Re: File manager or browser for IMAP?

[Roger Klorese via dovecot]

On Tue, Sep 24, 2019 at 9:19 PM Steve Litt via dovecot 
wrote

>
> They only see some of the folders.



Are they subscribed?

>

Re: [Bug] Sieve vacation :addresses match only case-sensitive?

[Roger Klorese via dovecot]

>
> It is not recommended to rely on local-part case, but it is indeed
> case-sensitive.
>
> And this is to avoid such issues that postfix supports address
> cleanup/canonicalisation before forwarding mails to dovecot.
>
> --
> RFC 5321:
>
> "Local-part = Dot-string / Quoted-string ; MAY be case-sensitive
> […]
> While the above definition for Local-part is relatively permissive, for
> maximum interoperability, a host that expects to receive mail SHOULD avoid
> defining mailboxes where the Local-part requires (or uses) the
> Quoted-string form or where the Local-part is case-sensitive."
>
>



And therefore “receive liberally” policy that wants to assume
case-insensitivity should single-case the address IN THE COMPARISON.

>
>

Re: [Bug] Sieve vacation :addresses match only case-sensitive?

[Roger Klorese via dovecot]

On Wed, Sep 4, 2019 at 8:25 AM Philipp Faeustlin via dovecot <
dovecot@dovecot.org>

> Further investigation showed me that it has to be a bug.
>
> I tested with Dovecot 2.2.36.3 (a7d78f5a2), Pigeonhole version 0.4.24
> (5a7e9e62):
>
> In this version the additional addresses in vacation :addresses
> ["t...@example.com"] are handled case-insensitive.
>
> In the new version: Dovecot 2.3.7.2 (3c910f64b), Pigeonhole version
> 0.5.7.2 (7372921a) installed via https://repo.dovecot.org/, (same sieve,
> same configuration) these addresses are handled case-sensitive.
>
> The case-sensitive matching of mail addresses, doesn't make any sense to
> me.
>
> Could someone confirm this behavior?
>
>
Isn’t RFC-compliant behavior to treat the local part as case-sensitive and
the domain-part as case-insensitive?

Re: Bug: subscriptions file

[Roger Klorese]

If John Doe dies and a new John Doe is born, they’re not the same person,
are they?
On Wed, May 23, 2018 at 10:37 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote:

> That's rather difficult semantic question.
>
> Aki
>
> On 24.05.2018 08:35, Roger Klorese wrote:
>
> If something deletes and recreates the folder, it’s not really the folder
> to which you subscribed, is it?!
> On Wed, May 23, 2018 at 10:33 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>
>> I understand that reading that paragraph makes it sounds obscure and
>> outdated. But the problem is that if something deletes & recreates your
>> folder, while you were gone, you would lose the subscription. This includes
>> other MUAs that are in no way obligated to resubscribe to the folder if
>> they do this.
>>
>> Aki
>>
>> On 23.05.2018 23:13, Rupert Gallagher wrote:
>>
>> Sorry for top posting, my client is still broken.
>>
>> I have never seen the ghost of a "system-alerts" or similar "well-known"
>> mail folder in the past 30 years.
>>
>> Compliance with an RFC obscure feature is compellong us all to clear 
>> subscriptions
>> fol ders by hand.
>>
>> As we meet the problem over and over again, a non-RFC configuration
>> option could solve the problem, and it would be very much appreciated...
>>
>>
>> On Wed, May 23, 2018 at 11:57, Aki Tuomi <aki.tu...@dovecot.fi> wrote:
>>
>> > On 23.05.2018 12:31, Rupert Gallagher wrote:
>>
>> Dovecot does not clear the subscription file from non-existent folders.
>>
>>
>> Hi!
>>
>> Thank you for your bug report. Unfortunately this is not a BUG, but
>> mandated behavior by RFC3501, see last two paragraphs in the excerpt.
>>
>> Aki Tuomi
>>
>> 6.3.6.  SUBSCRIBE Command
>>
>>Arguments:  mailbox
>>
>>Responses:  no specific responses for this command
>>
>>Result: OK - subscribe completed
>>NO - subscribe failure: can't subscribe to that name
>>BAD - command unknown or arguments invalid
>>
>>   The SUBSCRIBE command adds the specified mailbox name to the
>>   server's set of "active" or "subscribed" mailboxes as returned by
>>   the LSUB command.  This command returns a tagged OK response only
>>   if the subscription is successful.
>>
>>   A server MAY validate the mailbox argument to SUBSCRIBE to verify
>>   that it exists.  However, it MUST NOT unilaterally remove an
>>   existing mailbox name from the subscription list even if a mailbox
>>   by that name no longer exists.
>>
>>Note: This requirement is because a server site can
>>choose to routinely remove a mailbox with a well-known
>>name (e.g., "system-alerts") after its contents expire,
>>with the intention of recreating it when new contents
>>are appropriate.
>>
>>
>>
>

Re: Bug: subscriptions file

[Roger Klorese]

If something deletes and recreates the folder, it’s not really the folder
to which you subscribed, is it?!
On Wed, May 23, 2018 at 10:33 PM Aki Tuomi  wrote:

> I understand that reading that paragraph makes it sounds obscure and
> outdated. But the problem is that if something deletes & recreates your
> folder, while you were gone, you would lose the subscription. This includes
> other MUAs that are in no way obligated to resubscribe to the folder if
> they do this.
>
> Aki
>
> On 23.05.2018 23:13, Rupert Gallagher wrote:
>
> Sorry for top posting, my client is still broken.
>
> I have never seen the ghost of a "system-alerts" or similar "well-known"
> mail folder in the past 30 years.
>
> Compliance with an RFC obscure feature is compellong us all to clear 
> subscriptions
> fol ders by hand.
>
> As we meet the problem over and over again, a non-RFC configuration option
> could solve the problem, and it would be very much appreciated...
>
>
> On Wed, May 23, 2018 at 11:57, Aki Tuomi  wrote:
>
> > On 23.05.2018 12:31, Rupert Gallagher wrote:
>
> Dovecot does not clear the subscription file from non-existent folders.
>
>
> Hi!
>
> Thank you for your bug report. Unfortunately this is not a BUG, but
> mandated behavior by RFC3501, see last two paragraphs in the excerpt.
>
> Aki Tuomi
>
> 6.3.6.  SUBSCRIBE Command
>
>Arguments:  mailbox
>
>Responses:  no specific responses for this command
>
>Result: OK - subscribe completed
>NO - subscribe failure: can't subscribe to that name
>BAD - command unknown or arguments invalid
>
>   The SUBSCRIBE command adds the specified mailbox name to the
>   server's set of "active" or "subscribed" mailboxes as returned by
>   the LSUB command.  This command returns a tagged OK response only
>   if the subscription is successful.
>
>   A server MAY validate the mailbox argument to SUBSCRIBE to verify
>   that it exists.  However, it MUST NOT unilaterally remove an
>   existing mailbox name from the subscription list even if a mailbox
>   by that name no longer exists.
>
>Note: This requirement is because a server site can
>choose to routinely remove a mailbox with a well-known
>name (e.g., "system-alerts") after its contents expire,
>with the intention of recreating it when new contents
>are appropriate.
>
>
>

Re: Permissions on /var/log/dovecot

[Roger Klorese]

So is yours.

