from:"Reio Remma"

Re: A user's last access time

2020-10-20 Thread Reio Remma


On 20/10/2020 05:31, Victor Sudakov wrote:

Sami Ketola wrote:



On 19. Oct 2020, at 18.54, Victor Sudakov  wrote:

Dear Colleagues,

Is there a file or directory within a user's Maildir, whose date of
modification or access indicates the last time the user accessed his/her
E-mail via IMAP or POP3?

I'd like to figure out the time a user last logged in into his/her mail
account, not the last time a mail was delivered to the INBOX.

This information is probably available in the log, but a file which is
touched each time a user accesses his/her mail, is more convenient.

Not directly but you might want to take a look at this: 
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/

Hello Sami,

I have seen this but I do not want this information in a database. If
you know how to make the lastlogin_plugin write to a local file, that
would be very helpful. Even a local sqlite database would do.

The documentation for the plugin seems very scarce.



I think you should be able to use sqlite just as well as MySQL.

https://wiki.dovecot.org/Dictionary

Good luck!
Reio

Re: Feature request.

2020-10-09 Thread Reio Remma


On 09/10/2020 14:02, Gerald Galster wrote:

I have to say I'm totally baffled since I do nothing when LetsEncrypt renews 
the certificate.

I know the cert has been updated because the mail clients asks me if I trust 
the certificate.

If it makes a difference I use the bash LetsEncrypt not the Python code.

I don't like all those dependencies certbot (python) installs, but it works 
flawlessly on CentOS.
On CentOS 8 you need to enable the EPEL *and* PowerTools repositories 
(/etc/yum/repos.d/...)

I've attached a small perl script that I call via cron 30 minutes after certbot 
starts which reloads services if necessary.

Best regards
Gerald



#!/usr/bin/perl

my $reload;

open(FF, "find /etc/letsencrypt/live -mtime -1 -name cert.pem |");
while(){
chomp;
next if !$_;
$reload++;
}
close(FF);

if($reload){
system("/usr/bin/systemctl reload httpd");
system("/usr/bin/systemctl reload postfix");
system("/usr/bin/systemctl reload dovecot");

}



With certbot you can simply put a script in 
/etc/letsencrypt/renewal-hooks/deploy/:


# deploy-hook-script.sh

set -e

for domain in $RENEWED_DOMAINS; do
    case $domain in

    domain.com )
    chmod 600 "$RENEWED_LINEAGE/fullchain.pem"
    chmod 600 "$RENEWED_LINEAGE/privkey.pem"
    /usr/bin/systemctl reload dovecot
    /usr/bin/systemctl restart opensmtpd
    ;;

    esac
done

Re: Feature request.

2020-10-09 Thread Reio Remma


On 09/10/2020 12:52, lists wrote:

I have to say I'm totally baffled since I do nothing when LetsEncrypt renews 
the certificate.

I know the cert has been updated because the mail clients asks me if I trust 
the certificate.


Curious. The mail clients really shouldn't ask anything when 
encountering a valid certificate.


Are you sure the client isn't asking you to trust an expired certificate?

Reio

Re: Feature request.

2020-10-09 Thread Reio Remma


On 09/10/2020 11:50, Plutocrat wrote:

On 09/10/2020 4:16 pm, Rogier Wolff wrote:

It turns out that dovecot had been running uninterrupted since august
13th, the certificate was renewed on september 7th and I suspect it
expired on october 7th.

I guess you could do a few things yourself to make sure the cert is valid. 
Thinking out loud:

- Blunt instrument approach: Just restart/reload Dovecot once a week via a cron 
job. Letsencrypt will renew certs with less than 15 days to go, so once a week 
should catch it.


If you're using Let's Encrypt, then at least the certbot client has 
renewal hooks that you can use to run dovecot reload etc.


Good luck!
Reio

Re: Dsync issues since 2.3.11.3.

2020-10-02 Thread Reio Remma


On 28/09/2020 11:00, Reio Remma wrote:

Hello!

I've started seeing intermittent dsync failures since upgrading 
Dovecot to 2.3.11.3-3 (CentOS 8 using the official Dovecot repo).


Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Warning: Failed to do 
incremental sync for mailbox INBOX, retry with a full sync (Modseq 
66543 no longer in transaction log (highest=66547, 
last_common_uid=46346, nextuid=46347))
Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Error: Remote command 
returned error 75: ssh  doveadm dsync-server -u user@host


It seems to happen at random times to random users.

My setup has 2 servers - users are connecting to the main server and 
the secondary server is just for backup - noone is actually connecting 
to it. 



For the last few days the problem has been fixated on a specific mailbox.

There are no errors at all in the logs of the secondary server nor any 
further errors on the primary.


Would it be a good idea to run doveadm force-resync on the primary 
server (or both?) for that mailbox?


Thanks,
Reio

Re: Dsync issues since 2.3.11.3.

2020-10-01 Thread Reio Remma


On 28/09/2020 11:00, Reio Remma wrote:

Hello!

I've started seeing intermittent dsync failures since upgrading 
Dovecot to 2.3.11.3-3 (CentOS 8 using the official Dovecot repo).


Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Warning: Failed to do 
incremental sync for mailbox INBOX, retry with a full sync (Modseq 
66543 no longer in transaction log (highest=66547, 
last_common_uid=46346, nextuid=46347))
Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Error: Remote command 
returned error 75: ssh  doveadm dsync-server -u user@host


It seems to happen at random times to random users.

My setup has 2 servers - users are connecting to the main server and 
the secondary server is just for backup - noone is actually connecting 
to it.


Today I encountered a new error amidst the previous ones:

dsync-local(user@host): Error: Mailbox 
INBOX.Trash: /var/vmail/domain/user/Maildir/.Trash/dovecot.index.log: 
Transaction log modseq tracking is corrupted - fixing


Reio

Dsync issues since 2.3.11.3.

2020-09-28 Thread Reio Remma


Hello!

I've started seeing intermittent dsync failures since upgrading Dovecot 
to 2.3.11.3-3 (CentOS 8 using the official Dovecot repo).


Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Warning: Failed to do 
incremental sync for mailbox INBOX, retry with a full sync (Modseq 66543 
no longer in transaction log (highest=66547, last_common_uid=46346, 
nextuid=46347))
Sep 27 17:49:04 host dovecot[130]: 
dsync-local(user@host)<5GWFD2CmcF+TJwAAsNnMGQ>: Error: Remote command 
returned error 75: ssh  doveadm dsync-server -u user@host


It seems to happen at random times to random users.

My setup has 2 servers - users are connecting to the main server and the 
secondary server is just for backup - noone is actually connecting to it.


Any suggestions?

Thanks!
Reio

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread Reio Remma

For internal use I've installed the private CA cert on whatever clients 
I'm using (Thunderbird, browsers). That way you don't need to make 
exceptions every time a certificate changes.


Good luck,
Reio

On 30.04.2020 21:36, hanas...@gmail.com wrote:

Hello,

This is a selfsigned cert.  Both of the below methods were used.

May I ask for 1. pointer to info setting up "intermediate certs" and 
where the certfile goes?


The objective is to generate a self-signed cert and use it for just 
internal use with IMAPS dovecot.


Separately, what are your thoughts as to why evolution works and 
thunderbird does not?


Thank you,

==1
openssl genrsa -out key.pem 2048
openssl req -new -sha512 -key key.pem -out csr.csr
openssl req -x509 -sha512 -days 365 -key key.pem -in csr.csr -out 
certificate.pem

openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA" && echo

==2
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout 
mykey.key -out mycert.pem



On 4/30/20 8:11 AM, Aki Tuomi wrote:


On 30/04/2020 14:49 hanas...@gmail.com  
mailto:hanas...@gmail.com>> wrote:



Recently thunderbird and Dovecot IMAPS cannot agree on SSL however
Evolution, on the exact same system, is working fine with the same
accounts. Tried recreating the Dovecot cert and also the thunderbird
accounts from scratch. The OpenSSL raw client works fine as well.

Would someone also confirm the openssl commands to create a selfsigned
cert for dovecot imaps. They cert created does work with evolution;
just not thunderbird.

Thoughts?

Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth 
attempts in

0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42, session=<-->
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS read client hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write server hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write change cipher spec
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write encrypted extensions
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write server certificate verify
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write finished
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,
ret=554: fatal bad certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

error
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:
SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42, session=<--->

reference
http://forums.debian.net/viewtopic.php?f=5=145849 



You are missing intermediate certs from your certfile. Put them after 
cert in order towards root.


---
Aki Tuomi

Re: Quota calculation with MySQL backend and replication.

2020-04-27 Thread Reio Remma


On 27.04.2020 13:21, Aki Tuomi wrote:

On 27/04/2020 12:35 Reio Remma  wrote:

  
On 27.04.2020 12:15, Reio Remma wrote:

Hello!

Over the weekend I converted our Dovecot server from Maildir quota to
MySQL backed quota and then provisioned a fresh replica server and
seeded it via Dovecot replication.

This morning most mailboxes were over quota, reporting twice the
actual usage. I'm fairly certain it's the effect of having sql backed
quota with both Dovecot servers using the same database.

Can anyone tell me if this is a one-off problem stemming from
replicating the 2nd server from scratch or should I be aware of other
quirks concerning sql backed quota and replication?

I see that arrived messages are also counted twice.

Reio

Please try using count quota with quota_clone instead.

AKi


Thank you! I'll look into it.

Reio

Re: Quota calculation with MySQL backend and replication.

2020-04-27 Thread Reio Remma


On 27.04.2020 12:15, Reio Remma wrote:

Hello!

Over the weekend I converted our Dovecot server from Maildir quota to 
MySQL backed quota and then provisioned a fresh replica server and 
seeded it via Dovecot replication.


This morning most mailboxes were over quota, reporting twice the 
actual usage. I'm fairly certain it's the effect of having sql backed 
quota with both Dovecot servers using the same database.


Can anyone tell me if this is a one-off problem stemming from 
replicating the 2nd server from scratch or should I be aware of other 
quirks concerning sql backed quota and replication?


I see that arrived messages are also counted twice.

Reio

Quota calculation with MySQL backend and replication.

2020-04-27 Thread Reio Remma


Hello!

Over the weekend I converted our Dovecot server from Maildir quota to 
MySQL backed quota and then provisioned a fresh replica server and 
seeded it via Dovecot replication.


This morning most mailboxes were over quota, reporting twice the actual 
usage. I'm fairly certain it's the effect of having sql backed quota 
with both Dovecot servers using the same database.


Can anyone tell me if this is a one-off problem stemming from 
replicating the 2nd server from scratch or should I be aware of other 
quirks concerning sql backed quota and replication?


Thanks a bunch!
Reio

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Reio Remma


On 12/12/2019 13:01, fil...@centrum.cz wrote:

Hello,
I have builded some dovecot packages for CentOS 8 in my personal
repository:
http://repo.joomhosting.eu/centos/8/x86_64/
and SRPMS are in
http://repo.joomhosting.eu/centos/8/SRPMS/

I you want you can try it.

With best regards,
Filip Bartmann


Thanks! Will have a look. :)

Reio



On Thu, 12 Dec 2019 12:31:45 +0200
Reio Remma  wrote:


On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot 
wrote:

   
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still
technical problems due to how CentOS8 repositories are organized.
But soon.

Aki

I tried rebuilding the RPM for CentOS 8 but I see it's missing some
notable required packages like tcp wrappers and quota-devel. Managed
to rebuild by switching these off in the spec file
(--without-libwrap), but that's probably not a good idea. :)

Reio



--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Dovecot 2.3 repo for CentOS 8.

2019-12-12 Thread Reio Remma


On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:

On 09/12/2019 17:20 Reio Remma via dovecot  wrote:

  
Hello!


Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

(sorry for duplicate, user error in earlier one...)

Yes. There are plans for the repo, unfortunately there are still technical 
problems due to how CentOS8 repositories are organized. But soon.

Aki


I tried rebuilding the RPM for CentOS 8 but I see it's missing some 
notable required packages like tcp wrappers and quota-devel. Managed to 
rebuild by switching these off in the spec file (--without-libwrap), but 
that's probably not a good idea. :)


Reio

Dovecot 2.3 repo for CentOS 8.

2019-12-09 Thread Reio Remma via dovecot


Hello!

Are there any plans for an official Dovecot repo for CentOS 8?

Thanks,
Reio

Re: sievec *.sieve problem.

2019-11-05 Thread Reio Remma via dovecot


On 05/11/2019 10:03, Sami Ketola via dovecot wrote:



On 5 Nov 2019, at 9.53, Reio Remma via dovecot <mailto:dovecot@dovecot.org>> wrote:


Hello!

For the second time I've tripped onto this banana peel. :)

I had 2 sieve files in a directory that I wanted to compile:

sievec *.sieve

The result of this is that first.sieve is compiled into second.sieve 
instead of first.svbin, thus destroying the source of second.sieve.


Please consider this a bug report. :)



Not a bug. Works as documented:

# sievec
Usage: sievec  [-c ] [-d] [-D] [-P ] [-x 
]

               []
sievec(root): Fatal: Missing  argument

if you want to compile all sieve scripts in a single directory just 
give that directory as parameter and don't let your shell to expand 
the wildcard.


Sami


Very well, although unfortunate and counterintuitive. :)

Reio

sievec *.sieve problem.

2019-11-04 Thread Reio Remma via dovecot


Hello!

For the second time I've tripped onto this banana peel. :)

I had 2 sieve files in a directory that I wanted to compile:

sievec *.sieve

The result of this is that first.sieve is compiled into second.sieve 
instead of first.svbin, thus destroying the source of second.sieve.


Please consider this a bug report. :)

Good luck,
Reio

Re: Dovecot and MySQL aborted connections.

2019-11-01 Thread Reio Remma via dovecot


On 01/11/2019 10:16, Reio Remma via dovecot wrote:

On 01/11/2019 01:19, Benjamin Connelly via dovecot wrote:

during the update the log_warnings changed from 1 to 2 therefore
showing lots of aborted connection notices in the logs

changing the log_warnings back from 2 to 1 solved this issue


Yes the same setting made the same change to the default with mysql:

https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_log-warnings 



So now we know how to silence the "Aborted connection" mysql loglines 
thank you!



But still I wonder if Dovecot wants to handle these connections 
slightly differently - if it could be cleaner? Or is it moot?


Unfortunately there are (replication info) messages that I actually 
need from that log level and I wouldn't want to just hide issues 
anyway. :)


I monitored the situation in MySQL Workbench a little and it seems the 
userdb MySQL connection closes cleanly.


What doesn't close cleanly is the dict engine MySQL connection that is 
updating last login timestamp (its connection shows COMMIT as the last 
query).


The dict connection closes after sleeping exactly 60 seconds (server 
net_write_timeout is 60 seconds).

The userdb connection closes after about 61-62 seconds for some reason.

I tried changing read/write_timeout in Dovecot MySQL connection to 
lower, equal and higher than those set by the server, but it didn't 
change anything.

Re: Dovecot and MySQL aborted connections.

2019-11-01 Thread Reio Remma via dovecot


On 01/11/2019 01:19, Benjamin Connelly via dovecot wrote:

during the update the log_warnings changed from 1 to 2 therefore
showing lots of aborted connection notices in the logs

changing the log_warnings back from 2 to 1 solved this issue


Yes the same setting made the same change to the default with mysql:

https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_log-warnings 



So now we know how to silence the "Aborted connection" mysql loglines 
thank you!



But still I wonder if Dovecot wants to handle these connections 
slightly differently - if it could be cleaner? Or is it moot?


Unfortunately there are (replication info) messages that I actually need 
from that log level and I wouldn't want to just hide issues anyway. :)

Re: Dovecot and MySQL aborted connections.

2019-10-28 Thread Reio Remma via dovecot


On 28/10/2019 11:28, Gerald Galster via dovecot wrote:

Hi,


Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of these in 
MySQL logs?

2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 to db: 
'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication 
packets)
2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 to db: 
'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication 
packets)
2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 to db: 
'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication 
packets)
2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 to db: 
'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication 
packets)

They've plagued my logs for as long as I can remember. Is Dovecot not closing 
connections to the database properly or something similar?

is it possible MySQL closed inactive connections?

SHOW VARIABLES LIKE '%timeout%';

mysqlx_wait_timeout = 3600
wait_timeout = 3600
mysqlx_interactive_timeout = 3600
interactive_timeout = 3600

Gerald


Variable_name    Value
connect_timeout    10
interactive_timeout    28800
lock_wait_timeout    31536000
net_read_timeout    30
net_write_timeout    60
wait_timeout    28800

That sounds plausible.  I wonder how to solve it though. :) I don't get 
any such notices from OpenSMPTD using the same database.

Dovecot list breaks DKIM.

2019-10-28 Thread Reio Remma via dovecot


Hello again,

I noticed mails from the Dovecot list break DKIM signatures.

Perhaps it's something to look at?

Most lists I'm on manage to pass messages with DKIM intact.

Authentication-Results: abc.abc.abc;
dkim=fail (rsa verify failed) header.d=mrstuudio.ee header.s=mr 
header.b=M03Fp5lE;
dmarc=pass (policy=none) header.from=dovecot.org;
spf=pass


Thanks,
Reio

Dovecot and MySQL aborted connections.

2019-10-28 Thread Reio Remma via dovecot

Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of 
these in MySQL logs?


2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 
to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading 
communication packets)
2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 
to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading 
communication packets)
2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 
to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading 
communication packets)
2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 
to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading 
communication packets)


They've plagued my logs for as long as I can remember. Is Dovecot not 
closing connections to the database properly or something similar?


Reio

Re: LastLogin update

2019-08-12 Thread Reio Remma via dovecot


Hello!

Does it update the remote ip for you if you already have a row for a 
user? I'm experimenting with a similar feature and it seems to be 
updating only the login time. I think it figures the other fields are 
all part of the primary key and therefore not supplied to ON DUPLICATE 
KEY UPDATE ...


Thanks,
Reio


On 24.06.2019 17:25, Júlio Covolato via dovecot wrote:


Em 22/06/2019 22:41, Zhang Huangbin via dovecot escreveu:


On Jun 23, 2019, at 4:43 AM, @lbutlr via dovecot 
 wrote:



https://docs.iredmail.org/track.user.last.login.html

This is cool, but I have a question:


For MySQL/MariaDB backends, we create the sql table in database vmail.
Would this interfere with or confuse postfixadmin? I use that so 
that users can update their own passwords and domain admins can add 
users and aliases.
The document is for iRedMail, it supports storing mail accounts in 
SQL or OpenLDAP, that's why the document mentions the difference.

You're free to use any database on your own mail server.


Zhang Huangbin, founder of iRedMail project: https://www.iredmail.org/


What I did:

#$ cat dovecot-last-login.conf

connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin 
password=xxx


map {
    pattern = shared/last-login/$user/$domain/$rip/$service
    table = last_login
    value_field = last_login
    value_type = uint

    fields {
    username = $user
    domain = $domain
    rip = $rip
    proto = $service
    }
}

--

dovecot.conf:

plugin {

...

...

    # Track last login time on imap and pop3
    last_login_dict = proxy::lastlogin
    last_login_key = last-login/%u/%d/%r/%s
}

Result on mysql:

mysql> select * from last_login where username = 'ju...@xxx.com.br';
+--+++---+---+
| username | domain | last_login | rip   | proto |
+--+++---+---+
| ju...@xxx.com.br | xxx.com.br | 1559921589 | 177.xxx.xxx.230 | imap  |
+--+++---+---+
1 row in set (0.00 sec)


--
    _    Engº Julio Cesar Covolato
   0v0   
  /(_)\  F: +55 11 99175-9260
   ^ ^   PSI INTERNET
--


---
Este email foi escaneado pelo Avast antivírus.
https://www.avast.com/antivirus

Re: Autoexpunge not working for Junk?

2019-08-08 Thread Reio Remma via dovecot


Hello!

I have the autoexpunge settings defined inside protocol imap thus (and 
it works):


protocol imap {
  mail_plugins = quota notify replication imap_quota imap_sieve
  namespace inbox {
    location =
    mailbox Ham {
  autoexpunge = 365 days
    }
    mailbox Spam {
  autoexpunge = 365 days
    }
    mailbox Trash {
  autoexpunge = 180 days
    }
    prefix =
  }
}

Good luck,
Reio

On 08.08.2019 21:34, Amir Caspi via dovecot wrote:

Hi all,

Might anyone have any idea about this issue?  I can run a cron job if 
needed but it seems like autoexpunge SHOULD be doing this automatically...


Thanks!

--- Amir

On Jul 24, 2019, at 10:18 PM, Amir Caspi > wrote:


Hi all,

I set up dovecot a couple of months ago and am having trouble getting 
autoexpunge=30d to work on my Trash and Junk mailboxes.  Not sure why 
not because I'm not getting error messages in my log.
Running "doveadm search -u  mailbox Junk savedbefore 30d" shows 
me many messages (I've got messages back to mid-May, and a couple of 
other users have them back to early April, although if this setting 
were working, there should be nothing earlier than June 24).  Running 
a manual doveadm expunge works fine... it's just autoexpunge that 
seems to not be running at all.


I'm using sendmail as the MTA and procmail as the LDA, so dovecot is 
running purely for IMAP/POP service.


Any help is much appreciated.

Thanks!

doveconf -n:
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-957.21.3.el7.x86_64 x86_64 CentOS Linux release 
7.6.1810 (Core)

# Hostname: REDACTED
auth_username_format = %Ln
first_valid_uid = 1000
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mailbox_list_index = yes
mbox_write_locks = fcntl
namespace compat1 {
 alias_for =
 hidden = yes
 list = no
 location =
 prefix = mail/
 separator = /
}
namespace compat2 {
 alias_for =
 hidden = yes
 list = no
 location =
 prefix = ~/mail/
 separator = /
}
namespace compat3 {
 alias_for =
 hidden = yes
 list = no
 location =
 prefix = ~%u/mail/
 separator = /
}
namespace inbox {
 inbox = yes
 location =
 mailbox Archive {
   special_use = \Archive
 }
 mailbox "Deleted Messages" {
   autoexpunge = 30 days
   special_use = \Trash
 }
 mailbox Drafts {
   special_use = \Drafts
 }
 mailbox Junk {
   autoexpunge = 30 days
   special_use = \Junk
 }
 mailbox "Junk E-mail" {
   autoexpunge = 30 days
   special_use = \Junk
 }
 mailbox Sent {
   special_use = \Sent
 }
 mailbox "Sent Messages" {
   special_use = \Sent
 }
 mailbox Spam {
   autoexpunge = 30 days
   special_use = \Junk
 }
 mailbox Trash {
   autoexpunge = 30 days
   special_use = \Trash
 }
 prefix =
 separator = /
}
passdb {
 driver = pam
}
pop3_uidl_format = %08Xv%08Xu
ssl_cert = # REDACTED
ssl_cipher_list = # REDACTED
ssl_dh_parameters_length = # REDACTED
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
 driver = passwd
}

Re: Dovecot replication and userdb "noreplicate".

