Re: [Dovecot] Disconnected: Too many invalid IMAP commands
On Sat, 2011-08-20 at 14:38:25 -0700, Steve Fatula wrote: I see lots of these messages in the log file for one machine and account. Near as I can tell, the client still works (it's mine), but, the messages concern me. Is there some known issue with Apple mail, or, if not, how to capture the information needed to debug? Use tcpdump to packet capture the problematic session. -- Sahil Tandon sa...@freebsd.org
Re: [Dovecot] mail delivery location wrong
On Mon, 2011-08-08 at 14:41:59 +0200, Firma Averlon wrote: The reason why not receiving e-Mails is simply: When sending the mails they are stored in a different directory as where dovecot will look for them Error message from log: Aug 8 14:09:01 server dovecot: deliver(vmail): maildir: data=/home/vmail//vmail/Maildir What you immediatly see: vmail//vmail main.cf of postfix: virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual.cf Does the LDAP query inside this file explicitly return the domain part of the recipient address? -- Sahil Tandon sa...@freebsd.org
Re: [Dovecot] v1.2.8 released
On Thu, 19 Nov 2009, Timo Sirainen wrote: http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig Stephan we need you! ;-) -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] v1.2.8 released
On Nov 21, 2009, at 1:07 PM, Frank Cusack fcus...@fcusack.com wrote: On November 21, 2009 11:51:29 AM -0500 Sahil Tandon sa...@tandon.net wrote: On Thu, 19 Nov 2009, Timo Sirainen wrote: http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig Stephan we need you! ;-) I used the 1.2.7 patch which worked perfectly. As did I. *sigh*. Packets of jest clearly get mangled via TCP.
Re: [Dovecot] Problems getting Dovecot to work.
On Sat, 12 Sep 2009, Mark Gillespie wrote: Hi, having a nightmare trying to get dovecot working on my SheevaPlug (flash based ARM embedded device). I need to use virtual users, and I need to store all the mail on an external USB HDD (not in home directories which live in the limited flash space). However I can't even log in via telnet. I've followed the Wiki troubleshooting tips, and still no further forward. logging via telnet, I get: user sheeva BAD Error in IMAP command received by server. the logs show: ubuntu dovecot: User sheeva is missing UID (see mail_uid setting) Is that *all* the logs show? What do I need to do? I know basic Linux stuff, but I wouldn't call myself an expert, so please no tech talks!!! This is a technical mailing list. See: http://wiki.dovecot.org/UserIds and note that mail_uid = System user and group used to access mails. If you use multiple, userdb can override these by returning uid or gid fields. You can use either numbers or names. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Postfix : lda problem
On Sat, 15 Aug 2009, denis wrote: I come back with my problem: Some notes are below, but because this is a purely Postfix problem, you should NOT follow-up on this list. If you continue to have problems, ask for help on the Postfix mailing list. On debian lenny, using dovecot 1.1.13-2~bpo50+1 I try to configure my setup (with Postfix virtual domains) to use dovecot as lda but nothing happens, as if postfix not delegate to dovecot This is because you never configured Postfix to delegate to Dovecot's LDA. I looked in the documentation and google, but I do not understand the problem. It appears you did not look at the Postfix documentation. According to postconf(5), $virtual_transport specifies the default mail delivery transport and next-hop destination for final delivery to domains listed with $virtual_mailbox_domains. I see you did not define this latter parameter based on your 'postconf -n'. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Gotchas in switching from one server to another without impacting users?
On Fri, 14 Aug 2009, Timo Sirainen wrote: On Aug 14, 2009, at 12:36 AM, Gary Chodos wrote: We have to replace one mail store (foo.example.org) with another (bar.example.org). I rsync'd the maildirs from foo to bar today and the plan is to hold all delivery (in the SMTP server) on foo over the weekend, rsync again (this time it should be much faster since the large xfer already occurred today), then flush the SMTP queue on foo towards bar, direct all new deliveries to bar.example.org. Users currently access their IMAP mailboxes via imap.example.org. I plan to just 'flip the switch' at DNS so imap.example.org points to bar.example.org (instead of foo.example.org) so users don't have to change anything on their end and should not even notice this change. And I guess you also thought about the DNS cache TTLs? The OP should also consider killing dovecot during the rsync (similar to what another member of this list suggested). Then restart with a new configuration that proxies incoming IMAP connections towards the new server in case some clients still hit the old server before full DNS propagation. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] How to disable system users from receiving mail?
