[Dovecot] File Permissions and delivery
Hi I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration perl script and everything was fine and dandy. However, when I can to do the production migration, things weren't as smooth. The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything At this point everything looked like it was ok. Mail was being received and delivered to the Maildirs and the IMAP login was fine. However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: Aug 26 16:59:48 mail dovecot: IMAP(si...@lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw--- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw--- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw--- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. After thinking for a while it occurred to me that this is covered in the LDA section. But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and dovecot after the changes). Anyway, here is my dovecot -n: mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster@net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir As you can see, I tried to go 0660 in both client and master. The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flag
Re: [Dovecot] File Permissions and delivery
On 26 August 2011 19:35, Patrick Domack wrote: > > My guess is your delivering email with postfix to the inbox, instead of using > dovecot-lda. And something odd is going on with that postfix to get odd > permissions like that. > > You probably needed to edit the postfix virtual deliever transport, or maybe > you just forget to active the dovecot-lda (deliever) transport. That's why I included the portion from my master.cf The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} The numbers are just line numbers from vim. The entry reads like: # SPB - Attempt to deliver with Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} malsystem is the user and /usr/lib/dovecot/deliver exists. Simon > > Quoting Simon Brereton : > >> Hi >> >> I'm very new to Dovecot (been using Courier for 5 years), but I've been >> persuaded of the merits of Dovecot and since the server needs upgrading that >> seems like the perfect time/excuse. >> >> On a test server, I set up postfix and installed Dovecot (running 32-bit >> Debian Squeeze, installed from apt-get). I mirrored the mail store >> (Maildirs, for historical reasons located under >> /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration >> perl script and everything was fine and dandy. >> >> However, when I can to do the production migration, things weren't as >> smooth. The new server is 64-bit (not that I think it makes a difference, >> but if you're going to help me you should have all the information :) >> >> Again, I installed Postfix and Dovecot >> Took down the old server >> Mirrored the Maildirs >> Ran the migration script >> Restarted everything >> >> At this point everything looked like it was ok. Mail was being received and >> delivered to the Maildirs and the IMAP login was fine. However, I noticed >> errors in the logs when retreiving mail with the MUA along the lines of: >> >> Aug 26 16:59:48 mail dovecot: IMAP(si...@lydiard.net): >> open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >> failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) >> missing +r perm: >> /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) >> >> After messing around with the chown and chmod (even though these were >> exactly the same as the test server) I finally discovered the issue. >> >> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ >> -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 >> 1314326000.V801I1666018M803015.mail.net,S=2461:2, >> -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 >> 1314326209.V801I1666019M447273.mail.net,S=2460:2, >> -rw-rw 1 postfix mailsystem 2.5K Aug 26 04:00 >> 1314327630.V801I166601aM308173.mail.net,S=2477:2, >> -rw--- 1 postfix mailsystem 2.5K Aug 26 04:22 >> 1314328966.V801I166601bM756462.mail.net,S=2461:2, >> -rw--- 1 postfix mailsystem 1.1K Aug 26 16:28 >> 1314372534.V801I166601cM615258.mail.net,S=1097:2, >> -rw--- 1 postfix mailsystem 1.1K Aug 26 16:31 >> 1314372685.V801I166601dM264242.mail.net,S=1097:2, >> >> Mails are being delivered with 0600 permissions and not 0660 (the mails from >> courier seem to have all been 0770 as you can see). If I manually change >> the permission (to 0660) then I can see the mail in the MUA. >> >> After thinking for a while it occurred to me that this is covered in the LDA >> section. But making changes to the config file (either permissions or >> UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and >> dovecot after the changes). >> >> Anyway, here is my dovecot -n: >> >> mail:~# dovecot -n >> # 1.2.15: /etc/dovecot/dovecot.conf >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 >> log_timestamp: %Y-%m-%d %H:%M:%S >> protocols: imap imaps pop3 pop3s >> ssl_ca_file: /etc/ssl/keys/ca.crt >> ssl_cert_file: /etc/ssl/keys/mail.net.crt >> ssl_key_file: /etc/ssl/private/mail.net.key >> disable_plaintext_auth: no >> login_dir: /var/run/dovecot/login >> login_executable(default): /usr/lib/dovecot/imap-login >> login_executable(imap): /usr/lib/dovecot/imap-login >> login_executable(pop3): /usr/lib
Re: [Dovecot] File Permissions and delivery
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Patrick Domack > Just adding that won't make dovecot use it though, you would have to > include the postconf -n output. Normally something like > virtual_transport=dovecot Crap. I had added that. But I'd also forgotten to comment out the original virtual_transport = virtual line. Thanks. I think that has fixed it though I'm still struggling with directory permissions. Simon
Re: [Dovecot] File Permissions and delivery
> -Original Message- > From: Timo Sirainen [mailto:t...@iki.fi] > Sent: Sunday, August 28, 2011 11:25 PM > On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > > -rw-rw 1 postfix mailsystem 2.5K Aug 26 04:00 > > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > > -rw--- 1 postfix mailsystem 2.5K Aug 26 04:22 > > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > > -rw--- 1 postfix mailsystem 1.1K Aug 26 16:28 > > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > > -rw--- 1 postfix mailsystem 1.1K Aug 26 16:31 > > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the > new mails should be delivered with 0660 permissions. (I don't > remember if having g+s makes any difference in the directory like you > have in the domain dir.) > > In any case, it would be better if mails were delivered as > mailsystem:mailsystem 0600 since that's what you're reading them as. > Unless you have some other good reason for requiring mailsystem group > to be able to read them. So mean I should change client to mailsystem/mailsystem in the dovecot.conf too? I'm also not sure what (if any) effect the g+s has - that's just how it was (and how it is on the test installation). As per my previous note to Patrick, I think I've fixed the delivery issue, but now I have these in the log again: Aug 29 15:59:14 mail dovecot: deliver(si...@lydiard.net): chdir(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(si...@lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon) failed: Permission denied Aug 29 15:59:14 mail dovecot: deliver(si...@lydiard.net): stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) Even if I make EVERTHING under /var/spool/mail/virtual/* owned by mailsystem:mailsystem - and reload postfix and restart doevcot. And even if I remove the sticky bit. mail:~# ls /var/spool/mail/virtual/domain.net/simon/ total 880K drwxrwx--- 13 mailsystem mailsystem 4.0K Aug 26 16:53 ./ drwxrwx--- 5 mailsystem mailsystem 4.0K Aug 26 00:39 ../ drwxrwx--- 2 mailsystem mailsystem 4.0K Dec 3 2007 courierimaphieracl/ drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 25 18:57 courierimapkeywords/ -rwxrwx--- 1 mailsystem mailsystem 67 Nov 30 2007 courierimapsubscribed -rwxrwx--- 1 mailsystem mailsystem 15K Aug 25 20:45 courierimapuiddb -rwxrwx--- 1 mailsystem mailsystem 20K Aug 25 20:38 courierpop3dsizelist drwxrwx--- 2 mailsystem mailsystem 32K Aug 26 16:43 cur/ -rwxrwx--- 1 mailsystem mailsystem 3.5K Aug 26 03:37 dovecot.index -rwxrwx--- 1 mailsystem mailsystem 697K Aug 26 16:44 dovecot.index.cache -rwxrwx--- 1 mailsystem mailsystem 8.5K Aug 26 16:53 dovecot.index.log -rw-rwx--- 1 mailsystem mailsystem 25K Aug 26 16:44 dovecot-uidlist -rwxrwx--- 1 mailsystem mailsystem8 Aug 25 23:14 dovecot-uidvalidity -rwxrwx--- 1 mailsystem mailsystem0 Aug 25 23:14 dovecot-uidvalidity.4e56c938 drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 03:10 .Drafts/ drwxrwx--- 6 mailsystem mailsystem 4.0K Nov 30 2007 .Junk E-mail/ -rwxrwx--- 1 mailsystem mailsystem7 Aug 26 22:05 maildirsize drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 new/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Outbox/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 26 00:17 .Sent/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 23:14 .Sent Items/ -rwxrwx--- 1 mailsystem mailsystem 37 Aug 25 22:26 subscriptions drwxrwx--- 2 mailsystem mailsystem 4.0K Aug 26 22:05 tmp/ drwxrwx--- 6 mailsystem mailsystem 4.0K Aug 25 22:26 .Trash/ Any ideas? Simon
Re: [Dovecot] File Permissions and delivery
> -Original Message- > From: Timo Sirainen [mailto:t...@iki.fi] > > On Mon, 2011-08-29 at 11:14 -0400, Simon Brereton wrote: > > Aug 29 15:59:14 mail dovecot: deliver(si...@lydiard.net): > stat(/var/spool/mail/virtual/domain.net/simon/tmp) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > > > Even if I make EVERTHING under /var/spool/mail/virtual/* owned by > mailsystem:mailsystem - and reload postfix and restart doevcot. > > But you didn't change the /var/spool/mail/virtual directory itself? > (Like the error message says.) Yes, after sitting looking at that error message for a while, I tried that and it seems to work. I'm confused now as to why is works on the test system - but nonetheless thank you. Simon
[Dovecot] Sub-folder outside of the mail store
Hi How do I create an IMAP folder that links to a folder outside of the mail store? For example, I have all domains under /var/spool/mail/virtual/domains.net/ and users under /var/spool/mail/virtual/domains.net/user Amavis delivers quarantine mail to /var/spool/mail/quarantine I would like one user (postmaster) to have a folder /var/spool/mail/virtual/domains.net/postmaster/.Quarantine and link it to that folder - is that possible? Is it safe? The client the postmaster uses can then reinject and deliver the mail if need be (i.e. it's safe or the attachment has been stripped). Thanks. Simon
[Dovecot] Password query returned multiple matches
Hi After successfully setting up dovecot, I see this error in the logs. Aug 30 22:41:45 mail dovecot: auth-worker(default): sql(sbrere...@domain.co.uk,64.88.168.84): Password query returned multiple matches Aug 30 22:41:52 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=64.88.168.84, lip=127.0.0.1, TLS Can you tell me what it means or what I should look for? In my dovecot-sql.conf I have this query: password_query = SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' AND active = '1'; Since the EmailAdd is unique I don't see how it can return multiple matches. Thanks. Simon
Re: [Dovecot] Password query returned multiple matches
> -Original Message- > From: Timo Sirainen [mailto:t...@iki.fi] > > On 31.8.2011, at 18.19, Simon Brereton wrote: > > > Aug 30 22:41:45 mail dovecot: auth-worker(default): > sql(sbrere...@domain.co.uk,64.88.168.84): Password query returned > multiple matches > .. > > password_query = SELECT EmailAdd AS user, Password AS password, > concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as > userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='%u' > AND active = '1'; > > > > Since the EmailAdd is unique I don't see how it can return multiple > matches. > > You're querying with Username, not with EmailAdd, and apparently > there are multiple rows where Username='sbrere...@domain.co.uk'. Well, what do you know - there are two Usernames that at the same! I have no idea how that happened. Simon
[Dovecot] Multiple domains to one inbox and temporary redirects...
