Re: File manager or browser for IMAP?
On Tue, Sep 24, 2019 at 9:19 PM Steve Litt via dovecot wrote > > They only see some of the folders. Are they subscribed? >
Re: [Bug] Sieve vacation :addresses match only case-sensitive?
> > It is not recommended to rely on local-part case, but it is indeed > case-sensitive. > > And this is to avoid such issues that postfix supports address > cleanup/canonicalisation before forwarding mails to dovecot. > > -- > RFC 5321: > > "Local-part = Dot-string / Quoted-string ; MAY be case-sensitive > […] > While the above definition for Local-part is relatively permissive, for > maximum interoperability, a host that expects to receive mail SHOULD avoid > defining mailboxes where the Local-part requires (or uses) the > Quoted-string form or where the Local-part is case-sensitive." > > And therefore “receive liberally” policy that wants to assume case-insensitivity should single-case the address IN THE COMPARISON. > >
Re: [Bug] Sieve vacation :addresses match only case-sensitive?
On Wed, Sep 4, 2019 at 8:25 AM Philipp Faeustlin via dovecot < dovecot@dovecot.org> > Further investigation showed me that it has to be a bug. > > I tested with Dovecot 2.2.36.3 (a7d78f5a2), Pigeonhole version 0.4.24 > (5a7e9e62): > > In this version the additional addresses in vacation :addresses > ["t...@example.com"] are handled case-insensitive. > > In the new version: Dovecot 2.3.7.2 (3c910f64b), Pigeonhole version > 0.5.7.2 (7372921a) installed via https://repo.dovecot.org/, (same sieve, > same configuration) these addresses are handled case-sensitive. > > The case-sensitive matching of mail addresses, doesn't make any sense to > me. > > Could someone confirm this behavior? > > Isn’t RFC-compliant behavior to treat the local part as case-sensitive and the domain-part as case-insensitive?
Re: Bug: subscriptions file
If John Doe dies and a new John Doe is born, they’re not the same person, are they? On Wed, May 23, 2018 at 10:37 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote: > That's rather difficult semantic question. > > Aki > > On 24.05.2018 08:35, Roger Klorese wrote: > > If something deletes and recreates the folder, it’s not really the folder > to which you subscribed, is it?! > On Wed, May 23, 2018 at 10:33 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote: > >> I understand that reading that paragraph makes it sounds obscure and >> outdated. But the problem is that if something deletes & recreates your >> folder, while you were gone, you would lose the subscription. This includes >> other MUAs that are in no way obligated to resubscribe to the folder if >> they do this. >> >> Aki >> >> On 23.05.2018 23:13, Rupert Gallagher wrote: >> >> Sorry for top posting, my client is still broken. >> >> I have never seen the ghost of a "system-alerts" or similar "well-known" >> mail folder in the past 30 years. >> >> Compliance with an RFC obscure feature is compellong us all to clear >> subscriptions >> fol ders by hand. >> >> As we meet the problem over and over again, a non-RFC configuration >> option could solve the problem, and it would be very much appreciated... >> >> >> On Wed, May 23, 2018 at 11:57, Aki Tuomi <aki.tu...@dovecot.fi> wrote: >> >> > On 23.05.2018 12:31, Rupert Gallagher wrote: >> >> Dovecot does not clear the subscription file from non-existent folders. >> >> >> Hi! >> >> Thank you for your bug report. Unfortunately this is not a BUG, but >> mandated behavior by RFC3501, see last two paragraphs in the excerpt. >> >> Aki Tuomi >> >> 6.3.6. SUBSCRIBE Command >> >>Arguments: mailbox >> >>Responses: no specific responses for this command >> >>Result: OK - subscribe completed >>NO - subscribe failure: can't subscribe to that name >>BAD - command unknown or arguments invalid >> >> The SUBSCRIBE command adds the specified mailbox name to the >> server's set of "active" or "subscribed" mailboxes as returned by >> the LSUB command. This command returns a tagged OK response only >> if the subscription is successful. >> >> A server MAY validate the mailbox argument to SUBSCRIBE to verify >> that it exists. However, it MUST NOT unilaterally remove an >> existing mailbox name from the subscription list even if a mailbox >> by that name no longer exists. >> >>Note: This requirement is because a server site can >>choose to routinely remove a mailbox with a well-known >>name (e.g., "system-alerts") after its contents expire, >>with the intention of recreating it when new contents >>are appropriate. >> >> >> >
Re: Bug: subscriptions file
If something deletes and recreates the folder, it’s not really the folder to which you subscribed, is it?! On Wed, May 23, 2018 at 10:33 PM Aki Tuomiwrote: > I understand that reading that paragraph makes it sounds obscure and > outdated. But the problem is that if something deletes & recreates your > folder, while you were gone, you would lose the subscription. This includes > other MUAs that are in no way obligated to resubscribe to the folder if > they do this. > > Aki > > On 23.05.2018 23:13, Rupert Gallagher wrote: > > Sorry for top posting, my client is still broken. > > I have never seen the ghost of a "system-alerts" or similar "well-known" > mail folder in the past 30 years. > > Compliance with an RFC obscure feature is compellong us all to clear > subscriptions > fol ders by hand. > > As we meet the problem over and over again, a non-RFC configuration option > could solve the problem, and it would be very much appreciated... > > > On Wed, May 23, 2018 at 11:57, Aki Tuomi wrote: > > > On 23.05.2018 12:31, Rupert Gallagher wrote: > > Dovecot does not clear the subscription file from non-existent folders. > > > Hi! > > Thank you for your bug report. Unfortunately this is not a BUG, but > mandated behavior by RFC3501, see last two paragraphs in the excerpt. > > Aki Tuomi > > 6.3.6. SUBSCRIBE Command > >Arguments: mailbox > >Responses: no specific responses for this command > >Result: OK - subscribe completed >NO - subscribe failure: can't subscribe to that name >BAD - command unknown or arguments invalid > > The SUBSCRIBE command adds the specified mailbox name to the > server's set of "active" or "subscribed" mailboxes as returned by > the LSUB command. This command returns a tagged OK response only > if the subscription is successful. > > A server MAY validate the mailbox argument to SUBSCRIBE to verify > that it exists. However, it MUST NOT unilaterally remove an > existing mailbox name from the subscription list even if a mailbox > by that name no longer exists. > >Note: This requirement is because a server site can >choose to routinely remove a mailbox with a well-known >name (e.g., "system-alerts") after its contents expire, >with the intention of recreating it when new contents >are appropriate. > > >
Re: Permissions on /var/log/dovecot
So is yours. Why not say what SHOULD be done? Since we were discussing logging, including only the lines about logging seem to be a reasonable response to the original open-ended question. “Please include the complete output of ‘dovecot -n’” would get your point across instead of just letting you be a snarky ass. On Mon, Mar 19, 2018 at 1:14 PM Odhiambo Washingtonwrote: > > > On 19 March 2018 at 22:45, @lbutlr wrote: > >> On 2018-03-19 (13:19 MDT), Odhiambo Washington >> wrote: >> > >> > What does your doveconf -n have? >> >> imap_id_log = * >> log_path = /var/log/dovecot >> > > This is a very useless response! > > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft." >
Re: How to make dovecot access a MySQL database with a certain domain?