On Fri, 14 Aug 2009, Paul H Park wrote: I know that login can be disable for system users and groups, but how do I refuse email for system groups? This has nothing to do with Dovecot. Configure your SMTP server not to accept mail for system groups/users if that is really what you wish to do. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] deliver vs lda
On Thu, 09 Apr 2009, Charles Marcus wrote: On 4/8/2009, Tom Metro (tmetro+dove...@vl.com) wrote: I ended up splitting them up so that I could have each logging to different places (IMAP to its own file, as it doesn't relate to mail delivery), I like this idea (of splitting the logging)... As do I and many others. Maybe this would be a good thing to be able to specify in the config file? POP, IMAP and LDA logging each to their own files... Or, is there a simple way to do this with syslog-ng (I'm not a programmer, so be kind)? You could do this with syslog(-ng), or you could just specify the log_path and info_log_path variables in dovecot.conf. For example, in my protocol lda {} declaration, I have: log_path = /var/log/deliver.log info_log_path = /var/log/deliver.log Read the documentation and try something similar: http://wiki.dovecot.org/Logging -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] deliver vs lda
On Thu, 09 Apr 2009, Charles Marcus wrote: On 4/9/2009 7:46 AM, Sahil Tandon wrote: I like this idea (of splitting the logging)... As do I and many others. You could do this with syslog(-ng), or you could just specify the log_path and info_log_path variables in dovecot.conf. For example, in my protocol lda {} declaration, I have: log_path = /var/log/deliver.log info_log_path = /var/log/deliver.log Read the documentation and try something similar: http://wiki.dovecot.org/Logging Doesn't specifically mention separating out POP and IMAP... but... The documentation would quickly become cluttered if it included an example of every little iteration of each configuration variable. Extrapolating from your example, I can I just: protocol imap { ... log_path = /var/log/imap.log info_log_path = /var/log/imap.log } protocol pop3 { ... log_path = /var/log/pop3.log info_log_path = /var/log/pop3.log } Seems reasonable. Try and see for yourself. And if you go this route, you may want to configure log rotation, via newsyslog(8) perhaps. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] dovecot: auth(default): ldap(...): Authenticated user not found
On Sun, 29 Mar 2009, Stas SUSHKOV wrote: I'm trying to set up dovecot together with postfix and experience some problems. Here's in details what I have and what I want to get. I have a ldap server on localhost, a working setup of dovecot to serve sasl, imap using ldap, a working setup of Postfix for (s)smtp (I can authenticate which uses dovecot's sasl). What i wan't to get is a completely working email server for ldap users with their email forwardings (so far they have only 1 forwarding). The porblem I stuck on is the following: when sending mail through (s)smtp, after passing authentication, I get my email dropped. And I see this in logs: http://ciorne.softwareliber.ro/index.php/view/raw/aaf3eb42 ***Authenticated user not found!!!*** In your log, notice the 'user' in a successful IMAP login: dovecot: imap-login: Login: user=c00l2sv, method=PLAIN, rip=193.226.6.226, lip=193.226.5.152, TLS Later, when you pipe the mail to dovecot for delivery: dovecot: auth(default): ldap(c00l...@student.utcluj.ro): Authenticated user not found You need to modify the arguments in your call to deliver in Postfix's master.cf. The master socket should be looking for 'c00l2sv' instead of 'c00l...@student.utcluj.ro'. See: http://www.postfix.org/pipe.8.html (under argv=command) http://wiki.dovecot.org/LDA (under Parameters) -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] dovecot: auth(default): ldap(...): Authenticated user not found
On Sun, 29 Mar 2009, Stas SUSHKOV wrote: On Sun, 2009-03-29 at 11:39 -0400, Sahil Tandon wrote: On Sun, 29 Mar 2009, Stas SUSHKOV wrote: ***Authenticated user not found!!!*** In your log, notice the 'user' in a successful IMAP login: dovecot: imap-login: Login: user=c00l2sv, method=PLAIN, rip=193.226.6.226, lip=193.226.5.152, TLS Later, when you pipe the mail to dovecot for delivery: dovecot: auth(default): ldap(c00l...@student.utcluj.ro): Authenticated user not found You need to modify the arguments in your call to deliver in Postfix's master.cf. The master socket should be looking for 'c00l2sv' instead of 'c00l...@student.utcluj.ro'. See: http://www.postfix.org/pipe.8.html (under argv=command) http://wiki.dovecot.org/LDA (under Parameters) I got it now. That makes sense. So I followed the wiki: http://wiki.dovecot.org/LDA#Without_a_lookup and simply cut the -d {recipient} from the pipe. In your setup, I do not see where the user's home directory is looked up before the mail is passed off to deliver, so you probably should not do this. --- # delivery through dovecot dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} --- Instead, try appending -d ${user} to the above set of arguments. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Dovecot + Postfix Mail Forwarding Question
