Re: is a self signed certificate always invalid the first time
Hi Felix, I use getssl, which is a bash script, for LE certs. For certs on one server I use http, for the other DNS. The DNS method depends on your DNS provider. Many providers have an API for updating DNS. getssl provides scripts for a small number of popular providers. Acme.sh provides a greater range of DNS provider APIs. I added my own linode dns scripts in preference to those provided by getssl. Linode’s 15 minute DNS update delay has to be accounted for. -- Peter West p...@pbw.id.au “My soul magnifies the Lord…” > On 20 Aug 2017, at 5:20 pm, Felix Zielcke <fziel...@z-51.de> wrote: > > Am Samstag, den 19.08.2017, 21:39 -0400 schrieb KT Walrus: >> >> I use DNS verification for LE certs. Much better since generating >> certs only depends on access to DNS and not your HTTP servers. Cert >> generation is automatic (on a cron job that runs every night looking >> for certs that are within 30 days of expiration). Once set up, it is >> pretty much automatic. I do use Docker to deploy all services for my >> website which also makes things pretty easy to manage. >> >> Kevin > > Hi Kevin, > > what software do you use for DNS based verification? I read with the > official certbot from LE it's not possible to do this fully automated. > Currently I use the http based method, but would like to switch to DNS > based. > > Greetings > Felix signature.asc Description: Message signed with OpenPGP
Re: Unix socket for quota-status?
Thanks Aki. Same user, group and permissions as for the lmtp service? P > On 12 Jun 2017, at 12:14 am, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > >> On June 11, 2017 at 4:26 PM Peter West <li...@pbw.id.au> wrote: >> >> >> The example configs for quota-status use inet_listener. Does quota-status >> support unix sockets? >> >> -- >> Peter West >> p...@pbw.id.au >> And the great throng heard him gladly. >> > > Yes, you can use unix_listener and inet_listener as you please, dovecot > supports them both for all services. > > Aki signature.asc Description: Message signed with OpenPGP
Unix socket for quota-status?
The example configs for quota-status use inet_listener. Does quota-status support unix sockets? -- Peter West p...@pbw.id.au And the great throng heard him gladly. signature.asc Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
It looks as though there is no global mail_plugins variable. Is this the case? Or have I misunderstood how global variable are expressed? P > On 10 Jun 2017, at 9:10 pm, Peter West <li...@pbw.id.au> wrote: > > Ok, I added zlib to imap protocol. > > protocol imap { > … > mail_plugins = $mail_plugins zlib > } > > Now both imap and lmtp protocols have zlib plugin enabled, and both send and > receive mail is compressed. > > Peter > >> On 10 Jun 2017, at 6:50 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >> >> Please check that you are not overwriting mail plugins for lmtp. Or post >> your doveconf -n. >> >> Aki >> >>> On June 10, 2017 at 11:10 AM Peter West <li...@pbw.id.au> wrote: >>> >>> >>> Not sure what you mean. I’m using lmtp to send messages to Dovecot from >>> Postfix. >>> >>>> On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>>> >>>> What's your LDA? >>>> >>>> Aki >>>> >>>>> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote: >>>>> >>>>> >>>>> Thanks for that Aki. >>>>> >>>>> Follow-up question. I tried to initiate compression by adding >>>>> >>>>> mail_plugins = $mail_plugins zlib >>>>> >>>>> plugin { >>>>> zlib_save_level = 6 >>>>> zlib_save = xz >>>>> } >>>>> >>>>> >>>>> to dovecot.conf. I restarted dovecot and sent one message to the server, >>>>> and one message from the server. Neither was compressed. I changed the >>>>> save type to >>>>> >>>>> zlib_save = bz2 >>>>> >>>>> and repeated. This time the message received (in >>>>> /var/vmail///cur) was not compressed, but the message in >>>>> /var/vmail///.Sent/cur was bzip2 compressed. >>>>> >>>>> Why is the received mail not being compressed? Is this the point of the >>>>> discussion about compressing old mails? >>>>> >>>>> >>>>>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>>>>> >>>>>> >>>>>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote: >>>>>>> >>>>>>> >>>>>>> Concerning Maildir, the wiki page on compression has this: >>>>>>> >>>>>>> All mails must have ,S= in their filename where contains >>>>>>> the original uncompressed mail size, otherwise there will be problems >>>>>>> with quota calculation as well as other potential random