Replace 127.0.0.1 with the domain name. On Tue, Nov 28, 2017 at 10:08 AM Spike98wrote: > I am trying to make a mail server with Postfix using the Dovecot software. > At the time of wanting to access my server from a mail client, it does not > let me access and see the logs of my server with the command: > > $ service dovecot status > with the following error: > > dovecot: auth-worker(2769): Error: mysql(127.0.0.1): Connect failed to > database (postfix): Access denied for user 'postfix'@'localhost' (using > password: YES) - waiting for 125 seconds before retry > > From what I understand of this error is that it is trying to enter > 'postfix' @ 'localhost' instead of the domain that I specify when I made > the database that is mydomain.com > > How can you make dovecot go to MySQL with post...@mydomain.com instead of > localhost > > This is my Dovecot configuration > > /etc/dovecot/dovecot-sql.conf.ext > > driver=mysql > > default_pass_scheme=PLAIN-MD5 > > connect=host=127.0.0.1 dbname=postfix user=postfix password=postfix > > password_query=SELECT username,domain,password FROM usuarios WHERE > username='%n' AND domain='%d' > > user_query=SELECT 1007 as uid, 1007 as gid, > concat("maildir:/var/vmail",domain,'/',username,'/') as mail FROM usuarios > WHERE username='%n' AND domain='%d' > > iterate_query=SELECT username,domain FROM usuarios
Re: Sieve coding question
On 11/16/17 11:03 AM, Stephan Bosch wrote: Op 11/16/2017 om 7:42 PM schreef lists.dove...@rogerklorese.com: Is there a more appropriate list on which to ask for assistance in coding Sieve rules, or may I ask here? I know of no other suitable venue, so go ahead. Regards, Stephan. Here is the config. I don't think IMAPsieve is configured... # dovecot -n # 2.2.30.2 (c0c463e): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.18 (29cc74d) # OS: Linux 3.10.0-514.6.1.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core) xfs first_valid_uid = 1000 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_gid = mailboxes mail_home = maildir:/home/mailboxes/%d/%u mail_location = maildir:/home/mailboxes/%d/%u mail_privileged_group = mailboxes mail_uid = mailboxes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify mbox_write_locks = fcntl namespace inbox { inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . subscriptions = yes type = private } passdb { driver = pam } passdb { args = /etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { recipient_delimiter = + sieve = /home/mailboxes/%d/%u/sieve/dovecot.sieve sieve_default = /etc/dovecot/sieve/default.sieve sieve_dir = /home/mailboxes/%d/%u/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /etc/dovecot/sieve/global/ sieve_global_path = /etc/dovecot/sieve/default.sieve } pop3_uidl_format = %v-%u protocols = imap pop3 lmtp sieve sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = mailboxes mode = 0660 user = mailboxes } unix_listener auth-userdb { mode = 0777 } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Re: Sieve coding question
On 11/16/17 11:03 AM, Stephan Bosch wrote: Op 11/16/2017 om 7:42 PM schreef lists.dove...@rogerklorese.com: Is there a more appropriate list on which to ask for assistance in coding Sieve rules, or may I ask here? I know of no other suitable venue, so go ahead. Regards, Stephan. I have the following as the last rule: if anyof (header :contains "x-spam-flag" "YES", header :contains "subject" "*SPAM*") { fileinto "INBOX.Junk"; stop; } It seems to fire not only when mail is first retrieved, but if a message is moved back into INBOX (so it moves back to Spam). Any suggestions on how to make it fire only on initial processing?
