Re: [Dovecot] Load Balancing and HA
> On 31-05-2013 12:57, Patrick Westenberg wrote: > > Romer Ventura schrieb: > > > >> Scenario1: This should allow any to lose any of the servers and > >> clients still have access to their emails (although I am not sure how > >> the indexes would react to this and sudden disconnection) > >> > >> - 2 Dovecot Proxy servers, using a virtual IP to where the > >> clients > >> will connect to from the WAN and LAN > >> > >> - 2 Dovecot+Postfix servers with local cache > > > > Your proxy won't reconnect a user to backend B if the backend A fails. > > > But doesn't that depend on how the vitual IP is managed ie what kind of > system is behind it? > For example a simple heartbeat setup would correct this at the cost of one > machine sitting idle. > Other setups using load balancers can correct this. > > There is a better solution using the Director service of Dovecot where users > are assigned to one of several bacend machines and disconnected when idle. > Even, there is a script that monitors the health of the Director backends and > adjusts accordingly (which I haven't personally tried yet). See > http://wiki2.dovecot.org/Director > http://www.dovecot.org/list/dovecot/2010-August/051946.html Well, I am successfully using Ucarp with apache and Mysql to handle the IP handover if a host is down. I also seem to remember reading that using dovecot proxy and deliver, it can send the user to a different backend if any of them are unreachable. If this is not possible, using keepalive/ucarp (since they are simpler than heartbeat) would solve this. I try to stay away from clustering specially since XenServer cant do direct LUN to VM like VMWare can and to minimize the painful split-brain issues we would have to add a 3rd server for quorum... We don’t have a large user base, but being able to shutdown do maintenance on a server during business hours is a plus. We do have a lot of traffic for oure user base, we see around 200K emails per week. This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.
[Dovecot] Load Balancing and HA
Hello, I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios: Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection) - 2 Dovecot Proxy servers, using a virtual IP to where the clients will connect to from the WAN and LAN - 2 Dovecot+Postfix servers with local cache - 2 NFS servers and synced with dsync (mirror, 1 server writes to its own NFS and changes synced to the other via dsync) Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users. - 2 Dovecot+Postfix server with local cache - 2 NFS servers synced with dsync - Make use of DNS MX record priority to provide access to secondary email server Anyone care to comment? Thanks. This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.
[Dovecot] Email migration
Hello, So I am currently running dovecot 1.2.11 on Debian 5 for our production email systems. We just deployed some new Debian 7 servers and we will be upgrading to the latest dovecot version. I've been reading the docs, but I wanted to heard some feedback on the import of all my current email into the new installation. We have 320GB worth of email. Any gotchas I should be prepared for? Any complications I should be aware of when importing all these data? Any thoughts would be appreciated. Thanks. This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.
[Dovecot] Gmail style conversations
Hello, I am wondering if there is any way to support Gmail style conversation when using Dovecot? Someway of associating all inbound and sent emails..? I know that some clients let you display the emails in "conversation" which kinda does what Gmail does, however, it does not associate the Sent emails with it. Thanks for any information. This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.
[Dovecot] GlusterFS + Dovecot
Hello, Has anyone used GlusterFS as storage file system for dovecot or any other email system..? It says that it can be presented as a NFS, CIFS and as GlusterFS using the native client, technically using the client would allow the machine to read and write to it, therefore, I think that Dovecot would not care about it. Correct? Anyone out there used this setup?? Thanks.
Re: [Dovecot] Multiple LDAP authentication servers
So you are saying I can define multiple passdb and userdb, each pointing to a
different ldap config file?
Thanks
Romer Ventura
-Original Message-
From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On
Behalf Of Joseba Torre
Sent: Monday, October 03, 2011 10:22 AM
To: dovecot@dovecot.org
Subject: Re: [Dovecot] Multiple LDAP authentication servers
On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribió:
> Is there any way to get dovecot to try a second LDAP server if the
> first one fails to authenticate..?
Sure; just add a second passdb (maybe you also need a second userdb) pointing
to the other server. Something like
passdb ldap {
args = /usr/local/etc/AD.conf
}
passdb ldap {
args = /usr/local/etc/second.conf
}
HTH
--
Joseba Torre. Vicegerencia de TICs, área de Explotación
Re: [Dovecot] Multiple LDAP authentication servers
-Original Message- From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On Behalf Of Romer Ventura Sent: Monday, October 03, 2011 9:30 AM To: dovecot@dovecot.org Subject: [Dovecot] Multiple LDAP authentication servers Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmas...@h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail ** Also I forgot to mention that these are different domains, we are not authenticating to DOMAIN-AAA.COM and we would like to authenticate to DOMAIN-BBB.LAN while still allowing authentication to DOMAIN-AAA.COM. The Base DNs and domains are different. Possible? Thanks
[Dovecot] Multiple LDAP authentication servers
Hello, We are performing a Domain migration and I was wondering if there was any way to get Dovecot to authenticate to more than 1 LDAP server? Currently dovecot is configure to query the "mail" attribute from Active Directory and when found it binds with the credentials the user provided. This works fine, but when migrating user accounts, they get disabled in the source domain so that the user can no longer log on to it. But disabling the account in the source domain, causes the user to be unable to use his email account. Is there any way to get dovecot to try a second LDAP server if the first one fails to authenticate..? ~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmas...@h-st.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail Thanks ---- Romer Ventura
Re: [Dovecot] Denying authentication
-Original Message- From: dovecot-bounces+rventura=h-st@dovecot.org [mailto:dovecot-bounces+rventura=h-st@dovecot.org] On Behalf Of Simone Caruso Sent: Tuesday, January 11, 2011 12:18 PM To: dovecot@dovecot.org Subject: Re: [Dovecot] Denying authentication > What I would like to know is if there is any way that > I could deny access for users trying to access email via cellphones or > email clients outside the company. I can close everything since there > are a few users that need to get emails from outside the company via > cell phone of email clients. > > > > I was thinking if there was a way to lets say create > a group in AD named: "remote-email" that will allow connection and > authentication from any network, any user not in that group will only > be able to authenticate if the source is 192.168.xx.xx/24. > > > > Is this possible? Read this: http://wiki1.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -- Simone Caruso IT Consultant p.iva: 03045250838 Yeah, but again. There are certain users that will need to access their email from outside our local networks. This would work for half of what I would like to accomplish, the other half: "allow authentication for remote users as long as they belong to certain LDAP group" or something similar is what I am more interested on. Any thoughts? Thanks
[Dovecot] Denying authentication
Hello, I've been running dovecot for over 3 years now and it works with no problems. I have it setup so that it authenticates users against Active Directory via LDAP and so far no problems. What I would like to know is if there is any way that I could deny access for users trying to access email via cellphones or email clients outside the company. I can close everything since there are a few users that need to get emails from outside the company via cell phone of email clients. I was thinking if there was a way to lets say create a group in AD named: "remote-email" that will allow connection and authentication from any network, any user not in that group will only be able to authenticate if the source is 192.168.xx.xx/24. Is this possible? Maybe not with Dovecot, but maybe someone else has any ideas..? Thanks ---- Romer Ventura
Re: [Dovecot] Home directories
Typically when using virtual users all you do is store their emails. Why not introduce "stores"; Something like virtual_store or vstore might work nicely. Thanks ------ Romer Ventura On Aug 24, 2010, at 1:43 PM, William Blunn wrote: On 24/08/2010 15:57, Timo Sirainen wrote: I've noticed that a lot of people are using e.g.: mail_location = maildir:/var/vmail/%d/%n Then either they don't have home directory set, or their home directory is the same as the maildir. http://wiki.dovecot.org/ VirtualUsers/Home explains all the problems of not separate home and mail directories. Also whenever I try to suggest using a separate home and mail directory, the answer is way too often: "But I'm using virtual users. (They don't have home directories.)" So I started wondering. Maybe simply renaming the "home" to something else would help here at least some. Make all of the documentation use only the new word, and add alias for userdb so that the new name and the "home" both work (I guess docs would need to keep using the "home" as field name for some more years). So far I've only come up with "vhome" as the replacement name. Other ideas? Note what follows is more a collection of ideas which jumps around a bit rather than a cogent coherent logical sequence. Is there a potential problem with the term "virtual home" in as much as for system users it is not virtual but the user's (actual) home directory? That being the case I'd avoid the word "virtual". It seems we also want to avoid the word "home". So I see logic in calling it the "user state directory" which could be "userdir" for short. -=- Is there a global configuration directive like "mail_location" wherein the two directives could be placed adjacently? # Note: Fictional example. Does not work. mail_location = maildir:/var/vmail/%d/%n/mail user_state_directory = /var/vmail/%d/%n -=- Could the documentation be re-structured to encourage the configuration of the two parts of the storage 1. Mail directory 2. User state directory ? Then to say words to the effect of: "For virtual user environments, you need to set both of these aspects up. You may want to set up mail as a subdirectory off the user state directory. Alternatively you can put them in separate locations." "For system user environments, you may want to have the user state directory go directly on to the user's home directory / a subdirectory of the user's home directory." -=- Another idea would be to say that, perhaps for Dovecot 2.1 (i.e. a suitably large version bump), that having a configuration which Dovecot could divine leaves things open to filesystem name clashes between the user state directory and the mail directory (or whatever is considered to be a bad outcome of not properly configuring the user state directory) would create a fatal error at daemon start time. Perhaps there could be a configuration directive to override this check, wrapped in suitably comprehensive documentation which means that people who absolutely insist can ice skate uphill, but the path of least resistance would be to configure Dovecot properly. Bill