On Fri, 27 Feb 2009, Taras Hryniw wrote: I have dovecot and postfix set up on debian lenny. Squirrelmail is used to access the mail. I put a .forward file in my user's home directory, and that sure gets the job done of forwarding email, but I need a copy saved on the local machine as well. How do I do that? From forward(5): If a local user address is prefixed with a backslash character, mail is delivered directly to the user's mail spool file, bypassing further redirection. For example, if user chris had a .forward file containing the following lines: ch...@otherhost \chris One copy of mail would be forwarded to ch...@otherhost and another copy would be retained as mail for local user chris. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] quota - implement via dovecot or postfix? which is easier ?
On Fri, 06 Feb 2009, Linux Advocate wrote: i rather not patch postfix and m therefore leaning towards quota via dovecot. But after reading some posts ,etc, it seems that the information on the dovecot wiki is inaccurate. A.Any comments on this? To which posts are you referring? B. Am i right in concluding that its easier and better in the long run to implement and enforce quotas thru dovecot instead of postfix? Depends on your environment, requirements, and a number of other variables. I implement quotas through dovecot. C. The right instructions for implementing quota thru dovecot? I followed the instructions on the wiki. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Best Imap Transfer Tool?
On Fri, 06 Feb 2009, Neil wrote: So I'm looking to do a migration of my IMAP mailboxes, and I'm looking for the best tool to use. I used to use the uw-mailutil tool, a while ago, but that was a bit coarse of a tool. More recently I've used imapsync, but that was giving me some errors. I've sort of tracked those down; but I was wondering if anyone else had any other recommendations...? What about rsync? -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Dovecot discards mail over quota
On Sun, 18 Jan 2009, Gary V wrote: On 1/17/09, Timo Sirainen wrote: On Jan 17, 2009, at 2:36 PM, Gary V wrote: Then a bounce is created stating the mail was rejected: Your message to t...@example.com was automatically rejected: Quota exceeded (mailbox for user is full). Question: is it possible (without changing code) to alter this to where deliver would instead tempfail or something. Somehow it seems wrong to me to tell the MTA that everything is good, and then silently discard messages - regardless of the fact dovecot creates a bounce. This is not necessarily ideal either, but I _am_ wondering if this is configurable or not. a) deliver -e b) quota_full_tempfail=yes c) a+b Just as a matter of interest. On my Postfix system: a) Using deliver -e, Postfix bounces the message immediately 5.7.0 - Subject: Undelivered Mail Returned to Sender. Partial body: t...@example.com: permission denied. Command output: Quota exceeded (mailbox for user is full). Postfix does not retain the message. b) quota_full_tempfail=yes: defers the message with 4.3.0. If the user makes room for the message, then it will eventually be delivered. If they don't, then _eventually_ a bounce will be sent. In this case the bounce is less informative. Partial body: t...@example.com: temporary failure. In the case where the message is not delivered, using default settings in Postfix, the sender will be notified 5 days after they sent the message. c) For over quota with a+b, it behaves the same way as b, but the bounce notice will be more informative: Partial body: t...@example.com: temporary failure. Command output: Quota exceeded (mailbox for user is full). I would say this is expected. Each of the four possibilites has advantages and disadvantages, and personally I think a) might be closest to doing the right thing, but it would be cool to have the option of deferring the mail (using option a+b) and additionally have deliver immediately send a message to the sender notifying them that their mail has been delayed due to the recipient being over quota. Something like: I prefer a) because it does not involve backscatter in the case of spoofed sender addresses. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Dovecot discards mail over quota
On Sun, 18 Jan 2009, Gary V wrote: On 1/18/09, Sahil Tandon wrote: On Sun, 18 Jan 2009, Gary V wrote: On 1/17/09, Timo Sirainen wrote: On Jan 17, 2009, at 2:36 PM, Gary V wrote: Then a bounce is created stating the mail was rejected: Your message to t...@example.com was automatically rejected: Quota exceeded (mailbox for user is full). Question: is it possible (without changing code) to alter this to where deliver would instead tempfail or something. Somehow it seems wrong to me to tell the MTA that everything is good, and then silently discard messages - regardless of the fact dovecot creates a bounce. This is not necessarily ideal either, but I _am_ wondering if this is configurable or not. a) deliver -e b) quota_full_tempfail=yes c) a+b Just as a matter of interest. On my Postfix system: a) Using deliver -e, Postfix bounces the message immediately 5.7.0 - Subject: Undelivered Mail Returned to Sender. Partial body: t...