2019-08-07 Thread Reio Remma via dovecot


On 07/08/2019 09:29, Sami Ketola wrote:



On 6 Aug 2019, at 23.52, Reio Remma via dovecot  wrote:

service doveadm {
 user = vmail
}

This seems to have fixed it. Here's hoping for no unforeseen side-effects. :)

I still need allow dovecot_t ssh_exec_t:file { execute execute_no_trans open 
read }; for selinux, but there are no more errors in maillog and it can read 
both the key and known_hosts (from either /home/vmail/.ssh/known_hosts or 
/etc/ssh/ssh_known_hosts).

There might be. What we usually is just allow dsync user to sudo doveadm 
dsync-server and then add sudo to dsync remote command.

Sami



Thanks! I'll keep it in mind in case I run into problems with doveadm as 
vmail. So far so good.


Thanks again!
Reio

Re: Dovecot replication and userdb "noreplicate".

2019-08-06 Thread Reio Remma via dovecot


On 06.08.2019 23:17, Reio Remma via dovecot wrote:

On 24.06.2019 16:25, Reio Remma wrote:

On 24.06.2019 8:21, Aki Tuomi wrote:

On 22.6.2019 22.00, Reio Remma via dovecot wrote:

Jun 22 16:55:22 host dovecot: dsync-local(u...@host.ee)<>: Error:
Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l
vmail backup.host.ee doveadm dsync-server -D -uu...@host.ee

PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun
as usual. :)

Dovecot under selinux works, as long as you do it the way the policy
writer intended, seehttps://linux.die.net/man/8/dovecot_selinux

Aki


For replication over SSH I had to add the following module:

module selinux-dovecot-replication-ssh 1.0;

require {
 type ssh_exec_t;
 type ssh_home_t;
 type dovecot_t;
 class file { open read execute execute_no_trans };
 class dir { getattr search };
}

#= dovecot_t ==
allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans };
allow dovecot_t ssh_home_t:dir { getattr search };
allow dovecot_t ssh_home_t:file { open read };

ssh_exec_t to allow Dovecot to use ssh executable in the first place 
and ssh_home_t:dir + ssh_home_t:file for it to be able to read 
known_hosts from /root/.ssh


Reio


To cut down on selinux exceptions I put the destination host in 
/etc/ssh/ssh_known_hosts and dovecot successfully replicates, however 
I get the following log entry for every replicator action:


Aug  6 22:25:59 turin dovecot: doveadm: Error: Could not create 
directory '/root/.ssh'.


Replication is set up with the user vmail (/home/vmail and SSH key in 
/home/vmail/.ssh) and the minimum selinux rule to get Dovecot to read 
the key is:


allow dovecot_t ssh_exec_t:file { execute execute_no_trans open read };

Is there a way I can change from root to vmail user for creating the 
SSH connection?


Doveconf below:

# 2.3.7.1 (0152c8b10): /etc/dovecot/dovecot.conf

service doveadm {
  inet_listener http {
    address = localhost
    port = 8080
  }
}


service doveadm {
    user = vmail
}

This seems to have fixed it. Here's hoping for no unforeseen 
side-effects. :)


I still need allow dovecot_t ssh_exec_t:file { execute execute_no_trans 
open read }; for selinux, but there are no more errors in maillog and it 
can read both the key and known_hosts (from either 
/home/vmail/.ssh/known_hosts or /etc/ssh/ssh_known_hosts).


Reio

Re: Dovecot replication and userdb "noreplicate".

2019-08-06 Thread Reio Remma via dovecot


On 24.06.2019 16:25, Reio Remma wrote:

On 24.06.2019 8:21, Aki Tuomi wrote:

On 22.6.2019 22.00, Reio Remma via dovecot wrote:

Jun 22 16:55:22 host dovecot: dsync-local(u...@host.ee)<>: Error:
Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l
vmail backup.host.ee doveadm dsync-server -D -uu...@host.ee

PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun
as usual. :)

Dovecot under selinux works, as long as you do it the way the policy
writer intended, seehttps://linux.die.net/man/8/dovecot_selinux

Aki


For replication over SSH I had to add the following module:

module selinux-dovecot-replication-ssh 1.0;

require {
 type ssh_exec_t;
 type ssh_home_t;
 type dovecot_t;
 class file { open read execute execute_no_trans };
 class dir { getattr search };
}

#= dovecot_t ==
allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans };
allow dovecot_t ssh_home_t:dir { getattr search };
allow dovecot_t ssh_home_t:file { open read };

ssh_exec_t to allow Dovecot to use ssh executable in the first place 
and ssh_home_t:dir + ssh_home_t:file for it to be able to read 
known_hosts from /root/.ssh


Reio


To cut down on selinux exceptions I put the destination host in 
/etc/ssh/ssh_known_hosts and dovecot successfully replicates, however I 
get the following log entry for every replicator action:


Aug  6 22:25:59 turin dovecot: doveadm: Error: Could not create 
directory '/root/.ssh'.


Replication is set up with the user vmail (/home/vmail and SSH key in 
/home/vmail/.ssh) and the minimum selinux rule to get Dovecot to read 
the key is:


allow dovecot_t ssh_exec_t:file { execute execute_no_trans open read };

Is there a way I can change from root to vmail user for creating the SSH 
connection?


Doveconf below:

# 2.3.7.1 (0152c8b10): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.1 (db5c74be)
# OS: Linux 4.4.186-1.el7.elrepo.x86_64 x86_64 CentOS Linux release 
7.6.1810 (Core)

# Hostname: turin.mrstuudio.ee
doveadm_api_key = # hidden, use -P to show it
dsync_remote_cmd = ssh -i /home/vmail/.ssh/vmail.pem -l %{login} %{host} 
doveadm dsync-server -u %u

mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_log_prefix = "%s(%u): "
mail_plugins = quota notify replication
mail_uid = vmail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox "Deleted Messages" {
    auto = no
    special_use = \Trash
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = no
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = no
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_replica = remote:vmail@replica
}
protocols = imap lmtp
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}
service doveadm {
  inet_listener http {
    address = localhost
    port = 8080
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  executable = lmtp -L
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    mode = 0600
    user = vmail
  }
}
service stats {
  unix_listener stats-writer {
    mode = 0666
  }
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  default_fields = uid=vmail gid=vmail
  driver = sql
}
protocol lmtp {
  mail_plugins = quota notify replication
}
protocol imap {
  imap_capability = +SPECIAL-USE
  imap_metadata = yes
  mail_max_userip_connections = 50
  mail_plugins = quota notify replication imap_quota
  namespace inbox {
    location =
    mailbox Ham {
  autoexpunge = 365 days
    }
    mailbox Spam {
  autoexpunge = 365 days
    }
    mailbox Trash {
  autoexpunge = 180 days
    }
    prefix =
  }
}

Thanks!
Reio

Re: doveadm: Error: open(/proc/self/io) failed

2019-07-30 Thread Reio Remma via dovecot


On 30.07.2019 20:07, Tom Diehl via dovecot wrote:


Does anyone have an Idea how to fix this?

Regards,



Perhaps see if there are any denials in SELinux audit log:

sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a

Good luck,
Reio

Re: Dovecot with MySQL over SSL.

2019-07-22 Thread Reio Remma via dovecot


On 22.07.2019 16:05, Timo Sirainen via dovecot wrote:
On 20 Jul 2019, at 23.02, Reio Remma via dovecot <mailto:dovecot@dovecot.org>> wrote:


On 20.07.2019 22:37, Aki Tuomi via dovecot wrote:


On 20/07/2019 21:07 Reio Remma via dovecot  
wrote:



On 20.07.2019 18:03, Aki Tuomi via dovecot wrote:


On 20/07/2019 13:12 Reio Remma via dovecot < dovecot@dovecot.org 
<mailto:dovecot@dovecot.org>> wrote:



On 19.07.2019 0:24, Reio Remma via dovecot wrote:

I'm attempting to get Dovecot working with MySQL user database on
another machine. I can connect to the MySQL (5.7.26) instance 
with SSL

enabled:
mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
--ssl-cert=/etc/dovecot/client-cert.pem
--ssl-key=/etc/dovecot/client-key.pem 
--ssl-cipher=DHE-RSA-AES256-SHA

-u vmail -p
However if I use the same values in dovecot-sql.conf.ext, I get the
following error:
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL 
connection
error: protocol version mismatch - waiting for 1 seconds before 
retry

Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry
Database connection string:
connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
    ssl_ca=/etc/dovecot/ca.pem \
ssl_cert=/etc/dovecot/client-cert.pem \
ssl_key=/etc/dovecot/client-key.pem \
    ssl_cipher=DHE-RSA-AES256-SHA
Update: I got it to connect successfully now after downgrading 
the MySQL

server tls-version from TLSv1.1 to TLSv1.

Is there a reason why Dovecot MySQL doesn't support TLSv1.1?

Thanks!
Reio


Dovecot mysql uses libmysqlclient. We do not enforce any 
particular tls protocol version. If it requires you to downgrade I 
suggest you review your client my.cnf for any restrictions.

---
Aki Tuomi


Thanks Aki! I'm looking at it now and despite identical MySQL 
5.7.26 versions on both systems, it seems Dovecot is using 
libmysqlclient 5.6.37.


Dovecot seems to be using the older libmysqlclient.so.18.1.0 
(5.6.37) from mysql-community-libs-compat 5.7.26 instead of the 
newer libmysqlclient.so.20.3.13 (5.7.26) from mysql-community-libs 
5.7.26.


If I try to remove the libs-compat, yum also insists on removing 
dovecot-mysql, so it depends on the older libmysqlclient and 
ignores the newer one.


I don't suspect I can do anything on my end to force the Dovecot 
CentOS package to use the non-compat libmysqlclient?


Thanks,
Reio 


What repo are you using?
---
Aki Tuomi


Installed Packages
dovecot-mysql.x86_64 2:2.3.7-8 @dovecot-2.3-latest
mysql-community-libs.x86_64 5.7.26-1.el7 @mysql57-community

Both are from official repos.


dovecot-mysql package is built against the mariadb library that comes 
with CentOS 7. If you want it to work against other libmysqlclient 
versions you'd need to compile it yourself: 
https://repo.dovecot.org/ce-2.3.7/centos/7/SRPMS/2.3.7-8_ce/


Thanks, I'm again one experience richer after compiling Dovecot from the 
source RPM. Nicely running with TLSv1.1 now.


Thanks!
Reio

Re: Dovecot with MySQL over SSL.

2019-07-20 Thread Reio Remma via dovecot


On 20.07.2019 22:37, Aki Tuomi via dovecot wrote:



On 20/07/2019 21:07 Reio Remma via dovecot  wrote:


On 20.07.2019 18:03, Aki Tuomi via dovecot wrote:


On 20/07/2019 13:12 Reio Remma via dovecot < dovecot@dovecot.org 
<mailto:dovecot@dovecot.org>> wrote:



On 19.07.2019 0:24, Reio Remma via dovecot wrote:

I'm attempting to get Dovecot working with MySQL user database on
another machine. I can connect to the MySQL (5.7.26) instance with 
SSL

enabled:
mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
--ssl-cert=/etc/dovecot/client-cert.pem
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA
-u vmail -p
However if I use the same values in dovecot-sql.conf.ext, I get the
following error:
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry
Database connection string:
connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
    ssl_ca=/etc/dovecot/ca.pem \
    ssl_cert=/etc/dovecot/client-cert.pem \
    ssl_key=/etc/dovecot/client-key.pem \
    ssl_cipher=DHE-RSA-AES256-SHA
Update: I got it to connect successfully now after downgrading the 
MySQL

server tls-version from TLSv1.1 to TLSv1.

Is there a reason why Dovecot MySQL doesn't support TLSv1.1?

