Re: Backups and disaster recovery
On Sat, Dec 03, 2022 at 11:02:54PM +, GDS wrote: > Hello all! After reading some of the past threads on backups, I was > wondering if I could get a sanity check... I run a Maildir > configuration for a small (10 mailboxes) mail server. Using "doveadm > backup", for each mailbox I do: > > - Weekly full backups and then copy the files to a network-based > filesystem. > > - Daily incremental backups and then copy the files to a > network-based filesystem. > > My recovery assumption is that in case of hardware failure, I would > re-set up the mail service and for each mailbox I will recover at the > right directory the latest full mailbox backup and on top of it, each > incremental backup to the latest day. Does this sound like a sound > strategy? Assumptions are dangerous things. Have you tested your assumptions - i.e. simulated recovering from a hardware failure - in order to be sure your backups and procedures are adequate? Are your server, and your network-based filesystem protected against bit-rot? > Also, I was thinking of setting up a second dovecot server on another > server and replicating my primary on an hourly basis to decrease > recovery time. But I looked at mbsync and it seems to require mailbox > login/password for each mailbox (which I don't have). Is there an > alternative? You might want to consider using ZFS. https://en.wikipedia.org/wiki/ZFS https://openzfs.org Jim Salter has written some fairly accessible tutorials. For instance: https://arstechnica.com/information-technology/2014/02/ars-walkthrough-using-the-zfs-next-gen-filesystem-on-linux/3/ https://arstechnica.com/information-technology/2015/12/rsync-net-zfs-replication-to-the-cloud-is-finally-here-and-its-fast/ https://arstechnica.com/information-technology/2020/05/zfs-101-understanding-zfs-storage-and-performance/ https://jrs-s.net/category/open-source/zfs/ Sam
Re: [EXTERNAL] Re: Client for a Windows User ?
On Tue, Sep 13, 2022 at 04:10:22PM +, White, Daniel E. wrote: > On Tuesday, September 13, 2022 at 12:07 Narcis Garcia wrote: >> El 13/9/22 a les 18:01, White, Daniel E. ha escrit: >>> Specifically, Windows 2016 server >>> >>> I suggested Thunderbird. >>> Is there anything else ? >>> >>> Is this current ? >>> https://wiki.dovecot.org/Clients >> >> https://en.wikipedia.org/wiki/Category:Windows_email_clients > > Not helpful. Er... *yes* helpful. > Which ones, if any, behave with Dovecot ? Any standards-compliant MUA should work fine with Dovecot. If you don't like Wikipedia's list, maybe you'll prefer this list: https://alternativeto.net/software/mozilla-thunderbird/?platform=windows > I notice that Thunderbird is not listed. Sigh. It's not an *exhaustive* list.
Re: Is multi factor authentication practical/feasible?
On Sat, Jul 02, 2022 at 07:32:21AM -0800, justina colmena ~biz wrote: > Guns are banned and there's a night guard with a Big Mag flashlight or > a billy club walking the beat around the bank, kicking a homeless man > who fell asleep on the sidewalk to tell him wake up or your pocket's > going be picked clean by morning, because you've got too much money in > your name for your own good anyways, if you've got any teeth left in > your mouth or can afford the dentist's bill for that. Please stick to the topic, which is about how to implement MFA with Dovecot.
Re: Is multi factor authentication practical/feasible?