@example.com: permission denied. Command output: Quota exceeded (mailbox for user is full). Postfix does not retain the message. b) quota_full_tempfail=yes: defers the message with 4.3.0. If the user makes room for the message, then it will eventually be delivered. If they don't, then _eventually_ a bounce will be sent. In this case the bounce is less informative. Partial body: t...@example.com: temporary failure. In the case where the message is not delivered, using default settings in Postfix, the sender will be notified 5 days after they sent the message. c) For over quota with a+b, it behaves the same way as b, but the bounce notice will be more informative: Partial body: t...@example.com: temporary failure. Command output: Quota exceeded (mailbox for user is full). I would say this is expected. Each of the four possibilites has advantages and disadvantages, and personally I think a) might be closest to doing the right thing, but it would be cool to have the option of deferring the mail (using option a+b) and additionally have deliver immediately send a message to the sender notifying them that their mail has been delayed due to the recipient being over quota. Something like: I prefer a) because it does not involve backscatter in the case of spoofed sender addresses. -- Sahil Tandon sa...@tandon.net Hmm, in my test, mail is not rejected during smtp conversation, so as far as I can see, there is no prevention of backscatter. Posftix creates a bounce after the fact and sends it to whomever the sender is (or at least attempts to). Ah, I construed your report to mean Postfix _did_ reject at SMTP; my bad interpretation! Right now we have it working with tempfail and users generally free up their mailbox so an actual bounce (backscatter) is yet to ocurr. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] unsubscribe dovecot.org
On Wed, 14 Jan 2009, Leo P CHENG wrote: thanks As directed in the List-Unsubscribe: header, you need to send an email with subject unsubscribe to dovecot-requ...@dovecot.org. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] SSL cert problems.
Egbert Jan van den Bussche wrote: Still strange that Verisign is not already in your cert. store. Most browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is not included, being a small free CA. I often have to import class3 and root cert. which is not a big deal after all. The root verisign cert is likely in his cert store; however, the *intermediate* cert is not; that is expected to be on the server. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] SSL cert problems.
Geoff Sweet wrote: [Please do not top-post] Oh, ok once I added the -CAfile change the cert verifies without issue. That's because you installed the intermediate cert on your client; this should not be required. openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995 -quiet depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA verify return:1 depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify return:1 +OK Dovecot ready. So does that mean I need to install the intermediate cert on all my clients that will be accessing this server? That's going to be a bit of a PITA... No, you need to properly install and configure dovecot to see the intermediate cert on your server. See: http://www.verisign.com/support/advisories/page_040611.html The article is quite dated, but might be helpful to you. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] download IMAP folders via POP3
Jakob Grie?mann wrote: I know my question might sound a little bit strange, but is it possible to download IMAP folders via POP3? I have clients who use POP3 on their main machines and IMAP on their on the road notebooks. It would be good to download all folders created on the notebook via POP3 to the main desktop. POP3 should download the newly created folders, unless there are some other idiosyncrasies of which we're not aware. But as a matter of practice, why the mismatch? Better to have users on IMAP from desktop and notebook. Unless this is a mandate from above or a legacy issue, move everyone to IMAP! -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] download IMAP folders via POP3
Jeff Grossman wrote: Sahil Tandon wrote: Jakob Grie?mann wrote: I know my question might sound a little bit strange, but is it possible to download IMAP folders via POP3? I have clients who use POP3 on their main machines and IMAP on their on the road notebooks. It would be good to download all folders created on the notebook via POP3 to the main desktop. POP3 should download the newly created folders, unless there are some other idiosyncrasies of which we're not aware. But as a matter of practice, why the mismatch? Better to have users on IMAP from desktop and notebook. Unless this is a mandate from above or a legacy issue, move everyone to IMAP! Are you sure about that? I was always under the impression that POP3 was only able to download the INBOX. You need to use IMAP to see any other folders that are created on the server. You are correct of course. Not-so-temporary lapse. :) -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] SSL cert problems.