Thanks!
Reio


Dovecot mysql uses libmysqlclient. We do not enforce any particular 
tls protocol version. If it requires you to downgrade I suggest you 
review your client my.cnf for any restrictions.

---
Aki Tuomi


Thanks Aki! I'm looking at it now and despite identical MySQL 5.7.26 
versions on both systems, it seems Dovecot is using libmysqlclient 
5.6.37.


Dovecot seems to be using the older libmysqlclient.so.18.1.0 (5.6.37) 
from mysql-community-libs-compat 5.7.26 instead of the newer 
libmysqlclient.so.20.3.13 (5.7.26) from mysql-community-libs 5.7.26.


If I try to remove the libs-compat, yum also insists on removing 
dovecot-mysql, so it depends on the older libmysqlclient and ignores 
the newer one.


I don't suspect I can do anything on my end to force the Dovecot 
CentOS package to use the non-compat libmysqlclient?


Thanks,
Reio 


What repo are you using?
---
Aki Tuomi


Installed Packages
dovecot-mysql.x86_64 2:2.3.7-8 @dovecot-2.3-latest
mysql-community-libs.x86_64 5.7.26-1.el7 @mysql57-community

Both are from official repos.

Thanks,
Reio

Re: Dovecot with MySQL over SSL.

2019-07-20 Thread Reio Remma via dovecot


On 20.07.2019 18:03, Aki Tuomi via dovecot wrote:


On 20/07/2019 13:12 Reio Remma via dovecot < dovecot@dovecot.org 
<mailto:dovecot@dovecot.org>> wrote:



On 19.07.2019 0:24, Reio Remma via dovecot wrote:

I'm attempting to get Dovecot working with MySQL user database on
another machine. I can connect to the MySQL (5.7.26) instance with SSL
enabled:
mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
--ssl-cert=/etc/dovecot/client-cert.pem
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA
-u vmail -p
However if I use the same values in dovecot-sql.conf.ext, I get the
following error:
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry
Database connection string:
connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
    ssl_ca=/etc/dovecot/ca.pem \
    ssl_cert=/etc/dovecot/client-cert.pem \
    ssl_key=/etc/dovecot/client-key.pem \
    ssl_cipher=DHE-RSA-AES256-SHA

Update: I got it to connect successfully now after downgrading the MySQL
server tls-version from TLSv1.1 to TLSv1.

Is there a reason why Dovecot MySQL doesn't support TLSv1.1?

Thanks!
Reio


Dovecot mysql uses libmysqlclient. We do not enforce any particular 
tls protocol version. If it requires you to downgrade I suggest you 
review your client my.cnf for any restrictions.

---
Aki Tuomi


Thanks Aki! I'm looking at it now and despite identical MySQL 5.7.26 
versions on both systems, it seems Dovecot is using libmysqlclient 5.6.37.


Dovecot seems to be using the older libmysqlclient.so.18.1.0 (5.6.37) 
from mysql-community-libs-compat 5.7.26 instead of the newer 
libmysqlclient.so.20.3.13 (5.7.26) from mysql-community-libs 5.7.26.


If I try to remove the libs-compat, yum also insists on removing 
dovecot-mysql, so it depends on the older libmysqlclient and ignores the 
newer one.


I don't suspect I can do anything on my end to force the Dovecot CentOS 
package to use the non-compat libmysqlclient?


Thanks,
Reio

Re: Dovecot with MySQL over SSL.

2019-07-20 Thread Reio Remma via dovecot


On 20.07.2019 17:52, John Fawcett via dovecot wrote:

On 18/07/2019 23:24, Reio Remma via dovecot wrote:

Hello!

I'm attempting to get Dovecot working with MySQL user database on
another machine. I can connect to the MySQL (5.7.26) instance with SSL
enabled:

  mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
--ssl-cert=/etc/dovecot/client-cert.pem
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA
-u vmail -p

However if I use the same values in dovecot-sql.conf.ext, I get the
following error:

Jul 19 00:20:18 turin dovecot: master: Dovecot v2.3.7 (494d20bdc)
starting up for imap, lmtp, sieve (core dumps disabled)
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry

Database connection string:

connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
     ssl_ca=/etc/dovecot/ca.pem \
     ssl_cert=/etc/dovecot/client-cert.pem \
     ssl_key=/etc/dovecot/client-key.pem \
     ssl_cipher=DHE-RSA-AES256-SHA

If I leave the ssl_cipher unset, I get:

Jul 19 00:23:41 turin dovecot: auth-worker(83069): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: Failed to set ciphers to use - waiting for 1 seconds before retry

Any ideas?

Thanks!
Reio

One difference between your testing manually with mysql client and the
same configuration in dovecot is the "ssl_verify_server_cert" parameter.
Dovecot is setting it if it is not specified. So to make the tests the
same you should either specify the --ssl_verify_server_cert parameter to
mysql or set it to no in the dovecot configuration.

John


This works as well:

mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem 
--ssl-cert=/etc/dovecot/client-cert.pem 
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA 
--ssl-mode=VERIFY_IDENTITY -u vmail -p


Protocol mismatch persists when I set ssl_verify_server_cert=no for 
Dovecot MySQL connection.


Thanks,
Reio

Re: Dovecot with MySQL over SSL.

2019-07-20 Thread Reio Remma via dovecot


On 19.07.2019 0:24, Reio Remma via dovecot wrote:
I'm attempting to get Dovecot working with MySQL user database on 
another machine. I can connect to the MySQL (5.7.26) instance with SSL 
enabled:


mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem 
--ssl-cert=/etc/dovecot/client-cert.pem 
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA 
-u vmail -p


However if I use the same values in dovecot-sql.conf.ext, I get the 
following error:


Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection 
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): Connections 
using insecure transport are prohibited while 
--require_secure_transport=ON. - waiting for 5 seconds before retry


Database connection string:

connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
    ssl_ca=/etc/dovecot/ca.pem \
    ssl_cert=/etc/dovecot/client-cert.pem \
    ssl_key=/etc/dovecot/client-key.pem \
    ssl_cipher=DHE-RSA-AES256-SHA


Update: I got it to connect successfully now after downgrading the MySQL 
server tls-version from TLSv1.1 to TLSv1.


Is there a reason why Dovecot MySQL doesn't support TLSv1.1?

Thanks!
Reio

Dovecot with MySQL over SSL.

2019-07-18 Thread Reio Remma via dovecot


Hello!

I'm attempting to get Dovecot working with MySQL user database on 
another machine. I can connect to the MySQL (5.7.26) instance with SSL 
enabled:


 mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem 
--ssl-cert=/etc/dovecot/client-cert.pem 
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -u 
vmail -p


However if I use the same values in dovecot-sql.conf.ext, I get the 
following error:


Jul 19 00:20:18 turin dovecot: master: Dovecot v2.3.7 (494d20bdc) 
starting up for imap, lmtp, sieve (core dumps disabled)
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection 
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection 
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): Connections using 
insecure transport are prohibited while --require_secure_transport=ON. - 
waiting for 5 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): Connections using 
insecure transport are prohibited while --require_secure_transport=ON. - 
waiting for 5 seconds before retry


Database connection string:

connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
    ssl_ca=/etc/dovecot/ca.pem \
    ssl_cert=/etc/dovecot/client-cert.pem \
    ssl_key=/etc/dovecot/client-key.pem \
    ssl_cipher=DHE-RSA-AES256-SHA

If I leave the ssl_cipher unset, I get:

Jul 19 00:23:41 turin dovecot: auth-worker(83069): Error: 
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection 
error: Failed to set ciphers to use - waiting for 1 seconds before retry


Any ideas?

Thanks!
Reio

Re: Replication issue 2.3.7

2019-07-13 Thread Reio Remma via dovecot


On 13.07.2019 12:13, Reio Remma via dovecot wrote:

Hello!

I noticed these in the logs since upgrading from 2.3.6. to 2.3.7:

Jul 13 11:52:10 turin dovecot: doveadm: Error: 
dsync-remote(r...@mrstuudio.ee): Error: 
Exporting mailbox INBOX failed: Mailbox attribute 
vendor/vendor.dovecot/pvt/server/sieve/files/MR lookup failed: Mailbox 
attributes not enabled
Jul 13 11:52:11 turin dovecot: doveadm: Error: 
dsync-remote(r...@mrstuudio.ee): Error: 
Exporting mailbox INBOX failed: Mailbox attribute 
vendor/vendor.dovecot/pvt/server/sieve/files/MR lookup failed: Mailbox 
attributes not enabled


After turning on mailbox attributes these errors went away:

mail_attribute_dict = file:~/Maildir/dovecot-attributes

protocol imap {
    imap_metadata = yes
}

But now the errors are replaced with (when deleting mail):

Jul 13 12:04:32 turin dovecot: imap(r...@mrstuudio.ee): Warning: 
/home/vmail/mrstuudio.ee/reio/Maildir/dovecot-uidlist: Duplicate file 
entry at line 2: 
1563008644.M18534P25946.orc.mrstuudio.ee,S=4180,W=4262 (uid 23030 -> 
23031) - retrying by re-reading from beginning
Jul 13 12:04:32 turin dovecot: imap(r...@mrstuudio.ee): Warning: 
Maildir /home/vmail/mrstuudio.ee/reio/Maildir: Expunged message 
reappeared, giving a new UID (old uid=23030, 
file=1563008644.M18534P25946.orc.mrstuudio.ee,S=4180,W=4262:2,S)


The mail message reappears on the other side of dsync and eventually I 
end up with 3 identical messages in trash after I've deleted them on 
both sides.


Thanks for any advice,
Reio


More info:

the issue manifests itself when I read a freshly arrived message on one 
server and then delete it on the other server.


If I delete it on the same server after reading, it seems to work.

The mail client is Thunderbird.

Reio

Replication issue 2.3.7

2019-07-13 Thread Reio Remma via dovecot


Hello!

I noticed these in the logs since upgrading from 2.3.6. to 2.3.7:

Jul 13 11:52:10 turin dovecot: doveadm: Error: 
dsync-remote(r...@mrstuudio.ee): Error: 
Exporting mailbox INBOX failed: Mailbox attribute 
vendor/vendor.dovecot/pvt/server/sieve/files/MR lookup failed: Mailbox 
attributes not enabled
Jul 13 11:52:11 turin dovecot: doveadm: Error: 
dsync-remote(r...@mrstuudio.ee): Error: 
Exporting mailbox INBOX failed: Mailbox attribute 
vendor/vendor.dovecot/pvt/server/sieve/files/MR lookup failed: Mailbox 
attributes not enabled


After turning on mailbox attributes these errors went away:

mail_attribute_dict = file:~/Maildir/dovecot-attributes

protocol imap {
    imap_metadata = yes
}

But now the errors are replaced with (when deleting mail):

Jul 13 12:04:32 turin dovecot: imap(r...@mrstuudio.ee): Warning: 
/home/vmail/mrstuudio.ee/reio/Maildir/dovecot-uidlist: Duplicate file 
entry at line 2: 1563008644.M18534P25946.orc.mrstuudio.ee,S=4180,W=4262 
(uid 23030 -> 23031) - retrying by re-reading from beginning
Jul 13 12:04:32 turin dovecot: imap(r...@mrstuudio.ee): Warning: Maildir 
/home/vmail/mrstuudio.ee/reio/Maildir: Expunged message reappeared, 
giving a new UID (old uid=23030, 
file=1563008644.M18534P25946.orc.mrstuudio.ee,S=4180,W=4262:2,S)


The mail message reappears on the other side of dsync and eventually I 
end up with 3 identical messages in trash after I've deleted them on 
both sides.