Hi Can anyone point me to a howto to arrange for multiple domains to deliver to one inbox with Dovecot? For example, us...@example.com and us...@example.net should both be delivered to /var/spool/mail/virtual/example.net/user1 Currently, I have the dovecot LDA set as: dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} and in dovecot.conf: mail_location: maildir:/var/spool/mail/virtual/%d/%n For some domains only, I need to override that mail_location. Related to that, when user1 leave and user2 would like to receive user1's email, how can I get it so that email to us...@example.com is delivered to us...@example.com? Previously when I was using Postfix to deliver the mails, I could change the maildirloc in the DB - but I’m not sure how to accomplish this with dovecot LDA. Again, any pointers would be welcome. Thanks. Simon
Re: [Dovecot] Multiple domains to one inbox and temporary redirects...
> -Original Message- > From: Nick Rosier [mailto:nick+dove...@bunbun.be] > > Simon Brereton wrote: > > Hi > > > > Can anyone point me to a howto to arrange for multiple domains to > > deliver to one inbox with Dovecot? For example, us...@example.com > and > > us...@example.net should both be delivered to > > /var/spool/mail/virtual/example.net/user1 > > > > Currently, I have the dovecot LDA set as: > > > > dovecot unix - n n - - pipe > >flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > > ${sender} -d ${user}@${nexthop} > > > > > > and in dovecot.conf: > > > > mail_location: maildir:/var/spool/mail/virtual/%d/%n > > > > For some domains only, I need to override that mail_location. > > > > > > Related to that, when user1 leave and user2 would like to receive > user1's email, how can I get it so that email to us...@example.com is > delivered to us...@example.com? Previously when I was using Postfix > to deliver the mails, I could change the maildirloc in the DB - but > I’m not sure how to accomplish this with dovecot LDA. > > > > > I'm using Postfixadmin to manage users and have server alias-domains. > All mail sent to an alias-domain is delivered to the other domain. > Quite easy if you've got postfixadmin already setup. > > Otherwise I think you could configure virtual_alias_maps in postfix > to something like hash:virtual_domains > > virtual_domains: > @example.net@example.com Cheers Nick Of course that will do it. Thanks. Simon
[Dovecot] Mails repopping
HI I don't know if this is a dovecot issue or a client one. But as Dovecot is the most recent change, I'll start here. I have a server that's been running Courier for about 6 years and in all that time I think I've only ever had 1 issues where an entire mail box was repopped by a webmail client. However, since moving to a new server and dovecot 4 weeks ago, I've now had the webmail client repop this account 4 times (there are about 230 mails in the account). Is there a setting I need to tighten to prevent/remedy this? I have no idea if it's happening on other accounts, but this is one that I see. The format is maildir. There has been no changes to the webmail client. Thanks. Simon
Re: [Dovecot] Mails repopping
> -Original Message- > From: Charles Marcus [mailto:cmar...@media-brokers.com] > Sent: Friday, September 09, 2011 2:51 PM > On 2011-09-09 1:07 PM, Simon Brereton > wrote: > > I have a server that's been running Courier for about 6 years and > in > > all that time I think I've only ever had 1 issues where an entire > mail > > box was repopped by a webmail client. > > I don't understand... > > Webmail doesn't speak 'pop' (that I've ever heard of)... so how does > a webmail client 'repop' emails? What webmail is this? It's Horde webmail. Webmail does pop. Yahoo and Gmail do it too. When I first set up the server, it did it on first login - obviously because the server had changed but it's doing it once a week now (and in fact, it did it twice today). It's not fatal, no one will die. It is a PITA though. Simon
Re: [Dovecot] Mails repopping
> -Original Message- > From: Timo Sirainen [mailto:t...@iki.fi] > On Fri, 2011-09-09 at 13:07 -0400, Simon Brereton wrote: > > > I have a server that's been running Courier for about 6 years and > in > > all that time I think I've only ever had 1 issues where an entire > mail > > box was repopped by a webmail client. However, since moving to a > new > > server and dovecot 4 weeks ago, I've now had the webmail client > repop > > this account 4 times (there are about 230 mails in the account). > > > > Is there a setting I need to tighten to prevent/remedy this? I > have > > no idea if it's happening on other accounts, but this is one that I > > see. The format is maildir. There has been no changes to the > webmail > > client. > > dovecot -n output would have been nice. Also do you see anything in > error logs? Ah. My apologies of course. Here it is.. mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/rhodes-ca.crt ssl_cert_file: /etc/ssl/keys/mail.domain.net.crt ssl_key_file: /etc/ssl/private/mail.domain.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmas...@domain.net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir Could you make dovecot -n munge the certificate and postmaster email addresses? I'm not comfortable with that floating on the internet.. The only thing I have in the logs is 2 sessions where mail was popped (note, it doesn't even add up to the 183 messages in the mail box). But those sessions are vastly longer than the regular ones (tens of minutes compared to a few seconds). Since both IPs are on the back-bone, that's quite a while to download 100 mails (none of which are over Sep 11 21:36:25 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 11 21:36:34 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/183, size=14025971 Sep 11 21:43:44 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 11 21:44:54 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/183, size=14025971 Sep 11 21:52:31 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 11 22:56:01 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=100/9182678, del=0/183, size=14025971 Sep 11 23:08:58 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 11 23:37:57 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=75/4748674, del=0/183, size=14025971 Sep 12 00:04:11 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 12 00:04:26 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/183, size=14025971 Sep 12 00:07:40 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=64.88.168.84, lip=83.170.65.xxx, TLS Sep 12 00:07:53 mail dovecot: POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/183, size=14025971
Re: [Dovecot] Mails repopping
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Simon Brereton > > -Original Message- > > From: Timo Sirainen [mailto:t...@iki.fi] On Fri, 2011-09-09 at 13:07 > > -0400, Simon Brereton wrote: > > > > > I have a server that's been running Courier for about 6 years and > > in > > > all that time I think I've only ever had 1 issues where an entire > > mail > > > box was repopped by a webmail client. However, since moving to a > > new > > > server and dovecot 4 weeks ago, I've now had the webmail client > > repop > > > this account 4 times (there are about 230 mails in the account). > > > > > > Is there a setting I need to tighten to prevent/remedy this? I > > have > > > no idea if it's happening on other accounts, but this is one that > I > > > see. The format is maildir. There has been no changes to the > > webmail > > > client. > > > > dovecot -n output would have been nice. Also do you see anything in > > error logs? > > Ah. My apologies of course. Here it is.. > > mail:~# dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 I've only just noticed that installing from apt-get on Debian 64-bit installs Dovecot 1.2 - does anyone know when 2.x will be available via apt? Simon
Re: [Dovecot] Mails repopping
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Simon Brereton > > -Original Message- > > From: Timo Sirainen [mailto:t...@iki.fi] On Fri, 2011-09-09 at 13:07 > > -0400, Simon Brereton wrote: > > > > > I have a server that's been running Courier for about 6 years and > > in > > > all that time I think I've only ever had 1 issues where an entire > > mail > > > box was repopped by a webmail client. However, since moving to a > > new > > > server and dovecot 4 weeks ago, I've now had the webmail client > > repop > > > this account 4 times (there are about 230 mails in the account). > > > > > > Is there a setting I need to tighten to prevent/remedy this? I > > have > > > no idea if it's happening on other accounts, but this is one that > I > > > see. The format is maildir. There has been no changes to the > > webmail > > > client. > > > > dovecot -n output would have been nice. Also do you see anything in > > error logs? > > Ah. My apologies of course. Here it is.. > > mail:~# dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps pop3 pop3s > ssl_ca_file: /etc/ssl/keys/rhodes-ca.crt > ssl_cert_file: /etc/ssl/keys/mail.domain.net.crt > ssl_key_file: /etc/ssl/private/mail.domain.net.key > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > mail_privileged_group: mailsystem > mail_location: maildir:/var/spool/mail/virtual/%d/%n > maildir_very_dirty_syncs: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > imap_client_workarounds(default): outlook-idle delay-newmail > imap_client_workarounds(imap): outlook-idle delay-newmail > imap_client_workarounds(pop3): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > lda: > postmaster_address: postmas...@domain.net > mail_plugins: quota > log_path: > info_log_path: > deliver_log_format: msgid=%m: %f: %$ > auth default: > mechanisms: plain login > user: mailsystem > verbose: yes > passdb: > driver: sql > args: /etc/dovecot/dovecot-sql.conf > userdb: > driver: prefetch > userdb: > driver: static > args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n > allow_all_users=yes > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: mailsystem > master: > path: /var/run/dovecot/auth-master > mode: 432 > user: mailsystem > group: mailsystem > plugin: > quota: maildir > > Could you make dovecot -n munge the certificate and postmaster email > addresses? I'm not comfortable with that floating on the internet.. > > The only thing I have in the logs is 2 sessions where mail was popped > (note, it doesn't even add up to the 183 messages in the mail box). > But those sessions are vastly longer than the regular ones (tens of > minutes compared to a few seconds). Since both IPs are on the back- > bone, that's quite a while to download 100 mails (none of which are > over > > Sep 11 21:36:25 mail dovecot: pop3-login: Login: > user=, method=PLAIN, rip=64.88.168.84, > lip=83.170.65.xxx, TLS Sep 11 21:36:34 mail dovecot: > POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, > del=0/183, size=14025971 Sep 11 21:43:44 mail dovecot: pop3-login: > Login: user=, method=PLAIN, rip=64.88.168.84, > lip=83.170.65.xxx, TLS Sep 11 21:44:54 mail dovecot: > POP3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, > del=0/183, size=14025971 Sep 11 21:52:31 mail dovecot: pop3-login: > Login: user=, method=PLAIN, rip=64.88.168.84, > lip=83.170.65.xxx, TLS Sep 11 22:56:01 mail dovecot: > POP3(u...@domain.com): Disconnected: Logged out top=0/0, > retr=100/9182678, del=0/183, size=14025971 Sep 11
Re: [Dovecot] Mails repopping
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Michael M Slusarz > Quoting Simon Brereton : > > >> -Original Message- > >> From: dovecot-boun...@dovecot.org [mailto:dovecot- > >> boun...@dovecot.org] On Behalf Of Simon Brereton > >> > -Original Message- > >> > From: Timo Sirainen [mailto:t...@iki.fi] On Fri, 2011-09-09 at > 13:07 > >> > -0400, Simon Brereton wrote: > >> > > >> > > I have a server that's been running Courier for about 6 years > and > >> > in > >> > > all that time I think I've only ever had 1 issues where an > entire > >> > mail > >> > > box was repopped by a webmail client. However, since moving > to a > >> > new > >> > > server and dovecot 4 weeks ago, I've now had the webmail > client > >> > repop > >> > > this account 4 times (there are about 230 mails in the > account). > >> > > > >> > > Is there a setting I need to tighten to prevent/remedy this? > I > >> > have > >> > > no idea if it's happening on other accounts, but this is one > that > >> I > >> > > see. The format is maildir. There has been no changes to the > >> > webmail > >> > > client. > >> > > >> > dovecot -n output would have been nice. Also do you see anything > in > >> > error logs? > >> > >> Ah. My apologies of course. Here it is.. > >> > >> mail:~# dovecot -n > >> # 1.2.15: /etc/dovecot/dovecot.conf > >> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > >> log_timestamp: %Y-%m-%d %H:%M:%S > >> protocols: imap imaps pop3 pop3s > >> ssl_ca_file: /etc/ssl/keys/rhodes-ca.crt > >> ssl_cert_file: /etc/ssl/keys/mail.domain.net.crt > >> ssl_key_file: /etc/ssl/private/mail.domain.net.key > >> disable_plaintext_auth: no > >> login_dir: /var/run/dovecot/login > >> login_executable(default): /usr/lib/dovecot/imap-login > >> login_executable(imap): /usr/lib/dovecot/imap-login > >> login_executable(pop3): /usr/lib/dovecot/pop3-login > >> mail_privileged_group: mailsystem > >> mail_location: maildir:/var/spool/mail/virtual/%d/%n > >> maildir_very_dirty_syncs: yes > >> mbox_write_locks: fcntl dotlock > >> mail_executable(default): /usr/lib/dovecot/imap > >> mail_executable(imap): /usr/lib/dovecot/imap > >> mail_executable(pop3): /usr/lib/dovecot/pop3 > >> mail_plugins(default): quota imap_quota > >> mail_plugins(imap): quota imap_quota > >> mail_plugins(pop3): quota > >> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > >> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > >> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > >> imap_client_workarounds(default): outlook-idle delay-newmail > >> imap_client_workarounds(imap): outlook-idle delay-newmail > >> imap_client_workarounds(pop3): > >> pop3_client_workarounds(default): > >> pop3_client_workarounds(imap): > >> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > >> lda: > >> postmaster_address: postmas...@domain.net > >> mail_plugins: quota > >> log_path: > >> info_log_path: > >> deliver_log_format: msgid=%m: %f: %$ auth default: > >> mechanisms: plain login > >> user: mailsystem > >> verbose: yes > >> passdb: > >> driver: sql > >> args: /etc/dovecot/dovecot-sql.conf > >> userdb: > >> driver: prefetch > >> userdb: > >> driver: static > >> args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n > >> allow_all_users=yes > >> socket: > >> type: listen > >> client: > >> path: /var/spool/postfix/private/auth > >> mode: 432 > >> user: postfix > >> group: mailsystem > >> master: > >> path: /var/run/dovecot/auth-master > >> mode: 432 > >> user: mailsystem > >> group: mailsystem > >> plugin: > >> quota: maildir > >> > >> Could you make dovecot -n munge the certificate and postmaster > email > >> addresses? I'm not comfortable with that floating on the > internet.. > >> > >> The only thing I have in the logs is 2 sessions
Re: [Dovecot] v2.0.15 released
-Original Message- From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On Behalf Of Timo Sirainen http://dovecot.org/releases/2.0/dovecot-2.0.15.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.15.tar.gz.sig + doveadm altmove: Added -r parameter to move mails back to primary storage. - v2.0.14: Index reading could have eaten a lot of memory in some situations - doveadm index no longer affects future caching decisions - mbox: Fixed crash during mail delivery when mailbox didn't yet have GUID assigned to it. - zlib+mbox: Fetching last message from compressed mailboxes crashed. - lib-sql: Fixed load balancing and error handling when multiple hosts are used. --- I'll bite.. But it's probably not your concern. When will we be able to get stable 2.x packages for Debian? Apt installs 1.2.15-7 Thanks. Simon (Sorry about breaking the quotes)
Re: [Dovecot] What best decision to make for flatfiles or SQL when I use Dovecot2 + Postfix together?