Geoff Sweet wrote: Ok so I downloaded the intermediate ca cert thing onto my local machine as intca.cer. Then I ran this command: :~$ openssl s_client -ssl3 -CApath ./intca.cer -connect pop.x10.com:995 You're pointing to a *file* so you need -CAfile; not -CApath. But even after making that change, there appears to be a problem with your cert. To test, I downloaded common root certificates from the curl website and placed them in ~/CA. Then, the gmail cert verifies just fine: % openssl s_client -ssl3 -CAfile ~/CA/cacert.pem -connect pop.gmail.com:995 -quiet depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify return:1 +OK Gpop ready for requests from 74.72.46.40 5pf1417126ywl.17 However, your server cert still fails. This may be related to the intermediate cert you define in dovecot.conf. I also noticed the zlib compression is turned on, whereas it is disabled on my own and many other POP and IMAP servers I tested. This does not appear to be a dovecot issue; perhaps try the OpenSSL mailing list? -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] SSL cert problems.
Geoff Sweet wrote: and last but not least, here is my test from openssl. Mind you this fails as a BAD ssl cert in Evolution. :~$ openssl s_client -ssl2 -connect pop.x10.com:995 Try -ssl3 here; you'll see more. CONNECTED(0003) depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=21:unable to verify the first certificate verify return:1 21568:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450: As you can see, the certificate clearly fails. I don't know how to make this work at this point. Any thoughts or advice would be greatly appreciated. The cert fails because s_client(1) cannot find the root CA's you've chosen to trust. The same test will fail even with gmail's IMAP and POP3 servers. See the s_client(1) man page for the CApath and CAfile flags. -- Sahil Tandon sa...@tandon.net
Re: [Dovecot] Issue with domains
David M Lemcoe Jr. [EMAIL PROTECTED] wrote: I am running Dovecot 1.0.10 and have it working great on ender.ath.cx (my free DynDNS.com subdomain), but recently I registered lemcoe.com and pointed it to the same IP address as ender.ath.cx. The problem is, only e-mail sent to the @ender.ath.cx works. If it is send it to @lemcoe.com, I don't know where it goes. I get no errors either. How can I get Dovecot to recognize both domains? Dovecot is not the problem here. When you send an email to [EMAIL PROTECTED], the sending MTA sends email to the MX server of lemcoe.com. Only in the case of an absent MX record will the MTA try delivering directly to lemcoe.com (i.e. the host itself, rather than its MX record). % dig +short MX lemcoe.com 10 mail.lemcoe.com. % host ender.ath.cx ender.ath.cx has address 76.240.25.136 % host mail.lemcoe.com mail.lemcoe.com has address 67.19.72.202 As you can see, the host that handles mail for lemcoe.com != 76.240.25.136. -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] Issue with domains
David M Lemcoe Jr. [EMAIL PROTECTED] wrote: The MX Record was removed, and now when sending from a seperate e-mail server, I get an e-mail: The following addresses had delivery problems: [EMAIL PROTECTED] Permanent Failure: 554_5.7.1_[EMAIL PROTECTED]:_Relay_access_denied Delivery last attempted at Sun, 2 Nov 2008 20:52:55 - Any ideas? This is not a dovecot problem. Please do not send replies only to me but instead to the appropriate mailing list. I would try the Postfix mailing list for starters. -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] Error starting dovecot
Frank Elsner [EMAIL PROTECTED] wrote: Oh. According to the comments in my dovecot.conf setting protocols to none means that only dovecot-auth is enabled... What should i write under Protocols to just enable that? My dovecot.conf contains protocols = imap imaps The OP does not want Dovecot to act as an IMAP server; he just wants the auth functionality, so protocols = none is correct. -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] Unlimited quota in 1.1?