Re: Dovecot - Postfix Calender Synchronisation
On Thu, Aug 24, 2017 at 11:28 PM Rupert Gallagher <r...@protonmail.com> wrote: > On Thu, Aug 24, 2017 at 10:55 PM, Roger Klorese <rogerklor...@gmail.com> > wrote: > > > "Webmail? We use dovecot." And how exactly do you read and write mail > using dovecot? > > With a MUA. > And you’re suggesting that webmail is somehow more of a risk than lots of users each running their own MUA. I see. > >
Re: Dovecot - Postfix Calender Synchronisation
“Webmail? We use dovecot.” And how exactly do you read and write mail using dovecot? On Thu, Aug 24, 2017 at 10:56 AM Gregory Sloopwrote: > > > RG> Re: portable formats and their mime type > > RG> https://en.m.wikipedia.org/wiki/ICalendar > RG> https://en.m.wikipedia.org/wiki/VCard > > RG> Re: dependencies > > RG> - db: why? just use the ical and vcard files! They are files, > RG> they are in a directory, they can be used like dovecot uses eml > RG> files! No need for postgresql or mysql. > > RG> - webmail: why? We use dovecot!!! > > RG> - apache web: why? we use nginx. > > RG> - linux: why? we use other unix systems. > > RG> - python: why? it takes 140MB all by itself, it is an interpreter > RG> (slow), it is a security hazard, we would have to install it on > RG> purpose and sanbox it in a virtual machine! So we have to install a vm > manager. > > RG> Bloody hell... > > This is a little tongue-in-cheek, but... > Do you also yell "Get offa my lawn you dirty punk kids!" regularly? > > I thought I had the curmudgeonly-old-man schtick down, but you're like Obi > Wan. > :) >
Re: passwd-file, getting invalid uid 0
Did you miss the part about 0 also being hardcoded? On Tue, Jul 18, 2017 at 1:34 PM Larry Rosenmanwrote: > On Tue, Jul 18, 2017 at 3:31 PM, Larry Rosenman > wrote: > > > That didn't change it :( > > Jul 18 15:28:14 thebighonker dovecot: auth-worker(77908): Error: > > passwd-file /etc/passwd: User root has invalid UID '0' > > Jul 18 15:28:14 thebighonker dovecot: auth-worker(77908): Error: > > passwd-file /etc/passwd: User toor has invalid UID '0' > > > > doveconf -n: > > lrosenman:~ lrosenman$ ssh tbh.lerctr.org doveconf -n > > # 2.2.31 (65cde28): /usr/local/etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.19 (e5c7051) > > # OS: FreeBSD 11.1-PRERELEASE amd64 > > auth_mechanisms = plain login > > auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org > > thejonesonair.com thejonesonair.net > > default_vsz_limit = 1 G > > deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w) > > doveadm_password = # hidden, use -P to show it > > first_valid_gid = 0 > > first_valid_uid = 0 > > lda_mailbox_autocreate = yes > > listen = 192.147.25.65, :: > > lmtp_save_to_detail_mailbox = yes > > login_access_sockets = tcpwrap > > mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes > > mail_location = mbox:~/mail:INBOX=~/mail/INBOX > > mail_log_prefix = "%s(%u/%p): " > > mail_plugins = " fts fts_solr notify stats virtual" > > mail_privileged_group = mail > > mail_server_admin = mailto:l...@lerctr.org > > mail_server_comment = LERCTR Mail Server > > mailbox_list_index = yes > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope encoded-character > > vacation subaddress comparator-i;ascii-numeric relational regex > imap4flags > > copy include variables body enotify environment mailbox date index ihave > > duplicate mime foreverypart extracttext vacation-seconds editheader > > mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve > > namespace archive { > > hidden = no > > list = no > > location = mbox:~/MAIL-ARCHIVE > > prefix = ARCHIVE/ > > separator = / > > } > > namespace inbox { > > inbox = yes > > location = > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox INBOX { > > auto = create > > } > > mailbox SENT { > > special_use = \Sent > > } > > mailbox SPAM { > > special_use = \Junk > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Trash { > > special_use = \Trash > > } > > mailbox virtual/Flagged { > > special_use = \Flagged > > } > > mailbox virtual/all { > > special_use = \All > > } > > prefix = > > } > > namespace virtual { > > hidden = no > > list = yes > > location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY > > prefix = Virtual/ > > separator = / > > } > > passdb { > > args = /usr/local/etc/dovecot/dovecot-sql.conf.ext > > driver = sql > > } > > passdb { > > args = user=%Ln noauthenticate > > driver = static > > skip = authenticated > > } > > passdb { > > args = failure_show_msg=yes session=yes max_requests=20 > > driver = pam > > skip = authenticated > > } > > plugin { > > fts = solr > > fts_autoindex = yes > > fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/ > > fts_tika = http://localhost:9998/tika/ > > imapsieve_mailbox1_before = file:/usr/local/share/dovecot- > > pigeonhole/sieve/report-spam.sieve > > imapsieve_mailbox1_causes = COPY > > imapsieve_mailbox1_name = SPAM > > imapsieve_mailbox2_before = file:/usr/local/share/dovecot- > > pigeonhole/sieve/report-ham.sieve > > imapsieve_mailbox2_causes = COPY > > imapsieve_mailbox2_from = SPAM > > imapsieve_mailbox2_name = * > > imapsieve_url = sieve://thebighonker.lerctr.org > > mail_log_events = delete undelete expunge copy mailbox_delete > > mailbox_rename flag_change append > > mail_log_fields = uid box msgid size from subject vsize flags > > recipient_delimiter = + > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > sieve_execute_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve > > sieve_extensions = +editheader +vacation-seconds +mboxmetadata > > +servermetadata > > sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute > > sieve_pipe_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve > > sieve_plugins = sieve_imapsieve sieve_extprograms > > stats_command_min_time = 1 mins > > stats_domain_min_time = 12 hours > > stats_ip_min_time = 12 hours > > stats_memory_limit = 16 M > > stats_refresh = 5s > > stats_session_min_time = 15 mins > > stats_track_cmds = yes > > stats_user_min_time = 1 hours > > } > > protocols = imap pop3 lmtp sieve > > service auth { > > unix_listener auth-client { > > mode = 0666 > > } > > unix_listener auth-master { > > mode = 0666 > > } > > } > > service doveadm { > > inet_listener http { > > port = 8080 > > ssl = yes > > } > > } > > service
Re: STARTTLS issue with sieve
But if it won’t trust that copy, that invalidates the chain, right? On Sun, Jul 9, 2017 at 9:48 AM Heiko Schlittermannwrote: > Alexander Dalloz (So 09 Jul 2017 13:14:56 CEST): > … > > It is wrong to send the root CA along with the intermediate and server > > certificates. The root CA cert must be in the CA trust bundle of the > client. > > I wouldn't say it is wrong. But it should be useless, as the client > wont trust the root CA it received. The client should trust only its > copy of the root CA. > > Best regards from Dresden/Germany > Viele Grüße aus Dresden > Heiko Schlittermann > -- > SCHLITTERMANN.de internet & unix support - > Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - > gnupg encrypted messages are welcome --- key ID: F69376CE - > ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 - >
Moving from CentOS to GF RPMs
Does anyone have fool-proof documentation for this fool on how to configure repos and what operations to perform to move from the distro RPMs to the GF ones without breaking stuff?
Re: Clamping down on mailbox sizes...
I'd take the opposite approach and tell them no new mail will be received until they are under quota. On Tue, Jan 24, 2017 at 4:52 PM SH Developmentwrote: > I don’t want to do this for all users….but… > > I have a few users who insist that they use their mailboxes regularly and > don’t want it cancelled. Fine. But they won’t clean them out either. > > What steps would you all recommend for setting quotas on some users but > not others? > > Specifically starting out with identifying WHICH accounts have excessive > amounts of crap in them, by age, then sending them a notice stating they > are going to get limited, then deleting mail older than x number of days if > they don’t do it themselves by a certain time frame... > > Thoughts? > > Jeff
Re: Relative home path not allowed - but how is this relative?