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of terryjames9...@mm.st > Hello Patrick, > > On Tuesday, September 27, 2011 9:41 PM, "Patrick Domack" > wrote: > > It all depends on how much time and energy you want to spend in > > setting it up, vs the flexibility you in vision you need later. > > This is the intersection of the decision. I still am no sure if that > simple flatfile dream of one-instance data can be done. I think I am > going to have to try it a number of times becuase I dont see a > certain answer, yes or no. > > Can you may be explain more what you do with your case that you dump > SQL to flatfile? I don't see why that would ever be a benefit and am > interested in understanding that. > > I think I am worried about using SQL a bit because it is not > something that I think I can edit so quickly as I do text files. And > also like you others, losing data when things are corrupted. I have reasonable evidence that I'm by no means a sys-admin or even a linux Guru. But for the past 5 years, I've managed a system like you're trying to build - Postfix/Amavis/SpamAssassin/Dovecot (until recently I was running Courier for the MDA) with an SQL backend. It's never let me down, gives me a web interface (with PHPMyAdmin) to make changes, has 7 domains and about 300 user accounts. Once the set-up is done, you can save a file with a few queries or even build a php page to make common changes (adding domains/users, etc). Backup is easy. For the record, I've never used Postfixadmin - although I hear great things about it. Like the others, I'd recommend going the SQL route - it's easier to maintain and upgrade and it scales. If you don't need it to scale you've lost nothing because it uses virtually no resources, and if you do, you have it. Simon
[Dovecot] SSL only for external connections
Hi I'm running dovecot 1:1.2.15-7 and php webmail application is throwing errors when connecting to IMAP with TLS. Is there away to disable SSL/TLS for localhost connections? I googled, but didn't see anything specific. Can I assume that it's as simple as setting ssl_listen = to the external IP address(es) and leaving listen = * as it is? Thanks. Simon
Re: [Dovecot] SSL only for external connections
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Terry Carmen > > If SSL/TLS works from the outside, but not the inside, you should > probably find out why and fix that instead. You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :) > What is the actual error text? 2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite(): SSL: Broken pipe [pid 23503 on line 3716 of "/usr/share/php/Horde/Imap/Client/Socket.php"] 2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite() expects parameter 1 to be resource, null given [pid 23503 on line 3714 of "/usr/share/php/Horde/Imap/Client/Socket.php"] 2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite() expects parameter 1 to be resource, null given [pid 23503 on line 3716 of "/usr/share/php/Horde/Imap/Client/Socket.php"] 2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: feof() expects parameter 1 to be resource, null given [pid 23503 on line 3909 of "/usr/share/php/Horde/Imap/Client/Socket.php"] 2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fgets() expects parameter 1 to be resource, null given [pid 23503 on line 3925 of "/usr/share/php/Horde/Imap/Client/Socket.php"] 2011-09-29T15:33:14-04:00 ERR: HORDE4 [imp] IMAP server denied authentication. [pid 23503 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"] 2011-09-29T15:38:05-04:00 ERR: HORDE4 [imp] Server does not support TLS connections. [pid 23596 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"] The mail log (to which Dovecot logs) shows nothing for either of those time periods - and a single (successful) login with TLS at 15:33:15 - The consensus from the excellent Horde mailing list is that it's either an IMAP issue or a PHP one. Since the dovecot log isn't showing any errors I'm inclined to believe it's PHP. And since I have neither the skills nor the time to engage with those folks on the intricacies of fwrite, fget and feof, I'd rather just not have the TLS overhead on localhost connections (which probably makes sense even if I did have the inclination). So, would setting ssl_listen to the external IP remove the TLS offer from localhost connections? Simon
Re: [Dovecot] SSL only for external connections
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Stan Hoeppner > On 9/30/2011 12:34 PM, Simon Brereton wrote: > >> -Original Message- > >> From: dovecot-boun...@dovecot.org [mailto:dovecot- > >> boun...@dovecot.org] On Behalf Of Terry Carmen > > > >> > >> If SSL/TLS works from the outside, but not the inside, you should > >> probably find out why and fix that instead. > > > > You'd think so - but since I don't actually need TLS from the > inside, > > and given my skill level - disabling it seems easier :) > > You don't need TLS/SSL from the outside either, if this is strictly a > webmail box. In this case, configure Apache/lighttpd+Horde to only > accept HTTPS connections from the outside, and configure Horde to > connect via the Dovecot localhost:143 listener. This is how I've > been doing it with Roundcube for years. Works like a champ. It's not strictly a webmail box though. IMAP clients (fixed and mobile) connect to it. So what I'd like is IMAP, IMAPS, POP3 and POP3S on the outside and IMAP only on the local host (there's no actual reason to offer POP to the localhost either... > With encrypted sessions between browser and web server, and both > Horde and Dovecot running on the same host, you don't need to, nor > want to, use IMAPS. Makes sense. Simon
Re: [Dovecot] SSL only for external connections
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Dick Middleton > On 09/30/11 18:15, Terry Carmen wrote: > > > > If SSL/TLS works from the outside, but not the inside, you should > > probably find out why and fix that instead. > > > > What is the actual error text? > > In my limited experience there are two main reasons why it can work > from outside but not inside. One is a routing problem. The common > problem is trying to connect from inside using the outside IP address > where the replies try to take a different route back. > > The second reason is to do with the SSL certificate which will have a > CN indicating the server name. If you try to connect from the inside > the server name will not match and you'll get a certificate error. > > A third possibility is you're trying to use TLS on an SSL connection. > You need to use port 143 for TLS and 993 for SSL. > > However your error messages show an authentication error and I > suspect you are using an encrypted password on a connection that > doesn't support it. It's fairly common if TLS is demanded that PLAIN > auth is the only method accepted. > > Without more detail one can only guess. 1) No. 2) Yes. 3) No. Your postulation about the certificate is a good one. The weird thing is that the error is not consistent, which is why I hadn't caught it before I was idly trawling through the logs. As Michael says - I can (and probably should) turn this off in the horde config. But the question remains - if only because it's now there - how does one limit services effectively in Dovecot. In Courier it was fairly easy and well documented. There's no reason for me to offer IMAPS or POP3S to localhost (because of the certificate issue) and there's also no reason for me to offer POP3 to localhost either. For posterity and for my own edification it would be nice to know how to do that. Thanks for the help and input. Simon
Re: [Dovecot] SSL only for external connections
> -Original Message- > From: dovecot-boun...@dovecot.org [mailto:dovecot- > boun...@dovecot.org] On Behalf Of Terry Carmen > > On 09/30/11 20:25, Simon Brereton wrote: > > > >> But the question remains - if only because it's now there - how > does > >> one limit services effectively in Dovecot. In Courier it was > fairly > >> easy and well documented. There's no reason for me to offer IMAPS > or > >> POP3S to localhost (because of the certificate issue) and there's > >> also no reason for me to offer POP3 to localhost either. > >> > >> For posterity and for my own edification it would be nice to know > how > >> to do that. > > You can specify what ports and interfaces the various services listen > on with the inet_listener configuration block and the "address" and > "port" > configuration items in the 10-master.conf configuration file. I don't have that file. Part of the problem is that I'm confused between protocols and wrappers and interfaces :) Dick and Michael have persuaded me that it's just easier to for Horde not to ask for TLS on port 143 - because that's in fact what I was doing - and it's pointless. Nonetheless, I think it would be nice to tell Dovecot listen on the local interface for IMAP. Listen on the external interface for IMAP, IMAPS, POP and POP3S. But if there's not simple way to do that I don't have a valid use-case for doing it right now. Thanks for all the input everyone! Happy Weekend. Simon
[Dovecot] Auth Worker failures
Hi I have a script that checks the logs each day and mails me invalid user attempts and authentication failures for the previous day. (I use fail2ban to ban multiple attempts in a short space of time). For some reason, this appears every day: Oct 11 06:25:12 mail dovecot: auth-worker(default): sql(si...@mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:19 mail dovecot: auth-worker(default): sql(si...@mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:31 mail dovecot: auth-worker(default): sql(si...@mydomain.net,127.0.0.1): Password mismatch Oct 11 06:25:48 mail dovecot: auth-worker(default): sql(si...@mydomain.net,127.0.0.1): Password mismatch Oct 11 06:26:10 mail dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Of all the accounts on the box, it's only mine that throws this up. Since its LIP is localhost, it could really only be for webmail - but I don't always leave the webmail open, so I'm curious to know how this gets there and what it is. Any suggestions? I find it difficult to believe I have an IMAP process in a script somewhere (especially with my user account - the postmaster account, I could believe, but not with my personal one).. The log time is UTC, so watching the process list at 2.24 is less than appealing! Simon
[Dovecot] Spammers attempting SASL Auth
Hi This is a new one on me - I've never seen spammers attempt to use to SASL Auth to inject spam. None of the users they are trying (newsletter, dummy, test, etc.) exist, but what worries me is the illegal chars error - is this a known vulnerability in dovecot they are trying to exploit? I'm running 1:1.2.15-7 installed from apt-get.. Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92] Oct 17 15:07:16 mail dovecot: auth(default): passdb(newslet...@mydomain.net,208.86.147.92): Attempted login with password having illegal chars Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84 Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname default-208-86-147-92.nsihosting.net verification failed: Name or service not known Simon
Re: [Dovecot] Spammers attempting SASL Auth