Why not say what SHOULD be done? Since we were discussing logging,
including only the lines about logging seem to be a reasonable response to
the original open-ended question. “Please include the complete output of
‘dovecot -n’” would get your point across instead of just letting you be a
snarky ass.
On Mon, Mar 19, 2018 at 1:14 PM Odhiambo Washington 
wrote:

>
>
> On 19 March 2018 at 22:45, @lbutlr  wrote:
>
>> On 2018-03-19 (13:19 MDT), Odhiambo Washington 
>> wrote:
>> >
>> > What does your doveconf -n have?
>>
>> imap_id_log = *
>> log_path = /var/log/dovecot
>>
>
> This is a very useless response!
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>

Re: How to make dovecot access a MySQL database with a certain domain?

[Roger Klorese]

Replace 127.0.0.1 with the domain name.
On Tue, Nov 28, 2017 at 10:08 AM Spike98  wrote:

> I am trying to make a mail server with Postfix using the Dovecot software.
> At the time of wanting to access my server from a mail client, it does not
> let me access and see the logs of my server with the command:
>
> $ service dovecot status
> with the following error:
>
> dovecot: auth-worker(2769): Error: mysql(127.0.0.1): Connect failed to
> database (postfix): Access denied for user 'postfix'@'localhost' (using
> password: YES) - waiting for 125 seconds before retry
>
> From what I understand of this error is that it is trying to enter
> 'postfix' @ 'localhost' instead of the domain that I specify when I made
> the database that is mydomain.com
>
> How can you make dovecot go to MySQL with post...@mydomain.com instead of
> localhost
>
> This is my Dovecot configuration
>
> /etc/dovecot/dovecot-sql.conf.ext
>
> driver=mysql
>
> default_pass_scheme=PLAIN-MD5
>
> connect=host=127.0.0.1 dbname=postfix user=postfix password=postfix
>
> password_query=SELECT username,domain,password FROM usuarios WHERE
> username='%n' AND domain='%d'
>
> user_query=SELECT 1007 as uid, 1007 as gid,
> concat("maildir:/var/vmail",domain,'/',username,'/') as mail FROM usuarios
> WHERE username='%n' AND domain='%d'
>
> iterate_query=SELECT username,domain FROM usuarios

Re: Sieve coding question

[Roger B.A. Klorese]

On 11/16/17 11:03 AM, Stephan Bosch wrote:

Op 11/16/2017 om 7:42 PM schreef lists.dove...@rogerklorese.com:

Is there a more appropriate list on which to ask for assistance in
coding Sieve rules, or may I ask here?

I know of no other suitable venue, so go ahead.

Regards,

Stephan.



Here is the config. I don't think IMAPsieve is configured...

# dovecot -n
# 2.2.30.2 (c0c463e): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 3.10.0-514.6.1.el7.x86_64 x86_64 CentOS Linux release 
7.3.1611 (Core)  xfs

first_valid_uid = 1000
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
mail_gid = mailboxes
mail_home = maildir:/home/mailboxes/%d/%u
mail_location = maildir:/home/mailboxes/%d/%u
mail_privileged_group = mailboxes
mail_uid = mailboxes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext imapflags notify

mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  list = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = no
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  subscriptions = yes
  type = private
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  recipient_delimiter = +
  sieve = /home/mailboxes/%d/%u/sieve/dovecot.sieve
  sieve_default = /etc/dovecot/sieve/default.sieve
  sieve_dir = /home/mailboxes/%d/%u/sieve
  sieve_extensions = +notify +imapflags
  sieve_global_dir = /etc/dovecot/sieve/global/
  sieve_global_path = /etc/dovecot/sieve/default.sieve
}
pop3_uidl_format = %v-%u
protocols = imap pop3 lmtp sieve sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = mailboxes
    mode = 0660
    user = mailboxes
  }
  unix_listener auth-userdb {
    mode = 0777
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
ssl_cert = 

Re: Sieve coding question

[Roger B.A. Klorese]

On 11/16/17 11:03 AM, Stephan Bosch wrote:

Op 11/16/2017 om 7:42 PM schreef lists.dove...@rogerklorese.com:

Is there a more appropriate list on which to ask for assistance in
coding Sieve rules, or may I ask here?

I know of no other suitable venue, so go ahead.

Regards,

Stephan.



I have the following as the last rule:

if anyof (header :contains "x-spam-flag" "YES", header :contains 
"subject" "*SPAM*")

{
    fileinto "INBOX.Junk";
    stop;
}

It seems to fire not only when mail is first retrieved, but if a message 
is moved back into INBOX (so it moves back to Spam). Any suggestions on 
how to make it fire only on initial processing?

Re: Dovecot - Postfix Calender Synchronisation

[Roger Klorese]

On Thu, Aug 24, 2017 at 11:28 PM Rupert Gallagher <r...@protonmail.com>
wrote:

> On Thu, Aug 24, 2017 at 10:55 PM, Roger Klorese <rogerklor...@gmail.com>
> wrote:
>
> > "Webmail? We use dovecot." And how exactly do you read and write mail
> using dovecot?
>
> With a MUA.
>

And you’re suggesting that webmail is somehow more of a risk than lots of
users each running their own MUA. I see.

>
>

Re: Dovecot - Postfix Calender Synchronisation

[Roger Klorese]

“Webmail? We use dovecot.” And how exactly do you read and write mail using
dovecot?
On Thu, Aug 24, 2017 at 10:56 AM Gregory Sloop  wrote:

>
>
> RG> Re: portable formats and their mime type
>
> RG> https://en.m.wikipedia.org/wiki/ICalendar
> RG> https://en.m.wikipedia.org/wiki/VCard
>
> RG> Re: dependencies
>
> RG> - db: why? just use the ical and vcard files! They are files,
> RG> they are in a directory, they can be used like dovecot uses eml
> RG> files! No need for postgresql or mysql.
>
> RG> - webmail: why? We use dovecot!!!
>
> RG> - apache web: why? we use nginx.
>
> RG> - linux: why? we use other unix systems.
>
> RG> - python: why? it takes 140MB all by itself, it is an interpreter
> RG> (slow), it is a security hazard, we would have to install it on
> RG> purpose and sanbox it in a virtual machine! So we have to install a vm
> manager.
>
> RG> Bloody hell...
>
> This is a little tongue-in-cheek, but...
> Do you also yell "Get offa my lawn you dirty punk kids!" regularly?
>
> I thought I had the curmudgeonly-old-man schtick down, but you're like Obi
> Wan.
> :)
>

Re: passwd-file, getting invalid uid 0

[Roger Klorese]

Did you miss the part about 0 also being hardcoded?