Never mind - query was a little screwed up...! Got it now. Thanks. On Sat, Jan 21, 2017 at 5:33 PM, Roger Klorese <rogerklor...@gmail.com> wrote: > I just set up my server with MySQL support for > authentication/authorization compatible with Postfix Admin. > > Initially, I was getting the "Relative home directory paths not supported" > message, and it's easy to see why - Postfix Admin stores the maildir as > "$domain/$userpart@$domain". > > But the directories in 10-mail.conf are set as > > mail_location = maildir:/home/mailboxes/%d/%u > mail_home = maildir:/home/mailboxes/%d/%u > > ...and the user_query has been revised to: > > user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir > FROM mailbox WHERE username = '%u'; > > ...so how are any of these relative paths? >
Relative home path not allowed - but how is this relative?
I just set up my server with MySQL support for authentication/authorization compatible with Postfix Admin. Initially, I was getting the "Relative home directory paths not supported" message, and it's easy to see why - Postfix Admin stores the maildir as "$domain/$userpart@$domain". But the directories in 10-mail.conf are set as mail_location = maildir:/home/mailboxes/%d/%u mail_home = maildir:/home/mailboxes/%d/%u ...and the user_query has been revised to: user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir FROM mailbox WHERE username = '%u'; ...so how are any of these relative paths?
Re: [Dovecot] sendmail to postfix-dovecot
OK, My dovecot-sql.conf.ext looks like this: connect = host=127.0.0.1 port=3306 user=postfix password=blabla dbname=postfix driver = mysql default_pass_scheme = MD5-CRYPT password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,\ '5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,\ concat('*:bytes=', quota) AS userdb_quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail, '5000' AS uid, '5000' AS gid,\ concat('*:bytes=', quota) AS quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 #iterate_query = SELECT username AS user FROM mailbox -Oorspronkelijk bericht- Van: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] Namens Steffen Kaiser Verzonden: donderdag 28 november 2013 10:09 Aan: R. Berger CC: dovecot@dovecot.org Onderwerp: Re: [Dovecot] sendmail to postfix-dovecot -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Nov 2013, R. Berger wrote: Steffen Kaiser schreef op 27-11-2013 17:48: On Wed, 27 Nov 2013, Benny Pedersen wrote: Roger Berger skrev den 2013-11-27 11:41: If I understand right it is not possible to use system and virtual users together. incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part of usernames and domains its all about dovecot auth how its configured, if you want both system and virtual users make sure system users get domain stripped in auth in addition to Benny's remark, you can also override the username, e.g. system users may auth without domain, but passdb/userdb return the user with domain. Then you can have all users as virtual user/domain. But probably using two userdb's is easier to maintain. Here is my dovecot -n: root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: /usr/local/etc/dovecot/dovecot.conf mail_location = maildir:~/ you should not use the home directory as base for mail storage, use ~/Maildir passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } I've been thinking about this and I want to put all system users in the database using the provided tools from postfixadmin and then sync the mail using imapsync. OK, then all user data are in the SQL database. In that case domain admins can handle their own mailboxes using postfixadmin. In that case I have all users as virtual users, but they have to be able to login with only their username. That means new users should login by using their complete emailaddress and old users as username or emailaddress. so: old user: i...@domain1.com user: info can login as info or i...@domain1.com old user: i...@domain2.com user: info.ltd can login as info.ltd or i...@domain2.com new user: i...@domain3.com can login only as i...@domain3.com if the new user tries to login as info he gets a password failure Is this possible an correct ? configure your SQL query so, that i...@domain1.com and info hits the same entry and that the username is overwritten (field user, IMHO) to i...@domain1.com. Then this user can login as i...@domain1.com or info with the same password, internally Dovecot handles all mail as i...@domain1.com only. Do the same for all other users as appropriate. One can craft the database like so: + one table with the user data of i...@domain1.com, username, password a.s.o. + one table with alias names and foreign key of user data table + the select for passdb joins both tables Search the list and wiki for such setup, e.g. http://wiki2.dovecot.org/PasswordDatabase?highlight=%28username%29 - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUpcIHl3r2wJMiz2NAQL5tgf/c130rwnZvXqNQOKiMpympmIZQhEmTMbd skSn+Bq7oLlU1nR3ao8HrdPmDlKeJYDUgU2Gr2U1Gw8z247TdFCQhLczFrm0gL+J gDUGS35sNVo6muSPlXGuTRL3J0kFDZX25Ic6APsvahk6HJGg3Z65cmYDLvi9PiyN TYysA4/zHmn0rZqzAdmeJdRF5VdW4CcDJ2ThKfbUVDgVYhRLRV1NhxK1sujkAWR8 WRTd96iB7dqNZo4SMkxQ9qhwL+HmfyWY2z2WVniqkhzUSRuc3v/StOU4/T4EaUTA wrM9TbHOWU7KU3DAmFj9TuVNP0KU2eINREainhl86IBrK5HTCY1NTQ== =0voO -END PGP SIGNATURE- OK, I have changed my mail_location. But the mysql is a bit off a hassle. If I add tables to the database, will it still work with postfixadmin? My dovecot-sql.conf.ext looks like this: connect = host=127.0.0.1 port=3306 user=postfix password=blabla dbname=postfix driver = mysql default_pass_scheme = MD5-CRYPT password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,\ '5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,\ concat('*:bytes=', quota) AS userdb_quota_rule\ FROM mailbox WHERE username='%u' AND domain='%d' AND active=1 user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail, '5000' AS uid, '5000' AS gid,\ concat('*:bytes=', quota) AS quota_rule
[Dovecot] sendmail to postfix-dovecot
Hi, I am a newbie to postfix and dovecot so I hope you can help me. I have an old server running sendmail for many years now. On this server I have about 100 domains and 500 users. The users are named as myuser or myuser.dom. People use pop3 and imap for fetching reading their email. I've setup a new server with postfix and dovecot2 on freebsd and managed to get it all working with virtual users. However, now I found out that I overlooked something; People have to login with usern...@domain.tldmailto:usern...@domain.tld on the new server but only use their username on the old server. This means they all have to change their login credentials, which is not an option. Is it possible to do some scripting before authentication where the username is looked up in the database and the right domain is added to the account? If I understand right it is not possible to use system and virtual users together. Thanks, Roger