On 17 October 2011 11:31, Robert Schetterer wrote: > Am 17.10.2011 17:16, schrieb Simon Brereton: >> Hi >> >> This is a new one on me - I've never seen spammers attempt to use to SASL >> Auth to inject spam. None of the users they are trying (newsletter, dummy, >> test, etc.) exist, but what worries me is the illegal chars error - is this >> a known vulnerability in dovecot they are trying to exploit? I'm running >> 1:1.2.15-7 installed from apt-get.. >> >> Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from >> unknown[208.86.147.92] >> Oct 17 15:07:16 mail dovecot: auth(default): >> passdb(newslet...@mydomain.net,208.86.147.92): Attempted login with password >> having illegal chars >> Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 >> attempts): user=, method=PLAIN, rip=208.86.147.92, >> lip=83.170.64.84 >> Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname >> default-208-86-147-92.nsihosting.net verification failed: Name or service >> not known >> >> >> Simon >> > > this maybe a brute force attack,or more easy someone missconfigured his > client , you may use fail2ban etc to block it > not directly related to dovecot 17 queries in 30 seconds is not a misconfigured client :) And I'm already using Fail2Ban - but as someone on this list pointed out recently, that doesn't apply if they try X attempts on the same connection. Although, I don't think that was case here - maybe I should update my dovecot jail with that illegal chars line. But, be that as it may - all these attempts failed because the user didn't exist. What if the user exists though? Does this illegal chars make a hole for them to enter through? Simon
Re: [Dovecot] Spammers attempting SASL Auth
On 17 October 2011 12:10, Tom Pawlowski wrote: > Take a look at: > > http://hg.dovecot.org/dovecot-2.0/file/962df5d9413a/src/auth/auth-request.c > > on line 536. That's the auth service catching illegal characters and > rejecting the attempt. It'll happen with or without a valid user. So, > working as it should. > > As for spammers trying to brute force valid logins, yep, pretty common. > Higher rate of success if they can mail from a known good server and > account. Okay, thanks for that. That's the info/reassurance I was after. In the meantime I've update fail2ban to take care of it. You're right about the higher rate of success, I've just never seen a spammer try it before - usually their resources are better spend just sending the mail. But it's good to know that dovecot will trap and block the illegal Chars :) Thanks. Simon
Re: [Dovecot] Auth Worker failures
On 18 October 2011 10:37, Timo Sirainen wrote: > On Wed, 2011-10-12 at 10:24 -0400, Simon Brereton wrote: >> >> >> Of all the accounts on the box, it's only mine that throws this up. >> Since its LIP is localhost, it could really only be for webmail - but >> I don't always leave the webmail open, so I'm curious to know how this >> gets there and what it is. >> >> Any suggestions? I find it difficult to believe I have an IMAP >> process in a script somewhere (especially with my user account - the >> postmaster account, I could believe, but not with my personal one).. >> > You could enable auth_debug_passwords=yes and see what password it > tries. The first day I did this, I forgot to restart dovecot. Doh. This morning I had: Oct 20 06:25:14 mail dovecot: auth(default): client in: AUTH#0112#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='si...@example.net' AND active = '1'; Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): Password mismatch Oct 20 06:25:14 mail dovecot: auth-worker(default): md5_verify(si...@example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:14 mail dovecot: auth-worker(default): smd5_verify(si...@example.net): SMD5 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha_verify(si...@example.net): SSHA password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): ssha256_verify(si...@example.net): SSHA256 password too short Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:14 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:16 mail dovecot: auth(default): client out: FAIL#0112#011user=si...@example.net Oct 20 06:25:26 mail dovecot: auth(default): client in: AUTH#0113#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--truncated-- Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='si...@example.net' AND active = '1'; Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): Password mismatch Oct 20 06:25:26 mail dovecot: auth-worker(default): md5_verify(si...@example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:26 mail dovecot: auth-worker(default): smd5_verify(si...@example.net): SMD5 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha_verify(si...@example.net): SSHA password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): ssha256_verify(si...@example.net): SSHA256 password too short Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:26 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): CRYPT() != 'RaNDomsTRinG' Oct 20 06:25:28 mail dovecot: auth(default): client out: FAIL#0113#011user=si...@example.net Oct 20 06:25:43 mail dovecot: auth(default): client in: AUTH#0114#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50683#011resp=--alsoremoved--== Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): query: SELECT EmailAdd AS user, Password AS password, concat('/var/spool/mail/virtual/',MailDirLoc) as userdb_home, 999 as userdb_uid, 115 as userdb_gid FROM MailAccounts WHERE Username='si...@example.net' AND active = '1'; Oct 20 06:25:43 mail dovecot: auth-worker(default): sql(si...@example.net,127.0.0.1): Password mismatch Oct 20 06:25:43 mail dovecot: auth-worker(default): md5_verify(si...@example.net): Not a valid MD5-CRYPT or PLAIN-MD5 password Oct 20 06:25:43 mail dovecot: auth-worker(default): smd5_verify(si...@example.net): SMD5 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha_verify(si...@example.net): SSHA password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): ssha256_verify(si...@example.net): SSHA256 password too short Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data in passdb Oct 20 06:25:43 mail dovecot: auth-worker(default): Invalid OTP data
Re: [Dovecot] Don't Know Where Emails Are Or What's Happening
On 20 October 2011 18:28, Jack Fredrikson wrote: > Hi; > > I'm new to Dovecot and Postfix. > I'm trying to enable these with MySQL support and postfixadmin. I've > got all those services up and running (finally!); however, I can't > figure out if the emails are being received and/or stored. I'm pretty > sure Postfix is receiving them because I dealt with certain errors > and they're now gone. Here's some data: > > Dovecot ver. > 0.91 First, get a newer version of Dovecot. You don't say what OS you're working on, but I'm pretty sure it will support a newer version. > [root@example postfix]# /sbin/service dovecot > -n > doveconf: Warning: NOTE: You can get a new clean config file > with: doveconf -n > dovecot-new.conf > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:5: > imap_client_workarounds=outlook-idle is no longer necessary > doveconf: > Warning: Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:17: > add auth_ prefix to all settings inside auth {} and remove the auth > {} section completely > doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:21: passdb sql {} has been > replaced by passdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:24: userdb sql {} has > been replaced by userdb { driver=sql } > doveconf: Warning: Obsolete > setting in /usr/local/etc/dovecot/dovecot.conf:27: userdb prefetch {} > has been replaced by userdb { driver=prefetch } > doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:29: auth_user > has been replaced by service auth { user } > Usage: > /etc/init.d/dovecot {start|stop|reload|restart|force-reload} > > tail > /var/log/maillog > Oct 20 10:13:59 example postfix/smtpd[28141]: > warning: problem talking to service rewrite: Success > Oct 20 > 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30178 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30179 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28458]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30180 exit status 1 > Oct > 20 10:13:59 example postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30181 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28483]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/smtpd[28460]: warning: problem talking to service rewrite: > Success > Oct 20 10:13:59 example postfix/master[4000]: warning: > process /usr/libexec/postfix/trivial-rewrite pid 30182 exit status 1 > Oct 20 10:13:59 example postfix/smtpd[28455]: warning: problem > talking to service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30183 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28484]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30184 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29917]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30185 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[29953]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30186 exit status 1 > Oct > 20 10:13:59 example postfix/smtpd[28485]: warning: problem talking to > service rewrite: Success > Oct 20 10:13:59 example > postfix/master[4000]: warning: process > /usr/libexec/postfix/trivial-rewrite pid 30187 exit status 1 > Oct > 20 10:14:15 example postfix/smtpd[30152]: connect from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: lost connection after EHLO from > unknown[66.248.165.32] > Oct 20 10:14:15 example > postfix/smtpd[30152]: disconnect from unknown[66.248.165.32] > > I > also get this in there: Were you testing from 66.248.165.32? You still have too many errors from postfix and you need to sort out your MTA (Mail Transport) before you worry about the MDA (Mail Delivery). > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: dict_nis_init: NIS domain name not set > - NIS lookups disabled > Oct 20 10:13:15 example > postfix/smtpd[30152]: cannot load Certificate Authority data: > disabling TLS support > Oct 20 10:13:15 example > postfix/smtpd[30152]: warning: TLS library problem: > 30152:error:02001002:system library:fopen:No such file or > directory:bss_file.c:122:fopen('/etc/pki/tls/c > erts/cert.pem','r'): > Oct > 20 10:13:15 example postfix/smtpd[30152]: warning: TLS library > problem: 3015
Re: [Dovecot] Don't Know Where Emails Are Or What's Happening
On 20 October 2011 19:45, Jack Fredrikson wrote: > > > From: Simon Brereton > To: "dovecot@dovecot.org" > Sent: Thursday, October 20, 2011 7:07 PM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > > First, I'm subscribing to postfix as per your recc and I upgraded my dovecot. > What the heck was I doing with such an old version?! lol. My OS is CentOS. Well, unless the link I sent you helped you with the the table locking problem, ask over there for help on making sure that postfix is accepting and delivering mail. Or accepting at least. Did you plan on having postfix or dovecot do the delivery (using dovecot-lda)? >> At a minimum your daemons are running - congratulations! That's >> always a good start and I remember when I was setting up the sense of >> achievement that brought. > > Uhuh! > >> But for now you need to get postfix working >> (their list is great). Perhaps if you give more details on your >> system I can point you to a better howto. And maybe more information >> on what you're trying to achieve? Virtual domain? Virtual domains? >> Multiple users? Local users? All these have an impact on what the >> solution is. > > I have clients with their various domains hosted on my server to whom I need > to serve email. There will only be me on a slice of one machine interfacing > with dovecot/postfix. I have integrated/am integrating Amavis, ClamAV, > Spamassassin, PostfixAdmin and SquirrelMail. Okay - fairly common setup. I don't use postfix-admin, but if that's what created your mysql tables that could also be a starting point to look for the table lock errors. Good luck! Simon