David Reid [EMAIL PROTECTED] wrote: How do I set an unlimited quota for a user in 1.1? Setting it to 0 bytes worked in 1.0, but doesn't seem to work in 1.1 :-( http://wiki.dovecot.org/Quota/1.1 -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] related, but off-topic: how to allow users to change password?
Patrick Nagel [EMAIL PROTECTED] wrote: Sahil Tandon wrote: | Thanks for the tip Patrick. Unfortunately this will not work for me | because I need to change passwords for virtual users -- the users are | not system users found in /etc/passwd, but rather virtual users that | are listed in a passwd style file in /usr/local/etc/dovecot/passwd. Oh, read your mail too quickly... sorry. No worries. I've since switched to storing userdb and passdb in MySQL, for which there are a variety of plugins to change user passwords. -- Sahil Tandon [EMAIL PROTECTED]
[Dovecot] related, but off-topic: how to allow users to change password?
My dovecot is currently configured to authenticate vs. a userdb/passdb passwd-file that contains, for each user: username:passhash:5000:5000::/path/to/home::userdb_mail=/path/to/maildir Is it possible to let users authenticate and change their passwords? There are some webmail client add-ons that allow such things if users are system accounts or in a MySQL/LDAP db. Does anyone else use passdb/userdb passwd-files like above and have a method for allowing users to change their passwords from the web? Sorry for the slightly off-topic question, but hoping another Dovecot admin has solved this problem. Preference is to not to be tied to any particular webmail client just for this change password feature.
Re: [Dovecot] related, but off-topic: how to allow users to change password?
Patrick Nagel [EMAIL PROTECTED] wrote: Maybe you can use Usermin for that (see http://www.webmin.com/usermin.html). It has a module to change system passwords. Thanks for the tip Patrick. Unfortunately this will not work for me because I need to change passwords for virtual users -- the users are not system users found in /etc/passwd, but rather virtual users that are listed in a passwd style file in /usr/local/etc/dovecot/passwd. -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] related, but off-topic: how to allow users to change password?
Eduardo M KALINOWSKI [EMAIL PROTECTED] wrote: There isn't a general utility to do that. I wrote a simple script for one such case, namely sork-passwd from the Horde suite. The script just receives the username, old password and new password from stdin and then changes the password entry in a file. But I'm using only passwd files, without the extra fields in a userdb file. Besides that, there are other things that could have been done in a better way. If you want to take a look, I posted it here some time ago: http://www.dovecot.org/list/dovecot/2008-June/031629.html Thanks Eduardo. That looks like something I might've been able to modify for our needs but using it with sork would require us to install the entire Horde, which we do not want. -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] Error - Dovecot Permission denied
kbajwa [EMAIL PROTECTED] wrote: Since I posted this original messages, I have installed, re-installed Postfix-2.3.3, Dovecot-1.1.1 Dovecot-Sieve-1.1.5 over and over still got the Permission Denied error (see /var/log/maillog logs below). Here what I found! If I add the following in /etc/postfix/main.cf; Mailbox_command = /usr/libexec/dovecot/deliver Then the Permission Denied error appears and all mail is bounced back with error message. If I remove this line, all emails are delivered fine. No error. [...] (2) what if I leave this line out? Would it cause problem with either Dovecot or Dovecot-Sieve? Unlikely; not setting mailbox_command just means Postfix will use local(8) for mail delivery. [...] Jul 27 09:16:24 www postfix/local[5623]: E31DA41C0028: to=[EMAIL PROTECTED], relay=local, delay=0.99, delays=0.74/0.03/0/0.22, dsn=5.3.5, status=bounced (local configuration error. Command output: Fatal: open(/etc/dovecot.conf) failed: Permission denied ) What are the permissions on /etc/dovecot.conf? The mailbox_command is run with the UID and the primary group GID of the recipient, so if the conf file is unreadable by that user/group, you see the error above. [...] -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] Error - Dovecot Permission denied