On Tue, Jul 18, 2017 at 1:34 PM Larry Rosenman  wrote:

> On Tue, Jul 18, 2017 at 3:31 PM, Larry Rosenman 
> wrote:
>
> > That didn't change it :(
> > Jul 18 15:28:14 thebighonker dovecot: auth-worker(77908): Error:
> > passwd-file /etc/passwd: User root has invalid UID '0'
> > Jul 18 15:28:14 thebighonker dovecot: auth-worker(77908): Error:
> > passwd-file /etc/passwd: User toor has invalid UID '0'
> >
> > doveconf -n:
> > lrosenman:~ lrosenman$ ssh tbh.lerctr.org doveconf -n
> > # 2.2.31 (65cde28): /usr/local/etc/dovecot/dovecot.conf
> > # Pigeonhole version 0.4.19 (e5c7051)
> > # OS: FreeBSD 11.1-PRERELEASE amd64
> > auth_mechanisms = plain login
> > auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
> > thejonesonair.com thejonesonair.net
> > default_vsz_limit = 1 G
> > deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
> > doveadm_password =  # hidden, use -P to show it
> > first_valid_gid = 0
> > first_valid_uid = 0
> > lda_mailbox_autocreate = yes
> > listen = 192.147.25.65, ::
> > lmtp_save_to_detail_mailbox = yes
> > login_access_sockets = tcpwrap
> > mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
> > mail_location = mbox:~/mail:INBOX=~/mail/INBOX
> > mail_log_prefix = "%s(%u/%p): "
> > mail_plugins = " fts fts_solr notify stats virtual"
> > mail_privileged_group = mail
> > mail_server_admin = mailto:l...@lerctr.org
> > mail_server_comment = LERCTR Mail Server
> > mailbox_list_index = yes
> > managesieve_notify_capability = mailto
> > managesieve_sieve_capability = fileinto reject envelope encoded-character
> > vacation subaddress comparator-i;ascii-numeric relational regex
> imap4flags
> > copy include variables body enotify environment mailbox date index ihave
> > duplicate mime foreverypart extracttext vacation-seconds editheader
> > mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve
> > namespace archive {
> >   hidden = no
> >   list = no
> >   location = mbox:~/MAIL-ARCHIVE
> >   prefix = ARCHIVE/
> >   separator = /
> > }
> > namespace inbox {
> >   inbox = yes
> >   location =
> >   mailbox Drafts {
> > special_use = \Drafts
> >   }
> >   mailbox INBOX {
> > auto = create
> >   }
> >   mailbox SENT {
> > special_use = \Sent
> >   }
> >   mailbox SPAM {
> > special_use = \Junk
> >   }
> >   mailbox "Sent Messages" {
> > special_use = \Sent
> >   }
> >   mailbox Trash {
> > special_use = \Trash
> >   }
> >   mailbox virtual/Flagged {
> > special_use = \Flagged
> >   }
> >   mailbox virtual/all {
> > special_use = \All
> >   }
> >   prefix =
> > }
> > namespace virtual {
> >   hidden = no
> >   list = yes
> >   location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
> >   prefix = Virtual/
> >   separator = /
> > }
> > passdb {
> >   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
> >   driver = sql
> > }
> > passdb {
> >   args = user=%Ln noauthenticate
> >   driver = static
> >   skip = authenticated
> > }
> > passdb {
> >   args = failure_show_msg=yes session=yes max_requests=20
> >   driver = pam
> >   skip = authenticated
> > }
> > plugin {
> >   fts = solr
> >   fts_autoindex = yes
> >   fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
> >   fts_tika = http://localhost:9998/tika/
> >   imapsieve_mailbox1_before = file:/usr/local/share/dovecot-
> > pigeonhole/sieve/report-spam.sieve
> >   imapsieve_mailbox1_causes = COPY
> >   imapsieve_mailbox1_name = SPAM
> >   imapsieve_mailbox2_before = file:/usr/local/share/dovecot-
> > pigeonhole/sieve/report-ham.sieve
> >   imapsieve_mailbox2_causes = COPY
> >   imapsieve_mailbox2_from = SPAM
> >   imapsieve_mailbox2_name = *
> >   imapsieve_url = sieve://thebighonker.lerctr.org
> >   mail_log_events = delete undelete expunge copy mailbox_delete
> > mailbox_rename flag_change append
> >   mail_log_fields = uid box msgid size from subject vsize flags
> >   recipient_delimiter = +
> >   sieve = ~/.dovecot.sieve
> >   sieve_dir = ~/sieve
> >   sieve_execute_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve
> >   sieve_extensions = +editheader +vacation-seconds +mboxmetadata
> > +servermetadata
> >   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> >   sieve_pipe_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve
> >   sieve_plugins = sieve_imapsieve sieve_extprograms
> >   stats_command_min_time = 1 mins
> >   stats_domain_min_time = 12 hours
> >   stats_ip_min_time = 12 hours
> >   stats_memory_limit = 16 M
> >   stats_refresh = 5s
> >   stats_session_min_time = 15 mins
> >   stats_track_cmds = yes
> >   stats_user_min_time = 1 hours
> > }
> > protocols = imap pop3 lmtp sieve
> > service auth {
> >   unix_listener auth-client {
> > mode = 0666
> >   }
> >   unix_listener auth-master {
> > mode = 0666
> >   }
> > }
> > service doveadm {
> >   inet_listener http {
> > port = 8080
> > ssl = yes
> >   }
> > }
> > service 

Re: STARTTLS issue with sieve

[Roger Klorese]

But if it won’t trust that copy, that invalidates the chain, right?

On Sun, Jul 9, 2017 at 9:48 AM Heiko Schlittermann 
wrote:

> Alexander Dalloz  (So 09 Jul 2017 13:14:56 CEST):
> …
> > It is wrong to send the root CA along with the intermediate and server
> > certificates. The root CA cert must be in the CA trust bundle of the
> client.
>
> I wouldn't say it is wrong. But it should be useless, as the client
> wont trust the root CA it received. The client should trust only its
> copy of the root CA.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
> --
>  SCHLITTERMANN.de  internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --- key ID: F69376CE -
>  ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -
>

Moving from CentOS to GF RPMs

[Roger Klorese]

Does anyone have fool-proof documentation for this fool on how to configure
repos and what operations to perform to move from the distro RPMs to the GF
ones without breaking stuff?

Re: Clamping down on mailbox sizes...

[Roger Klorese]

I'd take the opposite approach and tell them no new mail will be received
until they are under quota.
On Tue, Jan 24, 2017 at 4:52 PM SH Development 
wrote:

> I don’t want to do this for all users….but…
>
> I have a few users who insist that they use their mailboxes regularly and
> don’t want it cancelled.  Fine.  But they won’t clean them out either.
>
> What steps would you all recommend for setting quotas on some users but
> not others?
>
> Specifically starting out with identifying WHICH accounts have excessive
> amounts of crap in them, by age, then sending them a notice stating they
> are going to get limited, then deleting mail older than x number of days if
> they don’t do it themselves by a certain time frame...
>
> Thoughts?
>
> Jeff

Re: Relative home path not allowed - but how is this relative?

[Roger Klorese]

Never mind - query was a little screwed up...!