Re: [Dovecot] Don't Know Where Emails Are Or What's Happening
On 21 October 2011 10:55, Jack Fredrikson wrote: > > > > ____ > From: Simon Brereton > To: "dovecot@dovecot.org" > Sent: Friday, October 21, 2011 10:12 AM > Subject: Re: [Dovecot] Don't Know Where Emails Are Or What's Happening > >> Well, unless the link I sent you helped you with the the table locking >> problem, ask over there for help on making sure that postfix is >> accepting and delivering mail. Or accepting at least. > > Didn't help :( > >> Did you plan on having postfix or dovecot do the delivery (using >> dovecot-lda)? > > postfix as MTA, dovecot as MDA. Am I missing something here? Are you using Maildir or mdbox format for the users? Postfix can write the mails into the Maildir, but so can Dovecot. So, if you're using maildir you can either have postfix put the mail there or you can hand it off to Dovecot and have Dovecot put it there.. But let's fix postfix first before you worry about that. Simon
Re: [Dovecot] Temporary Failures
On 22 October 2011 20:57, Jack Fredrikson wrote: > Hi; > I keep getting errors like this one: > > Oct 22 16:51:08 example postfix/pipe[12021]: C2F705790169: > to=, relay=dovecot, delay=2.1, delays=2/0.01/0/0.08, > dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: > Warning: NOTE: You can get a new clean config file with: doveconf -n > > dovecot-new.conf doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:5: imap_client_workarounds=outlook-idle > is no longer necessary doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:17: add auth_ prefix to all settings > inside auth {} and remove the auth {} section completely doveconf: Warning: > Obsolete setting in /usr/local/etc/dovecot/dovecot.conf:19: passdb pam {} has > been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:21: userdb passwd {} has been replaced by > userdb { driver=passwd } doveconf: Warning: Obsolete setting in > /usr/local/etc/dovecot/dovecot.conf:23: auth_user has > been replaced by service auth { user } doveconf: > > > Why don't they get delivered? Also, I've tried to follow the advice in the > warnings and it never works. I've tried the doveconf -n > dovcot-new.conf > command and the same conf file I've been using pops up. Can someone post some > code that reflects how the new conf file should look? What version of dovecot are you currently using? Can you post this file? /usr/local/etc/dovecot/dovecot.conf Simon
Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem
On 24 October 2011 15:00, Jack Fredrikson wrote: > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The > Postfix mailing list indicates I've got the MTA under control so now I'm > seeking your help with the MDA. I get these errors with legitimate email > addresses: > Oct 24 11:47:38 myserver dovecot: auth-worker: Error: mysql(localhost): > Connect failed to database (postfix): Access denied for user > 'dovecot'@'localhost' (using password: YES) - waiting for 25 seconds before > retry > > Now I've logged in myself: > mysql -u dovecot -p > Enter password: xxx > and succeeded. What am I doing wrong? > > > I've noticed that every time I restart dovecot I get this error in the > dovecot-deliver.log: > > Oct 24 11:31:11 lda: Error: userdb lookup: > connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=512(vmail) egid=512(vmail) missing +r perm: > /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server log for > more information. > > > Every time I go to chmod 666 on that file, restarting dovecot wipes those > permissions. How fix? > Even when I fix that, I still get the "temporary failure". > Please advise. what user are you running dovecot as? Does this thread help? http://www.mail-archive.com/dovecot@dovecot.org/msg32290.html or this one? http://www.mailinglistarchive.com/html/dovecot@dovecot.org/2010-08/msg01136.html Simon
Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem
On 24 October 2011 16:43, Jack Fredrikson wrote: > > > From: Tom Hendrikx > To: dovecot@dovecot.org > Sent: Monday, October 24, 2011 3:24 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > > First up, thanks for the links, Simon, but they didn't help :( I still need to > chmod 666 /usr/local/var/run/dovecot/auth-userdb > and I'm still getting the same error: > Oct 24 13:40:57 myserver dovecot: auth-worker: Error: mysql(localhost): > Connect failed to database (postfix): Access denied for user > 'dovecot'@'localhost' (using password: YES) - waiting for 5 seconds before > retry > >> The "(using password: YES)" part of the error indicates that your >> connection to the server was established successfully. However, it seems >> that user 'dovecot' has no access to database 'postfix', which you did >> not test on the command line either. >> >> What happens on the commandline when you enter (after logging in: >> use postfix; show tables; > > I can log in *just fine* as dovecot and show tables, etc. > > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u Who owns /var/vmail? > passdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > plugin { > quota = maildir:storage=10240:messages=1000 > trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > mode = 0660 > } > user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = ssl_key_password = Jw93Mx2 > userdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > hostname = mydomain.com > info_log_path = /var/log/dovecot-deliver.log > log_path = /var/log/dovecot-deliver.log > mail_plugins = quota > postmaster_address = postmas...@mydomain.com > sendmail_path = /usr/sbin/sendmail.postfix > }
Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem
On 24 October 2011 19:17, Jack Fredrikson wrote: > > > From: Tom Hendrikx > To: dovecot@dovecot.org > Sent: Monday, October 24, 2011 6:00 PM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > >> Adding dovecot to the postfix group would be considered a security issue >> by many. Don't so this unless you actually think it wil help you (it won't). > > Thanks. I took it out. > >> Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html, >> especially the part that starts with "On Unix, MySQL programs treat the >> host name localhost specially," >> >> Then show proof that this command works: >> >> mysql -udovecot -pxxx -h 127.0.0.1 postfix > > My bad. I had the wrong p/w in sql.conf :-} > > So now I'm connected to the database as dovecot, but I'm still getting these > dad-blamed errors: > > BC81A57901AD: to=, relay=dovecot, delay=25695, > delays=25695/0.02/0/0.28, dsn=4.3.0, status=deferred (temporary failure) Turn up the logging in postfix (add -vv to the smtpd line in master.cf or google for log-level) - but I'm pretty sure that this means postfix wants to give it dovecot, but dovecot says I can't do anything with it. Either cos it doesn't know where to put it. Or doesn't have permission to put it there. You could turn up your dovecot logging too if the postfix logs aren't helpful. My directory permissions (in no way security recommended - but working) for /var/vmail/ are: drwxrwxS mailsystem mailsystem Simon > # 2.0.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-028stab094.3 x86_64 CentOS release 5.7 (Final) vzfs > auth_mechanisms = plain login > mail_location = maildir:/var/vmail/%d/%u > passdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > plugin { > quota = maildir:storage=10240:messages=1000 > trash = /usr/local/etc/dovecot/trash.conf > } > protocols = imap pop3 > service auth { > unix_listener auth-userdb { > group = postfix > mode = 0660 > user = postfix > } > user = root > } > ssl_cert = ssl_cipher_list = ALL:!LOW:!SSLv2 > ssl_key = userdb { > args = /usr/local/etc/dovecot/sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } > protocol lda { > hostname = 13gems.com > info_log_path = /var/log/dovecot-deliver.log > log_path = /var/log/dovecot-deliver.log > mail_plugins = quota > postmaster_address = postmas...@bar.com > sendmail_path = /usr/sbin/sendmail.postfix > } > > TIA, > Jack
Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem
On 25 October 2011 06:47, Jack Fredrikson wrote: > > > From: Simon Brereton > To: Dovecot Mailing List > Sent: Tuesday, October 25, 2011 12:46 AM > Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection > Problem > > I think I've found the problem. How do I create this file? > > /usr/local/libexec/dovecot/deliver-lda I can't speak to CentOS, but I'm not sure you need to be "creating" any files - especially not in libexec. Are you sure your dovecot installation isn't hosed somehow? Simon
Re: [Dovecot] how to tell dovecot v2.0.1 not to listen on port 143
On 28 October 2011 11:21, Dan Swartzendruber wrote: > Lars Täuber wrote: >> >> Hi there. >> >> How can I configure dovecot not to listen for imaps connections on port >> 143. >> >> Thanks >> Lars >> > > You should be able to configure the dovecot.conf file to remove imaps as one > of the protocols. > > e.g. like this line: > > protocols = imap imaps I understood that the OP wanted to have IMAPS listen on some port other than 143.. Simon
[Dovecot] Difference between LOGIN and PLAIN
Hi Could someone explain to me the difference between LOGIN and PLAIN? I've been googling for a while, but haven't found anything. Thanks. Simon
Re: [Dovecot] Difference between LOGIN and PLAIN
On 3 November 2011 17:01, Stephan Bosch wrote: > On 11/3/2011 9:42 PM, Simon Brereton wrote: >> >> Hi >> >> Could someone explain to me the difference between LOGIN and PLAIN? >> I've been googling for a while, but haven't found anything. > > The LOGIN SASL mechanism is an obsolete plain text mechanism. It is > documented here: > > http://tools.ietf.org/html/draft-murchison-sasl-login-00 > > Some clients still support it, but I would not recommend using it when PLAIN > or a better SASL mechanism is also available at both ends. The PLAIN > mechanism is documented here: > > http://tools.ietf.org/html/rfc4616 > > The main technical difference between the two is that the PLAIN mechanism > transfers both username and password in a single SASL interaction, where > LOGIN needs two. The PLAIN mechanism also provides support for having an > authorization id different from the authentication id, allowing for master > user login for example. Thanks to both of you. Can I bet that Outlook doesn't support anything but plain? I'm not sure I've ever heard of a client supporting other than Evolution supporting MD5 passwords.. Simon
Re: [Dovecot] How to create home directories for virtual users?