kbajwa [EMAIL PROTECTED] wrote: I have posted the permissions on another post. However, when I look at properties then permissions for 'dovecot.conf' file, following are the 'permissions' listed: Owner:dovecot Access: Read Write Group:Mail Access: Read-Only Others Access: none This is the problem. The mailbox_command runs neither as the dovecot user nor with the mail GID. You need to give others access to read the file. # chmod o+r /etc/dovecot.conf Execute: [] Allow executing file as program SELinux Context: file_t I hope it makes sense to you, it does not to me. Let me know if the above need some change. [...] -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] mail extra field to override default mail_location for only certain users
Nevermind, I found the solution. For those of you following along at home: http://wiki.dovecot.org/AuthDatabase/PasswdFile user:password:uid:gid:(gecos):home:(shell):extra_fields is correct. -- Sahil Tandon [EMAIL PROTECTED]
[Dovecot] odd pam_authenticate() failed: authentication error followed by successful imap-login
I am seeing the following errors in my log: Jul 27 18:14:23 aegis dovecot: auth-worker(default_with_listener): pam([EMAIL PROTECTED],74.72.46.170): pam_authenticate() failed: authentication error Jul 27 18:14:23 aegis dovecot: imap-login: Login: user=[EMAIL PROTECTED], method=PLAIN, rip=74.72.46.170, lip=206.251.255.39, TLS This happens *only* for virtual users; local UNIX users authenticate without that first error. However, all users are able to view mail, but that default_with_listener (which I setup just so Postfix could use dovecot to authenticate SASL senders) error only occurs for virtual users. Why is default_with_listener getting involved when users are trying to connect to dovecot directly without any involvement of Postfix? Non-default configuration parameters below; thanks for any hints. # dovecot -n # 1.1.1: /usr/local/etc/dovecot.conf listen: 127.0.0.1:143 ssl_listen: *:993 login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: maildir:~/Maildir imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep auth default_with_listener: mechanisms: plain login digest-md5 passdb: driver: pam passdb: driver: passwd-file args: /usr/local/etc/dovecot/passwd userdb: driver: passwd userdb: driver: passwd-file args: /usr/local/etc/dovecot/users socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix auth default: mechanisms: plain digest-md5 passdb: driver: passwd-file args: /usr/local/etc/dovecot/passwd passdb: driver: pam userdb: driver: passwd-file args: /usr/local/etc/dovecot/users userdb: driver: passwd -- Sahil Tandon [EMAIL PROTECTED]
Re: [Dovecot] odd pam_authenticate() failed: authentication error followed by successful imap-login [solved]
Sahil Tandon [EMAIL PROTECTED] wrote: I am seeing the following errors in my log: Jul 27 18:14:23 aegis dovecot: auth-worker(default_with_listener): pam([EMAIL PROTECTED],74.72.46.170): pam_authenticate() failed: authentication error Jul 27 18:14:23 aegis dovecot: imap-login: Login: user=[EMAIL PROTECTED], method=PLAIN, rip=74.72.46.170, lip=206.251.255.39, TLS [...] # dovecot -n # 1.1.1: /usr/local/etc/dovecot.conf listen: 127.0.0.1:143 ssl_listen: *:993 login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: maildir:~/Maildir imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep auth default_with_listener: mechanisms: plain login digest-md5 passdb: driver: pam passdb: driver: passwd-file args: /usr/local/etc/dovecot/passwd I guess order matters. Once I set the virtual user database to be queried before pam, the error is gone. Are there any side effects which I might not be considering? Thanks. [...] -- Sahil Tandon [EMAIL PROTECTED]
[Dovecot] mail extra field to override default mail_location for only certain users
I am running version 1.1.1 with mail_location: maildir:~/Maildir. This is working great as all our users have UNIX accounts with nologin shells. New domains (and their users) are about to come online and we would like to migrate to a setup with virtual mailboxes/users. From the wiki and comments within dovecot.conf, I see it is possible to do this piecemeal so both local and virtual users can co-exist during the transition. My question is how to keep things working as they are for existing users/domains (which will be migrated later), and use the virtual mailboxes (and thus, a different mail_location) exclusively for the new users. I understand that multiple userdbs and passdbs can be specified, and this will take care of authentication. On http://wiki.dovecot.org/VirtualUsers#homedirs it is stated that The userdb can return the mail extra field to override the default mail_location setting. Usually you shouldn't need this. Where is this mail extra field defined? In the userdb passwd-file or somewhere within dovecot.conf? If the former, would something like this suffice (mind the wrapping): [EMAIL PROTECTED]::5000:5000::/home/vhosts/domain.org/:/usr/sbin/nologin::mail=m aildir:/home/vhosts/%d/%n Thanks, -- Sahil Tandon [EMAIL PROTECTED]