On Sun, Jun 26, 2022 at 06:52:05PM -0400, Steve Dondley wrote: > I know roundcube offers a MFA plugin. But I don’t have the foggiest > idea how of an iPhone, Android device, or Outlook could all be set up > to work with MFA with a standard dovecot/postfix setup. I'm currently vague on whether/how these can be integrated with dovecot/postfix, but ... > Are there any practical solutions for easily implementing MFA that > could work across multiple devices? ... there exist several cross-platform hardware tokens: - https://www.nitrokey.com/ - https://www.yubico.com - https://www.nytimes.com/wirecutter/reviews/best-security-keys/ and time-based one-time passwords ("TOTP") are also cross-platform: - https://en.wikipedia.org/wiki/Time-based_one-time_password - https://en.wikipedia.org/wiki/FreeOTP - https://en.wikipedia.org/wiki/Google_Authenticator - https://en.wikipedia.org/wiki/LinOTP - https://www.macrumors.com/2021/06/07/ios-15-built-in-password-authenticator/ Please update the thread if you make any progress. Thanks! Sam
Re: doveadm pw usage
On Mon, Apr 25, 2022 at 07:30:16PM +1200, Richard Hector wrote: > The downside of putting the password on the command line is that it > will (briefly) be visible in the output of 'ps': > > richard 9449 0.0 0.0 5040 3616 pts/4R+ 19:27 0:00 > /usr/bin/doveconf -f service=doveadm -c /etc/dovecot/dovecot.conf -m > doveadm -e /usr/bin/doveadm pw -p asdf Can this problem not be solved by using `pw -p "$(some cmd to echo the password)"`? E.g. if using Jason Donenfeld's password store application "pass",[1]: pw -p "$(pass Email/mydomain.com)" Sam [1]: https://git.zx2c4.com/password-store/about/
Re: doveadm pw usage
On Sun, Apr 24, 2022 at 06:45:19PM +0800, ミユナ (alice) wrote: > Bernardo Reino wrote: >> The argument to "-p" is not a file containing the password, but the >> password itself! > > ok the helps says: > > pw [-l] [-p plaintext] > > i just thought it specifies the text file. > > thanks for clarifying it. Easy mistake to make. The orthographic difference between "plaintext" and "plain text" is small. The semantic difference is large: https://en.wikipedia.org/wiki/Plaintext https://en.wikipedia.org/wiki/Plain_text
Re: Bad Signature - Both Roundcube and Squirrelmail webmail cannot search for anything + cannot open many emails because there are more than 200, 000 emails in my Inbox
On Wed, Apr 20, 2022 at 09:55:02PM +0800, Turritopsis Dohrnii Teo En Ming wrote: >> My advice for anyone who wants to be able to keep and search very large >> monolithic mailstores would be: synchronise (e.g. via >> https://isync.sourceforge.io/ or fetchmail or getmail or rsync or Unison >> or whatever) those mailstores from the server onto your local >> filesystem; use maildir on your local filesystem; and use either Mutt's >> "limiting" functions, or notmuch's index/search functions, for >> searching/browsing. > > Wouldn't it be very tedious and time consuming to sync mailboxes from > the server onto our local filesystems? Setting it up can be tedious depending on your needs. If your mailserver is self-hosted, giving you direct access to the filesystem, that gives you more options (rsync, Unison, Dovecot dsync, etc). Even if not, it's still possible using isync, fetchmail, or whatever (see URL above). Once the initial sync is performed, though, subsequent syncs should only need to transmit the difference between the local and remote mailstores, and therefore should usually be fast and, optionally, automatic. Sam
Re: Bad Signature - Both Roundcube and Squirrelmail webmail cannot search for anything + cannot open many emails because there are more than 200, 000 emails in my Inbox
On Wed, Apr 20, 2022 at 09:51:18PM +0800, Turritopsis Dohrnii Teo En Ming wrote: > I believe Gmail is using IMAP. The instructions for configuring Gmail > email accounts in Outlook specifically mention IMAP server hostname: > > imap.gmail.com > > TCP Port 993, SSL Gmail offers an IMAP2 endpoint so that users can connect to Gmail with IMAP2 clients (Thunderbird, Claws, Apple's Mail.app, or whatever) if they wish to. However, Gmail's web interface, and Gmail's proprietary mobile apps, almost certainly do *not* use IMAP2 to communicate with the Gmail servers. As has already been pointed out in this thread, they likely use a proprietary protocol optimised for that proprietary environment. Sam