Re: [Dovecot] Home directories
I use: mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir No problems at all. I went this way because i use templates to deploy new VMs, once running i only have to change the network config on the new VM and add a new virtual disk to it. The disk size depends on the service and data needs. I guess i could have mounted the vdisk into / home/vmail instead of the directory above. Thanks -- Romer Ventura On Aug 24, 2010, at 10:46 AM, Brandon Lamb wrote: On Tue, Aug 24, 2010 at 7:57 AM, Timo Sirainen wrote: I've noticed that a lot of people are using e.g.: mail_location = maildir:/var/vmail/%d/%n Then either they don't have home directory set, or their home directory is the same as the maildir. http://wiki.dovecot.org/VirtualUsers/Home explains all the problems of not separate home and mail directories. Also whenever I try to suggest using a separate home and mail directory, the answer is way too often: "But I'm using virtual users. (They don't have home directories.)" So I started wondering. Maybe simply renaming the "home" to something else would help here at least some. Make all of the documentation use only the new word, and add alias for userdb so that the new name and the "home" both work (I guess docs would need to keep using the "home" as field name for some more years). So far I've only come up with "vhome" as the replacement name. Other ideas? Id like to share my experience that I just went through Sunday. Four years ago I took over as sysadmin, and one of the things I did was clean up our mail system. One of the decisions I made was to get rid of what at the time seemed like an unnecessary extra folder called ".maildir" in every user's directory, which was only mail. So I moved all data to just /mail/domain/initial/username and that seemed to be great. Now however, I am wishing I never did that. I seem to be having issues giving /mail/domain/initial/username as the home and maildir:~/ as the maildir (per user userdb mysql etc). So I started a new quick project to move back to having a maildir folder in the user directory, also so I could then migrate to mdbox by having an mdbox folder there. Well on Sunday I had a mixup and i set all my user's home's to maildir:~/ which had a side effect of *moving* my entire domain folder to a different location, all 468 gigs of it and I thought it had all been deleted, total panic attack and a good two hours of going WTF and wanting to cry since my backup had also started running at the same time so I was missing all kinds of stuff on my live backup server, and to top it off, my third incremental backup server had a bad drive so that was totally flaky. Anyway, I learned two lessons here. 1) Dont procrastinate fixing your backup server even if you have a third and think its not a big deal at the time and 2) I wish I would have kept the "maildir" folder in the user's "home" directory, even if they are virtual users. On a side note, I happened to find my domain's mail directory and successfully merged it back with only minor noise from customers noticing. Good thing it was a sunday and the fair was in town. /rookiemove FTL
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
man pipe
${nexthop}
This macro expands to the next-hop hostname.
This information is modified by the h flag for
case folding.
Thanks
--
Romer Ventura
On May 10, 2010, at 4:23 PM, Phil Howard wrote:
On Mon, May 10, 2010 at 15:25, Jerry
wrote:
From my 'master.cf' file:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver
-f ${sender} -d ${us...@${nexthop}
From 'main.cf' file: (snippet)
virtual_gid_maps = static:1002
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:1002
I want to give this approach a try. But I can't find anything in
the docs
on what ${nexthop} means. I'm not doing any hopping. I don't know
what to
put in here. Is this just the domain? Would that be ${domain}
that I need
to use?
I just gave it a shot. Nothing is happening. Postfix comes up.
Email into
port 25 goes in. But nothing shows up in a mailbox and the log
files are
not created. It's as if deliver doesn't even get run.
Oops ... just found that the mail is showing up in /var/mail/$
{USER} ...
totally wrong place like Postfix is ignoring this and not running
dovecot/deliver at all.
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
try using -d ${recipient}, but change the format of the username in
dovecot.conf
What i did was to set the mail attribute for each user in AD, then
perform a query for it and have dovecot group users by domain, this
way i can have us...@example.net and us...@example.com
Thanks
--
Romer Ventura
On May 10, 2010, at 3:56 PM, Phil Howard wrote:
On Mon, May 10, 2010 at 15:58, Jerry
wrote:
See: http://wiki.dovecot.org/LDA/Postfix
Be sure to read the entire page.
I have a few times. But now I'm getting a bit of a different
perspective on
part of it. The parameters are:
-d : Destination username. If given, the user information is
looked up from dovecot-auth. Typically used with virtual users, but
not
necessarily with system users.
-a : Destination address (e.g. user+...@domain). Default
is the
same as username. (v1.1+ only)
Well, that was actually confusing. I was passing the address via -a
instead
of -d because -d was described as username. That, and I know that
the first
cases of "virtual users" (in sendmail and earlier postfix) was
actually just
a twisted variant of system users, where the left hand side of @
was used
alone, and it didn't support distinct domains (e.g. b...@example.com
and
b...@example.net were both just bob ... even if not the same as bob in
/etc/passwd). And that's why I didn't use -d because in my case, I
do have
different domains, where f...@example.com and f...@example.net are
different
people. So they are separate mailboxes and separate IMAP and submit
logins. Oh, and their passwords may be different, too :-)
It's easy to continue to tie in virtual users to system users when
uniqueness is only on the LHS. So if je...@example.com and
je...@example.net are the same user, and likewise for all users, then
storing the password in /etc/passwd or /etc/shadow suffices (for
those not
wanting to use LDAP, SQL, etc). But when the users need to be
different
across different domains, even though the LHS is the same, now we have
issues with connecting them to system users. And I have seen
people map
usern...@domainname to someothername to lookup in /etc/passwd (that
would be
a nightmare) or just put usern...@domainname in /etc/passwd (not
sure how
well that would work).
But there is more than one semantic for "virtual users". I believe
I have
seen at least four. In my case it will be unrelated to system
users in
/etc/passwd or the setuid() or seteuid() calls. Security will
depend on the
mail application codes, not the underlying OS, to keep one user out of
another's mailbox (or sieve scripts,etc).
So what is virtual_minimum_uid doing for you if virtual_uid_maps is
static? Or why are any of these even relevant if everything is being
piped to a process started via master.cf?
Not really sure. I was told it has something to do with Postfix
itself.
The description of virtual_minumum_uid seemed to suggest that it
was a bound
applied to what you get from virtual_uid_maps in case something was
bad in
the map.
And (problem I posted in a separate thread) does %d get assigned
correctly with the domain name for mail_location = if this method of
running dovecot/deliver is used?
You can either try it or perhaps ask on the Postfix forum.
Maybe it's related to -d vs -a in dovecot/deliver. Postfix was
sending the
full u...@domain to dovecot/deliver, and the %d should have been
filled in
from that by dovecot/deliver. But I was using -a and that may be
wrong.
I'll try with -d instead. Now I get a new error I didn't get before:
Error: Can't connect to auth server at /var/run/dovecot//auth-master:
Permission denied
It's not really clear how it is that worked before.
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
I dont know what else. I tried to chwon postfix:postfix, vmail:vmail, postfix:vmail, vmail:postfix and none of them worked. I had to go with chmod 777 Thanks -- Romer Ventura On May 10, 2010, at 1:42 PM, Charles Marcus wrote: On 2010-05-10 1:59 PM, Romer Ventura wrote: I had to chmod 777 for it to work.. That's pretty much *never* a reasonable solution. -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
Yes, 1001 are the uid and gid in my system, check your /etc/passwd
to get the ones for your system.
mailbox_command = /usr/lib/dovecot/deliver
Thanks
--
Romer Ventura
On May 10, 2010, at 1:56 PM, Phil Howard wrote:
On Mon, May 10, 2010 at 14:44, Romer Ventura
wrote:
What about your postfix conf..?
mine is set to:
virtual_gid_maps = static:1001
virtual_mailbox_base = /srv/mail/vmail/
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap_users.cf
virtual_transport = dovecot
virtual_uid_maps = static:1001
I saw conflicts in the docs for some of that and what I was doing.
What is
uid 1001 on yours? vmail?
What does Postfix do with virtual_mailbox_base ... or why should it
care if
it is passing all deliverables to dovecot/deliver. I'm not using
LDAP, so
that's out. Auth is via Dovecot, and a test to a non-existant user
was
rejected as expected, so it seems the userdb lookup worked. What does
"virtual_transport = dovecot" mean that ...
mailbox_command = /usr/lib/dovecot/deliver -c
/etc/dovecot/dovecot-postfix.conf -a "${RECIPIENT}"
... does not?