Thanks for any advice,
Reio

Re: Pigeonhole release v0.5.7

2019-07-12 Thread Reio Remma via dovecot


On 12.07.2019 22:41, Reio Remma via dovecot wrote:

On 12.07.2019 22:15, Timo Sirainen via dovecot wrote:
On 12 Jul 2019, at 21.09, Reio Remma via dovecot <mailto:dovecot@dovecot.org>> wrote:



- dsync: dsync-replication does not synchronize Sieve scripts.


Sieve replication still doesn't work for me. dsync now replicated 
sieve and sieve/tmp directories, but neither actual sieve files nor 
@.dovecot.sieve link.


What if you change the Sieve script? It probably doesn't immediately 
replicates old scripts.




It indeed works then, thanks! Just existing scripts aren't replicated 
then.


Good luck!
Reio


And... I see another user's untouched script has repicated too now.

It's possible the empty directories had replicated with 2.3.6 and the 
scripts just hadn't replicated yet with 2.3.7 when I looked earlier.


Thanks again!
Reio

Re: Pigeonhole release v0.5.7

2019-07-12 Thread Reio Remma via dovecot


On 12.07.2019 22:15, Timo Sirainen via dovecot wrote:
On 12 Jul 2019, at 21.09, Reio Remma via dovecot <mailto:dovecot@dovecot.org>> wrote:



- dsync: dsync-replication does not synchronize Sieve scripts.


Sieve replication still doesn't work for me. dsync now replicated 
sieve and sieve/tmp directories, but neither actual sieve files nor 
@.dovecot.sieve link.


What if you change the Sieve script? It probably doesn't immediately 
replicates old scripts.




It indeed works then, thanks! Just existing scripts aren't replicated then.

Good luck!
Reio

Re: Pigeonhole release v0.5.7

2019-07-12 Thread Reio Remma via dovecot


On 12.07.2019 15:29, Aki Tuomi via dovecot wrote:

Hi!

We are pleased to release Pigeonhole release v0.5.7.

Tarball is available at

https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.tar.gz.sig

Binary packages are available at https://repo.dovecot.org/

Changes
---
+ vacation: Made the subject for the automatic response message produced
   by the Sieve vacation action configurable. Both the default subject
   (if the script defines none) and the subject template (e.g. used to
   add a subject prefix) can be configured.
- dsync: dsync-replication does not synchronize Sieve scripts.


Sieve replication still doesn't work for me. dsync now replicated sieve 
and sieve/tmp directories, but neither actual sieve files nor 
@.dovecot.sieve link.


Reio

Re: Dovecot replication and userdb "noreplicate".

2019-06-24 Thread Reio Remma via dovecot


On 24.06.2019 8:21, Aki Tuomi wrote:

On 22.6.2019 22.00, Reio Remma via dovecot wrote:

Hello!

I finally took the time and spent two days to set up replication for
my server and now I have a question or two.

I initially set noreplicate userdb field to 1 for all but a test user,
but I could still see in the logs that all mailboxes were trying to
connect to the other server via SSH. Is that normal?

Jun 22 16:55:22 host dovecot: dsync-local(u...@host.ee)<>: Error:
Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l
vmail backup.host.ee doveadm dsync-server -D -u u...@host.ee

Then I ended up setting mail_replica in userdb for only my test user,
but I could still see in the logs that it was trying to sync the
others as well, despite mail_replica being 0 for the rest.

Jun 22 20:52:59 host dovecot: doveadm(u...@host.ee): Fatal: -N
parameter requires syncing with remote host

I also notice (and read from recent posts) that sieve script
replication doesn't work at all.

Dovecot v2.3.6 and Pigeonhole from the official Dovecot CentOS repo.

Thanks,
Reio
PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun
as usual. :)


Hi!

We are fixing this is 2.3.7, noreplicate works but causes errors. You
can try
https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you
are compiling yourself.

Dovecot under selinux works, as long as you do it the way the policy
writer intended, see https://linux.die.net/man/8/dovecot_selinux

Aki


For replication over SSH I had to add the following module:

module selinux-dovecot-replication-ssh 1.0;

require {
type ssh_exec_t;
type ssh_home_t;
type dovecot_t;
class file { open read execute execute_no_trans };
class dir { getattr search };
}

#= dovecot_t ==
allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans };
allow dovecot_t ssh_home_t:dir { getattr search };
allow dovecot_t ssh_home_t:file { open read };


ssh_exec_t to allow Dovecot to use ssh executable in the first place and 
ssh_home_t:dir + ssh_home_t:file for it to be able to read known_hosts 
from /root/.ssh


Reio

Re: Struggling to get dovecot working with postfix auth

2018-10-11 Thread Reio Remma


On 11/10/2018 14:21, Laura Smith wrote:

On Thursday, October 11, 2018 12:07 PM, Ralph Seichter 
 wrote:


On 11.10.18 11:30, Laura Smith wrote:


unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
}

I suggest using "mode = 0660" instead.

Makes no difference.


Do you have SELinux or the like running on the system?

Good luck,
Reio

Re: Renewal of Let's Encrypt Certificates in Dovecot

2018-10-11 Thread Reio Remma


On 11/10/2018 11:55, Ignacio Garcia wrote:
Hi there. I've been using Dovecot for quite some time now but I just 
started using Let's Encrypt certs. Since LE certs are renewed 
automatically without user intervention I'm wondering if I will need 
to restart dovecot after that renewal...


A reload will suffice.

Good luck,
Reio

Re: index corruption weirdness

2018-10-10 Thread Reio Remma


On 10.10.2018 19:12, William Taylor wrote:

OS Info:

CentOS Linux release 7.5.1804 (Core)
3.10.0-862.14.4.el7.x86_64

NFS:
# mount -t nfs |grep mail/15
172.16.255.14:/vol/vol1/mail/15 on /var/spool/mail/15 type nfs
(rw,nosuid,nodev,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,nordirplus,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.16.255.14,mountvers=3,mountport=4046,mountproto=udp,local_lock=none,addr=172.16.255.14)

Dovecot Info:
dovecot -n
# 2.1.17: /etc/dovecot/dovecot.conf


Hi!

Thank you for your report, however, 2.1.17 is VERY old version of
dovecot and this problem is very likely fixed in a more recent version.

Aki


I realize it is an older release.

Are you saying that there is a bug in this version that affects RHEL 7.5
but not RHEL 6 or just use the newest version and maybe the problem goes
away?


I can see from my CentOS 7 installation that it comes with 2.2.10-8.el7 
package. Did you install 2.1.17 specifically somehow?


I'm using dovecot 2.3.3 as packaged by the developers in CentOS 7 myself.

Good luck,
Reio

Re: immediate delete of mails

2018-10-09 Thread Reio Remma


On 09/10/2018 10:54, tselm...@486.hu wrote:
I don't think it's relevant, since with the very same Sylpheed an 
older Dovecot (1.x) could erase the unneeded mails. Perhaps some file 
permission issue on my server...?


Do you see anything in Dovecot logs? It should definitely log if there 
were permission issues.


Good luck,
Reio

Re: Best way to move mail from one server to another

2018-09-26 Thread Reio Remma


On 26/09/2018 16:52, Tanstaafl wrote:

Finally have some time to review list emails...

On Tue Sep 04 2018 03:41:50 GMT-0400 (Eastern Standard Time), Sami
Ketola  wrote:

imapsync always loses data.

Hi Sami,

Can you expand on this?

I used ImapSync to migrate from Dovecot to Office365 a couple of years
ago, and didn't notice any issues with it at all.


Keep reading, the topic was discussed at length. :D

Good luck,
Reio

Re: Quotas not working with roundcube

2018-09-17 Thread Reio Remma


Ahh, there it is. I was reading "Enabling quota plugins".

Thanks,
Reio

On 17/09/2018 09:56, Aki Tuomi wrote:


You should read it more carefully.  See the 'Configuration' section.

Aki


On 17.09.2018 09:31, Reio Remma wrote:
I was wondering about that myself, but then I couldn't find any info 
on quota = in the wiki.


Please update:

https://wiki2.dovecot.org/Quota

:)

Thanks,
Reio

On 17/09/2018 08:57, Aki Tuomi wrote:

You did everything except actually enable quota... =)

Try adding this to your configuration

   quota = count:User quota
   quota_vsizes = yes

inside the plugin {} section.

Aki


On 16 September 2018 at 21:58 Mik J  wrote:


Hello,

I'm trying to have quotas working with roundcube.
When I'm logged into roundcube I see 0% quota which seems to correspond to 
disabled.

However I did everything that I could to enable quotas
https://wiki.dovecot.org/Quota

# doveconf -n
auth_mechanisms = cram-md5 loginauth_verbose = yes
debug_log_path = /tmp/dovecot.log
first_valid_uid = 1000
log_path = /var/log/dovecot.log
mail_gid = vmail
mail_location = maildir:/home/mail/%d/%n/Maildir
mail_plugins = notify replication quota
mail_uid = vmail
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = bsdauth
}
passdb {
   args = /etc/dovecot/dovecot.passwd
   driver = passwd-file
}
plugin {
   quota_grace = 10%%
   quota_rule = *:storage=2G
   quota_rule2 = Trash:storage=+200M
   quota_rule3 = SPAM:ignore
   quota_status_nouser = DUNNO
   quota_status_overquota = 552 5.2.2 Mailbox is full
   quota_status_success = DUNNO
   quota_warning = storage=95%% quota-warning 95 %u
   quota_warning2 = storage=80%% quota-warning 80 %u
}
ssl_ca = /etc/ssl/certs/CA_Intermed_Lets_Encrypt.crt
ssl_cert = 


--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee








--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Quotas not working with roundcube

2018-09-17 Thread Reio Remma

I was wondering about that myself, but then I couldn't find any info on 
quota = in the wiki.


Please update:

https://wiki2.dovecot.org/Quota

:)

Thanks,
Reio

On 17/09/2018 08:57, Aki Tuomi wrote:

You did everything except actually enable quota... =)

Try adding this to your configuration

   quota = count:User quota
   quota_vsizes = yes

inside the plugin {} section.

Aki


On 16 September 2018 at 21:58 Mik J  wrote:


Hello,

I'm trying to have quotas working with roundcube.
When I'm logged into roundcube I see 0% quota which seems to correspond to 
disabled.

However I did everything that I could to enable quotas
https://wiki.dovecot.org/Quota

# doveconf -n
auth_mechanisms = cram-md5 loginauth_verbose = yes
debug_log_path = /tmp/dovecot.log
first_valid_uid = 1000
log_path = /var/log/dovecot.log
mail_gid = vmail
mail_location = maildir:/home/mail/%d/%n/Maildir
mail_plugins = notify replication quota
mail_uid = vmail
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = bsdauth
}
passdb {
   args = /etc/dovecot/dovecot.passwd
   driver = passwd-file
}
plugin {
   quota_grace = 10%%
   quota_rule = *:storage=2G
   quota_rule2 = Trash:storage=+200M
   quota_rule3 = SPAM:ignore
   quota_status_nouser = DUNNO
   quota_status_overquota = 552 5.2.2 Mailbox is full
   quota_status_success = DUNNO
   quota_warning = storage=95%% quota-warning 95 %u
   quota_warning2 = storage=80%% quota-warning 80 %u
}
ssl_ca = /etc/ssl/certs/CA_Intermed_Lets_Encrypt.crt
ssl_cert = 


--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Best way to move mail from one server to another

2018-09-04 Thread Reio Remma

If you have lots of data, you can make an initial pass with rsync whilst 
the old server is running and another rsync pass (with --delete, use dry 
run to test) when you've shut down the old server to sync the changes 
since the initial pass.


Good luck!
Reio


On 04/09/2018 11:40, James Brown wrote:

Thanks Sam

Users not using new mail server yet.

Both old and new using maildir.