On Nov 24, 2011 4:22 AM, "Olli Räisänen" wrote: > > Hello, > > I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. > Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home > directory should not be the same as mail directory. When I create new user > accounts with PostfixAdmin the mail directory is not a problem but is there > some smart way to create the home directory as well (locating it for instance > in '/srv/vmail/%d/%n/home')? Why do you need a home directory for virtual users? Simon
Re: [Dovecot] IMAP SPECIAL-USE extension
On 6 December 2011 17:48, Michael M Slusarz wrote: > Quoting Timo Sirainen : > >> On Tue, 2011-12-06 at 23:26 +0100, Patrick Ben Koetter wrote: >>> >>> > I'm anyway now wondering what the defaults should be? Could someone >>> > check what these defaults are for Outlook and any other clients you >>> > have: >>> > >>> > * "Drafts" is used by all clients >>> > * "Trash" is used by all clients >>> > * "Junk" is used by all clients? Or is "Spam" used by some? > > > 'Spam' is also used. This one is probably a bit more site-specific. > >>> > * "Sent" is used by Thunderbird, Evolution >>> > * "Sent Messages" is used by Apple Mail >>> > >>> > So I'm mainly wondering about "Sent" vs. "Sent Messages". > > > IIRC, at least some versions of Exchange use(d) "Sent Items". Certainly mine does, although I couldn't tell you which version. But then I've never seen an Exchange server that doesn't use that. Simon
Re: [Dovecot] IMAP SPECIAL-USE extension
On 6 December 2011 18:14, Timo Sirainen wrote: > On Tue, 2011-12-06 at 18:02 -0500, Simon Brereton wrote: >> >>> > * "Sent" is used by Thunderbird, Evolution >> >>> > * "Sent Messages" is used by Apple Mail >> >>> > >> >>> > So I'm mainly wondering about "Sent" vs. "Sent Messages". >> > >> > >> > IIRC, at least some versions of Exchange use(d) "Sent Items". >> >> Certainly mine does, although I couldn't tell you which version. But >> then I've never seen an Exchange server that doesn't use that. > > Exchange doesn't matter, but Outlook does. Does Outlook with IMAP also > use "Sent Items" by default? It would appear to. But then I have a weird set-up, so may be it doesn't. On the Outlook I use at Work with Gmail a Sent Items is present. At home, with dovecot, it is not. Simon
Re: [Dovecot] OT Re: crashes on 2.0.16
On Dec 21, 2011 9:13 PM, "Noel Butler" wrote: > > On Thu, 2011-12-22 at 00:49 +0100, Christopher Stolzenberg wrote: > > > 2011/12/22 Jim Knuth : > > > am 22.12.11 00:15 schrieb Christopher Stolzenberg > > > > > > : > > > > > > > > >>> Indeed; very many of us use Debian stable. Which kernel did you install > > >>> that is 2.0.16-friendly, and was this from Debian stable's updates > > >>> system? > > >>> > > >>> regards, Ron > > >> > > >> > > >> Debian for production servers??? That sounds dangerous. > > > > > > > > > sorry, but that`s absolutely bulls*it. *lol* > > > Where have you read then THIS? > > > > My own experience! > > > > Reasons against Debian: > > > > - No LSB certification (Linux Standard Base) > > - No hardware certification (IBM, Dell, HP ...) > > - Incompatible with some Broadcom NICs > > - Full of bugs > > - Free Kernel (non-free firmware removed... lol) > > - Obsolete kernel (incompatible with new hardware) > > - Obsolete packages > > - Only one year support for oldstable *lol* > > - Long delay for security updates I'm with Jim. Debian has served me well for years. This is just distro-bias. Sure, you need modicum more sense and hands on experience, but that's not bad thing in a production environment.. It would be interesting to chart the number of threads caused by each distro. I don't know who would have the least, but I suspect gentoo and centos would be out in front, with Ubuntu panting along behind.. Simon > > Reasons for debian: > They have largest number of packages! ... oh Wait! thats because they > break up simple packages into 8-10 sub packages where as other distros > use single or split in two .. yeah, scratch that... you're right, no > pro's that I can think of ;) > > Ahhh just before I hit send I remember one, debian, like windows, is an > ideal distro on a server in a Colo that charges for remote hands (incl > reboots), cause they have the highest fail rate. > > Most stable OS's from colo are freebsd, slackware, RHEL, CentOS (ok same > thing) and SuSE, and surprisingly, we once had a customer with an old > win2K box back in mid 00's, that was very well behaved, and it was busy, > they ran a concert/band/event ticketing site on it, truly amazed me that > box. > > Worse OS's would be netbsd, fedora, debian, ubuntu, mint, windows* .. > but very very nice money earners for remote hands :P >
Re: [Dovecot] Storing passwords encrypted... bcrypt?
On 3 January 2012 17:30, Charles Marcus wrote: > On 2012-01-03 5:10 PM, WJCarpenter wrote: >> >> In his description, he uses the example of passwords which are >> "lowercase, alphanumeric, and 6 characters long" (and in another place >> the example is "lowercase, alphabetic passwords which are ≤7 >> characters", I guess to illustrate that things have gotten faster). If >> you are allowing your users to create such weak passwords, using bcrypt >> will not save you/them. Attackers will just be wasting more of your CPU >> time making attempts. If they get a copy of your hashed passwords, >> they'll likely be wasting their own CPU time, but they have plenty of >> that, too. > > > I require strong passwords of 15 characters in length. Whats more, they are > assigned (by me), and the user cannot change it. But, he isn't talking about > brute force attacks against the server. He is talking about if someone > gained access to the SQL database where the passwords are stored (as has > happened countless times in the last few years), and then had the luxury of > brute forcing an attack locally (on their own systems) against your password > database. 24+ would be better.. http://xkcd.com/936/ Simon
[Dovecot] mail_max_userip_connections exceeded.
Hi I'm using Dovecot version 1:1.2.15-7 installed on Debian Squeeze via apt-get.. I have this error in the logs. /var/log/mail.log.1:2490:Jan 19 12:02:55 mail dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections): user=, method=PLAIN, rip=127.0.0.1, secured I never changed this from the default 10. When I googled this error there was a thread on this list from May 2011 that indicated one would need one connection per user per subscribed folder. However, I know that user doesn't have 10 folders, let alone 10 subscribed folders! I can increase, it but it's not going to scale well. And there are people on this list with many 1000x users than I have - so how do they deal with that? 127.0.0.1 is obviously webmail (IMP5). So, how/why am I seeing this, and should I be concerned? Simon
Re: [Dovecot] Outlook 2010 very slow when using IMAP - are there any tweaks?
On 2 July 2012 13:21, Robert Schetterer wrote: > Am 02.07.2012 17:43, schrieb Kaya Saman: >> Good but not good enough especially when some of our users have round >> 20GB of PST file :-( > > please describe where is the relation between a pst file and imap > pst files are local > > after all having 20 GB PST File is a user Problem ever, tell them to > split up by year etc beyond sizes under 2 GB for each folder its no > problem to work wich many pst files And to add to Robert's excellent comments, perhaps the best policy change (since you're so keen on changing policy) would be educate your users to use email clients for email and not document storage/management systems. It's incredibly hard to get 20GB PSTs if they are stripping attachments. Simon
Re: [Dovecot] Howto add another disk storage
On 6 July 2012 12:41, Wojciech Puchar wrote: >> >> do you really think it is a good idea to trash someone else's comments >> (without contributing anything at all I might add) based on pure >> ass-u-me-ptions of yours that have no basis in reality? > > > Do you hate yourself of not being able to understand normal response and so > - getting agressive against people? Pot. Kettle. Black.
[Dovecot] Slightly OT - Winbind and remote authentication.
Hi I was doing some research on setting up a samba server for my internal network (as an alternative to NAS). The setup looks easy enough, but then I got to thinking - I already have an internet host with an mysql DB that has usernames and passwords and it would be simpler all round to reuse that as the authentication server. That server is also running Dovecot, so I thought it might be simpler still to set up samba to authenticate using IMAP (the mysql server is not accessible on port 3306 anyway). A quick google resulted in a suggestion from Robert (who by now must be on every single list I'm on or rather vice-versa) about using winbind. I went off to the link he posted - http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28winbind%29 and the problem is that seems to indicate bind and dovecot are on the same server. So, this not being the samba list notwithstanding, is it possible to use a remote dovecot host as an authentication back-end on a local samba installation? Cheers Simon
Re: [Dovecot] Changing password for users
On Oct 25, 2012 7:20 PM, "Mike John" wrote: >> >> Hello, >> >> I am using dovecot (2.0.9) and using virtual users using >> >> passdb { >> args = /etc/dovecot/dovecotpasswd >> driver = passwd-file >> } >> >> How can i make my virtual users change their passwords using web >> interface ? >> >> My users already uses squirrelmail to access their mail. is there a >> program to add to squirrelmail to add this function to the clients ? >> or should i user different separate website for password changing ? >> and what program/tool can help me with this ? >> >> Any ideas is greatly appreciated. >> >> Mike. >> Mike, > > >> I don't know about forcing users to change their passwords however with >> Squirrelmail there are several password change plugins available that >> use "poppasswd" to actually change the password. > > >> Of course poppasswd will probably need to be modified to go against your >> password data base, in my case it simply uses PAM. The version I use is >> poppassd version 1.8.5. > > >> Oh you probably want to restrict access to the port from the local host >> only since passwords are transmitted in clear text. > > >> Jeff > > > I know about poppassd , but it works only for /etc/passwd , /etc/shadow, but my dovecot virtual users password files > are in different location and i do not know how to modify poppassd, any idea how can i do that? and is there another way other than poppassd? Horde has a change password module too. And essentially it's trivial to write your own php page to do it. I'll do it if you want to contract it out. Simon
Re: [Dovecot] POLL: v2.2 to allow one mail over quota?
On Oct 30, 2012 5:43 AM, "Ralf Hildebrandt" wrote: > > * Jan-Frode Myklebust : > > > > > > +1 > > > > Better to be lenient, than to confuse users by accepting some but not other messages. > > Amen to that! +1 Surely the answer is that as soon as any mail is rejected an over-quota message is injected? That way, the quota remains as it currently is, but the user will a) be aware that he's over or nearly over quota, b) that a mail was rejected for being too big (if you inject the right over-quota message). Simon
Re: [Dovecot] [OT] MS Exchange Alternative?
On Dec 4, 2012 9:20 AM, "Martin Rabl" wrote: > > Am 04.12.2012 15:15, schrieb Marc Perkel: > >> Just wondering if there's an open source Linux alternative to MS >> Exchange so that all the features of outlook work? > > Give SOGo a try ... http://www.sogo.nu Horde groupware? www.Horde.org Simon
Re: [Dovecot] question
On Dec 28, 2012 8:28 PM, wrote: > > I just install Dovecot and postfix. When I'm pull dovecot I see in the log > that its checking for mail. if a put a test message locally on the server > I can pull the message down to my cell phone and other computers. But when > I try to a message from gmail or aol it doesn't come in to the server. > > > it always bounces back to the place were I sent it from That would indicate a postfix issue since it would seem you are not getting mail from outside your network/host. But either way you'll need config and log files of you'd like real help. Simon
Re: [Dovecot] question
On Dec 29, 2012 3:46 PM, "Matt K" wrote: > > At 08:40 PM 12/28/2012, Simon Brereton wrote: >> >> On Dec 28, 2012 8:28 PM, wrote: >> > >> > I just install Dovecot and postfix. When I'm pull dovecot I see in the log >> > that its checking for mail. if a put a test message locally on the server >> > I can pull the message down to my cell phone and other computers. But when >> > I try to a message from gmail or aol it doesn't come in to the server. >> > >> > >> > it always bounces back to the place were I sent it from >> >> That would indicate a postfix issue since it would seem you are not getting >> mail from outside your network/host. >> >> But either way you'll need config and log files of you'd like real help. >> >> Simon > > > here is what i was able to find in /var/log/mail.err > Dec 28 18:02:36 kraner postfix/smtpd[26226]: fatal: no SASL authentication mechanisms > Dec 28 18:09:17 kraner postfix/smtpd[26229]: fatal: no SASL authentication mechanisms > Dec 28 18:29:15 kraner postfix/smtpd[26395]: fatal: no SASL authentication mechanisms > Dec 28 18:43:18 kraner postfix/smtpd[26736]: fatal: no SASL authentication mechanisms > Dec 28 18:48:59 kraner postfix/smtpd[26741]: fatal: no SASL authentication mechanisms > Dec 29 18:06:06 kraner postfix[27406]: fatal: usage: postfix [-c config_dir] [-Dv] command > Dec 29 18:19:38 kraner postfix/smtpd[27511]: fatal: no SASL authentication mechanisms > Dec 29 18:22:48 kraner postfix/smtpd[27514]: fatal: no SASL authentication mechanisms > Dec 29 20:20:43 kraner postfix/smtpd[27862]: fatal: no SASL authentication mechanisms > Dec 29 20:42:03 kraner postfix/smtpd[27969]: fatal: no SASL authentication mechanisms > > Postfix config file > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > body_checks = regexp:/etc/postfix/body_checks > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/lib/postfix > data_directory = /var/lib/postfix > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 > header_checks = regexp:/etc/postfix/header_checks > home_mailbox = Maildir/ > inet_protocols = ipv4 > local_recipient_maps = proxy:unix:passwd.byname $alias_maps > mailbox_size_limit = 1073741824 > mailq_path = /usr/bin/mailq > message_size_limit = 10485760 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > mydomain = kraner.org > myhostname = kraner.org > mynetworks = 127.0.0.0/8 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases > sendmail_path = /usr/sbin/postfix > setgid_group = postdrop > smtpd_banner = $myhostname ESMTP $mail_name (@@DISTRO@@) > smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit > smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > unknown_local_recipient_reject_code = 550 > fatal: no SASL authentication mechanisms is pretty clear. Postfix doesn't allow external hosts to connect & relay mail, which explains what you're seeing. Why you're seeing that is better addressed on the postfix list, although you seem to have told postfix to use Dovecot for sasl auth, so maybe, since this is the Dovecot list you should send your Dovecot conf so we can see why it's not working. Also, if you ask on the postfix list you will be asked for the out-put of postfinger which can diagnose sasl problems. Simon
Re: [Dovecot] dovecot as layer between postfix and thunderbird
On Jan 4, 2013 7:27 PM, "martin svensson" wrote: > > Hello, im all new to this but feel i want to have a dedicated server to handle my mails from Gmail and Hotmail > > Basically, i installed SMS, superb Mini Server (based on slackware), and with that default install i got: dovecot, postfix, fetchmail and sendmail. > > The postfix part seems to work according to a "telnet localhost 25", now i want to procede with dovecot, as i understand it, its the middle layer between (in my case) postfix and thunderbird. > > What i expect in the very end is a dedicated server who regulary checks and fetches mails, and lets me have all contacts info in the (already up and running) LDAP server. > > When i start thunderbird, i want it to go grab those mails from my local machine > > I am, ofcourse all over manpages, HOWTOs, guides and google, but would certainly appriciate further help and points in the right direction > > My apologises for any weird beginner mistakes in this post You will need to configure fetchmail to collect mail from gmail and hotmail and use Dovecot to serve it to thunderbird unless you configured gmail and hotmail to send it your postfix install. Simon
Re: [Dovecot] Public free (libre) mailbox hosting service for everybody!