Re: Bad Signature - Both Roundcube and Squirrelmail webmail cannot search for anything + cannot open many emails because there are more than 200, 000 emails in my Inbox
On Tue, Apr 19, 2022 at 07:26:10PM -0600, Shawn Heisey wrote: > I would bet that if you accessed a gmail folder with 5 million > messages in it using IMAP, you would have similar problems with it to > those that have been described here in this thread. IMAP is a > beautiful protocol, but I don't think it was designed for handling > that many messages. This. Sadly, Mark Crispin (author of IMAP and IMAP2) is no longer with us to confirm. Even at just ~100B for each message's headers, your IMAP2 client would likely need at least ~500MB free RAM to load 5 million mails. By the time Mark stopped working on UW IMAP (the reference IMAP implementation, aka Panda IMAP), c.2010, even top-of-the-range smartphones typically had only ~512MB RAM total, and top-of-the-range ThinkPads had max ~4GiB (which was the upper limit of what 32-bit operating systems, still popular then, could handle). When IMAP2 was invented, c.1988-1990, RAM like that was basically supercomputer territory. Had Mark intended or expected IMAP2 users to have had supercomputers at their disposal, and to be searching such large volumes of mail over the protocol, I suspect he would have designed the protocol differently: for raw efficiency over human readability. My advice for anyone who wants to be able to keep and search very large monolithic mailstores would be: synchronise (e.g. via https://isync.sourceforge.io/ or fetchmail or getmail or rsync or Unison or whatever) those mailstores from the server onto your local filesystem; use maildir on your local filesystem; and use either Mutt's "limiting" functions, or notmuch's index/search functions, for searching/browsing. Good luck in your quest! Sam
Re: Bad Signature - Both Roundcube and Squirrelmail webmail cannot search for anything + cannot open many emails because there are more than 200, 000 emails in my Inbox
On Mon, Apr 18, 2022 at 03:23:10PM -0700, Joseph Tam wrote: > On Mon, 18 Apr 2022, Paul Kudla (SCOM.CA Internet) wrote: >> As for the 200,000+ emails in the inbox no email system was ever >> designed for that - ever. >> ... >> no system will support 200,000 + emails, even if the server can >> handle that and running imap where you only download the headers the >> email client would just spin trying to update the email box >> constantantly. > > I think Gmail does exaclty this -- their mail system really has one > big mesage repository, and they simulate mailboxes by using labels. > They seem to encourage piling the message high and using their search > or auto-labelling features to find what you're looking for. > > Users of mine who previously used Gmail expect our mail system to > behave similarly, and I have to break them of their habit to packrat > all their mail into their INBOX. Gmail is *advertised* as working that way. In practice, though, Gmail used to exhibit search/browse bugs (e.g. failing to identify all relevant mails/threads) annoyingly often. This was sometimes true via the official Gmail web interface, and was especially true via the official mobile app, on at least some platforms. Maybe those issues have been fixed - I don't know. But unless they have been, Gmail is not really a panacea. In any case, for Dovecot, Joseph & Paul's advice to divide mail into folders where possible seems sensible - especially for access over IMAP. Sam
Re: silly quesiton [ot]
On Mon, Jan 31, 2022 at 12:04:57PM +0100, Wojciech Puchar wrote: >>> mbox is multiple emails in single file, maildir is single email in >>> single file >> >> Exactly my point! > > which is good (mbox) in mail archiving. And not much else. Exactly. -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: silly quesiton [ot]
On Mon, Jan 31, 2022 at 11:26:26AM +0100, Benny Pedersen wrote: > On 2022-01-31 07:23, Sam Kuper wrote: >>DJB developed Maildir to gain performance and reliability improvements >>over mbox files. Unlike Maildirs, mbox files *are* "large flat >>files". > > mbox is multiple emails in single file, maildir is single email in > single file Exactly my point! -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: silly quesiton [ot]