failures. Note >>>>>>> that if the filename doesn’t contain the ,S= before compression, >>>>>>> adding it afterwards changes the base filename and thus the message >>>>>>> UID. The safest thing to do is simply to not compress such files. >>>>>>> >>>>>>> Further down on the same page is this: >>>>>>> >>>>>>> If the file does exist, rename() (mv) the compressed file over the >>>>>>> original file. >>>>>>> • Dovecot can now read the file, but to avoid compressing it >>>>>>> again on the next run, you'll probably want to rename it again to >>>>>>> include e.g. a "Z" flag in the file name to mark that it was compressed >>>>>>> (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). >>>>>>> >>>>>>> These comments seem to contradict each. Or is there a difference >>>>>>> between adding the size specifier to the filename and adding a Z flag >>>>>>> to the end of the file name? >>>>>>> >>>>>>> -- >>>>>>> Peter West >>>>>>> p...@pbw.id.au >>>>>>> And the great throng heard him gladly. >>>>>>> >>>>>> >>>>>> Keyword is 'base filename'. From the wiki, "The standard filename >>>>>> definition is: ":2,".". Z is a flag. >>>>>> >>>>>> Aki >>>>> >>> > signature.asc Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Ok, I added zlib to imap protocol. protocol imap { … mail_plugins = $mail_plugins zlib } Now both imap and lmtp protocols have zlib plugin enabled, and both send and receive mail is compressed. Peter > On 10 Jun 2017, at 6:50 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > Please check that you are not overwriting mail plugins for lmtp. Or post your > doveconf -n. > > Aki > >> On June 10, 2017 at 11:10 AM Peter West <li...@pbw.id.au> wrote: >> >> >> Not sure what you mean. I’m using lmtp to send messages to Dovecot from >> Postfix. >> >>> On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>> >>> What's your LDA? >>> >>> Aki >>> >>>> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote: >>>> >>>> >>>> Thanks for that Aki. >>>> >>>> Follow-up question. I tried to initiate compression by adding >>>> >>>> mail_plugins = $mail_plugins zlib >>>> >>>> plugin { >>>> zlib_save_level = 6 >>>> zlib_save = xz >>>> } >>>> >>>> >>>> to dovecot.conf. I restarted dovecot and sent one message to the server, >>>> and one message from the server. Neither was compressed. I changed the >>>> save type to >>>> >>>> zlib_save = bz2 >>>> >>>> and repeated. This time the message received (in >>>> /var/vmail///cur) was not compressed, but the message in >>>> /var/vmail///.Sent/cur was bzip2 compressed. >>>> >>>> Why is the received mail not being compressed? Is this the point of the >>>> discussion about compressing old mails? >>>> >>>> >>>>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>>>> >>>>> >>>>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote: >>>>>> >>>>>> >>>>>> Concerning Maildir, the wiki page on compression has this: >>>>>> >>>>>> All mails must have ,S= in their filename where contains >>>>>> the original uncompressed mail size, otherwise there will be problems >>>>>> with quota calculation as well as other potential random failures. Note >>>>>> that if the filename doesn’t contain the ,S= before compression, >>>>>> adding it afterwards changes the base filename and thus the message UID. >>>>>> The safest thing to do is simply to not compress such files. >>>>>> >>>>>> Further down on the same page is this: >>>>>> >>>>>> If the file does exist, rename() (mv) the compressed file over the >>>>>> original file. >>>>>> • Dovecot can now read the file, but to avoid compressing it again on >>>>>> the next run, you'll probably want to rename it again to include e.g. a >>>>>> "Z" flag in the file name to mark that it was compressed (e.g. >>>>>> 1223212411.M907959P17184.host,S=3271:2,SZ). >>>>>> >>>>>> These comments seem to contradict each. Or is there a difference between >>>>>> adding the size specifier to the filename and adding a Z flag to the end >>>>>> of the file name? >>>>>> >>>>>> -- >>>>>> Peter West >>>>>> p...