On 28 Feb 2013 08:26, "אנטולי קרסנר" wrote: > > I've written a response to someone else, explaining some issues you > mention here. > > A little note on UI: we don't need web UI. It's a good addition but > unnecessary for the beginning. There are many free-software desktop mail > clients. Some are big and complicated, but some are very simple and very > easy to use, just like Gmail is. So UI is not a critical issue right > now, we just need to be able to easily configure a mail client, e.g. > Evolution, to work with the server. > > And it's great to hear people like the idea and want to help! With hard > work and cooperation, everything is possible! > > - Anatoly Krasner > > On ד', 2013-02-27 at 18:39 -0500, Bennett Todd wrote: > > The operational cost is non-zero. Besides hardware, which must include > > backups, and enough physical diversity to offer availability, an email > > server is an attractive nuisance; spammers and other criminals > > constantly attempt sabotage and burglary, and it takes ongoing > > manpower to attempt to hold them temporarily at bay. > > > > And unless you put hard caps on message sizes, people will use their > > mailboxes as backup drives, or just email their vacation movies to > > family, and you'll be buying drives, and hence replacing them, often. > > > > I love the idea, I'm fond of running mailservers myself. But I've gone > > Google. > > > > As for software, I won't pitch my favorite components to this wide > > list, but I know how to find all the pieces I'd need except the > > webmail front-end for the utterly non-technical. > > > > If you limited the scope to IMAP and SMTP, both SSL authenticated, it > > wouldn't be too hard to spec out. > > > > Host on AWS EC3 or the like, then find an affordable solution to spam, > > and you can sell to anyone who doesn't expect their email to be > > private from governments. > > > > Anybody know of a well-engineered and maintained SSL library? > > cesmail.net anyone? Simon
Re: [Dovecot] help needed with dovecot authentication
On 28 Feb 2013 21:51, "peter lawrie" wrote: > > Hi > I have been asked to configure an dedicated rhel6 server for a customer. > I did not realise when I took this on how complicated it was going to be! > The purpose of the server is to host a group of websites for small > businesses. > It came with postfix-2.6.6-2.2 dovecot-2.0.9 and mysql-2.1.67-1 > I have installed virtualmin 3.98, usermin1.540-1 and horde 5 > About a dozen currently inactive websites have been set up, mail is in > /home//Maildir > My problem is that I can telnet to postfix to send and receive emails and > can see these within postfix in webmin > I have been having many problems getting dovecot to connect successfully to > postfix. > I have also installed horde 5 which requires to authenticate to an imap > server - that is dovecot. > This one server is intended to provide all services, so plain > authentication is fine. > But I can't use /etc/passwd as the users are in virtualmin > I tried configuring ssl, with self-certification so the browser interface > is https: > > At the moment I've restored dovecot.conf and conf.d/10-master.conf, > 10-auth.conf and 10-mail.conf to their original settings. > So an attempt to login through usermin gives me this > Feb 28 19:44:19 scotz1 dovecot: auth: Debug: Loading modules from > directory: /usr/lib64/dovecot/auth > Feb 28 19:44:19 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Feb 28 19:44:19 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_mysql.so > Feb 28 19:44:19 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Feb 28 19:44:19 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libmech_gssapi.so > Feb 28 19:44:19 scotz1 dovecot: auth: Fatal: sql: Configuration file path > not given > Feb 28 19:44:19 scotz1 dovecot: master: Error: service(auth): command > startup failed, throttling > > Previous to restoring the conf files I was getting this from horde > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Loading modules from > directory: /usr/lib64/dovecot/auth > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_mysql.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libmech_gssapi.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: auth client connected > (pid=25627) > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=439 > 54#011resp=dGVzdHNjb3R6LmNvLnVrAHRlc3RzY290ei5jby51awBwYXNzd29yZA== > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Loading modules from > directory: /usr/lib64/dovecot/auth > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libauthdb_ldap.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_mysql.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libmech_gssapi.so > Feb 28 17:55:02 scotz1 dovecot: auth: Debug: passwd(testscotz.co.uk ,127.0.0.1): > lookup > Feb 28 17:55:02 scotz1 dovecot: auth: passwd(testscotz.co.uk,127.0.0.1): > unknown user > > Horde is using mysql for its database, but I don't particularly care what > dovecot uses, although it seems sensible to do the same > I have created and removed several mysql databases during my attempts to > get this to work. > > I would greatly appreciate some assistance with this as every 'howto' I > have found by googling describes different setups and just gets me deeper > in the mire! > > I want an authentication mechanism on this one server that virtualmin users > and horde users (same people!) can use for imap mail. > > I thought I knew what I was doing before I took this one on (I have > configured and manage a dozen centos servers), but this one is making my > head spin. > Yours in hope! > Peter Lawrie Peter Dovecot/postfix will need their own db, different from horde. (Although I suppose it's possible to add tables too it, but I'd hold it for you risky). Several how-to's will give you sample db structures. However check out automx.org Simon
[Dovecot] Upgrading 1.2 to 2.x
Hi I'm about to upgrade to 2.1.7 in my test environment, but "doveconf -n -c dovecot.1.conf > dovecot.2.conf" is producing a blank file, so I am unsure how to proceed. I know a lot has changed between them, so I don't really want to have to start from scratch unless I have to. I have tried both as my user and with sudo. Simon
Re: [Dovecot] Upgrading 1.2 to 2.x
On 5 Mar 2013 15:19, "Steffen Kaiser" wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On Tue, 5 Mar 2013, Simon Brereton wrote: > >> I'm about to upgrade to 2.1.7 in my test environment, but "doveconf >> -n -c dovecot.1.conf > dovecot.2.conf" is producing a blank file, so I >> am unsure how to proceed. I know a lot has changed between them, so I > > > honestly, especially because "a lot has changed between them" > I would start from scratch. > > >> don't really want to have to start from scratch unless I have to. > > > check what you have changed in v1.2 config, then check if that particular setting has changed or the functionality has changed, and finally change the default in v2.1 I'd prefer to have a semi-decent config to work from without having to research 100 new variable names and values. The migration tool exists for a reason. Simon
Re: [Dovecot] Upgrading 1.2 to 2.x
On 5 March 2013 16:28, Professa Dementia wrote: > On 3/5/2013 6:30 AM, Simon Brereton wrote: > >> >> I'd prefer to have a semi-decent config to work from without having to >> research 100 new variable names and values. The migration tool exists for >> a reason. >> > > I just went through the same thing - converting from 1.2.10 to 2.1.15. Trust > me, you are better off starting from scratch. Use the default template then > modify it for your customizations. I thought the same thing as you, but in > the end, trying to convert the old config file turned out to be much more > work. What's the recommended approach then? Pack it all into dovecot.conf as it was before, or use the split config files under conf.d/ - is this even a choice? Simon
Re: [Dovecot] Upgrading 1.2 to 2.x
On 5 March 2013 23:25, Noel Butler wrote: > On Tue, 2013-03-05 at 11:33 +0100, Simon Brereton wrote: > >> Hi >> >> I'm about to upgrade to 2.1.7 in my test environment, but "doveconf >> -n -c dovecot.1.conf > dovecot.2.conf" is producing a blank file, so I >> am unsure how to proceed. I know a lot has changed between them, so I >> don't really want to have to start from scratch unless I have to. >> >> I have tried both as my user and with sudo. >> >> Simon > > > Sounds like symptom of an error or something in 1.conf, I found > converting that if it strikes something it does not like it bails there > and then, but it gave me about 80% conversion, only requiring tweaking > to finalise it, however it did not convert quota stuff to new format so > start that from scratch. > > When you run convert it usually spits out what it is, or is not doing, > that must give you some clue. > > and should matter what UID you are on, so long as you have read access > to 1.conf and write access to 2.conf So many replies - I feel like a celebrity! :) Noel - this is what I get when I run the command. As you can see dovecot.2.conf is empty afterwards. sbuongiorno@local:~$ doveconf -n -c dovecot.1.conf > dovecot.2.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in dovecot.1.conf:4: 'imaps' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in dovecot.1.conf:4: 'pop3s' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in dovecot.1.conf:5: ssl_ca_file has been replaced by ssl_ca =
Re: [Dovecot] Upgrading 1.2 to 2.x
On 6 March 2013 02:57, Noel Butler wrote: > On Wed, 2013-03-06 at 00:06 +0100, Daniel Parthey wrote: > > >> > WTF? Everything in one file is much nicer and easier, and you don't >> > have to guess what option is in what file >> >> We're using a single file too, since this can be easily managed by >> a configuration management system and avoids unexpected changes. >> > > > Exactly, and even if management tools were not in play, it would still > be easier for a novice to check out a directive setting. :%s/novice/idiots like Simon/g ;) Simon
[Dovecot] mail_max_userip_connections
Hi Sometimes, I hit mail_max_userip_connections limit. As far as I know I'm the only person that does, but I would like to find out why before someone else hits the limit. Is there a command available that can list the connections per IP? I'd like to find out which client is causing this. Or do you have a better suggestion? Should I just raise the limit (it's still at the default 10, which I never changed). What are the implications of this. Thanks. Simon
Re: [Dovecot] mail_max_userip_connections
On 12 Mar 2013 15:31, "Axel Luttgens" wrote: > > Le 12 mars 2013 à 14:43, Simon Brereton a écrit : > > > Hi > > > > [...] > > > > Is there a command available that can list the connections per IP? > > Hello Simon, > > You could have a look at 'doveadm who' ( http://wiki2.dovecot.org/Tools/Doveadm/Who). > I really should get around to upgrading.. Simon
Re: [Dovecot] mail_max_userip_connections