Got it now. Thanks.

On Sat, Jan 21, 2017 at 5:33 PM, Roger Klorese <rogerklor...@gmail.com>
wrote:

> I just set up my server with MySQL support for
> authentication/authorization compatible with Postfix Admin.
>
> Initially, I was getting the "Relative home directory paths not supported"
> message, and it's easy to see why - Postfix Admin stores the maildir as
> "$domain/$userpart@$domain".
>
> But the directories in 10-mail.conf are set as
>
> mail_location = maildir:/home/mailboxes/%d/%u
> mail_home = maildir:/home/mailboxes/%d/%u
>
> ...and the user_query has been revised to:
>
> user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir
> FROM mailbox WHERE username = '%u';
>
> ...so how are any of these relative paths?
>

Relative home path not allowed - but how is this relative?

[Roger Klorese]

I just set up my server with MySQL support for authentication/authorization
compatible with Postfix Admin.

Initially, I was getting the "Relative home directory paths not supported"
message, and it's easy to see why - Postfix Admin stores the maildir as
"$domain/$userpart@$domain".

But the directories in 10-mail.conf are set as

mail_location = maildir:/home/mailboxes/%d/%u
mail_home = maildir:/home/mailboxes/%d/%u

...and the user_query has been revised to:

user_query = SELECT concat('/home/mailboxes/', maildir) as full_maildir
FROM mailbox WHERE username = '%u';

...so how are any of these relative paths?

Re: [Dovecot] sendmail to postfix-dovecot

[Roger]

OK,

My dovecot-sql.conf.ext  looks like this:

connect = host=127.0.0.1 port=3306 user=postfix password=blabla
dbname=postfix
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,\
'5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,\
concat('*:bytes=', quota) AS userdb_quota_rule\
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail,
'5000' AS uid, '5000' AS gid,\
concat('*:bytes=', quota) AS quota_rule\
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
#iterate_query = SELECT username AS user FROM mailbox

-Oorspronkelijk bericht-
Van: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] Namens
Steffen Kaiser
Verzonden: donderdag 28 november 2013 10:09
Aan: R. Berger
CC: dovecot@dovecot.org
Onderwerp: Re: [Dovecot] sendmail to postfix-dovecot

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 27 Nov 2013, R. Berger wrote:

 Steffen Kaiser schreef op 27-11-2013 17:48:
 On Wed, 27 Nov 2013, Benny Pedersen wrote:
 
 Roger Berger skrev den 2013-11-27 11:41:
 If I understand right it is not possible to use system and virtual 
 users together.
 
 incorrect it is, see here http://wiki2.dovecot.org/VirtualUsers part 
 of usernames and domains
 
 its all about dovecot auth how its configured, if you want both 
 system and virtual users make sure system users get domain stripped 
 in auth
 
 in addition to Benny's remark, you can also override the username, e.g. 
 system users may auth without domain, but passdb/userdb return the 
 user with domain. Then you can have all users as virtual user/domain.
 
 But probably using two userdb's is easier to maintain.

 Here is my dovecot -n:
 root@mail:/usr/local/etc/dovecot/conf.d # dovecot -n # 2.2.6: 
 /usr/local/etc/dovecot/dovecot.conf

 mail_location = maildir:~/

you should not use the home directory as base for mail storage, use
~/Maildir

 passdb {
   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
   driver = sql
 }

 userdb {
  driver = prefetch
 }
 userdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
 }


 I've been thinking about this and I want to put all system users in 
 the database using the provided tools from postfixadmin and then sync 
 the mail using imapsync.

OK, then all user data are in the SQL database.

 In that case domain admins can handle their own mailboxes using
postfixadmin.
 In that case I have all users as virtual users, but they have to be 
 able to login with only their username.
 That means new users should login by using their complete emailaddress 
 and old users as username or emailaddress.
 so:
 old user: i...@domain1.com user: info can login as info or 
 i...@domain1.com old user: i...@domain2.com user: info.ltd can login 
 as info.ltd or i...@domain2.com new user: i...@domain3.com can login 
 only as i...@domain3.com if the new user tries to login as info he 
 gets a password failure Is this possible an correct ?

configure your SQL query so, that i...@domain1.com and info hits the same
entry and that the username is overwritten (field user, IMHO) to
i...@domain1.com. Then this user can login as i...@domain1.com or info with
the same password, internally Dovecot handles all mail as i...@domain1.com
only.

Do the same for all other users as appropriate.

One can craft the database like so:

+ one table with the user data of i...@domain1.com, username, password
a.s.o.

+ one table with alias names and foreign key of user data table

+ the select for passdb joins both tables

Search the list and wiki for such setup, e.g. 
http://wiki2.dovecot.org/PasswordDatabase?highlight=%28username%29

- -- 
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUpcIHl3r2wJMiz2NAQL5tgf/c130rwnZvXqNQOKiMpympmIZQhEmTMbd
skSn+Bq7oLlU1nR3ao8HrdPmDlKeJYDUgU2Gr2U1Gw8z247TdFCQhLczFrm0gL+J
gDUGS35sNVo6muSPlXGuTRL3J0kFDZX25Ic6APsvahk6HJGg3Z65cmYDLvi9PiyN
TYysA4/zHmn0rZqzAdmeJdRF5VdW4CcDJ2ThKfbUVDgVYhRLRV1NhxK1sujkAWR8
WRTd96iB7dqNZo4SMkxQ9qhwL+HmfyWY2z2WVniqkhzUSRuc3v/StOU4/T4EaUTA
wrM9TbHOWU7KU3DAmFj9TuVNP0KU2eINREainhl86IBrK5HTCY1NTQ==
=0voO
-END PGP SIGNATURE-

OK,
I have changed my mail_location. But the mysql is a bit off a hassle. If I
add tables to the database, will it still work with postfixadmin?

My dovecot-sql.conf.ext  looks like this:

connect = host=127.0.0.1 port=3306 user=postfix password=blabla
dbname=postfix
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home,\
'5000' AS userdb_uid, '5000' AS userdb_gid, allow_nets,\
concat('*:bytes=', quota) AS userdb_quota_rule\
FROM mailbox WHERE username='%u' AND domain='%d' AND active=1
user_query = SELECT CONCAT('/mail/', maildir) AS home, 'maildir:~/' as mail,
'5000' AS uid, '5000' AS gid,\
concat('*:bytes=', quota) AS quota_rule

[Dovecot] sendmail to postfix-dovecot

[Roger Berger]

Hi,
I am a newbie to postfix and dovecot so I hope you can help me.
I have an old server running sendmail for many years now. On this server I have 
about 100 domains and 500 users. The users are named as myuser or myuser.dom. 
People use pop3 and imap for fetching reading their email. I've setup a new 
server with postfix and dovecot2 on freebsd and managed to get it all working 
with virtual users.
However, now I found out that I overlooked something; People have to login with 
usern...@domain.tldmailto:usern...@domain.tld on the new server but only use 
their username on the old server. This means they all have to change their 
login credentials, which is not an option.
Is it possible to do some scripting before authentication where the username is 
looked up in the database and the right domain is added to the account? If I 
understand right it is not possible to use system and virtual users together.