Sounds like rsync is the way to go.

Thanks for your help.

James.

Sent from my iPhone XI


On 4 Sep 2018, at 5:41 pm, Sami Ketola  wrote:




On 4 Sep 2018, at 10.20, James Brown  wrote:

I’d like to migrate to a new server. I only need to transfer the mail store, 
have already done the users. I’ve seen different recommendations:

IMAP-Sync
Rsync
Doveadmin backup and
dsync

What are the pros and cons of each? What would be best for me? I’m thinking 
that Doveadmin backup is the way to go.

Both old and new servers are on same network. New server is running Dovecot 
2.3.2.1, old server is 2.2.32. macOS X.

Does anyone have any advice or examples?


It depends. Are your users already receiving mails to the new server? If yes, then the 
only way is to use "doveadm sync -1" or data will be lost. Even then data may 
be lost as UID numbers might already be used in the new server.
If your users are not receiving mails to the new server it still depends. Is 
the mail storage format same in both servers? If yes, then it's probably 
fastest to use rsync. If not, then you need to use doveadm backup.

imapsync always loses data.

Sami






--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Is the Doveadm HTTP API considered stable for production use?

2018-08-23 Thread Reio Remma


On 23.08.18 15:35, Felipe Gasper wrote:



On Aug 23, 2018, at 8:14 AM, James Beck  wrote:


On Wed, Aug 22, 2018 at 09:54:44AM -0400, Felipe Gasper wrote:
If you don’t want to use the HTTP API, you can use the raw doveadm protocol.

https://wiki.dovecot.org/Design/DoveadmProtocol

-FG

Thanks, I didn't know about that. I suppose testing the HTTP API and
then switching to the raw doveadm protocol over TCP if it turns out
"crashy" wouldn't mean too much work.

Why use the HTTP API at all?


How about JSON. :)

Good luck,
Reio

Re: [SIEVE] pipe :copy to external program with arguments

2018-07-31 Thread Reio Remma


On 31.07.18 0:45, spamv...@googlemail.com wrote:

Hi all,

quick questions about sieve pipe:
I want to pipe spam messages to an external program with additional 
parameters


my spamlearn.sieve script:

require ["vnd.dovecot.pipe", "copy", "imapsieve"];
pipe :copy "mybin" ["-h 127.0.0.1:4 " , 
"markspam"];


I also tried:
pipe :copy "mybin" ["-h 127.0.0.1:4  
markspam"];
pipe :copy "mybin" ["-h 127.0.0.1:4 "] 
["markspam"];
pipe :copy :args ["-h 127.0.0.1:4  
markspam"] "mybin" ;


It never executes correct, it always ends with:
Error: sieve: Execution of script /my/path/to/spamlearn.sieve failed

So whats the correct syntax ?

What works is a single argument:
pipe :copy "myscript" ["markspam"];

Dovecot Version 2.3.2.1


My spam script is executed with:

pipe :copy "sa-learn-sieve.sh" ["spam", "${username}", "${message}"];

The latter two arguments are variables in the sieve script.

Good luck,
Reio

Re: Restricting SSL/TLS protocol versions on Dovecot 2.2.22

2018-07-30 Thread Reio Remma


On 30.07.2018 22:29, Aki Tuomi wrote:

On 30 July 2018 at 21:42 J Doe  wrote:




On Jul 29, 2018, at 6:02 PM, Alexander Dalloz  wrote:

Am 29.07.2018 um 21:02 schrieb J Doe:

Hello,
I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
In: 10-ssl.conf there are two parameters:
 ssl_protocols
 ssl_cipher_list
ssl_protocols is commented with “SSL protocol to use” and ssl_cipher_list is 
commented with “SSL ciphers to use”.
If I want to disable SSLv3, for example, do I need to use both parameters or 
will disabling SSLv3 ciphers in
ssl_cipher_list do the same thing ?
So is:
 ssl_cipher_list = !SSLv3
…equivalent to:
 ssl_protocols = !SSLv3
 ssl_cipher_list = !SSLv3


No. SSLv3 is not a cipher but a protocol.

"ssl_protocols = !SSLv2 !SSLv3" is what you want to specify.

For ciphers you could define by ssl_cipher_list see "openssl ciphers -v”

Hi Alexander and list,

I think there may be a discrepancy in the documentation.

On the wiki on the “Dovecot SSL Configuration” page [1] under the section “SSL 
security settings” it says:

 ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

In the conf.d/10-ssl.conf it states:

 # SSL protocols to use
 #ssl_protocols = !SSLv2

 # SSL ciphers to use
 #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

My new question is:

 1. Are the SSL/TLS protocols to use and/or exclude specified in 
“ssl_protocols”, “ssl_cipher_list” or both ?


You can use SSLv2 ciphers with TLSv1.2 protocol, if enabled. ssl protocol 
defines which protocol(s) to support. ssl_cipher_list defines which cipher(s) 
to support. They are not the same thing.

Aki


I personally used https://www.ssllabs.com/ssltest/analyze.html when I 
set up my server to get green across the board for the web server and 
then used the same ciphers for Dovecot and confirmed the result with 
https://github.com/drwetter/testssl.sh


ssl_min_protocol = TLSv1 # New in Dovecot 2.3 iirc.
ssl_cipher_list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM 
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 
EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW 
!3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !SEED"

ssl_prefer_server_ciphers = yes

Good luck,
Reio

Re: v2.3.2 released

2018-06-30 Thread Reio Remma


On 30.06.2018 10:55, Reio Remma wrote:

On 29.06.2018 15:51, Timo Sirainen wrote:

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in 
v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only 
bugs). Binary packages are already in https://repo.dovecot.org/


Has something been changed in the CentOS package, especially with 
SELinux? I just updated from 2.3.1 and now I'm having to add SELinux 
rules for Dovecot to be able to read files in /etc. I've an sqlite 
user database in /etc/mail and sieve scripts in /etc/dovecot/sieve, 
neither are accessible anymore without adding extra SELinux rules.


# This one is now needed to use the sqlite database in /etc/mail
#

module selinux-dovecot-etc 1.0;

require {

    type dovecot_auth_t;

    type etc_mail_t;

    class dir search;

    class file { getattr lock open read write };

}

#= dovecot_auth_t ==

allow dovecot_auth_t etc_mail_t:dir search;

allow dovecot_auth_t etc_mail_t:file { getattr lock open read write };


# This module is needed for Dovecot to be able to execute sieve scripts 
in /etc/dovecot/sieve

#

module selinux-dovecot-etc-execute 1.0;

require {

    type dovecot_etc_t;

    type dovecot_t;

    class file { execute execute_no_trans };

}

#= dovecot_t ==

allow dovecot_t dovecot_etc_t:file { execute execute_no_trans };


# This module is needed for my spamc scripts to access what it needs
#

module selinux-dovecot-sieve-execute 1.0;

require {

    type var_log_t;

    type dovecot_t;

    type spamc_exec_t;

    type tmpfs_t;

    class lnk_file read;

    class file { execute execute_no_trans getattr open read };

}

#= dovecot_t ==

allow dovecot_t spamc_exec_t:file { execute execute_no_trans getattr open read 
};

allow dovecot_t tmpfs_t:lnk_file read;

allow dovecot_t var_log_t:file open;


None of these modules were needed before upgrade from 2.3.1 on my Centos 
7.5 system.


---
Good luck,
Reio

Re: v2.3.2 released

2018-06-30 Thread Reio Remma


On 29.06.2018 15:51, Timo Sirainen wrote:

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as 
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are 
already in https://repo.dovecot.org/


Has something been changed in the CentOS package, especially with 
SELinux? I just updated from 2.3.1 and now I'm having to add SELinux 
rules for Dovecot to be able to read files in /etc. I've an sqlite user 
database in /etc/mail and sieve scripts in /etc/dovecot/sieve, neither 
are accessible anymore without adding extra SELinux rules.


Thanks,
Reio

Re: Sieve_default

2018-06-15 Thread Reio Remma


On 15.06.2018 19:39, @lbutlr wrote:

After turning one bug, I am getting slightly more information:

Jun 15 10:34:44 mail dovecot: imap(kreme): Error: program 
`/usr/lib/dovecot/sieve/sa-learn-spam.sh' was forcibly terminated with signal 15


Did you try running /usr/lib/dovecot/sieve/sa-learn-spam.sh outside of
the sieve script?

Re: Sieve_default

2018-06-13 Thread Reio Remma

> On 13 Jun 2018, at 20:26, @lbutlr  wrote:
> 
> I added 
> 
> require "fileinto”;
> 
> To default.sieve
> 
> I did not pre-compile the script, but according to the docs that should not 
> prevent it from working.
> 
> Spam, messages are still not being filed in to Junk, however.

Anything in the logs?

Re: Lmtp issues on dovecot 2.3.x with big messages

2018-05-22 Thread Reio Remma


On 17.04.2018 2:21, Stephan Bosch wrote:

Op 16/04/2018 om 19:57 schreef Michael Tratz:
Messages are being sent to dovecot LMTP by postfix. If I change 
this email

to another server with dovecot 2.2.x the same message are delivered
immediately.

Confirmed. Starts to fail here around 30Mb. Tested with Swaks.

Working on a fix...
Problem found. It is an explicit limit of 40Mb (for the 30Mb I saw 
in my

tests, there was also a base64 encoding I forgot about).

Will fix both the unhelpful error and the fact that there should be no
limit (currently) for LMTP.


Stephan,

I’m having the same issue with LMTP and large messages with dovecot 
2.3.x. Can you tell me which commit fixes this issue? I looked 
through the GitHub commits, but it’s not clear to me which commit 
fixes this issue. I’d like to apply the patch and re-compile dovecot 
for my machines instead of having to downgrade to 2.2.35.


This fix is currently pending: 
https://github.com/stephanbosch/dovecot-core/commits/lmtp-fix-msg-size-limit


I'm seeing some CI issues still and I am waiting on some input from 
someone else.


Regards,

Stephan.


Any news on when this fix might turn up in a release?

Thanks,
Reio

Re: Search problem

2018-05-09 Thread Reio Remma


On 09.05.2018 19:48, Federico Bartolucci wrote:

Hello,

when doing a simple search through the lucene indexes in some 
mailboxes (with actually many subfolders) the search terminates after 
a few seconds with no result and the dovecot log shows this error:


Fatal: master: service(imap): child 15433 killed with signal 6 (core 
not dumped)



Any clue about the reasons? the lucene indexes have been already 
rebuilt and look OK.


Probably worth gathering more info by getting a full backtrace as per 
instructions in:


https://www.dovecot.org/bugreport.html

Good luck,
Reio

Re: Listening on multiple ports

2018-04-27 Thread Reio Remma


A firewall blocking the port perhaps?

Reio

On 28.04.2018 0:35, Derek Harding wrote:
Many thanks - it doesn't work for me, however. There must be something 
in my configuration somewhere else, perhaps nothing to do with 
Dovecot, that prevents this.


:-)

On 27/04/18 18:55, Aki Tuomi wrote:

Yep.

Aki

On 27 April 2018 at 09:50 Derek Harding 
 wrote:



I appreciate your suggestion. That'll allow both ports or only 8839?

Derek


On 27 April 2018 4:34:33 PM NZST, Aki Tuomi  
wrote:



On 27 April 2018 at 02:25 Derek Harding 

wrote:



Hi,

I want dovecot to listen for imaps (ssl) on both 993 and a

non-standard

port 8839.

I've tried using variations on the inet_listener entries in
10-master.conf as shown in a couple of threads on here but none of

the

attempts have worked.

Can someone provide me with a cut-and-paste solution and confirm into



which file it should be placed (i.e. is the dovecot.conf format using



the inet_listener = {address} appropriate)?