[Dovecot] Corrupted squat uidlist file
Hi, I frequently get errors similar to this logged: Mar 5 17:49:20 alphonse dovecot: imap(roger): Error: Corrupted squat uidlist file /home/roger/Maildir/.Debian/dovecot.index.search.uids: wrong indexid I am running the Debian package version 1:2.1.7-7 on an up to date Debian Testing system with ext4 filing systems. 'doveadm index -A *' is run six nights a week and 'doveadm fts rescan -A' on the seventh night. The output of 'doveconf -n' should be attached. Is this something to be worried about? Am I doing something wrong? Thanks, Roger $ doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 auth_username_format = %Ln first_valid_uid = 1000 last_valid_uid = 1 listen = 127.0.0.1, 217.169.26.194 mail_access_groups = sharedmail mail_location = maildir:~/Maildir mail_plugins = zlib fts fts_squat acl managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%n prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Archives { special_use = \Archive } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { driver = pam } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes antispam_backend = pipe antispam_pipe_program = /usr/bin/spamc antispam_pipe_program_notspam_arg = --reporttype=revoke antispam_pipe_program_spam_arg = --reporttype=report antispam_pipe_tmpdir = /tmp antispam_spam = Junk;Junk E-mail antispam_trash = Trash;Deleted Items fts = squat fts_squat = partial=4 full=10 recipient_delimiter = - sieve = ~/Maildir/dovecot.sieve sieve_before = /etc/dovecot/sieve/before.sieve sieve_dir = ~/Maildir/sieve } protocols = imap lmtp sieve service auth { unix_listener auth-client { user = Debian-exim } } service indexer-worker { vsz_limit = 512 M } ssl_cert = /etc/ssl/certs/mail_server.pem ssl_cipher_list = HIGH ssl_key = /etc/ssl/private/mail_privatekey.pem userdb { driver = passwd } protocol lmtp { mail_plugins = zlib fts fts_squat acl sieve recipient_delimiter = - } protocol imap { imap_idle_notify_interval = 5 mins mail_plugins = zlib fts fts_squat acl imap_zlib antispam imap_acl }
Re: [Dovecot] Thunderbird SSL/TLS client authentication fails - solved with workaround
On 2012/12/02 22:18, Daniel Parthey wrote: Roger Hunen wrote: I am seeking your help with SSL/TLS client authentication. Unfortunately the authentication fails :( http://wiki2.dovecot.org/SSL/DovecotConfiguration states: You may also want to disable the password checking completely. Doing this currently circumvents Dovecot's security model so it's not recommended to use it, but it is possible by making the passdb allow logins using any password (typically requiring nopassword extra field to be returned). See http://wiki2.dovecot.org/PasswordDatabase/ExtraFields This sounded like a bad idea at first as it would allow webmail users to logon without entering a password. However, your suggestion made me think (and go!) in a direction that I would not have gone on my own. Thank you for that! First things first: the solution/workaround :) * Create two passwd style files - mailusers.143 with password and without 'nopassword' extra field - mailusers.993 without password but with 'nopassword' extra field * Configure a passdb (driver=passwd-file) that selects the password database file using the %a variable (local port): mailusers.%a My Dovecot setup now * does not require a valid password for connections to the imaps port (993); the username is taken from the certificate that is issued by a trusted CA. * does require a password for connections to the imap port (143). Currently the system supports very few users, so working with two passwd files is not a problem. For the future I plan to use a mysql database with two different queries on the same table based on the local port number. For those who are interested: read on for some more findings... * As far as I can tell (from docs and source) Dovecot supports only username/password based authentication schemes. There is no such thing as certificate based authentication (unless I have overlooked something or it is undocumented). * Even if 'auth_ssl_username_from_cert=yes' Dovecot will only take the username from the certificate if the client sends username and password to logon. * When configured to use TLS Certificate authentication Thunderbird will not send a username/password to logon. Thunderbird considers the authentication done once the SSL handshake has completed. Given the above this is a recipe for failure. * With 'auth_ssl_username_from_cert=yes' Dovecot will ignore the given username and use the designated field in the certificate instead (usually commonName). Together with the 'nopasswd' extra field a certificate based authentication scheme can be implemented. The client must be configured to use username and password (which will be completely ignored by Dovecot as intended in such a setup). * Dovecot will log an error if a passwd file record has a non-empty password and the 'nopassword' extra field is present. Either can be present but not both. * Dovecot will log an error input is missing end-of-settings line if the configuration contains a setting with a name that is not valid in the given context. Something like Invalid setting 'x' at line y would be more helpful to pinpoint the problem. * Dovecot documentation is sparse in many respects which makes it difficult to use Dovecot to its full potential. I realize though that resources are at a premium and that writing documentation is not everybody's cup of tea. From a documentation point of view Exim4 is an excellent example. Regards, -Roger
[Dovecot] Thunderbird SSL/TLS client authentication fails
Hi, This is my first post to the list, so greetings to you all! I am seeking your help with SSL/TLS client authentication. I currently have the following setup: * Server: - Debian Squeeze (fully patched) - OpenSSL 0.9.8o - Dovecot v2.1.10 (Debian backport package from Wheezy) - SSL listener on port 993 with the Dovecot selfsigned certificate that was created during installation - Virtual users (u...@domain.net) with password in passwd style file * Client: - Windows XP SP3 (fully patched) - Thunderbird 17.0 - IMAP account using Normal password authentication - Roundcube webmail (to be added soon) This works just fine :) == I now want to set Thunderbird to use TLS certificate authentication so that I can safely expose port 993 to the internet for mobile use. The idea is that clients with a trusted client certificate do not need a password so that I can change my password for Roundcube without having to change passwords on other IMAP clients (Roundcube will connect to localhost without SSL). To do so I did the following: - use XCA (v0.9.3, Windows version) to setup a private root CA with a CRL - export root CA certificate and CRL in PEM format and join them into a ca.pem file (order: certificate, CRL) - configure Dovecot to use the ca.pem file and require a client certificate - use XCA to generate a private key and certificate for commonName=u...