On Sun, Jan 30, 2022 at 07:49:56PM -0900, justina colmena ~biz wrote: > On January 30, 2022 6:30:44 PM AKST, Sam Kuper wrote: >> On Sun, Jan 30, 2022 at 06:17:49PM -0900, justina colmena ~biz wrote: >>> On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: >>>> Storing mail in a db... at the end of the day isn't it still just a >>>> file (.db file) on the drive? >>>> >>>> Aren't you just adding bloat and complexity vs just storing the >>>> mail directly (maildir format) to a file on the drive? [...] >>> >>> You'll get better indexing and fast full text search by storing your >>> emails in a database rather than a flat file, hopefully after >>> decoding any attachments. Especially for spam scoring, analysis, and >>> classification. Much better performance deleting or moving specific >>> messages, too. >> >> Do you have evidence to back up these claims, specifically re: mail >> servers? >> >> Like-for-like benchmarks, for instance? > > Just ideas. OK, no then. > Removing or deleting a single message from near the beginning of a > large flat file takes an inordinate amount of time because the > remainder of the flat file has to be rewritten all the way from the > point of the deleted message to the end of the file and then > truncated. You might want to look up what Maildir is before making bold but apparently unfounded claims about it. Maildir is not a "large flat file". It is a set of conventions that amount to a database specification, in the traditional sense of the word "database": a system for storing data. (Not a relational database.) DJB developed Maildir to gain performance and reliability improvements over mbox files. Unlike Maildirs, mbox files *are* "large flat files". Best wishes, Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: silly quesiton [ot]
On Sun, Jan 30, 2022 at 06:17:49PM -0900, justina colmena ~biz wrote: > On January 30, 2022 5:46:53 PM AKST, dove...@ptld.com wrote: >> Storing mail in a db... at the end of the day isn't it still just a >> file (.db file) on the drive? >> >> Aren't you just adding bloat and complexity vs just storing the mail >> directly (maildir format) to a file on the drive? [...] > > You'll get better indexing and fast full text search by storing your > emails in a database rather than a flat file, hopefully after decoding > any attachments. Especially for spam scoring, analysis, and > classification. Much better performance deleting or moving specific > messages, too. Do you have evidence to back up these claims, specifically re: mail servers? Like-for-like benchmarks, for instance? Thanks, Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: GDPR/sender-ip (was: make received-header on submission optional or at least drop the ip in it)
On Wed, Jan 05, 2022 at 07:00:19PM +0100, John Fawcett wrote: > On 05/01/2022 18:36, Sam Kuper wrote: >> On Wed, Jan 05, 2022 at 06:00:31PM +0100, John Fawcett wrote: >>> my understanding of the GDPR legislation is that it defines what is >>> considered lawful processing. One of those items that makes the >>> processing lawful is consent. >> >> Not necessarily. >> >> An action that would not be lawful without consent is not >> automatically made lawful with consent, including under GDPR. > > Correct there could be other reasons that make processing unlawful. Indeed. > However, GDPR will allow processing if the data subject consents [..] Not necessarily. The consent must meet four tests before it is valid for GDPR purposes. It must be: - freely given, - specific, - informed, and - unambiguous. See https://gdpr.eu/gdpr-consent-requirements/ >>> If I send an email to a public mailing list I think it's fair to say >>> that I am providing consent. >> >> Again, not necessarily. >> >> First of all, consent cannot necessarily be assumed. > > Correct that it cannot necessarily be assumed. But in this case I > think it would be fair to assume it when someone sends an email to a > public mailing list that consent has been given. I cannot see how > having sent an email to a public mailing list I can then object to > people processing it. [..] You say you cannot see it, but I gave an example below, in my previous email: >> Secondly, a person sending an email to a mailing list might very well >> consent for the mailing list's recipients to receive the content, >> subject, and reply address of that email - but *not* the IP address >> from which it was sent. > > Correct. That is why I mentioned as an