Thanks,
Roger

[Dovecot] Corrupted squat uidlist file

[Roger Lynn]

Hi,

I frequently get errors similar to this logged:
Mar  5 17:49:20 alphonse dovecot: imap(roger): Error: Corrupted squat
uidlist file /home/roger/Maildir/.Debian/dovecot.index.search.uids: wrong
indexid

I am running the Debian package version 1:2.1.7-7 on an up to date Debian
Testing system with ext4 filing systems. 'doveadm index -A *' is run six
nights a week and 'doveadm fts rescan -A' on the seventh night. The output
of 'doveconf -n' should be attached.

Is this something to be worried about? Am I doing something wrong?

Thanks,

Roger
$ doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.0 
auth_username_format = %Ln
first_valid_uid = 1000
last_valid_uid = 1
listen = 127.0.0.1, 217.169.26.194
mail_access_groups = sharedmail
mail_location = maildir:~/Maildir
mail_plugins =  zlib fts fts_squat acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = children
  location = maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%n
  prefix = shared/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Archives {
special_use = \Archive
  }
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  driver = pam
}
plugin {
  acl = vfile
  acl_anyone = allow
  acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  antispam_backend = pipe
  antispam_pipe_program = /usr/bin/spamc
  antispam_pipe_program_notspam_arg = --reporttype=revoke
  antispam_pipe_program_spam_arg = --reporttype=report
  antispam_pipe_tmpdir = /tmp
  antispam_spam = Junk;Junk E-mail
  antispam_trash = Trash;Deleted Items
  fts = squat
  fts_squat = partial=4 full=10
  recipient_delimiter = -
  sieve = ~/Maildir/dovecot.sieve
  sieve_before = /etc/dovecot/sieve/before.sieve
  sieve_dir = ~/Maildir/sieve
}
protocols =  imap lmtp sieve
service auth {
  unix_listener auth-client {
user = Debian-exim
  }
}
service indexer-worker {
  vsz_limit = 512 M
}
ssl_cert = /etc/ssl/certs/mail_server.pem
ssl_cipher_list = HIGH
ssl_key = /etc/ssl/private/mail_privatekey.pem
userdb {
  driver = passwd
}
protocol lmtp {
  mail_plugins =  zlib fts fts_squat acl sieve
  recipient_delimiter = -
}
protocol imap {
  imap_idle_notify_interval = 5 mins
  mail_plugins =  zlib fts fts_squat acl imap_zlib antispam imap_acl
}

Re: [Dovecot] Thunderbird SSL/TLS client authentication fails - solved with workaround

[Roger Hunen]

On 2012/12/02 22:18, Daniel Parthey wrote:

Roger Hunen wrote:

I am seeking your help with SSL/TLS client authentication.
Unfortunately the authentication fails :(


http://wiki2.dovecot.org/SSL/DovecotConfiguration states:

You may also want to disable the password checking completely. Doing this
currently circumvents Dovecot's security model so it's not recommended to use
it, but it is possible by making the passdb allow logins using any password
(typically requiring nopassword extra field to be returned).

See http://wiki2.dovecot.org/PasswordDatabase/ExtraFields


This sounded like a bad idea at first as it would allow webmail users
to logon without entering a password. However, your suggestion made me
think (and go!) in a direction that I would not have gone on my own.

Thank you for that!

First things first: the solution/workaround :)

* Create two passwd style files
  - mailusers.143 with password and without 'nopassword' extra field
  - mailusers.993 without password but with 'nopassword' extra field

* Configure a passdb (driver=passwd-file) that selects the password
  database file using the %a variable (local port): mailusers.%a

My Dovecot setup now

* does not require a valid password for connections to the imaps
  port (993); the username is taken from the certificate that is
  issued by a trusted CA.

* does require a password for connections to the imap port (143).

Currently the system supports very few users, so working with two
passwd files is not a problem. For the future I plan to use a mysql
database with two different queries on the same table based on the
local port number.

For those who are interested: read on for some more findings...

* As far as I can tell (from docs and source) Dovecot supports only
  username/password based authentication schemes. There is no such
  thing as certificate based authentication (unless I have overlooked
  something or it is undocumented).

* Even if 'auth_ssl_username_from_cert=yes' Dovecot will only take
  the username from the certificate if the client sends username and
  password to logon.

* When configured to use TLS Certificate authentication Thunderbird
  will not send a username/password to logon. Thunderbird considers
  the authentication done once the SSL handshake has completed. Given
  the above this is a recipe for failure.

* With 'auth_ssl_username_from_cert=yes' Dovecot will ignore the given
  username and use the designated field in the certificate instead
  (usually commonName). Together with the 'nopasswd' extra field a
  certificate based authentication scheme can be implemented. The
  client must be configured to use username and password (which will
  be completely ignored by Dovecot as intended in such a setup).

* Dovecot will log an error if a passwd file record has a non-empty
  password and the 'nopassword' extra field is present. Either can
  be present but not both.

* Dovecot will log an error input is missing end-of-settings line
  if the configuration contains a setting with a name that is not
  valid in the given context. Something like Invalid setting 'x'
  at line y would be more helpful to pinpoint the problem.

* Dovecot documentation is sparse in many respects which makes it
  difficult to use Dovecot to its full potential. I realize though
  that resources are at a premium and that writing documentation
  is not everybody's cup of tea. From a documentation point of view
  Exim4 is an excellent example.

Regards,
-Roger

[Dovecot] Thunderbird SSL/TLS client authentication fails

[Roger Hunen]

Hi,

This is my first post to the list, so greetings to you all!

I am seeking your help with SSL/TLS client authentication.

I currently have the following setup:

* Server:
  - Debian Squeeze (fully patched)
  - OpenSSL 0.9.8o
  - Dovecot v2.1.10 (Debian backport package from Wheezy)
  - SSL listener on port 993 with the Dovecot selfsigned
certificate that was created during installation
  - Virtual users (u...@domain.net) with password in passwd
style file

* Client:
  - Windows XP SP3 (fully patched)
  - Thunderbird 17.0
  - IMAP account using Normal password authentication
  - Roundcube webmail (to be added soon)

This works just fine :)

== I now want to set Thunderbird to use TLS certificate
authentication so that I can safely expose port 993 to
the internet for mobile use.

The idea is that clients with a trusted client certificate
do not need a password so that I can change my password for
Roundcube without having to change passwords on other IMAP
clients (Roundcube will connect to localhost without SSL).

To do so I did the following:
- use XCA (v0.9.3, Windows version) to setup a private
  root CA with a CRL
- export root CA certificate and CRL in PEM format and
  join them into a ca.pem file (order: certificate, CRL)
- configure Dovecot to use the ca.pem file and require a
  client certificate
- use XCA to generate a private key and certificate for
  commonName=u...@mydomain.net
- import certificate and private key into Thunderbird
- change IMAP account setting in Thunderbird to use
  TLS Certificate authentication
- When prompted, select the imported certificate to be
  used for authentication.