@mydomain.net - import certificate and private key into Thunderbird - change IMAP account setting in Thunderbird to use TLS Certificate authentication - When prompted, select the imported certificate to be used for authentication. Unfortunately the authentication fails :( Using verbose_ssl=yes I can see in the Dovecot logfile that Thunderbird connects and that the SSL handshake completes successfully. Valid certificate is logged for both client certificate and root CA certificate. This looks so far so good to me :) The Dovecot log has the following lines at the point of failure: imap-login: Warning: SSL alert: where=0x4004, ret=256: warning close notify [IP] imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [IP] imap-login: Disconnected (no auth attempts in 0 secs): user=, rip=IP, lip=IP, TLS, session=ID (IP address and TLS session ID removed) The last log line (user=) suggests that Dovecot does not try to use the commonName from the client certificate as the username even though (I think) I have configured Dovecot to do so. The relevant lines in the Dovecot configuration are: config auth_mechanisms = plain auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes disable_plaintext_auth = yes protocols= imap ssl = yes ssl_ca = /etc/dovecot/ssl/ca.pem ssl_cert = /etc/ssl/certs/dovecot.pem ssl_cert_username_field = commonName ssl_key = /etc/ssl/private/dovecot.pem ssl_parameters_regenerate= 0 ssl_require_crl = yes ssl_verify_client_cert = yes service imap-login { chroot= login process_min_avail = 1 service_count = 1 inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } /config Observation: with auth_ssl_require_client_cert = yes Dovecot requires Thunderbird to send the client certificate even when Thunderbird uses Normal password authentication (authentication only fails if I delete the certificate from Thunderbird). So the SSL part looks OK to me. It seems that Dovecot is waiting for the client to logon over the established SSL/TLS connection instead of taking the username from the commonName in the certificate. == What could be going wrong here? I can post full config and logfile lines if you wnt to. Except for some possible oversight on my behalf there is nothing secret in there (I just didn't want to add too many lines to this already long post). Regards, -Roger
Re: [Dovecot] ZFS Filesystem Quota under Solaris 10 and Sparc
*Jürgen Obermann wrote:* Since we upgraded last year to Solaris 10 with zfs filesystems on our Sparc server still using a similar setup with separate filesystems for home directories and inboxes we have no working quota plugin anymore. Currently we use dovecot 2.0.13. Are there any plans or whishes to get the filesystem quota code working again under zfs and Solaris? How are you setting up the zfs quotas? The original zfs implementation didn't have user quotas. You could only add quotas to individual file systems as a whole. They apparently added it into the source base in 2009: http://blogs.oracle.com/chrisg/entry/user_and_group_quotas_for but I'm not sure when/if it made it to production. My sol10u8 * (10/09) has it in the man page, but I know some things in the man page isn't in s10 (like sharesmb), so, as they say, ymmv. The current doc for user quotas are here: http://download.oracle.com/docs/cd/E19253-01/819-5461/gazud/index.html If you don't want to use the filesystem quotas, you have to change your rules/configuration to match what dovecot has. See doc/wiki/Quota.Configuration.txt.Hope this helps. -r
[Dovecot] 2.0.12 ipwd.c does not compile under solaris
the new src/lib/ipwd.c introduced in 2.0.12 no longer compiles on solaris. Under solaris, the *_r routines doesn't pass in result as the last parameter and return errno - it just returns result. obviously a job for configure. -- Roger Fujiir...@lookhere.com
[Dovecot] improved create dovecot certificate script
If anybody is interested, which they are probably not, here is an improved and more rigorous version of mkcert.sh #! /bin/sh #*# #| #| file : /root/apps/share/sh/create_dovecot_certificate #| #*---*# BELL=\007 DOVECOT_DIR=${DOVECOT_DIR-/var/lib/dovecot} OPENSSL=${OPENSSL-openssl} OPENSSL_CONF=${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf} #.# certificates_dir=${DOVECOT_DIR}/certificates echo=/bin/echo -e error=${BELL}%ERROR - #*---*# check_directory () { directory=${1} #.# if [ \( ! \( -d ${directory} \) \) ] then mkdir -m 700 ${directory} 2 /dev/null status=${?} if [ ${status} -ne 0 ] then ${echo} ${error} directory ${directory} cannot be created! 2 exit 2 fi chgrp dovecot ${directory} fi #.# return 0 } #*---*# check_executable () { executable=${1} #.# if [ \( ! \( -x `which ${executable} 2 /dev/null` \) \) ] then ${echo} ${error} executable ${executable} could not be found! 2 exit 1 fi #.# return 0 } #*---*# check_exists () { file=${1} description=${2} #.# if [ -e ${file} ] then test ${description} = public certificate echo ${echo} \ ${error} ${description} file ${file} already exists! 2 test ${description} = public certificate \ show_certificate ${certificate} exit 6 fi #.# return 0 } #*---*# check_file () { file=${1} description=${2} #.# if [ \( ! \( -e ${file} \) \) ] then ${echo} ${error} ${description} file ${file} does not exist! 2 exit 3 fi if [ \( ! \( -f ${file} \) \) ] then ${echo} ${error} ${description} ${file} is not a file! 2 exit 4 fi if [ \( ! \( -s ${file} \) \) ] then ${echo} ${error} ${description} file ${file} is empty! 2 exit 5 fi #.# return 0 } #*---*# create_certificate () { configuration=${1} directory=${2} #.# name=`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot certificate=${directory}/${name}.crt check_exists ${certificate} public certificate key=${directory}/${name}.pem check_exists ${key} private key #.# ${echo} \nCreating new X509 certificate\n\ with configuration ${configuration}\nfor ${name} ...\n ${OPENSSL} req -new -x509 -nodes -config ${configuration} \ -days 365 -out ${certificate} -keyout ${key} status=${?} if [ ${status} -ne 0 ] then ${echo} ${error} ${OPENSSL} failed with exit status ${status}! 2 exit 7 fi #.# chmod 0400 ${key} chmod 0444 ${certificate} #.# return 0 } #*---*# show_certificate () { certificate=${1} #.# echo ${OPENSSL} x509 -in ${certificate} -noout -dates echo ${OPENSSL} x509 -in ${certificate} -noout -serial echo ${OPENSSL} x509 -in ${certificate} -noout -subject echo #.# return 0 } #*---*# check_executable ${OPENSSL} check_file ${OPENSSL_CONF} openssl configuration check_directory ${DOVECOT_DIR} check_directory ${certificates_dir} create_certificate ${OPENSSL_CONF} ${certificates_dir} #.# exit 0 #*#
Re: [Dovecot] Problems with dovecot/sendmail combi.