On 12 March 2013 16:59, Axel Luttgens wrote: > Le 12 mars 2013 à 16:21, Simon Brereton a écrit : > >> On 12 Mar 2013 15:31, "Axel Luttgens" wrote: >>> >>> [...] >>> You could have a look at 'doveadm who' >>> (http://wiki2.dovecot.org/Tools/Doveadm/Who). >>> >> >> I really should get around to upgrading.. > > :-) > > Now, there are still the more generic ways, yet probably requiring a bit more > guesswork; for example, assuming binary lsof is available on your system: > > sudo lsof -n -i :imap,pop3 Handy. Thanks. Of course it only works in the instant I get the message (which isn't always apparent from the client). > On the other hand, I don't remember exactly what happens when that > mail_max_userip_connections limit is hit; doesn't Dovecot log some hint that > would allow you to track the "culprit"? Well, not that I could see - that's why I asked on the list :) That's not to say it isn't there, but all I see in the log is: Mar 12 13:47:12 mail dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections): user=, method=PLAIN, rip=127.0.0.1, secured I suppose this implies it's the webmail client., but even having that open on two different machines shouldn't open 10 connections. Should it? Simon
Re: [Dovecot] mail_max_userip_connections
On 12 March 2013 18:03, Axel Luttgens wrote: > Le 12 mars 2013 à 17:18, Simon Brereton a écrit : > >> [...] >> >> I suppose this implies it's the webmail client., > > So, to be sure: the webmail server is running on the same box as the one > running Dovecot? Si. Yes. >> but even having that >> open on two different machines shouldn't open 10 connections. Should >> it? > > I tended to believe that usually, a webmail application tends to open/close > connections sequentially, or to consecutively select relevant mailboxes > within a single connection. But who knows... > Which webmail app have you installed? I believe that as well, especially as I don't have tons of folders (some of my users do). I'm using Horde. > When connecting to/making use of the webmail, you should at least see > connect/disconnect entries written in Dovecot's log. > Do they tend to overlap? With two machine and two phones, it's difficult to keep track of that - but I will try. To avoid that I was hoping there was a way to print out in table form which connections for which user were from where. And so now I have another reason to upgrade. I need to fix the mess I made with postfix first though. Simon
Re: [Dovecot] Dovecot with sasl/imaps/postfix and thunderbird
On 14 Mar 2013 03:38, "Alex" wrote: > > Hi guys, > > >>> It's relatively easy. On first starting TB with no account, cancel the > >>> wizard. The use "Edit" -> "Preferences" or "≡" -> "Options..." -> > >>> "Options..." to get to TB's configuration pages. There, use "Advanced" > >>> -> "Certificates" -> "View Certificates" -> "Servers" and finally > >>> "Import..." > >>> > >>> After you've imported the needed cert, you can re-open the wizard with > >>> "Create new account". > >>> > >>> You can also use this method to import a self-signed certificate > >>> authority if you want to run your own signing operation. > >> > >> How does he do this at scale Phil? > > It appears that if you delete all the unsigned certs, then set up the > account using all the proper ports and auth types, then just restart > thunderbird, it works as expected. Upon restarting thunderbird, it > will prompt you to "confirm security exception", then it automatically > imports the cert for 993. It somehow seemed to automatically import > the cert for 587. > > Can someone else confirm that restarting Thunderbird is a way around > having to manually import the certs or change them later through the > account settings menu? > > Does anyone have any experience with configuring Outlook to use > self-signed certs? > > Thanks, > Alex Import it using internet explorer. Follow the prompts. http://www.google.com/search?hl=en&gl=GB&ie=UTF-8&q=outlook+self+signed+certificate++how-to Simon
Re: [Dovecot] Dovecot documentation WAS: Re: Question regarding Postfix and Dovecot
On 19 March 2013 15:20, Jerry wrote: > On Tue, 19 Mar 2013 13:36:53 +0100 > Joseba Torre articulated: > > {snip} > >> Definitely, something like man 5 postconf would be really useful. I >> would like to collaborate with that, but I think that my English >> writing skill are not good enough. > > I would be willing to assist in a project like that. If we could get a > few knowledgeable people -- including Timo -- I think it would be a > truly worthwhile project. I can't code, but I can proof-read/write. And if *I* understand the instructions/config examples you have winning documentation - the ultimate dummy test, so to speak. So, this could be my opportunity to contribute to FOSS. Simon
[Dovecot] Disk Encryption
Hi As I understand it email headers need to be unencrypted (otherwise DKIM doesn't work). From the MUA to either Postfix, or Dovecot the connection is (or can/should be) secured with TLS/SSL. What I would like to know is if it is possible to encrypt the mailstore? Postfix is using Dovecot for delivery so it's only Dovecot that would need to encrypt/decrypt the mailstore. Is this possible? Is there a terrible reason to do it even if it is possible? I realise that from MTA to MTA there's no guarantee of encryption (and in fact it's very unlikely unless keys have been exchanged), but my primary goal is supplement the physical security of the mail store of mails we already have or have sent. Mostly just idle curiosity as to what has been done, or what could be done. What is worth doing is a separate thread entirely. Thanks. Simon
Re: [Dovecot] Disk Encryption
On 25 March 2013 12:30, Robert Schetterer wrote: > Am 25.03.2013 11:03, schrieb Simon Brereton: >> Hi >> >> As I understand it email headers need to be unencrypted (otherwise >> DKIM doesn't work). From the MUA to either Postfix, or Dovecot the >> connection is (or can/should be) secured with TLS/SSL. >> >> What I would like to know is if it is possible to encrypt the >> mailstore? Postfix is using Dovecot for delivery so it's only Dovecot >> that would need to encrypt/decrypt the mailstore. >> >> Is this possible? Is there a terrible reason to do it even if it is >> possible? >> >> I realise that from MTA to MTA there's no guarantee of encryption (and >> in fact it's very unlikely unless keys have been exchanged), but my >> primary goal is supplement the physical security of the mail store of >> mails we already have or have sent. >> >> Mostly just idle curiosity as to what has been done, or what could be >> done. What is worth doing is a separate thread entirely. >> >> Thanks. >> >> Simon >> > > my meaning > > crypted mailstore makes sense in a mail archive, in germany > you have to have a mail archive for some kind of company emails > all these solutions have some crypted mailstore , and some > more features for data security, but thats a big theme, to big for here > > crypt storage isnt "the saveness" per default, someone hacking the system > and get root may hack your crypt storage too etc, also to big theme for here Robert, indeed, this is sort of my point. If we encrypt laptop harddrives to prevent unauthorised access, that doesn't prevent the possiblity of someone who already has admin access to the device from decrypting/viewing/moving files. What it does do is prevent unauthorised access to the data if there is no admin access. Currently my mail store isn't encrypted and I would like to know if it is possible to do that, and if so, maybe get some pointers. Simon
Re: [Dovecot] Disk Encryption
On 27 March 2013 05:36, Xin Li wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 3/25/13 6:24 AM, Simon Brereton wrote: >> On 25 March 2013 12:30, Robert Schetterer wrote: >>> Am 25.03.2013 11:03, schrieb Simon Brereton: >>>> Hi >>>> >>>> As I understand it email headers need to be unencrypted >>>> (otherwise DKIM doesn't work). From the MUA to either Postfix, >>>> or Dovecot the connection is (or can/should be) secured with >>>> TLS/SSL. >>>> >>>> What I would like to know is if it is possible to encrypt the >>>> mailstore? Postfix is using Dovecot for delivery so it's only >>>> Dovecot that would need to encrypt/decrypt the mailstore. >>>> >>>> Is this possible? Is there a terrible reason to do it even if >>>> it is possible? >>>> >>>> I realise that from MTA to MTA there's no guarantee of >>>> encryption (and in fact it's very unlikely unless keys have >>>> been exchanged), but my primary goal is supplement the physical >>>> security of the mail store of mails we already have or have >>>> sent. >>>> >>>> Mostly just idle curiosity as to what has been done, or what >>>> could be done. What is worth doing is a separate thread >>>> entirely. >>>> >>>> Thanks. >>>> >>>> Simon >>>> >>> >>> my meaning >>> >>> crypted mailstore makes sense in a mail archive, in germany you >>> have to have a mail archive for some kind of company emails all >>> these solutions have some crypted mailstore , and some more >>> features for data security, but thats a big theme, to big for >>> here >>> >>> crypt storage isnt "the saveness" per default, someone hacking >>> the system and get root may hack your crypt storage too etc, also >>> to big theme for here >> >> Robert, indeed, this is sort of my point. If we encrypt laptop >> harddrives to prevent unauthorised access, that doesn't prevent >> the possiblity of someone who already has admin access to the >> device from decrypting/viewing/moving files. What it does do is >> prevent unauthorised access to the data if there is no admin >> access. >> >> Currently my mail store isn't encrypted and I would like to know if >> it is possible to do that, and if so, maybe get some pointers. > > Let's say you operate a mail server which uses a RAID array (or ZFS > pool) as backend storage and one day one disks goes bad and needs to > be replaced. You don't want information being leak from that bad disk > when returning to vendor for replacement. > > There are a lot of solutions to this issue. One possible way is to > use FreeBSD's full disk encryption, geli(4), to encrypt all hard > drives and have the email server hold the key on its boot partition, > but don't protect it with a password so that the mail server can boot > without any human intervention. Thanks. I think I will investigate this option. I use Debian, and I think the same approach is possible. My concern with this approach is that if the drive is booted from then the information is freely available - but as you say, only if the root password is known. If the drive is simply mounted in different system, then the passphrase would be need (this is what I understand). Alternatively, I could encrypt /var/mail/ and mount it as a LUKS volume to achieve the same effect. But I need a test plan and equipment. Thanks for all the pointers. Simon
Re: [Dovecot] Idea: POP3 deletion as a flag
On 3 May 2013 18:14, "Timo Sirainen" wrote: > > GMail doesn't delete mails when POP3 client issues a DELE command for it. Instead they just become invisible for future POP3 sessions, but they still exist for IMAP/webmail. The same could be implemented pretty easily for Dovecot: > > - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted > - When DELEting a message, add this flag to the message. > - When listing messages, skip all messages that have this flag. > - Also hide this flag from IMAP clients(?) > > Thoughts? Probably 20 lines of new code. The EU laws not withstanding, I think this is a good thing. The world didn't revolve around the EU anymore than it does the US. If enough people want it, and I can see it's use, even if 90% of my users won't need it, then put it in. Warn users to check the regulations of their jurisdiction before turning it on and off you go.. Simon