alternative "request that your > users consent to the processing of the data". The IP address is a different kind of datum to the content, subject, and reply address. For instance: - The IP address is likely to allow the user's location (city or region) to be inferred, in a manner typically outside the user's control. As such, disseminating the IP address unnecessarily would reduce the user's privacy. - The sender of an email is likely to be aware of the content, subject, and sender address of an email that they send, because MUA UIs typically make this clear. But many (most?) email users don't know what IP addresses are or what can be inferred from them, and so *cannot* (without being provided with a clear explanation) give informed consent about divulging their IP addresses unnecessarily. So, unless a service provider obtains user consents meeting the four tests above, in respect of *each kind* of datum they intend to process, then the service provider would on the face of it be in breach of the GDPR in respect of that kind of datum. In particular, the "freely given" consent means that provision of a service, etc, should not be contingent upon consent. I.e. if it is not *necessary* (which it isn't, by definition) for some kind of datum (e.g. users' IP addresses) to be disseminated more widely than necessary, then a service provider cannot validly under the GDPR require a user to consent to such dissemination in order to receive the service. Such contingency would render the consent not freely given. Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: GDPR/sender-ip (was: make received-header on submission optional or at least drop the ip in it)
On Wed, Jan 05, 2022 at 06:00:31PM +0100, John Fawcett wrote: > my understanding of the GDPR legislation is that it defines what is > considered lawful processing. One of those items that makes the > processing lawful is consent. Not necessarily. An action that would not be lawful without consent is not automatically made lawful with consent, including under GDPR. > If I send an email to a public mailing list I think it's fair to say > that I am providing consent. Again, not necessarily. First of all, consent cannot necessarily be assumed. Secondly, a person sending an email to a mailing list might very well consent for the mailing list's recipients to receive the content, subject, and reply address of that email - but *not* the IP address from which it was sent. Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: ZFS storage and backup
On Sun, Nov 14, 2021 at 03:14:44PM +0100, infoomatic wrote: > I am about to migrate our mailservices to FreeBSD + ZFS. Thus, before > entering the sheer endless stage of performance testing, I thought I > would ask here kindly for all kinds of information. > > [..] > > *) storages: any infos on ZFS options [..] In addition to FreeBSD's excellent handbook, plus of course man-pages, you may find the following helpful: https://arstechnica.com/information-technology/2020/05/zfs-101-understanding-zfs-storage-and-performance/ and https://jrs-s.net/category/open-source/zfs/ especially https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/ -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Strategies for protecting IMAP (e.g. MFA)
On Sat, Nov 13, 2021 at 03:34:12PM -0800, lists wrote: > [..] Now Yubikey at least has my attention. But people often leave the > key plugged into their notebook. Very true with the Google equivalent > which I have heard from Google employees. The keys themselves aren't > exactly transferable, but when you have physical access then all bets > are off. Yubikeys are available in several form factors. Not all of them can readily be left plugged in - at least, not into a portable device. The larger Yubikeys stick out too far and would likely fall out or get broken if left plugged in. So, if you don't want laptop users leaving their keys in their devices, give them larger format Yubikeys. (Or Nitrokeys, see below.) > If someone fool actually paid me to be sysadmin, I would use a > Yubikey. [..] Yubikeys are decent in many respects, but not entirely unproblematic: https://en.wikipedia.org/w/index.php?title=YubiKey&oldid=1053509936#Security_issues For portable hardware security tokens with a better security track record (to my knowledge, anyway), see: https://en.wikipedia.org/wiki/Nitrokey https://www.nitrokey.com/ Also possibly of interest: https://www.gniibe.org/category/fst-01.html -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Some questions about mail_crypt setups