@pbw.id.au >>>>>> And the great throng heard him gladly. >>>>>> >>>>> >>>>> Keyword is 'base filename'. From the wiki, "The standard filename >>>>> definition is: ":2,".". Z is a flag. >>>>> >>>>> Aki >>>> >> signature.asc Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Well spotted. In my first attempt, the configuration I originally posted was at the end of my dovecot.conf file, and I was not including the conf.d configuration files. Preceding that was my lmtp protocol cong. protocol lmtp { postmaster_address = postmaster # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve } >>>> >>>> mail_plugins = $mail_plugins zlib >>>> >>>> plugin { >>>> zlib_save_level = 6 >>>> zlib_save = xz >>>> } >>>> The doveconf -n associated with this is as follows: 01 # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf 02 # Pigeonhole version 0.4.13 (7b14904) 03 # OS: Linux 4.9.15-x86_64-linode81 x86_64 Ubuntu 16.04.2 LTS 04 auth_mechanisms = plain login 05 log_timestamp = "%Y-%m-%d %H:%M:%S " 06 mail_gid = vmail 07 mail_home = maildir:/var/vmail/%d/%n 08 mail_location = maildir:~/Maildir 09 10 mail_privileged_group = vmail 11 mail_uid = vmail 12 managesieve_notify_capability = mailto 13 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave 14 namespace inbox { 15inbox = yes 16location = 17mailbox Archive { 18 auto = subscribe 19 special_use = \Archive 20} 21mailbox Drafts { 22 auto = subscribe 23 special_use = \Drafts 24} 25mailbox Sent { 26 auto = subscribe 27 special_use = \Sent 28} 29mailbox Spam { 30 auto = subscribe 31 special_use = \Junk 32} 33mailbox Trash { 34 auto = subscribe 35 special_use = \Trash 36} 37prefix = 38 } 39 passdb { 40args = /etc/dovecot/dovecot-sql.conf.ext 41driver = sql 42 } 43 plugin { 44sieve = ~/.dovecot.sieve 45sieve_dir = ~/sieve 46zlib_save = bz2 47zlib_save_level = 6 48 } 49 protocols = " imap lmtp sieve" 50 service auth { 51unix_listener /var/spool/postfix/private/dovecot-auth { 52 group = postfix 53 mode = 0660 54 user = postfix 55} 56user = root 57 } 58 service lmtp { 59unix_listener /var/spool/postfix/private/dovecot-lmtp { 60 group = postfix 61 mode = 0600 62 user = postfix 63} 64 } 65 ssl_ca = >>> mail_plugins = $mail_plugins zlib The resulting doveconf -n is: 01 # 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf 02 # Pigeonhole version 0.4.13 (7b14904) 03 # OS: Linux 4.9.15-x86_64-linode81 x86_64 Ubuntu 16.04.2 LTS 04 auth_mechanisms = plain login 05 log_timestamp = "%Y-%m-%d %H:%M:%S " 06 mail_gid = vmail 07 mail_home = maildir:/var/vmail/%d/%n 08 mail_location = maildir:~/Maildir 09 mail_plugins = " zlib" 10 mail_privileged_group = vmail 11 mail_uid = vmail 12 managesieve_notify_capability = mailto 13 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave 14 namespace inbox { 15inbox = yes 16location = 17mailbox Archive { 18 auto = subscribe 19 special_use = \Archive 20} 21mailbox Drafts { 22 auto = subscribe 23 special_use = \Drafts 24} 25mailbox Sent { 26 auto = subscribe 27 special_use = \Sent 28} 29mailbox Spam { 30 auto = subscribe 31 special_use = \Junk 32} 33mailbox Trash { 34 auto = subscribe 35 special_use = \Trash 36} 37prefix = 38 } 39 passdb { 40args = /etc/dovecot/dovecot-sql.conf.ext 41driver = sql 42 } 43 plugin { 44sieve = ~/.dovecot.sieve 45sieve_dir = ~/sieve 46zlib_save = bz2 47zlib_save_level = 6 48 } 49 protocols = " imap lmtp sieve" 50 service auth { 51unix_listener /var/spool/postfix/private/dovecot-auth { 52 group = postfix 53 mode = 0660 54 user = postfix 55} 56user = root 57 } 58 service lmtp { 59unix_listener /var/spool/postfix/private/dovecot-lmtp { 60 group = postfix 61 mode = 0600 62 user = postfix 63} 64 } 65 ssl_ca = //cur are compressed; sent messages in /var/vmail///.Sent/cur are not compressed. I assume that I need both specifications. -- Peter West p...@pbw.id.au An
Re: Changing the name of a compressed file
Not sure what you mean. I’m using lmtp to send messages to Dovecot from Postfix. > On 10 Jun 2017, at 6:08 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > What's your LDA? > > Aki > >> On June 10, 2017 at 11:01 AM Peter West <li...@pbw.id.au> wrote: >> >> >> Thanks for that Aki. >> >> Follow-up question. I tried to initiate compression by adding >> >> mail_plugins = $mail_plugins zlib >> >> plugin { >>zlib_save_level = 6 >>zlib_save = xz >> } >> >> >> to dovecot.conf. I restarted dovecot and sent one message to the server, >> and one message from the server. Neither was compressed. I changed the >> save type to >> >>zlib_save = bz2 >> >> and repeated. This time the message received (in >> /var/vmail///cur) was not compressed, but the message in >> /var/vmail///.Sent/cur was bzip2 compressed. >> >> Why is the received mail not being compressed? Is this the point of the >> discussion about compressing old mails? >> >> >>> On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >>> >>> >>>> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote: >>>> >>>> >>>> Concerning Maildir, the wiki page on compression has this: >>>> >>>> All mails must have ,S= in their filename