Unfortunately the authentication fails :(

Using verbose_ssl=yes I can see in the Dovecot logfile
that Thunderbird connects and that the SSL handshake completes
successfully. Valid certificate is logged for both client
certificate and root CA certificate. This looks so far so
good to me :)

The Dovecot log has the following lines at the point of failure:
imap-login: Warning: SSL alert: where=0x4004, ret=256: warning close notify 
[IP]
imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify 
[IP]
imap-login: Disconnected (no auth attempts in 0 secs): user=, rip=IP, lip=IP, 
TLS, session=ID

(IP address and TLS session ID removed)

The last log line (user=) suggests that Dovecot does not try
to use the commonName from the client certificate as the username
even though (I think) I have configured Dovecot to do so.

The relevant lines in the Dovecot configuration are:

config

auth_mechanisms  = plain
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert  = yes
disable_plaintext_auth   = yes
protocols= imap
ssl  = yes
ssl_ca   = /etc/dovecot/ssl/ca.pem
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_cert_username_field  = commonName
ssl_key  = /etc/ssl/private/dovecot.pem
ssl_parameters_regenerate= 0
ssl_require_crl  = yes
ssl_verify_client_cert   = yes

service imap-login {
  chroot= login
  process_min_avail = 1
  service_count = 1

  inet_listener imap {
port = 143
  }

  inet_listener imaps {
port = 993
ssl  = yes
  }
}

/config

Observation: with auth_ssl_require_client_cert = yes
Dovecot requires Thunderbird to send the client certificate
even when Thunderbird uses Normal password authentication
(authentication only fails if I delete the certificate from
Thunderbird). So the SSL part looks OK to me.

It seems that Dovecot is waiting for the client to logon
over the established SSL/TLS connection instead of taking
the username from the commonName in the certificate.

== What could be going wrong here?

I can post full config and logfile lines if you wnt to.
Except for some possible oversight on my behalf there is
nothing secret in there (I just didn't want to add too
many lines to this already long post).

Regards,
-Roger

Re: [Dovecot] ZFS Filesystem Quota under Solaris 10 and Sparc

[Roger Fujii]

*Jürgen Obermann wrote:*

Since we upgraded last year to Solaris 10 with zfs filesystems on our
Sparc server still using a similar setup with separate filesystems for
home directories and inboxes we have no working quota plugin anymore.
Currently we use dovecot 2.0.13.

Are there any plans or whishes to get the filesystem quota code
working again under zfs and Solaris?
   

How are you setting up the zfs quotas?  The original zfs
implementation didn't have user quotas.  You could only
add quotas to individual file systems as a whole.   They apparently
added it into the source base in 2009:
   http://blogs.oracle.com/chrisg/entry/user_and_group_quotas_for
but I'm not sure when/if  it made it to production.
My sol10u8 * (10/09) has it in the man page, but I know some things
in the man page isn't in s10 (like sharesmb), so, as they say, ymmv.

The current doc for user quotas are here:
http://download.oracle.com/docs/cd/E19253-01/819-5461/gazud/index.html

If you don't want to use the filesystem quotas, you have to change
your rules/configuration to match what dovecot has.  See
doc/wiki/Quota.Configuration.txt.Hope this helps.

-r

[Dovecot] 2.0.12 ipwd.c does not compile under solaris

[Roger Fujii]

the new src/lib/ipwd.c introduced in 2.0.12 no longer compiles on 
solaris.   Under solaris,
the *_r routines doesn't pass in result as the last parameter and return 
errno - it just returns result.

obviously a job for configure.

--

Roger Fujiir...@lookhere.com

[Dovecot] improved create dovecot certificate script

[Roger Oot]

If anybody is interested, which they are probably not,
here is an improved and more rigorous version of mkcert.sh


#! /bin/sh

#*#
#|
#|  file : /root/apps/share/sh/create_dovecot_certificate
#|
#*---*#

BELL=\007

DOVECOT_DIR=${DOVECOT_DIR-/var/lib/dovecot}

OPENSSL=${OPENSSL-openssl}

OPENSSL_CONF=${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf}

#.#

certificates_dir=${DOVECOT_DIR}/certificates

echo=/bin/echo -e

error=${BELL}%ERROR -

#*---*#

check_directory ()
{

 directory=${1}

#.#

 if [ \( ! \( -d ${directory} \) \) ]
 then

  mkdir -m 700 ${directory} 2 /dev/null
  status=${?}

  if [ ${status} -ne 0 ]
  then
   ${echo} ${error} directory  ${directory}  cannot be created! 2
   exit 2
  fi

  chgrp dovecot ${directory}

 fi

#.#

 return 0

}

#*---*#

check_executable ()
{

 executable=${1}

#.#

 if [ \( ! \( -x `which ${executable} 2 /dev/null` \) \) ]
 then
  ${echo} ${error} executable  ${executable}  could not be found! 2
  exit 1
 fi

#.#

 return 0

}

#*---*#

check_exists ()
{

 file=${1}
 description=${2}

#.#

 if [ -e ${file} ]
 then

  test ${description} = public certificate  echo

  ${echo} \
  ${error} ${description} file  ${file}  already exists! 2

  test ${description} = public certificate  \
  show_certificate ${certificate}

  exit 6

 fi

#.#

 return 0

}
#*---*#

check_file ()
{

 file=${1}
 description=${2}

#.#

 if [ \( ! \( -e ${file} \) \) ]
 then
  ${echo} ${error} ${description} file  ${file}  does not exist! 2
  exit 3
 fi

 if [ \( ! \( -f ${file} \) \) ]
 then
  ${echo} ${error} ${description}  ${file}  is not a file! 2
  exit 4
 fi

 if [ \( ! \( -s ${file} \) \) ]
 then
  ${echo} ${error} ${description} file  ${file}  is empty! 2
  exit 5
 fi

#.#

 return 0

}

#*---*#

create_certificate ()
{

 configuration=${1}
 directory=${2}

#.#

 name=`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot

 certificate=${directory}/${name}.crt
 check_exists ${certificate} public certificate

 key=${directory}/${name}.pem
 check_exists ${key} private key

#.#

 ${echo} \nCreating new X509 certificate\n\
with configuration  ${configuration}\nfor  ${name} ...\n

 ${OPENSSL} req -new -x509 -nodes -config ${configuration} \
-days 365 -out ${certificate} -keyout ${key}
 status=${?}

 if [ ${status} -ne 0 ]
 then
  ${echo} ${error} ${OPENSSL} failed with exit status  ${status}! 2
  exit 7
 fi

#.#

 chmod 0400 ${key}
 chmod 0444 ${certificate}

#.#

 return 0

}

#*---*#

show_certificate ()
{

 certificate=${1}

#.#

 echo 

 ${OPENSSL} x509 -in ${certificate} -noout -dates

 echo

 ${OPENSSL} x509 -in ${certificate} -noout -serial

 echo

 ${OPENSSL} x509 -in ${certificate} -noout -subject

 echo

#.#

 return 0

}

#*---*#

check_executable ${OPENSSL}

check_file ${OPENSSL_CONF} openssl configuration

check_directory ${DOVECOT_DIR}

check_directory ${certificates_dir}

create_certificate ${OPENSSL_CONF} ${certificates_dir}

#.#

exit 0

#*#

Re: [Dovecot] Problems with dovecot/sendmail combi.