On Sun, Feb 21, 2021 at 05:20:59PM -0500, deano-dove...@areyes.com wrote: > I have global mail enecryption working nicely, and replication works > nicely between two systems. The main problem is that the private and > public keys are *right there* on the server in /etc/dovecot/private > ... Fine for a completely controlled system, but not so fine when on > a rented VPS etc. I'm not running a Dovecot instance myself at the moment, but I have been wondering about the above. My current understanding is that Dovecot, like any other piece of software that needs to decrypt data from disk, will inevitably need to either: - keep the private keys in memory for at least *some* time, in order to be able to perform decryption using the CPU; OR - use an HSM (or equivalent, such as maybe a TPM or an OpenPGP Card) to perform decryption as needed. In a case where there is no HSM (or equivalent), any attacker who gains root or hypervisor privileges over the machine can in principle extract the key from memory irrespective of whether the private key is on disk. They can then decrypt messages at their leisure. In such a case, the security is already quite low and little additional security is lost by keeping the private key in a local file on disk that is readable only by root (and perhaps also readable by one other carefully-chosen account if necessary). The above applies to rented VPSes. You are vulnerable to the VPS provider, because they have hypervisor privileges. So, if you want the email store to be private, the first thing to do is have it on your own hardware. In the better case where you have your own hardware, then the concern becomes: how to avoid attackers accessing the private keys if they gain root, or if they gain physical access. Here, an HSM (or equivalent) will help, by keeping the private keys off the filesystem and out of RAM/cache/etc. A properly-implemented HSM or smartcard will make it infeasible for an attacker to obtain the private key even if they gain root; and will make it expensive for an attacker to obtain the private key even if they gain physical access. Can Dovecot utilise an HSM (or equivalent)? I'm not sure. I look forward to finding out. > Would it be possible for dovecot to read the keys as output from a > script ? I'm thinking of a small script that would reach out to an > authentication service like Authy or Okta or similar. Making your own ability to access the email store dependent upon an untrustworthy third-party like Okta is, IMO, even worse than using a VPS. Not only are you leaving the door open to an attacker should that service provider prove to be either compromised or malicious; you also leave yourself vulnerable to a whole new class of DoS attacks. (Okta is mostly security theatre. The basic premise is bad enough, but auditing various Okta deployments, and meeting and speaking with Okta technical staff, left me with an even worse impression of that company.) Sam -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Providers running dovecot?
On Sun, Sep 27, 2020 at 04:30:21PM +0200, Olivier Cailloux wrote: > I am looking for providers of free e-mail addresses known to run > Dovecot (or a variant thereof) for IMAP access. Possibly Posteo. Not free IIRC, but very inexpensive (~1EUR/month). -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Urgent Help required
On Thu, Jul 09, 2020 at 09:02:12AM +0100, Kishore Potnuru wrote: > On Thu, Jul 9, 2020 at 6:40 AM Aki Tuomi wrote: >> We provide official community edition RPMs at >> https://repo.dovecot.org for 2.3. > > Am I able to install (2.3 version) on RHEL 6.10 or RHEL 7.7 versions? > Will there be any issues? > > I know RHEL 6.10 is out of support in November. But I want to > understand and try in my test environment. > > Is it possible? Kishore, maybe read these: http://linuxmafia.com/faq/Essays/smart-questions.html#before https://www.netmeister.org/news/learn2quote2.html#ss2.3 -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Outlook vs Thunderbird (re disabling SSL)