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
What about your postfix conf..? mine is set to: virtual_gid_maps = static:1001 virtual_mailbox_base = /srv/mail/vmail/ virtual_mailbox_domains = $mydomain virtual_mailbox_maps = ldap:/etc/postfix/ldap_users.cf virtual_transport = dovecot virtual_uid_maps = static:1001 Thanks -- Romer Ventura On May 10, 2010, at 1:45 PM, Phil Howard wrote: Just realized my email was not going to the list. On Mon, May 10, 2010 at 14:20, Romer Ventura wrote: I am using static uids: mail_uid = vmail mail_gid = vmail user = vmail group = vmail else it will do what you describe. I have that, too. But it's not running the right userid. Deliver is running as the userid Postfix starts it as. How could it be any different since deliver is not suid root (nor should it be, afaik). It seems that I need to tell Postfix a specific userid to run it as (and tell it that userid is vmail). I haven't found how to do that, yet. I'm also getting wrong mail_location. The variable %d comes up empty. I verified that Postfix actually is passing the full u...@domain, in the message header, and in the -a argument (as coded in main.cf mainbox_command =). Maybe I need to make /usr/lib/dovecot/deliver be suid vmail? That would open it up to logged in system users injecting into mailboxes. Thanks -- Romer Ventura On Mon, May 10, 2010 at 13:59, Romer Ventura wrote: I had to chmod 777 for it to work.. I did chmod 777 to see what it would do, and especially, what userid the log files were owned by. Bad news from that ... they are owned by the first user I sent email to. That seems to me to be a Postfix issue where Postfix still thinks I mailing to local system users, and running the deliver program under such a userid. When I start adding users which don't have local system user equivalents, that's going to be a problem Also, I'm finding that in mail_location = the variable %d is empty. It should be the domain. Again, this seems like Postfix is treating local delivery as all-users-are-equivalent for any local domain (and that is definitely not the case). So I need to look at some Postfix config now to see how to make it pass the full email address (u...@domain ... so %...@%d represents the email address), and to run dovecot/deliver as user vmail. At least I'm not using sendmail :-) This old legacy "system user" thing is sure a PITA. It should either be ON or OFF. log files automatically named by the date (and maybe time) ... kind of like in a shell script I would do: `date +/path/to/tree/%Y/%m/% d.log` or such.
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
I am using static uids: mail_uid = vmail mail_gid = vmail user = vmail group = vmail else it will do what you describe. Thanks -- Romer Ventura On Mon, May 10, 2010 at 13:59, Romer Ventura wrote: I had to chmod 777 for it to work.. I did chmod 777 to see what it would do, and especially, what userid the log files were owned by. Bad news from that ... they are owned by the first user I sent email to. That seems to me to be a Postfix issue where Postfix still thinks I mailing to local system users, and running the deliver program under such a userid. When I start adding users which don't have local system user equivalents, that's going to be a problem Also, I'm finding that in mail_location = the variable %d is empty. It should be the domain. Again, this seems like Postfix is treating local delivery as all-users-are-equivalent for any local domain (and that is definitely not the case). So I need to look at some Postfix config now to see how to make it pass the full email address (u...@domain ... so %...@%d represents the email address), and to run dovecot/deliver as user vmail. At least I'm not using sendmail :-) This old legacy "system user" thing is sure a PITA. It should either be ON or OFF. log files automatically named by the date (and maybe time) ... kind of like in a shell script I would do: `date +/path/to/tree/%Y/%m/% d.log` or such.
Re: [Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied
I had to chmod 777 for it to work.. Thanks -- Romer Ventura On May 10, 2010, at 12:33 PM, Phil Howard wrote: I'm getting this ... May 10 12:45:01 eth0 postfix/local[3416]: A788D685F7: to=< x...@.net>, relay=local, delay=13, delays=13/0/0/0.03, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot/error.log: Permission denied ) So I'm looking at http://wiki.dovecot.org/LDA to see what I can do about it. I would have hoped some comments in the example config file would have mentioned this and suggested a default practice solution. Is this something few people or many people encounter (among those using dovecot/ deliver from Postfix)? If I do as the wiki describes and make separate log files for dovecot/deliver to use, do I just make them owned by Postfix? It would seem to me a different directory might be more helpful (absent log files could be created by having the directory permissions. I'm also thinking in terms of log rotations, too ... and I prefer to do log rotations by date stamping rather than pushing sequence numbers (the legacy log rotation). Any chance there are %-style variables I can use in log file/path names to make log files automatically named by the date (and maybe time) ... kind of like in a shell script I would do: `date +/path/to/tree/%Y/%m/% d.log` or such.
[Dovecot] Client cant see emails
Hello, Last Saturday i scp the vmail folder from server1 running SLES to server2 running Debian. Everything went ok and only have a few small problems, but the one to bring up is that some users cant see their new emails. The server receives the emails and puts them in their folder, but the client cant see them. One user's inbox shows last email was received on Friday, however, the Maildir/cur/ shows: -rw--- 1 vmail vmail 42K 2010-05-10 08:40 1273498807.M796425P7283.housigma22,S=42341,W=43018:2, -rw--- 1 vmail vmail 324K 2010-05-10 09:13 1273500815.M763640P10054.housigma22,S=331257,W=335660:2, -rw--- 1 vmail vmail 20K 2010-05-10 09:34 1273502066.M777253P11943.housigma22,S=19857,W=20357:2, -rw--- 1 vmail vmail 8.9K 2010-05-10 09:44 1273502685.M898747P12796.housigma22,S=9035,W=9324:2, -rw--- 1 vmail vmail 7.3K 2010-05-10 09:46 1273502798.M419897P12975.housigma22,S=7386,W=7659:2, -rw--- 1 vmail vmail 9.1K 2010-05-10 09:48 1273502934.M480959P13148.housigma22,S=9228,W=9521:2, -rw--- 1 vmail vmail 74K 2010-05-10 10:02 1273503774.M524188P14327.housigma22,S=75769,W=78183:2, -rw--- 1 vmail vmail 8.6K 2010-05-10 10:08 1273504123.M573796P14820.housigma22,S=8790,W=9032:2, -rw--- 1 vmail vmail 158K 2010-05-10 10:21 1273504907.M531961P15897.housigma22,S=161359,W=166243:2, -rw--- 1 vmail vmail 59K 2010-05-10 10:22 1273504953.M794482P15971.housigma22,S=59529,W=60838:2, -rw--- 1 vmail vmail 301K 2010-05-10 11:03 1273507382.M33967P19462.housigma22,S=307286,W=311302:2, -rw--- 1 vmail vmail 306K 2010-05-10 11:03 1273507387.M136374P19464.housigma22,S=313035,W=317125:2, -rw--- 1 vmail vmail 5.4K 2010-05-10 11:08 1273507736.M805483P19953.housigma22,S=5432,W=5539:2, -rw--- 1 vmail vmail 6.6K 2010-05-10 11:10 1273507842.M113988P20125.housigma22,S=6718,W=6921:2, -rw--- 1 vmail vmail 3.3K 2010-05-10 11:20 1273508415.M94558P20879.housigma22,S=3308,W=3419:2, Any ideas...? # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/ssl/certs/smtpd.crt ssl_key_file: /etc/ssl/private/smtpd.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_user: postfix mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir mbox_write_locks: fcntl dotlock imap_client_workarounds: delay-newmail outlook-idle netscape-eoh lda: postmaster_address: postmas...@somedomain.com auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver-info.log auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth-client mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail Thanks -- Romer Ventura
[Dovecot] migrating maildir from 1.1.7 to 1.2.11
Hello, I have a SLES server running dovecot 1.1.7 and postfix which happens to be the production server. We are dumping all of the paid OSes so i have configured a Debian Lenny server to run the new mail server. The debian server has everything installed and it seems to be working fine. However, i need to get all the mailboxes from the SLES server, will there be any problem if i just copy the "vmail" folder to the new server...? Thanks ------ Romer Ventura
Re: [Dovecot] Apple mail troubles
No problems here using Apple Mail. Used in 2 iMacs, 1 Power Book G4, 6 iPhones and Dovecot IMAP works with no problems at all. Thank On Oct 1, 2009, at 6:57 AM, Frank Bonnet wrote: Hello I have an Apple computer user who has great problems using IMAP and Dovecot. Some same messages seems to stay in two or more folders and are impossible to erase from the Apple mail client Anyone has that kind of troubles ? Thanks
Re: [Dovecot] Dovecot + DRBD/GFS mailstore
Last time i checked the free version of DRBD only supports 2 nodes. The paid version supports 16 nodes. This however, doesnt mean that you cannot use the storage via NFS or SMB/CIFS mount point. Only that the DRBD replication will only happen to 2 nodes. If a third node is supported on the free version, it would be for quorum only. They might have changed it since, but i doubt it. On Aug 24, 2009, at 10:51 AM, Eric Jon Rostetter wrote: Quoting Guy : I'm looking at the possibility of running a pair of servers with Dovecot LDA/imap/pop3 using internal drives with DRBD and GFS (or other clustered FS) for the mail storage and ext3 for the root drive. I'm in testing right now with this setup. Two Dell PE 2900 servers (quad core @ 2.3 GHz, 8 GB RAM, raid 10 for the GFS+DRBD disk, raid 1 for the ext3 disks). Running DRBD as a master/master setup. I added a third node for webmail (Dell PE 2650), but it doesn't do the DRBD or GFS. It is there mostly to make a 3-node cluster versus 2- node cluster, to avoid split-brain type situations. And of course to do the webmail. :) Using MailScanner as the MTA, dovecot for pop/imap, mailman for mailing lists, Horde/IMP/etc for webmail. All held together with RHCS on CentOS 5.3. All services run on only one node at a time, with failover... This may or may not help with GFS lock contention (not for /var/spool/mail, since it is always accessed from both nodes at once, but yes for dovecot indexes since they are only ever accessed on one node at a time, etc). This is probably where performance will really be decided (GFS lock contention). Cluster Status for mailer @ Mon Aug 24 10:27:12 2009 Member Status: Quorate Member Name ID Status -- -- mailer1-hb.localdomain 1 Online, rgmanager mailer2-hb.localdomain 2 Online, Local, rgmanager webmail1-hb.localdomain 3 Online, rgmanager Service Name Owner (Last) State --- - -- - service:Apache mailer1-hb.localdomain started service:Dovecotmailer1-hb.localdomain started service:MailManmailer2-hb.localdomain started service:MailScannermailer2-hb.localdomain started service:VIP-MAIL mailer1-hb.localdomain started service:VIP-SMTP mailer2-hb.localdomain started service:WebMailwebmail1-hb.localdomainstarted Has anyone had experience with a setup like the one I'm suggesting? What was performance like with Dovecot using GFS? So far it is early testing. 63 users, but only about 12 of those are "power users". The performance has been real good so far, but as I say, not many users yet. My GFS is sharing the mail log files (via syslog-ng, what would otherwise be /var/log/maillog), the dovecot index files, the /var/spool/mail/ mbox spool (yes, I use mbox), and "shared" configuration files for the two nodes (mailman data, MailScanner/Sendmail configs, dovecot config, clamav/ spamd config, procmail config, apache config, ssl certificates, etc). If interested, I can let you know about performance once I know more... Thanks Guy -- Eric Rostetter The Department of Physics The University of Texas at Austin This message is provided "AS IS" without warranty of any kind, either expressed or implied. Use this message at your own risk.