[Roger]

Steffen Kaiser wrote ..
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Thu, 20 Aug 2009, Roger wrote:
 
  But how do I do that and does that inflict all users on the server (only 
  a part of the users use imap). there are about 200 pop users on the mail 
  server and only 50 of them need imap.
 
 Replace mail_location:
 
 mail_location: maildir:~/Maildir:INBOX=/var/mail/%u
 
 then imap_sync
 
 POP and IMAP users don't care about server-side storage format.
 
 Bye,
 
 - -- 
 Steffen Kaiser
Looks like this is working, imapsync now nicely makes the subfolders. But, when 
I try to log in from the webmail server I got this error:
IMAP(sannevdh): Error: stat(/var/mail/sannevdh/tmp) failed: Not a directory

I changed the dovecot.conf to this:
mail_location: maildir:~/Maildir:INBOX=/var/mail/%u
and
namespace:
  type: private
  separator: /
  prefix: #mbox/
  location: maildir:~/Maildir:INBOX=/var/mail/%u
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: private
  separator: .
  location: maildir:~/Maildir
  list: no
  subscriptions: yes

[Dovecot] Problems with dovecot/sendmail combi.

[Roger Berger]

Hi,

I am really stuck here. I am trying to setup imap for an external mail server. 
I have a freebsd server running sendmail / dovecot. I am transfering the 
existing mail from an exchange 2003 server to the mailserver using imapsync. 
This works fine, but gives errors when it tries to make a submap, also 
thunderbird gives an error Mailbox doesn't allow inferior mailboxes when I 
try to make a submap. I found out that it has something to do with the mbox not 
able to have submaps and there should be a workaround using namespaces. I tried 
several setups but keep getting errors. Does anybody know how to configure 
namespaces to allow submaps?

dovecot -n
# 1.2.3: /usr/local/etc/dovecot.conf
# OS: FreeBSD 6.4-STABLE i386
log_path: /var/log/dovecot.log
protocols: imap imaps pop3 pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_process_per_connection: no
login_processes_count: 4
verbose_proctitle: yes
first_valid_gid: 0
mail_access_groups: mail
mail_location: mbox:~/mail:INBOX=/var/mail/%u
mail_debug: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh 
tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh 
tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
  type: private
  separator: /
  prefix: #mbox/
  location: mbox:~/mail:INBOX=/var/mail/%u
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: private
  separator: /
  location: maildir:~/mail
  list: yes
  subscriptions: yes
lda:
  postmaster_address: postmas...@example.com
  sendmail_path: /usr/sbin/sendmail
auth default:
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
driver: pam
  userdb:
driver: passwd

mbox is in /var/mail/%u
and home dir is in /home/mailusers/%u

Re: [Dovecot] Problems with dovecot/sendmail combi.

[Roger]

Yes,

But how do I do that and does that inflict all users on the server (only a part 
of the users use imap). there are about 200 pop users on the mail server and 
only 50 of them need imap.

Thanks,

Roger

Charles Marcus wrote ..
 On 8/20/2009, Roger Berger (dove...@berger.nl) wrote:
  I found out that it has something to do with the mbox not able to
  have submaps and there should be a workaround using namespaces. I
  tried several setups but keep getting errors. Does anybody know how
  to configure namespaces to allow submaps?
 
 Assuming you mean subFOLDERS, my recommendation is to convert to maildir
 at the same time.
 
 -- 
 
 Best regards,
 
 Charles

[Dovecot] automounting home dirs

[Roger Hale]

Hi,

I'm running dovecot-1.0.10 on a Solaris 10 server with home dirs automounted 
over NFS. I have set the mail_location configuration option so that nothing 
should be written to a user's home dir over NFS but, as far as I can tell, 
dovecot still by default tries to chdir to a user's home dir when reading mail, 
although this is not required. This creates additional unnecessary load on a 
heavily-loaded fileserver and generally slows everything down and creates an 
unnecessary dependency. 

Is there a way to prevent dovecot from causing the home dirs to be mounted?

I found this thread: 
http://markmail.org/message/umywuppl3vvzfe4p#query:dovecot%20mount%20home%20directory+page:3+mid:fgr4g6pup5y6qbcr+state:results
which discusses the same problem, but it's quite old and there doesn't seem to 
be a definitive answer other than hacking the passwd file or the code. 

Is there a more elegant solution?

TIA.

_
Get a bird’s eye view of the world with Multimap
http://clk.atdmt.com/GBL/go/115454059/direct/01/

Re: [Dovecot] automounting home dirs

[Roger Hale]

  I'm running dovecot-1.0.10 on a Solaris 10 server with home dirs
  automounted over NFS. I have set the mail_location configuration
  option so that nothing should be written to a user's home dir over
  NFS but, as far as I can tell, dovecot still by default tries to
  chdir to a user's home dir when reading mail, although this is not
  required. This creates additional unnecessary load on a
  heavily-loaded fileserver and generally slows everything down and
  creates an unnecessary dependency.
  
  Is there a way to prevent dovecot from causing the home dirs to be
  mounted?
 
 You can override the home dir returned by your userdb with a 
 variable-expanded, static value by adding home to args[1].  You need 
 to be careful and make sure that Dovecot doesn't use anything in the 
 users' home dirs.  You may need to set mail_location and/or mail and 
 create a virtual home-dir tree local to the Dovecot server.

Thanks. Are you suggesting I add something like the following?
userdb static {
  args = home=/some/random/dir
}
Incidentally, what I really wanted was for the user's home dir only to be 
mounted for imap connections (when it could be usefully used), not POP3. I 
thought by moving the indexes dir this would just happen.

 
 Posting `dovecot -n` output would help.

# 1.0.10: /usr/local/etc/dovecot.conf
protocols: imap imaps pop3s
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_extra_groups: mail
mail_location: 
mbox:/var/mail/.mboxes/%u:INBOX=/var/mail/%u:INDEX=/var/mail/.indexes/%u
mail_debug: yes
mmap_disable: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_reuse_xuidl(default): no
pop3_reuse_xuidl(imap): no
pop3_reuse_xuidl(pop3): yes
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xv%08Xu
auth default:
  mechanisms: plain login
  passdb:
driver: pam
  userdb:
driver: passwd


_
Get a bird’s eye view of the world with Multimap
http://clk.atdmt.com/GBL/go/115454059/direct/01/

[Dovecot] mail_location NFS mounted home dirs

[Roger Hale]

Hi,

I'm fairly new to Dovecot, migrating from a POP-only system with /var/mail only 
mailboxes. I'm currently on version 1.0.10 on Solaris 10, but I don't think 
that's relevant to the question. 