On Wed, Jul 08, 2020 at 12:05:55PM +1000, Mark Constable wrote: > I spent a week trying every cypher combination I could find via Google > for Dovecot but with the phone going off the hook from complaints by > customers not being able to pick up their mail. We had to respond with > some solution so, after a week, disabling SSL was very reluctantly the > only option left. We lost ~40 customers to outlook.com because of > this. Ouch. But does outlook.com not require TLS? (I don't currently have an outlook.com account.) If so, then why would customers be able to solve their problem by moving to outlook.com? Maybe by using outlook.com's webmail interface, I guess, but you could presumably compete with this by offering Squirrelmail or Roundcube. Yet another possible workaround for customers using email clients or operating systems that don't speak recent versions of TLS is to have them install stunnel on their PC, or else to send them a box (e.g. Raspberry Pi) running stunnel that they can put on their LAN/WLAN: https://joewein.net/blog/2018/07/04/outlook-express-error-0x800ccc0b-and-the-end-of-tls-1-0-deprecated-ssl-protocol/ https://en.wikipedia.org/wiki/Stunnel Of course, the main problem with sending a box is that it would periodically require software updates & reboots. If you already have a routine for upgrading software on boxes on customer premises, then include the boxes in that routine; otherwise, it's a headache. Also, the stunnel approach would not help for non-jailbroken iOS devices except while they are downstream of an stunnel box. So, OK over the WLAN but no good while on mobile data. Anyway, good luck! -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: SV: SV: Outlook vs Thunderbird
On Tue, Jul 07, 2020 at 07:00:23PM +0200, Sebastian Nielsen wrote: > Sorry about that, its just outlook that does that by default. Consider migrating to a MUA that, unlike Outlook, understands mailing lists. For example, Mutt (which definitely sucks less than Outlook): http://www.mutt.org/doc/manual/#using-lists > I don't know what you mean with "top posting"? Read this: https://www.netmeister.org/news/learn2quote2.html#ss2.3 That FAQ was written for Usenet, but also applies to email. -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: fail2ban setup centos 7 not picking auth fail?
On Sat, May 23, 2020 at 11:55:33AM +0800, Plutocrat wrote: > On 22/05/2020 18.32, Jerry wrote: >> On Thu, 21 May 2020 23:22:04 -0700, lists stated: >>> I use SSHGuard on well ssh (doh!), but supposedly you can use it for >>> postfix and dovecot also. I can tell you it is well supported. [..] >> >> SSHGuard works fairly well with Postfix; however, it is virtually >> useless with Dovecot. [..] I have submitted documentation and >> requests to SSHGuard, but they have never acted upon them [..] > > Just to add another alternative while we're discussing the subject, > I've got a soft spot for CSF as a replacement for fail2ban, and it has > a lot of additional features as well. > > https://www.configserver.com/cp/csf.html In case it matters to anyone reading this thread: - fail2ban and SSHGuard are free software (free as in freedom). GPL2+ and ISC respectively. - CSF seems to be non-free: https://download.configserver.com/csf/license.txt -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Convert standalone mbox to standalone Maildir with Dsync - hierarchy separator error
On Thu, May 21, 2020 at 04:16:26AM +0100, Sam Kuper wrote: > On Wed, May 13, 2020 at 11:03:37AM +0300, Aki Tuomi wrote: >> Edit your dovecot.conf and add >> >> namespace { >> inbox = yes >> # or use '.' here. >> separator = / >> } > > Thanks for the suggestion! I added those lines to the bottom of > /etc/dovecot/dovecot.conf . > > However, when I attempted the mbox to maildir conversion afterwards, I > still received an error, albeit a different one: > > $ dsync -Dv \ > -o 'mail_location=maildir:/tmp/dsync_test/maildir' \ > backup \ > mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September > > [..] > > doveadm(sampablokuper): Error: User initialization failed: > namespace configuration error: Duplicate namespace prefix: "" > > doveadm(sampablokuper): Error: User init failed > > > I was able to resolve this error by commenting out this line in my > /etc/dovecot/dovecot.conf: > > include conf.d/*.conf I meant to add, for anyone else reading this who might be experiencing the same error, that the following thread was quite helpful: https://forum.vestacp.com/viewtopic.php?t=17154 -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: Convert standalone mbox to standalone Maildir with Dsync - hierarchy separator error
