>
>> --
>> Peter West
>> p...@pbw.id.au
>> And the great throng heard him gladly.
>>
>
> Keyword is 'base filename'. From the wiki, "The standard filename definition
> is: ":2,".". Z is a flag.
>
> Aki
signature.asc
Description: Message signed with OpenPGP
Changing the name of a compressed file
Concerning Maildir, the wiki page on compression has this: All mails must have ,S= in their filename where contains the original uncompressed mail size, otherwise there will be problems with quota calculation as well as other potential random failures. Note that if the filename doesn’t contain the ,S= before compression, adding it afterwards changes the base filename and thus the message UID. The safest thing to do is simply to not compress such files. Further down on the same page is this: If the file does exist, rename() (mv) the compressed file over the original file. • Dovecot can now read the file, but to avoid compressing it again on the next run, you'll probably want to rename it again to include e.g. a "Z" flag in the file name to mark that it was compressed (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). These comments seem to contradict each. Or is there a difference between adding the size specifier to the filename and adding a Z flag to the end of the file name? -- Peter West p...@pbw.id.au And the great throng heard him gladly. signature.asc Description: Message signed with OpenPGP