--
Best wishes,
Derek


service imap-login {
  inet_listener {
    ssl = yes
    port = 8839
  }
}

Aki

Re: spamc scripts in IMAPSieve docs.

2018-04-17 Thread Reio Remma


On 17.04.18 13:11, Reio Remma wrote:

On 17.04.18 12:40, Reio Remma wrote:

On 17.04.18 12:38, Aki Tuomi wrote:




On 17.04.2018 12:36, Reio Remma wrote:

Hello!

I noticed SpamAssassin *spamc* usage has entered the documentation 
at https://wiki2.dovecot.org/HowTo/AntispamWithSieve


I'm wondering if the -C (report) option in sa-learn-ham.sh  should 
use revoke instead of report for --ham messages?


I started using imapsieve with spamc myself just a few weeks ago, 
but I haven't used the reporting ability yet.


Reio



Hi!

As the warning says, the scripts are untested. If you are able to 
test them and provide modified versions, or confirm they work it 
would be really welcome input!


Aki


The trouble is the revoke option for spamc is largely undocumented. 
:( I'll have a look at it anyway.


Thanks,
Reio


Okay, while the man page for spamc is unclear, spamc --help states that:
-C, --reporttype reporttype
 Report message to collaborative filtering databases.
 *Report type should be 'report' for **spam or 'revoke' for ham.*

I've no idea why they can't pick that automatically. :) Off to testing.

Reio


Okay. The are two ways to do this - either learning (without reporting) 
or reporting (which includes learning).


--learntype=spam/ham and --reporttype=report/revoke are mutually exclusive.

The docs currently have:

sa-learn-spam.sh:
exec /usr/bin/spamc -u ${1} -L spam -C report
sa-learn-ham.sh:
exec /usr/bin/spamc -u ${1} -L ham -C report

For learning they should be:

sa-learn-spam.sh: exec /usr/bin/spamc -u ${1} --learntype=spam
sa-learn-ham.sh:
exec /usr/bin/spamc -u ${1} --learntype=ham

For reporting (with learning included):

sa-learn-spam.sh: exec /usr/bin/spamc -u ${1} --reporttype=report # SPAM
sa-learn-ham.sh:
exec /usr/bin/spamc -u ${1} --reporttype=revoke # HAM

Good luck, Reio

Re: spamc scripts in IMAPSieve docs.

2018-04-17 Thread Reio Remma


On 17.04.18 12:40, Reio Remma wrote:

On 17.04.18 12:38, Aki Tuomi wrote:




On 17.04.2018 12:36, Reio Remma wrote:

Hello!

I noticed SpamAssassin *spamc* usage has entered the documentation 
at https://wiki2.dovecot.org/HowTo/AntispamWithSieve


I'm wondering if the -C (report) option in sa-learn-ham.sh  should 
use revoke instead of report for --ham messages?


I started using imapsieve with spamc myself just a few weeks ago, 
but I haven't used the reporting ability yet.


Reio



Hi!

As the warning says, the scripts are untested. If you are able to 
test them and provide modified versions, or confirm they work it 
would be really welcome input!


Aki


The trouble is the revoke option for spamc is largely undocumented. :( 
I'll have a look at it anyway.


Thanks,
Reio


Okay, while the man page for spamc is unclear, spamc --help states that:

-C, --reporttype reporttype
Report message to collaborative filtering databases.
*Report type should be 'report' for **spam or 'revoke' for ham.*

I've no idea why they can't pick that automatically. :) Off to testing.

Reio

Re: spamc scripts in IMAPSieve docs.

2018-04-17 Thread Reio Remma


On 17.04.18 12:38, Aki Tuomi wrote:




On 17.04.2018 12:36, Reio Remma wrote:

Hello!

I noticed SpamAssassin *spamc* usage has entered the documentation at 
https://wiki2.dovecot.org/HowTo/AntispamWithSieve


I'm wondering if the -C (report) option in sa-learn-ham.sh  should 
use revoke instead of report for --ham messages?


I started using imapsieve with spamc myself just a few weeks ago, but 
I haven't used the reporting ability yet.


Reio



Hi!

As the warning says, the scripts are untested. If you are able to test 
them and provide modified versions, or confirm they work it would be 
really welcome input!


Aki


The trouble is the revoke option for spamc is largely undocumented. :( 
I'll have a look at it anyway.


Thanks,
Reio

spamc scripts in IMAPSieve docs.

2018-04-17 Thread Reio Remma


Hello!

I noticed SpamAssassin *spamc* usage has entered the documentation at 
https://wiki2.dovecot.org/HowTo/AntispamWithSieve


I'm wondering if the -C (report) option in sa-learn-ham.sh  should use 
revoke instead of report for --ham messages?


I started using imapsieve with spamc myself just a few weeks ago, but I 
haven't used the reporting ability yet.


Reio

Re: two unrelated issues, lastlogin, and an out of memory fatal error

2018-04-11 Thread Reio Remma


On 11.04.18 18:23, David Mehler wrote:

Hello Aki,

Thanks for your suggestion. I followed it and the wiki at:

https://wiki.dovecot.org/Plugins/LastLogin

Good news, I get a record in the users table, with the username that
just logged in. This is good. Bad news is I got unexpected output from
the last_login time stamp. Here's the table and the user:

mysql> describe users;
++--+--+-+-+---+
| Field  | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| userid | varchar(255) | NO   | PRI | NULL|   |
| last_login | int(11)  | YES  | | NULL|   |
++--+--+-+-+---+
2 rows in set (0.00 sec)

mysql> select * from users;
+++
| userid | last_login |
+++
| u...@domain.com | 1523459718 |
+++
1 row in set (0.01 sec)


The issue is the 1523459718  I was expecting something like a time
stamp. Is this fixable? Also, can I use last_login to see on which IP
the user last logged in from?


SELECT FROM_UNIXTIME(1523459718)

Maybe that will help?

Good luck,
Reio

Re: multi-site SSL certificates

2018-04-02 Thread Reio Remma


On 02.04.18 16:17, Jeff Abrahamson wrote:

On Mon, Apr 02, 2018 at 02:34:34PM +0200, Gedalya wrote:

On 04/02/2018 02:25 PM, Jeff Abrahamson wrote:

I see that the file

 .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg

is being created (and one other file, too) but that nginx reports that
the _directory_

 .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg

doesn't exist.

You have a problem with your nginx config. It doesn't seem related to postfix 
et al.

Really off-topic for this list but you could perhaps post your nginx config and 
logs.

If this is more properly a certbot question, I should ask there.  I'd
understood from the certbot docs that postfix had developed a
postfix-specific certbot plugin, in which case this might have been
the right venue to ask.  That I hadn't found that plugin was, to be
fair, a bit suspicious to me, but it wouldn't be the first time I miss
something in front of my nose.


Hello! Maybe try the Postfix list?

Good luck!
Reio

Re: BUG: Unknown command in userdb socket: CPID?2625

2018-03-26 Thread Reio Remma

 user=ad...@asergis.com
Mar 25 16:55:13 mail-server postfix/smtpd[2872]: 5C63030208: 
client=unknown[10.254.200.202], sasl_method=PLAIN, 
sasl_username=ad...@asergis.com
Mar 25 16:55:13 mail-server postfix/cleanup[2881]: 5C63030208: 
message-id=<d7706aa7-a2ad-6890-5590-e6f83b5ec...@asergis.com>
Mar 25 16:55:13 mail-server postfix/qmgr[2870]: 5C63030208: 
from=<ad...@asergis.com>, size=622, nrcpt=1 (queue active)



P.s. I don't mind to use socket without minus on its name. But this 
looks really strange. Thanks. You are awesome



Vladimir










--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: Mail addresses with quotes + Postfix

2018-03-07 Thread Reio Remma


Hello!

Maybe experiment with auth_username_chars:

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

Good luck,
Reio

On 07.03.18 14:46, Philipp Berger wrote:

I wrapped the LDA command in a script. I can see that Postfix passes
"@@mydomain.tld" as the -d argument, without quotes.
I then adapted the script to specifically replace this address with
"@"@mydomain.tld, but this results in the following error message by
Dovecot:

 auth: Info: userdb(?): Username character disallowed by
auth_username_chars: 0x22 (username: "@"@mydomain.tld)

So what would be the appropriate quoting/setting for this address?

Kind regards,
Philipp

Am 06-Mar-18 um 15:08 schrieb Stephan Bosch:


Op 6-3-2018 om 14:34 schreef Philipp Berger:

I upgraded to Dovecot 2.3.0.1 as advised, but it still seems broken. In
the Postfix log I now see:

Mar  6 13:49:03 myhost amavis[7165]: (07165-10) K00VtLRHdrYw FWD from
 -> <"@"@mydomain.tld>, BODY=7BIT 250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B8CA22DA1B37
Mar  6 13:49:03 myhost amavis[7165]: (07165-10) Passed CLEAN
{RelayedInbound}, [someIp]:11439 [someIp]  ->
<"@"@mydomain.tld>, Queue-ID: D27792DA167C, Message-ID:
<22b95756-e95e-86cf-219c-3b603f758...@mydomain.tld>, mail_id:
K00VtLRHdrYw, Hits: -3, size: 7472, queued_as: B8CA22DA1B37, 1863 ms
Mar  6 13:49:03 myhost postfix/smtp[2329]: D27792DA167C:
to=<@@mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=2,
delays=0.15/0.01/0/1.9, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B8CA22DA1B37)
Mar  6 13:49:03 myhost postfix/pipe[2282]: B8CA22DA1B37:
to=<@@mydomain.tld>, relay=dovecot, delay=0.2, delays=0.11/0/0/0.09,
dsn=5.1.1, status=bounced (user unknown)
Mar  6 13:49:03 myhost postfix/cleanup[2280]: EA37E2DA1F80:
message-id=<20180306124903.ea37e2da1...@mydomain.tld>
Mar  6 13:49:04 myhost postfix/bounce[2334]: B8CA22DA1B37: sender
non-delivery notification: EA37E2DA1F80
Mar  6 13:49:04 myhost postfix/qmgr[21911]: EA37E2DA1F80: from=<>,
size=9830, nrcpt=1 (queue active)
Mar  6 13:49:04 myhost postfix/qmgr[21911]: B8CA22DA1B37: removed
Mar  6 13:49:04 myhost postfix/pipe[2282]: EA37E2DA1F80:
to=, relay=dovecot, delay=0.07,
delays=0.05/0/0/0.02, dsn=5.3.0, status=bounced (command line usage
error. Command output: lda: Fatal: Invalid -f parameter: Missing
domain )

I can see in my MySQL Log that Dovecot queried at the same time with %n
= "" (empty) and %d = "@mydomain.tld". So now the "@" is dropped
entirely.

What does the "Fatal: Invalid -f parameter: Missing domain" tell us? Do
I need to change the way Postfix calls Dovecot? Add more quotes? :D

Can you check what Postfix is feeding to Dovecot exactly (i.e.,
whether it is properly escaped)? Maybe wrap dovecot-lda in some shell
script and see what is passed.

Regards,

Stephan.


Kind regards,
Philipp

Am 04-Mar-18 um 21:12 schrieb Stephan Bosch:

Op 3/1/2018 om 2:07 PM schreef Philipp Berger:

Dear all,

I have a working setup with Postfix + Dovecot, storing users in a
MySQL
table.

I ran into problems setting up and using a mail address like
a"@"b...@mydomain.tld, which by RFC should be valid, but leads to
problems
in Dovecot. From my debugging, I can see that on the lookup, Dovecot
replaces %n with "a" (quotes added by me) and %d with "b...@mydomain.tld"
(quotes added by me). So the original quotes are gone, and the
domain/user split is incorrect.