Re: [Dovecot] Expunged emails getting automatically deleted
Thanks i ll do that. Your guess might be right. I opened the folders with the client, but i didnt find any auto-expunge feature in Apple Mail 2.1.1 On Jul 28, 2009, at 12:17 PM, Timo Sirainen wrote: On Tue, 2009-07-28 at 13:11 -0400, Timo Sirainen wrote: My guess: Your IMAP client opened the .EXPUNGED/INBOX mailbox and expunged messages in them (some auto-expunge feature?). BTW. You could also enable mail_log plugin. It'll log all copies and expunges so there's no guessing why something got lost.
[Dovecot] Expunged emails getting automatically deleted
Hello, So i had this email in my inbox, i moved it to Folder1/tickets/ folder, then i decided to move the same email back to my inbox and when i went to the inbox it wasnt there nor in Folder1/tickets/ folder... I opened a SSH session to the mail server and went to /srv/mail/ vmail/DOMAIN.COM/rventura/Maildir There i did "ll expunged/.INBOX/cur" and it showed me 300+ emails i then did "cat expunged/.INBOX/cur/the email i needed" and it showed me the email contents and since it was the one i needed i then try to do "mv expunged/.INBOX/cur/email-id" and it returned: mv: cannot stat `expunged/.INBOX/cur/ 1248796845.M207411P29102.housigma20,W=6193:2,STab': No such file or directory I do another "ll expunged/.INBOX/cur/" returns total 0. WTF happened to all my items..? before: # df -h FilesystemSize Used Avail Use% Mounted on /dev/xvda2 38G 30G 6.9G 82% / udev 1.1G 72K 1.1G 1% /dev /dev/xvdb1 50G 40G 7.7G 84% /srv/mail after: # df -h FilesystemSize Used Avail Use% Mounted on /dev/xvda2 38G 30G 6.9G 81% / udev 1.1G 72K 1.1G 1% /dev /dev/xvdb1 50G 40G 7.8G 84% /srv/mail Notice /dev/xvdb1 Avail...? # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_plugins: lazy_expunge imap_client_workarounds: delay-newmail outlook-idle netscape-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: .EXPUNGED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/expunged list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/deleted list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/.EXPUNGED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/deleted/expunged list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: lazy_expunge: .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
Re: [Dovecot] Lost email where did it go...?
It mostly works, sometime it creates them, others it doesnt... The thing is that the users never delete an email, even when they put it in the trash, it has been set up to never delete them, so unless i manually erase those email every 6 months they will never be erased. It is just not there.. # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_plugins: lazy_expunge imap_client_workarounds: delay-newmail outlook-idle netscape-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: .EXPUNGED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/expunged list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/deleted list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/.EXPUNGED/ location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir/deleted/expunged list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: lazy_expunge: .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/ On Jul 7, 2009, at 2:09 PM, Timo Sirainen wrote: On Tue, 2009-07-07 at 11:23 -0500, Romer Ventura wrote: Hello, I have this user that lost an email, even when the server is set up to do lazy expunge. Have you tried that lazy expunge really works correctly? Have you enabled it for POP3 too? What Dovecot version are you using?
[Dovecot] Lost email where did it go...?
Hello, I have this user that lost an email, even when the server is set up to do lazy expunge. The mail server logs show that the message was received, the user also read it and he did reply to it. here is the mail.log Jun 29 07:52:48 mx20 postfix/smtpd[19289]: 0ACD81C443B: client=usxsl050.slb.atosorigin-asp.com[199.6.139.15] Jun 29 07:52:48 mx20 postfix/cleanup[20259]: 0ACD81C443B: message- id=<791a7985471643ba9997a472b6e42...@eur.slb.com> Jun 29 07:52:50 mx20 postfix/qmgr[24622]: 0ACD81C443B: from=, size=405287, nrcpt=1 (queue active) Jun 29 07:52:50 mx20 postfix/smtpd[19289]: disconnect from usxsl050.slb.atosorigin-asp.com[199.6.139.15] Jun 29 07:52:50 mx20 postfix/smtpd[20261]: connect from localhost [127.0.0.1] Jun 29 07:52:50 mx20 postfix/smtpd[20261]: EB9C11C4443: client=localhost[127.0.0.1] Jun 29 07:52:50 mx20 postfix/cleanup[20259]: EB9C11C4443: message- id=<791a7985471643ba9997a472b6e42...@eur.slb.com> Jun 29 07:52:50 mx20 postfix/qmgr[24622]: EB9C11C4443: from=< remoteu...@stonehouse.oilfield.slb.com>, size=406106, nrcpt=1 (queue active) Jun 29 07:52:50 mx20 postfix/smtp[20260]: 0ACD81C443B: to=, relay=127.0.0.1[127.0.0.1]:10025, delay=3.2, delays=2.5/0.01/0/0.7, dsn=2.0.0, status=sent (250 OK, sent 4A48B922_20407_5563_1 EB9C11C4443) Jun 29 07:52:50 mx20 postfix/qmgr[24622]: 0ACD81C443B: removed Jun 29 07:52:50 mx20 postfix/smtpd[20261]: disconnect from localhost [127.0.0.1] Jun 29 07:52:51 mx20 deliver(localu...@mydomain.com): msgid=<791a7985471643ba9997a472b6e42...@eur.slb.com>: saved mail to INBOX But i cant find it anywhere... Is there any way of finding where it went...? I've done: grep -r 'sen...@senderemail' /Maildir/ And it only shows the email my user sent, not the original... any ideas of what happen as well...? Thanks.
[Dovecot] Archiving feature
It would be nice to have some sort of archiving feature on which dovecot can save emails older than N+1 months to either a remote Dovecot server with MySQL as storage or a separate instance of Dovecot running on the same server but storing the emails in MySQL Is any of this possible now, or in the works...? Thanks
Re: [Dovecot] Deleting everything left from lazy expunge
Max, suggested this: find -type d -name 'expunged' | xargs rm -rf works swimmingly... Thanks everyone. On May 20, 2009, at 8:50 AM, Romer Ventura wrote: Hello, My storage is running low and i was wondering what would be the best and easy way of deleting everything within the "deleted" and "expunged" folders for every user...? My mail resides in: /srv/mail/vmail/MYDOMAIN.COM//Maildir/ Thanks..!
[Dovecot] Deleting everything left from lazy expunge
Hello, My storage is running low and i was wondering what would be the best and easy way of deleting everything within the "deleted" and "expunged" folders for every user...? My mail resides in: /srv/mail/vmail/MYDOMAIN.COM//Maildir/ Thanks..!