where contains the >>>> original uncompressed mail size, otherwise there will be problems with >>>> quota calculation as well as other potential random failures. Note that if >>>> the filename doesn’t contain the ,S= before compression, adding it >>>> afterwards changes the base filename and thus the message UID. The safest >>>> thing to do is simply to not compress such files. >>>> >>>> Further down on the same page is this: >>>> >>>> If the file does exist, rename() (mv) the compressed file over the >>>> original file. >>>>• Dovecot can now read the file, but to avoid compressing it again on >>>> the next run, you'll probably want to rename it again to include e.g. a >>>> "Z" flag in the file name to mark that it was compressed (e.g. >>>> 1223212411.M907959P17184.host,S=3271:2,SZ). >>>> >>>> These comments seem to contradict each. Or is there a difference between >>>> adding the size specifier to the filename and adding a Z flag to the end >>>> of the file name? >>>> >>>> -- >>>> Peter West >>>> p...@pbw.id.au >>>> And the great throng heard him gladly. >>>> >>> >>> Keyword is 'base filename'. From the wiki, "The standard filename >>> definition is: ":2,".". Z is a flag. >>> >>> Aki >> signature.asc Description: Message signed with OpenPGP
Re: Changing the name of a compressed file
Thanks for that Aki. Follow-up question. I tried to initiate compression by adding mail_plugins = $mail_plugins zlib plugin { zlib_save_level = 6 zlib_save = xz } to dovecot.conf. I restarted dovecot and sent one message to the server, and one message from the server. Neither was compressed. I changed the save type to zlib_save = bz2 and repeated. This time the message received (in /var/vmail///cur) was not compressed, but the message in /var/vmail///.Sent/cur was bzip2 compressed. Why is the received mail not being compressed? Is this the point of the discussion about compressing old mails? > On 10 Jun 2017, at 4:43 pm, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > >> On June 10, 2017 at 5:58 AM Peter West <li...@pbw.id.au> wrote: >> >> >> Concerning Maildir, the wiki page on compression has this: >> >> All mails must have ,S= in their filename where contains the >> original uncompressed mail size, otherwise there will be problems with quota >> calculation as well as other potential random failures. Note that if the >> filename doesn’t contain the ,S= before compression, adding it >> afterwards changes the base filename and thus the message UID. The safest >> thing to do is simply to not compress such files. >> >> Further down on the same page is this: >> >> If the file does exist, rename() (mv) the compressed file over the original >> file. >> • Dovecot can now read the file, but to avoid compressing it again on >> the next run, you'll probably want to rename it again to include e.g. a "Z" >> flag in the file name to mark that it was compressed (e.g. >> 1223212411.M907959P17184.host,S=3271:2,SZ). >> >> These comments seem to contradict each. Or is there a difference between >> adding the size specifier to the filename and adding a Z flag to the end of >> the file name? >> >> -- >> Peter West >> p...@pbw.id.au >> And the great throng heard him gladly. >> > > Keyword is 'base filename'. From the wiki, "The standard filename definition > is: ":2,".". Z is a flag. > > Aki signature.asc Description: Message signed with OpenPGP
Changing the name of a compressed file
Concerning Maildir, the wiki page on compression has this: All mails must have ,S= in their filename where contains the original uncompressed mail size, otherwise there will be problems with quota calculation as well as other potential random failures. Note that if the filename doesn’t contain the ,S= before compression, adding it afterwards changes the base filename and thus the message UID. The safest thing to do is simply to not compress such files. Further down on the same page is this: If the file does exist, rename() (mv) the compressed file over the original file. • Dovecot can now read the file, but to avoid compressing it again on the next run, you'll probably want to rename it again to include e.g. a "Z" flag in the file name to mark that it was compressed (e.g. 1223212411.M907959P17184.host,S=3271:2,SZ). These comments seem to contradict each. Or is there a difference between adding the size specifier to the filename and adding a Z flag to the end of the file name? -- Peter West p...@pbw.id.au And the great throng heard him gladly. signature.asc Description: Message signed with OpenPGP