Steffen Kaiser wrote .. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Aug 2009, Roger wrote: But how do I do that and does that inflict all users on the server (only a part of the users use imap). there are about 200 pop users on the mail server and only 50 of them need imap. Replace mail_location: mail_location: maildir:~/Maildir:INBOX=/var/mail/%u then imap_sync POP and IMAP users don't care about server-side storage format. Bye, - -- Steffen Kaiser Looks like this is working, imapsync now nicely makes the subfolders. But, when I try to log in from the webmail server I got this error: IMAP(sannevdh): Error: stat(/var/mail/sannevdh/tmp) failed: Not a directory I changed the dovecot.conf to this: mail_location: maildir:~/Maildir:INBOX=/var/mail/%u and namespace: type: private separator: / prefix: #mbox/ location: maildir:~/Maildir:INBOX=/var/mail/%u inbox: yes list: yes subscriptions: yes namespace: type: private separator: . location: maildir:~/Maildir list: no subscriptions: yes
[Dovecot] Problems with dovecot/sendmail combi.
Hi, I am really stuck here. I am trying to setup imap for an external mail server. I have a freebsd server running sendmail / dovecot. I am transfering the existing mail from an exchange 2003 server to the mailserver using imapsync. This works fine, but gives errors when it tries to make a submap, also thunderbird gives an error Mailbox doesn't allow inferior mailboxes when I try to make a submap. I found out that it has something to do with the mbox not able to have submaps and there should be a workaround using namespaces. I tried several setups but keep getting errors. Does anybody know how to configure namespaces to allow submaps? dovecot -n # 1.2.3: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.4-STABLE i386 log_path: /var/log/dovecot.log protocols: imap imaps pop3 pop3s disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_process_per_connection: no login_processes_count: 4 verbose_proctitle: yes first_valid_gid: 0 mail_access_groups: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_debug: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / prefix: #mbox/ location: mbox:~/mail:INBOX=/var/mail/%u inbox: yes list: yes subscriptions: yes namespace: type: private separator: / location: maildir:~/mail list: yes subscriptions: yes lda: postmaster_address: postmas...@example.com sendmail_path: /usr/sbin/sendmail auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam userdb: driver: passwd mbox is in /var/mail/%u and home dir is in /home/mailusers/%u
Re: [Dovecot] Problems with dovecot/sendmail combi.
Yes, But how do I do that and does that inflict all users on the server (only a part of the users use imap). there are about 200 pop users on the mail server and only 50 of them need imap. Thanks, Roger Charles Marcus wrote .. On 8/20/2009, Roger Berger (dove...@berger.nl) wrote: I found out that it has something to do with the mbox not able to have submaps and there should be a workaround using namespaces. I tried several setups but keep getting errors. Does anybody know how to configure namespaces to allow submaps? Assuming you mean subFOLDERS, my recommendation is to convert to maildir at the same time. -- Best regards, Charles
[Dovecot] automounting home dirs
Hi, I'm running dovecot-1.0.10 on a Solaris 10 server with home dirs automounted over NFS. I have set the mail_location configuration option so that nothing should be written to a user's home dir over NFS but, as far as I can tell, dovecot still by default tries to chdir to a user's home dir when reading mail, although this is not required. This creates additional unnecessary load on a heavily-loaded fileserver and generally slows everything down and creates an unnecessary dependency. Is there a way to prevent dovecot from causing the home dirs to be mounted? I found this thread: http://markmail.org/message/umywuppl3vvzfe4p#query:dovecot%20mount%20home%20directory+page:3+mid:fgr4g6pup5y6qbcr+state:results which discusses the same problem, but it's quite old and there doesn't seem to be a definitive answer other than hacking the passwd file or the code. Is there a more elegant solution? TIA. _ Get a bird’s eye view of the world with Multimap http://clk.atdmt.com/GBL/go/115454059/direct/01/
Re: [Dovecot] automounting home dirs
I'm running dovecot-1.0.10 on a Solaris 10 server with home dirs automounted over NFS. I have set the mail_location configuration option so that nothing should be written to a user's home dir over NFS but, as far as I can tell, dovecot still by default tries to chdir to a user's home dir when reading mail, although this is not required. This creates additional unnecessary load on a heavily-loaded fileserver and generally slows everything down and creates an unnecessary dependency. Is there a way to prevent dovecot from causing the home dirs to be mounted? You can override the home dir returned by your userdb with a variable-expanded, static value by adding home to args[1]. You need to be careful and make sure that Dovecot doesn't use anything in the users' home dirs. You may need to set mail_location and/or mail and create a virtual home-dir tree local to the Dovecot server. Thanks. Are you suggesting I add something like the following? userdb static { args = home=/some/random/dir } Incidentally, what I really wanted was for the user's home dir only to be mounted for imap connections (when it could be usefully used), not POP3. I thought by moving the indexes dir this would just happen. Posting `dovecot -n` output would help. # 1.0.10: /usr/local/etc/dovecot.conf protocols: imap imaps pop3s disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login mail_extra_groups: mail mail_location: mbox:/var/mail/.mboxes/%u:INBOX=/var/mail/%u:INDEX=/var/mail/.indexes/%u mail_debug: yes mmap_disable: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_reuse_xuidl(default): no pop3_reuse_xuidl(imap): no pop3_reuse_xuidl(pop3): yes pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xv%08Xu auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd _ Get a bird’s eye view of the world with Multimap http://clk.atdmt.com/GBL/go/115454059/direct/01/
[Dovecot] mail_location NFS mounted home dirs
Hi, I'm fairly new to Dovecot, migrating from a POP-only system with /var/mail only mailboxes. I'm currently on version 1.0.10 on Solaris 10, but I don't think that's relevant to the question. I'm a little overwhelmed by the number of configuration options at the moment. I took the standard mail_location = mbox:~/mail:INBOX=/var/mail/%u setting in dovecot.conf. This mostly works fine, but home dirs are NFS mounted and in the event that an NFS server is down users cannot read their mail. This is the case even for users who only use POP. So, my question is, do folks on this list have good suggestions for optimum ways to deal with this so that users (perhaps only POP users) can read their mail independent of home directories being available? I think I can make something up, but I'd rather take a standard approach if there is one. If this has already been discussed I apologise - just point me to it as I didn't find it. Thx, Roger _ X Factor: latest video, features and more. Click here! http://clk.atdmt.com/GBL/go/115454063/direct/01/