Re: [Dovecot] Active Directory LDAP authentication fails after a time
i run dovecot 1.1.7 and i have the ldap.conf like this:
base = ou=DOMAIN-Users,dc=domain,dc=com
ldap_version = 3
auth_bind = yes
dn = cn=ldap,cn=Users,dc=domain,dc=com
dnpass = password
I am authenticating against AD2003 and have not have and issue since
it went live back in december... I would say it may be time for you
to update...
On Apr 17, 2009, at 12:40 PM, noahisaac wrote:
Hi -
I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine. It's
serving pop, imap and imaps and authenticating against an Active
Directory
machine. This all works fine at first, but after about two weeks
or so,
dovecot's authentication against AD starts to fail. All of dovecot's
authentication attempts time out. I also have postfix on the same
machine
authenticating against the same AD, and it does not seem to
experience this
issue. If I restart dovecot, the authentication starts working again.
I've gone over /var/log/maillog, but I don't see anything particularly
useful. The only thing I really see is:
dovecot: IMAP(noah): Disconnected for inactivity
Here's some of the relevant portions of my configs:
dovecot.conf
auth default {
mechanisms = plain
passdb ldap {
args = /etc/dovecot-ldap.conf
}
passdb passwd-file {
args = /etc/dovecot/passdb
master = yes
}
userdb static {
args = uid=vmail gid=vmail home=/home/vmail/%u
}
user = root
}
dovecot-ldap.conf
hosts = admachine.domain.com
base = dc=domain,dc=com
ldap_version = 3
auth_bind = yes
auth_bind_userdn = DOMAIN\%u
Does anybody have any ideas about why this is happening, or maybe
just an
idea about how to better troubleshoot it? If you need any more
info, I'll
be happy to provide it. Can I tell dovecot to be a little more
verbose with
it's log entries (I've already got auth_debug set to yes, but I'm not
getting very much info)?
Thanks!
Noah
--
View this message in context: http://www.nabble.com/Active-
Directory-LDAP-authentication-fails-after-a-time-
tp23102450p23102450.html
Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] Setup Question
Looks about right... I have a very similar setup, but i authenticate
to Active Directory via LDAP and it works very good.
If you have or may get more domains i would set up mail_location to
something like this: /home/vmail/%d/%u that way you are ready for
growth and everything is kept organized by domains. Just a thought.
On Apr 17, 2009, at 10:14 AM, Jeff Grossman wrote:
I really want to try and get this plus addressing working correctly
with Dovecot and Postfix. After doing some reading I think I am
going to change my Postfix setup from mailbox_command to
mailbox_transport. I have a few questions to make sure I am
thinking correctly. All of my users are system users. Their mail
is delivered directly to their "/home//Maildir" directory.
Everything works great and I have no problems. Here is what I am
thinking of doing.
1. Create a new vmail user and group.
2. Have all mail delivered for each user to the "/home/vmail/
/"
directory. All mail will be owned by vmail, but that is okay
since Dovecot is the only thing touching the mail files anyway.
3. Change the mail_location setting in dovecot.conf to
"mail_location
= /home/vmail/%u
4. Uncomment the auth_socket_path = /var/run/dovecot/auth-master
setting in dovecot.conf
5. Switch Postfix's main.cf to use "mailbox_transport = dovecot" and
put the following line in master.cf:
1. dovecot unix - n n - - pipe
flags=DR user=vmail:vmail
argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d
${recipient} -n -m ${extension}
6. Copy the current users mail to the new vmail location. What is
the best way to copy it preserving date and time stamps on the
mail?
Did I cover all of the steps are am I missing something? Here is a
copy of my current dovecot -n output. Thanks for any help you can
offer me.
# 1.2.rc3: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.29-1-amd64 x86_64 Debian squeeze/sid
base_dir: /var/run/dovecot/
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/certs/ssl.crt
ssl_key_file: /etc/ssl/private/ssl.key
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
login_dir: /var/run/dovecot//login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
auth default:
mechanisms: plain login
passdb:
driver: pam
userdb:
driver: passwd
plugin:
sieve: sieve
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
I think it is mostly a Entourage problem. I just decided to switch to Apple Mail since it works much better with IMAP than Entourage. On Apr 16, 2009, at 1:41 PM, Mart Pirita wrote: Tere. BTW. Is it possible that all other clients are using STARTTLS (or no encryption) and only Entourage is trying to use smtps port? No, all clients are using same settings. And all clients work with cyrus-sasl, but with Dovecot, Entourage won't work. -- Mart
Re: [Dovecot] Outlook cant delete folders
It doesnt matter if it is an existent account or a new account. If i create folders at any depth i get the error when i try to delete it by right-clicking on the folder and selecting "Delete". Outlook error: Cannot delete the folder. Right-click the folder, and then click on Properties to check your permissions for the folder. See the Folder owner or the administrator to change your permissions. The server responded: "Mailbox doesnt exist: asdf". Now when outlook shows the server responded message, it shows the folder to erase "asdf", however, the real name is ".asdf", would that have something to do with it..? Or does Dovecot takes care of the dot "."..? The mailbox certainly exists: # ll total 68 drwx-- 5 vmail vmail 4096 Mar 4 08:41 .INBOX.cvn drwx-- 5 vmail vmail 4096 Mar 4 08:41 .INBOX.zxcv drwx-- 5 vmail vmail 4096 Mar 4 08:41 .Junk E-mail drwx-- 5 vmail vmail 4096 Mar 4 08:41 .asdf drwx-- 5 vmail vmail 4096 Mar 4 08:41 .asdf.bnsdf drwx-- 5 vmail vmail 4096 Mar 4 08:41 .asdf.sxcv drwx-- 5 vmail vmail 4096 Mar 4 08:41 .dfhfgh drwx-- 5 vmail vmail 4096 Mar 4 08:41 .rturtuy drwx-- 5 vmail vmail 4096 Mar 4 08:41 .yomaam drwx-- 5 vmail vmail 4096 Mar 4 08:41 .zxcv drwx-- 2 vmail vmail 4096 Mar 4 08:40 cur -rw--- 1 vmail vmail 17 Mar 4 08:40 dovecot-uidlist -rw--- 1 vmail vmail8 Mar 4 08:41 dovecot-uidvalidity -rw--- 1 vmail vmail0 Mar 4 08:40 dovecot-uidvalidity.49ae92ce -rw--- 1 vmail vmail 232 Mar 4 08:40 dovecot.index.log drwx-- 2 vmail vmail 4096 Mar 4 08:40 new -rw--- 1 vmail vmail 86 Mar 4 08:41 subscriptions drwx-- 2 vmail vmail 4096 Mar 4 08:40 tmp Thanks On Mar 3, 2009, at 4:40 PM, Timo Sirainen wrote: On Fri, 2009-02-27 at 14:42 -0600, Romer Ventura wrote: Hello, It has been brought to my attention that outlook users cant delete folders from their mailbox. They can move them around and erase emails, but when it comes to folders, they cant.. Any ideas..? Only Outlook users, or everyone? And what exactly do you mean by "can't"? What exactly happens when they try it? mail_plugins: lazy_expunge Could be related to this. Have you tried if it works after disabling this?
Re: [Dovecot] Outlook cant delete folders
I am sorry i meant there are no errors in any of the logs. On Mon, 02 Mar 2009 11:20:16 -0500, Charles Marcus wrote: > On 3/2/2009, Romer Ventura (rvent...@h-st.com) wrote: >> There are errors in the logs.. > > And these errors are ... secret? > --
Re: [Dovecot] Outlook cant delete folders
There are errors in the logs.. On Mar 2, 2009, at 1:47 AM, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 27 Feb 2009, Romer Ventura wrote: It has been brought to my attention that outlook users cant delete folders from their mailbox. They can move them around and erase emails, but when it comes to folders, they cant.. Any ideas..? What are the entries in the logs? Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSauPGHWSIuGy1ktrAQJezwf+PVB3JzA0ddiCoP8TvKfd8VhvppvGbnok 0l2p4ludm5p8Y+DTV2GzzFEJ7AQ7q+kmsOmJx6nSSDiKS5DLhoPatP51rTpq6qQd K3jxbO5p12E3mi38v0N6iDb8iWDfIeci2G9j/Qy6iDwa8FUU8Dzy2RqPhIsWGGsa jxAZEMLt0KVLEKYu2VDOYcC6cPWdAvkEaKUDQkSnXxYHgzcNhB3ggW+jvj6uWQoK Qr3jKZobSXigCXmKhIsuyTi17I0K3XgC7kBhd+omhIzpUv51Gt2KHm2hg/creOvN XMQzWewI37uZHZPoHv6F2hWayvIhhMyWwKy86+98Gc+B8UsoCWKsIg== =w7gb -END PGP SIGNATURE-
[Dovecot] Outlook cant delete folders
Hello, It has been brought to my attention that outlook users cant delete folders from their mailbox. They can move them around and erase emails, but when it comes to folders, they cant.. Any ideas..? # dovecot --version 1.1.7 # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_plugins: lazy_expunge imap_client_workarounds: delay-newmail outlook-idle netscape-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: .EXPUNGED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/expunged list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/deleted list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/.EXPUNGED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/deleted/expunged list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: lazy_expunge: .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
Re: [Dovecot] LDA dovecot with Postfix not workin :-(
enable auth debug in dovecot.conf. then check the logs for more
detailed info.