I'm a little overwhelmed by the number of configuration options at the moment. 
I took the standard 

mail_location = mbox:~/mail:INBOX=/var/mail/%u

setting in dovecot.conf. This mostly works fine, but home dirs are NFS mounted 
and in the event that an NFS server is down users cannot read their mail. This 
is the case even for users who only use POP. 

So, my question is, do folks on this list have good suggestions for optimum 
ways to deal with this so that users (perhaps only POP users) can read their 
mail independent of home directories being available? I think I can make 
something up, but I'd rather take a standard approach if there is one. If this 
has already been discussed I apologise - just point me to it as I didn't find 
it.

Thx,
Roger

_
X Factor: latest video, features and more. Click here!
http://clk.atdmt.com/GBL/go/115454063/direct/01/

[Dovecot] [Sieve] Sendmail problem

[Roger]

Hi All,
it's my first post in this list.
I'm running dovecot 1.0.rc15 on my Debian Etch box. It's working very well but 
I faced a problem with Vacation using Sieve. :-(
In fact, after well configuring the system I dont't receive the vacation 
message, and in the log I found:

deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Info: cmusieve: Using sieve 
path: /home/path/to/my/homedir/.dovecot.sieve
deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Error: Sendmail process 
terminated abnormally, exit status 75
deliver([EMAIL PROTECTED]): 2008-01-19 12:05:32 Info: sieve runtim error: 
Vacation: Error sending mail.

Any idea about the reason this happen and how to solve?

Thank a lot for your help
Roger

[Dovecot] plain authentication

[Roger D. Vargas]

After upgrading my server I have found that Im not able to use plain auth
for clients conecting from outside server. localhost clients (pine,
webmail) works fine, but if I use Thunderbird I got an error saying that
server requires TLS or SSL. But if I enable TLS or SSL I got more errors.
I have tried sevral combinations, but havent found a working one.

Here is my config, can somebody see what Im doing wrong?
# /etc/dovecot/dovecot.conf
protocols: imap pop3
ssl_disable: yes
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
mail_extra_groups: mail
mail_location: mbox:~/mail/:INBOX=/var/spool/mail/%u
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
  passdb:
driver: shadow
  userdb:
driver: passwd

-- 
Roger D. Vargas
http://dsgp.blogspot.com

Re: [Dovecot] using 'socat' to relay Dovecot SASL's auth socket over TCP?

[Roger Binns]

snowcrash wrote:
 which, iiuc (?), can bidirectionally bridge the Dovecot unix-socket to
 a TCP socket that Exim can talk/listen to.

I've used socat extensively on a completely unrelated project in order
to bridge UNIX domain sockets across machines.

I assume you currently have this:

  exim -  /some/unix/socket - dovecot-auth

If you want to use socat, then make sure it is installed on both
machines.  You can bridge using ssh (recommended) or just plain TCP/IP.

For ssh, run the following command on eximhost:

  socat -t 10 UNIX-LISTEN:/some/unix/socket,fork  \
EXEC:ssh [EMAIL PROTECTED] STDIO UNIX:/some/unix/socket

The ssh will need to be able to complete without any form of prompting
(ie you need private/authorized keys setup).

If you don't care about security then you can use TCP connections
between the machines.

On eximhost run this replacing  with your chosen port number:

 socat -t 10 UNIX-LISTEN:/some/unix/socket,fork \
TCP4:dovecot-auth-host:

On dovecot-auth-host run:

 socat TCP4-LISTEN:,fork \
UNIX:/some/unix/socket

The -t 10 option waits for 10 seconds after one direction is closed
before closing the other direction.  The socat default is .5 seconds
which I found problematic on higher latency links.

Roger

Re: [Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted

[Roger Binns]

Charles Marcus wrote:
 Curious... was this copy/pasted from dovecot -n output? Or was that last
 line misspelling of 'maildur' a typo?
 
 Just one reason why copy/pasted output of dovecot -n is preferred...

It was manually retyping.  I was rebuilding a new server which I did by
putting a new harddisk in my workstation and then making a VMWare guest
using the raw disk.  I don't install any of the vmware crud in that
guest since it is a pain to get rid of and disk would be the new primary
disk in a physical machine anyway.  Consequently I had no copy and paste
capability and had to retype manually.

SSH would have been one alternative, but the ssh connections hang
between a host and guest on the same machine under some circumstances
(and always for me).  It is some tcp level issue that I didn't bother
resolving.

But I am happy to have successfully migrated from Gentoo qmail,
maildrop, courier and sqwebmail to Ubuntu postfix, procmail, dovecot and
squirrelmail.

Roger

[Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted

[Roger Binns]

I'm using the dovecot available on Ubuntu Feisty (1.0rc17) and am trying
to migrate from courier-imap.  A really important feature for me from
courier is that expunged messages end up in Trash where they are removed
after 7 days.

I can get an approximation of this feature as described in the
documentation:

namespace private {
  prefix = INBOX.
  seperator = .
  inbox = yes
}
namespace private {
  prefix = DELETED.
  seperator = .
  location = maildur:~/Maildir/deleted
}

  lazy_expunge = DELETED. DELETED. DELETED.

This all works fine except for messages that were deleted from the
Inbox.  They do end up in the right place (~/Maildir/deleted/cur) but
that location is not listed as a subscribable folder.

Here you can see that deleted messages from my ciontope folder show up,
but not the inbox.

a LIST DELETED. *
* LIST (\HasNoChildren) . DELETED.ciontope
a OK List completed.

You can't examine the namespace itself:

a EXAMINE DELETED
a NO Unknown namespace.
a EXAMINE DELETED.
a NO Invalid mailbox name

But the folder does exist:

a EXAMINE DELETED.INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 4 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1181423860] UIDs valid
* OK [UIDNEXT 5] Predicted next UID
a OK [READ-ONLY] Select completed.

Is there any way to convince dovecot to list DELETED.INBOX so that
clients can see it an subscribe to it?

Roger

Re: [Dovecot] lazy_expunge and emails from Inbox, doesn't list INBOX in deleted

[Roger Binns]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Timo Sirainen wrote:
 On Sat, 2007-06-09 at 14:23 -0700, Roger Binns wrote:
 namespace private {
   prefix = DELETED.
   seperator = .
   location = maildur:~/Maildir/deleted
 
 inbox = no
 
 }
 
 Does that help?

Nope.  However I have a disgusting workaround :-)  In Maildir/deleted I
create .INBOX/ and within that directory I then symlink cur/new/tmp to
Maildir/deleted/{cur/new/tmp}.

Everything works fine and the correct content is shown.  I am patiently
waiting for the day when courier style Trash is implemented :-)

 
   lazy_expunge = DELETED. DELETED. DELETED.
 
 Have you tried what happens if you try to expunge mails from
 DELETED.mailbox? When I wrote the code I assumed all those namespaces
 would be different.

It works fine.

Roger

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGbHefmOOfHg372QQRAoFmAKCKINGfDFMUCHoCELSYv37D4iLtzgCgrfNy
lqr8lHaB8D6HCKu7e4iGFnk=
=lGUG
-END PGP SIGNATURE-