I am not sure of Postfix passes the address without quotes to
Dovecot or
whether Dovecot can not handle quotes correctly, but I was hoping that
someone with more insight into Dovecot could help me out here.

System Info: Debian 9, Postifx 3.1.6-0+deb9u1, Dovecot 2.2.27-3+deb9u1
Postfix master.cf for Dovecot:
dovecot unix  -   n   n   -   -   pipe
flags=DRhu user=virtual:virtual
argv=/usr/lib/dovecot/dovecot-lda -f
${sender} -d ${user}@${nexthop}

I am grateful for any hints :)

Thank you in advance, kind regards,

Yeah, Dovecot v2.2 is doing some funky stuff with SMTP address parsing.
Dovecot v2.3 should do a better job. I am still not sure if this can be
fixed well for Dovecot v2.2.

Regards,

Stephan.

Re: requiring a full fqdn for authentication

2018-03-06 Thread Reio Remma

You need to match against both %n (username) and %d (domain) in your SQL 
query.


Good luck!
Reio

On 06.03.18 16:42, David Mehler wrote:

Hi,

Thanks. Can you elaborate?

Thanks.
Dave.


On 3/6/18, Steffen Kaiser <skdove...@inf.h-brs.de> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 2 Mar 2018, David Mehler wrote:


dovecot to require a complete email address as a login. Currently I
can log in by either a username or fqdn. I've got the below what is
the issue?
If I need to provide my sql password query let me know.

your SQL query in passdb allows both usernames.


- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI
seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh
pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2
MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP
q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq
IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q==
=lhft
-END PGP SIGNATURE-




--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: [ext] Re: Panic: file smtp-address.c: line 530 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))

2018-03-05 Thread Reio Remma


Mine ended up in /tmp on CentOS 7.

Good luck!
Reio


On 05.03.18 16:02, Ralf Hildebrandt wrote:

* Ralf Hildebrandt :

 From the code in lib-smtp/smtp-address.c function smtp_address_write, it
looks as though the assertion will happen whenever there is a non ascii
char that is also non qpair in the local part, ie
!smtp_char_is_atext(*p) and !smtp_char_is_qpair(*p).

Could somebody please point me in the direction how to obtain a
coredump here?

I found
sysctl -w fs.suid_dumpable=2
but where will coredumps be written?

Re: LMTP delivery segfaults when user is over quota.

2018-03-04 Thread Reio Remma


On 04.03.2018 16:25, Reio Remma wrote:

Hello!

I'm having crashes with LMTP delivery when user is over quota on the 
latest CentOS 7.4 with the latest Dovecot 2.3.0.1 from Dovecot repo.


I see the issue has been fixed on January 17, but it doesn't seem to 
have made it into 2.3.0.1 (I compared with the source from 
https://dovecot.org/releases/2.3/dovecot-2.3.0.1.tar.gz).


https://github.com/dovecot/core/commit/2bf919786518d138cc07d9cc21e14ad5e07e5e56#diff-7964e00c46515956a959fa47fc86d605

I also noticed a similar construct being used on line 465 
(rcpt->rcpt.rcpt->path) that was causing the segfault on the above 
commit on line 136.


struct smtp_address *rcpt_to = rcpt->rcpt.rcpt->path;

Should that also use rcpt->rcpt.path; ?

Thanks from the other side of the gulf!
Reio



I now managed to coax a core dump out of CentOS - here it is.

Thanks!
Reio

Reading symbols from /usr/libexec/dovecot/lmtp...Reading symbols from 
/usr/lib/debug/usr/libexec/dovecot/lmtp.debug...done.

done.
[New LWP 18733]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `dovecot/lmtp -L'.
Program terminated with signal 11, Segmentation fault.
#0  smtp_server_reply (_cmd=0x0, status=552, enh_code=0x562468e05050 
"5.2.2", fmt=0x562468e05042 "<%s> %s") at smtp-server-reply.c:210

210 i_assert(cmd->replies_expected <= 1);
(gdb) bt full
#0  smtp_server_reply (_cmd=0x0, status=552, enh_code=0x562468e05050 
"5.2.2", fmt=0x562468e05042 "<%s> %s") at smtp-server-reply.c:210
    cmd = address 0x20)>
    args = {{gp_offset = 1790721792, fp_offset = 22052, 
overflow_arg_area = 0x56246abc3f14, reg_save_area = 0x56246ab70b58}}

    __func__ = "smtp_server_reply"
#1  0x562468e034d7 in lmtp_local_deliver (session=0x56246abe2cd8, 
src_mail=0x56246abde0a8, rcpt=0x56246abada50, trans=0x56246abc3df8, 
cmd=0x56246ab81868, local=0x56246ab7cba0) at lmtp-local.c:621

    set_parser = 
    line = 
    str = 0x56246ab70068
    proxy_data = {proto = SMTP_PROXY_PROTOCOL_LMTP, source_ip = 
{family = 0, u = {ip6 = {__in6_u = {__u6_addr8 = '\000' times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 
0}}}, ip4 = {s_addr = 0}}},
  source_port = 0, helo = 0x56246abc3c80 "bwo.mrstuudio.ee", 
login = 0x0, ttl_plus_1 = 0, timeout_secs = 0, extra_fields = 0x0, 
extra_fields_count = 0}

    delivery_time_started = {tv_sec = 1520176597, tv_usec = 704043}
    sets = 
    rcpt_user = 0x56246abe30e8
    mail_set = 
    username = 
    rcpt_idx = 0
    smtp_set = 0x56246abcf448
    lda_set = 0x56246abcf4b8
    ns = 
    rcpt_to = 0x56246abc3f00
    trcpt = 0x56246abc3ec0
    storage = 0x56246abe8838
    mail_error = MAIL_ERROR_NOQUOTA
    ret = 
    client = 0x56246abaf538
    service_user = 
    dctx = {pool = 0x56246abe2cb0, set = 0x56246abcf4b8, smtp_set = 
0x56246abcf448, session = 0x56246abe2cd8, session_time_msecs = 24, 
delivery_time_started = {tv_sec = 1520176597, tv_usec = 704043}, dup_db 
= 0x0,
  session_id = 0x56246abadab0 "PAN2KNUNnFotSQAAinc3nQ", 
src_mail = 0x56246abde0a8, mail_from = 0x56246abc3e98, mail_params = 
{auth = 0x0, body = {type = SMTP_PARAM_MAIL_BODY_TYPE_UNSPECIFIED, ext = 
0x0}, envid = 0x0,
    ret = SMTP_PARAM_MAIL_RET_UNSPECIFIED, size = 0, 
extra_params = {arr = {buffer = 0x0, element_size = 0}, v = 0x0, 
v_modifiable = 0x0}}, rcpt_to = 0x56246abc3f00, rcpt_params = {orcpt = 
{addr_type = 0x0,
  addr = 0x56246abc3f00, addr_raw = 0x0}, notify = 
SMTP_PARAM_RCPT_NOTIFY_UNSPECIFIED, extra_params = {arr = {buffer = 0x0, 
element_size = 0}, v = 0x0, v_modifiable = 0x0}}, rcpt_user = 
0x56246abe30e8,
  rcpt_default_mailbox = 0x562468e05064 "INBOX", dest_mail = 
0x0, cache = 0x56246abe2df8, tempfail_error = 0x0, tried_default_save = 
true, saved_mail = false, save_dest_mail = false, mailbox_full = false, 
dsn = false}

    input = 
    var_table = 
    error = 0x56246abfb3a0 "Kasutaja postkast on täis."
#2  lmtp_local_deliver_to_rcpts (session=0x56246abe2cd8, 
trans=0x56246abc3df8, cmd=0x56246ab81868, local=0x56246ab7cba0) at 
lmtp-local.c:657

    rcpt = 0x56246abada50
    first_uid = 4294967295
    src_mail = 0x56246abde0a8
    count = 1
    i = 0
    rcpts = 
#3  lmtp_local_data (client=client@entry=0x56246abaf538, 
cmd=cmd@entry=0x56246ab81868, trans=trans@entry=0x56246abc3df8, 
input=) at lmtp-local.c:734

    local = 0x56246ab7cba0
    session = 0x56246abe2cd8
    old_uid = 0
#4  0x562468e02123 in cmd_data_finish (trans=0x56246abc3df8, 
cmd=0x56246ab81868, client=0x56246abaf538) at commands.c:144

    state = 0x56246abaf5c0
    input_proxy = 0x0
    input_msg = 0x0
    input_lo

LMTP delivery segfaults when user is over quota.

2018-03-04 Thread Reio Remma


Hello!

I'm having crashes with LMTP delivery when user is over quota on the 
latest CentOS 7.4 with the latest Dovecot 2.3.0.1 from Dovecot repo.


I see the issue has been fixed on January 17, but it doesn't seem to 
have made it into 2.3.0.1 (I compared with the source from 
https://dovecot.org/releases/2.3/dovecot-2.3.0.1.tar.gz).


https://github.com/dovecot/core/commit/2bf919786518d138cc07d9cc21e14ad5e07e5e56#diff-7964e00c46515956a959fa47fc86d605

I also noticed a similar construct being used on line 465 
(rcpt->rcpt.rcpt->path) that was causing the segfault on the above 
commit on line 136.


struct smtp_address *rcpt_to = rcpt->rcpt.rcpt->path;

Should that also use rcpt->rcpt.path; ?

Thanks from the other side of the gulf!
Reio

Re: Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma


Thanks for the pointer!

That didn't work though, but what worked was:

[Service]
ReadWriteDirectories=/home/dovecot

What would be the preferred directory for storing all virtual mail 
without modification to system files?


Thanks!
Reio

On 01.02.2018 21:57, Aki Tuomi wrote:

/etc/systemd/system/dovecot.service.d/writable-home.conf

[Service]
ProtectHome=false


maybe this helps?

---
Aki Tuomi
Dovecot oy

 Original message 
From: Reio Remma <r...@mrstuudio.ee>
Date: 01/02/2018 21:44 (GMT+02:00)
To: dovecot@dovecot.org
Subject: Dovecot 2.3 on CentOS 7.

Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus
the SSL changes) but after upgrading to 2.3 I'm getting the following
errors:

Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Debug:
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with
file
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log:
Read-only file system
Feb  1 21:30:18 localhost dovecot:
imap(r...@bwo.mrstuudio.ee)<3566>: Error:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error:
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox
INBOX.Templates:
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 


failed: Read-only file system

So far I've tried running it with SELinux enforce off and giving the
directories 777 permissions to no avail.

Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

Dovecot 2.3 on CentOS 7.

2018-02-01 Thread Reio Remma


Greetings!

I'm having a bit of trouble trying out Dovecot 2.3 on CentOS 7.

Dovecot 2.2.33 works fine on the same system (same config as well, minus 
the SSL changes) but after upgrading to 2.3 I'm getting the following 
errors:


Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Debug: 
INBOX.Templates: Mailbox opened because: STATUS
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: open() failed with 
file 
/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot.index.log: 
Read-only file system
Feb  1 21:30:18 localhost dovecot: 
imap(r...@bwo.mrstuudio.ee)<3566>: Error: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist.lock) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
file_dotlock_create(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system
Feb  1 21:30:18 localhost dovecot: Error: 
imap(r...@bwo.mrstuudio.ee)<3566>: Mailbox 
INBOX.Templates: 
open(/home/dovecot/bwo.mrstuudio.ee/reio/Maildir/.Templates/dovecot-uidlist) 
failed: Read-only file system


So far I've tried running it with SELinux enforce off and giving the 
directories 777 permissions to no avail.


Is anyone else running 2.3 on CentOS 7?

Thanks and good luck!
Reio

71 matches

Mail list logo