On Wed, May 13, 2020 at 11:03:37AM +0300, Aki Tuomi wrote: > Edit your dovecot.conf and add > > namespace { > inbox = yes > # or use '.' here. > separator = / > } Thanks for the suggestion! I added those lines to the bottom of /etc/dovecot/dovecot.conf . However, when I attempted the mbox to maildir conversion afterwards, I still received an error, albeit a different one: $ dsync -Dv \ -o 'mail_location=maildir:/tmp/dsync_test/maildir' \ backup \ mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) doveadm(sampablokuper): Debug: Effective uid=1000, gid=1000, home=/home/sampablokuper doveadm(sampablokuper): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/tmp/dsync_test/maildir doveadm(sampablokuper): Debug: maildir++: root=/tmp/dsync_test/maildir, index=, indexpvt=, control=, inbox=/tmp/dsync_test/maildir, alt= doveadm(sampablokuper): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/tmp/dsync_test/maildir doveadm(sampablokuper): Debug: maildir++: root=/tmp/dsync_test/maildir, index=, indexpvt=, control=, inbox=/tmp/dsync_test/maildir, alt= doveadm(sampablokuper): Error: User initialization failed: namespace configuration error: Duplicate namespace prefix: "" doveadm(sampablokuper): Error: User init failed I was able to resolve this error by commenting out this line in my /etc/dovecot/dovecot.conf: include conf.d/*.conf Even after that, though, dsync still failed to migrate the source mbox's contents to the target maildir, but this time with a "Skipping unchanged mailbox" message. See below for full output. (Dsync did however replace the source mbox's contents with a dummy message: "This text is part of the internal format of your mail folder, and is not a real message. ...".) I would be grateful for assistance to make dsync convert the mbox to a maildir. Here is dsync's output: $ dsync -Dv -o mail_location=maildir:/tmp/dsync_test/maildir backup mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore
Convert standalone mbox to standalone Maildir with Dsync - hierarchy separator error
Dear Dovecot users/devs, I have the following mbox file: /tmp/dsync_test/mbox/2002-September I would like to convert it to a Maildir: /tmp/dsync_test/maildir (Currently, the latter is just an empty directory.) I am attempting this on an old PC running Debian 9 ("Stretch"). I installed the dovecot-core package in order to make the `dsync` tool available on that PC. I have not otherwise done anything with Dovecot on that PC; for instance, I have not created or edited any Dovecot config files. `man dsync` gives the Dovecot version as 2.2. Inspired by the man page and the Dovecot wiki, here was my first attempt to perform the conversion. (I have added newlines between each line of the output, for readability.) $ dsync -Dv -o 'mail_location=maildir:/tmp/dsync_test/maildir' \ backup \ mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) doveadm(sampablokuper): Debug: Effective uid=1000, gid=1000, home=/home/sampablokuper doveadm(sampablokuper): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/tmp/dsync_test/maildir doveadm(sampablokuper): Debug: maildir++: root=/tmp/dsync_test/maildir, index=, indexpvt=, control=, inbox=/tmp/dsync_test/maildir, alt= doveadm(sampablokuper): Debug: Namespace : Using permissions from /tmp/dsync_test/maildir: mode=0755 gid=default dsync(sampablokuper): Debug: Effective uid=1000, gid=1000, home=/home/sampablokuper dsync(sampablokuper): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September dsync(sampablokuper): Debug: fs: root=/tmp/dsync_test/mbox, index=, indexpvt=, control=, inbox=/tmp/dsync_test/mbox/2002-September, alt= dsync(sampablokuper): Error: Mail locations must use the same virtual mailbox hierarchy separator (specify separator for the default namespace) As you can see, it ends with "Error: Mail locations must use the same virtual mailbox hierarchy separator (specify separator for the default namespace)". So, I tried specifying a hierarchy separator, but this failed too: $ dsync -Dv \ -o 'separator=.' \ -o 'mail_location=maildir:/tmp/dsync_test/maildir' \ backup \ mbox:/tmp/dsync_test/mbox/:INBOX=/tmp/dsync_test/mbox/2002-September Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_