On Feb 20, 2009, at 2:11 AM, Thorsten Reiser wrote:
Hi, tried to use postfix with virtual users and dovecot
imaps/imap pop3/pop3s workin fine lokal smtp too,
but a remote host is not able to send mail
Debian Etch
uname -a Linux mail 2.6.18-6-xen-amd64
#virtual user
vmail:x:5000:8::/home/vmail:/bin/sh
#master.cf added
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $
{recipient}
#/var/log/mail.info
Feb 19 12:37:51 mail postfix/master[6082]: daemon started --
version 2.3.8,
configuration /etc/postfix
Feb 19 12:37:58 mail postfix/smtpd[6106]: connect from XXX [XXX]
Feb 19 12:37:58 mail postfix/smtpd[6106]: 9D150107C3C4: client=XXX
[XXX],
sasl_method=LOGIN, sasl_username=usern...@email.com
thats all ..
here are my logs
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost ESMTP Postfix (Debian/GNU)
ehlo localhost.com
250-localhost
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN aW5mb0BseC1ob3N0aW5nLmRlAGluZm9AbHgtaG9zdGluZy5kZQB0ZXN0
235 2.0.0 Authentication successful
#master.cf added
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $
{recipient}
#postconf -n
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 10
debug_peer_list = 127.0.0.1
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.server.de, mail, localhost.localdomain, localhost
myhostname = localhost
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = Mail ESMTP
smtpd_helo_required = no
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,permit
smtpd_recipient_restrictions = reject_unauth_pipelining,
permit_sasl_authenticated,permit_mynetworks,
reject_non_fqdn_recipient,reject_unknown_recipient_domain,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
reject_non_fqdn_sender,reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/
smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:8
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vhosts.txt
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:5000
#dovecot -n
# /etc/dovecot/dovecot.conf
log_path: /var/log/dovecot.info
info_log_path: /var/log/dovecot.info
log_timestamp: %d-%m-%Y %H:%M:%S
protocols: imap pop3 imaps pop3s
listen(default): *:10143
listen(imap): *:10143
listen(pop3): *
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_greeting: Mail POP3/IMAP
verbose_proctitle: yes
first_valid_uid: 5000
last_valid_uid: 5000
first_valid_gid: 8
last_valid_gid: 8
mail_privileged_group: mail
mail_location: maildir:/home/vmail/%d/%n
mail_debug: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh
outlook-idle
imap_client_workarounds(imap): delay-newmail netscape-eoh outlook-idle
imap_client_workarounds(pop3): outlook-idle
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /etc/dovecot/userdb
userdb:
driver: passwd-file
args: /etc/dovecot/userdb
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
[Dovecot] Adding new storage
Hello, I am about to add more storage to the mail server and would like to know if it is as simple as it sounds..? I have: dovecot.conf mail_location: maildir:~/Maildir/ and /etc/dovecot/dovecot-ldap.conf with: user_attrs = sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/ So all the mail gets stored at /home/vmail/%Ud/%Ln/Maildir/ so if i add a new volume to the VM lets say /dev/disk3 and mount it to /srv/ vmail and then change the user_attrs = sAMAccountName=mail=maildir:/ home/vmail/%Ud/%Ln/Maildir/ to user_attrs = sAMAccountName=mail=maildir:/srv/vmail/%Ud/%Ln/Maildir/ would it work with no problem..? I would also need to move all the mailboxes already in the old location... I just want to make sure before i do anything.. Thanks
Re: [Dovecot] deleted-to-trash plugin
Outlook 2007 allows you to change the destination of deleted items Check your outlook settings... On Jan 16, 2009, at 3:06 AM, Proskurin Kirill wrote: Hello. Our clients use damn Outlook 2007 and it is can not move deleted messages to Trash folder. As I see dovecot have a experemental plugin "deleted-to-trash" right for this thing. Im aware of word "experemental". Could some one say - does it work good? Does it work with latest Dovecot? -- Best regards, Proskurin Kirill
Re: [Dovecot] Adding Disclaimer to emails
That's what i thought. And it is not me who wants to put the disclaimer... It is the CFO and CEO so if they say put it, i have to put whatever they want to put in it... Thanks On Jan 14, 2009, at 11:02 AM, Eduardo M KALINOWSKI wrote: Romer Ventura escreveu: Hello, I was wondering if it was possible to add a disclaimer to every outgoing email using my setup (Postfix+Dovecot).. Dovecot only deals with allowing users to access the e-mail they've received. This would be a task for postfix. But please, please don't. http://www.goldmark.org/jeff/stupid- disclaimers/ -- Eduardo M Kalinowski edua...@kalinowski.com.br
[Dovecot] Adding Disclaimer to emails
Hello, I was wondering if it was possible to add a disclaimer to every outgoing email using my setup (Postfix+Dovecot)..? Any links or ideas where i should start.? Thanks
[Dovecot] admin tool
Hello, I havent found anything on the topic, but does dovecot has a admin tool like Cyrus..? Thanks -- Romer Ventura Network administrator
[Dovecot] Autocreate wrong version for dovecot's version installed on system.
Hello, I downloaded the dovecot-autocreate-0.1-4.6.i586.rpm made by Time Sirainen from opensuse.org and I am getting the following messages in my logs: Module is for different version 1.0.15: /usr/lib/dovecot/modules/imap/lib90_autocreate_plugin.so Couldn't load required plugins They appear for every attempt to autocreate a folder. So my question is what can I do to make it work with: # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_plugins: lazy_expunge autocreate imap_client_workarounds: delay-newmail outlook-idle netscape-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: .EXPUNGED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/expunged list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/deleted list: yes subscriptions: yes namespace: type: private separator: / prefix: .DELETED/.EXPUNGED/ location: maildir:/home/vmail/%Ud/%Ln/Maildir/deleted/expunged list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: lazy_expunge: .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/ autocreate: Deleted Items autocreate1: Drafts autocreate2: Junk E-mail autocreate3: Outbox autocreate4: Sent Items autosubscribe: Deleted Items autosubscribe1: Drafts autosubscribe2: Junk E-mail autosubscribe3: Outbox autosubscribe4: Sent Items
[Dovecot] MySQL as a storage only.?
Hello, I was wondering is I could use MySQL as storage only..? Meaning that no user information, other than the obvious email address associated with an specific email so that each email can be showed to the right user, will be stored in a MySQL database instead of /home/vmail/DOMAIN/ Would I get any advantages.? Would it be better, faster? Thanks
Re: [Dovecot] dovecot howto?
Those 2 links are too much.
Go here: http://wiki.dovecot.org/HowTo
And here: http://www.linuxmail.info/ <--- Dovecot + postfix
That's all you need.
On 12/10/08 11:49 AM, "Andy Howell" <[EMAIL PROTECTED]> wrote:
> Olaf Zaplinski wrote:
>> Hi,
>>
>> is there a *simple* HOWTO that explains a simple postfix+dovecot setup?
>> Up to now, I used postfix+cyrus, worked fine. But I do not get
>> postfix+dovecot to work. Currently, all emails go to /dev/null.
>>
>> What really would help me is a dovecot lmtp server. Is there any?
>>
>> Regards
>> Olaf
>>
>>
>> postfix main.cf:
>>
>> # -- delivery options
>> #
>> local_recipient_maps =
>> virtual_alias_maps = btree:/etc/postfix/virtual
>> alias_maps = btree:/etc/postfix/aliases
>> alias_database = btree:/etc/postfix/aliases
>> # mailbox_command = /usr/lib/dovecot/deliver
>> mailbox_transport = dovecot
>>
>>
>> postfix master.cf:
>>
>> dovecot unix - n n - - pipe
>> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
>> ${sender} -d ${recipient}
>>
>>
>> dovecot.conf:
>>
>> mail_location = maildir:/home/vmail/%u
>> namespace private {
>>separator = '/'
>>inbox = yes
>> }
>>
>> auth default {
>> mechanisms = cram-md5 plain
>> verbose = yes
>> passdb passwd-file {
>> args = /etc/dovecot/passwd
>> }
>> userdb static {
>> args = uid=vmail gid=vmail home=/home/vmail/%u
>> }
>> socket listen {
>> client {
>> # Assuming the default Postfix $queue_directory setting
>> path = /var/spool/postfix/private/auth
>> mode = 0660
>> # Assuming the default Postfix user and group
>> user = postfix
>> group = postfix
>> }
>> }
>> }
>>
>
> Olaf,
>
> I'm quite new to both postfix and dovecot. This probably does not qualify as
> "simple" but
> I found this link helpful:
>
> http://workaround.org/articles/ispmail-etch/
>
> Another useful one:
>
> http://www200.pair.com/mecham/spam/spamfilter20061118.html
>
> Regards,
>
> Andy
>
>
[Dovecot] Prefetch help
Hello, I am trying to use userdb prefetch so that I don't do an extra LDAP lookup and I am having some problems: Here is my dovecot-ldap.conf # cat /etc/dovecot/dovecot-ldap.conf hosts = 192.168.50.30 192.168.50.31 base = ou=HST-Users,dc=h-st,dc=com ldap_version = 3 auth_bind = yes dn = cn=ldap,cn=Users,dc=h-st,dc=com dnpass = user_attrs = sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001 user_filter = (&(objectClass=person)(mail=%u)) #pass_attrs = sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001 pass_filter = (&(objectClass=person)(mail=%u)) This works just fine and it only authenticates if the user's email field has an email address, which is what I want. But I cant get it to work with prefetch. How could I accomplish that..? Thanks
Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003
The only problem with that is that then all of the AD users will have a
virtual account. This includes built-in accounts in AD.