[Dovecot] [Sieve] Sendmail problem
Hi All, it's my first post in this list. I'm running dovecot 1.0.rc15 on my Debian Etch box. It's working very well but I faced a problem with Vacation using Sieve. :-( In fact, after well configuring the system I dont't receive the vacation message, and in the log I found: deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Info: cmusieve: Using sieve path: /home/path/to/my/homedir/.dovecot.sieve deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Error: Sendmail process terminated abnormally, exit status 75 deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Info: sieve runtim error: Vacation: Error sending mail. Any idea about the reason this happen and how to solve? Thank a lot for your help Roger
[Dovecot] plain authentication
After upgrading my server I have found that Im not able to use plain auth for clients conecting from outside server. localhost clients (pine, webmail) works fine, but if I use Thunderbird I got an error saying that server requires TLS or SSL. But if I enable TLS or SSL I got more errors. I have tried sevral combinations, but havent found a working one. Here is my config, can somebody see what Im doing wrong? # /etc/dovecot/dovecot.conf protocols: imap pop3 ssl_disable: yes ssl_cert_file: /etc/ssl/dovecot/server.pem ssl_key_file: /etc/ssl/dovecot/server.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no mail_extra_groups: mail mail_location: mbox:~/mail/:INBOX=/var/spool/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: passdb: driver: shadow userdb: driver: passwd -- Roger D. Vargas http://dsgp.blogspot.com
Re: [Dovecot] using 'socat' to relay Dovecot SASL's auth socket over TCP?
snowcrash wrote: which, iiuc (?), can bidirectionally bridge the Dovecot unix-socket to a TCP socket that Exim can talk/listen to. I've used socat extensively on a completely unrelated project in order to bridge UNIX domain sockets across machines. I assume you currently have this: exim - /some/unix/socket - dovecot-auth If you want to use socat, then make sure it is installed on both machines. You can bridge using ssh (recommended) or just plain TCP/IP. For ssh, run the following command on eximhost: socat -t 10 UNIX-LISTEN:/some/unix/socket,fork \ EXEC:ssh [EMAIL PROTECTED] STDIO UNIX:/some/unix/socket The ssh will need to be able to complete without any form of prompting (ie you need private/authorized keys setup). If you don't care about security then you can use TCP connections between the machines. On eximhost run this replacing with your chosen port number: socat -t 10 UNIX-LISTEN:/some/unix/socket,fork \ TCP4:dovecot-auth-host: On dovecot-auth-host run: socat TCP4-LISTEN:,fork \ UNIX:/some/unix/socket The -t 10 option waits for 10 seconds after one direction is closed before closing the other direction. The socat default is .5 seconds which I found problematic on higher latency links. Roger
Re: [Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted
Charles Marcus wrote: Curious... was this copy/pasted from dovecot -n output? Or was that last line misspelling of 'maildur' a typo? Just one reason why copy/pasted output of dovecot -n is preferred... It was manually retyping. I was rebuilding a new server which I did by putting a new harddisk in my workstation and then making a VMWare guest using the raw disk. I don't install any of the vmware crud in that guest since it is a pain to get rid of and disk would be the new primary disk in a physical machine anyway. Consequently I had no copy and paste capability and had to retype manually. SSH would have been one alternative, but the ssh connections hang between a host and guest on the same machine under some circumstances (and always for me). It is some tcp level issue that I didn't bother resolving. But I am happy to have successfully migrated from Gentoo qmail, maildrop, courier and sqwebmail to Ubuntu postfix, procmail, dovecot and squirrelmail. Roger
[Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted
I'm using the dovecot available on Ubuntu Feisty (1.0rc17) and am trying to migrate from courier-imap. A really important feature for me from courier is that expunged messages end up in Trash where they are removed after 7 days. I can get an approximation of this feature as described in the documentation: namespace private { prefix = INBOX. seperator = . inbox = yes } namespace private { prefix = DELETED. seperator = . location = maildur:~/Maildir/deleted } lazy_expunge = DELETED. DELETED. DELETED. This all works fine except for messages that were deleted from the Inbox. They do end up in the right place (~/Maildir/deleted/cur) but that location is not listed as a subscribable folder. Here you can see that deleted messages from my ciontope folder show up, but not the inbox. a LIST DELETED. * * LIST (\HasNoChildren) . DELETED.ciontope a OK List completed. You can't examine the namespace itself: a EXAMINE DELETED a NO Unknown namespace. a EXAMINE DELETED. a NO Invalid mailbox name But the folder does exist: a EXAMINE DELETED.INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 4 EXISTS * 0 RECENT * OK [UIDVALIDITY 1181423860] UIDs valid * OK [UIDNEXT 5] Predicted next UID a OK [READ-ONLY] Select completed. Is there any way to convince dovecot to list DELETED.INBOX so that clients can see it an subscribe to it? Roger
Re: [Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo Sirainen wrote: On Sat, 2007-06-09 at 14:23 -0700, Roger Binns wrote: namespace private { prefix = DELETED. seperator = . location = maildur:~/Maildir/deleted inbox = no } Does that help? Nope. However I have a disgusting workaround :-) In Maildir/deleted I create .INBOX/ and within that directory I then symlink cur/new/tmp to Maildir/deleted/{cur/new/tmp}. Everything works fine and the correct content is shown. I am patiently waiting for the day when courier style Trash is implemented :-) lazy_expunge = DELETED. DELETED. DELETED. Have you tried what happens if you try to expunge mails from DELETED.mailbox? When I wrote the code I assumed all those namespaces would be different. It works fine. Roger -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGbHefmOOfHg372QQRAoFmAKCKINGfDFMUCHoCELSYv37D4iLtzgCgrfNy lqr8lHaB8D6HCKu7e4iGFnk= =lGUG -END PGP SIGNATURE-