I would take the take to do LDAP queries against AD and do it so that it
searches the "mail" attribute for the objectClass person. Then in order to
(lets call it activate) activate the user for pop3/imap authentication you
need to fill up the mail field in the user properties in your AD.
I agree with that LDAP is insecure, but using pam_krb5/pam_winbind will make
every single account accessible from pop3/imap
On 12/8/08 5:12 PM, "Jason Gunthorpe" <[EMAIL PROTECTED]>
wrote:
> On Mon, Dec 08, 2008 at 02:43:53PM +0100, Thomas Siebert wrote:
>> You have to use LDAP as Authentication Backend with Port 3268.
>>
>> http://wiki.dovecot.org/AuthDatabase/LDAP
>
> That works but has 3 main drawbacks:
> 1) It is a pain to setup SSL LDAP on both windows and linux. If you
> don't do this then it is massively insecure
> 2) Passwords must be exchanged in plain text over IMAP. Also no
> single sign on capabilities.
> 3) There is no redundancy or load balancing if you have
> multiple ADS servers
>
> The *best* answer is to use a combination of samba's winbind and
> kerberos. This gives you encryption and mutual authentication between
> dovecot and the ADS server and various non-plaintext options between
> the client and dovecot - plus single sign on capabilities for SSPI or
> kerberdized clients.
>
> Use dovecot's pam support to call out to pam_winbind/pam_krb5, and the
> native support to call out to winbind for ntlm and spnego. Dovecot's
> native gssapi kerberos rounds things out.
>
> The basic steps are
> 1) Get samba, winbind, dovecot, kerberos installed
> 1a) Setup smb.conf with the proper ADS options
>Note you do not need to run nmbd or smbd, just winbind.
> 2) Use samba to join the machine to the domain with
> 'net ads join -U Administrator'
> Verify in ADS you have a computer with the proper name
> 3) Create an imap keytab entry 'net ads keytab imap/[EMAIL PROTECTED]'
> Also tell windows imap is allowed for this host via the gui or
> adsiedit/ldapedit/etc
> 4) Start winbind
> 5) Setup dovecot
> 5a) Setup pma_winbind for dovecot
> 6) Test on the dovecot machine:
>net ads testjoin
>wbinfo -n mywinuser
>klist -k
>kinit [EMAIL PROTECTED]
>kvno imap/[EMAIL PROTECTED]
># check DNS that host has proper forward and reverse entries
>telnet localhost imap
> 1 CAPABILITIY
> * CAPABILITY [..] AUTH=PLAIN AUTH=GSSAPI AUTH=GSS-SPNEGO AUTH=LOGIN
> AUTH=NTLM
>
> I also have exim setup to use dovecot SASL and so it also does
> NTLM, GSSAPI and SPNEGO.
>
> There is alot of information about this scattered on various web
> sites. The method I've outlined above is the lastest scheme using the
> newer software. Some reference material uses older techniques...
>
> In my experience pretty much every client supports some version of
> NTLM, so passwords will be exchanged non-plaintext in most cases
> (though weak flavors of NTLM might be negotiated). Many clients like
> thunderbird support kerberos, and so on windows you get single sign on
> too. Most linux clients also support kerberos so can gen single sign
> on for them too with some setup.
>
> Here are some config fragments you might find helpful
>
> smb.conf:
> [global]
>netbios name = host
>workgroup = FOO
>realm = ADS.FOO
>security = ads
>use kerberos keytab = true
>encrypt passwords = true
>winbind use default domain = yes
>
> Dovecot:
>
> auth_ntlm_use_winbind = yes
> auth_username_format = %n
> auth_winbind_helper_path = /usr/bin/ntlm_auth
> mechanisms = plain gssapi gss-spnego login ntlm
> passdb pam {}
--
Romer Ventura
Network Administrator
Houston-Sigma Technologies, L.P.
1333 Industrial Blvd. Sugar Land Tx. 77478
Voice 281-295-5017
[EMAIL PROTECTED]
Re: [Dovecot] Mixing MBOX and MAILDIR
This did it:
namespace private {
separator = /
hidden = no
prefix = "#ArchiveMail/"
location = mbox:/home/vmail/mboxmail:INBOX=/home/vmail/mboxmail/%Ln
}
Thanks
> Hello,
>
> I have about 100 mboxes, a few with a lot of mails and others with a few
> mails. I have configured dovecot to use maildir as mail format, but I would
> like to give users the ability to access their old email located in their
> old mbox. So all the new mail would be in the ~/Maildir/ and their old or
> archived email in /home/vmail/mboxmail/%Ln
>
> How can I add a namespace to achieve my goal...?
> namespace private {
> separator = /
> hidden = yes
> prefix = "#mbox/"
> location = mbox:/home/vmail/mboxmail/%Ln/
> }
>
> Like that...?
>
> Thanks for any inputs...
[Dovecot] Mixing MBOX and MAILDIR
Hello,
I have about 100 mboxes, a few with a lot of mails and others with a few
mails. I have configured dovecot to use maildir as mail format, but I would
like to give users the ability to access their old email located in their
old mbox. So all the new mail would be in the ~/Maildir/ and their old or
archived email in /home/vmail/mboxmail/%Ln
How can I add a namespace to achieve my goal...?
namespace private {
separator = /
hidden = yes
prefix = "#mbox/"
location = mbox:/home/vmail/mboxmail/%Ln/
}
Like that...?
Thanks for any inputs...
Re: [Dovecot] LDA questions
Well I got it working.. I had a typo on my LDAP config for postfix so that's why the user info wasn't found. Now we in order to activate an Active Directory account all we have to do is assign an email address to the mail field on the users properties tab and works with no problems. The only thing is that it does 2 lookups every time a user checks for emails, but since we only have about 120 users and the number not likely to get any bigger any time soon it should be ok for the next few years. Thanks for the help.. On 12/7/08 11:57 AM, "Timo Sirainen" <[EMAIL PROTECTED]> wrote: > On Sun, 2008-12-07 at 20:21 +0300, Dmitri V. Ivanov wrote: >> On Fri, Dec 05, 2008 at 09:17:58PM +0200, Timo Sirainen wrote: >> >>> Like Matt said, this is a Postfix configuration issue. You'll have to >>> configure Postfix to figure out what users exist. >> >> One question. Postfix has TCP lookup table type with a very simple >> protocol: (get|put) "space" "key" "newline". > > Also I think there was some user lookup protocol that originated from > Sendmail. Dovecot should support that some day.. > >> But there is a question: how would act dovecot with much lookups with >> nonexistant users (there is no big problem to write some stupid >> connector)? > > Shouldn't be a problem. > -- Romer Ventura Network Administrator Houston-Sigma Technologies, L.P. 1333 Industrial Blvd. Sugar Land Tx. 77478 Voice 281-295-5017 [EMAIL PROTECTED]
[Dovecot] Username changed by dovecot..?
Hello, I have postfix+dovecot authenticating via LDAP to Active directory and everything is working fine except that some user names get changed by dovecot. # cat dovecot/dovecot-ldap.conf hosts = 192.168.50.30 192.168.50.31 base = ou=HST-Users,dc=h-st,dc=com ldap_version = 3 auth_bind = yes dn = cn=,cn=Users,dc=h-st,dc=com dnpass = user_attrs = sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln,=gid=1000,=uid=1001 user_filter = (&(objectClass=person)(mail=%u)) pass_filter = (&(objectClass=person)(mail=%u)) I am using the value of ³mail² field from active directory as user name. So here are test users: test1: [EMAIL PROTECTED] test3: [EMAIL PROTECTED] test5: [EMAIL PROTECTED] USER TEST1: # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user [EMAIL PROTECTED] +OK pass houston +OK Logged in. Logs show: dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=43073 resp= dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1): bind search: base=ou=HST-Users,dc=h-st,dc=com filter=(&(objectClass=person)([EMAIL PROTECTED])) dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1): no fields returned by the server dovecot: auth(default): client out: OK 1 [EMAIL PROTECTED] dovecot: auth(default): master in: REQUEST 7 35261 dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1): user search: base=ou=HST-Users,dc=h-st,dc=com scope=subtree filter=(&(objectClass=person)([EMAIL PROTECTED])) fields=sAMAccountName dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1): result: sAMAccountName(mail=maildir:/home/vmail/%Ud/%Ln)=maildir:/home/vmail/H-ST.CO M/test1 dovecot: auth(default): master out: USER 7 [EMAIL PROTECTED] mail=maildir:/home/vmail/H-ST.COM/test1 gid=1000uid=1001 dovecot: pop3-login: Login: user=<[EMAIL PROTECTED]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured The directory was created and everything is fine. USER TEST3: # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user [EMAIL PROTECTED] +OK pass houston -ERR [IN-USE] Internal login failure. Refer to server log for more information. Connection closed by foreign host. Logs show: dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=34057 resp= dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1): bind search: base=ou=HST-Users,dc=h-st,dc=com filter=(&(objectClass=person)([EMAIL PROTECTED])) dovecot: auth(default): auth([EMAIL PROTECTED],127.0.0.1): username changed [EMAIL PROTECTED] -> test3 dovecot: auth(default): ldap(test3,127.0.0.1): result: uid(user)=test3 dovecot: auth(default): client out: OK 1 user=test3 dovecot: auth(default): master in: REQUEST 8 38591 dovecot: auth(default): ldap(test3,127.0.0.1): user search: base=ou=HST-Users,dc=h-st,dc=com scope=subtree filter=(&(objectClass=person)(mail=test3)) fields=sAMAccountName dovecot: auth(default): ldap(test3,127.0.0.1): Unknown user dovecot: auth(default): userdb(test3,127.0.0.1): user not found from userdb ldap dovecot: auth(default): master out: NOTFOUND 8 dovecot: pop3-login: Internal login failure (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured It obvously fails because the username was changed to only %u. Why does it get changed...? Any ideas...? Thanks.. # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): acl mail_plugins(imap): acl mail_plugins(pop3): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master:
[Dovecot] Auth_username_format question
Hello again, I have change authentication to LDAP from Kerberos due to recent changes to my plans and I am having a little problem getting the malbox created in desired path. At the moment the home folders are being created in: /home/vmail/DOMAIN.COM/%Ln and it worked great with kerberos, but with LDAP the domain part is missing so I did the following: Auth_username_format = %Ln Then I did: # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user [EMAIL PROTECTED] +OK pass password +OK Logged in. But I saw in the logs the following: dovecot: auth(default): master out: USER 1 test4 uid=1001 gid=1000home=/home/vmail//test4 The domain was missing.. So does it mean that auth_username_format dictates what dovecot will use, not only for the authentication part, but for everything else as well..? To me it seems that once the username has been formatted it forgets everything that doesn¹t constitute part of the specified format. Or am I misunderstanding the entire concept..? How cant I preserve the domain part so that the homes can be placed in the desired location: /home/vmail/%d/%u...? Thanks
[Dovecot] LDA questions
Hello,
I am looking at the docs and I see this:
Problems with deliver
Namespaces are supported with v1.1 and later. With v1.0 and older
versions mails can be delivered only to mailboxes specified by the
mail_location setting.
But in the dovecot.conf I see:
# NOTE: Namespaces currently work ONLY with IMAP! POP3 and LDA currently
ignore
# namespaces completely, they use only the mail_location setting.
I am running 1.1.7 so is that a typo in the dovecot.conf or the wiki page..?
Also, I got postfix+dovecot configure to authenticate to Active Directory
using pam_krb5 and I am able to login and send emails with pop3 or imap, but
unable to receive emails since postfix complaints about the user not being
found in the local recipient table.
Now I have made a few changes, but I cant get to see deliver complaint, all
I see is:
postfix/smtpd[19924]: NOQUEUE: reject: RCPT from : 550 5.1.1
<[EMAIL PROTECTED]>: Recipient address rejected: User unknown in local
recipient table;
So I think that it is not being passed to deliver...
Master.cf has:
dovecot unix- n n - - pipe
flags=DR user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d
${recipient}
Main.cf has:
virtual_mailbox_domains = your.domain.here
virtual_transport = dovecot
Any ideas..?
Thanks
Dovecot n
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10
(i586)
protocols: imap imaps pop3 pop3s
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_location: maildir:~/Maildir/
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): acl
mail_plugins(imap): acl
mail_plugins(pop3):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
username_format: [EMAIL PROTECTED]
passdb:
driver: pam
userdb:
driver: static
args: uid=1001 gid=1000 home=/home/vmail/%Ud/%Ln
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
Re: [Dovecot] Dovecot authenticating to multiple kerberos realms
Morning, That did it.. Thanks..! On 12/3/08 8:31 PM, "Timo Sirainen" <[EMAIL PROTECTED]> wrote: > On Dec 4, 2008, at 12:34 AM, Romer Ventura wrote: > >>I got Postfix, Dovecot 1.1.7 configure to use pam and the pam.d/ >> dovecot >> file is configure to use pam_krb5 module. Everything is working with >> no >> problems, but I am finding that the user must type the domain part in >> uppercase in order to successfully authenticate. >> >>So I am wondering if there is any way for the user to login as >> [EMAIL PROTECTED] instead of [EMAIL PROTECTED] > > auth_username_format = [EMAIL PROTECTED] >
[Dovecot] Dovecot authenticating to multiple kerberos realms
Hello, I got Postfix, Dovecot 1.1.7 configure to use pam and the pam.d/dovecot file is configure to use pam_krb5 module. Everything is working with no problems, but I am finding that the user must type the domain part in uppercase in order to successfully authenticate. So I am wondering if there is any way for the user to login as [EMAIL PROTECTED] instead of [EMAIL PROTECTED] Any ideas..? Thanks
Re: [Dovecot] Dovecot auth-worker permission denied.
There is nothing being logged by PAM, that's the only error I see On 11/29/08 8:24 PM, "Timo Sirainen" <[EMAIL PROTECTED]> wrote: > On Wed, 2008-11-26 at 15:52 -0600, Romer Ventura wrote: >> I followed the tutorials from the wiki page from: >> http://www.linuxmail.info/active-directory-dovecot-pam-authentication/ > > I don't know much about Kerberos, but: > >> Nov 26 15:12:27 housigma20 dovecot: auth-worker(default): >> pam(linuxt,127.0.0.1): pam_authenticate() failed: Permission denied > > PAM plugin fails by giving "Permission denied" error. Perhaps PAM's own > logs would show something more? /var/log/auth.log or something similar. > > dovecot-auth processes are running as root anyway I guess? Then there > really shouldn't be any permission problems, so I guess it's some kind > of a PAM/Kerberos misconfiguration. >
[Dovecot] Dovecot auth-worker permission denied.
Hello, I am trying to get dovecot to use virtual users and authenticate using PAM+kerberos against Active Directory and I am running into some problems. I followed the tutorials from the wiki page from: http://www.linuxmail.info/active-directory-dovecot-pam-authentication/ And here is what I get from the /var/log/mail log: Nov 26 15:12:27 housigma20 dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=36327 resp=AGxpbnV4dABob3VzdG9u Nov 26 15:12:27 housigma20 dovecot: auth-worker(default): pam(linuxt,127.0.0.1): lookup service=dovecot Nov 26 15:12:27 housigma20 dovecot: auth-worker(default): pam(linuxt,127.0.0.1): pam_authenticate() failed: Permission denied Nov 26 15:12:29 housigma20 dovecot: auth(default): client out: FAIL 1 user=linuxt Nov 26 15:12:31 housigma20 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Any ideas..? Other than this: http://www.dovecot.org/list/dovecot/2008-July/032455.html Thanks...! /etc/pam.d/dovecot: auth sufficient pam_krb5.so no_user_check validate account sufficient pam_permit.so Here is my dovecot n and version: # 1.1.6: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) protocols: pop3 pop3s imap imaps login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mail mail_location: maildir:~/Maildir/ mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login debug: yes debug_passwords: yes passdb: driver: pam userdb: driver: static args: uid=1004 gid=1002 home=/home/vmail/%d/%Lu socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
[Dovecot] Dovecot.1.1.6 Authentication problems using PAM+Kerberos
Hello, This is my first post and it is to consult about an issue I am having. Here is the error I get in my logs: dovecot-auth: pam_krb5[22949]: error resolving user name 'mike' to uid/gid pair dovecot-auth: pam_krb5[22949]: error getting information about 'mike' If I use kinit to authenticate it works with no problems. Any ideas on the issue above..? Thanks..! Here is the dovecot related info: Dovecot n # 1.1.6: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) protocols: pop3 pop3s imap imaps login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_location: maildir:~/Maildir/ mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd userdb: driver: static args: uid=1002 gid=1002 home=/home/vmail/%d/%Lu socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
